Emulation and hacking on the VivoKey chip?


#1

Heyo! I just got an xEM implanted, and I absolutely love it. I’m really excited to eventually get a 13.56MHz chip, and the VivoKey sounds awesome - a Turing complete computer in my body! A little bit of research in advance:

  1. Can the VivoKey emulate a standard NFC card, or is that a totally different and incompatible protocol? Could I write an applet to put it in “NFC mode”? A random-gif server? :slight_smile:

  2. Is there a card with the same chip that’s going in the VivoKey? Before I got my xEM, I bought a couple ATA5577 cards and made sure I knew my way around before I got the implant. Is there an equivalent for the VivoKey?

  3. Is the VivoKey locked to Fidesmo, or can I use generic tooling to upload and run applets on it?

Thanks so much!


#2

We have a VivoKey NDEF applet that acts like an NFC Type 4 selectable AID that can be deployed in 1k, 2k, 4k, 8k, 16k, and 32k data container sizes.

Not yet… Fidesmo was planning on updating their cards from the P40 chip to the P60, but have not yet done so. Still, you can pretty much dev most things on a P40 if you stick to the Java Card 2.2.2 SDK… those applets will run on VivoKey’s P60 chip no problem.

No… we are the only partner that has negotiated a deal with Fidesmo to allow “factory reset”. This would forever decouple your chip from Fidesmo and hand over master keys to you. The method for doing this is not yet devised, and it will very likely require you remove all applets and data deployed to the Flex One… so basically a destructive, one-way process… but it is in the works to allow you to do this.


#3

– edit –
I must have written my answer without refreshing the page, as I didn’t see Amal’s response before mine :slight_smile:. I don’t think I contradicted anything he said, but is so, please disregard my response.

–original–
The exact sub-module specs for the Smart MX2 Chip in the VivoKey are not public, but the https://www.nxp.com/docs/en/data-sheet/P60D145_SDS.pdf data sheet should be very close.

This depends on what you mean by “standard”. But, based on the specs, the VivoKey Flex One should be able to emulate either a Mifare Classic or Mifare DESFire EV1 chip. The Fidesmo platform also seems to support endpoint configuration for interacting with the chip as if it were a MiFare Classic. It looks like you could write an applet to emulate one of these chips, then deploy/select it using Fidesmo’s platform.

I don’t know of any cards with the exact same chip, but Fidesmo sells reference cards with a similar SmartMX chip. Anything that runs on their reference card should work with VK, but the reverse may not be true. You can order their card from http://shop.fidesmo.com/product/fidesmo-card (and sign up for a developer account).

The VK One will come pre-configured to work with Fidesmo’s ecosystem. It seems that users will be able “uninstall” the Fidesmo integration with a one-way, irreversible process. This would allow you to write and deploy JavaCard applets directly to the VK, but you would lose the ability to distribute apps, and would likely be limited to a single JavaCard applet unless you wanted to design your own segmentation framework.


#4

Awesome, thanks for the thoughtful responses! A few follow-up questions:

  1. I should have been more precise when I asked about “NFC” - I mean in the everyday/layman sense of phone-scannable-tags. In particular, emulating tags that could be scanned and interpreted by phones without Fidesmo (or any special software for that matter). Contact cards, URLs, that sort of thing. I gather this is Type 2, but is Type 4 a “superset”?

  2. It sounds like I should get a Fidesmo card and familiarize myself with their ecosystem. I’m an iPhone user, but it might make sense to get a cheap Android phone for this purpose. Any recommendations for an absolute bargain-basement unlocked tester phone that has good NFC performance? Or am I better off using my Proxmark3 here?

  3. I’ve been doing more research, and am seeing that you can only perform a set number (100,000? 1 million?) writes to EEPROM before things start getting corrupted. Is there an estimated limit for the chip going in the VK? Wouldn’t want to corrupt something imbedded within me!

Thanks again to both Amal and GrimEcho!


#5

I think you are mixing up your standards… ISO14443A is an RF protocol standard and NFC Types 1-5 are specific standards levied atop ISO14443A for type 1, 2, and 4, and ISO15693 for type 5. Screw type 3… unless you are in Japan I guess. The Flex One speaks ISO14443A and the NDEF applet lets it respond to an NFC Type 4 AID (application ID) select request from any NFC compliant interrogator, including phones. Also, Android phones can select and communicate with other AIDs that have nothing to with NFC standards… unfortunately iPhones can’t yet… maybe never.

Get an Android phone with NFC. Unfortunately all the bargain phones I know of omit NFC. Also, you will want to get an ACR122U for your system if you’re going to be doing java card dev… you’ll want to check out the Oracle Java Card SDK as well. Lots to dive into.

The P60 chip in the Flex One has 25 year data retention and 500k writes per block.

If you are writing to every memory block of the chip once a day, it will last you over 1369 years. Even if you were writing to it 100 times a day, every day, you’ll get at least 13 years out of it before you’d need to be concerned that the eeprom memory cells might not hold data properly for you… and that’s a lot of writes to be doing every single day.


#6

This is great! Sounds like EEPROM life shouldn’t be too much of a concern. Excited to get one once they come out!