ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Decoding HID proximity cards

Updated on October 3, 2012

Do you manage a card-key system?

I do. And until recently, I've been buffaloed by being unable to integrate cards (and key fobs) from other systems into our own.

Well, I've recently learned how to do this, and I'm writing it up to share it with you. I hope it helps. When I went googling for information on this, I couldn't find anything useful.

The system I manage uses Ademco Passpoint Plus. I believe that Ademco was absorbed by Honeywell a while ago, and I've lately had trouble finding much Ademco branded information online.

Getting down and dirty - card codes in HEX

There are lots of different "formats" for these cards, but it seems that all the cards my system can detect produce a "card id" which is an 8-byte string. When I look at this in "raw format" it is show as 16 hex characters like this:

0123-4567-89AB-CDEF

The following information has been gleaned from observation and experimentation, and may be incorrect in some detail, but it is close enough for me to work with. If you have more or better information, please let me know so I can correct this post.

Digits 0 through 3 identify the "card type". Depending on the card type, the remaining digits are parceled out into various fields with cryptic names, like "RCM code" "facility code" and "card stamp". RCM codes and facility codes seem to exist solely to allow batches of related cards to be managed without having to manage all the bits that make up the total card code.

Card stamp is the last 4 or 5 hex digits; the 26-bit formats use 4, and the 34-bit formats use 5.

Facility Code, RCM code

The RCM code and facility code occupy varying parts of the remaining bits; some of the formats convert cleanly from hex to decimal and some I haven't figured out yet.

My system recognizes a number of card types including (with their corresponding values):

26 bit raw card image (0000)

26 bit Wiegand NCC (8101)

26 bit prox ncc (8201)

26 bit mag stripe ncc (8301)

34 bit raw ADEMCO prox (0000)

34 bit ADEMCO Prox NCC (8206)

ABA TRACK II Mag Stripe - format C (C000)

ABA TRACK II Mag Stripe - format D (D000)

ABA TRACK II Mag Stripe - format E (E000)

ABA TRACK II Mag Stripe - format F (F000)

EMPI-II Wiegand NCC (8105)

EMPI-II Prox NCC (8205)

EMPI-II Mag Stripe NCC (8305)

34 bit Northern Wiegand NCC (8107)

34 bit Northern Prox NCC (8207)

34 Bit Northern Mag Stripe NCC (8307)

Each card format has its own rules for what to do with the digits that aren't the "card stamp," but the card stamp seems to consistently be in the last 4 or 5 digits of the code.

My system also supports a "raw code image" format that lets you enter a RAW card code, so if you know a card's code but you can't decode the card format and other fields, you can still enter the card and manage it like any other card.

The images above are related; the raw card code "8206-EFFF-0000-FFFF" shown above is related to the details in the next image; the image shows a 34 bit ADEMCO Prox NCC (8206), with RCM code 14 (E) and Facility code 4095 (FFF). The third group of four digits is unused, and the card code/card stamp for this card is 65535 (FFFF), although it's not show in any of these images.

What do you do with an unknown card?

So you have a card from a foreign system, and you don't know the card type or any of the other fields you need to make it work. How do you get the information you need?

There are a number of choices depending on your situation. If your card key system includes an "enrollment reader" you can use that to swipe cards and automatically add them to your system. Unfortunately, my system does NOT have an enrollment reader, so I needed another solution.

In my Passpoint's "System Administration Options" menu (pull down "Config" and select "Admin") there is an option "Denial Override." When selected, it has two effects. First of all, this is dangerous to leave active for any period of time, because "Denial override" is what this does; any card swipe will open the door, even an unknown card... do don't leave this setting activated! The other effect it has, though, is to include the card code in the message log, so it's easy to capture the code for an unknown card.

So, to use an unknown card:

1) swipe it on a reader. If the reader doesn't beep, it is incompatible with the system.

2) on the Passpoint control station, set the "denial override" feature, and upload the changes to the MLB

3) swipe your unknown cards and record the card codes from the log

4) turn off "denial override" and upload the change to the MLB

5) create new card records for your unknown cards. If you can decode the card type and other fields, great. If not, just use the RAW card type, and put in the full card code reported when you had "denial override" active.

6) upload the new cards to the MLB, and test.

WooHoo!

Easy hex conversions

If you have trouble converting between decimal and hex in your head, there's a very simple tool already installed on most computers that will do this for you.

The calculator program included with MS Windows knows how to do base conversions. Rather than re-invent the wheel here, though, I'll refer you to

another article that covers this topic. I just wanted to mention it here, in case you as a reader were wondering where to get an easy hex-to-decimal converter, or vice versa.

If you've found this to be useful...

Please consider a donation to Rescue Animal Placements, an animal rescue organization that could really use your support, or your local animal shelter.

Your comments, please...

    0 of 8192 characters used
    Post Comment

    • profile image

      fatboy1271 7 months ago

      So the HID 1326 cards do beep on my system. I've entered the Facility Code that I was given; yet, when I try out the card WinDSX does not show anything at all on the screen regarding the card... If I use a FOB without a name attached it will show the card number. If I use a FOB that isn't programmed to a reader it will say Access Denied. These new 1326 cards don't kick back any messages.

    • profile image

      fatboy1271 7 months ago

      So it can be safely assumed that no beep absolutely means incompatible card?

    • profile image

      anonymous 3 years ago

      Thank you for posting this information. You saved me time and for that Sir you are awesome!

    • profile image

      Jeff 3 years ago

      Thanks, this helped me add the cards we had to order from Amazon since our security company wouldn't sell any to us since "our system is too old!"

    • mcs610 profile image
      Author

      mcs610 5 years ago

      @anonymous: So glad this was helpful. Maybe I should publish a separate guide for migrating off Passpoint, since it has been discontinued for so long!

    • profile image

      anonymous 5 years ago

      @mcs610: ^^ This just saved my life. I needed to export data to migrate to a totally new system, and you have revealed to me that "debug interactive" actually means "Open Query Builder"! All this time I didn't know. *sigh* Thank you!

    • mcs610 profile image
      Author

      mcs610 5 years ago

      @anonymous: In Passpoint, pull down "Tools" and select "Reporting."

      In the passpoint reporter, select the report "Cardholders (all)" and select the "debug interactive" mode. Click the "Run Report" button, which will open the MK Query Builder screen. Assuming you need the card codes in the export, in the data structure under "Cards" double-click on "CardCode" to add it to the field list. Now click the "Lightning bolt" icon to run the query. After the query runs, you'll see some of your results. One of the icons at the bottom is for "Export" ... click that, select the fields you want to export, then the format you want to export into (probably Excel DDE in your case), then click Export. Voila, a spreadsheet with your cardholders and their card codes. It sounds confusing without pictures, let me know if you need more details.

    • profile image

      anonymous 5 years ago

      We are changing out a passpoint system to a Keri door control since we can't get replacemnt parts for the honeywell system. we need to export the card data to an excel format to reenter the data in the Keri application. do you know how we can get this accomplished. jerry D. comtecsecurity@verizon.net

    • mcs610 profile image
      Author

      mcs610 5 years ago

      @anonymous: The *only* information in one of these prox cards is a serial number. All the data about what was done with the card is accumulated in the systems that read the serial number. You can't alter or erase the serial number that's burned into the chip. By bending a prox card you CAN make it stop working, by breaking the wire that's inside it. There's a coil of wire that goes almost along the perimeter of the card, when you wave it in front of a reader, a magnetic field in the reader induces current in the card, which powers the chip inside and lets it respond with its code.

    • profile image

      anonymous 5 years ago

      DigiOn24.com offers a prox encoder and cards that can be programmed and re-programmed as needed

    • profile image

      anonymous 5 years ago

      Can I erase the information on it or deactivate it with out a card reader/programmer? Eg* rubbing it against a strong magnet or bending/flexing it

    • mcs610 profile image
      Author

      mcs610 5 years ago

      @anonymous: An interesting concept, I hope they improve their site. There seems to be no pricing or availability information online.

    • profile image

      anonymous 5 years ago

      I have an old Northern system (very old!) when I swipe card on a reader attached to my PC I get " %E? " (minus the quotes of course)

      how can I decode this? I have another system that I have figured out and want to use same card for boths systems if I can figure out the Northern System

    • mcs610 profile image
      Author

      mcs610 5 years ago

      @anonymous: That's why you need to use a hex conversion tool, like the windows calculator. https://hubpages.com/education/base-conversions-wi...

    • profile image

      anonymous 5 years ago

      @mcs610: not change the code but the number which shown when we swap the card from the reader, it is usually decimal number... tks for comment

    • mcs610 profile image
      Author

      mcs610 5 years ago

      @anonymous: You cannot change the code on an HID cards/fobs/etc. This is hard-coded onto the chip when it's manufactured.

    • profile image

      anonymous 5 years ago

      hi.. there is any body know what kind software for HID reader that i can change the code.. to manage by my self, tks for kindness

    • profile image

      anonymous 7 years ago

      @anonymous: look in config -> system wide configuration -> priorities (this is a tab).

      Here you set the priority level for each message passpoint generates, and what to do with it (display, display and log, etc). You might want to look for message "acc deny ovr unkn" and "egr deny ovr unkn" to make sure they have some priority other than "none"

    • profile image

      anonymous 7 years ago

      @anonymous: here's the event view, see my admin options edited when i check denial override, then i swiped the card a few times and nothing appears.

      http://www.mediafire.com/?4hwz1b1uqx4zh47

    • profile image

      anonymous 7 years ago

      @anonymous: Yes, it shows Access Denied, whos name is on the card and date/time. where do i change logging options in passpoint plus?

    • profile image

      anonymous 7 years ago

      @anonymous: Does your real time log usually show denials? If not, you'll need to mess with the logging options to enable that.

      Have you enabled "Denial override" AND uploaded the changes to the MLB?

    • profile image

      anonymous 7 years ago

      real time log doesn't show the card code, reader does beep though when i swipe.

    • profile image

      anonymous 8 years ago

      Here is a thread I found with some good PassPoint info in it. Post number 18 explains the same method described here.

      http://discussions.hardwarecentral.com/showthread....

      It would be nice to find or form an active user group for tips and troubleshooting PassPoint issues.

    • mcs610 profile image
      Author

      mcs610 8 years ago

      [in reply to Mike] Thanks for letting me know this was useful to you. That's exactly why I wrote it, and I'm glad to know that even a year later, it's still helping someone here and there.

    • profile image

      anonymous 8 years ago

      You saved me a lot of time and frustration with adding some older cards to our system. THANKS!

    • profile image

      anonymous 9 years ago

      I can't tell you how much time this saved me. My cards actually came from our security company and getting assistance from them is like pulling teeth. Here are the specifics on the type card I had my problems with:

      Card Tech is 26 Bit Prox NNC.

      The raw code looks like:

      8201-0000-blah-blah

      the third and forth set are the keys.

      The Third set is the hex value for the facility code.

      The Forth set is the hex value for the card stamp.

      Never would have figured this out without your help. I'd treat you to a drink if I could.

    • mcs610 profile image
      Author

      mcs610 9 years ago

      I hope you found this useful. Let me know if there's anything I can add to help you more.

    • profile image

      anonymous 9 years ago

      Wow! Good Job! Thank you, thank you, thank you!!