Can a IsoDep / NfcA be copied to xEM

Hey guys,

I am just starting to get into rfid / nfc implants and would like to make sure I can actually copy the Tag I want to use.
As far as I understand I can read the UID like in any tag and the technologies are as shown in the image

Now the questions are, can I write this to the xEM and what tools do I need for it? Can I use the same tool I used to read them out?

Thanks and sorry if this is too basic for most

1 Like

xEM is LF - 125 kHz. You ain’t writing nothing in there with a cellphone alone, for starters. You need a Proxmark3 Easy or Proxmark3 RDV4.

Also, small suggestion: spend more than 1 minute researching the subject :slight_smile:



:slight_smile: but should these technologies or well this key be able to be copied to the xEM?

My problem was more that I read that only the xNT works with phones so I was confused to why my phone was able to read the tag on the key. Is should I then just play it on a xNT or can phones just read both HF and LF?

HF and LF transponders are apples and oranges.

And within the individual HF and LF families, there’s a whole slew of different, incompatible fruits also.

What you’re asking is whether a UID copied from a HF card will work in a LF transponder. This is the one thing that 110% guaranteed not to work: it’s like asking if you find a radio station on 102 MHz FM, will it work on 102 kHz short wave. Same number, completely different frequencies.

As for your HF tag and whether it can be copied on a xNT, well… depends. The screenshot you posted doesn’t tell much about what tag it is, in which system it’s used, how it’s used, for what purpose. If it’s a Mifare Ultralight and the system you intend to use it on only checks UIDs, you might get away with cloning it into a magic Mifare Classic. If it just reads a sector on the card, you can probably write the same sector into another Mifare Ultralight. If it checks the password, same thing. If it’s a DESFire, you’re SOL. If it’s a Mifare Classic and it does clever things like the Yale Doorman door lock does, you might be SOL…

It really depends on what you have and how it works, to know whether you can clone it. That’s why I said you need to do some research.

Phones only read NFC (HF) by the way - and not all phones can read all NFC chips.

Yeah also, if you want to identify the original tag better, use NXP TagInfo instead of NFC Tools.

Hi Bono

This is the app Rosco is talking about

NFC Tools is good, but sometimes struggles to correctly identify the chip.

Try your scan again, and if you are comfortable doing so, this is the info we are after

As Rosco pointed out, you are correct, you card is High Frequency (13.56MHz) which is why your phone can read it, therfore you can’t write it to a Low Frequency implant (125kHz). eg. xEM

Therefore you will be looking at HF implant options. xNT (including the NExT), xDF2 FlexDF, FlexDF2 , now is where it gets a little tricky, With these implants you can’t write the UID of your card onto these, but as Rosco explained above, you may be able to enroll them into your access system
(through the system administrator etc) this will depend on what your system is “looking” for to grant access.
Your other options are the “magic” implants, these are HF but with changable UIDs (NUIDs) which means, you can take your authorised card UID, and write this to the following implants, xM1, FlexM1gen1a FlexM1gen2 etc.


looking at your UID it is 7bytes, and these “magic” implants only have 4byte NUIDs.
SO, for these to be an option, your system would have to be looking for just the first 4 bytes of a UID and nothing else (this is quite unlikely)

What next for you?

From here, if you can share your TagInfo for your access card, we can point you toward your most likely option, but this will most likely also require you having to do some social engineering of the admin person to get your implant enrolled.

Hope this helps

1 Like

Thank you Rosco, I thought I had done some research but mainly found seemingly old forum posts. I will continue with my own research and you have been a great help.
To me its a very interessting field but I am very fresh and its hard to get a grasp of everything there is to to it.

1 Like

It can certainly be a bit to wrap your head around when starting out. Please do continue to ask questions as you do some more research, and if you can, it would be helpful to see the IC type as Pilgrimsmaster showed.

1 Like

Hey Guys, I have been doing some more reading up on the topic on the forum and got myself the app you linked. It was not able to determine the IC type but here are the screenshots.
While I was hoping to fake the UID I will try to get on the good side of the system admin. That will probably not work easily because of some security protocols but that just means it’s a new opportunity to try out some more social engineering.
I can only upload one screenshot so here is the info from the IC INFO tab:
IC manufacturer: EM Microelectronic-Marin SA
IC type: Unknown IC implementing ISO/IEC 14443-4