HID card cloning with NExT

Good afternoon! I was about to order a PM3 Easy when I saw the DangerousThings Instagram post about the updated blue cloners (which still scare me to be honest). I jumped on buying one to clone my school ID card, which was the main purpose of buying my NExT (with the long-term goal of vehicle ignition projects, home door locks etc). My school uses what I believe to be industry-standard HID readers, but for assurance I’ve been trying to determine if my card is clone-able to the NExT; however I can’t determine what HID standard/model the card is.

Sorry for the poor quality of the photo, not tryna give out personal details or anything, my coworkers (sorry coworkers if you’re reading this) wouldn’t take kindly to me posting about cloning it.
I’m hoping the type and clonability of the card can be determined by this; I scanned the scanners at school with the Dangerous Things RFID analysis card that came in the NExT bundle and it is 125kHz.

Update: I’ve gone ahead and removed the image as I crossed everything out but the card model and unique printed ID on the bottom. I’m not trying to have that floating around (never can be too careful), but the card’s model said “HID 0009Y” on the bottom left corner and “XT” on the bottom right.

Purchase some blank T5577 cards (the same chip that is in the NExT) like these and try to clone your work badge onto one of them. If you do so and you can swipe in with the cloned card at your work, then the same thing should work with your implant.

The implant is provisioned as EM4100, so you might still need the Proxmark to change the configuration block to indicate HID. I’m not sure, I’ve never used the blue cloner

1 Like

Thank you! I’ve gone ahead and ordered some.

I’ve not used a blue cloner before, but it’s a piece of cake with a proxmark. Cloned the wife’s HID Prox onto a t5577 with no problems at all. It’s easy enough that it’s a good learning exercise using the Proxmark. Should be a simple

lf search

to get the UID, then

lf hid clone UID

using the HEX UID copied from the first command to write to the card. When successful, use the same clone command to write to your implant. Easy peasy.

1 Like

As long as the blue cloner supports HID copies, it will automatically convert the chip from EM mode to HID mode. I used a blue cloner both to clone a generic EM tag to my xEM, then later on used a different blue cloner (the blue cloner I own doesn’t support HID) to copy my work badge to the same xEM. Struggled with getting a good read for awhile, but it worked with no weirdness and no proxmark once I did get a good read.

I honestly don’t know enough about the different HID models or anything to know offhand if the NExT will work immediately with it, but I’d probably air on the side of yes, if I had to guess.

1 Like

I honestly don’t know enough about the different HID models or anything to know offhand if the NExT will work immediately with it, but I’d probably air on the side of yes, if I had to guess.

Both the iclass and iclass SE readers support 14443A. So should be no problem with the xNT/NeXT. Although they do have to be configured in Security mode 1. Mode 2 or higher are iClass only and will not support the xNT chip as it requires an encryption key exchange. The multiclass readers will be a problem for the NeXT as it will excite both sides of the chip.

Any of the ancient ProxPoint readers are a breeze and will work no problems with the xEM portion of the NeXT.


I’m pretty much doing the same thing, in my case I have an HID iclass and I found out it’s a huge pain in the ass. Basically there’s a lot of different HID cards and I’m not sure if any of them are scannable on your phone but I know for sure the LF prox and iclass ones aren’t so basically you’ll need a proxmark to read it and see what type it is. From my research most newer cards aren’t ISO14443 but I’m new to this so take this with a grain of salt