Intro and questions

xSLX won’t work for you, the iClass readers use ISO14443a for their UID only mode.

If it’s an earlier model it specifies in the manual Mifare Classic (xM1, but not sure if it’ll still work with others) or if its an SE model it is any ISO1444a card including NExT and xNT.

Now, that’s hardware compatibility. Tap a Mifiare classic and an NTAG to the reader to know for sure. It could be turned on or off in the reader config. To change it is ordering a config card from HID and pulling the readers off the wall.

As for enrolling, you’ll have to tap and look at the number in the access logs, not just give them a tag info scan. There are about 5 different ways the system can represent the same data, so unless you know the exact reader config, you’ll have to tap to find out how it sends that number to the door controller.

Thanks a ton for the dummy crash course. I really need to learn more about how these systems work. When the test cards come in I’ll try them out. The reader itself is off limits, I can’t change that in any way, but if I can get a chip that it reads he is willing to put the implant in the system.

Process for figuring this out:

1. take my test cards to the site
2. tap a card
   2a. if it doesn’t beep, try another card
   2b. if it beeped, goto 3
3. check the system logs to see if it read an ID code
   3a. If yes, that’s the kind of implant to get
   3b. if no, grab another card and keep trying
4. hopefully come back here with the card type that beeped and sent an ID
5. throw money at Amal to make my hand go beepbeep too

Did I get the process right, @Compgeek?

I’ve got a dozen mifare classic cards in hand, I can swing by some time and see if they make it beep, the others will have to wait for my test card sampler packs get in.

I wanted to say again how much I appreciate you folks, your patience and willingness to explain things is wonderful.

Yep, that’s it!

Best practice would have been that they turned off any mode they aren’t using for security reasons (look up Iceman and Babak’s great DEFCON talk from this year where Babak demonstrates a technology downgrade attack to see why!) but about half of the time that never happens and you might be in luck.

Basically, you are counting on the integrator having done it wrong - let us know how you get on!

I find things often boil down to that is cheaper and/or easier, no matter how big the company is, everyone wants to saw a buck… here’s to hoping.

Had a good chat with compgeek, going to pass on the iClass unless work security is willing to share details that they likely shouldn’t be sharing.

In other news, my order just came in! Excuse me a moment while I make kid-on-christmas noises

159968534003811784609717709397354608×3456 2.95 MB

159968549762612260490253810850914608×3456 2.27 MB

159968557080554935725995755725654608×3456 2.66 MB

Very cool, Christmas in September, I am excited for you. I just hope they came with batteries
Also
Whilst waiting for the install,
I draw your attention to

Followed Satur9’s step by step linked above for the P40 this evening and cloned it onto a T5577 card with no issues. Trying to get the NExT installed this weekend hopefully. Had to postpone due to a health issue, so hopefully soon now that I’m feeling better. Still waffling on position 0 vs knife edge, but we’ll see.

Had to postpone the implant and then had trouble matching schedules up with my installer, but tomorrow is the day! Getting the NExT put in tomorrow afternoon.

IMG_20201004_1700263456×4608 2.03 MB

That was easy enough.

*scan *
not working yet
*scan *
not working yet
*scan *
not working yet
*scan *
not working yet
*scan *
not working yet
*scan *
not working yet
sigh is it healed yet?

Playing with the proxmark tonight a little. I can’t flash iceman on it, I get the exact same error as this post: FlexMT HF Reading Issues - #9 by Appellus

I set the threshold using lf config t 40 to keep it searching for a tick in case the implant just isn’t in ideal position, that gives me time to wiggle it a bit. It does react to the implant when I scan it.

proxmark3> lf search
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:


No Data Found! - maybe not an LF tag?

proxmark3>

That pops up immediately when I scan the implant, it does not wait for the timeout, so the field is getting triggered. This is exactly what happens when I scan the T5577 card that I cloned my ioProx fob onto, so that is promising.

Then I try to write the data:

proxmark3> lf t55xx write b 0 d 00147040
Writing page 0  block: 00  data: 0x00147040
proxmark3> lf io clone 0078776039a8ddf3
Cloning ioProx tag with ID 00787760 39a8ddf3
proxmark3>

But there is no confirmation of write and the NExT doesn’t respond to lf t55xx detect after that, which the cloned-to card does. Is there a way to confirm the write or force it to wait to first detect a chip before randomly broadcasting the write?

it worked it worked it worked.

Despite the PM3 not being able to read it back, I did try it today on my front door and it worked just fine. Which is really kinda cool because… I locked myself out and swiped it out of pure optimism, not really expecting it to work. LOL

That is a true success story.
It all just paid for itself, and you are officially now cool as fuck

To be fair, he was probably cool as fuck before realizing his implant works also

let’s not get ahead of ourselves here…

At the very least, you became cool when you joined our little band of unhinged individuals. The fact that your chip worked but you hadn’t realized it yet doesn’t change your coolness birthday

I’ll buy that for a dollar. But not with an implant

Wear sunglasses, at night. Not only are you cool as fuck, but you’re One Of Us. One Of Us. One Of Us.