Ok guys:
See below (ignore the automatic t5 detect with lf search, you won’t get that without an insanely good antenna):
[fpc] pm3 → lf sear
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[+] HID Prox TAG ID: 2004840532 (665) - Format Len: 26bit - OEM: 000 - FC: 66 - Card: 665
[+] Valid HID Prox ID found!
[+] Chipset detection : T55xx found
[+] Try lf t55xx commands
[fpc] pm3 → lf t5 det
Chip Type : T55x7
Modulation : FSK2a
Bit Rate : 4 - RF/50
Inverted : Yes
Offset : 33
Seq. Term. : No
Block0 : 0x00107060
[fpc] pm3 → lf t5 wipe
[=] Beginning Wipe of a T55xx tag (assuming the tag is not password protected)
[=] Writing page 0 block: 00 data: 0x000880E0 pwd: 0x00000000
[=] Writing page 0 block: 01 data: 0x00000000
[=] Writing page 0 block: 02 data: 0x00000000
[=] Writing page 0 block: 03 data: 0x00000000
[=] Writing page 0 block: 04 data: 0x00000000
[=] Writing page 0 block: 05 data: 0x00000000
[=] Writing page 0 block: 06 data: 0x00000000
[=] Writing page 0 block: 07 data: 0x00000000
[fpc] pm3 → lf sear
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[-] No known 125/134 kHz tags found!
lf h
[+] Chipset detection : T55xx found
[fpc] pm3 → lf t5 det
Chip Type : T55x7
Modulation : ASK
Bit Rate : 2 - RF/32
Inverted : No
Offset : 32
Seq. Term. : Yes
Block0 : 0x000880E0
[fpc] pm3 →
[+] Try lf t55xx commands
[fpc] pm3 → lf hid clone 1122334455
[=] Preparing to clone HID tag with ID 1122334455
[fpc] pm3 → lf sear
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[+] HID Prox TAG ID: 1122334455 (107050) - Format Len: 37bit - OEM: 000 - FC: 4643 - Card: 107050
[+] Valid HID Prox ID found!
[+] Chipset detection : T55xx found
[+] Try lf t55xx commands
[fpc] pm3 →
So what I want you to try is:
-
Set the LF config as per the above config displayed after the wipe command. Note that the bitrate is 2, not 4 as it would be for EM / HID modulation, it’s now just a blank t5. The config is “lf t5 config b 2 L”
-
Get your xEM orientated with the antenna as best you possibly can (whatever orientation you had for the wipe seemed to work so try that)
-
Write a HID ID to your tag with the command “lf hid clone 2004840534” - This will be FC:66 CC: 666.
-
Issue the “hw reset” command to clear the lf config you set above as it will now need to be RF 4.
-
Exit and restart the proxmark client just to be sure
-
Lf search and see if you get an ID.
I’ve just tested this 5-6 times while on the bus to work and can assure you if it does not work, your issue is antenna related and your implant it not broken in any way.
Just to clarify, the process looks like this:
[fpc] pm3 → lf t5 wipe
[=] Beginning Wipe of a T55xx tag (assuming the tag is not password protected)
[=] Writing page 0 block: 00 data: 0x000880E0 pwd: 0x00000000
[=] Writing page 0 block: 01 data: 0x00000000
[=] Writing page 0 block: 02 data: 0x00000000
[=] Writing page 0 block: 03 data: 0x00000000
[=] Writing page 0 block: 04 data: 0x00000000
[=] Writing page 0 block: 05 data: 0x00000000
[=] Writing page 0 block: 06 data: 0x00000000
[=] Writing page 0 block: 07 data: 0x00000000
[fpc] pm3 → lf conf b 2 L
#db# LF Sampling config
#db# [q] divisor…95 ( 125 kHz )
#db# [b] bps…2
#db# [d] decimation…1
#db# [a] averaging…Yes
#db# [t] trigger threshold…0
[fpc] pm3 → lf hid clone 2004840534
[=] Preparing to clone HID tag with ID 2004840534
[fpc] pm3 → hw reset
[=] Proxmark3 has been reset.
[fpc] pm3 → exit
tom@SilverBox:~/proxmark3-RRG$ ./client/proxmark3 /dev/cu.PM3_RDV40-DevB
[fpc] pm3 → lf sear
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[+] HID Prox TAG ID: 2004840534 (666) - Format Len: 26bit - OEM: 000 - FC: 66 - Card: 666
[+] Valid HID Prox ID found!
[+] Chipset detection : T55xx found
[+] Try lf t55xx commands
[fpc] pm3 →
Let me know how this goes for you!