What frequency do UNIQUE, T5577 and EM4305 tags use?
All three operate at 125 kHz, the dominant low-frequency RFID band [Elektroda, TechEkspert, post #20605119]
The inside of the UNIQUE 125kHz key copier
TL;DR
- The teardown examines a UNIQUE 125 kHz key copier used to duplicate access tags after a move.
- Inside are two AAA batteries, a UNIQUE communication coil/antenna, a small PCB, and a main control unit marked F300.
- The copier reads a constant 64-bit string from a tag and writes 8 bytes to T5577 or EM4305 key fobs.
- U1 generates the read control signal, Q1 drives the buzzer, and Q2/Q3 control coil current; detection takes 10 ms.
- The author flags security concerns about multi-system copiers claiming 125 kHz to 1000 kHz support and bundled software that may hide extra features.
Generated by the language model.
Of course, we will replace this "system" with connected MIFARE readers, but everything in order. To make it easier for yourself, you need to "multiply" your UNIQUE tags. A copier was used for this, reading a constant string of 64 bits from the applied tag to memory and writing a string of 8 bytes to the T5577 or EM4305 key chains. In this way, for "PLN 100" we have the freedom to move around, without excessive investment in a makeshift, which is intended for disassembly.
Below is the inside of the copier, which is mostly empty space
a basket of two AAA batteries, a UNIQUE communication coil/antenna and a small printed circuit board. The main control unit is designated F300.
Transistor Q1 controls the buzzer without a generator, transistors Q2 and Q3 control the coil current. U1 during the reading generates a control signal that goes through R8 to the transistors.
The signal on the coil looks like this:
Detection takes 10ms.
There are no SMD components on the other side of the PCB.
The device did its job well and we will not waste funds on checking how to change the settings of existing readers, especially since each of them is of a different type and some of the cards did not work. This is a good solution to reduce the urgency of replacing the access control system.
When looking for a copier, I thought hard about the security of such solutions, because the search engine showed multi-system copiers for tags, working at frequencies of 125 kHz, 250 kHz, 500 kHz, 375 kHz, 625 kHz, 750 kHz, 875 kHz, 1000 kHz, but also those that supposedly duplicate Mifare HID cards. Some have bundled software that supposedly decodes scanned cards (whatever that means). It is difficult to predict whether bundled software from a little-known publisher has bugs or "hidden features".
TechEkspert wrote 7018 posts with
rating 5445 , helped 16 times.
Been with us since 2014 year.
Comments
I found such a copier for PLN 10 with a bag of keyrings. As it turned out, it is not compatible (keyrings too) with the KD system that we have in the company. On the other hand, for copying Mifare, I use... [Read more]
What is the general process of "programming" a TAG? It receives some command, then 8 bytes and then sends these 8 bytes each time? Is such a tag writeable only once? [Read more]
The keychains are programmable many times and cost about PLN 3. Originally, UNIQUE key chains and cards had a factory-assigned number just like "Dallas pills" DS1990A. I wonder why the programmed keyrings... [Read more]
My tags (cards and keyrings) are rewritable, you can delete, assign your own numbers. [Read more]
I have a similar device somewhere and you can select several different frequencies, but the cards that I use at work do not respond, practically no other reader except those at the company, even a pinball... [Read more]
I changed the title to 125 kHz, out of curiosity you can check your KD, whose tags cannot be read. Using an oscilloscope and a coil close to the reader, you can determine what frequency your system is... [Read more]