I’m rather new to this but bought a Proxmark 3 easy to clone a tag to my implant, which worked perfect, but I then bought some tags to make clones of existing tags - but I’m not sure if the tags I bought are writeable/programmable - how can I know this?
This is the output for the tag I would like to change the id of:
[usb] pm3 --> lf search
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags...
[=]
[+] EM 410x ID 0C0066F94F
[+] EM410x ( RF/64 )
[=] -------- Possible de-scramble patterns ---------
[+] Unique TAG ID : 3000669FF2
[=] HoneyWell IdentKey
[+] DEZ 8 : 06748495
[+] DEZ 10 : 0006748495
[+] DEZ 5.5 : 00102.63823
[+] DEZ 3.5A : 012.63823
[+] DEZ 3.5B : 000.63823
[+] DEZ 3.5C : 102.63823
[+] DEZ 14/IK2 : 00051546356047
[+] DEZ 15/IK3 : 000206165155826
[+] DEZ 20/ZK : 03000000060609151502
[=]
[+] Other : 63823_102_06748495
[+] Pattern Paxton : 209401679 [0xC7B374F]
[+] Pattern 1 : 10090354 [0x99F772]
[+] Pattern Sebury : 63823 102 6748495 [0xF94F 0x66 0x66F94F]
[=] ------------------------------------------------
[+] Valid EM410x ID found!
[=] Couldn't identify a chipset
I tried writing to it, but the id did not change:
lf em 410x clone --id 0112XXXXXX
Does “Couldn’t identify a chipset” indicate that it’s not possible to change the id of the tag?
Info from the seller website: “RFID-tag Pear, Combi (EM4102 & Mifare 1k)”
I bought a combi-chip because: why not.
Can someone point me in the right direction about this?
Unfortunately not that straightforward. Almost all chips have no way to report what they are capable of, you simply need to know what it is and know what commands need to be performed in the correct sequence to enable writing… if it is even capable of being written to… especially when dealing with the 125kHz family of chip types where very little in the way of standards exist at all. Some chips can be poked and prodded into revealing their secrets, which is what the proxmark3 with Iceman firmware does try to do when you issue a search command, but it is still quite a limited set of chip types that can be detected in this way.
For example, a T5577 chip is very programmable and can emulate many types of LF chip types from EM to HID to Indala etc, so when you run a search against it, it might show as an EM type of ID… but is the chip an EM chip (not programmable) or T5577 (programmable)? Additional prodding needs to be done to know what the actual type of chip is, beyond just reading the type of ID and air interface it has… which could be emulated as I just described.
Chances are, your chip is an EM chip and is not programmable. It could be some other kind of programmable / writable chip that the proxmark3 is not familiar with and can’t program… or in the case of a Q5 chip, is programmable but you need to tell the proxmark3 it is a Q5 (T5555) chip and not a T5577… in which case you’d need to use the --q5 suffix on the clone command.
Ok, thank you for the information.
I’ll contact the seller and see if I can get some info there but it’s probably as you guess, that they are not programmable.
Yes, I did think you might have a bit of a difficulty with the language of that website but you came out on top.
I think I messed up because of the duality of the tag where I, without thinking much, thought the Mifare was writable - and therefor also the LF.
I really liked the tag since it is so small (flat - 1.5mm (0.05 inches)) but I guess I’ll need to look for something else.
Thank you for the information, despite the site/tag info-language.
If you are after a dual frequency (T5577 - S50 ) FOB in the same / similar form factor, than can be easily found on places like, AliExpress, Wish, DH Gate, Banggood, Ebay, Amazon etc
Give me a sec, I’ll find you a link, so you know what you are looking for…
