I’m a proud new owner of a NExT, and I’ve had a lot of fun with the HF side of things so far. I am hoping to enroll myself in the access control system at work (and have the security dept’s full blessing), but I find myself needing to change the mode of the LF side of my implant from the factory EM41xx mode to HID Prox mode. Having a specific ID is not as important since I have the opportunity to enroll a fresh tag — no cloning necessary (though I do have an existing badge, so cloning is an option).
I’ve read through threads praising and later advising against the “blue cloner” (and I see that the “trusted” model is no longer available on the DT store). I have also read thru instructions for the Proxmark, but I see that the “easy” model available from DT is not compatible with the ProxLF antenna and have read that positioning is tricky without it. And the RDV4 is… Expensive.
So, my question: What is the community’s current preferred or “best practices” way to write to an X-series LF tag? I’d like to minimize the risk of page tearing as much as is sensible… I would hate to brick the LF side of the tag, since that was most of my motivation to get the tag. Or, am I bring too paranoid, and will I be able to take care of this with the Proxmark 3 if I’m careful and have a steady hand?
I don’t know very much about the T5577 so somebody else will have to help you out with that.
A Easy with a DIY antenna you can make for quite cheap (if you are handy with that stuff) would probably be a good substitute for the ProxLF antenna. @amal by the way there seems to be untapped market for the easy LF antenna there. Better add it to the list of awesome things to (maybe) make happen (someday)
I did a clone on my next with the proxmark easy without the special antenna. My technique was to balance the reader on top of my hand, reader down, and make sure that I could get consistent reads without it moving or anything. Then I just went for it.
A fresh tag / new ID you would need a Proxmark, but to simply clone an existing card, a “Blue Cloner” will be all you need.
That is a bummer, hopefully Amal sees this post and has an answer for you if they are getting restocked…
The DT model is the only one I have seen that does AWID mode, but other than that if you buy one from anywhere else, It SHOULD do EM and HID.
If you do this, I would recommend Roscos mod for reading/writing, it will increase the performance.
I’m sure during your thorough research, you found out that the blue cloner writes a password to your chip, it is only a minor inconvenience compared with the ease of use, especially if you only want to toggle between modes that the blue cloner is capable of, but if you want to change to another mode or remove the password, you will need a PM3.
The PM3 easy, is a “better” tool than the blue cloner, and although the PM3 Easy would definitely benefit from a custom LF antenna like @anon7067117 said, it can still read and write with the factory antenna if you take your time to get the positioning correct like @MTFT said
I used the pm3 easy to change my xem to my work badge (not em400, don’t remember what it was rn). Just held the edge of the circular LF antenna perpendicular to my chip while writing, may take 2 tries but it works.
In a super similar boat!. First time posting here, and glad I saw this. Just had a Spark 2 and NExT implanted last Wednesday and was looking for a way to do this, the RDV4 is definitely kind of expensive for what it is. Might try the Promark 3 Easy w/ the DIY antenna, thanks for suggesting that @anon7067117
While I haven’t tried a Proxmark3 RDV4, or a diy antenna on my Proxmark3 Easy, (and I don’t have any implants) I would strongly suggest trying reading at least with a regular proxmark3 easy before replacing the antenna. That way you will be familiar with the software and know that the hardware works.
Can I ask you to ponder something. With the PM3’s you sell would it be worth taking the 60seconds to remove the middle boards as it serves no purpose and obscures the HF antenna traces.
I thought about it… but… it ends up being a lot of work that could very easily be done by the customer… it actually takes more than 60 seconds per unit and the parts left to use for this purpose aren’t exactly perfect fit… so it’s wishy washy if I want to take a low margin thing and spend even more time on it… but I have thought about it.
I got my badge cloned first try with the PM3 Easy! No custom antenna needed. Fwiw I get great read on the LF side with the easy’s built in antenna, but the HF reads/writes are a lot more picky.