Menu 0
Home   /   Blog   /   Making a physical HID Prox 2 Clone - Firmware V2.2

Making a physical HID Prox 2 Clone - Firmware V2.2

March 16, 2016

What you will need:

  • 1x Proxmark3
  • 1x LF Antenna
  • 1x HID 1326 
  • 1x T5577 

1. Connect your Proxmark3 to your computer.

2. Launch the Proxmark3 client. If you do not have the Proxmark3 client setup check out our Getting Started Guide.

3. Once connected to the client run the 'hw ver' command. You should see output similar to what is shown below. If the version is not v2.2 your steps and commands may differ from the ones below.

proxmark3> hw ver
Prox/RFID mark3 RFID instrument          
bootrom: master/v2.2 2015-07-31 11:28:11
os: master/v2.2 2015-07-31 11:28:12
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/06/22 at 21:47:54
          
uC: AT91SAM7S512 Rev B          
Embedded Processor: ARM7TDMI          
Nonvolatile Program Memory Size: 512K bytes. Used: 162219 bytes (31). Free: 362069 bytes (69).          
Second Nonvolatile Program Memory Size: None          
Internal SRAM Size: 64K bytes          
Architecture Identifier: AT91SAM7Sxx Series          
Nonvolatile Program Memory Type: Embedded Flash Memory

4. Connect an LF Antenna to the Proxmark3 and run the 'hw tune' command in the client. You should see output similar to the one below.

proxmark3> hw tune

Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)                 
#db# DownloadFPGA(len: 42096)                 
          
# LF antenna: 14.44 V @   125.00 kHz          
# LF antenna: 27.77 V @   134.00 kHz          
# LF optimal: 29.15 V @   131.87 kHz          
# HF antenna:  0.74 V @    13.56 MHz          
# Your HF antenna is unusable.          
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

5. After confirming that your LF Antenna is functioning correctly place your HID 1326 tag on the LF Antenna. Now run the 'lf hid fsk 1' command. Note and copy the TAG ID you will need this later for cloning your card. In this example, the TAG ID is 2004e20750.

proxmark3> lf hid fsk 1
#db# DownloadFPGA(len: 42096)                 
#db# TAG ID: 2004e20750 (936) - Format Len: 26bit - FC: 113 - Card: 93

6. Place your T5577 tag on the LF Antenna. Run the 'lf hid clone <TAG ID>' command adding your Tag ID at the end.

proxmark3> lf hid clone 2004e20750
Cloning tag with ID 2004e20750          
#db# DONE!

7. Run the 'lf hid fsk 1' command again to prove that the tag was programmed correctly. Your Tag ID on the T5577 should now match what you had on your HID tag.

proxmark3> lf hid fsk 1
#db# TAG ID: 2004e20750 (936) - Format Len: 26bit - FC: 113 - Card: 936

 





Also in Blog

ProxmarkPro - How to Save/Load a Tag to SD Card
ProxmarkPro - How to Save/Load a Tag to SD Card

May 21, 2019

This blog post covers the steps of how to save and load a tag using the ProxmarkPro.

View full article →

ProxmarkPro - Using HID Brute
ProxmarkPro - Using HID Brute

May 21, 2019

This blog post covers how to do a brute force attack with a HID tag on the ProxmarkPro. A Brute force attack is done by trying to guess multiple tag UID's similar to a known working tag UID to gain access.

View full article →

ProxmarkPro - Cloning a HID Tag
ProxmarkPro - Cloning a HID Tag

April 02, 2019

This blog post covers the steps to clone a HID tag to a T5577 with a ProxmarkPro.

View full article →

We use cookies to ensure that we give you the best experience on our website. If you continue we'll assume that you are understand this. Learn more
Accept