Getting divorced so I moved to an apartment. They want to charge a ton for extra FOBs so I bought a Proxmark 3 easy that is flashed from Dangerous Things. I am trying to figure out how to get this copied. I think I found the HF but am not sure. Can anyone point me in the direction of a good walkthrough for doing this? Below are the end results. I can send the rest of the data if that would help.
[+] Generating binary key file
[+] Found keys have been dumped to C:\ProxSpace\ProxSpace\pm3/hf-mf-4AFB23A9-key-001.bin
[=] --[ FFFFFFFFFFFF ]-- has been inserted for unknown keys where res is 0
[=] transferring keys to simulator memory ( ok )
[=] dumping card content to emulator memory (Cmd Error: 04 can occur)
[=] downloading card content from emulator memory
[+] saved 1024 bytes to binary file C:\ProxSpace\ProxSpace\pm3/hf-mf-4AFB23A9-dump-001.bin
[+] saved 64 blocks to text file C:\ProxSpace\ProxSpace\pm3/hf-mf-4AFB23A9-dump-001.eml
[+] saved to json file C:\ProxSpace\ProxSpace\pm3/hf-mf-4AFB23A9-dump-001.json
[=] autopwn execution time: 121 seconds
schlage 9691t, those are dual tech credentials meaning they have two chips inside them which operate at different frequencies,
your H10301 That you discovered using the 125khz app are traditionally used to open common areas around your apartment complex, all doors that arent your specific apatment door will be using that credential so if you want to go test your T5577 against a common area door it should work.
to look at the other chip in there youll need to scan your fob with the NFC app, in which it should reveal a mifare classic, you will need to do key recovery to get access to all the necessary data from which you can go about making a clone.
this mifare classic is what will be used by your apartment door to authenticate you.
this is a boilerplate response I’ve set up in the flipcord but it mirrors well here.
two chips. LF side is for common areas, high frequency mifare classic for your apt door specifically. this certainly can be cloned you definitely don’t need to pay for a dupe.
if you want some 1-1 help with cloning via the proxmark drop me a direct message on discord username is equip
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[=]
[!] Specify one authentication mode
[+] [H10301 ] HID H10301 26-bit FC: 77 CN: 9361 parity ( ok )
[+] [ind26 ] Indala 26-bit FC: 1234 CN: 1169 parity ( ok )
[=] found 2 matching formats
[+] DemodBuffer:
[+] 1D555955556996996596595A
I just requested you on Discord. I was able to successfully clone the LF without a problem but I am getting the following error when trying to load the HF to my new chip. Please let me know what I am doing wrong. Thank you!
[usb] pm3 → hf mf cload -f hf-mf-4AFB23A9-dump-002.eml
[+] loaded 1024 bytes from text file hf-mf-4AFB23A9-dump-002.eml
[=] Copying to magic gen1a card
[=] .[#] wupC1 error
[!] Can’t set magic card block: 0
I was able to successfully clone the LF without a problem but I am getting the following error when trying to load the HF to my new chip. Please let me know what I am doing wrong. Thank you!
[usb] pm3 → hf mf cload -f hf-mf-4AFB23A9-dump-002.eml
[+] loaded 1024 bytes from text file hf-mf-4AFB23A9-dump-002.eml
[=] Copying to magic gen1a card
[=] .[#] wupC1 error
[!] Can’t set magic card block: 0
I have same issue how do I also add the IC public signature and tag if signature to the fob I clone to ?
The Schlage fob gives same output when I HF search.
The LF is no problem but HF I can’t figure out how to get all the data off the fob . Autopwn and dump or dump keys are not working ? Anyone know how ?