Sub-dermal chip implants are something that I’ve been interested in for a while. I don’t have any yet, and that’s where you all come in!
I have a few specific use cases in mind and after some research was just looking to ensure that I purchase the correct devices. Here’s what I’m looking at:
Find an implant that would be able to replicate the Key FOB for my newer car to allow push to start and proximity door unlock. The FOB runs at 315 MHz. Is there anything available?
Looking to move my work credentials to an implant. They currently use Schlage 7510 cards at 125kHz. Have a Proxmark3 dev kit on the way (thanks to previous users on here for the link.)
Looking to clone my NFC debit card to work in an implant. I can read the info using my phone and have an NFC reader/writer on the way.
Some of this I know is possible, others I’m not so sure. Any help would be greatly appreciated.
The key FOB was a shot in the dark, I didn’t figure there was anything out there. Is the issue that something at that frequency needs to be powered?
As for the NFC debit card, is there something else other than the numeric account credentials that they use to verify the card that would allow it to not work?
Honestly if I was on a computer, I would link away for you.
Let the Cyber Coven correct me if I am wrong, but I believe the issue is most key fobs are active RFID, as they are able to push out a signal. So those cars are looking for an amplified signal.
I think Tesla is the only compatible key fob currently. And it has to go in your right elbow area if I remember correct. (Or left if you drive on the wrong side of the road)
Awesome! Thanks for all the help. I’m still trying to decide what would be the best chip for me. I’m thinking the NExT would work best for the work credentials. I could also do other NFC stuff with it if I wanted. I’m looking at the VivoKey Spark, but based on what I’ve read it doesn’t do 125kHz.
@turbo2ltr is working on something in this area… basically you need to hack a fob. They are active, which means they have a battery inside. Remove the battery or power source, and the car no longer “sees” the key. Reconnect the battery, the car “sees” the key again. Simple. Get a spare fob, rig a reader to power the fob for oh… 10-30 seconds after a successful scan, and then you have yourself an fob that’s controlled by proxy via the implant. Simply scan your chip implant, open the door, and drive. What you do need to confirm though is that the car will remain driving and running if the fob goes inactive while the car is driving. In that case you’d need to set up a system to toggle the fob on/off on every good implant scan.
pretty sure these are either EM or HID ProxCard so yeah should work
I have an immobolizer bypass for my 3rd party remote start (supports LTE remote start), but it only works when starting the truck. If I put it in gear, the engine shuts off. I also tried with a spare key with a busted RF chip, and it still shut off. The company was not forthcoming when I inquired about how to keep the bypass on at all times.
Don’t want a NExT for pen testing. It can cause problems with multiclass readers, which are still very plentiful in the wild. Even if it does work with a properly implemented multiclass system, it leaves a huge telltale fingerprint in the logs showing both an HF and LF scanned simultaneously. And with the UID unchangeable in the NExT for the HF portion, pretty much leaves a big arrow pointing to you.
My car won’t start if the FOB isn’t around and will beep at me incessantly if the FOB leaves the area while running, makes me think it will shut off as soon as I start driving.
Done and done! Now just a waiting game. Might try and see if I can have a custom chip done using my existing card to support it.
Not really something I’m working on. Definitely interested in it, but not to the point where walking around testing readers with my hand would yield any results.
I expect that behavior. That’s not an issue. It’s more about what your ideal process would be.
Like you don’t have your key fob, but you have your implant. There is a reader in the car that can read your implant from outside the car.
What actions do you want to do to get in?
(assume the car starts without issue after a scan of your implant)
What actions do you want to take when you leave the car?
I was hoping something really simple would suffice where you just scan your tag once to get in, and start, and then leaving I just have to press the button on the outside door handle. But you run into an issue where the fob needs to detected in the car for it to start. But if it’s in the car, it (typically) won’t lock from outside the car. Kind of a catch 22 unless you make it so you have to scan again to lock.
My car features a push button start, as well as touch sensors on the outside of the exterior door handle/on the inside of the exterior handle. If I have the FOB with me, I can put my hand around the handle and unlock the doors via touch only (no buttons). I can also touch the outside of the handle and it will lock the doors.
Idealy I would like to be able to leave the FOB at home and use the implant to trigger all those actions. I believe there are field emitters/reader all around and inside the car to recognize if the FOB is around.
Yup, I understand all that. I’m asking for the details of how you would want the interaction between your implant and your car to go when you don’t have a fob.
For instance you walk up to the car. You scan your tag on a reader mounted inside the car.
Does that unlock the car? Or does that just let you push the unlock button on the door handle?
Once you are in how long should you have to start the car before you have to get out and rescan your implant?
When you turn the car off and get out, what do you want to happen? Do you have to scan again? Does it lock automatically after a certain amount of time?
Personally, I want to scan once, if it unlocks right away, thats fine, but I was ok pressing the button on the handle as I open.
Once in side you have say 15 seconds to press the start button.
When you get out I was hoping to be able to use the handle button to lock but as stated before, this is not possible. So I’m thinking scan to lock as I don’t like autolock. But I’m just now realizing the reason I don’t like it is because if I’m in the garage and want to get in, I want to be able to freely do so without having to go inside to find the key… ehh, but if I have this system, then I don’t need the key and the issue is moot. dur.
If possible, I would want it to work exactly like the FOB.
I don’t know if that’s possible. If not then maybe having the implant do exactly like you said. Scan a reader mounted inside the door to unlock or allow unlock and then 30 seconds or so to start the car. Maybe scan again on the reader to lock?
The general idea is that you use one of your fobs and tap into it soldering wires to the power and the lock/unlock buttons, and put it in the vehicle along with the access controller of your choice and the controller I’m working on. The access controller tells the other controller that there was a valid scan. The other controller then controls when to power the fob and simulate button presses. It’s not plug-n-play for any specific car, but rather universal as all fobs have batteries and buttons. But will take some tinkering to get it all connected.
One thing I would like to know, I’m guessing your car will not let you lock the fob in the car using the button on the handle. But can you hit the lock button on the fob from inside the car?