LF of NExT Implant not reading after 3 Weeks, HF Works

I know it’s not ideal but can you find someone with a Proxmark RDV4?

There will always be a voltage drop given the copper coil and the ferrite but this doesnt mean the chip is alive/healthy; just that something is pulling some voltage.

The challenge here is that the proxmark Easy is a cheap, mass produced clone of another device so the quality isnt amazing.
Its also very common, given those conditions, that the LF antenna isnt tuned anywhere near 125kHz but close enough that LF cards can be read reliably.
The LF antenna is also made to couple with flat antennae found in cards and fobs, not a round antenna that is present in an implant.
Since the LF antenna is most likely going to have bad tuning, you may be better with some distance between the implant and the antenna. This should, hopfully, offset the bad tuning of the LF antenna and allow it to couple with the implant antenna. Ive personally found I can get consistent reads with 1-3mm of distance/air between my skin and the proxmark antenna.

All of these factors combined is what you are working with and trying to overcome. I find it very difficult to read my NExT with my Easy, slightly less difficult with my RDV4 (using the flipped antenna) and even less difficult with some PACs readers.

Your implant looks shallow enough that there should be no inherent difficulty penetrating the skin and, since its been >=4 weeks post install, there should be no swelling/fluid build up to make things more difficult.

I actually tried to get some distance between the Antenna & Skin a couple of times. Didn’t help either.

Given what you guys said I am thinking of getting an RDV4.
Finding Someone in my Region who has one of those would be almost impossible given I live in a rural area. So buying would be the only reasonable option, and I also could use it for Pentesting and IT-related things.
Unfortunately, the price is a bit high for having a pm3 Easy and an RDV4.

I have to say I’m not really familiar with the RDV4. I think of it as the “complete” “high quality” proxmark3 package.
Are any good Docs or Videos like “Exploring the Proxmark3 RDV4” as Amal did for the PM3 Easy?

Living in Germany, i think the suggested Website for buying would be lab401.com?
So the Perfect setup for my Problem of Reading my Implant would be the RDV4 (Proxmark 3 RDV4.01 – Lab401) and the 125 kHz Antenna designed for Implants (ProxRF 125KHz Biochip Antenna – Lab401), right?

I have a couple of questions.

  1. can you read the HF side consistently? If you can then there are other options than an RDV4 that might work.

  2. do you have a use case for the LF side in particular? I am wondering because using a Proxmark3 would only be needed for some use cases.

If you can read the HF side consistently you might consider making a small ferrite coil for your Proxmark3 LF Antenna. There are several posts on the subject on here. People have had better luck reading with a homebrew antenna before.

The other option worth testing would be to get a larger reader and see if that is any better. I have a battery powered HID pad with an ESP-RFID-Tool which I use for some testing.

I can read/write the HF side without Problem using my Phone and the PM3 Easy.
I want to use the LF side for Access Control, Vehicle Start, etc.

Unfortunately, I have no bigger Reader than the Proxmark3 Easy.

For a custom Ferrite Core Antenna, I found this thread:

Before going through all that trouble of Optimizing and buying the parts I need for that project, I would consider just buying the pretested Version of the RDV4 and ProxLF antenna, they should (I hope at least) work definitely. :slight_smile:

From memory some people have found the proxlf doesn’t solve coupling problems, but it is up to you.

I spent about $45 making my HIDprox pad, and while it is a bit small to use as a huntpad (read range is about 6") it was an interesting experiment in some physical penetration techniques.

There are quite a few Germans on here, so it is possible that someone in your area could help. (As a Scot in the US I am well aware that In the US 100 years is a long time but in Europe 100 miles is a long distance.)

It may be that the LF side is just terribly tuned… they are programmed with EM serials and tested during manufacturing but that system passes the tag through the antenna center so coupling is nearly absolute and a badly tuned LF side could sneak through. A replacement is probably the way to go here.

@landwirt
Have you had any luck since you last attempt?

We have kindly exhausted what we can suggest for you to try…

Do this
image

And reference back to this thread.

1 Like

I’ve got the exact same symptoms with mine (NT works flawlessly, EM doesn’t work at all)
When I do data plot; lf read -@ I just get static, is that helpful?

@amal Aww, a defect LF Side would be awful :frowning: :persevere: :cry:

@Pilgrimsmaster Unfortunately no Luck at all :frowning: Tried Reading with the PM3 Easy again & again but cannot get a read :frowning:


I thought of building that custom Antenna for the PM3 easy or buying a RDV4, but if the Problem is hardware related, It won’t help me if I should get a read on a specialized piece of Equipment, but not on Every Day Readers like Door Knobs etc.

I got the Implant only for the LF Side and thought of the HF as a nice to have addition. :frowning:

Would it be worth the risk to read the implant before injection to confirm we can read it?

I always read mine before and after implanting. Before to ensure I’m not breaching my skin for nothing, and after to make sure the implant hasn’t come back out with the needle (in the case of glassies - yes, it’s happened to me) and it hasn’t been handled too roughly during insertion or nicked by the stitching needle (in the case of flexies).

LF glassies implants can be read in the syringe. HF glassies can be read in the syringe with a high-power NFC reader - just barely. I don’t hesitate to crowd the bodymod parlor with my laptop, readers and relevant electronic paraphernalia.

1 Like

@landwirt so I got the support ticket from the site… but before we process a return, I wanted to confirm;

  • using this proxmark3 are you able to lf search any other T5577 chips set up as EM ?
  • your client and firmware appear to be mismatched… are you able to update, recompile, and reflash, then try?

Instead of recompiling, maybe try using a pre-compiled build from https://www.proxmarkbuilds.org in order to nullify the chance of messing something up during the compilation process. That would ensure that the issue isn’t with the client.

PRETTY SURE I SHOULD HAVE LOOKED AGAIN…I’m an idiot

I think Amal has solved it.

Sorry @landwirt , I may have been leading you down the garden path, and the solution was right there in your first post and I missed it.

Sorry Amal

giphy (2)

shame-done

giphy (3)

giphy (4)

@all Thanks for all your Help first of all :slight_smile:

@Pilgrimsmaster Aww, now I see it too :see_no_evil: I only checked if OS and Bootrom are the same :'D Can happen :smiley:

But, before we celebrate:
Unfortunately, it still does not work :frowning:

I tried what @APartOfMe said, downloaded https://www.proxmarkbuilds.org/latest/rrg_other , had the Proxmark3 Easy on COM5, as said in the “Getting Started”.
First used the “pm3-flash-bootrom.bat”, then “pm3-flash-fullimage.bat” (both did their thing, and exited OK).

Bootup Info

[=] Using UART port COM5
[=] Communicating with PM3 over USB-CDC

██████╗ ███╗ ███╗█████╗
██╔══██╗████╗ ████║╚═══██╗
██████╔╝██╔████╔██║ ████╔╝
██╔═══╝ ██║╚██╔╝██║ ╚══██╗
██║ ██║ ╚═╝ ██║█████╔╝ Iceman
╚═╝ ╚═╝ ╚═╝╚════╝ bleeding edge

https://github.com/rfidresearchgroup/proxmark3/

[=] Creating initial preferences file
[=] Saving preferences…
[+] saved to json file C:\Users\simon\Desktop\prox_compiled\client/.proxmark3/preferences.json

[ Proxmark3 RFID instrument ]

[ CLIENT ]
client: RRG/Iceman/master/v4.13441-970-gf61f8e7f9 2021-09-09 11:31:49
compiled with MinGW-w64 10.3.0 OS:Windows (64b) ARCH:x86_64

[ PROXMARK3 ]
firmware… PM3 GENERIC

[ ARM ]
bootrom: RRG/Iceman/master/v4.13441-970-gf61f8e7f9 2021-09-09 11:31:36
os: RRG/Iceman/master/v4.13441-970-gf61f8e7f9 2021-09-09 11:31:43
compiled with GCC 10.1.0

[ FPGA ]
LF image built for 2s30vq100 on 2020-07-08 at 23:08:07
HF image built for 2s30vq100 on 2020-07-08 at 23:08:19
HF FeliCa image built for 2s30vq100 on 2020-07-08 at 23:08:30

[ Hardware ]
–= uC: AT91SAM7S512 Rev B
–= Embedded Processor: ARM7TDMI
–= Internal SRAM size: 64K bytes
–= Architecture identifier: AT91SAM7Sxx Series
–= Embedded flash memory 512K bytes ( 53% used )

After that, I opened “pm3.bat” and ran the Usual Commands trying to get a read (lf search, lf t55xx detect)
After many tries, it still is the Same as Before. :frowning:

No change, lf search still says:

[usb] pm3 → lf search

[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[=]
[-] No known 125/134 kHz tags found!
[=] Couldn’t identify a chipset

And lf t55xx detect:

[usb] pm3 → lf t55xx detect
[!] Could not detect modulation automatically. Try setting it manually with ‘lf t55xx config’


@amal:

I can read the T5577 cards (programmed as em410x) included with the Proxmark, and my EM Chip Workplace keyfob, without Problem. Even before, with the mismatched Client/Firmware Situation.

Are there any things I can try before calling it quit with the LF side? I mean it is unusable anyway, so if it should get corrupted while trying “risky” commands to revive it, it wouldn’t be a problem. (before just giving up, we could at least try)
Are there options, worth trying?

In the situation, the Chip (LF Side only) has a Hardware Problem (would be a Bummer, but I understand that it can, unfortunately, happen sometimes) what would be the procedure?

I really don’t want to get through all that trouble removing/replacing the NExT.
(saw your post: amal.net/?p=3540)

I still have use for NExT, it’s basically an xNT now.

I am thinking of just buying an xEM, get it implanted in R0. Then my left Hand is HF (NExT with only the xNT Part working) and my right LF (xEM).

And the xEM should even have a little more read Range, right? :slight_smile:
What are your guys thoughts ?

The only thing left is to confirm exactly how you’re presenting the chip to the antenna and if you’ve tried “walking” down the chip from one side to the other. Basically we need to be sure the LF antenna is crossing the NExT perpendicularly and then you basically just start at one end of it, try your read, move 1mm, read, move, read etc.

Hi, sorry for the late answer.

I am trying to read exactly as you described it, starting from one side and moving down with the Antenna perpendicular to the Chip, stopping each millimeter and waiting for the next lf search from the “Bulk Command” lf search; lf search; lf search; lf search; etc. to try to get a read.

I have tried with pressure on the skin, without Pressure (antenna just laying/touching the Skin), and while lifting the Antenna ~ 3 millimeters above the skin.

There still only lays ~ 2 mm Skin above the Implant.

1 Like

I know it’s a long time but I have the same problem. this may be because the chip must be in the correct location for the pm3 antenna. I’m already calm and I know that my LF chip works because I read and write it with a flipper zero and with pm3 unfortunately not.

Closing Note (just noticed I forgot to post back than):
I ended up arranging a RMA and getting a new Chip. Took a bit of time until I could implant it in R0. The new Implant works perfectly and as expected. I‘m 99% sure it was a Hardware Problem on the old one.
The problematic old one is still in L0, and I just use the HF Side of it now. Anything LF (and second HF) with the new one in R0. Had a really great experience and Thanks to everyone involved!

4 Likes