xEM Cloning, Emulation Modes and the perils of Chinese cloners!

I was making fun of the cloner
Not anyone on here, Sry for the misunderstanding.

Haha, Not at all. I knew exactly what you meant…
Likewise, my “classy” was sarcastic and in agreement to your observation "aNd It TaLkS tOo…:100::call_me_hand::crazy_face::robot: "

1 Like

Thanks I missed that, It should be easy to produce.

Lol, This is why I fear the internet, I fear misunderstanding
what people say and fear they misunderstand what I say,
Even when theres no misunderstanding.
:robot::call_me_hand::grin:

2 Likes

I think an important part is reading the person and their personality, more than their words.
You easily build up an idea of regular contributors personalities and I think Amal and his stalwarts have created a friendly, helpful and understanding community.

2 Likes

That makes sense, Thank you.

2 Likes

Hey all - this is the reader/writer mentioned in the original post that is the best case scenario short of the proxmark correct? :slight_smile: https://www.amazon.com.au/Copier-Writer-Handheld-Encrypted-Duplicator/dp/B081CRYXQN/ref=pd_aw_sbs_23_1/355-1712811-1050057?_encoding=UTF8&pd_rd_i=B081CRYXQN&pd_rd_r=f19f1955-b960-438c-8ec7-756fe3ff6970&pd_rd_w=CJzWp&pd_rd_wg=PHgwD&pf_rd_p=1360aa1f-12c4-4a58-b004-81f2e07f6c52&pf_rd_r=FZDY3DHN55RW8171FYCZ&psc=1&refRID=FZDY3DHN55RW8171FYCZ

No, I would reccomend a ProxMark3 Easy
@anon2520759

2 Likes

$114.49 is more expensive than a PM Easy.

As for the unit it’s self have you seen this: (Note the name of the post)

I think order of preference would be PM3 RDV4 > PM3 Easy Knockoff > Blue Cloner > White Cloner.

Where in Australia are you? If you just need to clone a card maybe a local can help? :smiley:

2 Likes

@Pilgrimsmaster @NiamhAstra Thanks guys, so something like this?: https://www.amazon.com.au/Iycorish-Proxmark3-Developer-Proxmark-Reader/dp/B0824JKKG4/ref=sr_1_1?crid=1B13V1XZMT1H3&dchild=1&keywords=proxmark3+easy&qid=1590913033&sprefix=proxmar%2Caps%2C417&sr=8-1

I’m in Sydney but I want my own kit. Also I have an amazon voucher I’m trying to use :smiley: :smiley:

Cheers!

Yes mate, Just like that.
You could get RDV4 but overkill for what you will probably use it for.

@Pilgrimsmaster haha, nope I’m getting the RDV4 as soon as my pay cut due to COVID is back… I’m a cybersecurity researcher and RFID is one of my untapped areas. that and software defined radio :slight_smile: I’m a malware guy (researcher, not writer)

I’m just bought the ultimate implant bundle so an RDV4 won’t gather dust at my house :slight_smile:

Thanks for confirming for me - ordered :slight_smile:

3 Likes

Agree, piswords was where I got mine iirc.

Hey there, sorry to open back up an old thread. I’m currently facing similar issues with an RFID ring I bought. I’ve been poking around at it for a few hours with the ultimate goal of cloning an HID tag onto it. However it seems that like many of these chips, I got one password protected. I have a Proxmark3 I’m using, and I’ve been able to identify the ring as the following:
[+] Valid EM410x ID found!
[+] Chipset detection: T55xx

To my knowledge. This would be a t5577 emulating a EM410x right?
If so, I should be able to rewrite it to HID I think.
I’ve tried all of the steps in @TomHarkness’s very thorough writeup, but had no luck so far. What has been perplexing me so far is that lf t55 detect comes up empty but lf t55 p1detect shows there’s a T55xx chip.
By no means am I an RFID expert but I believe that because of some password protection the ring has data on page1 that I can’t overwrite in favor of HID data (page0). I know this isn’t a Dangerous Things product but I couldn’t take the plunge quite yet, so I’m using this as a step in-between. Any help would be appreciated!

Hello. I have a 6 in 1 t5577 tag that came locked from the factory. I am using a proxmark3 rdv4. I tried to write it in test mode with both em4100 no password and blank t5577 but it didn’t work. I had however another single t5577 tag which i wrote to with a chinese cloner which unlocked fine. And the reason i got the 6 in 1 tag is that i have another 6 in 1 that i have written to with the chinese cloner but couldn’t unlock it. I don’t know what to do more, can someone please help me?

Are you talking about something like this.

(ever since I saw one, I have always wanted one available as an implant, man that would be awesome)
Anyway, as you have a proxmark, hopefully we can find you a solution.
Just recently somebody else was having possible Chinese password issues. So I will copy and paste those instructions that may help.

Was this the same cloner as the other one you had success with?

What was the cloner?
there are many on the market, so the solution maybe slightly different.
The 2 main ones we see here are the
Blue cloner
And the
“White cloner”

Even each of those can have differences depending on where they came from.

So if you could post a picture or link to the product, that will help us to help you.

Depending on which cloner you used and what you have tried so far I will post this here :arrow_down_small: and let you give that a try, and let us know how it goes.
(just note that the commands may have changed slightly, just step your way through and follow the prompts your PM3 gives you)

I have a white cloner, i think it is newer than 2015, buttons light up white, screen has mostly red and white. It can decode mifare cards with a windows software and it displays them with a weird nonsence number but the thing is that if you write down this number and then enter it manually on the cloner it can write not only the uid but also the block data to a magic tag. The id 125khz mode can read em4100 and t5577 emulating the em4100. It displays the correct 26 bit id of the em tag (the number written on the card) and you can enter it manually and write it. If however you want to clone the whole uid of a tag you have to read the original and then write. I have written with it to my old 6in1 which is like the one you linked. My new one is called XBCOPY and even this cloner refused to write to it. It has the same number in all the chips, which is probably a number that the makers write and then read to verify that the tag is working correctly. I wrote to the seller, he said that the tag has been tested with the blue cloner and some sort of usb cloner, but not with the proxmark3. (Maybe i should try with the password for the blue cloner?) I asked him what do they use to write the test number to the tag. If he tells me i will post it here. I don’t know the performance of my cloner with HID because such cards and tags are not used in my country.

That is potentially good news.
Does it say “Zonsin” on it?
If so the white cloner password should work for it.

Regarding,

Then I think

This would be a good option

1 Like

I tried both passwords with and without test mode. Nothing worked. I might just pull out some t5577 chips out of some tags and replace them.
As of the cloner - it does not say zonsin. When i turn it on it goes straight to the legal notice screen where you press ok and you go in HF mode.

The Zonsin has red and white, It was worth a try

And then from there you can go into LF mode to do your reading and writing on the T5577 chips?

Yes. You press the mode button. The mode is called ID-125khz. But my new 6 in 1 tag which i am trying to unlock doesn’t want to write with this cloner and currently it is just a useless piece of plastic. The other one i have not tried but i will.