Bricked xEM implant

Jason · April 22, 2019, 1:08am

Just installed the xEM implant into my right hand. Attempting to clone a HID card, and it appears that the implant is bricked. I have a proxmark3 rdev4, and have had no trouble cloning Mifare and HID cards up to this point. Any help would be appreciated as I don’t want to have to cut this out of my hand and install another one.

Thanks,
-Jason

bepiswriter · April 22, 2019, 1:20am

What happened? Is the Proxmark not recognizing it, or is a reader not recognizing it?

Jason · April 22, 2019, 1:37am

Proxmark can’t identify a modulation scheme, a lf search returns a nice sine wave on the graph, but no data

Jonshorter · October 17, 2019, 3:26pm

Did you manage to get it working again? My xEM (implanted) is showing a waveform on pm3 with the new proxLF antenna but the modulation cannot be recognised.

Jonshorter · October 17, 2019, 3:38pm

Fixed it with a lf t55xx write b 0 d 00088040 p AA55BBBB t

Then I was able to write HID config. Finished up with the following two, which now let me get the t55 info…

lf t55xx write b 1 d E0150A48 1
lf t55xx write b 2 d 2D782308 1

Jason · October 18, 2019, 8:22am

Lol, completely missed this comment! I deleted my last response as it must have been wrong in some way. I must’ve used that command in addition to the million steps I took… glad you found the fast way!

antac55 · December 29, 2019, 5:06am

I’m curious where I can find out more about the flags that are used in this command. is “p AA55BBBB” a password being set?

The reason I’m asking is I have an xEM implant and I tried to use the ELECHOUSE Proxmark 3 RDV2 with the less-than-optimal LF coil that came with it. I’m waiting for a proper coil in the mail that is tuned for these glass chips, but in the meantime I wanted to do more research into figuring out how to un-brick my glass chip and bring it back to the factory defaults it shipped with. I made the mistake of issuing a wipe command and then I applied the block 1 and block 2 command you posted above. It’s still locks up my proxmark whenever I try a “lf search” command or any basic command to read what is written on the chip.

I guess I’m just asking for some help or some links to educate myself better. I’ve tried the “Quirks of Cloning” forum post, but I’m still getting the same issue.

Jonshorter · December 29, 2019, 11:05am

http://www.proxmark.org/forum/viewtopic.php?id=6482

Have a read through this too. The p value was password set by white cheap Chinese cloner I now believe, though I don’t recall performing an intentional write with the cloner. You shouldnt need to use that switch.

Have a read of the data sheet too for the em chip, that will hopefully fill any gaps left after you’ve read the thread I pasted above. Let us know how you get on. I tried just about everything to get mine active again over several evenings, dont give up

antac55 · December 31, 2019, 5:14am

Turns out I hadn’t bricked it. I used the “lf t55xx read” command after doing “hw tune” and I didn’t realize I could get an analogue output on the oscilloscope while I moved the antennae around until I got the cleanest read possible with the worst possible antennae for the xEM. Once I had about an 85% success rate, I sent the clone command and it took.

I just wanted to thank you for telling me to keep at it. I was too eager and didn’t do my research. In the end, it forced me to read up on several websites until I had a better understanding of everything. Including your link. I’m kinda glad I got myself in this situation.