Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi, I have the Id ( Hexadecimal: 527F83E3 ) for a 32 bit G-prox card, how can I use this to clone the card using PM3.
In other word how to get the Raw from this Id, so I can write the Blocks 1 to 4.
Is it possible to Clone a G-prox using Pm3, directly knowing FC & CN
Cheers
Offline
PLS see topic http://www.proxmark.org/forum/viewtopic.php?id=1459
usually G-Prox cards printed decimal number.
you have the number [527F83E3] printed on the card?
Offline
Hexadecimal: 527F83E3
Temic
0 0x00150060
1 0x1BC6E5BC
2 0x6F395817
3 0xB9E81BDF
Offline
*hm* use the 'lf guard' commands
Offline
thank you all for your respond,
Sentinel, how did you get the value for block 1,2 and 3.
when I write these blocks, I get the different ID: 8E4D2E5D G prox 32bit.
Iceman : I tried " Lf guard " on my PM3 Does not work, What can cause this,
Thanks for your help
Offline
...depends on which firmware/client you use...
Offline
hi Iceman,
I use PM3-bin2.5.0
Can you please let me know if there is a better version that supports Other commands,
Cheers
Offline
for calculate CRC10 I use GROX reader and brute-force attack
Try that: 00000000 (32 bit zero) card
0 0x00150060
1 0x0AD2A4AC
2 0x2B0AC2B0
3 0xAC2B0ADF
Offline
Hi Sentinel,
I did try it, Again Wrong ID 510A884f comes up.
Offline
the original thread deals with 26bits,
ref http://www.proxmark.org/forum/viewtopic … 790#p14790
Offline
Thanks Iceman,
If I may can you help me with the following issue as well,
I am trying to Clone an HID prox II fob as well, the Id that I get from PM#3 search is 9e00001fd4827f000134320 (41360), I think is 84 bit
I use " lf hid clone 9e00001fd4827f000134320 l " to clone it
But when do a "lf search" on the cloned T5577 The read out is 9e9e00001fd4827f000134320 there is an added 9e in the beginning of the new id, what causes this?
Cheers
Offline
its a preamble thing, which gets added to the clone. So don't add the 0x9e when cloning.
I know, its not very clear and not userfriendly.
Offline
Thank you,
It Works. I respect you Rfid knowledge.
cheers
Offline
funny thing is that I notice the same thing for some weeks ago when I was remaking the "wiegand" part and were aiming for a more unified output from 'lf search'. I thought "noone will ever notice since its been there for a long time"... and here you come.
Offline
it is very rare to find a long hid formatted card. i bet very few if any have actually used that piece of code.
Offline
Hi Sentinel,
where can i find a GROX reader, or other reader that can be used,
Also i have read about brute-force attack, but a bit confused,
please direct me to right resource regarding this subject.
cheers
Offline
hi Fidel!
I use Mullion arming station G-prox, and Wiegand indicator
When write to Temic this:
0 0x00150060
1 0x1BC6E5BC
2 0x6F395817
3 0xB9E81BDF
Reader show 527F83E3 (32bit)
G-Prox uses 10-bit polynomial to verify the authenticity of the card
To create the correct card has to go through all the options in 1024
10-bit polynomial remains a mystery
Offline
If U need only copy the card - use proxmark )
Offline
If U want a card number to make it a clone (the original card you do not have), you will need a card reader G-Prox, and a lot of free time, because at card will have to be written Temik 1024 times, and then test them on the reader G-Prox
Offline
Hi Sentinel,
Thank you for the info,
You mentioned If I need to copy the card use PM3,
Can you please let me know How it is done?
I do not see any command under G-prox
I am using bin-2.5
Can you please clarify the steps needed.
Cheers
Offline
Pages: 1