Can Kantech ioProx Cards Be Cloned? (Honest Answer)
Kantech ioProx cards can be cloned. That is the direct answer. They operate at 125 kHz using a passive proximity protocol with no cryptographic layer, which means any reader device that can interrogate the RF field can capture the credential data stored on the card. American Key Cards supplies compatible ioProx credentials — the AKC ioProx-Compatible Clamshell Card — programmed from your facility code and card number, not copied from existing cards. If you are researching this question because you are trying to replace lost or damaged badges, or add cards to an existing ioProx system, the rest of this guide covers everything you need to know.
What Is Kantech ioProx and How Does It Work?
Kantech ioProx is a 125 kHz passive proximity credential format developed by Kantech, now part of Johnson Controls. It is used extensively across commercial office buildings, multi-tenant residential properties, and institutional facilities throughout North America — most commonly with Kantech’s EntraPass access control software.
Every ioProx credential — whether a clamshell card, a key tag, or a printable PVC card — contains a passive RFID transponder that wakes up when it enters the electromagnetic field of a compatible reader. The reader energizes the card, the card broadcasts its stored credential data, and the reader passes that data to the access controller as a Wiegand output.
The XSF Encoding System
What distinguishes ioProx from generic 26-bit proximity cards is Kantech’s XSF (eXtended Secure Format) encoding. Where standard H10301 26-bit Wiegand uses an 8-bit facility code (values 1–255) and a 16-bit card number (values 1–65,535), XSF uses a 64-bit credential structure that incorporates:
- Family Code — identifies the ioProx product family
- Facility Code — your site-specific code
- Card Number — the individual credential number
The result is a code space exceeding 4 billion unique values. This means that even if another site uses the same facility code as yours, the Family Code component ensures the credentials do not collide — a real advantage over standard 26-bit in large deployments.
Critically, every ioProx credential is dual-encoded: it transmits both the proprietary XSF data stream (for native ioProx readers) and a standard H10301 26-bit Wiegand output (for backward compatibility with non-ioProx readers). This is why ioProx cards work on both Kantech P225 / P325 readers and any other standard Wiegand 26-bit reader.
The OEM Kantech ioProx Card Line
The Kantech product catalog uses a consistent part numbering scheme. The most commonly searched credentials are:
| OEM Part Number | Form Factor | Notes |
|---|---|---|
P10SHL | Clamshell (non-printable) | Most common — standard wallet card in white polycarbonate shell |
P20WLM | Wristband/lanyard tag | For wearable credential applications |
P30DMG | ISO PVC printable card | Dye-sublimation printable surface |
P40KEY | Key fob / tag | Keyring-style credential |
P20DYE | Printable ISO card | Alternative printable variant |
P50DMG | Disc tag | Smaller disc form factor |
OEM Kantech cards are sold exclusively through Johnson Controls authorized distributors with minimum order requirements — typically 50 units. That distribution constraint is one of the main reasons buyers search for compatible alternatives.
Can ioProx Cards Be Cloned? (Technical Reality)
Yes. Kantech ioProx credentials are physically cloneable because they use 125 kHz passive proximity technology without cryptographic protection of any kind.
Here is what that means in practice:
How cloning works: A device such as a Proxmark3 — a widely available RFID research tool — can read the credential data from an ioProx card when held within a few inches of it. That data can then be written to a T5577 blank card, which is a multi-frequency programmable RFID transponder available online for a few dollars. The result is a card that transmits the same facility code and card number as the original.
What XSF does and does not do: The XSF encoding expands the credential code space and reduces inter-site collision risk, but it is not encryption. The data broadcast by the card over the RF interface is not cryptographically protected. A device that reads standard 125 kHz proximity cards can read XSF credentials.
Comparison to encrypted formats: For context, credentials such as HID iCLASS SE and MIFARE DESFire EV2/EV3 use AES encryption with mutual authentication between card and reader. These formats are not practically cloneable with any commercially available hardware as of this writing. Standard ioProx does not have that protection.
This is not a Kantech-specific limitation — it applies to the entire category of 125 kHz proximity credentials, including standard HID 26-bit H10301 cards and formats like Indala FlexPass 26-bit. All are susceptible to the same class of tools. The technology was designed in an era when the cloning hardware was not commercially accessible.
Compatible Cards vs. Cloned Cards: An Important Distinction
The term “cloning” gets used loosely, and it is worth being precise, because the distinction matters both legally and operationally.
A cloned card is an unauthorized copy of a specific, existing credential. It carries the exact facility code and card number of a real credential that was read without consent. The purpose is to gain access using someone else’s valid credential.
A compatible replacement card is a legitimately programmed credential ordered by the system owner. American Key Cards programs ioProx-compatible credentials to your facility code and card number range from scratch — the cards are not duplicates of any existing card. The process is the same as the OEM process: the credential data is written to the card during manufacture according to your specification.
This is the same distinction that exists between printing a counterfeit banknote and ordering a replacement check from your bank. The card specification is not secret — what makes a credential valid in your system is that the facility code and card number match the entries in your access control database, and that it was added by the authorized administrator.
AKC is not affiliated with Kantech or Johnson Controls. Our compatible cards are produced by specification, not reverse-engineered from OEM cards.
How to Identify ioProx Cards and Readers
If you are not certain whether your system uses ioProx, here are the reliable identifiers:
Reader identification: Kantech ioProx readers carry the Kantech logo and typically follow the P225, P225KP, P325, P325KPXSF, or P600 model numbering. The P325KPXSF designation specifically indicates an XSF-capable reader with keypad. If the reader model plate shows any of these, your cards are ioProx.
Card identification: OEM ioProx cards typically have the P10SHL, P40KEY, or other Kantech part number printed or embossed on the card. The facility code and card number are usually printed on the card face as a sequence of digits.
System software: If the system runs Kantech EntraPass (any edition — Standard, Corporate, Global, Go), it was designed for ioProx credentials by default, though it can also accept other Wiegand formats.
What Information Do You Need to Order Compatible Cards?
To order compatible ioProx credentials, you need:
- Facility code — the site-level code assigned when the system was installed. This is typically printed on existing cards or available from the original installer or the EntraPass software.
- Card number range — the sequential range you want on the new cards.
- Form factor — clamshell (
P10SHL-style), key tag (P40KEY-style), or printable card (P30DMG-style).
You do not need to provide Kantech with your purchase — American Key Cards supplies these cards directly. Visit our contact page to submit your order details.
When to Consider Upgrading Beyond 125 kHz
If your facility handles sensitive data, has compliance requirements, or has specific reason to be concerned about credential duplication, 125 kHz proximity technology — ioProx included — is not the right long-term answer.
Kantech EntraPass systems can be configured to work with 13.56 MHz smart card readers alongside existing ioProx infrastructure. Adding readers capable of handling encrypted credentials at higher-risk doors (server rooms, pharmacies, executive floors) is a practical phased approach.
The key point: the risk of 125 kHz credential cloning is real and the tooling is cheap, but the vast majority of commercial access deployments tolerate this risk because the attack requires physical proximity to an active card for several seconds — not trivial in practice. Your threat model determines whether that is acceptable.
Ordering Compatible Kantech ioProx Cards
American Key Cards supplies ioProx-compatible clamshell cards and key tags programmed to your facility code, with no minimum order requirement and no dealer account needed. Cards are produced to the same XSF + 26-bit dual-encoding specification used in OEM Kantech credentials and are drop-in compatible with all ioProx readers including the P225, P325, P325KPXSF, and P600.
To order or ask about your specific system, contact us here. Provide your facility code, card number range, quantity, and preferred form factor, and we will confirm availability and ship.
Frequently asked questions
Can Kantech ioProx cards be cloned?
Yes. ioProx credentials operate at 125 kHz with no cryptographic protection. Tools such as the Proxmark3 and compatible T5577 blank cards can read and reproduce an ioProx card's data. Kantech's XSF encoding expands the code space to over 4 billion values but does not add encryption, so it does not prevent physical duplication.
What is the difference between a cloned ioProx card and a compatible replacement card?
A cloned card is an unauthorized copy of a specific existing credential — it carries the exact facility code and card number of the original and is produced without the cardholder's knowledge or consent. A compatible replacement card from American Key Cards is a legitimately programmed credential ordered by the authorized system owner with their own facility code and card number range. The card is made to the same specification as the OEM, not copied from an existing card.
Does Kantech XSF format make ioProx cards more secure than standard 26-bit cards?
XSF (eXtended Secure Format) increases the credential code space to over 4 billion unique values by combining a Family Code, Facility Code, and Card Number in a 64-bit structure. This dramatically reduces the chance of credential collision across different sites. However, XSF does not add cryptographic protection — the data is still transmitted as a readable RF signal at 125 kHz, and can be duplicated with the same tools used to copy any standard proximity card.
What should I do if I need clone-resistant credentials on a Kantech system?
Kantech systems that support 13.56 MHz smart card readers (such as the HID multiCLASS SE or iCLASS SE readers wired to Kantech EntraPass panels) can use encrypted smart credentials that are not practically cloneable. If your current readers are ioProx-only, the practical path is to add a reader capable of handling encrypted credentials at the doors that require higher security.
