I need to unlock a 13.56 MHZ RFID lock; I lost the only programmed card

I bought an RFID lock from Wooch in 2018 and lost the only card I had programmed to open it. Is there any one who can help me figure out how to use the Flipper Zero to get it unlocked?

It looks like default LF tags, so pm3 with proxbrute and a afternoon of waiting for results could work, but if you do not want to port proxbrute from github to the FZ, you could try the rfid fuzzer application options, and see if some default codes like all 0 or F or 12345xxxxx would work as a factory default reset. If you do not have the ID of the lost/only programmed card, brute-forcing seems to be the only option and that could take a while. I would expect the lock to have a reset option so you can program new badges to it if you have physical access. So physical resetting the look should be a option, at least, that is what i would expect from such kind of locks, but I am a bit naive and hopeful so I also know that reality fails are common. Hope the fuzzer or proxbrute can help you fix the lock if local reset options are not available.

1 Like

Thanks for your response. Yep, the lock is inside the locked cabinet, so no physical access without drilling into bottom of cabinet, which I’m trying to avoid. Where can I find info on how to perform procedure you recommend?


for optional extra’s like applications for rfid purposes, you could check UberGuidoz repository on github,

if you want a proxbrute option without porting it to the flipper , its not the cheapest alternative option but it does work and pretty fast, it does require a proxmark3 also available form Lab401 (also sells FZ). They also sell all needed LF and HF kinds of cards and keyfobs so you can make your own new ones.

But before buying more stuff i would recommend trying github for options first, also for the FZ there are some fuzzer options that are pretty cool to check.

GitHub - UberGuidoZ/Flipper: Playground (and dump) of stuff I make or modify for the Flipper Zero for example, but for rfid/mifare tags i personally prefer the pm3 so you can use the local CPU, where the flipper is limited to the 64mhz onboard. Especially if you are going into more safe tags like desfire options, but those LF tags are nowhere near that, and the flipper should be able to do the trick for this case, if you’re bored enough. you could look into some unsupported FW options first before ordering the entire PM3 kit.

https://lab401.com/products/proxmark-3-rdv4 it is not the cheapest hardware around, but for the options, and antenna features and the add-on option to have it wireless with bt, for me was definitely worth it also the tags at lab401 are rock solid and can take a lot of abuse from warranty voiding custs like me.

You do need to be interest in the topic going deep and going for the PM3, but it sure is a great tool. If the lock is only a fraction of the price, i would take the makita , and get a new lock being done in 20 minutes. :slight_smile: If you are as crazy as me, I would not give in till its open without breaking the lock, but I also have no (social) life so it depends on your situation :slight_smile: persistence can make anything possible.

I still haven’t figured out how to unlock the RFID (a M1 13.56 MHZ). Any chance you could help me figure out how to use the flipper zero to do that?