A couple of weeks ago I installed a bit of access control in our reception at work. Nothing complex or exciting, a camera with face recognition & temperature monitoring connected to a magnetic door lock.
It’s worked well so far, so I’m looking at adding further access control throughout the premises. Face recognition isn’t required inside, so I’m interested in using rfid keyfobs.
It would be nice to re-use the keyfobs from our time attendance system, but I’m struggling to conclusively identify them.
Time attendance is a Bodet Timebox X1, about 10 years old. The only specification I can find for the fobs is 125khz ISO. Only extra info our Bodet rep can supply is that they are Stid and might be weigand compatible.
The access control system would be based around this
how do I go about identifying the keyfob chip? I have a cheap HID reader on the way, which should work if it’s an EM chip.
If it’s an EM, how confident can I be that it’ll just work with a weigand reader?
What obvious things am I missing?
If I end up with incompatible fobs between the two systems, it’s not the end of the world. I’ll just make everyone carry two fobs.
But let’s face it, I want to jab a chip in my hand so a bit of research right now would pay off
Caveat: I am one of the less qualified people here to answer so wait for confirmation maybe. Based on the 125khz and the age, I’d say you are on the right track with the EM. I find it odd that I can’t find anyone selling replacement cards or fobs for that model, which tells me they aren’t selling branded cards (like the Samsung cards, for example) and they expect 125khz to be enough info, which leads me to guess that they didn’t add any strange bit codes or anything either (like ioProx) so it might be an easy process.
I’d say a scan of an existing badge/fob with a Proxmark would be useful, but wait for someone with more background to chime in.
ANOTHER OPTION Grab yourself as many different LF cards as you can ( ebay / amazon ) and try to enroll them into your system, the one(s) that work will be your answer.
You will mainly be looking for the common ones: EM41xx, EM4200, HID 1326 ProxCard II, HID 1346 ProxCard III, and Indala.
Where are you located?
You may be able to send a spare fob to one of our community members nearby with a proxmark.
That would probably be your FASTEST and CHEAPEST option.
The BEST option, especially If your work will pay for it.
Send an enrolled fob to Amal ( with your access profile on it ), he can scan and enroll it onto a NExT ( or xEM or FlexEM etc ) and send it back.
This will give you the implant you want NEED ready to install, PLUS you will get the answer as to what LF cards you need for the rest of the staff.
THE PROBLEM IS:
This service is no longer available on the website, so you may have to ask Amal super nicely
DT are also on holiday until 1st Jan, so If you can hold out sending an @ Amal on here, or using the Orange help on the webpage until after then, that would be nice ( They are having a well deserved break, over the past year, Amal has been on the forum 354 of the 365 days, that’s not including the other platforms he monitors and work he may be dong outside of communicating with the community )
This is what you are looking for on the webpage
THEN, convince others at your work to get some implants
For once, time isn’t an issue. This is a project of my own devising and I can work on it at my leisure. That being said, once I’ve had a tinker and got all the bits in, it won’t take long to commission it all.
I’ve started mandatory isolation today, so access to the existing system isn’t possible until late next week at the earliest.
Grabbing some common cards sounds like a good idea, I can get them before I’m allowed back in.
A proxmark3 is on my shopping list, I might bump that up and get it much sooner than later.
I’ll avoid getting someone to clone a chip for the time being. I’ll learn more by doing and asking questions when I break things…
Bit of an update.
The USB HID arrived (14 days delivery, 30 miles from me…).
My Proxmark3 Easy & NExT arrived (24 hours, US to UK!).
I’ve built up a test rig with the access control board and enrolled our existing keyfobs. Picked up a couple of random em fobs and they work too. The HID scans the fobs not problem. All looking good so far.
@amal A couple of observations for the proxmark3 getting started. This is on Windows 10 with Proxspace 3.7.1. You might want to note these variations in the guide.
First couple if installations failed pretty early on, I had to suspend antivirus to get it to complete successfully.
I didn’t get any break and re-run prompt. Installation seemed to run all the way through with no issues.
Firmware update appears to have gone well. I can lf search various tags and get results back. I haven’t gotten around to copying/cloning/writing anything yet. I have a couple of spare tags to mess with, but they are showing as “couldnt identify a chipset”, but show a valid EM421x ID. My original tag is a T55xx.
I’ve ordered a stack of T5577/EM4305 tags from amazon, they should be with me tomorrow.
What should be my next step? Copy the ID of the existing tag to a new tag?
[=] Session log D:\Working\ProxSpace\pm3/.proxmark3/logs/log_20210112.txt
[+] loaded from JSON file D:\Working\ProxSpace\pm3/.proxmark3/preferences.json
[=] Using UART port com3
[=] Communicating with PM3 over USB-CDC
I’m banging my head against a wall now.
I’ve tied reinstalled proxspace and tried recompiling the firmware, it ends with the following warning
[=] LD proxmark3
[*] MAKE bootrom/all
/bin/sh: arm-none-eabi-gcc: command not found
[=] GEN version.c
[-] CC version.c
make: arm-none-eabi-gcc: No such file or directory
make: *** […/common_arm/Makefile.common:124: obj/version.o] Error 127
make: *** [Makefile:131: bootrom/all] Error 2
So, I’ve abandoned that and tried the precompiled binaries at https://proxmarkbuilds.org/
Flashed bootrom & full image. Client starts up, I can hw tune, lf search, lf t55 det no problem, but when it comes to writing to a tag with lf em 410x_write xxxxxxxx 1, I’m back to a non helpful help listing.
So, is the current Iceman release broke? Is it worth me stealing my freshly wiped laptop from work and trying on that, could it be a pc issue?