Need help interpreting raw RFID data

Cosmiclight · February 9, 2024, 5:11pm

Greetings!

I’ve recently acquired raw data from a couple of RFID access cards that the Flipper is unable to decode.

The cards operate at 125khz and the corresponding access control units are made by Paxton. The readers do react to an EM4100 attack by the Fuzzer app, but without success. Trying to emulate the RFID data also leads to no success.

Could someone please help me analyse the raw data, as i lack any experience working with such software? I’m providing all the acquired raw files in attachment.

Thanks in advance!

Raw_data.zip (517.9 KB)

Spildit · February 9, 2024, 7:23pm

Do the RAW recordings work if you emulate raw ?

Cosmiclight · February 9, 2024, 8:06pm

Unfortunately not.

LupusE · February 10, 2024, 11:09am

Before you’re about to analyze garbage data, I suggest to write the dump on a compatible card and try to unlock the system.
Based on the assumption you own the system! Else this would be illegal.

The Flipper is not very good at emulating, some readers won’t accept a Flipper emulated dump, because of bat/slow/wrong timings. On the emulation side, the dump could be valid anyway.

Solution: The Flipper is able to write a dump to an empty card, and the cloned card will respond as a card would do it in front of the reader.

Cosmiclight · February 10, 2024, 5:44pm

Thanks for the reply! I’m eager to try this, but i can’t find an option to write the raw file to a card anywhere, i can only emulate it. Could you please provide some instructions on how that’s done?

Magan · February 10, 2024, 6:05pm

Maybe @Astra will be able to help?

LupusE · February 10, 2024, 6:15pm

Not all cards are write able. And while answering I overlooked the detail that your card is not parsed. I doubt the Flipper is able to just write raw data.
Details are in the official documentation: Writing data to T5577 cards - Flipper Zero - Documentation

Here are the currently supported protocols: Adding 125 kHz cards manually - Flipper Zero - Documentation … Maybe there is any similar to yours and it can be forced to be detected as?

Cosmiclight · February 10, 2024, 6:32pm

I do have writeable cards, that’s not an issue.

That’s the main problem, i do not know what protocol my card utilizes and the flipper fails to read anything from it, unless in raw.

maqumih · February 11, 2024, 6:49pm

Uhm… Search?
Paxtons are well-known unsupported, with suggestions floating around.

Cosmiclight · February 11, 2024, 8:52pm

The access cards in question aren’t the proprietary paxton fobs, also the readers (Paxton P50) support non-proprietary protocols, and as i said, do indeed respond to an EM4100 attack by the flipper. This all leads me to believe, that the flipper should capable to read such cards. Could be wrong though.

maqumih · February 16, 2024, 6:49pm

Not sure on this part…

…but this is normal - refer to the link above

Magan · February 21, 2024, 10:57am

By getting the raw data is only for reading the Paxton fob. I am not sure if the Paxton Net-2 reader is capable to get some deep info about it. Also Paxton system is licensed.