Cloning to XM1+ with proxmark 3 (SOLVED KINDA)

Support
1

Hi everyone, my landlords recently changed out our door and with it the lock.
I noticed they installed a lock that does NFC tags, so I asked them if I could use my implant, they gave me the go ahead, I added a regular tag to the thing and then dumped the content of the tag that works.
Now I’m trying to clone this to my xm1+, I am seeing the generally same instructions over and over but I’m not able to make it work.

When I try to use the hf mf recover 1 command on every write it’s either can’t select card or auth error.
I’m also seeing “multiple tags detected” a lot.

No Longer Relevant (I think)
Trying to change the UID failed a bunch and then at one point it said it failed but the UID was actually changed, now I’m trying to set the UID back to what it was and I can’t even get it to do that.

image
image527×169 4.07 KB

I’ve now been able to both change the UID back to the original image

and the one I need it to be:

image
image535×127 3.04 KB

Okay so after I did that wipe, I can’t seem to read it anymore. I only get the following outputs and my phone can’t detect it at all.

image
image503×102 2.82 KB

image
image480×105 1.96 KB

Update

Since someone might look at this thread in search of answers, I figured I’d update.

First of all, if you are using a proxmark 3 rdv 4 like me, keep the case on the antenna, for some reason I got SUBSTANTIALLY better reads with it on.

To undo the wipe issue that was created, I used the following command “hf mf cwipe”, that got it being recognized again.

As for the cloning itself, both the guides I linked are apparently not deprecated, I was instead recommended to use “hf mf cload” instead.

1 Like
2

You can’t just ask them if they can enroll your implant to their system?

3

the whole point of xm1s is to not have to enroll it, you should be able to change the credentials at will if you have the equipment on hand, which OP does

4

to me OP it seems like it snagged a miswrite and the coupling fell off halfway through, do hf mf cwipe and then try your hf mf csetuid 19566803 dont add the w on the end. that wipes the card and if you havent effectively written the ATQA and SAK it wont read as the card you want. it will pick up the fact a card is there but it wont be able to discern its a mifare classic. if you waanna hop over to the discord i can help you out some more

1 Like
5
  1. they don’t know how to enroll shit, they literally gave me the documentation master code and told me to go nuts (I mean, I’m paraphrasing)
  2. I figured it was easier to just enroll a proper tag used with that door and then clone it, I normally do my cloning using a linux distro, not my proxmark but I want to learn how to do it with my proxmark so I don’t HAVE to bring a linux laptop with me everywhere, as well as my windows one.
6

Yeah, I had to load a cached version of a proxmark.org thread and found the cwipe advice there, which HAS made it readable again but it all looks like this but still says it’s wiped at the end of it…

image
image568×802 11.2 KB

Now when I do hf search, it keeps getting hung up on this, even if the implant is nowhere near:
image

7

youre using the iceman repo yah?

8

image
image823×673 17.3 KB

I think so yeah.

9

yah thats good good

instead of doing hf search when you know you’re using 14a tags just use hf 14a info while hovering over the tag :}

10

image
image224×110 881 Bytes

Nada, it’s like it doesn’t know it’s a 14a chip.

11

not to keep pushing it but would you be able to join the discord? much easier to debug there :sweat_smile:

12

Oh fur sure, I didn’t know there WAS a discord, I’m part of a slack server.

13

:slight_smile:

ill catch you when you land and we can go over fixin this in there

14

I think I’m missing something lol

image

what check mark?

15

in the #rules channel :slight_smile:

16

at the bottom of the message shopuld be a little tick

17

@Equipter / @kaizokuj , can you post back the results on here as a record if you could be so kind please?
Better to have it saved here than lost in the bowels of the Discord server

:+1:t3: :

18

Yeah that’s where that text is from, I can’t see anything to press though.

image
image1303×885 105 KB

19

Screenshot_20210227-100806_Discord
Screenshot_20210227-100806_Discord1080×2005 225 KB

“react to the emoticon”

20

gettin it fixed now :}