Making a physical HID Prox 2 Clone - Firmware V2.2

March 16, 2016

What you will need:

1x Proxmark3
1x LF Antenna
1x HID 1326
1x T5577

1. Connect your Proxmark3 to your computer.

2. Launch the Proxmark3 client. If you do not have the Proxmark3 client setup check out our Getting Started Guide.

3. Once connected to the client run the 'hw ver' command. You should see output similar to what is shown below. If the version is not v2.2 your steps and commands may differ from the ones below.

proxmark3> hw ver
Prox/RFID mark3 RFID instrument          
bootrom: master/v2.2 2015-07-31 11:28:11
os: master/v2.2 2015-07-31 11:28:12
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/06/22 at 21:47:54
          
uC: AT91SAM7S512 Rev B          
Embedded Processor: ARM7TDMI          
Nonvolatile Program Memory Size: 512K bytes. Used: 162219 bytes (31). Free: 362069 bytes (69).          
Second Nonvolatile Program Memory Size: None          
Internal SRAM Size: 64K bytes          
Architecture Identifier: AT91SAM7Sxx Series          
Nonvolatile Program Memory Type: Embedded Flash Memory

4. Connect an LF Antenna to the Proxmark3 and run the 'hw tune' command in the client. You should see output similar to the one below.

proxmark3> hw tune

Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)                 
#db# DownloadFPGA(len: 42096)                 
          
# LF antenna: 14.44 V @   125.00 kHz          
# LF antenna: 27.77 V @   134.00 kHz          
# LF optimal: 29.15 V @   131.87 kHz          
# HF antenna:  0.74 V @    13.56 MHz          
# Your HF antenna is unusable.          
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

5. After confirming that your LF Antenna is functioning correctly place your HID 1326 tag on the LF Antenna. Now run the 'lf hid fsk 1' command. Note and copy the TAG ID you will need this later for cloning your card. In this example, the TAG ID is 2004e20750.

proxmark3> lf hid fsk 1
#db# DownloadFPGA(len: 42096)                 
#db# TAG ID: 2004e20750 (936) - Format Len: 26bit - FC: 113 - Card: 93

6. Place your T5577 tag on the LF Antenna. Run the 'lf hid clone <TAG ID>' command adding your Tag ID at the end.

proxmark3> lf hid clone 2004e20750
Cloning tag with ID 2004e20750          
#db# DONE!

7. Run the 'lf hid fsk 1' command again to prove that the tag was programmed correctly. Your Tag ID on the T5577 should now match what you had on your HID tag.

proxmark3> lf hid fsk 1
#db# TAG ID: 2004e20750 (936) - Format Len: 26bit - FC: 113 - Card: 936

Share:

Also in Blog

Making a Physical Mifare 1K UID Clone

January 10, 2019

Follow these steps to learn how to use a Chinese Magic Card 1K to make a Physical Mifare 1K UID clone. This blog is using a Proxmark3 running firmware V3.0.1.

View full article →

Making a physical HID Prox 2 Clone - Firmware V3.0.1

January 10, 2019

Follow these easy steps to make a physical HID Prox 2 clone using the Proxmark3 with firmware V3.0.1.

View full article →

Making a physical EM4100 Clone - Firmware V3.0.1

January 10, 2019

Follow these steps to make a physical EM4100 clone using the Proxmark3 firmware version 3.0.1.

View full article →

Contact Us

sales@ryscc.com
support@ryscc.com
tel: 888-828-8497

14001-C St. Germain Dr.
Suite 103
Centreville, VA 20121
USA

About Us

Rysc Corp is your one stop shop for security research hardware. We’ve been creating, distributing and supporting security research devices since 2009. Our commitment to customer service and quality means you can count on us when it counts.