My first task is to clone some old RFID cards I have on hand. Today, we’re working with a HID iCLASS card, commonly used for building access. Our Proxmark is able to identify the card type and read the relevant information. The search scans through all the different possible types of low frequency cards and identifies it as a HID Prox ID. HID cards use variations of the basic 26-bit Wiegand protocol, which provides the formatting convention to read binary card data. This particular card is a HID Corporate 1000, which uses a more complex 35-bit layout that allows the security system manager to set a unique formatting convention.

The Facility Code and the Card Number form the unique access credentials for this card. Each separate security system has a unique Facility Code, guaranteed by the folks at HID. Each security system then allocates Card Numbers for its people. Note: the Card Numbers may not be unique across systems. The combination of Facility Code and Card Number prevent inadvertent cross-system access. These are the only two pieces of information we need to encode the TAG ID, which is the unique identifier for this card. We write this TAG ID to a T5577 card, a generic low frequency cloning card compatible with many protocols.

We now have a cloned T5577 card that has the same signature as the original HID card. The Proxmark platform’s high-quality tooling makes cloning HID cards trivial.