Metechs MID300 Help

Support
1

Hello Cyborgs! First and foremost I want to thank this community for all of the work you’ve done helping people get their tags up and running. I’m a complete noob and was able to sift through the forums and successfully clone a tag to my hand last night using a proxmark.

So here’s the issue I’m having. I installed the Metechs MID300 door lock based on it being listed here as compatible with my NExT. When you swipe the lock with the master key, it puts the lock into an “add or remove card” mode. So if you tap an unregistered card, it registers it. If you tap a registered card, it deregisters. Straight forward and simple. After cloning a registered card to my hand though, the door doesn’t open. Now, if the lock is in “add or remove” mode, it registers and deregisters my hand no problem at all. In fact, if I deregister my hand, it also deregisters the cloned card (as you would expect). Outside of this mode however, it will only detect the cards and not my hand. If I use the field detector, it does not show any activity in either mode.

So what am I missing here? Have any of you legends actually tried this lock before?

Any input at all would be greatly appreciated!

1 Like
2

You don’t happen to have the DT diagnostic card do you?

3

Hi there! Thanks so much for the reply! If you mean the black card that has HF on one side and LF on the other side, that lights up near their respective fields, then yes. I called it a field detector in the OP, but I did use it and could not detect a field (even when in the add mode that registers my hand no problem). If that’s not what you mean, then no, I don’t have one, lol.

4

The sounds exactly like a low power or powered tag field detection problem. Basically what’s happening is the lock is trying to conserve power when running normally and is pulsing a small field out to see if there are any tags in the field before attempting to read them. This conserves battery power, but this pulses usually so low power that a small tag like the NExT is easily overlooked and goes undetected.

@turbo2ltr was asking about the diagnostic card because you can test this theory by putting the card to the lock, then putting your implant to the lock either overtop the card or quickly remove the card and place your implant to the lock. The card draws enough power from the field pulse to trigger the lock to go full power and look for tags in the field.

5

Thanks so much for the reply Amal (and for everything you do)! Ok, tried the diagnostic card first and then my hand quickly afterwards… it works! So that confirms your theory, which makes perfect sense, but… where does that leave me? I’m assuming there’s no way to modify the lock, so should this door lock not be on the list, or is there a different product that would work?

Again, thanks for everyone’s help!

6

At this point we dive strictly into theory. In theory, it should be possible to modify the antenna to couple extremely well with an X series implant. That would mean creating a cylindrical coil antenna for the door lock, which should couple extremely well with the NExT, such that there is enough power draw to trigger a full read… In theory.

7

Another option, though highly unlikely, would be to ask the manufacturer if any adjustment would be possible to the tag detection scheme. It might be possible to turn up the sensitivity, or disable it entirely.

1 Like
8

Hmm, I guess I have nothing to lose by tearing it apart and trying to upgrade the antenna. I’ll give it a shot! Now, would a product like the flexem or flexnext likely work would this type of configuration? Thanks so much for the help!

9

Okay, so I checked the spreadsheet, and NORMALLY I would put a note as to who/ where in the forum ir was tested.

There was an Amazom link but no note.
I see it was listed in an old post of Amals

And it was listed under working with xEM in 2016. Theock manufacturer may have made some changes (likely power saving due to your experience)
OR
another thought, when did you install your NEXT? could it be a swelling issue

anyway, to answer your question

So they would both be compatiable (although the FlexNExT is currently still under development), whether or not they would work, that would require some testing.

The FlexEM has a much better performance over the NExT /xEM so the odds of that working would be much better.

Here’s what I would do

Use my xFD :xfd: keyring to test coupling and antenna placement.

Then if required, remove the cover to expose the antenna and see if possible to move the antenna closer to the surface.

If I couldn’t get the NExT to work, I would consider getting a FlexEM (which I can’t guarantee woukd work, but personally think it has a good chance of working.)
But you might want to do a test first.
Did your Proxmark3 include one of these?
image

The insides are pretty close to a FlexEM (20mm including encapsulation) so likely a ~15mm antenna
so try to enroll that or buy one if you don’t have one.
You can also get them “naked”

image

search for
125kHz Keyring
and
125kHz 15mm
which should yield you some results

Just make sure the ones you get are T5577.
excuse I am not sure what mode your Lock uses I ASS-U-ME EM41xx but easier just to get the T5577 since you have a proxmark to do any changes you need.

I hope that both helps and makes sense

1 Like
10

Screenshot_20211009-141917_Chrome
Screenshot_20211009-141917_Chrome1080×315 20.5 KB

Sigh…
anyway, a spelling mistake or 2…sorry

11

Screenshot_20211008-185517
Screenshot_20211008-1855171539×2048 251 KB

I still think it’s cloudflare related… somehow.

12

Thank you so much for all of that information! It is genuinely appreciated! I will update after dissection.

1 Like
13

Interesting, because most certainly it means Amal or someone else did test it successfully with an implant at some point. Could be a firmware upgrade with an extended battery life feature that fucks up operation with implants. I have a couple of NFC door handles that were similarly “improved” and made less useful for us as a result.

Howardw: if the lock was downgraded but you’d like to keep it, my suggestion would be to compensate for its shortcoming by upgrading yourself: get a flex implant and it ought to work (note that the “ought”: I’m not guaranteeing that it will). My point being, it’s a great opportunity to get a flex because you know you’ll want to at some point anyway, so you should dive right in :slight_smile:

14

If it is, I’m not surprised. Cloud-fucking-flare man…

15

Success! I pulled it apart, removed the little window, and reoriented the antenna. Works perfectly now! You guys are the best!

20211008_224441
20211008_2244413024×4032 1.99 MB

20211008_224752
20211008_2247523024×4032 2.36 MB

20211008_224926
20211008_2249263024×4032 1.93 MB

20211008_225607
20211008_2256073024×4032 2.39 MB

20211008_230345
20211008_2303453024×4032 1.53 MB

3 Likes
16

Nice job.

1 Like
17

Yeah that’s awesome, I will use your post to link to for the Google Sheets.
Metechs MID300

So thanks for documenting

2 Likes
18

are you putting the middle cover back in place?

I also just watched the user guide video; although not the most polished video I have ever seen, but as a customer you would be pretty happy with that as a guide.

https://www.amazon.com/vdp/1ba4a0e2084a4dd696d2f342244fb6cc?ref=dp_vse_ibvc0

I also liked some of the functionality they built into the lock.

  • Magnet to enroll master
  • How to add and delete keys.
  • Key backup bypass “smiley” keyway (not difficult but not too common - security through obscurity)

From a security point of view, probably not the most secure

But All in all, it looks like a pretty good lock.

19

Hi Pilgrim!

I’m thrilled to know I’ve been able to contribute something to this community after taking so much! I don’t think I’ll put their cover back in place as it’s 2mm in thickness. I might use a piece of window tint film though, which should give the same effect without the thickness.

Thanks again for all of the help!

3 Likes
20

Great idea :bulb:

1 Like