So I just got my FlexMt a little under a month ago, but today I noticed that the HF side of it was not functioning as usual.
The first sign was that when scanning with the TagInfo app, it didn’t seem to register any card was there. I tested it to make sure it wasn’t just my phone, but it could register other HF tags like the little blue pucks I have or other 13.56 MHz cards. The interesting thing is that both lights still light up when being close to the NFC antenna on my Pixel 4 XL. I was also able to easily scan the NeXT in my right hand.
I tried reading the card through my ProxMark3Easy, but no dice. The Easy has been known to be a little temperamental, but I tested it by scanning a bunch of LF and HF tags perfectly. I couldn’t get a read on my NeXT, but I’ve only managed 1 good read of it with the entire time I’ve had the PM3Easy. I also checked the “hw tune” command and everything turned out ok. Again, when doing a hf scan, the lights lit up and blinked, but no dice on an actual card read.
Finally, I tried it on my door lock reader, which traditionally responds to all HF tags (although only unlocks with my unclonable Ultralight EV1). No response from the door reader at all. The fact it didn’t turn on the lights isn’t so jarring as even when up against my PM3 easy, they only glow a little, so I can imagine it would be really difficult to do when not right up against the reader. I tested the door reader with the little blue puck HF’s I had around and was able to get a read from as far away as 1cm.
I can’t recall hitting it super hard or anything and the LF bit of it is still being read through my PM3 and other readers to get into my building at its regular far-ish distance. It seems that the HF has just gone on the fritz. The only other dicey thing I did was apply some magnet tape to some cupboards yesterday, but I ran some over a blue puck and it still was read just fine. I have no clue what’s up and would love some guidance.
The implant in question after 32 days (apologies for the dry skin):
run a hf tune and approach your implant, keep feeling around until you see the voltage drop to the lowest you can see, this is where your proxmark is getting the best coupling to the MT, once you’ve identified the best place for coupling try holding it there and running a hf search or hf 14a reader whichever floats your boat and see if you get any results from that.
@Equipter No luck on the hf tune, even for a regular blue puck surprisingly. I just get a continuous #db# 140662 mV no matter what card in the reader’s vicinity. I have a suspicion that certain elements of this particular PM3 Easy don’t work and that is one of them. As for the hf search, still no luck. Interestingly, doing hf 14a reader seems to softlock the whole device into the following:
proxmark3> hf 14a reader
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
@Appellus Can you tell us what firmware your Easy is running? Of course we always suggest rrg/iceman, which you can compile for the Easy if you set your Makefile.platform to PM3OTHER
then make do your make clean || make all to compile for the Easy (as long as it’s the 512k memory version not 256k)… then we can play around a bit more.
I also recorded this to address construction concerns.
Your video responses to forum issues and questions are just awesome. I just don’t know of any other company where the “support line” results in direct video replies to the requestor, that are also really insightful and interesting to watch for the rest of us. Honestly, that’s unique and priceless. Congrats!
That said, it’s not totally unique: it’s starting to remind me furiously of those paid virtual internet peep show channels, where a scantily clad lady sits on a bed in front of a webcam and takes requests from a bunch of guys hanging around in a side chatroom, clicking on a button to send money to the performer, probably with their other hand not fully free to type on the keyboard. If you do implement that Patreon button, the picture will be even more complete
@amal Thank you for the quick response and apologies for my late one as I had to take care of some schoolwork!
For my PM3 Easy, I’m currently running the official repo that can be found here as everytime I attempt to flash the Iceman Repo, I get an error regarding writing to the 496th block. I’ve documented the error over on the PM3 forums, but the best response to the problem would have to be to JTag it probably. I also reached out to the seller from their Amazon listing, but after a lot of back and forth, they couldn’t figure out how to solve it. There’s a JTAG on the way, but I bought it from ElecHouse so the shipping is taking a while as it just arrived in Canadian airports after ordering a month ago.
Iceman
So, I was able to install the IceMan Repo on my computer, but when attempting to flash the PM3’s, I’m getting some strange results. After changing the Makefile.platform to run the PM3OTHER version, I ran make clean && make all and everything set up accordingly. However, upon running my ./proxmark3/pm3-flash-all, I get the following:
As mentioned before, this isn’t the first time that this “496th” block has given me an error. Unfortunately, without the fullimage flash completing, whenever I enter the proxmark with ./client/proxmark3, I am stuck in offline mode:
I have had tons of problems getting various Easy models to load rrg properly… it honestly takes a slog of different variations to get it working… I have two different Easy models both with 512k and both required slightly different approaches… one of these approaches tend to work;
hold button down, power up, keep holding, run pm3-flash-bootrom, once finished, let go of button but let it flash lights and do whatever the heck it wants to do, see if com port comes back eventually, if com port appears pull cable or if after 30 full seconds (count them on the clock) no com port, pull cable, hold button, plug in, keep holding button, run pm3-flash-fullimage, once done let go of button, let LEDs dance around, wait 60 seconds, pull cable, plug cable in, result?
hold button down, power up, keep holding, run pm3-flash-bootrom, once finished, pull cable while button held, plug cable back in with button held, run pm3-flash-fullimage, once done let go of button, leave alone while LEDs dance around, wait 60 seconds, even if com port re-appears pull cable, plug cable in, result?
Essentially I’ve had to work out various dances with the button and cable pulling to get the bootloader and full image to run on these two different but identical looking Easy units got from two different chinese vendors. The trick for me was always to work the button like nobody’s business and never assume things were going to plan… try variations on holding the button, flashing, pulling the cable with button held after or letting the button go and letting the unit attempt to sort itself out. Sometimes the initial com port when holding the button would be 3 and then during “normal” operation it would change to like 6 or whatever, so the flash process would be looking at the wrong com port… it’s really annoying how these things go but I once had to hold the button while re-typing to update the correct com port to finish the flash process… anyway… keep trying… you’ll get it sorted I’m sure.
@amal I’ve been trying a bunch of solutions to it, but with both of the main ways you outlined above, I still end up getting that “unexpected reply” reply.
As for my PM3 easy, traditionally, in order to flash the old official repo, I would have to hold down the button to retain the COM port it first appeared on. Upon trying to flash the “official” repo image, the PM3 will show up on COM3, disconnect when it enters the bootloader, then comes back on COM6. Basically, this means that I have to have the button held down the entire time (like your suggested techniques.) from plug-in to finishing the flash, in order to ensure it stays on the same COM3 port.
When flashing the Iceman repo, I don’t have this issue as it stays on the same COM port whenever doing any stuff with the Iceman repo. The similar fix I could locate is here, but this looks like it from a much older version as I can find the makefile.common, but it’s no longer in /proxmark3/common (it’s in /proxmark3/common_arm) and the file no longer has the lines that need to be commented out. I think at this point the best bet may be to wait for the JTAG to get here and then figure out how to make that thing work as I’ve never JTAGged before. I can keep trying random button presses to see what works.
The weirdest part is that I was able to flash the Iceman repo when I first got it, but I am now unable. Maybe I somehow unintentionally locked the bits?
However, upon running hf search, it is still unable to find the HF part of the FlexMT. Interestingly enough, I can also only find one of the blinkie lights when bringing the reader close by, so I’m unsure as to what that entails.
Damn … somehow, it seems the gen1a HF of your flexMT is just… dead. So strange. Man this sucks. I think the only way now is to replace it. I’m so sorry this happened!
@amal It’s alright! I figured when it was coming out of The Lab it wouldn’t have been 100% fully foolproof yet. It’s even stranger that 1 of the blinkies still works (kind of) but the other one does not. Makes me wonder where exactly the issue is coming from. For the replacement, I guess we should take this over to the customer email and figure out next steps.