Need technical support... or emotional, we'll see (NExT Woes)

Ok maybe the title’s a little overdramatic :innocent:

I recently purchased a NExT and have been working at getting it cloned to match my key fob for my apartment. The part that’s tripping me up however is I’ve done this before with my Magic Ring and some other cheap little tags I got off Amazon, all using some variation of the T55xx chip family, no struggle right? No.

There’s some strange behavior that seems to be setting my ring and the NExT apart and I’m not sure if I’ve missed a step or am overlooking something somebody with some more experience would catch. My apartment complex uses Securakey keyfobs, and previously any T5 Chip I’ve gotten I was able to get to open both the card readers with no issue by using the following command:

lf securakey clone -r 7FC00000009CB6FE7FC00000

This produced consistent results between my ring and the cheapo tags, but the NExT is behaving differently. I’m noticing when left untouched blocks 4-7 get filled with f’s with my NExT, but on all others they’re left as 0’s. It doesn’t seem to be an issue coupling the NExT with my antenna on my Proxmark, as I’m able to fill the blocks if I would like (ex, writing 00000001 would yield the result you would expect), but filling them with 00000000 reverts back to ffffffff. I’m not sure if this is my issue, or if something else is afoot and the f’s aren’t an issue at all. Outside of Blocks 1-3 on page 1, which if I understand correctly is just manufacture info for the tags themselves and aren’t at play(?), there doesn’t seem to be any other change between the tags.

Magic Ring Dump

[+] Reading Page 0:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 02 | 009CB6FE | 00000000100111001011011011111110 | …
[+] 03 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 04 | 00000000 | 00000000000000000000000000000000 | …
[+] 05 | 00000000 | 00000000000000000000000000000000 | …
[+] 06 | 00000000 | 00000000000000000000000000000000 | …
[+] 07 | 00000000 | 00000000000000000000000000000000 | …
[+] Reading Page 1:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | E0150A14 | 11100000000101010000101000010100 | …
[+] 02 | 75C4A741 | 01110101110001001010011101000001 | u…A
[+] 03 | 00000000 | 00000000000000000000000000000000 | …

NExT Dump

[+] Reading Page 0:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 02 | 009CB6FE | 00000000100111001011011011111110 | …
[+] 03 | 7FC00000 | 01111111110000000000000000000000 | …
[+] 04 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] 05 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] 06 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] 07 | FFFFFFFF | 11111111111111111111111111111111 | …
[+] Reading Page 1:
[+] blk | hex data | binary | ascii
[+] ----±---------±---------------------------------±------
[+] 00 | 000C8060 | 00000000000011001000000001100000 | …
[+] 01 | E0150A80 | 11100000000101010000101010000000 | …
[+] 02 | 5F9B0E44 | 01011111100110110000111001000100 | _…D
[+] 03 | FFFFFFFF | 11111111111111111111111111111111 | …

If what I’m doing is correct and there isn’t any issue, it’s possible I just need somebody who has a NExT to set me straight. What is a realistic range to be expecting? I know one of the card readers on the building itself isn’t particularly strong and was prepared for that one to be finicky/unfeasible, but I was shocked to see the other one not register as it seems to be fairly robust in the strength department as far as I could tell. I am finding that the LF XFD that came with my kit doesn’t seem to be having luck with either readers, which is clueing me in to the possibility that it could just be the coil size of the NExT itself. The RFID Diagnostic card that came in the kit didn’t have any trouble and clued me in to the “hotspot” on the reader was pretty handy, but even then maybe I’m just not able to get A and B close enough to get a read. No beeps, red or green lights, just cold cold silence.

Worth noting I haven’t taken anything out of packaging yet (other than the box of course) as I didn’t feel like rushing to put something in me that wouldn’t open the door, so all of this is being done inside the little sterile bag (not the bag the syringe is in, the bag the bag with the syringe is in, I’m a good boy who can read the warning stickers :slight_smile: ). Regardless, the implant is right at the outside of the bag so there’s not much closer the thing could possibly get to the reader.

TLDR; Range issue or nah?

I’ll have to double check this but I think those blocks on the next are set that way by our initial programming and you simply aren’t changing them when you complete your clone command because it’s only writing the first few blocks.

You can manually write to those blocks if it bothers you and clear them to 00s.

I’ll double check a new next later and update.

That’s where I’m getting confused

I was using lf t55xx write -b 4 -d 00000000 and subsequent readouts would revert it back to f’s, but I am able to write say 11223344 etc etc in blocks 4-7 without issue.

Ultimately it might just be me control freaking, and blocks 4-7 may not be getting considered by the reader at all. I was up late last night bashing my head against this and didn’t think to try, but I’m gonna take one of my cheap tags when I get home and manually fill the blocks to match my NExT and see if I can just rule that issue out entirely as it could still just be something between NExT and reader.

You should be good on your cloning. Your command ‘lf securakey clone -r 7FC00000009CB6FE7FC00000’ wrote to blocks 1, 2, and 3 which is what you want. I’ve never used Securakey but I don’t think the FFFFFFFFs on remaining blocks matter. Someone else may be able to chime in with more info.

The LF side of the NExT is harder to read than the HF. I usually have to touch my hand to the reader and angle it just right. Usually, the NExT has to intersect an edge of the antenna to get an LF reading. I’m guessing the plastic and needle the NExT are in may be making it hard to get a read.

1 Like

A quick update!

Got home and tried modifying one of my little cheap tags with the f blocks and as suspected, no effect. Whether blocks 4-7 were 0’s or f’s made no difference, so my NExT should be in good shape there.

And in good shape it is, spent some more time getting a little more acquainted with my reader since it wasn’t the dead of night. Managed to get it to successfully read my implant! Didn’t struggle terribly hard like I was expecting to, honestly kind of surprised I was able to get a read so quick (I blame late night brain :sweat_smile: ). Only was able to get one of the two readers to register, but as I said before, expected that as one seems very “underpowered”. Did managed to get a one off invalid read, so maybe I’ll try and get friendly with it in the future but I’m not too concerned.

In the end I’m still not sure why the NExT was reverting ffffffff → 00000000, but as stated it doesn’t matter in my case so I honestly don’t care :person_shrugging:.

Now all that’s left is to actually set up my appointment to get jabbed, be seeing everybody in the cyborg club soon :sunglasses:

2 Likes

Awesome! Glad to hear it’s working.