Probably I must tell T5577 to get into some special state?!
Once again to summarize - I have several different T5577 and all are “ignored” by lock. But Flipper can emulate.
Rather than emulate, just use write.
then try it on the lock
If its a Card, it SHOULD work
If its a fob, it COULD work
If its an implant, it MIGHT work
Lets see how that goes, if you can get the Flipper to successfully write to a card, then we can try and help get others working
if you want to try your Proxmark, try something like
first: T5577 card “white plastic” that comes with Proxmark
second: T5577 in keyfob format, that I have. It is from bunch, and typically works normal in some other cases (I have cloned 100+ cards on similar fobs so far)
Sure, I am got written on them, but lock just ignores.
without sniffing the interaction between door lock and transponder it would be hard to get a sense of what’s going on here, but my hunch is that it has to do with some additional checks beyond just the ID the lock is doing to actively ward off clones. In particular there are ways to actively probe if you are talking to a T5577 chip or not.
The flipper has the luxury of controlling exactly how to output the data to the reader, and therefor can perfectly emulate an EM410x chip and ignore T5577 probes.
Hi @amal how would I know if the reader is performing this check? I cloned a EM410x 125khz fob to a T5577 fob and it worked on my apartment door reader one time, now the reader doesn’t appear to recognize it. I tried cloning it again, but nothing.
The only difference I can see is the Chipset X vs Chipset T5577 (the UID is correctly cloned, both are registered as “EM Marin” fobs).
You’d probably have to sniff the LF traffic to know for sure. Not sure the proxmark3 can do that with full demod… you might have to get into the weeds with manual signal processing or ask Iceman
Thanks for responding so quickly. I have an iCopy-X, which has sniffing capability, though I don’t know how that’s physically done, or what output I need to look for.
I encountered isonas readers that seem to look for hf frequency first and only after getting power over hf does it check for lf. With this reader I had to probe it with the dangerous thing card to figure out what was going on (though my gym already told me not to fuck with the card readers so I can’t do any more probing )
What I found was the flipper always worked because it seems to output power on both frequencies and the tag wasn’t set up to actually read the credentials of the hf tag it just seems to first look for power in the hf range before checking for lf (at least that’s my theory.)
Anyway, if this is a similar situation to yours what I found was that a pure t5577 wouldn’t do it because of that hf check first before the reader even reads lf. I found that the fobs that have a t5577 and 1k magic chip are able to trigger the hf on the first pass, it misses the t5577 on the first lf pass then scans again and catches the lf on the second pass. With the flipper it’s able to detect the HF and then the LF instantly so that you only get one beep but with my fob because it misses that first check of the LF it always beeps twice (once for the HF, a small gap, once for the lf.)
Might not be what it’s going on here but I figured I’d mention it in case it helps someone out there