Need help with identify & cloning hotel card

masreza · June 25, 2023, 10:49am

hello.
I manage a hotel and i need to know what type of card the door use because we want to buy spare card.

this is the resul of hw tune

this is the result of lf search command
pm3 lf search

this is the result of lf t5577 detect command
pm3 lf detect

this is the result of lf t5577 dump command

i already try to restore it to a t5577 card that i buy and it bricked the card…

i have access to the reader in the door or writer in the front desk if you need any more info.

thx for your help

Equipter · June 25, 2023, 1:08pm

could you describe what you mean by this?

when you did the dump did you do the t55 detect first?

Equipter · June 25, 2023, 1:23pm

after a quick peak at the config block against the datasheet i turned this up:

ive highlighted the two things that are of some concern but nothing huge.

identification

as a t5577 goes, this type of encoding in hotels has been seen before although uncommon (what hotel chain is this from? what readers are they using?)

(E2A:) this system isn’t using their t5577s to emulate a preexisting chipset like em410x they’re using the t5577 as the credential we just got to find out how.

it making a dud clone that doesnt work against the door is standard behaviour for this type of config but your secondary t5577 should be recoverable back to blank.

ATM theres not much you can do with this system but if you are able to aquire some reader sniff traces id happily take a look and see if there is anything that i can do with them

masreza · June 25, 2023, 1:42pm

if i try to restore the dump file to another t5 card it bricked the card.

yes before i do the dump i do the lf t5 detect first

Equipter · June 25, 2023, 1:43pm

what im asking is what do you mean by bricked, what have you done to confirm its bricked, have you attempted to wipe it etc…

masreza · June 25, 2023, 2:21pm

the card is empty
and cant be writen anymore
even if i wipe it

masreza · June 25, 2023, 2:39pm

it’s a family own hotel.
they use door lock i think made in china
the software to issued the card is ProUSB

thx for your help

Equipter · June 25, 2023, 2:41pm

can you send pictures of the readers and writer devices. try sending this to the t55 that’s bricked.

lf t55 write -b 0 -d 000880e8
if that doesn’t work try these

lf t55 detect
lf t55 write -b 0 -d 000880E8 --r0
lf t55 write -b 0 -d 000880E8 --r1
lf t55 write -b 0 -d 000880E8 --r2
lf t55 write -b 0 -d 000880E8 --r3
lf t55 wipe
lf t55 detect

masreza · June 26, 2023, 4:34am

Already try that command but still the card is empty

this is the reader/writer