Can I clone my College ID onto my NeXT implant

About 7 or so months ago I put the NExT chip in my hand with the idea that once my college ID comes I can clone the NFC tag onto the chip and be on my way. Now I have my ID, an NFC arcade card, and the ACR112U reader/writer, and exactly 0 idea what I’m doing.

I was sort of hoping that in the 14 years this has been going on there would be a nice copy/paste style solution, and maybe there is, but as of right now I’m way out of my field here. I’m not quite sure if its a matter of not finding anything because it doesn’t exist, or not finding anything because I don’t know what to search. I’m currently working on a mac, but in a few weeks I’ll be back to my windows desktop to try a few things out. The “Chips 101” video seems to be only for RFID, so not much help there, but again I might just be looking at things wrong.

After lots and lots of googling, I think some community help is what’s best. If anyone knows how to properly set up the reader on mac (or worst case scenario windows, I just wont be able to test it for a little bit) and how to copy cards, or at the very least give me a few pointers in terms of software and where to look, please let me know!!

First step is to ID this ID

can you scan your ID with TagIfo
then post your results here

Once we have that we can give you some more direction.

Without any more info, I can see you have 2 options, but I will wait until we know for sure.

Looks like I have a NXP Mifare DESFire EV1, ISO 14443-3A, Type A IsoDep

Looks like that’s all the ID information I can get, aside from 4KB storage

Good news, your college potentially has good security.

Bad news, if they are actually using the encryption capabilities of that chip then you probably can’t clone it.

If your college access control system is just using the UID then you might be able to persuade whoever runs it to enroll your NeXT instead.

1 Like

What about a Mifare Ultralight? Any hope for those or are the implants more made for the Classics?

If (and most access control systems do) they are looking at the UID then only a magic chip can have it’s UID changed.

If they are using the encryption facilities in the desfire (they might be, but it is rare) then you might be able to use a desfire implant instead.

So, there are possibilities (although they don’t use the NeXT I’m afraid). Your best bet seriously is to make friends with whoever runs the access control system and see if you can get them to enroll your NeXT.

2 Likes

Just make sure it scans first. My NeXT won’t activate the readers, or else I had security on board with Mr using my implant.

I can SOMETIMES use the RF wallet card from DT, and have my chip near it to make it go off. I would need a flex, or a better injection chip, but I gave up.

I put the chip in a bad spot for the door systems so maybe I’ll look into the magic chip and give that a try. How about software for poking around cards and chips? I have all the stock
ACR122 stuff on my windows computer, but can only read with it. I haven’t quite worked out cloning. Some cards don’t read, but after this I’m guessing its the security. And what about macs? Any tips?

You will probably want a proxmark3easy to read/write your cards and implants

1 Like

The Proxmark3 RDV4 is the gold standard for manipulating chips. However the Proxmark3 Easy is a lot cheaper and sufficient for everything you might need. Another option is a Chameleon but they are not currently capable of writing to a chip. They can be used to read and emulate up to 8 chips.

The Proxmark3 Easy can be used with pretty much any OS (including Android).

I am afraid I don’t know what options are available for you to login to a Mac using an implant.

Edited to add: I changed the title to reflect the topic (and make it less likely to be confused with implanted against my will.)

I don’t want to derail the thread but what are the differences between the RDV4 and the Easy?

The RDV4 has replaceable antennas with tuning circuitry included in the antenna rather than on the main board. This allows a variety of alternate antennas to be used, while the Easy has to put up with the tuning circuitry on the main board, so if you replace an antenna you have to replace it with one with substantially the same properties.

The RDV4 can also have Bluetooth and Battery modules added to it to make it easier to use in the field.

Some of the Proxmark3 Easy out there have less memory which makes it harder to use the current Iceman image on them. (This is not the case for the DT one).

There are at least 8 standalone modes that only work on the RDV4, and I expect that number to increase over time.

Finally there is the price. The RDV4 retails for over $300 while the Easy is under $100.

Welp looks like for now I’ll have to stick with basic programming with my iPhone. Not much can be done with it it looks like, but scanning my hand to play Mr. Roboto by Stix is still one hell of a party trick!

Just as a last note, are there any good videos to watch or articles to read for some general information on cloning? That Black Hats power point is a tad bit above my level with this stuff.

1 Like

Dangerous Things themselves has some good videos, although many are Proxmark-specific.

Chip Cloning 101

Cloning common 125KHz chips to the T5577

Cloning Mifare 1k “classic” chips to an xM1 with the Proxmark3

2 Likes

I did post a complete run through of cloning an HID to a T5577 (RFID not NFC) using a Proxmark3, so that might give you some idea what cloning is actually like…

1 Like

So if I’m reading everything right, a proxmark can do RFID and NCF in similar fashion? I know RFID and NFC are different frequencies and NFC tends to have more storage and use overall, but whats the difference in cloning and using the ID?

OK So very GENERALLY
When we talk about Low Frequency ( LF ) we are GENERALLY talking about 125kHz and GENERALLY the T5577 chip, This is an amazing little chip can can emulae MANY different modes and it can also have its UID changed, but you need a specific reader/WRITER to do this, GENERALLY it will be a Proxmark 3 and GENERALLY it will be a PM3 Easy. :pm3_easy: There are othe LF reader/writers like the Blue cloner :blue_cloner: and the dreaded white cloner, plus some others.

When we talk about High Frequency ( HF ) we are talking about 13.56MHz, which conveniently your phone uses also with NFC, There are more HF chip options, because there only a few that have changeable UIDS (NUIDs), xM1, FlexM1 which are very common out in the wild, the FlexM1gen2 can have it’s NUID changed with a phone or PM3 but the others will require a PM3, the Magic Mifare M1 is a great chip but they cant emulate other chip types.

The FlexMN is a HF Magic chip that can have its UID changed, and can emulate a number of other HF chips excluding the Magic Mifare M1.
The MagicNTAG (FlexMN) can have the UID changed with both phone with shell commands and PM3, with the PM3 being the safer option of the two.

Where an HF chip has an unchangeable UID, to be able use this on a particular compatiable system, it requires the UID to be enrolled; This is easy when you own or have access to the system, and a little more difficult when you don’t, as it may require some social engineering of the system administrator to enroll it.

Most HF chips can have NDEF written to them and some like the xDF2, FlexDF and FlexDF2 etc can also have applets written to them.

I hope this helps to answer your question…