M1flex installation with Apex needle

I feel Amal said this before he typed. tenor (15)

Edit to say: I am very appreciative Amal just does the things we wonder about when he can.


The flexM1 product announcement has a direct comparison between xM1 and flexM1 range with the ACR122U…


You misunderstood me. Of course antenna shapes and orientation matter. What I meant to say was that I was comparing the best read range in the best orientation for a given transponder/reader combination, on the same reader for two different transponders, so I can get variables out of the equation and only compare the read range difference between two transponders.

It may seem pointless to compare read ranges that way. But look at it from a practical perspective: if you want to get a stubborn reader or cellphone to read, you have to find the best spot and twist your hand into odd shapes - which means, in reality, that you’re positioning / orienting your implant to get best coupling anyway. So if you already know transponder t1 reads at max distance d1 and transponder t2 at max distance d2 in the best case scenarios, maybe you have a chance to guestimate whether or not transponder t2 has a chance to trigger that reader that t1 doesn’t.

At the end of the day, what’s really needed is measuring instruments and samples. But absent that, the “tool” I’m working with to determine if a Flex implant would trigger an Idesco door handle before buying said door handle is your internet forum, the forum dweller’s good will (thanks you guys for the wealth of information by the way, this is really rare and noteworthy on the internet!) and their subjective feeling on how well this-or-that implant works. Hardly scientific…

This is much more in line with what I expected to see. So it does look like Satur9’s Flex has a slight problem after all :slight_smile: Just kidding…


Lol. 2cm off the reader does comport with my brief experiment in the video, though. I was roughly estimating 8mm off the surface of my skin, but there’s at least 5mm of slightly attenuating flesh in the way, and I didn’t perfectly position the reader, and it’s a flexDF not a flexM1


I do get 1cm of the flexM1 on my yale doorman & a rc-522 reader hooked up to an arduino :slightly_smiling_face:


per our private discussion I did some research on this with my Gen1 and Gen2 cards and here are the findings.

So the idea is to write incorrect access bits to sector trailer and see what happens. I used Amal’s document as a starting point for good access bit values: http://amal.net/wp-content/uploads/2012/11/NFC-Access-Control-for-Mifare-S50.pdf
These are good, valid access bits: 787788. I then modified a single bit to get invalid values:

  • 797788 - invalid inverted bit for block 0
  • 7A7788 - invalid inverted bit for block 1
  • 7C7788 - invalid inverted bit for block 2
  • 707788 - invalid inverted bit for block 3
  • 786788 - invalid “regular” bit for block 0
  • 785788 - invalid “regular” bit for block 1
  • 783788 - invalid “regular” bit for block 2
  • 78F788 - invalid “regular” bit for block 3

More invalid combinations can be generated. I tested with the above to “cover” scenarios when “regular” and inverted bits are invalid.

Gen1 findings

  • Messing up access bits does indeed lock the whole sector for reads and writes (with either key A or key B).
  • Other sectors on the card are NOT affected by the messed up sector. Reading other sectors on a card works fine with regular Mifare commands.
  • Chinese “magic” commands can still read everything normally - even when access bits are invalid!
  • Chinese “magic” commands CAN easily fix invalid access bits. Just write valid access bits to sector trailer and done. Previously written values in data blocks are preserved.
  • After fixing the sector with the chinese “magic” command, data blocks in the sector can normally be read and written.

Gen2 findings

  • Writing invalid access bits locks the whole sector. Can’t read with either key A or key B. Proxmark returns an error:

    #db# Auth error
    failed reading block

  • Reading from and writing to other sectors on the card still works fine. Messed up sector does NOT affect the whole card.

  • If sector access bits are messed up, it’s game over for that sector. It’s locked forever. I was unable to find a way to fix access bits with neither key A or key B.


By “memory tear” you mean repetitive reads and writes (like hundreds or thousands of iterations). Thousand writes goes well, and then on the 1001st write the card erroneously writes a single invalid access bit and the sector is locked?

I guess this can happen… but my uneducated guess is these scenarios are more likely to happen:

  • A user plays with the card and writes invalid access bits
  • The whole card randomly stops working

I thought tears were generally caused by decoupling or poor coupling during the process of a write causing garbage data to be written.

I think what @amal meant by tearing in the context he used it is what @Dean is thinking.

As in if an erroneous bit gets written to the sector trailer by a coupling accident or a writing hardware glitch, is it recoverable?

From looking at @franskav’s very detailed post (great work, thanks for such an in depth write up!) it seems the answer is that Gen1 is pretty safe and unbrickable, but Gen2 can possibly be bricked more easily, so it should be treated with care when performing writes.

Does that conclusion seem to match what everyone is thinking?

1 Like

Yes, this is my sentiment as well.
I bought a flexM1 gen1 and personally would never implant a gen2 knowing sectors can brick (either my mistake, hardware mistake or whatever).

1 Like

@franskav thanks for that really informative write up.

I do like the convenience of being able to write with my phone. I will still be getting a gen2, it’s worth the risk for me. If I brick it, I have done so knowing the risks, Thanks to your great write up :+1: and Amals posts.

IF that happens, I’ll then look at going to a gen1a…maybe :man_shrugging:

Do YOU think I have used enough BOLD in this post?


No I would have added some more if I were you.
I do like the convenience of being able to write with my phone. I will still be getting a gen2, it’s worth the risk for me . If I brick it, I have done so knowing the risks, Thanks to your great write up :+1: and Amals posts.

IF that happens, I’ll then look at going to a gen1a…maybe :man_shrugging:

Do YOU think I have used enough BOLD in this post?
There that looks better LOL.


Correct… a “tear” is a break in the writing process that causes corruption… this can happen with any media… for example, when a hard drive loses power during a write that leaves a particular sector corrupted or a file table out of sync with drive contents, or in the case of a chip implant if power is lost or more likely insufficient to perform safe writes. Passive chips are difficult to assess because reading a tag requires far less power than writing, so you might read a tag just find and think “I have a good coupling” and then attempt to write and suddenly your power transmission is insufficient to complete the write and it tears.

I consider a noisy connection, be it wired or contactless, to be a different kind of problem… not a tear, but data corruption in transit. Usually transport mechanisms have checksums and other methods to detect and handle data corruption in transit, but unless the memory blocks being written have anti-tearing built in (some chips do for certain critical memory blocks), a tear is basically a 100% certainty if you have power supply issues.


I once worked on a shot counter product that was self-powered by the recoil of the firearm. There was a strong magnet inside a coil, that would shuttle back and forth when the gun was discharged. It would power the device briefly (up to 14 ms if I recall): in that time the processor would power up, read the current counter in FeRAM, increment it, then write back only if the voltage was above some value. We only have some dozens of CPU cycles to work with - minus the FeRAM’s read and write cycles - so the code was very tight.

It would miss shots if the shooter held the weapon too tightly (not enough recoil) but it would never corrupt the counter. We made damn sure of that.


A friend and I traded flexM1 needle installs today using off the shelf 4G piercing needles and I have to say the needle method works fantastically well. The 7mm implants fit seems to be damn near perfect to the size of the pocket the needle makes. The needle is definitely uncomfortable, but I think I found the xLED needles to be less comfortable than the 4G one from today, but that might be more placement than anything else. With standard 4G needles you’re definitely a bit tight on length since the needles are 48mm and the implant itself is roughly 38mm, but pulling out the needle with a pair of forceps wasn’t the worst and allowed for pushing it in almost completely.

Also, for any other untrained fools like me doing this at home, you probably shouldn’t, but if you do definitely have someone with you and have a glucose plan. Syncope is a real possibility here even on bigger guys. Also be prepared for this to take a while. Getting good homeostasis took a hot minute for both myself and my friend. But I think in retrospect our butterfly bandages aren’t the best ones for the job, though the did get it done eventually.

Overall though, I’m really pleased with the procedure and the implant itself. The read range on this thing even while still swollen is remarkable and will only get better as it heals. Looking forward to playing with it more when I’m feeling more confident in being able to get solid writes.

Also @amal any chance of selling some gen 2s in their normal card form factor? I’d love to have a couple to practice writes on to guarantee I’m not going to pull a dumb and brick my implant.



I’m stoked for you, and a little bit envious. :green_circle:
Some video or pictures would be cool if you had some to share.
What location did you install it.

We took a video of mine going in, I might upload it once my buddy sends me the footage depending on how dumb we come off XD

Went with middle of the top side of my right wrist, since that seemed about the most forgiving place to try to put it.

Edit: Also for reference, it’s a big ass hole


Your sentence is missing a hyphen that would prevent it from being misconstrued. Fortunately, the photo clarifies what you’re talking about exactly: I would have hated to see a picture of the hyphen at the wrong place :slight_smile:


Good idea… I’ll get some cards in bulk and make a little card pack.


That would be amazing a little pack of here don’t f up your implants test it first.