My university campus uses HF IClass scanners such as the one pictured. While it easily powers the DangerousThings diagnostic card, I was completely unable to get it to react to my NeXT or Spark. I had assumed it just refused to respond to them due to them not being IClass, but I noticed a Mifare writable card. So, I used the x-Field detector, and noticed there was no placement or orientation on or around the scanner that would produce any kind of light in the detector. This was also the case with my HF x-LED implant. So I’m curious what would cause these conditions? My assumption would be the antenna in those types of scanners just not playing well with the cylindrical coil, but I’m not quite sure. Thanks for any information!
2 Likes
Sometimes readers will employ a “low power” strategy which involves sensing the detuning of the reader antenna when a tag is presented. This is very low power compared to actually attempting to power a coupled tag and perform a field scan, but it does require tags with significant impact to reader antenna’s coupled inductance (i.e. a large enough tag antenna).
To test this, use both the diagnostic card and the X Field Detector at the same time. Do this by presenting the diag card to the reader to get a strong field going, then see if you can run the X Field Detector around the reader face, under the diag card… so put the XFD between the diag card and the reader.
2 Likes
Yep, that did seem to be the case on the ones the X field detector wasn’t being lit from. For the ones that do light up the detector, would the fact that the scanner is IClass be why it has no response from the NeXT?
2 Likes
That seems likely. The NExT ships with the LF configuration bytes set up like an EM410x, which the HID system might not recognize.
1 Like
My college uses the same readers to get into a server room. Interestingly, when I first received my NExT and it was in EM410x mode by default, I would routinely set off the reader for friends that thought it was cool/didn’t believe that I had a transponder(of course it wouldn’t authenticate because my badge was in HID mode with a completely different UID). After cloning my actual HID badge to the NExT, however (had to wait for the new LF Proxmark antennas before cloning), I noticed that although it would now authenticate the NExT because it was in HID mode with the proper UID, it seemed to be much harder to get a read. I’m not familiar with the internal mechanics or physics behind either device, but I thought it was a little weird that it seemed the field strength was reduced after cloning and switching modes.
Edit: Forgot to mention, I used the field detector which had decent reads, especially after being oriented correctly, which was expected. I did need to play with the NExT orientation a lot more after I switched the NExT to HID mode from EM410x mode, which is why I ended up using the field detector, as it was difficult to get a read. It almost seemed as if I could wave my hand against the reader and get routinely good reads in EM mode, but in HID I’m lucky to get a read at all. 
How exactly does one go about switching between the emulation modes, particularly with something like the use of the blue cloner? Is it just automatic based on what the cloner last read, or is it something that can only be configured using the proxmark?
1 Like
I’m not that familiar with the blue cloner, but it seems to be automatic as a lot of people don’t have a Proxmark to change modes but have still done it. Even on the Proxmark it doesn’t take anything special to change modes, it’s actually within the command itself while cloning. E.g. “lf hid clone xxxxxxxx”. That being said, the Proxmark 3 RDV4 with the LF antennas made my DT is by far the most reliable for cloning. The blue cloner can be hard to get a good write and can also set a password or brick your NExT if you’re not careful. Cloning on the Proxmark is more expensive and technical, although much safer.
3 Likes
Hmm interesting. So how does the configuration of the LF part of the NeXT affect the readability to these scanners if they’re actively looking for HF chips? I’ve tested in the past putting the DT diagnostic card between the scanner and my ID to see if at any point the LF LED lit up, but it never did.
2 Likes
There’s a possibility the universities use slightly different variations of the readers based on their needs, but I only tried the LF field detector on the reader at my school. After class today I’ll go back down and try the HF field detector for curiosity. It’s possible you have a HF reader and mine is LF, but I’m not sure. Either way I thought the LF mode phenomenon was weird and worth mentioning but being new to all of this I assumed it was because the UID was longer so it had to transfer a bit more information or that being in a different mode somehow made a very small impact on the readability.
1 Like
Yeah I’m not really sure what would cause what you were mentioning either, I’m pretty new to all of this as well, so seeing what Amal/somebody else who is very knowledgeable has to say about your case will be neat for sure.
3 Likes
So I tested the reader at my school using the DT diag card. It does support both frequencies, but as you said the HF field detector doesn’t light up whereas the LF one does. I also tested the low power strategy theory @amal was talking about by placing the XFD between the reader and diag card and it appears that it does use this strategy. Also, apologies for potentially hijacking your post about my NExT having weird LF reads with mode switches, just thought it would be better here than in another forum post since this was somewhat related.
1 Like
I have noticed this also. I think it has to do with the analog front end configuration that HID cards use that makes it slightly less conducive for small antenna configurations like the NExT… but I don’t actually know for sure. When this happens there are two ways to go about dealing with it… the “tap” method, which means you take your hand away and try again in a slightly different angle… or the “slide” method which means you present your implant so it’s horizontal and sitting in the center of the HID reader, then you slowly slide your hand off to one side and around the edge of the reader so you kind of end up fist-bumping the wall beside the reader. In most cases, these two approaches help get good reads while in “HID mode”.
2 Likes
Interesting, I’ve been wondering for awhile if this was the case or if I was going crazy lol. Thanks for clarifying!
1 Like
What really drives me crazy is that it seems to come and go… some times I tap and I’m in no problem, and other times it’s a super painful process to get in… maybe it’s temperature affecting the tuning of the L/C circuit in the reader… @turbo2ltr was working on a reader application once that had a “field detect” feature but it was so unstable based on temperature that you could literally blow on the circuit board to change the noise threshold… so maybe put a little cheap dime-store thermometer on the wall next to it and see if there is any correlation… if it works well for you at all that is… if it’s always crap then don’t bother.
2 Likes
That makes a lot of sense. It’s mind-blowing how little things like that can have such a big impact on reads. Temperature would be one of the last things I would expect especially since it’s such an external source of noise. Very interesting though, I may have to try the dime-store thermometer and see what I come up with.
1 Like