Hi all. First post. I have quite a conundrum that i’m struggling with and hope someone can help…
I have a gen1a FlexM1 installed (3 weeks ago - distal dorsal forearm) and cloned my work ID (Mifare 4K) to it using proxmark. It worked immediately and has continued to do so, but only for SOME of the readers I have access to at work…
i.e. some readers don’t detect it at all, rather than it being detected and rejected.
I’ve also previously cloned my work ID to a ‘Chinese magic’ writable fob, and the fob works on all the readers. So even though the written content on the chips should be the same, the implant isn’t being detected by some of the readers.
I thought it might be swelling related, but at 3 weeks post-implantation there has been no improvement. The implant site is very superficial and there’s no bruising, tenderness or swelling. And it has worked consistently with the same readers from the very beginning.
There are differences in the readers - some are black, and some are white. The implant is detected by SOME of the black readers, but none of the white ones. I would have thought that if there was some difference in the hardware of the readers it would affect read range of the fob, but that seems identical between readers.
Imagine my frustration! I wonder whether a Gen2, or an xM1 would give the same result.
Thanks for your thoughts.
I found some readers, particularly those on building exterior, have a harder time reading. Can you pry off the covers and look at the antenna? There may be crap built up on or around it which needs to be cleaned out.
Otherwise try different positions with the chip. Although my work readers are all the same, some of them work best top right corner and others sort of by swiping across the middle.
Sorry so know this isn’t particularly helpful.
Thanks. Have been meaning to try to open one, but most are in areas of high traffic or with cameras pointed at them.
this is unfortunate… and there could be some issues causing problems that you don’t have any control over, such as;
design or part changes in the reader internals that affect overall RF performance
settings such as overall output power settings that lower performance for certain readers vs others
“card detection” settings that keep the reader operating at low power until a card is detected, then go to full power to interact with the card… this is a sensitive setting and usually set on a per-reader basis. It’s usually meant for use with battery powered applications, but can sometimes be found on wired readers. The result is that the setting is set to be less sensitive, requiring the implant or card to draw more power from the weak detection field to trigger a full power card read, and sometimes implants just can’t draw enough power due to antenna size issues to trigger the reader to go full power. You can test this by putting your RFID diagnostic card up to the reader, but slightly offset, and then present your flexM1 to the reader while the RDC is still lighting up. Or you can present your implant to the reader, and then come up behind your hand or off to the side with the RDC to try to trigger the reader to go full power. Either way, the RDC should draw enough power to trigger a full power card read from a reader operating in “card detect” mode.
there might be differences in what the material is behind the reader, which can change RF performance due to interference. For example, are there metal beams in the walls? Are there metallic flecks in the paint? Did someone use large solid steel bolts to secure the reader to the wall or tiny brass drywall screws?
All of these aspects create potential for variation in reader performance from seemingly identical readers.
Interesting. I imagine it must be something like those you’ve suggested. When I use my xSIID to locate the field, the LED only flickers weakly. Will try that trick with the RDC. Thanks!
Also be aware that the field detector keychains or the xSIID only really help to locate a good place for x-series to get a read… the best location and orientation for a flex may not be the same… and in fact likely to won’t be the same. This is because the antenna structure of x-series are cylinders while flex and normal fobs and cards are spiral flat planes.
I think that designing a flex field detector keychain could be worthwhile?
Also, how many cyborgs still use keys?
My approach in these situations, is to use the xFDs to locate the Antenna coil, visulise the layout then I approach that coil with my Flex parallel to where the xFDs are perpendicular to the antenna.
If the xFDs dont light up, pretty much I just try parallel approcahes to the logical antenna locations, and my success rate is pretty damn high.
I don’t tend to struggle with my FlexM1.
One of my favourite implants
I too have a FlexM1 and had some dealings with Gallagher readers, including your pictured T11.
Do be aware that the admin software of these readers usually audibly and visually alert for ‘possible cloned credential’ when a gen1a/‘Chinese’ clone is used. This is only an issue if someone is monitoring the alerts generated and cares enough to head to the reader/view cameras to see whats going on.
The reader fascia colo(u)rs are purely aesthetic and the underlying hardware is the same for each model of reader.
A gen2 would have similar antenna performance/issues compared to your FlexM1 and an xM1 would, most likely, have more antenna/coupling issues.
Trying to open a reader may prove difficult as there is a security screw (Torx M3) and possibly some tamper protection inside. I tried to find evidence of this from user manuals and tear downs but found nothing explicitly evident that tamper protection was present. However, take this with a pinch of salt as Ive not had enough coffee so could’ve missed something.
The readers do have an idle/low power state when not in use and need a nudge to draw more power.
Using the diagnostic card, you can wake the reader then try with the FlexM1 to get a potentially better read. From memory, when reader is idle the LED is a faint red and when ready to read/awake the LED is a brighter, vibrant red.
Source from datasheet
Note the reduce power draw when idle vs when ‘active’.
From looking at some teardown images of the internal PCB, the antenna appears to be an inlay around the edge of the board. Keep this in mind when trying to get a read as you want to ‘cut’ the reader antenna with the antenna of the implant so they couple correct thus can share power/comms.
Focus your efforts on trying to manipulate your hand (thus your implant) to get better coupling on the reader rather than aimlessly mashing your hand and hoping for the best (coming from 1st hand experience).
Below is a (rough) antenna representation for your pictured reader.
Teardown Image of Reader
Notice the antenna inlay on the board enclosed by the red outlines.
In short, the readers have a low powered state which needs to be awakened before it will try to read a card. Try to awaken the reader using something like the diagnostic card then use the implant.
Focus on coupling the antenna of the reader to the antenna of the implant by manipulating your hand against the reader.
That’s a great summary. Thanks very much. Will try that when i’m back at work after COVID.
could be done as a card format since it’s thin?
I do enjoy walletable detectors
Yes it would. I had forgotten about the thin PCBs like the one of the RDC. Maybe the loyalty program “keychain card” format could be good for this application and a smaller PCB would help reduce manufacturing costs.
Just posting some ideas, a full size card would also be nice.
A field detector card with various form factors of antenna for hf and lf (x, wedge, disc) would be really cool but idk if that’s practical