NeXT Implant - Cloning HID 10301 - Chipset Not SDetected

Gifford61988 · August 8, 2024, 5:25pm

Hi All,

Doing some cloning with my Proxmark Eazy (Iceman) today and I’ve ran into a small issue.

Card I’m cloning is an HID Prox 10301 card

I cloned Raw after watching some DT video walkthroughs, and when lf searching, both my NeXT implant and HID 10301 card read the same, aside from the Chipset.

I am unable to use my NeXT implant with the newly cloned HID 10301 data to successfully authenticate an access control system. The system is denying the implant.

Is this due to the Chipset not being defined/identified adn fi so, how can I write the NeXT implant to read as an HID Prox ID?

The top section is the NeXT Implant, the bottom section is the HID 10301 Prox Card:

Thank you!

Equipter · August 8, 2024, 11:17pm

no the em4305 parts of a hidprox aren’t used by the readers so it’s not that.

it’s probably the reader not being able to couple with the lf credential in your implant or its polling HF first and then fails. post a pic of your readers

Gifford61988 · August 9, 2024, 3:53pm

Here is one of the readers in question. Viewing the access control logs, the system is pulling an invalid token. Didnt know these readers could even capture or recognize HF, if that’s what it is.

Equipter · August 9, 2024, 7:07pm

yep it seems your reader is polling for your hf credential before the LF cred so it’s just bouncing you back.

if you’re sysadmin for this you could totally turn HF credentials off. make sure you don’t have any active HF users tho

TSMC55 · August 9, 2024, 10:20pm

When you say invalid token is it still reading some raw data? If so, you may be able to enroll that as a valid pass.

Gifford61988 · August 9, 2024, 10:52pm

Unable to turn off the hf functionality on this system unfortunately.

The exact error is: Invalid (Credential)

The card that is read has the Hex Value displayed and records that the read card is 32 bit - it must for sure be the hf side, as the hid prox card cloned to the lf side of my implant is a 26 bit.

Not sure how to/if its possible to take raw 26 bit data while knowing the card number and facility code and get that info in a 32 bit format that will be acceptable.

Have not once been able to get the hf side to read on my proxmark, but if its possible to get the 26bit transformed to 32 bit, I may try to get past the headache.

Thank you!

TSMC55 · August 9, 2024, 11:20pm

The system at my office allows you to add the raw data as a valid credential. I just copied the “failed” read data and added it to my access authorisation. It works flawlessly since then. I did not need to convert anything or change bit lengths.

Not sure if that will apply to you, but if it is reading data from the HF side and you can add that to your list of approved access credentials, it may work.