276 Reply by mjf55

  • mjf55
  • Member
  • Offline
  • From: Raleigh, NC
  • Registered: 2017-06-01
  • Posts: 336

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

magnusjjj,
What version of xyzware are you working with.  I have been poking at v2.1.21.1  ( primarily to find the speed settings used so I can convert to Cura or Slic3r ) and have have a question for you on 2 things.
1- There is a variable that I can see declared, and is tested many times in different IF statements, but I cannot seem to find what sets it or where it is set.  The variable is "MettaWorldPeace".  In your efforts, can you please keep your eye open for it and see if you can find what or where it is set.
2- There is a function isKinpoUser() which pings 2 ip addresses.  172.21.39.108 and 172.21.39.191.   If it is successful, then the function returns true.  Perhaps this is some kind of a superuser.  Keep your eye open for this.

277 Reply by magnusjjj

  • magnusjjj
  • Member
  • Offline
  • Registered: 2017-08-23
  • Posts: 41

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

mjf55 wrote:

magnusjjj,
What version of xyzware are you working with.  I have been poking at v2.1.21.1  ( primarily to find the speed settings used so I can convert to Cura or Slic3r ) and have have a question for you on 2 things.
1- There is a variable that I can see declared, and is tested many times in different IF statements, but I cannot seem to find what sets it or where it is set.  The variable is "MettaWorldPeace".  In your efforts, can you please keep your eye open for it and see if you can find what or where it is set.
2- There is a function isKinpoUser() which pings 2 ip addresses.  172.21.39.108 and 172.21.39.191.   If it is successful, then the function returns true.  Perhaps this is some kind of a superuser.  Keep your eye open for this.

I have also seen it. I'll take a look at documenting what it does when I get back home.

I *think* the kinkpo user thing has to do with the xyzprinting drm dohickey for encrypted prints, but not sure, i'll dig into that as well smile.

278 Reply by mjf55

  • mjf55
  • Member
  • Offline
  • From: Raleigh, NC
  • Registered: 2017-06-01
  • Posts: 336

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

magnusjjj wrote:
mjf55 wrote:

magnusjjj,
What version of xyzware are you working with.  I have been poking at v2.1.21.1  ( primarily to find the speed settings used so I can convert to Cura or Slic3r ) and have have a question for you on 2 things.
1- There is a variable that I can see declared, and is tested many times in different IF statements, but I cannot seem to find what sets it or where it is set.  The variable is "MettaWorldPeace".  In your efforts, can you please keep your eye open for it and see if you can find what or where it is set.
2- There is a function isKinpoUser() which pings 2 ip addresses.  172.21.39.108 and 172.21.39.191.   If it is successful, then the function returns true.  Perhaps this is some kind of a superuser.  Keep your eye open for this.

I have also seen it. I'll take a look at documenting what it does when I get back home.

I *think* the kinkpo user thing has to do with the xyzprinting drm dohickey for encrypted prints, but not sure, i'll dig into that as well smile.

Lets start another thread to continue this work, ok?  This thread is a sticky.  Do you want to do it or should I?

279 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Argh..

So I haven´t had time to take some proper dumps of the eeprom until today, and of course when I try to do that while doing 20 other things at the same time i fuck up.. I used the same flashrom command every time and didn´t change the filename smile

Oh well, I've attached the file I got after two prints.
The printer says it´s got 298m left on the spool and the tag info is:
ID:    8D FA 42 2E
PACK:    2E 69
Serial: GBP0WTH5CB0435

As you can see in the screenshot the info about spools seems to start at 00001000
Before that it´s all ff´s and after that it´s all 00´s.
I´ve attached the dump if anyone wants the whole file.

This is from a printer running 1.0.6 firmware and a clean eeprom.

I can mention that the eeprom from my old printer with a newer firmware contains a whole lot more than just spools, but maybe that´s because it´s been connected on my wifi?



http://soliforum.com/i/?kABqcs8.png
http://soliforum.com/i/?wdQBfyS.png

280 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Btw..

Does anyone know why the printer says 300/200m?

I´ve always put 200m in the tag but this time I changed my arduino code to 300m after finding this in the thread:
Page  300m/300m
10,11 E0930400
20    E0930400
21    A8813654
22    F03FEECE
23    F26E4D76

Is there another page that I have to change too? (even with a empty eeprom it says 300 out of 200m 150%)

281 Reply by mjf55

  • mjf55
  • Member
  • Offline
  • From: Raleigh, NC
  • Registered: 2017-06-01
  • Posts: 336

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Daniel456 wrote:

Btw..

Does anyone know why the printer says 300/200m?

I´ve always put 200m in the tag but this time I changed my arduino code to 300m after finding this in the thread:
Page  300m/300m
10,11 E0930400
20    E0930400
21    A8813654
22    F03FEECE
23    F26E4D76

Is there another page that I have to change too? (even with a empty eeprom it says 300 out of 200m 150%)

First, has your baby come? 
Second, thanks for the data.

finally,
Odd, on my Jr (FW 2.2.7) I get 300/300.  here is a complete tag file that I used and worked.
0400E2AA
92784D81
79480000
E1101200
0103A00C
340300FE
00000000
00000000
5A505A00
0035344A
E0930400
E0930400
D2002D00
54484742
E09304FF
00000000
00000000
34000000
00000000
00000000
E0930400
A8813654
F03FEECE
F26E4D76
00000000
00000000
00000000
00000000
00000000
000000FF
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
000000BD
070000FF
80050000
395D6A2E
23710000

282 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

mjf55 wrote:
Daniel456 wrote:

Btw..

Does anyone know why the printer says 300/200m?

I´ve always put 200m in the tag but this time I changed my arduino code to 300m after finding this in the thread:
Page  300m/300m
10,11 E0930400
20    E0930400
21    A8813654
22    F03FEECE
23    F26E4D76

Is there another page that I have to change too? (even with a empty eeprom it says 300 out of 200m 150%)

First, has your baby come? 
Second, thanks for the data.

finally,
Odd, on my Jr (FW 2.2.7) I get 300/300.  here is a complete tag file that I used and worked.
0400E2AA
92784D81
79480000
E1101200
0103A00C
340300FE
00000000
00000000
5A505A00
0035344A
E0930400
E0930400
D2002D00
54484742
E09304FF
00000000
00000000
34000000
00000000
00000000
E0930400
A8813654
F03FEECE
F26E4D76
00000000
00000000
00000000
00000000
00000000
000000FF
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
000000BD
070000FF
80050000
395D6A2E
23710000

Nope, no baby yet, 2 days more until the calculated date, but she is starting to have alot of strange activity in the last couple of days that she remembers from our first child.

Is the data of any use or do you need more?

Thanks, I'll use your data on one of my tags and see what happens.

Maybe it´s a firmware thing?, maybe XYZPrinting didn't have 300m spools when the Mini was released?, I'll try the tag on the other printer too before I try something else, but right now I'm gonna go and do some hacking on one of our cars, hoping for another 20 or so bhp extra smile

283 Reply by mjf55

  • mjf55
  • Member
  • Offline
  • From: Raleigh, NC
  • Registered: 2017-06-01
  • Posts: 336

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

They still don't have 300M spools to my knowledge. 
Your data is interesting, as I can see the spool sn, and what LOOKS like a UID, but does not match what you said.   I plan to look at it more later.

284 Reply by Bozotclown1970

  • Bozotclown1970
  • Bozotclown1970
  • Member
  • Offline
  • From: USA
  • Registered: 2016-01-05
  • Posts: 1,516

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

mjf55 wrote:
Daniel456 wrote:

Btw..

Does anyone know why the printer says 300/200m?

I´ve always put 200m in the tag but this time I changed my arduino code to 300m after finding this in the thread:
Page  300m/300m
10,11 E0930400
20    E0930400
21    A8813654
22    F03FEECE
23    F26E4D76

Is there another page that I have to change too? (even with a empty eeprom it says 300 out of 200m 150%)

First, has your baby come? 
Second, thanks for the data.

finally,
Odd, on my Jr (FW 2.2.7) I get 300/300.  here is a complete tag file that I used and worked.
0400E2AA
92784D81
79480000
E1101200
0103A00C
340300FE
00000000
00000000
5A505A00
0035344A
E0930400
E0930400
D2002D00
54484742
E09304FF
00000000
00000000
34000000
00000000
00000000
E0930400
A8813654
F03FEECE
F26E4D76
00000000
00000000
00000000
00000000
00000000
000000FF
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
00000000
000000BD
070000FF
80050000
395D6A2E
23710000


When I enter this data into my program and update my EMU Tag. Page 00 last byte gets automatically changed to a "6E". Not sure, but I believe this is some sort of check byte for the UID.

http://soliforum.com/i/?8FZAHo7.jpg

285 Reply by Bozotclown1970

  • Bozotclown1970
  • Bozotclown1970
  • Member
  • Offline
  • From: USA
  • Registered: 2016-01-05
  • Posts: 1,516

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

OK, I am not 100% sure, but I believe the length is represented in the bytes that are circled. I was not able to find that tag UID information though.



http://soliforum.com/i/?3SsaGGQ.png

286 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Bozotclown1970 wrote:

OK, I am not 100% sure, but I believe the length is represented in the bytes that are circled. I was not able to find that tag UID information though.



http://soliforum.com/i/?3SsaGGQ.png


Sorry, that´s my bad.. I mixed up the ID and Key..
This is the correct information about the tag I used:

ID:    04 7D A2 2A 9A 3D 81
KEY:    8D FA 42 2E
PACK:    2E 69
Serial: GBP0WTH5CB0435

The ID above comes from the Arduino-program I use, the Key is from sniffing the I2C and the PACK is from some android-program I used a year ago to check if the keys worked.
The serial is what XYZWare says.

Do you want me to do some more prints and dumps of the eeprom?
If so, how many prints and how many tags do you want me to print?

I could do some prints for work that uses about 10m each with different tags if it helps?

Has anyone got any idea about all the stuff in the eeprom from the old printer?

287 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Daniel456 wrote:
Bozotclown1970 wrote:

OK, I am not 100% sure, but I believe the length is represented in the bytes that are circled. I was not able to find that tag UID information though.



http://soliforum.com/i/?3SsaGGQ.png


Sorry, that´s my bad.. I mixed up the ID and Key..
This is the correct information about the tag I used:

ID:    04 7D A2 2A 9A 3D 81
KEY:    8D FA 42 2E
PACK:    2E 69
Serial: GBP0WTH5CB0435

The ID above comes from the Arduino-program I use, the Key is from sniffing the I2C and the PACK is from some android-program I used a year ago to check if the keys worked.
The serial is what XYZWare says.

Do you want me to do some more prints and dumps of the eeprom?
If so, how many prints and how many tags do you want me to print?

I could do some prints for work that uses about 10m each with different tags if it helps?

Has anyone got any idea about all the stuff in the eeprom from the old printer?

And of course I just saw that the ID is wrong again..
The Arduino software says  UID Value: 0x04 0x7D 0xA2 0x2A 0x9A 0x3D 0x81

But the first two pages are:
PAGE 00: 04 7D A2 53  .}¢S
PAGE 01: 2A 9A 3D 81  *š=�

So it´s a bug since the last byte on page 00 is missing in the UID above..

So the real UID should be 0x04 0x7D 0xA2 0x53 0x2A 0x9A 0x3D 0x81, right?

288 Reply by mjf55 (edited by mjf55 2017-08-31 14:36:54)

  • mjf55
  • Member
  • Offline
  • From: Raleigh, NC
  • Registered: 2017-06-01
  • Posts: 336

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

I think is right.  The UID is 7 bytes.  Page 0, byte 3 ( counting left to right, zero based ) is not part of the UID but as Mr. Clown says, may be a check byte.

No bug.  Works that way

Edit:
You are correct in the remaining byte count. That works out to be 298957 mm left.

So it looks like the spool serial number, the 7 bytes if UID and the remaining count.

Instead of another print on the same spool, can you load a new spool and do a dump?

289 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

HA!

I´ve spent an hour trying to figure out why I have written down the wrong Serial on all my tags..

Now I just noticed that the error I made was always in the 5th character in the serial, wich I now noticed changes when I change the color of the tag..

Is this something that was known already?

290 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

mjf55 wrote:

I think is right.  The UID is 7 bytes.  Page 0, byte 3 ( counting left to right, zero based ) is not part of the UID but as Mr. Clown says, may be a check byte.

No bug.  Works that way

Edit:
You are correct in the remaining byte count. That works out to be 298957 mm left I. The spool

So it looks like the spool serial number, the 7 bytes if UID and the remaining count.

Instead of another print on the same spool, can you load a new spool and do a dump?

Sure, I´ll do a fast print and upload a new dump in 20 minutes or so

291 Reply by Bozotclown1970

  • Bozotclown1970
  • Bozotclown1970
  • Member
  • Offline
  • From: USA
  • Registered: 2016-01-05
  • Posts: 1,516

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Daniel456 wrote:
mjf55 wrote:

I think is right.  The UID is 7 bytes.  Page 0, byte 3 ( counting left to right, zero based ) is not part of the UID but as Mr. Clown says, may be a check byte.

No bug.  Works that way

Edit:
You are correct in the remaining byte count. That works out to be 298957 mm left I. The spool

So it looks like the spool serial number, the 7 bytes if UID and the remaining count.

Instead of another print on the same spool, can you load a new spool and do a dump?

Sure, I´ll do a fast print and upload a new dump in 20 minutes or so


How big would a complete dump be. Would it be possible to zip it up and email it?

292 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

I´m sure this has been asked and answered before but this (and the other) threads are a bit to long to read though to find the answer sad

Can you use any new NTAG213 tags you can find on ebay or do you need the expensive ones if you want to make your own tags?

293 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Bozotclown1970 wrote:
Daniel456 wrote:
mjf55 wrote:

I think is right.  The UID is 7 bytes.  Page 0, byte 3 ( counting left to right, zero based ) is not part of the UID but as Mr. Clown says, may be a check byte.

No bug.  Works that way

Edit:
You are correct in the remaining byte count. That works out to be 298957 mm left I. The spool

So it looks like the spool serial number, the 7 bytes if UID and the remaining count.

Instead of another print on the same spool, can you load a new spool and do a dump?

Sure, I´ll do a fast print and upload a new dump in 20 minutes or so


How big would a complete dump be. Would it be possible to zip it up and email it?

It´s a 4MByte eeprom but since it´s mostly FF´s and 00´s it a 3KByte RAR file smile

I meant to attach the first file to a previous post but I must have missed to click on the "Add file" button after I selected the file sad

I have attached both files to this post instead.

The info about the 2nd tag I used is as follows:
KEY = F9 10 0B C4
ID = 0x04 0xE2 0x96 0x8A 0x3E 0x4D 0x80
PACK = DD 77
SERIAL = GBP3UCA67R0769
Clear Blue
87m left

http://soliforum.com/i/?1yMfB82.png

Post's attachments

2-prints.rar 2.18 kb, 12 downloads since 2017-08-30 

3-prints.rar 2.23 kb, 8 downloads since 2017-08-30 

You don't have the permssions to download the attachments of this post.

294 Reply by Bozotclown1970

  • Bozotclown1970
  • Bozotclown1970
  • Member
  • Offline
  • From: USA
  • Registered: 2016-01-05
  • Posts: 1,516

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Daniel456 wrote:
Daniel456 wrote:
Bozotclown1970 wrote:

OK, I am not 100% sure, but I believe the length is represented in the bytes that are circled. I was not able to find that tag UID information though.


Sorry, that´s my bad.. I mixed up the ID and Key..
This is the correct information about the tag I used:

ID:    04 7D A2 2A 9A 3D 81
KEY:    8D FA 42 2E
PACK:    2E 69
Serial: GBP0WTH5CB0435

The ID above comes from the Arduino-program I use, the Key is from sniffing the I2C and the PACK is from some android-program I used a year ago to check if the keys worked.
The serial is what XYZWare says.

Do you want me to do some more prints and dumps of the eeprom?
If so, how many prints and how many tags do you want me to print?

I could do some prints for work that uses about 10m each with different tags if it helps?

Has anyone got any idea about all the stuff in the eeprom from the old printer?

And of course I just saw that the ID is wrong again..
The Arduino software says  UID Value: 0x04 0x7D 0xA2 0x2A 0x9A 0x3D 0x81

But the first two pages are:
PAGE 00: 04 7D A2 53  .}¢S
PAGE 01: 2A 9A 3D 81  *š=�

So it´s a bug since the last byte on page 00 is missing in the UID above..

So the real UID should be 0x04 0x7D 0xA2 0x53 0x2A 0x9A 0x3D 0x81, right?


Now this makes a lot more sense. Check out the UID.




http://soliforum.com/i/?GnkuZUP.png

295 Reply by mjf55

  • mjf55
  • Member
  • Offline
  • From: Raleigh, NC
  • Registered: 2017-06-01
  • Posts: 336

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Daniel456 wrote:

I´m sure this has been asked and answered before but this (and the other) threads are a bit to long to read though to find the answer sad

Can you use any new NTAG213 tags you can find on ebay or do you need the expensive ones if you want to make your own tags?

Yeah, Its been asked.  You cannot use any NTAG213 because we do not know how to generate the Password / Pack Code.  We know it is partially based on the UID, but have not figured it out.  That is ONE reason for getting the PACK CODE data back, the hope that it can be discovered.  BUT, I do not think anyone is working it.

296 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Bozotclown1970 wrote:

Now this makes a lot more sense. Check out the UID.


http://soliforum.com/i/?GnkuZUP.png

Yeah, sorry for the mistakes but I haven´t made my notes to share, and once I was "done" with the eeprom-resetting and Arduino-ntag-resetting I just put all my notes, samples and files in a folder somewhere and haven´t given it much thought, and that was in november last year so it´s been a while, I didn´t even remember which old Android phone I had the software installed on so I had to try out a couple of phones until I found it smile

297 Reply by mjf55

  • mjf55
  • Member
  • Offline
  • From: Raleigh, NC
  • Registered: 2017-06-01
  • Posts: 336

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

So it looks to me that the 3prints.rom contain 2 different spools ( complete with spool sn. UID and remaining filament. ) while 2prints.rom only contain 1.
Scanning thru the files, it APPEARS that only addresses 0x1000 thru 0x1AFF would contain the tag info.  That is only based on this limited info, and seeing 0xFF in all other address locations.

So, jumping to conclusions, B00 is 2816 bytes, if each tag uses 28 bytes, that is enough for about  100 tags.

Im probably wrong.

298 Reply by Bozotclown1970

  • Bozotclown1970
  • Bozotclown1970
  • Member
  • Offline
  • From: USA
  • Registered: 2016-01-05
  • Posts: 1,516

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

mjf55 wrote:
Daniel456 wrote:

I´m sure this has been asked and answered before but this (and the other) threads are a bit to long to read though to find the answer sad

Can you use any new NTAG213 tags you can find on ebay or do you need the expensive ones if you want to make your own tags?

Yeah, Its been asked.  You cannot use any NTAG213 because we do not know how to generate the Password / Pack Code.  We know it is partially based on the UID, but have not figured it out.  That is ONE reason for getting the PACK CODE data back, the hope that it can be discovered.  BUT, I do not think anyone is working it.


Definitely will not work. I have some tags here and I tried everything but could not generate the pack code. Don't waste your time or money.

299 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

mjf55 wrote:

So it looks to me that the 3prints.rom contain 2 different spools ( complete with spool sn. UID and remaining filament. ) while 2prints.rom only contain 1.
Scanning thru the files, it APPEARS that only addresses 0x1000 thru 0x1AFF would contain the tag info.  That is only based on this limited info, and seeing 0xFF in all other address locations.

So, jumping to conclusions, B00 is 2816 bytes, if each tag uses 28 bytes, that is enough for about  100 tags.

Im probably wrong.

You are correct, my thought was to make one dump after each print, but since the printer only changes the current data for each spool that was pointless, so when I did the 3rd print it was with another tag, thus 3-prints = 3 prints with 2 tags.

What would happens if I changed the first pages in the tag that is the UID?
Would the printer think that is another tag or would it figure out the UID is fake since the key and pack is the same?

Otherwise I "could" change page 00 and 01 a hundred times and see what happens?
"could" = if I get the time to do it, I´ve got a bunch of work to do and I´ll probably get other things to do in a couple of days too...

I could check tomorrow if the printer adds the tag to the eeprom directly when it´s found or if it only does that after the first print, if it´s added directly it wouldn´t take too long to add 100 tags.

300 Reply by Daniel456

  • Daniel456
  • Member
  • Offline
  • Registered: 2017-08-21
  • Posts: 54

Re: XYZ Printing Da Vinci Jr (w) / Da Vinci Mini (w) Hacking

Bozotclown1970 wrote:
mjf55 wrote:
Daniel456 wrote:

I´m sure this has been asked and answered before but this (and the other) threads are a bit to long to read though to find the answer sad

Can you use any new NTAG213 tags you can find on ebay or do you need the expensive ones if you want to make your own tags?

Yeah, Its been asked.  You cannot use any NTAG213 because we do not know how to generate the Password / Pack Code.  We know it is partially based on the UID, but have not figured it out.  That is ONE reason for getting the PACK CODE data back, the hope that it can be discovered.  BUT, I do not think anyone is working it.


Definitely will not work. I have some tags here and I tried everything but could not generate the pack code. Don't waste your time or money.

Ok, I thought might work with those special "blank" tags on ebay?
I´ve used those for door-locks before but now I´ve forgotten what exactly the "blank" part is smile, I think it was the UID that had to be changed to copy the original tags.