Go Down

Topic: Copying an RFID tag (Read 14943 times) previous topic - next topic

Hi all,


Please bare with me as I am completely new to this. What would be the best way (or is it even possible) to clone an rfid tag (if it makes a difference it's a HID brand).
Would i be correct in thinking that you could use an arduino board and a parallax RFID reader/writer to first of all find out the HEX key of the existing tag and then write the same HEX key to a second tag?

Thanks,

Pompalomp


Grumpy_Mike

Quote
if it makes a difference it's a HID brand

It is not the brand but the type you need to know.

Why do you want to do this, normally it is for some illegal purpose?

FeersumEndjinn

It is my (possibly incorrect) understanding that an RFID reader/writer cannot write a full RFID ID string - I believe that only a section of the data string is writable?

Grumpy_Mike

Yes but he was not talking about an RFID writer but something to clone a card. That is make something that fools a reader into thinking another card has been presented. The potential for abuse is obvious and I can't think of a legitimate reason for this. Well in fact I can but I would like to here the OP come up with it.

Grumpy_Mike

Sorry it is not.

I used to design RFID tag readers for a living, you can learn all about tags and how they work from other sources on the net without having to learn the special methods involved in faking a tag.

As for the second reason I would suggest:
1) Purchase your own tag and get you company to enter it into their system. They should be less than $3 each.
2) Don't loose your tag.

fourchette

i believe trying to forge fake rfid tags is a very valid purpose.

if you break your own system, then you know where it is vulnerable. if you don't attack it yourself, some other person will do eventually. you want that person to be you.

easy or hard heavily depends on the tags type (for MIFARE AES, forget it)

however if it's not your own system, then it's not very legitimate indeed. just don't loose your tags is by far the easiest option :)

Grumpy_Mike

Quote
if you break your own system, then you know where it is vulnerable. if you don't attack it yourself, some other person will do eventually. you want that person to be you.

No.

Wrong on both counts, it is not inevitable that someone is going to attack your access control system. How many times has someone tried to open your front door and found it locked, perhaps only you when you forgot your key. If you do break your own system where does it get you? You can break any system if you have enough knowledge. Part of the security is not knowing what the system is in the first place.
However publishing how to break a system over the net is stupid and can only encourage illegal use.

A lock only ever stopes an honest man, but let's not put temptation in the path of the waverers.

Techone

@Grumpy_Mike

I agree with you. To show this knowledge is "not-ethical".  Too bad, =(   The school bus I am driving is equiped with GPS and a lots of RFID tags around and inside the bus. I have my ID card, "my" RFID reader / report sender. When I do "check engine", check-in/out, "pre-trip", "child-check" , the reader read those tags on the bus, and send a report. ( example : 1. scan your ID, select "check in or check out" , scan bus ID tag and send report. )

I was planning ( bad idea anyway ) to copy the engine tag and make a "tag" to represent the engine tag. In that way, it will fool the reader thinking it was an engine ID tag. My raison : learning and --> I don't want to open the hood at -25 C or lower.

Oh well, It was a bad idea...  :smiley-red:


Pezmc

This all sounds of great interest, especially Grumpy_Mike's comment about "Well in fact I can but I would like to here the OP come up with it."

It's probably true that this kind of information doesn't want to be in the public domain RFID is incredibly insecure. Especially if you have a big enough (powerful enough) reader!

Mind you my knowledge of RFID is poor, grumpy seems to know a lot more than me!

It's very possible. What you need is something call proxmark3 and a tag capable of communicating as an HID prox. The tags that work at designated T5557, T5567, and T5577. Proxmark is similar to arduino as it has a very large community support forum.

If your just looking for a copy of your key check out www.clonemykey.com

Good luck!

Grumpy_Mike


It's very possible. What you need is something call proxmark3 and a tag capable of communicating as an HID prox. The tags that work at designated T5557, T5567, and T5577. Proxmark is similar to arduino as it has a very large community support forum.

If your just looking for a copy of your key check out www.clonemykey.com


Odd that you choose your first post to resurrect a two year old thread. Fortunately you seem to know little about RFID tags. 

Actually, I've been working with rfid for the past 3 years and am also a CS/CE graduate from UW-Madison. If you do your research and google proxmark3 and T55X7 tags you will quickly learn I do know what I'm talking about. T55x7's are mostly sold on aliexpress.com and proxmark3 is at proxmark3.com or check out it's development community at http://proxmark.org/forum/index.php

Excuse me for posting to an old forum, not all of us are bots. . . 

How am I doing for "not knowing what I'm talking about?"

Grumpy_Mike

Quote
How am I doing for "not knowing what I'm talking about?"

Quite well.
You talk like there is only one sort of RFID tag. The OP did not have the type of RFID tag you talked about.

Quote
I've been working with rfid for the past 3 years

I would have expected you would know a lot more and be a lot smarter after three years, but hey.

The opening of this post stated it is an HID brand. For the most common distro's that narrows it down to HID prox (1-3) (125Khz) or the high security/high cost IClass (13.56Mhz) which I've only seen used once and was implemented to ID challenge only (sad day).

Here are the tags that will emulate all HID 125KHz prox tags
http://www.aliexpress.com/item/10pc-Lot-free-shipping-rewritable-ID-card-T5577-T5567-T5557card-330bits-10-partitions-no-ID-No/620225904.html

Here is some great documentation.
http://proxclone.com/T55x7.html

If you're going down the route of IClass, then you need a special UID changing card, which for IClass is hard to find - but possible. There has been documentation of the UID changing MIFARE 4K classic working under the right circumstances.

I hope not everyone from across the pond is as rude as you are and/or think they know more then everyone else.

Go Up