I live in an apartment building that uses both low-frequency (LF) and high-frequency (HF) readers for different access points. All of the common area readers, such as those for accessing the main entrance, the elevator, garage, and the lounge, use low-frequency T5577-compatible readers. The front door to my apartment, however, uses a high-frequency reader.
After extensive testing, I’ve determined that my front door reader checks if the tag is a Gen 1 MIFARE tag and rejects it if it is. Just to be sure, I purchased a Gen 2 MIFARE card and successfully cloned the HF chip in my fob (which contains both LF and HF chips so it can be used at all access points), and it was able to unlock my front door.
I noticed that the HF chip used in the xMagic implant is a Gen 1 MIFARE, which wouldn’t work due to the checks at my front door. Are there any other dual-frequency implant options that would allow me to clone the T5577 alongside a Gen 2 mifare chip? Like taking the chip in the gen 2 XM1 and using that one in the xMagic implant instead?
You’re in luck… we are working on a gen2 xMagic product now. The ETA is 2-3 months depending on factory run schedules. If you don’t want to wait, you could get an xEM and xM1 (gen2)
I dont mind waiting. Is there a mailing list or anything i can sign up for that will notify me when it becomes available?
Also, just out of curiosity, is it at all possible to lock down a gen1a chip once the correct data is loaded onto it? Maybe by setting certain access bits? Or just disabling the backdoor command altogether?
I’m not too sure about locking down the gen1a, but joining the DT Club would be the fastest way to find out about a new product. Projects and products are often announced first in there before a public announcement. Can also see some cool behind the scenes stuff! https://forum.dangerousthings.com/s/prod_JJbwYnKz0T5Z9h
Hah! We should have some first run production batches from the factory being delivered tomorrow! Once we test and verify we’ll get them on the store asap.
So I got the gen2 variant implanted a couple of days ago, and got the hf chip cloned, but Im honestly at a loss on what to do about the lf chip.
The issue Im having is that the implant is showing up as an EM-Micro EM4100 on both my proxmark and flipper, which Im pretty sure doesn’t offer any way to write to it, since its a read-only chip.
I guess im just confused about how Im supposed to clone another tag to it if its already currently set up as a chip that is widely understood to be read-only. Is there some underlying or backdoor command that im missing that can force-clone a different type of tag onto it? Im hoping thats the case, because Ive always just assumed that the proxmark firmware exposes which commands are available for the user to execute based on the type of chip that you are working with, which would mean having a read-only chip would mean proxmark wouldnt expose any write commands, making it impossible to change it at all.
If anyone could offer some clarity on this for me, it would be very much appreciated. Thanks!
It comes preloaded as EM4100, you can write “any” other LF mode you like.
Try it with your flipper.
There should be some examples in your library,
Let me know if you need a further hand.
I would suggest it would be better to wait the full 2 weeks before writing, it’s unlikely you’ll tear info writing, but possible.
Pilgrim is correct. Don’t panic. You can set the LF chip to pretty much whatever you like. An EM is just what it comes as. I have 2 and both of mine are set as HID.
I have a flipper and proxmark3 Easy, so really im cool with whatever one will do the job.
The flipper reads both lf and hf chips in the implant very easily, and it cloned the nfc chip in my fob into the implant immediately, but every time i try to clone the lf chip in my fob to the implant the flipper just stays on the screen that shows when its searching for a compatible chip to write to. I assumed this was because the flipper was only finding a chip that is emulating as a read-only chip so the flipper doesnt even make an attempt to write to it.
Writing is a little more difficult than reading, so if you can read but not write, I would suggest you are not too far off.
Just wait and heal a little more.
The Fob that you can read with your flipper, are you saving that to the flipper?
If so I would suggest you could try (but should still wait, but you wont, because nobody does)
Read fob
Save fob
Read xMagic (RFID=LF)
DONT MOVE
Write saved fob
This SHOULD work, if it doesn’t, then this is your next step
The easiest way to get a successful write is to find a position where your device (flipper or proxmark) can easily read it. Get a couple reads in a row without moving your implant at all in between to make sure you’re locked in to a sweet spot, then try writing.
