Kastle Systems Key Fobs & Cards: Why They're Hard to Replace

Who Kastle Systems Is and Why Spares Are Hard to Get

Kastle Systems is one of the largest managed physical-access providers in North America, operating cloud-connected access control primarily in commercial real estate — office towers, co-working spaces, and multi-tenant buildings. Unlike conventional systems where a building installs hardware and independently manages credentials, Kastle retains end-to-end control: the readers, the software platform, and the credential supply chain are all administered through Kastle's service contracts.

That model has operational advantages for building owners, but it creates a familiar friction point for tenants: when an employee loses a fob or a company onboards a batch of new staff, the request goes up through building management to Kastle. Lead times, per-unit fees, and minimum-order thresholds are dictated by the service agreement rather than by open-market pricing. For facilities teams with urgent headcount changes, that dependency can slow access provisioning considerably.

The underlying reason Kastle can maintain this model is the format itself. The Kastle Systems 32-bit format uses a proprietary data structure and parity scheme that is not publicly documented and is not served by the commodity 26-bit H10301 compatible cards available from general-purpose suppliers. Without knowing the exact field layout, a supplier cannot produce a working credential — which is precisely why compatible Kastle fobs have historically been unavailable outside of Kastle's own channel.

The 32-Bit Kastle Format: Facility Code, Card Number, and Issue Level

Kastle credentials operate at 125 kHz, the same carrier frequency used by the ubiquitous 26-bit Wiegand standard. That surface similarity is where the resemblance ends. The Kastle format is 32 bits wide and carries three functional data fields: a facility code that identifies the site or building, a card number that identifies the individual credential, and an Issue Level field that has no equivalent in standard proximity formats.

The Issue Level field is significant because it allows Kastle — and, by extension, the access controller — to differentiate between multiple credentials that share the same card number issued to the same person over time. When a fob is reported lost and a replacement is issued with an incremented issue level, the controller can be instructed to reject the prior credential without requiring a full card-number change across the access schedule. This is a useful administrative control in a managed-service environment where the provider, not the tenant, controls the back end.

Kastle-specific parity bits are appended to the data payload to validate transmission integrity. The parity scheme is not the straightforward even/odd parity of H10301; it is tailored to the 32-bit layout and will cause a reader to reject any credential where the parity calculation does not match. This is one of several reasons why simply programming a T5577 rewritable LF chip with a guessed bit pattern does not produce a working credential — the parity must be computed correctly against the actual facility code and card number values. Our guide to custom facility codes and proprietary formats covers how non-standard parity schemes fit into the broader landscape of 125 kHz credential engineering.

The format sits firmly in the 125 kHz LF proximity tier — there is no cryptographic authentication, no mutual challenge-response, and no encrypted channel between fob and reader. The security model is entirely dependent on format obscurity and the managed-service channel restricting credential supply.

Why Managed Access Makes Replacement Painful

The combination of a proprietary format and a closed supply chain is common across managed and cloud access platforms. Kastle is not unique in this regard — systems built around vendor-locked credentials include several other enterprise platforms where the lock brand controls both hardware and software. What distinguishes Kastle is market penetration: the platform is embedded across a very large number of Class A office buildings in major US metros, meaning the population of tenants affected by slow credential fulfilment is substantial.

Practically, the pain surfaces in a few recurring scenarios. A company subleases space and inherits access hardware without a direct Kastle service contract; replacement fobs require the primary leaseholder to initiate the order. A facilities manager needs to provision ten credentials for a new team that starts Monday; Kastle's standard turnaround operates on a longer schedule. An employee leaves, a fob goes missing, and the lost-credential reporting process triggers a multi-step administrative workflow. In each case, the tenant has no independent means to source a compatible spare.

This is why a correctly encoded compatible credential — one that carries the right facility code, card number, issue level, and parity — has genuine operational value. It is not a workaround; it is a supply-chain alternative for situations where the managed provider's fulfilment timeline does not match the tenant's operational need. Buildings and facilities teams with authority over their own access schedules can add and remove card numbers without involving Kastle, provided the credential itself is properly encoded to the format specification. Compare this to other proprietary long-format credentials such as Lenel 42-bit compatibles or Avigilon 56-bit compatibles, where the same principle applies: a correctly encoded credential works in the reader regardless of who manufactured the substrate.

How a Compatible Kastle Credential Is Encoded

Producing a working compatible Kastle fob requires three things: knowledge of the exact 32-bit field layout, the correct facility code for the target installation, and accurate computation of the Kastle parity. The substrate — the physical chip — is a T5577 or EM4305 LF rewritable transponder, both of which are industry-standard components used across the compatible-credential industry for 125 kHz formats. The chip itself is not special; what matters is the bit sequence written to it.

The facility code is installation-specific. Every Kastle-managed building is assigned its own facility code, and a credential encoded with the wrong facility code will be rejected by every reader on that site, even if the card number and parity are otherwise correct. This means a compatible supplier needs the customer's facility code to produce a working credential — it cannot be inferred from a sample fob without reading the raw data, and Security ID Systems requires the customer to supply it or provide an existing credential from which it can be extracted during the order process.

Card numbers are assigned sequentially or by the customer's choice within the range permitted by the field width. Issue level is typically set to match whatever value the building's access controller has enrolled — usually 1 for a first-issue credential. If you are replacing a lost fob, the building administrator will know what issue level the controller expects; if a new card number is being added fresh to the schedule, issue level 1 is standard. The process is straightforward for anyone who has managed a Wiegand-based access system before; the primary difference is the wider bit width and the proprietary parity. For context on how Kastle's approach compares to other less-common formats, our piece on compatible versus genuine access cards explains the technical and commercial distinctions clearly.

Once encoded, the credential is verified against test readers before shipping. A compatible Kastle fob presents identically to a genuine Kastle-issued credential from the reader's perspective: the reader decodes the 32-bit payload, forwards the Wiegand data to the controller, and the controller checks its access schedule. There is no reader-side mechanism to distinguish a credential by its physical origin.

Ordering a Compatible Kastle Fob or Card

Customers ordering compatible Kastle credentials need to supply the facility code and the card number or range of card numbers required. If you have an existing Kastle fob, the facility code can be read from the credential and confirmed before encoding begins. If you do not have a working sample, building management or your Kastle service contact can typically provide the facility code for your site — it is not a secret at the building level; it simply identifies your installation within the Kastle network.

Security ID Systems supplies compatible Kastle credentials in both clamshell card and key fob form factors. Both substrates use the same LF chip and carry identical encoded data; the choice is purely physical. Fobs are the more common issuance format for Kastle buildings, but cards are available for installations that use card readers at elevator landings or secondary entry points. Minimum order quantities and lead times are listed on the Kastle compatible credential product page.

If you are uncertain about your format or need help reading an existing credential, our access card format identification guide walks through the process for 125 kHz proximity credentials. Customers who have investigated and found that their building does not in fact use the Kastle 32-bit format — a not uncommon situation in buildings that have transitioned between access providers — can also browse comparable long-format proprietary compatibles, including Software House CCOTZ 37-bit, ADT 31-bit, and ATSW30 30-bit credentials, as well as newer cloud-managed platform compatibles such as Verkada compatible cards.

Security ID Systems is an independent manufacturer and supplier of compatible access-control credentials and is not affiliated with, authorized by, or endorsed by Kastle Systems.