I have an access badge that I use dozens of times a day, I would love to have a implant to replace it unfortunately I have no clue what kind of chip it is. The card is unmarked but I recall seeing a WAVE ID logo on the reader at the security desk but they make readers that support many protocols so that did not limit it much.
I have a pm3, I have done both an lf search and hf search with no results for either.
I also decided to run hw tune with the tag on the antennas and off the antennas to see if there was power draw from the tag, the HF voltage dropped by 4v so I assume it is some sort of HF tag.
Beyond that I am sort of at a loss, I have been trying to solve this on and off for months so any pointers would be awesome
Again apologies, can but I assume you tried to read other cards in the same session, and they read correctly?
Is the unmarked card a generic card with no markings on it?
Also have you tried shining a bright light from behind it?
If the antenna is around the perimeter of the card ( Rectangular ) it is PROBABLY HF
If it is circular it is PROBABLY LF
Try that and let us know
To my great embarrassment this post might have been premature. I just had the inspiration to sit here moving the tag a few mm at a time, did not think to try that because it its a big card that works at any angle on the readers at work. Anyway seems to be some sort of iClass card…
[+] : Possible iClass - legacy credential tag
[+] : Tag is iClass , CSN is in HID range
[+] Valid iClass tag / PicoPass tag found
Again sorry to have bothered anyone. Although if anyone knows why the PM3 struggles to read it (unless it is in exactly the right place) but I can just jump next to the reader on the doors to open it? Knowing that might make me feel better about the number of hours I have been researching this…
Sadly, it looks like cloning this card will be out of my grasp for now. You need access to one of the readers to even attempt to crack the card and I won’t be able to get any private time with a reader . I will work something out but this is going back on the shelf for now.
Why do you need private time with a reader? If you can already take your genuine card to your PM3, you’re all set to clone it already.
The PM3 isn’t all that great with range. In HF, mine struggles even with full size NFC cards. In LF, it works better, but it’s sub-par compared to a wall reader. The only time it works like a champ is with the DT ProxLF coil and a LF implant, funnily enough, which is why I once asked Amal if he ever planned to release a HF version of the ProxLF - hint hint nudge nudge @amal
Really? The card is protected and the only information I found (admittedly it was rather old proxmark forum posts) the only attacks on iClass involve the reader.
Any advice would be greatly appreciated.
Hmm sorry, I was under the impression that those were plain old ID cards. If it’s anything smarter than that (challenge-response or encrypted), then you’re most likely SOL no matter what methink. But perhaps not: were you thinking of sniffing the traffic between the card and a genuine reader?
The concern isn’t so much that you might be one of the employees on the photos, it’s more that someone at your company sees pictures from your company’s blog posted in a thread about cloning one of their company-issued security cards, and that they trace the thread back to you.