I recently moved into an apartment with 125kHz RFID door access, and the management company is very strict about lost or damaged key fobs ($500 replacement)! I want to keep my original key fob in a safe place, and use a clone to enter the building. Note that I am not interested in “hacking” or any illegal activity, only cloning a key fob I was given legally. If I can make this work, I might opt for an implant too.
Here’s a photo of the outdoor panel,
After researching, I discovered this is the BEC MT-D5S but the spec sheet and key fobs have no RFID details. So I scanned my key fob with an iCopy-X and found this:
EM Marin
EM410x 125kHz
UID 3B008F2FEA
Chipset X
Using the iCopy-X to sniff between the key fob and reader, I got this output, “TraceLen: 42259” but I’m not sure what that means exactly.
My understanding is that EM4100 chips are read-only, but I looked for EM4305 “writeable” key fobs online and ordered a few. When they arrived, I discovered they’re really T5577 fobs, and when I clone my original to them, this is the output:
EM Marin
EM410x 125kHz
UID 3B008F2FEA
Chipset T5577
As far as I can tell, the cloned fob should work, and it did, but only one time?! Now when I place it against the reader, nothing happens. I’ve tried cloning to the new fob again, but no dice. I can still read the correct UID from the cloned fob, so I don’t think it’s an issue with tearoff.
Right now I’m stuck and looking for help. If I make any progress, I’ll post updates.