Brute forcing an HID RFID reader using a HID Corporate 1000 35 bit format. Card number has been randomly generated and copied onto a blank T5577 card for testing. Requires a proxmark3.
Instructions for elechouse RDV2 model.
Write firmware.
Hold button 2 seconds(enter standalone)
Short press button several times until A&C are lit
Hold button 2 seconds until D&A&C are lit.
Read a valid tag.
Short press button B&C&A are lit.
Now brute forcing tag decrementing card numbers.
Short press button again to increment card numbers.
https://legacysecuritygroup.com/index.php/projects/recent/9-rfid/7-proxmark-3-emulating-hid-tags-in-standalone-mode
Firmware available precompiled with easy flasher script for Windows from:
https://github.com/exploitagency/github-proxmark3-standalone-lf-emulator
Slightly updated commit that compiles properly from:
https://github.com/exploitagency/hid1000-bruteforce
Original source:
https://github.com/federicodotta/proxmark3
- Post Time: 10-09-17 - By: http://www.rfidang.com