I am interested in getting a NeXT to use for my cars immobilizer. The RFID chip in my fob is a ID48 megamos, which is also 125khz. Would I be able to clone my key?
Unlikely. The ID might be 48bit but it’s likely that it also has a challenge response mechanism as well.
Anyone know more about automotive chips?
Not really, but I did recently try mine; which in theory is a Hitag, but I struggled even getting a read on my Proxmark.
Do you by chance have a VW or AUDI?
The more likely option rather than a NExT would be an xHT HITAG S2048 Chip from Dangerous Things
I don’t think you can “easily” copy it to then write to the xHT, in THEORY you may be able to enroll it, but I don’t know enough about them to confirm that.
For what I wanted to do, it was faster and easier to remove the chip from my key and mounting it over the antenna coil on the ignition barrel.
Alternatively you could use the same thing @darthdomo used in his CaRFID project
THEN use your NExT to do your unlocking / starting of your car.
We can give you some suggestions if you need them.
I regret not pursuing the writing / enrolling / copying / cloning of my Car immobiliser chip, but I only had one chip and after research I found out the chip can be “bricked” during the READ although unlikely ( I got this information from the guy with the “special” writing tool )
I have 2 blank chips that I removed from my spare keys I had cut, I believe these to be HiTags, but can’t confirm until I get a read, but still struggling with the PM3.
The cost for the guy to copy to my blank tags was more than buying my own reader / writer off Aliexpress.
Something like this
My bypass worked out for me to be much faster,so this is a low priority amongst my many projects.
Further research is still required on my end.
If I buy a reader/ writer and have some success, I will keep you in mind and I can send it out to you. ( I am not planning on this in the near future )
Likewise, Please update your thread if you have any success
No a great answer for you, but I hope it is of some help!
I don’t know anything about them but this paper seems to be about these and the weakness in their crypto keys.
https://www.cs.bham.ac.uk/~garciaf/publications/Dismantling_Megamos_Crypto.pdf
Yeah, Nice one, That is the same paper I found when researching, I ended up going to RFID Discord also and asking them about it also.
Like I said, It was EASIER/FASTER for me to bypass.
But this is the paper I would come back to if I take that approach, It talks about sniffing/intercepting the comms between immobiliser and key chip I believe
Thanks for the quick replies. I do have a VW, and am very new to rfid. I still do plan on installing the NeXT, now I need to find a new application in which to use it
The car is still an option for you, more so if you are willing to use the bypasses I mentioned.
You might have some insurance issues though if it was stolen.
You could still use your NExT to lock / unlock your vehicle…
For some other ideas/ inspiration, check out the project section
If you like tinkering, an Arduino and/ or xAC V2 are good for projects
A bypass with an access controller may be the way to go. I am familiar with using them for remote starter installs.
Perfect plan.
If you do get stuck, there are plenty of recourses and people here that can likely help you out.
There are people on Icemans RFID Discord who work on support of some immobilizer chips. I managed to read my cars Hitag chip, but nothing else. Even if cloning this into an implant was possible, what would be the use case? Driving with hand on the key socket?
If it’s a hitag S (secure) then it has a challenge response key system for security and you can’t clone that to anything but the xHT (if you crack the key)
I have one chipped key and one unchipped. Once the chip has been read and starting is allowed there is no need to have it in range of the antenna loop.
I’ve been toying with the idea of upgrading my vehicles starting/locking system to something similar to VW’s KESSY.
Interesting.
I see that the Kessy System uses 125kHz ( I am guessing that is the HiTag )
Also 315MHz and 433MHz which I am guessing is the proximity freqs.
So I don’t think you will be able to what you hope to with an implant.
I hope I am wrong, but fear not you still have some options.
If you want to install an aftermarket proximity system, or already have a factory system.
@turbo2ltr made an awesome solution for this
Otherwise, If you keep an eye on @darthdomo CaRFID project, that would also be a great option for you.
Keep us in the loop we love to see people and their projects succeed.
Awesome. I think somewhere in between the two is right where I’m aiming for. My vehicle is a 2001 VW Golf diesel. My goals are to:
-Implement a push to start ignition.
-Keep stock ignition functionality.
-Add a RFID lock/unlock on the drivers side.
-Add an autolock feature after shutdown.
I have tons to learn, but I very much appreciate the input and help. It really helped narrow down the path and I will post detailing the adventure. 73, rfid10t