New to this world, cloning a iClass card

Hello All! I just got 2 implants, a xEM and an xNT and I am loving them. I realized that I could possibly clone my university ID, an iClass DY card. I know I will need a different chip, but I am not 100% sure which one. From what I have found it might be possible to use a xSLX chip but I want to be sure before I buy it. I do have a proxmark3 easy, so I know my school id is HF. I am not sure of the other information that could be handy to help me out (sorry, I am very new to this stuff). I am not sure if I can clone the card and do it all myself (once I get a compatible chip that is), or if I will have to ask my school and convince them to do it. Any information anyone could provide would be amazing! Thank you!

If you have your proxmark running and could post a screenshot of the results of running the following with your university ID

hf search


lf search

I’m sure you’ll get some responses and help on here. You can obscure the ID numbers for security.



Thanks Locutus!

Here is the screenshot of what I get after running hf and lf searches. lf brings back nothing (indicating a hf only card I assume, but correct me if I could be wrong), and hf just brings up that it found an “iClass / Picopass tag” and its CSN.

Thanks for the help in advance everyone!
Screenshot 2020-12-29 002709

I was really hoping you’d find something with lf search. Some iclass cards have both hf and lf. The lf would go on your xEM but I don’t think we can clone the hf card you have. The problem is that the only implants where you can change the ID is the M1 line and they only have 4 byte UID numbers.

There was a line of iclass legacy cards that had the master key released meaning you could clone those but I doubt that is compatible with your card and I don’t know enough about it to help.

Even if cloning the card is out, you still have one more chance at this. If you can find a compatible implant you could try getting it enrolled at your school. This would mean convincing someone with the ability to issue cards to let you scan your implant instead of one of their cards. Hopefully someone else that knows the iclass cards better than me can offer a suggestion of an implant that may be compatible but I think we are in the less likely scenarios now.

1 Like

Sort of… the flexMN is coming…

If you can get your hands on a magic ntag card you could try this by copying your student ID number to the card and testing it. If it works that means your school only uses the ID number and you’d be good to go for the flexMN when available. This way you could test it out before inserting anything in your body. I believe @KaiCastledine or maybe Lab401 sell these cards.


HERE is the KSEC link

1 Like

Thank you all for the info! Sorry I have been away from my computer the last couple days. I will look into all of this!

1 Like

So, I just talked to the card office at my university and they have agreed that if I can get a chip that works in the system, they will register the chip in the system (no cloning needed!). Of course this is after them telling me that it’s not “safe” to have a chip in my hand and that it is probably unsecure… Anyway! Does anyone know which chip (or flex, even though I’m not sure if I am ready for one of those) would fit the bill and work. I was able to scan my card and it looks like it is ISO 14444-2 B / 15693 (attached is what I got from the card), so it makes me think the xSLX might work. Once again, thanks for any and all help!
Screenshot 2021-01-12 110410

Hrmm… the original spark? :thinking:
xSLX might work, but since the card can be configured to both ISO15693-2 & ISO 14443 B… then the question becomes what standard the reader uses.

1 Like

Good thinking, eventhough these are no longer for sale in the DT store.
Amal said this the other day.

So IF the original Spark is compatible, you could ask Amal if he was referring to the performance of just the LED or the Spark also.

Then you would have to convince him to sell you one, knowing that the LED doesn’t work well.

FYI, My Original spark performs really well


get the xSLX

1 Like

Hrmm… I was wondering about the difference between ISO14443 A and B, and found this

So I guess that means you might even use your xNT? (I am absolutely not sure about this!)
But I guess it really depends on whether they use ISO14443 or 15693…

Could you upload an image of the reader?

I had tried to use my xNT, however it doesn’t seem to scan (or at least the scanner doesn’t make a sound). For more info, I can also not scan my card on my phone (LG V40) so I don’t know what that means. Here is a photo of the reader

If the original spark ends up being compatible then I may just have to do that, unless it’s the read capability that is bad performance…

Well that was generic… :neutral_face:

I’d hate to install a chip for a specific purpose and end up with something not working as I had hoped

Since you have a proxmark, my suggestion is to sniff the reader while presenting your card.
(however, I have not read up on sniffing, so not sure if you manage to read the protocol used?)

Yep, that is kinda what I did with the xNT, but that is just due to my own bad planning and limited knowledge. As for the reader, there are other readers on campus that might have some identifying info on them, I will keep a look out. I have never used the proxmark for anything other than reading/writing, so I guess I will learn a new skill!

I have a very similar situation.

I have the NeXT and xSiid implants. I also have an iClass DY card for the university I work for. I’m the access control system admin so I can add the UID of one of my implants as a credential but it would require me reconfiguring every single door on campus to allow it to be read. I already know the card number, facility code, and card format (HID corporate 1000 35 bit) of my badge but I am unable to copy my card with my proxmark rdv4. The readers on campus are HID multiclass readers so they can read both high and low frequency.

My question for anyone with more knowledge than me is is it possible to somehow edit a card data file, substitute the relevant information, and then clone it to the t5557 implant in the NeXT.

I have an HID prox 2 card with the same 35 bit card format currently cloned to my NeXT so I think it may be possible I just don’t know how.

If this is indeed possible it may be a solution to both mine and @EzraBK issue.

These HID readers you may have a couple of options, but you are likely limited…

Ignore your issued tag being ISO15693 - the only ISO15693 card type is supports is a HID programmed PicoPass which isn’t available as an implant.

The readers at a hardware level also support all ISO14443a cards, but this is a setting that can be enabled or disabled on the reader. The best security option is that it’s turned off (bad news for cyborgs), next best that that it’ll accept a Mifare Classic with custom HID programming (alright news for cyborgs if you can get a data packet correct), or better again is that its on in UID only mode and literally any ISO14443a tag that couples with the reader can work (unlikely usually, don’t usually see this in the wild on big installs)

Babak has a talk on YouTube on credential downgrade attacks - figuring out the Wiegand data that’s outputted on scanning your real card and using another card type with programming that will produce that same output. I’m not that well versed in it, but I believe the limiting factor comes down to legacy modes being enabled on the door still - so a MultiClass reader with LF/Legacy HID Prox II turned off isnt a good candidate for this, but may be viable.

Thanks for the reply! I can confirm that all the multiclass readers still have LF turned on because when I present my implant to the reader it shows up as “invalid card format”.
I just need to figure out how to edit a card data file and change the facility code and card number.


If you are able to figure that out and get it working, please let me know! I have been talking to the people at my university and according to one person it seems like the xSLX implant might work to add on their system, but they aren’t 100% sure.