Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Good morning. I am relatively new to the RDFI world and a PM3, EASY, has come into my hand. but I have a problem that I do not understand the reason.
I have a key. original. I clone it perfectly on a t5577. and it clones perfectly. but when using it for the first time. it works, then it doesn't. door opening, modifies block 0
sorry for my language and google translator.
ORIGINAL:
[usb] pm3 --> auto
[=] lf search
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags...
[=]
[+] EM 410x ID 31008FA7A3
[+] EM410x ( RF/64 )
[=] -------- Possible de-scramble patterns ---------
[+] Unique TAG ID : 8C00F1E5C5
[=] HoneyWell IdentKey
[+] DEZ 8 : 09414563
[+] DEZ 10 : 0009414563
[+] DEZ 5.5 : 00143.42915
[+] DEZ 3.5A : 049.42915
[+] DEZ 3.5B : 000.42915
[+] DEZ 3.5C : 143.42915
[+] DEZ 14/IK2 : 00210462812067
[+] DEZ 15/IK3 : 000601311274437
[+] DEZ 20/ZK : 08120000150114051205
[=]
[+] Other : 42915_143_09414563
[+] Pattern Paxton : 832824739 [0x31A3E5A3]
[+] Pattern 1 : 3095207 [0x2F3AA7]
[+] Pattern Sebury : 42915 15 1025955 [0xA7A3 0xF 0xFA7A3]
[=] ------------------------------------------------
[+] Valid EM410x ID found!
[+] Chipset detection: T55xx
[?] Hint: try `lf t55xx` commands
CLON.
[=]
[=] Checking for known tags...
[=]
[+] EM 410x ID 31008FA7A3
[+] EM410x ( RF/64 )
[=] -------- Possible de-scramble patterns ---------
[+] Unique TAG ID : 8C00F1E5C5
[=] HoneyWell IdentKey
[+] DEZ 8 : 09414563
[+] DEZ 10 : 0009414563
[+] DEZ 5.5 : 00143.42915
[+] DEZ 3.5A : 049.42915
[+] DEZ 3.5B : 000.42915
[+] DEZ 3.5C : 143.42915
[+] DEZ 14/IK2 : 00210462812067
[+] DEZ 15/IK3 : 000601311274437
[+] DEZ 20/ZK : 08120000150114051205
[=]
[+] Other : 42915_143_09414563
[+] Pattern Paxton : 832824739 [0x31A3E5A3]
[+] Pattern 1 : 3095207 [0x2F3AA7]
[+] Pattern Sebury : 42915 15 1025955 [0xA7A3 0xF 0xFA7A3]
[=] ------------------------------------------------
[+] Valid EM410x ID found!
[=] Couldn't identify a chipset
[usb] pm3 --> lf t55xx detect
[=] Chip type......... T55x7
[=] Modulation........ ASK
[=] Bit rate.......... 5 - RF/64
[=] Inverted.......... No
[=] Offset............ 33
[=] Seq. terminator... Yes
[=] Block0............ 00148040 (auto detect)
[=] Downlink mode..... default/fixed bit length
[=] Password set...... No
[usb] pm3 --> lf t55xx dump
[+] Reading Page 0:
[+] blk | hex data | binary | ascii
[+] ----+----------+----------------------------------+-------
[+] 00 | 00148040 | 00000000000101001000000001000000 | ...@
[+] 01 | FF986004 | 11111111100110000110000000000100 | ..`.
[+] 02 | 7D47D0C2 | 01111101010001111101000011000010 | }G..
[+] 03 | 00000000 | 00000000000000000000000000000000 | ....
[+] 04 | 00000000 | 00000000000000000000000000000000 | ....
[+] 05 | 00000000 | 00000000000000000000000000000000 | ....
[+] 06 | 00000000 | 00000000000000000000000000000000 | ....
[+] 07 | 00000000 | 00000000000000000000000000000000 | ....
[+] Reading Page 1:
[+] blk | hex data | binary | ascii
[+] ----+----------+----------------------------------+-------
[+] 00 | 00148040 | 00000000000101001000000001000000 | ...@
[+] 01 | E03900D0 | 11100000001110010000000011010000 | .9..
[+] 02 | CF665D76 | 11001111011001100101110101110110 | .f]v
[+] 03 | 00A00003 | 00000000101000000000000000000011 | ....
[+] saved to json file lf-t55xx-FF986004-7D47D0C2-dump-30.json
[+] saved 12 blocks to text file lf-t55xx-FF986004-7D47D0C2-dump-30.eml
[+] saved 48 bytes to binary file lf-t55xx-FF986004-7D47D0C2-dump-30.bin
[usb] pm3 --> lf em 410x reader
[+] EM 410x ID 31008FA7A3
----after first use----
usb] pm3 --> lf t55xx detect
[=] Chip type......... T55x7
[=] Modulation........ ASK
[=] Bit rate.......... 2 - RF/32
[=] Inverted.......... No
[=] Offset............ 32
[=] Seq. terminator... Yes
[=] Block0............ 000880E8 (auto detect)
[=] Downlink mode..... default/fixed bit length
[=] Password set...... No
[usb] pm3 --> lf t55xx dump
[+] Reading Page 0:
[+] blk | hex data | binary | ascii
[+] ----+----------+----------------------------------+-------
[+] 00 | 000880E8 | 00000000000010001000000011101000 | ....
[+] 01 | FF986004 | 11111111100110000110000000000100 | ..`.
[+] 02 | 7D47D0C2 | 01111101010001111101000011000010 | }G..
[+] 03 | 00000000 | 00000000000000000000000000000000 | ....
[+] 04 | 00000000 | 00000000000000000000000000000000 | ....
[+] 05 | 00000000 | 00000000000000000000000000000000 | ....
[+] 06 | 00000000 | 00000000000000000000000000000000 | ....
[+] 07 | 00000000 | 00000000000000000000000000000000 | ....
[+] Reading Page 1:
[+] blk | hex data | binary | ascii
[+] ----+----------+----------------------------------+-------
[+] 00 | 000880E8 | 00000000000010001000000011101000 | ....
[+] 01 | E03900D0 | 11100000001110010000000011010000 | .9..
[+] 02 | CF665D76 | 11001111011001100101110101110110 | .f]v
[+] 03 | 00A00003 | 00000000101000000000000000000011 | ....
[+] saved to json file lf-t55xx-FF986004-7D47D0C2-dump-31.json
[+] saved 12 blocks to text file lf-t55xx-FF986004-7D47D0C2-dump-31.eml
[+] saved 48 bytes to binary file lf-t55xx-FF986004-7D47D0C2-dump-31.bin
How can I do so that Block 0 is not modified?
Thanks a lot. and excuse me
Last edited by raulillo3 (2022-10-24 12:17:39)
Offline
You have probably "bad" intercom software, that tries to write to key) Your best option to set a password to t5577
to activate the password:
lf t55xx write -b 7 -d [password(8hex symbols)]
lf t55xx write -b 0 -d 00148050
to disable password:
lf t55xx write -b 0 -d 00148040 -p [password]
Then you'll see how key answer to dump command. And w/o valid password (remember it!) key can't be rewritten
Offline