Need help interpreting raw RFID data


I’ve recently acquired raw data from a couple of RFID access cards that the Flipper is unable to decode.

The cards operate at 125khz and the corresponding access control units are made by Paxton. The readers do react to an EM4100 attack by the Fuzzer app, but without success. Trying to emulate the RFID data also leads to no success.

Could someone please help me analyse the raw data, as i lack any experience working with such software? I’m providing all the acquired raw files in attachment.

Thanks in advance! (517.9 KB)

Do the RAW recordings work if you emulate raw ?

Unfortunately not.

Before you’re about to analyze garbage data, I suggest to write the dump on a compatible card and try to unlock the system.
Based on the assumption you own the system! Else this would be illegal.

The Flipper is not very good at emulating, some readers won’t accept a Flipper emulated dump, because of bat/slow/wrong timings. On the emulation side, the dump could be valid anyway.

Solution: The Flipper is able to write a dump to an empty card, and the cloned card will respond as a card would do it in front of the reader.

Thanks for the reply! I’m eager to try this, but i can’t find an option to write the raw file to a card anywhere, i can only emulate it. Could you please provide some instructions on how that’s done?

Maybe @Astra will be able to help?

Not all cards are write able. And while answering I overlooked the detail that your card is not parsed. I doubt the Flipper is able to just write raw data.
Details are in the official documentation: Writing data to T5577 cards - Flipper Zero - Documentation

Here are the currently supported protocols: Adding 125 kHz cards manually - Flipper Zero - Documentation … Maybe there is any similar to yours and it can be forced to be detected as?

I do have writeable cards, that’s not an issue.

That’s the main problem, i do not know what protocol my card utilizes and the flipper fails to read anything from it, unless in raw.

Uhm… Search?
Paxtons are well-known unsupported, with suggestions floating around.

The access cards in question aren’t the proprietary paxton fobs, also the readers (Paxton P50) support non-proprietary protocols, and as i said, do indeed respond to an EM4100 attack by the flipper. This all leads me to believe, that the flipper should capable to read such cards. Could be wrong though.

Not sure on this part…

…but this is normal - refer to the link above

By getting the raw data is only for reading the Paxton fob. I am not sure if the Paxton Net-2 reader is capable to get some deep info about it. Also Paxton system is licensed.