Compatible RFID tags. (Post your tested tags here) #1
Comments
|
LINK: https://www.ebay.com/itm/154522184516 |
Do you have a source for the adhesive ones? |
These for example Ordered today Edit: |
How do you modify the ACL bits, could you update the readme with how to clone a tag? |
I can confirm that they work. |
|
So is this working perfectly? Are all issues sorted? If so, are the settings tied to a database or can you make your own settings? |
|
Well, I just started playing with it today. So I can't say much yet. |
What is it mean exactly pls ? Im trying to make my own stickers, where i need only change color and material type.. Is this possible or i can just clone it ? Can you also add link what tag did you use please ? Best would be aliexpres... regards |
It just means that: but it does NOT mean that is already possible to customize the tags. |
|
Hey, just wanted to post that I bought those same aliexpress tags and was able to duplicate one of my spools tags. The AMS reads it just fine. However, if I change any of the data (such as the color), the AMS no longer reads the tag. So yeah, there's some kind of checksum for sure. Annoyingly, the tags seem to only support being written once (at least, with the |
you can wipe the tag with "hf mf wipe" and then rewrite it. |
But still can we make our own tags or not? I just want to change color and material.... Not sure if this is possible, i know @avwuff did try that but can more ppl confirm it pls? |
|
The only thing you can currently do is cloning the tag and place it to an other spool with the same color and material. |
|
If we compile a list together of each spools data, we basically have achieved the ability to use 3rd party spools and filaments and have them autodetect so long as we write the proper tag data. We found tags that work that are third party, so we do not need to use BL originals salvaged and carefully labeled/organized for future reuse, thats good! Where are we compiling the list of tag dumps to find out if they are anonymous enough that BL won't be able to come after those who submitted them by tracing them to an order somehow? This solution is breaking their grip on forcing customers to buy BL spools/filament to have the convenience of auto-ams-detection/settings. I own one of every BL spool they sell right now, organized on a excel spreadsheet. Lets take this to the next level - reach out to me to colab. |
this is good count me in :) Im still waiting for my PX3 but i would be very glad to participate on this... Im pretty sure there is not a problem to established the annonym vps and make simple app to share this data between each other... :) How can i contact you? |
|
I have proxmark3-ez.I have another more robust one with different addons somehwere... but it seems just basic kit is enough.I wonder what kind of brute force horsepower is needed? I have a rack of 4090s? I have a server farm with a few hundred cores? Rainbowtable?Then that leaves record keeping. The serial number is associated with the tag. Ideally before we could go public we would need to crack the crc to validate our own tags as authentic. Until then though, an underground private dump list is being made somewhere already.I am hoping I can validate myself to get access to the existing project. Right? Someone has to have a pile of dumps already and can write the tags...Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message --------From: michalss ***@***.***> Date: 9/7/23 2:34 AM (GMT-06:00) To: Bambu-Research-Group/RFID-Tag-Guide ***@***.***> Cc: warbarz ***@***.***>, Comment ***@***.***> Subject: Re: [Bambu-Research-Group/RFID-Tag-Guide] Compatible RFID tags. (Post your tested tags here) (Issue #1)
If we compile a list together of each spools data, we basically have achieved the ability to use 3rd party spools and filaments and have them autodetect so long as we write the proper tag data. We found tags that work that are third party, so we do not need to use BL originals salvaged and carefully labeled/organized for future reuse, thats good!
Where are we compiling the list of tag dumps to find out if they are anonymous enough that BL won't be able to come after those who submitted them by tracing them to an order somehow? This solution is breaking their grip on forcing customers to buy BL spools/filament to have the convenience of auto-ams-detection/settings.
I own one of every BL spool they sell right now, organized on a excel spreadsheet. Lets take this to the next level - reach out to me to colab.
this is good count me in :) Im still waiting for my PX3 but i would be very glad to participate on this...
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
|
@warbarz I've got a Proxmark3 on the way and I've got quite a few Bambu filaments that I'm planning to scan. I'm really interested in this project (although it seems to have stalled somewhat). My plan at this stage is to collect as many unmodified Bambu tag data as I possibly can and make this available on a public website for download. The vision here is you'd be able to select your colour, filament type and if we have it stored somewhere provide it as a download to the user - if we don't have it then we provide instructions to easily dump the tag on the filament. Even setting up a postage address where people could send their tags, along with the data of the filament it came from could help for less technically minded people. Anybody who's interested in helping, please do reach out! |
|
Am I missing something? I've made a dump of my tag and written it to a CUID gen2 sticker. I then dumped it and compared it to the dump from the original tag and they match, however my AMS doesn't recognise it. We don't get the B keys do we? I've only got A keys. Would this matter? |
|
Not all Magic Tags are created equal. Some Gen2 tags have a write-once UID, and others have an infinite-write UID. The tags with a write-once UID (also known as FUID for fused-UID) work fine. The gen2 tags that I got do not work, but the gen2 tags that someone else got on the discord channel seem to work. |
I bought these ones exactly, I ran the command given - doesn't work, and after the AMS has tried to read it, pm3 shows no tag found if I try and read it. |
|
Do we need a physical initial tag or is the information to clone a tag here? What tags are currently working for this? Very interested in this! |
|
It seems like there was a big push for this, but it feels like it's gone somewhere else. Is there a better place for this conversation that someone can point us to? |
and how you modified the ACL? |
|
Just wanted to mention that it appears that Bambu's tags ARE SUSCEPTIBLE to the recently discovered Mifare 1k Classic backdoor key (A396EFA4E24F)! This means that they can now be fairly easily dumped WITHOUT having to do any sniffing. This should make it much easier for anyone with a PM3 device to dump data. You simply use the "fm11rf08s_recovery.py" script and in under 15 minutes, you'll have the full set of keys (A & B) for a Bambu tag. |
That's awesome! I'm pretty new to using scripts. Is there a guide you can point me to? Also, do you know if there are a bunch of tag dumps somewhere so I can write tags for filaments I haven't bought from Bambu? |
As for scripts -- make sure you are using the latest version of Iceman's stuff (i.e. do a new git clone/download and update the firmware on your PM3 device too). And then you run the script by just doing "script run fm11rf08s_recovery.py". As for the tag dumps -- I don't know of any, but that is what would be very useful. Then we could just all write our own bunch of tags for various filament types and colors and be all set. Someone above basically said that he had every color from Bambu. So we just need a way to put them all together for download for those that want to write out some RFID clones. |
|
Oh, it's built into Iceman's firmware? I'm have to break out the PM3 this
weekend. Thanks. If I can figure it out, maybe I'll reach out to dude above.
…On Wed, Sep 25, 2024, 16:10 John ***@***.***> wrote:
That's awesome! I'm pretty new to using scripts. Is there a guide you can
point me to? Also, do you know if there are a bunch of tag dumps somewhere
so I can write tags for filaments I haven't bought from Bambu?
As for scripts -- make sure you are using the latest version of Iceman's
stuff (i.e. do a new git clone/download and update the firmware on your PM3
device too). And then you run the script by just doing "script run
fm11rf08s_recovery.py".
As for the tag dumps -- I don't know of any, but that is what would be
very useful. Then we could just all write our own bunch of tags for various
filament types and colors and be all set. Someone above basically said that
he had every color from Bambu. So we just need a way to put them all
together for download for those that want to write out some RFID clones.
—
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFAQB5OQDWTNSMROOMDGRSDZYMRD3AVCNFSM6AAAAABJCVXQTKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZVGI3DKMBWGY>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
Yup -- latest release has it. The paper came out recently and they had it built in even before the paper was presented. :) |
|
Thanks for your help, @jgoggan. I scanned a couple tonight and wrote one to a magic tag I had sitting around. I will have to try scanning it in the AMS tomorrow when a long print I have running ends. 
|
|
very nice to know, that we can dump all our Bambu RFID tags, but how i can use this dumps? I ordered CUID Gen 2 tags and i'm able to write an existing dump to this tag with the MCT. |
The ACL bits for the Bambu tags are 0x878787 by default. According to this decoder (https://slebe.dev/mifarecalc/), that means that neither key (A or B) has write permission to block 0 when you create a clone. So unless you managed to find a Gen 2 tag that actually enforces the ACL on block 0 (no idea if they exist or not), changing the ACL bits won't make a difference because they're already as write-restrictive as they can be, but the AMS is still overwriting it. Key A can write to the UID (block 0) regardless of the ACLs in my testing. Caveat: I've only tested this on the AMS Lite on the latest firmware. It's possible there was a way to use the common infinitely-rewritable Gen 2 tags in the past, or with the normal AMS unit. But currently it doesn't seem like that's an option now. |
I started a new issue [1] to specifically track/document cloning instructions. One of the things I listed there is to create a directory of existing tags. I'm ordering the equipment and tags to be able to help more. [1] - #54 |
and others
Sourcing right rfid tags can be hard so to make it easier for everyone please share your working/non working tags here.
Add following information:
LINK: https://lab401.com/products/mifare-compatible-1k-uid-modifiable-pack-of-5
STATUS: Not working
(Optional):
GENERATION: Gen 1
INFORMATION: Tag can be unlocked with command 0x40, therefore doesnt work with AMS
The text was updated successfully, but these errors were encountered: