If it’s bricked how would you tell? Would it not work with the access controller?
Sort of. If you can’t write or read it anymore, there are some tricks someone with a Proxmark and the special antenna can do to recover the chip. If none of them work, you’re hosed.
What have you done to cause the issue / doubt?
Not that stoopid Keysy was it?
I don’t know the answer to this question, but could it now be in HID mode and therefore not compatiable with xem access controller( EM4200 (EM4102 compatible))
xem access controller
This thread might be helpful
I believe it was the Keysy.
And I think I may use this as an excuse to order the NExT and replace it
Sounds like a good plan
I’m very curious as to:-
What “MODE” the keysy has put it into
If the Proxmark can read it
If the Proxmark can fix it
Stoopid Keysy
I have just ordered the NExT. Hopefully it arrives by next week someone so I can get this xEM out and replaced.
Just checked with my work readers and apparently it did successfully clone my work badge to my xEM. Not sure which one actually worked, if it was the Keysy or the blue cloner.
But I assume since my xEM was rewrote as an HID card, my DT access controller won’t work with it. So am I able to reprogram my xEM with the access controller, or do I need another one that will work specifically for the access controller?
I ordered the NExT implant and would it be okay to have that next to my xEM without interference?
I’m reasonably certain you need two separate tags, one HID and one EM. You also might not want to install your NExT near the xEM to avoid crosstalk. For this specific use case where one has HID config bits and the other has EM, you’d probably be fine, but if you ever want to reprogram them you might encounter issues.
Great news that it worked!
So if I eventually stop working at my job, and they remove my access, I would have to get a proxmark to put it back to the standard xem configuration?
But in it’s current state, an NExT shouldn’t bother it. That’s good to know
I had a very good/lucky experience with recovering a xEM chip that I thought I had bricked today so I wanted to share my experience in case it helped anyone else.
So I’ve had a xEM implanted for well over a year now using it happily multiple times a day, every-day. However today I attempted to add my chip to the alarm system at work (not for the first time either), after trying I learnt from the alarm engineer who was on-site that he had discovered that this particular alarm system did not just passively read the ID from the card but it actively wrote data to the chip.
As with my previous attempts the coupling failed, so I thought nothing more of it and carried on with my day. When I returned home later that evening my chip wouldn’t work with any of my various systems around the house. Panick started to set in.
Luckily I had a backup of my xEM’s unique code stored in a safe place, so I could access the systems I needed to, but still I wasn’t happy thinking I had potentially bricked my xEM with a tear-off whilst writing or something like that.
Research online quickly lead me to post after post all referring to Proxmark3 devices, which I have known about and wanted for quite some time but finances can’t warrant such an expensive device for me at present.
Anyway, in my desperation I remembered about this old reader/writer I had bought ages ago either off eBay or Bang-good.
I remembered that the device only read one of my two implants but I couldn’t recall which. Thankfully it read my 125khz xEM.
This device also has the capability to write (even though I had never tried it with my xEM). Out of desperation I stuck in the UID that I had stored safe that was originally on my xEM and I pressed write. To my surprise it wrote instantly and said it was succesful.
I immediately used the same device to read it to double-check the UID - the code was different, completely different, the code was wrong but consistent on subsequent reads. However, when I presented my hand to all of my normal 125khz readers attached to other systems they now successfully detected the xEM’s original code! Which I am very happy about, because I have built and programmed various systems to work around that code.
My xEM is now back in action, working as it did before.
I have seen those devices sell for £27 on eBay or $46 on Bang-good, substantially cheaper than a Promark3 (as much as I would love one of those!)
Obviously I can’t vouch or garantee that this will work in everyones situation as we could all be in slightly different situations, so experiment at your own risk. But hopefully this helps someone somewhere one day. I’m in the south-west UK if anyone needs to borrow my unit they are welcome to.
It might have been the case that my xEM wasn’t even bricked, but just the code blanked or reset by the alarm system in work and I panicked, but either way I’m guessing others could be in a similar situation and I just want to help.
I would like to cross-post this on other similar “bricked xEM” threads but I don’t know how that would quite work or if it would be allowed?
Thanks for the share and that is great news for you.
All the Gurus on here would recommend against it, but the good thing is, it worked for you.
I agree with you on the Proxmark front, and I have said it before, Great device, Just Not user friendly.
Here is my regurgitated info on the White cloner that may come in use for you shortly.
Or not “If It Aint, Broke don’t fix it”
NOW this is all supposition, but maybe now because of your White Cloner and how it writes, your xEM may now be “protected” from your work access system trying to write to it???
Also, again I could be talking out of my Arse here, But with a ProxMark, by setting a password, you again may be able to protect work access system trying to write to it???
There is, I believe, still in the works, is a Dangerous Things Reader / Writer. That will be much more affordable and easy to use… speaking of easy…let me get back to you shortly. I will update this post…
FOUND IT
@Emumanx ( Kent UK ) made a post about the Cheaper Proxmark Easy ( 100 x better option than your White cloner ), here is a link to his post, seller name, price ( significantly cheaper than PMIII ) and obviously the original thread about the easy.
The downside is, it is not compatiable with the DT / Tom Harkness LF antenna, but people are still getting successful read / writes with the Easy.
I am not sure of the DT reader writer time line but
Might be time for another xEM or a NExT, One for your current systems, and one to experiment with!?
Thanks for the post and link to other resources, I will read through those shortly.
To be honest with you, I really don’t care at this point if my chip will work with my alarm system at work. I have kind of come to terms with the fact it probably wont in the past and my daily use with the chip has just been at home using cheap black readers which regurgitates the UID to a Pi Zero as if it were a USB keyboard. I’ve built a few different electronics projects around that concept and login to some systems, so I’m just stoked to have all those things back in action, that is the main thing for me.
Thanks for that post, I will check it out.
Funnily enough I may have a very cheap but out of date xEM still in the syringe on its way to me soon - probably not one to inject but maybe one to experiment with.
I was just reading Tom’s great post here lots of good information, but under the White Cloner and the 2. Newer than 2015 sub-heading I read this:
c. The input button is useless as the device does some crazy conversion that as stated above is nonsensical and so far, impossible to figure out. So really this device is only good for cloning.
Based on my experiences this evening I would have to disagree with that. I’ve written to 125khz tags that came with it using the input button and my xEM. Now as mentioned in my post above, yes after a subsequent read it seemingly spat back an incorrect code to me, but in actual fact what it had written to my xEM was the correct code I inputted, so it did in effect work for me.
The paragraph I take issue with sounds like someone who has read a xEM with the white-cloner and seen a unexpected code, even possibly read, written and re-read to check and saw a different code to what they wrote/expected but then failed to check the xEM on another reader, because when I do I get the correct UID I was expecting and had programmed in.
Perhaps I’m missing something (probably!)
Sounds like you are ontop of it all, BUT If you get stuck, KSec @KaiCastledine might be an option for you. “Cyborg Consultancy and Assistance”
Here is the link to their Cyborg Centers
They MAY? have a ProxMark, possibly worth a phonecall at least…
And this one might? be your closest
Hello !
Sorry to hear about your xEM issue. Nick (Pinchy) who’s our partner down in Devon can definitely help with removing/ getting a new implant put in. He’s actually moving to a new studio/in the process to, down the road from the current one. So do email/call before walking in
We’ve got a proxmark that we use at our London HQ but because they’re not straight forward to use, not everyone has their own one.
We are getting more stock of the proxmark RDv4 if you’re wanting one for yourself soon.
Otherwise I can look at getting you a discounted upgrade for your troubles for a NExT or even another xEM.
Thanks for the heads-up both, its good to know about those places and Ksec, I didn’t know about them.
I think I may have my xEM fixed for what I need, but I will bear those details in mind if not.