Ok maybe the title’s a little overdramatic
I recently purchased a NExT and have been working at getting it cloned to match my key fob for my apartment. The part that’s tripping me up however is I’ve done this before with my Magic Ring and some other cheap little tags I got off Amazon, all using some variation of the T55xx chip family, no struggle right? No.
There’s some strange behavior that seems to be setting my ring and the NExT apart and I’m not sure if I’ve missed a step or am overlooking something somebody with some more experience would catch. My apartment complex uses Securakey keyfobs, and previously any T5 Chip I’ve gotten I was able to get to open both the card readers with no issue by using the following command:
lf securakey clone -r 7FC00000009CB6FE7FC00000
This produced consistent results between my ring and the cheapo tags, but the NExT is behaving differently. I’m noticing when left untouched blocks 4-7 get filled with f’s with my NExT, but on all others they’re left as 0’s. It doesn’t seem to be an issue coupling the NExT with my antenna on my Proxmark, as I’m able to fill the blocks if I would like (ex, writing 00000001 would yield the result you would expect), but filling them with 00000000 reverts back to ffffffff. I’m not sure if this is my issue, or if something else is afoot and the f’s aren’t an issue at all. Outside of Blocks 1-3 on page 1, which if I understand correctly is just manufacture info for the tags themselves and aren’t at play(?), there doesn’t seem to be any other change between the tags.
Magic Ring Dump
[+] Reading Page 0:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 02 | 009CB6FE | 00000000100111001011011011111110 | …
[+] 03 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 04 | 00000000 | 00000000000000000000000000000000 | …
[+] 05 | 00000000 | 00000000000000000000000000000000 | …
[+] 06 | 00000000 | 00000000000000000000000000000000 | …
[+] 07 | 00000000 | 00000000000000000000000000000000 | …
[+] Reading Page 1:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | E0150A14 | 11100000000101010000101000010100 | …
[+] 02 | 75C4A741 | 01110101110001001010011101000001 | u…A
[+] 03 | 00000000 | 00000000000000000000000000000000 | …
NExT Dump
[+] Reading Page 0:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 02 | 009CB6FE | 00000000100111001011011011111110 | …
[+] 03 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 04 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] 05 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] 06 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] 07 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] Reading Page 1:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | E0150A80 | 11100000000101010000101010000000 | …
[+] 02 | 5F9B0E44 | 01011111100110110000111001000100 | _…D
[+] 03 | FFFFFFFF | 11111111111111111111111111111111 | …
If what I’m doing is correct and there isn’t any issue, it’s possible I just need somebody who has a NExT to set me straight. What is a realistic range to be expecting? I know one of the card readers on the building itself isn’t particularly strong and was prepared for that one to be finicky/unfeasible, but I was shocked to see the other one not register as it seems to be fairly robust in the strength department as far as I could tell. I am finding that the LF XFD that came with my kit doesn’t seem to be having luck with either readers, which is clueing me in to the possibility that it could just be the coil size of the NExT itself. The RFID Diagnostic card that came in the kit didn’t have any trouble and clued me in to the “hotspot” on the reader was pretty handy, but even then maybe I’m just not able to get A and B close enough to get a read. No beeps, red or green lights, just cold cold silence.
Worth noting I haven’t taken anything out of packaging yet (other than the box of course) as I didn’t feel like rushing to put something in me that wouldn’t open the door, so all of this is being done inside the little sterile bag (not the bag the syringe is in, the bag the bag with the syringe is in, I’m a good boy who can read the warning stickers ). Regardless, the implant is right at the outside of the bag so there’s not much closer the thing could possibly get to the reader.
TLDR; Range issue or nah?