Unable to read and determine card type

All, I have a badge card that I have been unable to read and don’t know what technique to try. Attached is a picture of a symbol on the card, adjacent is alphanumeric characters
ex: 1234-5678A
card

I think you are looking at Fairpointe data

image

image

I belive they make a variety if products, in card form it is likely to be either LF 125khz OR HF 13.56MHz

Turn NFC on, on your phone, and scan the tag, if it reads it will be HF if it doesn’t, it is either not NFC compliant or it is Low Frequency.

OR
Do you happen to have a ProxMark or iCopy or similar?

Let me know how you go

1 Like

Still unable to read via LF or HF on this particular card with Flipper, tried restarting, updating firmware, etc. Works fine reading various NFC, Mifare, EMV cards in my possession.

Can your phone read the card in question?

No, cannot read the badge card on my phone either. The badge card is thin, but the picture and logo do not allow light through to view the coil. This badge was used a few weeks ago and has a protective holder, so I do not think it’s damaged.

Ok, then it seems that it’s a 125khz tag, but an unsupported one. If you have a proxmark3, you can scan it and send the details here

I don’t own any other RFID or RF tools besides some cheap RTL-SDR dongles

Then I don’t think we can help you in any way, there’s just not enough info to do anything

Thanks,
I see many Proxmark3 for sale online at all kinda prices, is there an official seller or generic product that will work best?

There’s basically two options if you want to buy a proxmark3: the cheap “easy” version and an expensive “RDV4” version.

In your case, the easy version will be enough, so I recommend buying it, as it’s significantly cheaper and has mostly the same functionality.

product_10260_proxmark3easy-front-angle-416x416

Thanks. lots of good documentation to use Proxmark3 on Kali Linux

You’ll probably want the IceMan fork on there.

You can buy an PM3 Easy with it preinstalled from Dangerous Things

Here is a good guide to follow, I personally used it about a week ago

GUIDE

Also if you get stuck, or have questions with the PM3, the best place to search / ask is probably the RFID Hacking Discord, here’s an invite

There are also many users that can help you out on the Dangerous Things Forum

or
Dangerous Discord

In my opinion, The Flipper will be a much better easier tool to use than the PM3, but it is just not quite there yet with its library and read/write/ clone capability…
so for the time being, the PM3 is your best option/tool

The proxmark3 in the DT shop is really overpriced tho

Hey all. I’ve been trying to dig into this a bit, and I’m wondering if this helps. Pulled it out of the DT forums where they appear to be discussing the same, or at least very similar, devices.

On Feb 20th Compgeek posted a dump that looks like this:

[=] Checking for known tags…
[=]
#db# Starting Hitag reader family
#db# Configured for hitag2 reader
#db# Unknown frame length: 160
#db# TX/RX frames recorded: 3
[-] No known 125/134 kHz tags found!

[=] Checking for unknown tags:

[-] no repeating pattern found, try increasing window size
FSK2 decoded bitstream:
11110000011111111111111100011111
01111111011111110111111101100010
11110000011111111111111100011111
10110010011110111110110101100000
01111101111101111100111100100111
01111111011111110111111101100010
01111101111101111100111100100111
10110010011110111110110101100000
11110000011111111111111100011111
01111111011111110111111101100010
01111101111101111100111100100111
10110010011110111110110101100000
1111000001111111111111111111

Unknown FSK Modulated Tag found!

I hope that’s helpful!

1 Like

Was it ever discovered how to clone it, or well how to do it on the flipper? Cuase I have the same famous purple tags and I would love to learn how to emulate it!

So I was able to do a way dump and look at the PSK Raw File in which I found at 1136 8 byte offset is my Purple Fob Matching Code Sequene.

It had the following encoded data with FSK2A (invesion) which is why it wasn’t recognized!

Also with the printed ID code, the last sequence is Decimal not Hex. So hence it would be Hex Code for 5 digits then the final digit is a Decimal that needs transfered to HEX.

I am not trying to manually enter it, as Hex, Big Indian, etc.

But if this works you should be able to duplicate from the number on any card print.

Wild decoding the stream after having the raw dump to match.

So there is inversion, written in blocks backwards with break bits and buffer code to fill the block.

But pretty cool!

Example if you have 44aba96 printed on your card:

it shows up as 0x1324BA60CAB0C44

or
01324BA60CAB0C44

Good luck as I test mine tomorrow!

Hi any updates?