Temic T5577 chip unlock

Hello everyone,
I successfully cloned one T5577 chip, so now I have some knowledge about that.
In this case Proxmark 3 have found key for this card and with key everything goes easy, but after that I tried with few more cards but Proxmark doesn’t have key for these cards in dictionary.
What is your experience with bruteforce attack to find a pasword and how long does it takes to find a key if you start from 00000000 and end with FFFFFFFF?
Thanks for your time for reading this post

brute forcing would take absolutely ages as that is 10^16 potential variations so you may as well shelve that idea already

if these t5577 are in active use with the system that set that key you can sniff the key from the writer other than that you’re pretty SOL

if you’re needing t5577s they’re cheap asf on aliexpress or i can send you some in the post snail snail style

1 Like

Hi Equipter,
thank you for your suggestions. If I am not asking too much, can you explain me the process of sniffing? I have never done that before.

sniffing is just listening in on the communications between a reader and a tag. T5577 being 125khz and somewhat primitive sends passwords in the clear so you can sniff the password if you have the device used to write it

Ok, so what do I need for this? 5577 card, Proxmark 3 device and device which is used for writing this tag? But where should I put 5577 tag? On Proxmark or on another reader/writer?

to sniff the password you’ll need the device used to write the T5577s you have there. you need the device that set the password so you can sniff it, do you have that

i don’t know why you put this in this thread as it’s not related…

your question doesn’t make much sense either. what do you mean the proxmark isn’t finding it.

what are you doing on your proxmark to try and talk to it. have you put the T5577 on the proxmark and run LF T55 detect?

also em4100 is newt to do with t5577s directly. it’s just a wiegand format the t5577 can emulate, that and many others.

I have just this original tag and proxmark 3 device. Device which is used to write original tag and device that set the password are in distante location. But even if can be on that location, I still don’t understand the exact process of sniffing :confused: