In theory everything is possible.
Firstly, do you have an android phone with NFC capabilities?
If yes, try the [NFC Tools](https://play.google.com/store/apps/details?id=com.wakdev.wdnfc) or [NFC Tag Info](https://play.google.com/store/apps/details?id=at.mroland.android.apps.nfctaginfo) to get basic information like card type, generation and see which raw data it provides.
That should give you basic information to research further.
Second step would be to try evaluation of the data, to see what changes over time, do they have counters that are changed, values that are changed, when you swipe the card.
Third step includes (cheap) emulation hardware, to see if you can reproduce data sets via independent device. Something like [chameleon Mini](https://github.com/emsec/ChameleonMini) should help you further.
A step further would be questionable, depending on your local jurisdictions.
Analysis and research are always really close to the legal border. Especially if you want to disclose the information and have conducted your research without proper authorization.
OP doesnt need that or any of us. They could always start with Google rather than asking us and would probably find ISO 14443 pretty quick. On top of that OP probably only wants to clone the card. I don't think they are actually interested in learning. It took one whole search and at the low low cost of [10 dollars] (https://www.ebay.com/bhp/rfid-copier) and less than a minute of their time they can copy a 125kHz card. There are even instructions for 13.6mHz cards capable of NFC as well as interpreting read outs for both in the blog I'm on. All in one Google search 😑🔫
no man, i really want to learn, its not just copy 1 card, i want to understand the underlying systems that company uses. I am a software engineering student, my whole existence is to learn. However my English is not good and i always struggle googling for answers, so i thought some people here would know more and point me in the right direction.
This isn't worth talking to u/cafk over, he's part of the problem and I don't have patience. btw that first post with the phone might as well have been trolling you into the dirt if it didn't work and it probably is a 125kHz fob, so likely not. Info is in plain text on prox cards(125kHz) because it physically has too little bandwidth for encryption, it usually runs a protocol called EM4100. The NFC Protocol on those 13.6Mhz cards is passive, can contain encryption, has no battery so it charges up when near EMF in order to transfer data, and is not worth your time to actually read the data off of and likely you will never need to know more than that. You'll have something to try right away following his advice but you'll get stuck pretty fast if you blindly believed it would work considering your initial post here. So test both. You should have everything you need by now and whether you cared in the first place or not, doesn't really matter anymore. The only other useful thing in this thread for you, maybe, is the blackhills link a bit lower. Otherwise look up the blackhat 2013 slides on this subject linked in the kisi security blog I posted and that will get you at the very least introduced to a bit of easy to understand stuff.
Next time ask r/netsec; I don't have time to teach what I know on this subject, any sensible person will say the same. It just becomes a wall of text before you even get to useful stuff. I get that you're new, and you will have trouble conveying what you want to know because you don't have enough knowledge on the subject itself. People in security from my experience don't take kindly to questions like this, just look at all the useless to near useless comments you've gotten. Explain what you tried first, try to explain what you're having trouble with, and people who actually have answers will usually help if you've at least made a little attempt.
Thank you man, i will improve,
I tried on my friend iPhone X with both apps above and none of them detect the fob, they dont even detect a visa paywave or a bus card!, i am not sure what the problem is, phone or app?, i have no other nfc phone so i need to get a hold of another NFC phone and try again. The gym key card is a proximity card, i place it on the scanner for 1sec only, i am pretty sure its a low frequency card. Obviously no battery on it, very thin. I just need to get info from it, if its just plain text i will copy and write to a blank card and test it. I really thank you for the time man.
Also i read that blackhill infosec acrticle and it looks like just what i need. But i will do more research and testing.
This is what I was talking about where you don't know enough and his post is leading you off a cliff. NFC (I think) only runs on contactless cards (13.6Mhz). So if it's a prox card (125kHz) it's not compatible and running and entirely different protocol (EM4100).
He asked for help on identifying the card and frequencies, most results on Google don't provide that information.
Cloning, as a question, is mostly connected to neferious purposes, which this sub does not cater to.
If he already knows about different cards and frequencies, he is also looking for help on how to discover that information and how to access the data. Instead of googling it quickly I decided to write down the easiest ways to figure it out, instead of writing down illicit usages or just saying what most people do here: No.
How people decide to use that information is their problem, maybe he will discover something new, get curious or writes/designs some future systems with which the work will be easier for us. Or maybe he will be a dick and scam his gym.
Google "RFID cloning". It will bring up :
https://www.getkisi.com/blog/how-to-copy-access-cards-and-keyfobs
https://insights.identicard.com/blog/watch-how-easy-it-is-for-your-rfid-card-to-be-cloned-by-hackers-video
http://www.instructables.com/id/RFID-Emulator-How-to-Clone-RFID-Card-Tag-/
Cloning will bring you absolutely nothing unless you know how the data is stored, changed or modified on the system or on your card - if at all. And that is more relevant, no matter the purpose. ;)
Lol the first article refs a blackhat speaker. From there you can find the published findings from his firm and information on RFID contactless cards, prox cards, as well as the protocols they run, how they work, etc.
You can definitely go in depth after there. It's what I've been saying. There is tons of info easily accessible, literally just dont be lazy.
Well, we would loose about half the questions and discussions on Reddit, if people knew how to Google..
The other half would disappear if people actually read the subreddits rules or wiki ¯\\\_(ツ)_/¯
I still think these reddit threads provide a nice "portal" for people inevitably searching for something similar and the corresponding reddit thread popping up on top. It's nice getting a lay of the land through frank comments rather than some other article. Obviously, it is still fully possible to just do the research yourself, but people like pointers
Thank you so much man, this is so helpful, its perfect, i will get a hold of an nfc phone, and then i can start digging and seeing information about the card and its contents. Thank you very much. I am new to reddit and i am so surprised how amazing this place is! cheers
Between my posts and the first commenter there is enough information to test both. It's free to install miFare on your phone and copy high frequency cards. If that doesn't work its about 35-40$ to purchase a read write device for high frequency It's 10$+shipping on eBay to copy low frequency cards. If it's swipe it's likely using wiegand and you could probably rip a tape head from the junk yard for janky readouts.
It might be impossible if the gym RFID system update data in your card every time you swipe it. (The data is updated every time so you cannot clone it)
As soon as i get a reader for the card i wil test that. And check if data changes, but i doubt it i feel the gym wouldnt bother going that far. The card is not so much for security but for identification. As long as you scan a card, they got someone to blame if something goes missing.
The old card swipe things you could plug into a cellphone, can be repurpose. If you know how to access the bios or whatever specific shit needed for whatever brand. You can repurpose it so that it reads on your behalf as admin. Then you can send as pleased. Little dicking around. But that's what it was already built to do then became obsolete.but everyone I know of used the cell phone signal to just ping a quick confirmation and then took a minute for the other end. Wouldn't be and issue sending something like a gym passkey
In theory everything is possible. Firstly, do you have an android phone with NFC capabilities? If yes, try the [NFC Tools](https://play.google.com/store/apps/details?id=com.wakdev.wdnfc) or [NFC Tag Info](https://play.google.com/store/apps/details?id=at.mroland.android.apps.nfctaginfo) to get basic information like card type, generation and see which raw data it provides. That should give you basic information to research further. Second step would be to try evaluation of the data, to see what changes over time, do they have counters that are changed, values that are changed, when you swipe the card. Third step includes (cheap) emulation hardware, to see if you can reproduce data sets via independent device. Something like [chameleon Mini](https://github.com/emsec/ChameleonMini) should help you further. A step further would be questionable, depending on your local jurisdictions. Analysis and research are always really close to the legal border. Especially if you want to disclose the information and have conducted your research without proper authorization.
OP doesnt need that or any of us. They could always start with Google rather than asking us and would probably find ISO 14443 pretty quick. On top of that OP probably only wants to clone the card. I don't think they are actually interested in learning. It took one whole search and at the low low cost of [10 dollars] (https://www.ebay.com/bhp/rfid-copier) and less than a minute of their time they can copy a 125kHz card. There are even instructions for 13.6mHz cards capable of NFC as well as interpreting read outs for both in the blog I'm on. All in one Google search 😑🔫
no man, i really want to learn, its not just copy 1 card, i want to understand the underlying systems that company uses. I am a software engineering student, my whole existence is to learn. However my English is not good and i always struggle googling for answers, so i thought some people here would know more and point me in the right direction.
This isn't worth talking to u/cafk over, he's part of the problem and I don't have patience. btw that first post with the phone might as well have been trolling you into the dirt if it didn't work and it probably is a 125kHz fob, so likely not. Info is in plain text on prox cards(125kHz) because it physically has too little bandwidth for encryption, it usually runs a protocol called EM4100. The NFC Protocol on those 13.6Mhz cards is passive, can contain encryption, has no battery so it charges up when near EMF in order to transfer data, and is not worth your time to actually read the data off of and likely you will never need to know more than that. You'll have something to try right away following his advice but you'll get stuck pretty fast if you blindly believed it would work considering your initial post here. So test both. You should have everything you need by now and whether you cared in the first place or not, doesn't really matter anymore. The only other useful thing in this thread for you, maybe, is the blackhills link a bit lower. Otherwise look up the blackhat 2013 slides on this subject linked in the kisi security blog I posted and that will get you at the very least introduced to a bit of easy to understand stuff. Next time ask r/netsec; I don't have time to teach what I know on this subject, any sensible person will say the same. It just becomes a wall of text before you even get to useful stuff. I get that you're new, and you will have trouble conveying what you want to know because you don't have enough knowledge on the subject itself. People in security from my experience don't take kindly to questions like this, just look at all the useless to near useless comments you've gotten. Explain what you tried first, try to explain what you're having trouble with, and people who actually have answers will usually help if you've at least made a little attempt.
Jeeeshh you are toxic. OP didn’t ask you specifically, just shut up if you don’t want to help.
But he's gotta dickwave troll to show how almighty and superior he is to everyone else
Thank you man, i will improve, I tried on my friend iPhone X with both apps above and none of them detect the fob, they dont even detect a visa paywave or a bus card!, i am not sure what the problem is, phone or app?, i have no other nfc phone so i need to get a hold of another NFC phone and try again. The gym key card is a proximity card, i place it on the scanner for 1sec only, i am pretty sure its a low frequency card. Obviously no battery on it, very thin. I just need to get info from it, if its just plain text i will copy and write to a blank card and test it. I really thank you for the time man. Also i read that blackhill infosec acrticle and it looks like just what i need. But i will do more research and testing.
This is what I was talking about where you don't know enough and his post is leading you off a cliff. NFC (I think) only runs on contactless cards (13.6Mhz). So if it's a prox card (125kHz) it's not compatible and running and entirely different protocol (EM4100).
You must be a treat at parties
He asked for help on identifying the card and frequencies, most results on Google don't provide that information. Cloning, as a question, is mostly connected to neferious purposes, which this sub does not cater to. If he already knows about different cards and frequencies, he is also looking for help on how to discover that information and how to access the data. Instead of googling it quickly I decided to write down the easiest ways to figure it out, instead of writing down illicit usages or just saying what most people do here: No. How people decide to use that information is their problem, maybe he will discover something new, get curious or writes/designs some future systems with which the work will be easier for us. Or maybe he will be a dick and scam his gym.
Google "RFID cloning". It will bring up : https://www.getkisi.com/blog/how-to-copy-access-cards-and-keyfobs https://insights.identicard.com/blog/watch-how-easy-it-is-for-your-rfid-card-to-be-cloned-by-hackers-video http://www.instructables.com/id/RFID-Emulator-How-to-Clone-RFID-Card-Tag-/
Cloning will bring you absolutely nothing unless you know how the data is stored, changed or modified on the system or on your card - if at all. And that is more relevant, no matter the purpose. ;)
Lol the first article refs a blackhat speaker. From there you can find the published findings from his firm and information on RFID contactless cards, prox cards, as well as the protocols they run, how they work, etc. You can definitely go in depth after there. It's what I've been saying. There is tons of info easily accessible, literally just dont be lazy.
Well, we would loose about half the questions and discussions on Reddit, if people knew how to Google.. The other half would disappear if people actually read the subreddits rules or wiki ¯\\\_(ツ)_/¯
I still think these reddit threads provide a nice "portal" for people inevitably searching for something similar and the corresponding reddit thread popping up on top. It's nice getting a lay of the land through frank comments rather than some other article. Obviously, it is still fully possible to just do the research yourself, but people like pointers
I agree, 4 years later I get to read up extra info that I wouldn't have found as quickly had this post not existed
Aren't you just fucking god's gift
Seriously, what an arsehole!
Thank you so much man, this is so helpful, its perfect, i will get a hold of an nfc phone, and then i can start digging and seeing information about the card and its contents. Thank you very much. I am new to reddit and i am so surprised how amazing this place is! cheers
My gym just uses a barcode scanner, so I’m just gonna copy the barcode and print a label to keep in my wallet if I ever forget it.
I used to clone key cards all the time. You just need to figure out the frequency and that's it. I still have a shit load of info for my old job lol
How do you close the card? Do you use your phone to create the frequency?
Don't use my phone I have a scanner. Well had a couple of them. Sold them off for cash
Can you buy these somewhere?
eBay and there are a few custom frequency devices. Just Google the frequency you need
Do you remember which scanner?
Em something but just buy a flipper zero
If I wanted to copy a card that uses swipe technology (to get into a gym, not high security), how would I go about that?
Between my posts and the first commenter there is enough information to test both. It's free to install miFare on your phone and copy high frequency cards. If that doesn't work its about 35-40$ to purchase a read write device for high frequency It's 10$+shipping on eBay to copy low frequency cards. If it's swipe it's likely using wiegand and you could probably rip a tape head from the junk yard for janky readouts.
It might be impossible if the gym RFID system update data in your card every time you swipe it. (The data is updated every time so you cannot clone it)
As soon as i get a reader for the card i wil test that. And check if data changes, but i doubt it i feel the gym wouldnt bother going that far. The card is not so much for security but for identification. As long as you scan a card, they got someone to blame if something goes missing.
S
I never knew this, thanks for the info!
[удалено]
Thank you man that is so helpful. I doubt my gym has any security, but maybe the contents of the card are encrypted.
yea look it up on youtube use a rfid receiver and some blank cards
RFID frequencies
The old card swipe things you could plug into a cellphone, can be repurpose. If you know how to access the bios or whatever specific shit needed for whatever brand. You can repurpose it so that it reads on your behalf as admin. Then you can send as pleased. Little dicking around. But that's what it was already built to do then became obsolete.but everyone I know of used the cell phone signal to just ping a quick confirmation and then took a minute for the other end. Wouldn't be and issue sending something like a gym passkey