NonWorking LF Tag; Brand Unknown


I tried to scan my tag for time tracking. But no success other than orange LED.

Ive attached the raw Readings. seems to be PSK

I dont know anyting. no brand written, just the UID. :confused: (39.7 KB)

Edit: it looks like this:

IF it is one of those it might be

  • EM 4100/4200
  • EM 4450/4550
  • Atmel Temic 5567
  • NXP Hitag 1
  • NXP Hitag 2
  • NXP Hitag S256
  • NXP Hitag S2048

If its a Hitag it will probably never work.

Yeah. But still:


Out of curiosity, why is Hitag unlikely to work? Out of available frequency bands? Security features? Some other interesting features?


The fob is just the form factor. Nobody knows what is in.

Have you ever tried to ask somebody who he/she is, without a matching language? It is possible with hands and feet, but the result also will be meh. And you don’t have hands/feet at your flipper, just a antenna ‘to talk’.
No matter how interesting he/she may looks like, you won’t be able to ask for a date to get more information.

I have two fobs from my employer, one to get into the building and one to track my work time. They looking exact the same from the outside, but one has a longer number written on it.
One fob I can read out, emulate, analyze, have a lot of flipper fun.
The other one, I can create ReadRAW dumps and admire the beauty. But as long as I don’t know what is in, I am not able to go on with a analysis. I don’t know the protocol, the language or anything to start.

And some chips have a very strong cryptography. The vendor or manufactor won’t tell us anything about the magic behind. So maybe some day someone is lucky and find a hole by accident. Maybe the system is really really good.
I would be very disappointed in the modern world, if a 200USD tool magically can break every well kept secret and clone everything, even without knowing what it is.

And that’s the reason why nobody want to answer. There is nothing to answer. You’ve got a black box and nobody knows more about it, than you.

So try to find the hole, maybe by brute force? It will take a long time (probably more than our both rest lifespan together) and a lot of computing power. Energy is not cheap these days… Or accept it is hard for everyone and try another fob/card/transmitter …

Edit: I do think, even if you break it open, the chip could be blank, or not give all needed information, for security reason. But I haven’t opened one myself.

As a matter of fact the READ RAW function is intended exactly for this sort of occasion when the TAG is not know and support can be added to flipper by researching the raw data … On RFID/125KhZ cards are not sofisticated and don’t have encryption and are not complex (unlike NFC) so it should be possible for flipper zero team to analyze the raw data and implement the card format on the flipper. No need to brute force anything or pray for a miracle…

1 Like


Thatswhy I already attached the raw reading.
I only bumped the post cause there was no reply from Astra or any other Teammember for nearly two weeks :sweat_smile:

in my Case only the UID seems to be relevant, cause that’s the only thing which is entered in my timetracking profile.

Okay maybe I mixed up NFC and RFID, here. Sorry for that misstatement.

1 Like

Yes, by norm RFID (125 kHz) are very simple tags with ID only and don’t have encryption so you should be ok with read raw but you need for the flipper team to work out on this …

i tried reading it with a proxmark.
No success… it says that it doesnt know it. HF or LF …

I have a simular TAG that I can’t read as well, not sure why.

Try READ RAW and send the files to @Astra to see if it can be implemented on Flipper…