Completely understand and appreciate the appreciation! The guys over at the PM forum can be a bit touchy sometimes - they are constantly getting smashed with questions that could easily be answered if the person just read a few lines of the readme etc…
3 Likes
No worries - Hitag2 should work BUT the stock antenna may cause you some issues.
Assuming the antenna isn’t too bad (I seem to be coupling okay at the moment) what are the commands that I’d use to clone my access badge to my xEM? I’ve gone through all the “lf hitag reader” and other “lf hitag” commands, and nothing seems to be making much sense - now that I’ve gotten the UID from the “lf search u” command, what write command do I need to use to write to my implant now?
So you think you could make a T5577 behave like a hitag2 ? certainly not the S variant (with 48bit challenge response)… but maybe just the hitag2 UID (not user memory)?
I think just the UID should be possible , definitely not the S variant - unsure how happy the reader / system on the other side would be but looking at the t5577 data sheet, the modulation etc should be “set-able”.
If I can get hold of a Hitag reader / card I’ll do some tests.
2 Likes
I did some reading into the specs of the T5577 and emulating a hitag2, and the T5577 supports all the modes that are used for communication by the hitag2. I just don’t have the parts, tools, or experience necessary to see if I could make it work. I gave some more info on it in this post.
I’m going to pass all this info on to iceman from RRG as we work closely at times. Will see if he has any input or ideas. Might be quite simple if one knows the code base and understands the analogue stuff a bit better than I (and iceman certainly does).
4 Likes
Yeah, exactly. It seems like it could be easy to do if one knew how to make the chip do what you want it to and have more fine control over the modes. I’m interested to see how this turns out.
2 Likes
As always Tom, you are a scholar and a gentleman. I owe you and iceman a beer.
3 Likes
The conclusion is we need to test and try some things:
-
Hitag2 is a reader talk first system, the reader sends a start command first before the tag responds. A t5577 would scream the block data back constantly - that’s how they function when powered up
-
The pulse width in terms of modulation is not the same
-
Not to mention the auth : crypto parts.
-
We can probably make a t55 just send one block data that equates to a 32b uid. Over and over. Might confuse the reader though lol.
Worth playing with I guess but my gut tells me this is very dependent on what the readers are doing.
4 Likes
Ok, if all of that is true then I suppose its not as simple as it seems. Glad we have guys like you around that have the knowledge to really dig into it.
But who knows, maybe there is a workaround.
1 Like
@amal Rather than messing with my xEM, is there a possibility of getting an implantable Hitag2 chip? I’d put in the first pre-order if there was.
1 Like
We do have these, they are HITAG S2048… we just have not released them. The primary reason is - i don’t want to have to support a bunch of hitag questions.
Who here knows anything about them and is willing to help support questions about them here on the forum?
3 Likes
fine. here. 
6 Likes
Wait…did I miss this already existing or did you literally just post this? Also, is there a difference between Hitag and Hitag2 which will cause problems with cloning my Hitag2 card on to this?
Either way, you rule, domo arigato for my human roboto parts. Now to figure out where to put this one, any suggestions? I’ve already got an xEM in my right hand between my index finger and thumb, same thing for the left hand but for the xNT.
1 Like
That didn’t last long…
3 Likes
I believe the hitag s2048 is actually a hitag2 family chip… but this is what I mean by support… I don’t know nearly enough about them so that’s why I didn’t release them until you squeaky wheeled me into it 
5 Likes
Sorry about the support question but how would I copy to the xHT s2048 with a proxmark? I have already confirmed that the tag I want to clone has a hitag2 chip and I can access the UID.
Or would it be easier to get it programmed into the system? (paxton)
3 things;
in the first instance, if getting it programmed straight into the system is an option, definitely go for that.
I assume you have checked out the proxmark forums?.. Generally, they are not particularly friendly to noobs, especially if you haven’t done your research and searched the threads first.
Otherwise I’m sure somebody on here could provide you the Proxmark Commands and a walkthrough.
I’m still learning my way through the Proxmark myself, otherwise I would help you out.
1 Like
Thanks for the reply, I did look on the proxmark forums yes but they weren’t very helpful.
The sum total of knowledge that I have gained from them is, and I quote “some car key duplicator can do it. not hard” so altogether not very helpful.
I’ll try to get it added to the system but would still be interested in how to clone one.
1 Like