OK so it’s an xSIID try this.
1 Like
It didn’t work 
Here is what I’ve got:
My phone is complaining about the old version of NFC Shell, but there is no newer version, right?
That version of NFC shell should be fine. From your tag info scan data I think you should try a different set of commands. I will post those shortly.
3 Likes
Hi Amal, did you find anything?
Damn! Forgot! I’ll get this sorted shortly.
1 Like
I decided and managed to clean up the memory content using the NFC Advanced commands. I was hoping that any corrupted text would go away. Then I was all clean but the tag still didn’t accept to write anything on it.
Then I found the TagWriter App and tried to use the erase & format. It didn’t work either because it complained that the tag was protected.
Then I tried to write anything again just to test. I was surprised that it worked! TagWriter managed to write while NFC Tools could not. Why? I’m puzzled.
I’m sending the TagInfo after the fix for you to compare. It seems to have less memory blocks.
I’m happy that I can use my tag again \o/ 
04-9B-7A-32-94-51-80_2022-01-16 02-28-53_taginfo_scan.txt (11.5 KB)
1 Like
The problem has to do with how the capability container was set up. This is read only now and cannot be changed. Basically you see how pages 04 to 06 are set to null values 00… those pages should contain TLV data to tell the NFC device (your phone) how to handle the memory pages available to it because the capability container is … well it’s wonky.
So at this point it’s up to the flexibility of the app in question to decide how to handle exceptions and errors and unexpected values like this situation, and tag writer just does a better job of it.
Now that there is a clean ndef record on the chip, other apps should be able to modify it.
That is what the TLV looks like. The actual NDEF record starts at page 006 bytes 03 17
Well, I tried to write in the 04 to 06 and now I think I succeeded in totally breaking it. I think I bricked the memory… I cannot even read it anymore… stupid me.
I know, I take responsibility for it, but do you think is there a way of saving it?
You can’t brick the memory (because we made it so you couldn’t), but you can fuck it so hard the phone will fail to handle it because again, phones are absolutely dog shit NFC devices. To fix it you’ll need a proxmark3 or an acr122u and some software like the kava version of NFC tools.
2 Likes
I think I did an excellent job in funcking it up haha. I will then do what you said and when I have results, I’ll post them here.
Thank you for the help so far.
2 Likes
Hi Amal, so long! I hope you are well 
I bought and setup the proxmark3. I have not managed to get any readings from my implant with it. The proxmark3 do not lit the light of the implant while my cellphone does. Could you give me a tip of what should I do?
I tried some commands and the only one that gave me something was this:
pm3 --> lf search
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags...
[=]
[=] Odd size, false positive?
[+] Indala (len 169) Raw: 80000000000200010800080000080040000205900800000100080000
[+] Valid Indala ID found!
[=] Couldn't identify a chipset
What implant do you have?
I see you are doing an lf search, I assume you have an xEM, a NExT Implant or a FlexEM etc.
Coupling is critical, can you take a photo of how you are trying to read your implant?
Can you try a lf search with your LF xFD 
How long ago did you install implant?
What guide do you follow to setup your Proxmark?
Do you have a full sized test card to try it on?
From earlier in the thread, it’s an xSIID. Try hf search
You want the implant to be laying across the antenna, and you may need to press it into your hand a bit to get a read.
Yes, it is a xSIID
I tried hf as well with no luck 
pm3 --> hf search
[!] No known/supported 13.56 MHz tags found
The implant has almost 1 year.
I followed these instructions to setup the Proxmark. I was able to read a full sized test card.
I have try to put my hand on the antenna following the instructions, it still does not work.
The line is where the implant is
Trying one side
Trying the other side
that is the LF antenna you are using, you want to use the other antenna on there, the flat black part
Yes, I tried both antennas the LF and the HF. For HF I tried top and bottom of the reader.
Can you show how it’s being held to your implant?
Also have you used the delay command?
It’s much easier to position the proxmark3 if you have a delay in place
Yes, I did use the delay as well:
pm3 --> msleep -t 3000; hf search
[!] No known/supported 13.56 MHz tags found
When a use the card test, it works fine. My implant seems unresponsive to the antenna of the Proxmark.
OK, THESE positions below are the ones you want to be trying, NONE of the others
Ideally, where you see the Antenna trace on the bottom board, you want to place that perpendicular to your implant, making a “+” with antenna and implant.
Try an hf tune , and record the higest voltage with your implant away from the antenna, then place your antenna on the implant, and move it around until you get the lowest possible Voltage ( record this voltage also). This SHOULD be your best coupling and therefore your best chance of reading / writing to your implant.
once you have the LOWEST voltage, DO NOT MOVE, send an hf search in that position and orientation, if it doesn’t work Keep pressing firmly, and move VERY small increments after each command until you get a read
let us know how this goes.
It may also hep to draw an outline around your xSIID
Since your phone makes your blinky blink? 
the hf tune should also make your LED blinky blink 
and at its brightest, is also likely where you should be able to get a read.
From reading your posts above, it sounds like there is some reconfiguring to do, but we need to get a read before we can tackle that issue
Basically it looks almost like the implant is going to be sitting near the center of the bottom PCB and that’s not where it should be. The trace of the hf antenna runs under half the bottom PCB (the half on the other side from the USB cable connector). The very end of the PCB have HF traces across it, so the very end of the proxmark should be sitting across your xSIID so half the xSIID is peaking out from under the bottom PCB of the proxmark… if that makes sense.