Making a physical HID Prox 2 Clone

March 16, 2016

What you will need:

• 1x Proxmark3
• 1x LF Antenna
• 1x HID 1326 
• 1x T5577 

1. Connect your Proxmark3 to your computer.

2. Launch the Proxmark3 client. If you do not have the Proxmark3 client setup check out our Getting Started Guide.

3. Once connected to the client run the 'hw ver' command. You should see output similar to what is shown below. If the version is not v2.2 your steps and commands may differ from the ones below.

proxmark3> hw ver
Prox/RFID mark3 RFID instrument          
bootrom: master/v2.2 2015-07-31 11:28:11
os: master/v2.2 2015-07-31 11:28:12
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/06/22 at 21:47:54
          
uC: AT91SAM7S512 Rev B          
Embedded Processor: ARM7TDMI          
Nonvolatile Program Memory Size: 512K bytes. Used: 162219 bytes (31). Free: 362069 bytes (69).          
Second Nonvolatile Program Memory Size: None          
Internal SRAM Size: 64K bytes          
Architecture Identifier: AT91SAM7Sxx Series          
Nonvolatile Program Memory Type: Embedded Flash Memory

4. Connect an LF Antenna to the Proxmark3 and run the 'hw tune' command in the client. You should see output similar to the one below.

proxmark3> hw tune

Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)                 
#db# DownloadFPGA(len: 42096)                 
          
# LF antenna: 14.44 V @   125.00 kHz          
# LF antenna: 27.77 V @   134.00 kHz          
# LF optimal: 29.15 V @   131.87 kHz          
# HF antenna:  0.74 V @    13.56 MHz          
# Your HF antenna is unusable.          
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

5. After confirming that your LF Antenna is functioning correctly place your HID 1326 tag on the LF Antenna. Now run the 'lf hid fsk 1' command. Note and copy the TAG ID you will need this later for cloning your card. In this example, the TAG ID is 2004e20750.

proxmark3> lf hid fsk 1
#db# DownloadFPGA(len: 42096)                 
#db# TAG ID: 2004e20750 (936) - Format Len: 26bit - FC: 113 - Card: 93

6. Place your T5577 tag on the LF Antenna. Run the 'lf hid clone <TAG ID>' command adding your Tag ID at the end.

proxmark3> lf hid clone 2004e20750
Cloning tag with ID 2004e20750          
#db# DONE! 

7. Run the 'lf hid fsk 1' command again to prove that the tag was programmed correctly. Your Tag ID on the T5577 should now match what you had on your HID tag.

proxmark3> lf hid fsk 1
#db# TAG ID: 2004e20750 (936) - Format Len: 26bit - FC: 113 - Card: 936

 

Share:

---

Also in Blog