ggww
October 16, 2024, 9:18am
1
I have a HID Prox Key fob which I tried to clone but unfortunately couldnt’ figure out how.
here is the output from the key:
usb] pm3 → lf search
[=] Note: False Positives ARE possible
[=] raw: 000000000000002007e056xx
[+] Valid HID Prox ID found!
[+] Chipset detection: EM4x05 / EM4x69pm3 → lf hid read
[=] raw: 000000000000002007e056xx
[usb] pm3 → lf em 4x05 dump
[=] Addr | data | ascii |lck| info
I tried a few different ways to clone it to the same type of key fob with no luck:
command tried so far:
lf hid clone --em -w H10301 --fc 2xx --cn 111xx (also w/o --em)
lf indala clone --fc 38xx --cn 29xx --em
all these commands execute ok without error but it didn’t write to the new card.
Any help will be much appreciated.
1 Like
lf hid clone -w h10301 --fc [fc value] --cn [cn value]
if you’re cloning to a T5577 that’s all you’ll need. if you’re cloning to em4305 you’ll need to add --em to the end of the command
edit:
ggww:
write to the new card
what new card? what did you buy specifically? is it another hidprox fob exactly the same?
2 Likes
ggww
October 16, 2024, 8:57pm
3
Thanks Equipter, yes the new card looks exactly the same and the “lf seach” command produced same sort of information.
1 Like
oh then you’ll need to wipe it with the password before you can write to it.
Hid prox creds are em4305 with the password “PROX” in ascii converted hex (hilarious right)
lf em 4x05 wipe -p 50524F58
lf hid clone -w h10301 --fc [fc] --cn [cn] --em
you don’t need to put the password back on. it’s not used by the system it’s just there for HID to be able to configure the chips to be different hidprox bitlengths and formats
hope this helps! let me know if it doesn’t (it should) and we will investigate further
4 Likes
ggww
October 17, 2024, 8:59am
5
Hi Equipter,
Legend!, it works like a charm after running the wipe command. I actually tried the wipe command without the password but it didn’t work as expected.
Another quesiton, can I clone this thing to the HID ProxCard target?
the output from that card is as below:
[usb] pm3 → lf search
[=] Note: False Positives ARE possible
[=] raw: 000000000000002004ecfde0
[+] Valid HID Prox ID found!
[+] Chipset detection: T55xxlf t55xx commandspm3 → lf t55xx detect
I have tried
lf t55xx wipe
thanks a tone!
3 Likes
you want to clone this t5577 encoded as h10301 to the em4305 from earlier? or the reverse? i’m confused
the lf hid clone command should just work off the bat (no em needed but i see you’ve got that covered)
where did this t5577 come from?
2 Likes
ggww
October 17, 2024, 9:14am
7
Hi Equipter, This is a blank card I had earlier, I was trying to copy the EM key fob to this card to see if that will also work.
cheers,
1 Like
you should be able to just overwrite it since there’s no password set.
you can do lf t55 wipe
for shits and giggles but i don’t know that it will do anything to help since there should be nothing impeding your write command from working anyway
try holding it an inch above the lf antenna
3 Likes
ggww
October 17, 2024, 11:19am
9
THanks mate, this is indeed very strange, I have tried all these now, I start suspecting there is a problem with the card itself.
1 Like
likely a problem because it should be a flawless write.
2 Likes
