Implantable RFIDs for dummies

Hi all.

I’m looking to get myself implanted so I can control (at a minimum) my Samsung EZON 2920 and preferably also other access control systems (such as my work system using a Mifare Classic MF1ICS50).

I essentially have two questions. Is there a recommended USB reader writer which supports all DT implants? If not, is there a recommendation for one supporting the xNT and new beta products?

Secondly, are there any suggestions around which implants should be used, considering I primarily (atm) need to clone data from the Mifare Classic card listed above to an implant? I know that’s a noob question, but I feel like it would be better to ask before dropping any cash.


Hey there,

Let’s address the more tricky aspect of your post first; cloning cards… the Mifare Classic 1k chip (MF1ICS50) is not easily “clonable” for the following reasons;

  1. Each chip has an ID number… either 4 bytes or 7 bytes typically. This ID can be read by anyone, and is easy to emulate with an emulator (advanced hardware pretending to be a tag), so while it is used with locks like, say, the Samsung Ezon locks, it is not typically considered secure enough for commercial systems… hence #2

  2. The “classic” mifare chips are broken up into multiple memory “sectors” with 4 blocks of 16 bytes each, and each sector has access keys which are split into two; key A and key B. These keys are used with “access bits” in the last page of each memory sector to set access and authentication parameters for that sector. These keys are typically used to protect the sector contents from reading/writing so only an authorized reader can access/modify that sector. This feature is typically used as part of an authenticity check to ensure the reader is talking to a legit tag. I wrote a quick paper on how these keys work.

In order to clone an existing mifare classic tag to another tag/implant, you need two things;

  1. A mifare classic “zero” chip which is basically a chinese knock off of an nxp/panasonic mifare S50 chip that allows the ID to be changed. An authentic mifare classic chip has a read-only ID, but knock off chips can allow sector 0 (the sector containing the ID) to be changed and written to. We do not sell knock-off mifare chips in our implants, hence we do not offer a “mifare zero” type tag.

  2. You would need to crack the keys off your existing mifare tag, for all sectors, then read all sector data and write all that to your target tag. There are tools to allow you to do this, but it’s not easy or cheap. Google for “Proxmark III” and “mifare cracking” to find out more.

In answer to the remainder of your post, the xNT works great with most Samsung Ezon locks… however, there are some that don’t work correctly with the xNT, they only work with true Mifare Classic chips like the S50 or S70, even though they don’t use any of the access keys as outlined above. I think it has to do with the way the reader gets the ID from the tag… it should do it upon select command, but I think some older Samsung models, may try to read each sector and pick out the ID manually… which means the memory blocks won’t be correctly ordered if trying to read an ID from our xNT which is NTAG216 based. I can’t remember if the 2920 is compatible or not… I think it is, but not 100%… it’s not on our compatibility list.

As for a reader that works with everything we have, that’s not something we have or have even sourced. Our xEM is a 125khz chip so it will not even be the same frequency as our xNT or flex line products… but if you’re focused on just 13.56mhz, then an ACR122U is the defacto “go-to” reader for most things. The tough thing though is finding the right software. I personally never use it, I only use my phone when I want to tinker with tags.

Awesome, thanks so much Amal! This gives me exactly the starting point I needed :slight_smile: