At Defcon in August of this year I got the NeXT implant from the biohacking village. I bought an iCopy-XS at the same time from Hacker Warehouse (They were out of the actual proxmarks).
Anyways. I got about 2 or 3 reads from the 125khz chip in the NeXT about 12 hours after implantation. However I have not been able to get a read from it at all since. Like it doesn’t detect the chip at all. I figured being new to all this I was doing something wrong. So ive been trying and reading about this stuff for about 3 months ago, gotten into the more advanced Proxmark capabilities of the iCopy-XS, and still not able to get a read on it. Let alone a write. Ive tried using the debug/tuning tools but even that doesn’t seem to detect the chip. Like id expect there to be a noticeable voltage difference when i run it over the chip, but there really isn’t much. I can’t find a spot where the voltage is significantly different.
I also got my hands on a flipper zero, and it’s the same. Unable to read/detect the chip regardless of how I position it.
What does work though is the HF side. There’s no problem with the NFC portion of the implant. Can read/write that fine.
Is it possible i have a defective chip? or is it possible ive missed something obvious in how im working with this chip? something i need to do first to write to it? Im still fairly new to this and there is a lot of information out there including other posts on this forum. I think I’ve tried most suggestions that I could find - but nothing is effective. Ive read some information that the antenna shape on these devices may not be great for getting a read, but ive also seen plenty of posts from people that have used both devices that don’t seem to have a problem. And I figured if nothing else i would be able to get intermittent reads. But ive not been able to get a read since like the day it was implanted.
Ive made sure that the implant is about as close to the skin as I can make it. I can feel it when I clench and i can even move it around a bit. The implant is located between my thumb and forefinger on my left hand.
So hoping someone here can give me some ideas/advise or just confirm my suspicions that the thing is probably not working
I apologise if I am telling you hings you already know. Its been a while since I used the PM3 on the LF side of my NExTs, but I believe thy have to be perpendicular to the antenna to get a read. It often takes a few attempts as well. Are you using the LF antenna and not the HF one on the PM3? The LF is the visiible copper coil.
Otherwise, I will leave ti to the experts to reply, as I am sure they will be along in the next hour or two.
My 2 cents, if it was just an antenna issue, the flipper would have read it
I don’t know anything in the icopy, but is it possible a write sequence was botched?
The chips don’t have tear protection, and if the couple isn’t good it can leave the chip in weird configuration…. There are ways to try to reconfigure it sector by sector I think… but I’m not the one to explain how to do it
Thanks for the response. The iCopy-XS contains a housed proxmark with built in antennas. Im not sure the antenna is actually visible. If you want to take a look at the product its here: ICopy-XS | ICopyX
But yes im aware that it needs to be perpendicular. Once i found that out i started getting much more consistent reads from the NFC side as well. But im literally getting nothing from the LF side with either the proxmark or flipper zero, regardless of any orientation i try.
Interesting. I dont think so? I didnt have a 125khz device to copy immediately at/after defcon, so I waited a couple weeks. And by that time I wasn’t getting any reads from it any longer.
You were reading it 12 hours after install, did you try to write during that period?
No, i had nothing to write/copy to it.
I have the NeXT as well and nothing will read the 125khz side expect the door system at work, witch it is programmed for. Flipper won’t read it, PM3 won’t read it. However, something I found out was that if I send the reset command to the chip via the PM3 then everything can read it like normal. As soon as I clone my work card into it then I’m back at square one.
Is that the
lf t55xx resetread command?
I didnt try that one. I did a
lf t55xx restore
Alright, not sure what ive done. Ive been messing with it a lot today. I also upgraded the firmware on the proxmark.
But now ive been able to fairly consistently get a read on the lf chip. However after it reads the chip, it immediately starts checking for keys and then pops up with a “No Valid Key”. Then gives me the option to try to sniff a key, or to enter one manually.
Is this telling me the chip is blank at the moment and i need to write one? or is there some other key necessary to write to the chip and this is why it’s failing? im not finding much on these forums or google about “No Valid Key” issues.
What commands are you sending?
LF search shouldn’t be looking for keys normally
See if the flipper sees it now, and if it does…. Writing something to it might help
When I get a read it’s through the icopy-xs interface. I seem to consistently get a read that way. Particularly if i specify im looking for a t5577 chip. Im not sure what commands exactly its sending via the proxmark. but it also automatically checks for keys for whatever reason.
However if I do a search with lf search via the proxmark tools/interface, i consistently get “Signal Looks like Noise. Maybe not an LF tag?” - However lf search seems to only be looking for a Motorola tags?
If i do an lf search 1 u it comes back with “no known 125/134khz tags found”. I havent found a way to specifically search for t55xx other than through like lf t55xx read or info. but thats not showing me anything either.
flipper still doesn’t seem to be seeing it. but im not entirely sure where the flipper RFID antenna is located or how exactly it should be orientated to the chip yet.
Ok with the flipper, does the led change colors when above the implant?
The flipper still doesn’t recognize all modes
Idk if it’s the right approach or not, but if the chip is talking to SOMETHING, I’d be tempted to try to write with the flipper and overwrite whatever is going on
Some versions of the icopy were known to put a password on chips or something, or only with with proprietary cards to fwiw
no the flipper just flashes blue. I can’t get it to change colour regardless of orientation. It does seem to flash yellow for a moment every 15 seconds or so but that happens regardless of whether it’s near an RFID object.
And yea i read about the icopy-x problems with earlier versions but based on what ive read the icopy-xs is not supposed to have any such restrictions. Ive also had no problems copying any other t55xx chips between each other, ie fob to fob. its only been fob to this implant where i have not been able to do so.
It’s very hard to get an LF reading on my NExT while using the Icopy-XS. It’s much easier on my Proxmark RDV4, but still has to be positioned just right.
One thing you can try is to plug the Icopy into your computer and run the Proxmark binary on the computer. You could then run commands such as ‘lf tune --mix’ to find a good position and use the Icopy as a normal Proxmark. You should have access to all Proxmark commands.
If you’re on a Linux machine, you can run the compiled binary @ icopyx-teardown/proxmark3-804fef2ab at master · iCopy-X-Community/icopyx-teardown · GitHub and have full access to the Icopy.
Thanks, yes that is what ive been doing. But for some reason when I use the icopy-xs interface and specify ‘Read t55xx’ it detects the card. but if i do an lf search, or an lf tt55xx read using the proxmark binaries on the icopy-xs, i never get a detection. Which makes me wonder if im using the binaries incorrectly or something.
I have run the lf tune as well, that really helped in pinning down where it is and how to position the -xs. Though i notice there is only a 200mv voltage change when over it. it’s hardly noticeable. But i can run the lf tune, get it exact, and then try to run lf search and it doesn’t detect it. if i use the xs built in interface though it does, in the exact same position. So i dunno…
Maybe I just need to buy another device (Proxmark Easy or something)
I don’t remember. Is the NExT set up as em4x tag by default? Do lf em4x commands find anything? Or maybe lf em 410x reader?
Yep, they are.
Rolled out from DT in EM Mode
No lf em 410x_read did not have any effect. did not detect the chip. So far I can confirm
1 - lf tune seems to detect the chip as the mV drops. and I know when i hit that spot, I can;
2 - access the icopy-xs main menu, click on “Read Tag” and select “t5577”, and it will detect a t55xx/unknown chip
3 - Immediately after detecting the tag it tries to check for keys. Which always fails
4. If i select any other chip type to try and read, eg em410x - it says no tag found or wrong type found.
Attaching pictures of the icopy-xs just in case something there means something to someone…