NExT LF troubleshooting

Hello everyone, I come to you in my darkest hour and I’m all out of matrixs’ of leadership.
I have a NExT in my dominant hand, I had it done before I decided to drop like 3-4k Swedish Kronor on a proxmark, on other channels (ie. non-DT) I was told to get a cloner, wasn’t until I started visiting the now no longer official discord that I found out that’s a big no no.

It worked for a good while, I’ve used it to book times at a sauna and one time to get into the office, but things being what they are (pandemic) I have only been in the office 3 times in the last year and a half, with about 6 months in between visits so it’s been programmed for the saunas for the bulk of time. Last time I went in I decided to clone (with the cloner, I was told “if it works maybe just keep going with it” and also I hadn’t done my homework on using the proxmark for confing the LF side yet) my access badge to the next again, cloner said read success, write success and off we went, except when I was there it didn’t unlock the door, now the cloner can’t read it at all anymore and the proxmark only VERY vaguely picks it up (granted I’ve gotten a good read with the pm like ONCE so it’s always been near impossible) but can’t do anything to it.

If I scan it JUST right I can get this output:

There’s a very vague change in lf tune:

A sniff of the cloner with the PM tells me this is the password:

I’ve been told there might be hope for it yet, so I’m hoping someone with expertise can help me get the thing running again.


  1. has the implant changed depth under the skin at all?

  2. are you holding the proxmark3 in a way that might be affecting the LF antenna posts?

  1. that is a strange raw data set with a lot of 000s … are you sure your source access badge is Indala?

Something to try might be the wipe command with the password option…


lf t5 wipe -p 51243648

… at least i think that’s the pw of the cloner you used?

After a wipe you should be able to retry cloning the badge with the proxmark3

1 Like
  1. I mean not that I know of, it’s def always been too deep to easily read, it’s always a bit finnicky to get a read of the HF

  2. I’m using a pm3 rdv4, it’s just laying on my desk, I also have a proxLF but that has essentially NEVER been better at reading the LF

  3. It’s not, it’s an EM410x

I mean that assumes I can read the damn thing though.

I ran the command but the output doesn’t tell me much about whether or not it was successful as the output seems to be the same even if there’s nothing at the antenna.

Holy shazbots, I did the wipe, watched your video on how to program it, decided to do lf search to make sure I find the sweet spot to write it and bam, actually shows the card data and not the indala output, I then also READ (not write so as to not set a password again hopefully) with the cloner and now it actually finds it again. Is that possible?

1 Like

Yep it’s possible when you consider the way magnetic coupling works is like screaming into the wind at someone across a chasm, and hearing what you are saying clearly is very difficult unless the signal is pretty good and not all noisy or weak. The proxmark3 does its best to interpret the signals it can suss out from the noise and since it doesn’t actually know what to expect it sorts has to figure out what words and language is being used. Imagine trying to hear someone talking from across the room without knowing what language they might be speaking… pretty hard actually because you toss out all filters and assumptions you can make about what sounds actually constitutes “words”


To clarify, I didn’t actually do the clone command, shouldn’t a wipe mean it’s empty?

if it actually worked.

When it comes to any digital media, the write phase is just tossing out signals and hoping the media picks it up… this is true of hard drives, solid state, and RFID chips. To be SURE the data was captured and stored properly, a verification step needs to happen… but most of the proxmark3 commands (so far) don’t do any verification… it just pulses out the signals that should result in commands and data being communicated to the chip but has no way to know if that attempt has succeeded or not, without a verification. This is why when you do backups or back when we used to burn CDs there was the long and annoying “verification” process that most people skipped… but it was critical to do in order to be sure the data was actually written correctly with no errors.

When it comes to writing data to a hard drive, it’s a very controlled environment and the gap between the flying write head and magnetic media platter is pretty much guaranteed to convey the signal to the medium… so things like operating systems and drive controllers don’t bother to do verification… they just assume the data was written and you can discover if this is true the next time you do a consistency check on your drive. But when it comes to holding a proxmark3 over an implant with a nebulous magnetic field being used to convey commands and data… it gets a bit more tricky.