NExT Programming Issue

Hi my name is Bryce and I’m a cyborg.

I got my first implant, a NeXT, installed last Saturday 7/24 and the swelling is down enough to attempt operations with my Proxmark3 Easy but I’m having some programming issues searching the forum and the web don’t seem to be helping. I’m a total N00B so be gentile.

I am able to get reasonably consistent reads but it is being detected as an Indala card

[usb] pm3 --> lf search

[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=] 
[=] Checking for known tags...
[=] 
[+] Indala (len 87)  Raw: 800000018000110080000800000c0000880400004bfffffff7ffffff

[+] Valid Indala ID found!

My understanding is that the mode of the T55xx changes when writing new data with the Proxmark. I ran an lf search on my existing card to get the card data, it writes to one of the test cards and both work at my reader but the NeXT is being difficult. I tried the same command as the test card (using fc and cn values) as well as writing the raw data from the search with and without the leading zeros; nothing ever seems to get written to the implant. repeated lf searches on the NeXT keep returning the above but with varying len and raw values (even with sequential reads)

when i try t55xx detect it fails with

[!] ⚠️  Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

help?!

as an aside the implant has rotated from the “tunnel” by about 45 degrees, from my looking through the forum migration happens and its best just to leave the thing where it settles as long as there is no discomfort and its not laying across a bone correct? if its advised to try to manipulate it I’ll give it a go but i’m not going to stress over it if it really doesn’t matter.

Hi Bryce, I don’t think that it is wise to conclude that “swelling is down enough” after only five (5) days.

The fact that your NeXT is reading as an Indala rather than an em41xx makes me think that you are not getting a good read.

I would give it a few more days, you can read it daily, and see if you are getting em41xx reads. You should also practice positioning your hand with the chip at right angles to the LF antenna, using lf tune -@ you should be able to see when the positioning is optimal.

You’re right; A more accurate statement would be “swelling is down enough to consistently get LF reads.” not necessary that they are good reads (hence the wrong tag type and changing data values)

I’m pretty comfortable with the alignment of the implant it’s sitting at ~45deg to the index metacarpal and doesn’t seem to have moved at all since I first noticed that Tuesday doing HF scans with my phone, I’ve been trying not to prod at it because I know that’s a bad idea.

The first thing to consider is performance of your antennas… put the proxmark3 on a wood or non-conductive surface and do

hw tune

Post the results.

Next ensure you are not touching the screwposts if the proxmark3 while holding it to your implant… that can cause crap antenna performance since the two middle posts are the LF antenna connections.

Finally, ensure you are holding the proxmark3 to your implant so the LF antenna crosses over the NExT so it’s lying perpendicular to the curve of the LF antenna… then try moving it slightly back and forth down the length of the NExT trying reads. You can see where the ideal position is by using

lf tune

That command shows you the lowest voltage drop when the tag is coupling the best and drawing the most power.

Thanks for the tips Amal. I’ll give it a shot tomorrow evening when I’m back at base.

I was aware of the posts and watching for it but I’ll slap some electrical tape over them till I get a chance to apply some conformal coating.

I really would like a word with whoever did the PM3 Easy hardware design; adding a whole unnecessary PCB and leaving exposed contacts on an RF circuit is just annoying.

I still haven’t tested this to quantify it, but I do get different results from hw tune with the middle board in place, so it might not be entirely unnecessary.

What that actually translates to in real world usage is another matter.

Yes this is true for me too… but I can still get good reads of implants on LF without the middle board.

1 Like

I guess I know what I am doing tomorrow… :unicorn_drunkin_dancing: This is what happens when I take PTO. I start looking for things to do rather than any of the things I should be doing.

So, my thoughts are to mount two tags on stands, and see at what distance I can get a read from each both with and without the middle board. Repeat it a few times and I should end up with four numbers. That should tell us exactly how much of a difference that middle board really makes.

3 Likes

Maybe I’ll hold off on modding the hardware then :joy:. I’m not trying to hide the thing anywhere so it doesn’t actually matter.

I had assumed the HF antenna would be on the middle board but when I found out that wasn’t the case figured it was to move the coil away from the main board to reduce interference.

AA circle says hi bryce

3 Likes

hw tune results

[usb] pm3 --> hw tune
[=] ---------- Reminder ------------------------
[=] `hw tune` doesn't actively tune your antennas,
[=] it's only informative.
[=] Measuring antenna characteristics, please wait...
 🕛   9
[=] ---------- LF Antenna ----------
[+] LF antenna: 38.34 V - 125.00 kHz
[+] LF antenna: 29.49 V - 134.83 kHz
[+] LF optimal: 38.09 V - 123.71 kHz
[+] Approx. Q factor (*): 5.8 by frequency bandwidth measurement
[+] Approx. Q factor (*): 11.1 by peak voltage measurement
[!] ⚠️  Contradicting measures seem to indicate you're running a PM3_GENERIC firmware on a RDV4
[!] ⚠️  False positives is possible but please check your setup
[+] LF antenna is OK
[=] ---------- HF Antenna ----------
[+] HF antenna: 31.43 V - 13.56 MHz
[+] Approx. Q factor (*): 9.1 by peak voltage measurement
[+] HF antenna is OK

(*) Q factor must be measured without tag on the antenna

[+] Displaying LF tuning graph. Divisor 88 (blue) is 134.83 kHz, 95 (red) is 125.00 kHz.

when running lf tune free floating i’m getting 383XXmV and can match that when positioning the coil over my NExT. but lf search fails unless i tweak position further.

based on the first caution in the hw tune i’m thinking i possibly messed up the PM3 setup. The DT OS X setup guide ended up not enumerating unless it was in flashing mode. I found and followed a guide to clone the repo and flash from that which worked. I just went to re-flash from homebrew to compare versions and of course broke it again. I also can not for the life of me find that guide i used Monday night so I’m back at square zero :weary:

I’m about ready to just break out virtual box and setup a windows install.

Hmm yeah when launching the pm3 client what are the firmware and client version shown? You might have a mismatch there.

Is your proxmark3 an easy or rdv4?

@amal, in the first post he said…

I assumed that that meant PM3 Easy

1 Like

giphy (2)

1 Like

No, I had gone back to check if he had said anywhere… Because I was going to ask the same question. :rofl:

On the interesting side I do have results from my tests with and without the centre board on my Proxmark3 Easy.

With the centre board in place I got an extra 9.5 mm range for a low frequency card compared to without.

With the centre board in place I got 16 mm shorter range for a high frequency card.

I marked a sheet of paper with a line which I used for the LF antenna board for LF measurements and the main board for HF measurements. The proxmark was placed on the line and a card was placed parallel to the line (I used 1/8" graph paper because I had it handy) the distance for several consecutive valid reads was marked (1/8" steps were used because of the graph paper). I took a couple of readings, moved the card 1/8" and repeated. When I was no longer getting 100% accurate reads I moved back 1/8" and checked again. That was the distance I took.

Based on these results, I think removing half of the centre board might give the best results overall. With the centre board in place the range for both the high and low frequency cards was almost the same.

1 Like

I’m having the same symptoms on one of my t5577 test cards, and I am certain there is no problem getting enough power to the chip - maybe too much

on a side note, the nt in my NExT isn’t working either

Only one of your test cards? The other test card works fine?