Glad to be here. I mostly lurk and keep up, but recently my desire to become wallet- and keyless got me to make the first move to get an xSIID LED and xMagic implanted.
I’ve been mostly happy with the result, and I’ve been able to successfully read and write to both implants.
However, I am struggling with my primary use case, which is to use the xMagix to open the entry lock to my apartment. The entry phone in use is an Assa Abloy Aptus Ringa 2707 Mifare.
The keys in use are MIFARE Classic 1k, NXP, as read by Mifare Classic Tool on my phone.
I’ve used the pm3 to clone this card to my xMagic, and my phone and pm3 reads the new UID correctly.
Despite all this, I am unable to get any type of response from the door lock. The lock will flash RED at unauthorized UID and GREEN with authorized. However, I am getting no response at all.
I’ve tested the sweet spots using both the RFID card, 13.56MHz keychain and a little loose “implant” with a white LED in it that I received. So I know where to scan. When moving around my implant on the housing, I can also see the green LED from my xSIID lighting up, so the reach should be sufficient.
I’d appreciate any input and feedback that might be used. I can also provide dumps and similar of the original fob, if this might help.
Additional info, I have previously cloned quite a few magic fobs from AliExpress, of both gen1a and gen2, which all seem to work fine. (I assume they’re gen1 since I couldn’t write using MCT, but had to use my NFC reader on PC)
It’s most likely a coupling issue, you might not be getting enough power through the metal casing. On the off chance it’s a config issue you might want to post those dumps and and I’ll throw in an @Equipter for good measure
Here is a screenshot of the tag info as seen in MCT, for the original fob.
Search command in pm3 yields this result on the original fob:
[+] UID: 0E C3 45 73
[+] ATQA: 00 04
[+] SAK: 08 
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Prng detection: weak
[#] Auth error
And attached here is the two dumps from pm3, both the original fob and the implant.
hf-mf-0EC34573-dump.zip (1.8 KB)
Ok so from what I can see you’ve made it perfectly 1-1 with the clone and there is no SAK Switching going on so that’s good.
My thoughts come down to two things. It could be the coupling as @Satur9 mentioned which raises the question of when was the implant put in, I personally call it a good two weeks post install before I start getting consistent coms for my usecases. Implants are much more fiddly than a keychain or card & learning to know the right positioning for daily use is part of becoming a cyborg
My other thought would be magic detection. Since your copy is 1-1 and you’re getting 0 feedback that may come from coupling or there may be Gen1A magic detection enabled on this system. We can test for this in a variety of ways but the easiest is to use a magic gen1a card that you should have recieved alongside your proxmark. If you write the credential dump onto the magic and try it against your reader & it doesn’t react it’s definitely magic detection as “ignore completely, give 0 interactive feedback” is pretty standard when it comes to magic detection.
Hope to see that this works out for you man!
Thanks for the suggestions.
Implant was installed about a month ago and works like a charm anywhere else.
Using another chip, which pm3 reports as having gen 1a capabilities, I am able to successfully get a read on the door panel, and it unlocks.
The part that confuses me the most is that my xSIID gets power enough to light up, which leads me to think the signal is good, yet there’s no read on the door panel.
Do we think the two chips could somehow be interfering? The xSIID is in L3, with the xMagic in L2. Could the door panel be trying to read data from the xSIID and somehow be ignoring the xMagic?
That seems a bit close yeah… if your xSIID is lighting up when attempting to get a read of your xMagic at this particular door reader then I’d say it’s a good chance there is interference or at a minimum there is power drain from the field that would impact read performance.
Yeah given the test card works id say this p much has to be it. Curious what happens if you stick some tinfoil over your xsiid
Is there any chance you can take the cover off one, and try reading directly on the antenna?
Where is the antenna?
Behind the plastic keypad?
Yeah, behind the plastic keypad.
I’m tried to disassemble, but it has one of those screws with anti-tampering pins in the middle. My iFixit and other tools do not seem to fit, but that was gonna be my next step, if I could not get feedback to solve the problem from these forums
I’ve really tried with keeping it at a distance, so I don’t think it’s that much of a problem. But at least I’m not the only one with that thought, so I’ll keep trying things out. Sounds like consensus is that the chip it self should be okay, and it’s a coupling issue in some capacity.
I may also try the readers at the other doors in the area, maybe they have a stronger antenna signal for some reason.