Pages: [1]   Go Down
Author Topic: Copying an RFID tag  (Read 13368 times)
0 Members and 1 Guest are viewing this topic.
Offline Offline
Newbie
*
Karma: 0
Posts: 2
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Hi all,


Please bare with me as I am completely new to this. What would be the best way (or is it even possible) to clone an rfid tag (if it makes a difference it's a HID brand).
Would i be correct in thinking that you could use an arduino board and a parallax RFID reader/writer to first of all find out the HEX key of the existing tag and then write the same HEX key to a second tag?

Thanks,

Pompalomp

 
Logged

Manchester (England England)
Offline Offline
Brattain Member
*****
Karma: 619
Posts: 33975
Solder is electric glue
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
if it makes a difference it's a HID brand
It is not the brand but the type you need to know.

Why do you want to do this, normally it is for some illegal purpose?
Logged

0
Offline Offline
Newbie
*
Karma: 0
Posts: 32
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

It is my (possibly incorrect) understanding that an RFID reader/writer cannot write a full RFID ID string - I believe that only a section of the data string is writable?
Logged

Manchester (England England)
Offline Offline
Brattain Member
*****
Karma: 619
Posts: 33975
Solder is electric glue
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Yes but he was not talking about an RFID writer but something to clone a card. That is make something that fools a reader into thinking another card has been presented. The potential for abuse is obvious and I can't think of a legitimate reason for this. Well in fact I can but I would like to here the OP come up with it.
Logged

Manchester (England England)
Offline Offline
Brattain Member
*****
Karma: 619
Posts: 33975
Solder is electric glue
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Sorry it is not.

I used to design RFID tag readers for a living, you can learn all about tags and how they work from other sources on the net without having to learn the special methods involved in faking a tag.

As for the second reason I would suggest:
1) Purchase your own tag and get you company to enter it into their system. They should be less than $3 each.
2) Don't loose your tag.
Logged

0
Offline Offline
Newbie
*
Karma: 0
Posts: 30
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

i believe trying to forge fake rfid tags is a very valid purpose.

if you break your own system, then you know where it is vulnerable. if you don't attack it yourself, some other person will do eventually. you want that person to be you.

easy or hard heavily depends on the tags type (for MIFARE AES, forget it)

however if it's not your own system, then it's not very legitimate indeed. just don't loose your tags is by far the easiest option smiley
Logged

Manchester (England England)
Offline Offline
Brattain Member
*****
Karma: 619
Posts: 33975
Solder is electric glue
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
if you break your own system, then you know where it is vulnerable. if you don't attack it yourself, some other person will do eventually. you want that person to be you.
No.

Wrong on both counts, it is not inevitable that someone is going to attack your access control system. How many times has someone tried to open your front door and found it locked, perhaps only you when you forgot your key. If you do break your own system where does it get you? You can break any system if you have enough knowledge. Part of the security is not knowing what the system is in the first place.
However publishing how to break a system over the net is stupid and can only encourage illegal use.

A lock only ever stopes an honest man, but let's not put temptation in the path of the waverers.
Logged

Toronto, Canada
Offline Offline
Edison Member
*
Karma: 2
Posts: 1234
"Keep it R.E.I.L. - "Research, Experiment, Investigate and Learn"
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

@Grumpy_Mike

I agree with you. To show this knowledge is "not-ethical".  Too bad, smiley-cry   The school bus I am driving is equiped with GPS and a lots of RFID tags around and inside the bus. I have my ID card, "my" RFID reader / report sender. When I do "check engine", check-in/out, "pre-trip", "child-check" , the reader read those tags on the bus, and send a report. ( example : 1. scan your ID, select "check in or check out" , scan bus ID tag and send report. )

I was planning ( bad idea anyway ) to copy the engine tag and make a "tag" to represent the engine tag. In that way, it will fool the reader thinking it was an engine ID tag. My raison : learning and --> I don't want to open the hood at -25 C or lower.

Oh well, It was a bad idea...  smiley-red

Logged

Offline Offline
Newbie
*
Karma: 0
Posts: 7
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

This all sounds of great interest, especially Grumpy_Mike's comment about "Well in fact I can but I would like to here the OP come up with it."

It's probably true that this kind of information doesn't want to be in the public domain RFID is incredibly insecure. Especially if you have a big enough (powerful enough) reader!

Mind you my knowledge of RFID is poor, grumpy seems to know a lot more than me!
Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 3
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

It's very possible. What you need is something call proxmark3 and a tag capable of communicating as an HID prox. The tags that work at designated T5557, T5567, and T5577. Proxmark is similar to arduino as it has a very large community support forum.

If your just looking for a copy of your key check out www.clonemykey.com

Good luck!
Logged

Manchester (England England)
Offline Offline
Brattain Member
*****
Karma: 619
Posts: 33975
Solder is electric glue
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

It's very possible. What you need is something call proxmark3 and a tag capable of communicating as an HID prox. The tags that work at designated T5557, T5567, and T5577. Proxmark is similar to arduino as it has a very large community support forum.

If your just looking for a copy of your key check out www.clonemykey.com

Odd that you choose your first post to resurrect a two year old thread. Fortunately you seem to know little about RFID tags. 
Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 3
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Actually, I've been working with rfid for the past 3 years and am also a CS/CE graduate from UW-Madison. If you do your research and google proxmark3 and T55X7 tags you will quickly learn I do know what I'm talking about. T55x7's are mostly sold on aliexpress.com and proxmark3 is at proxmark3.com or check out it's development community at http://proxmark.org/forum/index.php

Excuse me for posting to an old forum, not all of us are bots. . . 

How am I doing for "not knowing what I'm talking about?"
Logged

Manchester (England England)
Offline Offline
Brattain Member
*****
Karma: 619
Posts: 33975
Solder is electric glue
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
How am I doing for "not knowing what I'm talking about?"
Quite well.
You talk like there is only one sort of RFID tag. The OP did not have the type of RFID tag you talked about.

Quote
I've been working with rfid for the past 3 years
I would have expected you would know a lot more and be a lot smarter after three years, but hey.
Logged

Offline Offline
Newbie
*
Karma: 1
Posts: 3
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

The opening of this post stated it is an HID brand. For the most common distro's that narrows it down to HID prox (1-3) (125Khz) or the high security/high cost IClass (13.56Mhz) which I've only seen used once and was implemented to ID challenge only (sad day).

Here are the tags that will emulate all HID 125KHz prox tags
http://www.aliexpress.com/item/10pc-Lot-free-shipping-rewritable-ID-card-T5577-T5567-T5557card-330bits-10-partitions-no-ID-No/620225904.html

Here is some great documentation.
http://proxclone.com/T55x7.html

If you're going down the route of IClass, then you need a special UID changing card, which for IClass is hard to find - but possible. There has been documentation of the UID changing MIFARE 4K classic working under the right circumstances.

I hope not everyone from across the pond is as rude as you are and/or think they know more then everyone else.
Logged

Pages: [1]   Go Up
Jump to: