My Wife and I just bought a petsafe scoopfree crystal pro litterbox, we found out that it has a reader inside of it, and will only work when it has the ISO 15693 tag from the disposable trays next to it.
The next issue is that the disposable trays will only work for 175 cycles, then it stops the litter box from working. We’ve since bought one of their “re-usable” trays, and it didn’t have a NFC/RFID tag anywhere on it.
Therefore I am trying to be able to make my own tags for it and emulate it. I just got my Proxmark from Dangerous Things in the mail this morning and have already began running “hf 15 sniff”’s.
I was able to capture multiple trace’s by doing so, however, I am still new to this and am looking for any assistance.
I’ve attached the trace’s that I was able to grab via a .zip file.
I swear someone else asked this exact question about a litter box but I can’t seem to find it. There are plenty of posts about copying or cloning ISO15693 transponders though.
Just be aware there is a fine line between hacking a system to the point where you could create and sell false or third party trays.. that would fall under dmca and be illegal. We can help you do research but walking you through how to make fake trays or even trays that can be reused more than the allotted number of times would be a little “iffy”.
I had posted on Reddit and was talking back and forth with Dangerous Tac0s about it. I have no intention to sell these tags.
The plan was to get my Proxmark then test and see if I was even able to clone it. If so, I was just wanting to be able to use my “reusable” tray via cloning a tag that I had gotten from a disposable tray I just bought.
It was indeed. If I need to do any further sniffs or anything else, please let me know. I am more than willing to try whatever is needed. Thank you again for all your help.
Hrm… This does not look good and won’t likely be a quick thing if we can sort it. tldr, the “C” at the end of the name is for “cryptographic.” Albeit, not particularly secure. The “magic” transponders available for 15693 do not, i believe, support the necessary methods to get it done. That doesn’t rule out possible proxmark shenanigans but it does make it more complicated. Which is likely exacerbated by mediocre support of 15693 emulation (from what I hear). Another possible path forward is being able to just duplicate their config on legit transponders but more research needs doing.
The proxmark’s notations don’t seem to be valid for this trransponder.
write password should be B1 not B4
B3 is present password
B4 is get random number
It would be helpful to start the sniff just before powering on the device, I think. Beyond that, checking the config for mistakes seems smart. I’ll have to put together some raw commands. It would also be interesting to try and read blocks 12-16 on another litter tray. Looks like it gets back: 50 53 53 46 01 00 96 00 1b 45 08 fb 2f 6b 13 c2. 50 53 53 46 → ASCII → PSSF (pet safe scoop free?).
