I have read this topic about uid, raw:
And we can find FC, CN from raw data. The question is the printed number correlation with raw data?
Here is an example.
Printed #: 200581
[usb] pm3 → lf t55xx detect
[=] Chip type… T55x7
[=] Modulation… FSK2a
[=] Bit rate… 4 - RF/50
[=] Inverted… Yes
[=] Offset… 33
[=] Seq. terminator… No
[=] Block0… 00107061 (auto detect)
[=] Downlink mode… default/fixed bit length
[=] Password set… No
[+] [H10301 ] HID H10301 26-bit FC: 123 CN: 6426 parity ( ok )
[+] [ind26 ] Indala 26-bit FC: 1969 CN: 2330 parity ( ok )
[=] found 2 matching formats
[=] raw: 000000000000002006f63234
[=] — T55x7 Configuration & Information ---------
[=] Safer key : 0
[=] reserved : 0
[=] Data bit rate : 4 - RF/50
[=] eXtended mode : No
[=] Modulation : 7 - FSK 2a RF/10 RF/8
[=] PSK clock frequency : 0 - RF/2
[=] AOR - Answer on Request : No
[=] OTP - One Time Pad : No
[=] Max block : 3
[=] Password mode : No
[=] Sequence Terminator : No
[=] Fast Write : No
[=] Inverse data : No
[=] POR-Delay : Yes
[=] Raw Data - Page 0, block 0
[=] 00107061 - 00000000000100000111000001100001
[=] — Fingerprint ------------
Do you mean the numbers printed on the physical card?
Yes the numbers were printed on the physical card like this
Numbers printed on cards often do have a direct relation to the data on the card, but in this case I don’t see any obvious connection
It’s not uncommon to see cards with codes printed on them that are for the manufacturer’s reference, but don’t directly decode into data from the card too, this could be the case here
The first thing you want to do is convert everything to binary and look for patterns.
For example, 200581 is 110000111110000101 if we assume the printed numbers are decimal and not hexadecimal in nature. Do any of the cards have printed numbers on them that contain alpha characters like A through F or are they all digits?
There are only 18 bits of data if we convert the number from decimal to binary, which means it’s not a clean representation of bytes. This doesn’t matter at all in the scheme of things because your system might only care about 18 bits of data when it’s processing the ID on the card.
If we consider the printed number to be hexadecimal then there are three bytes or 24 bits of data, which is 001000000000010110000001
Sites like this one can help;
Using sites like thia you can break the number up into nibbles and words to try to see if the printed data might be bit reversed like big endian versus little endian.
You can see that the proxmark detected two different 26-bit formats, so I would guess that the printed numbers are probably decimal in nature and do not include the facility code part of the identifier. Chances are though that the proxmark is not recognizing the actual format used in the card so the number is presented for each format like Indala and HID are not going to match up to the printed numbers. At this point you may need to convert the demod buffer and/or the raw data and to binary and start looking for pattern matches.
Also, you need to consider the possibility that the printed numbers are undergoing some sort of transform and do not actually represent any binary data as written on the card, rather the binary data on the card has been transformed by some algorithm or simple process to arrive at the printed number. In which case it’s like a simple encryption and you will never be able to match the binary data on the card to the printed number. That said, I’ve never actually seen this implemented anywhere… The printed data on the card is always some sort of representation of the binary data in the chip without any fancy obfuscation… But it is technically possible.
on the discord they showed they’re T5577s and the manager is able to change the data at will so there is no link between text & content
I try to dump a working card (B) then restore to my card (A). So both of them have the same information. I try with Elevator Access Control, both cards work. But when i change the CN on card A, it does not work (the data in p0/p1 till match with card B). So I think the main data were save on server side, and printed numbers were used for other management purpose.
I have 3 cards with different program:
Card B: The reader can read and can access (1 beep when contact)
Card A: The reader can read but not access (1 beep when contact)
Card C: The reader can not read (no beep)