search
githubEdit

FZ - 125kHz RFID

circle-check

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)arrow-up-right Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)arrow-up-right

chevron-rightSupport HackTrickshashtag
LogoWebsec | Uw Cybersecurity Specialistwebsec.nlchevron-right

hashtag
Intro

For more info about how 125kHz tags work check:

Pentesting RFIDchevron-right

hashtag
Actions

For more info about these types of tags read this intro.

hashtag
Read

Tries to read the card info. Then it can emulate them.

circle-exclamation

Note that some intercoms try to protect themselves from key duplication by sending a write command prior to reading. If the write succeeds, that tag is considered fake. When Flipper emulates RFID there is no way for the reader to distinguish it from the original one, so no such problems occur.

hashtag
Add Manually

You can create fake cards in Flipper Zero indicating the data you manually and then emulate it.

hashtag
IDs on cards

Some times, when you get a card you will find the ID (or part) of it written in the card visible.

  • EM Marin

For example in this EM-Marin card in the physical card is possible to read the last 3 of 5 bytes in clear. The other 2 can be brute-forced if you cannot read them from the card.

  • HID

Same happens in this HID card where only 2 out of 3 bytes can be found printed in the card

hashtag
Emulate/Write

After copying a card or entering the ID manually it's possible to emulate it with Flipper Zero or write it in a real card.

hashtag
References

LogoWebsec | Uw Cybersecurity Specialistwebsec.nlchevron-right
circle-check

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)arrow-up-right Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)arrow-up-right

chevron-rightSupport HackTrickshashtag
PreviousFZ - iButtonNextProxmark 3

Last updated