RFID fob encrypted?

If you were to acquire a proxmark Id be more than happy to walk you through the process to identify the card’s technologies and advise on implants that may be able to be used to clone/emulate it.

Before you get a proxmark, it is recommended to try and read the card with your phone using an app called NXP Tag Info (on Android) or an alternative Apple app. The results from this scan will let us know what card tech is being used before any more complex/involved investigation can happen.

In addition to the card, the reader is also rather important. If you could take an image or find it exactly online this will also help with determining what implant would be most appropriate. If you do happen to get a proxmark, we can do some additional investigation into the reader and determine how it communicates with the card and comment on the communication the two are having. All of this will help answer any questions or queries you have.


Here are the two readers - there may be a third, ill keep my eyes open. What do you guys think? So I still need the Proxmark? A part of me would rather just by the implant and cross my fingers!

Could you also share a photo of the other side of the Schlage lock please

Personally I think a RFID diagnostic card to see if those are single or multi frequency readers would help.

That unbranded box could be anything.

OK here is the back of the apartment lock/fob. I think this will help!


and you know what might be even more helpful?
A photo from the other side of the door :wink:

What I am trying to find is, the model name so we can look up the specs to find the compatibility with an implant.

With regards to this one

As Zwack said a DT diagnostic card :card_diagnostic_dt: would help as a starting point

Can you please humour me and scan a fob from each lock/readerwith TagInfo

and post the results here

equally, if you can’t get a successful scan, let us know. That will still be helpful

Haha here is the front but I’ll scan the readers with that app in a few. Forgive me I’m stupid dumb with technology :speak_no_evil:

Not at all, I wasn’t clear about what I was trying to achieve

Could you scan the Tags/fobs/cards etc. that you use to operate the readers.
What we are trying to do is, find the equivalent Imant for you

OK. so I scanned both readers and my fob - in the elevator and my front door - with both NFC and NXP.
The elevator and key fob did nothing
The schlage front door (with manual lock) DID OPEN MY APPLE WALLET with both NFC and NXP but did not “show” any data.
1-Does that mean I need a DT diagnostic card next?
The mystery continues.
Also, I work in a hospital (doctor) and Im thinking we can tackle that RFID system next. Id love tto show off my implant to colleagues :see_no_evil:

Again, apologies.
Just to clarify for you.

The TagInfo App, is for Scanning and Identifying the chips in Tags, fobs, cards etc.
(High Frequency only)

The Diagnosic card you would use to identify if your reader is High Frequency or Low Frequency.
DT sell these but with most purchases you will get one of these included.

Anyway, back to your results

That is potentially good news.
To me I would guess that is Low Frequency.
The T5577 chip is a fantastic chip, it is in almost all of the LF implants.

So this is looking like it is HF.
(I have scanned one a while ago, and from memory it was a mifare 1k)

Could you try again following this video

We are getting close to an answer.

That will be awesome when it comes time for install…

So, there are two frequencies used, Low Frequency and your elevator seems to only be that at a guess. The keyfob is supposed to be dual frequency.

Your door lock is High Frequency (but might be dual frequency). NFC is High Frequency.

The diagnostic card has two LEDs, one triggered by High Frequency and one by Low Frequency so you can hold that up to a reader and see which frequencies are supported.

As for the hospital, if you are already using both high and low frequencies then you may need a second implant for that. (To some extent that will depend on how friendly and helpful your security people are).

Doc, If you’re in the FL, St. Pete (or surrounding) area. Could help in person or loan you gear if you wanted to test.

Do you feel comfortable removing the whole Schlage lock from your door?
To get the specific model number etc. You can take it off, snap photos of it all and reinstall it. Won’t hurt programming etc.

IF your hospital credentials and door are the same frequency or use the same type of cards. You could reprogram the apartment door to your work credentials and minimize the number of implants.

On the subject of implants. Are you considering the FLEX or the X series?

1 Like

If you’re in Oregon I am willing to help too. In fact there might well be people in your area wherever it is who are willing to help.


I do “lock stuff” and will get info from my supplier tomorrow on this series of electronic Schlage lock. I haven’t seen them in the field before.

1 Like

Here is the deadbolt with accompanying literature. Will read further.

Here is the User guide.

1 Like

Ok so I downloaded NFCtaginfo, NFCtools, NFC and NFCtap (all on iOS) and none read my fob key. Again, its 1 fob key for BOTH these readers. So that probably means they are both low frequency?
Interesting the Schlage user guide above makes no mention of the protocol or RFID type etc. But I was able to unscrew the entire door lock and got the model number etc (attached photo) So what now? I guess my only option is to buy a diagnostic card? or if they are both low frequency am I good to go? Baltimore here. Hopelessly, technology unsavvy here. Thanks for all the responses.

1 Like

Hmmm, well OK.

The Schlage FE410F data sheet says

Credential: Supports smart and multi-technology aptiQ MIFARE classic or
aptiQ DESFire EV1

DT sell options for both of these

MIFARE classic
FlexM1 gen1
FlexM1 gen2a

but also likely to work

I still think we have a bit of work to do here to get this correct for you.

Of the above, Initially I would suggest you go down the Mifare path (because you can change the NUID numbers) however the DESFire are still viable.

If you can enroll them (home SHOULD be easy) Work you will need administrators on side.

If you can’t enroll, then of the Mifare, the FlexM1 gen2 would be my most reccomended, ONLY because you can use your phone to change the UID.
Otherwise you would need to buy a ProxMark3 and I don’t think you would have fun setting it up.
And you would likely only use it once

However, if we have a community member near Baltimore They maybe able to help you out.

@Satur9 springs to mind (Philidelphia) but my USA Georgraphy is not great.

@philidelphiaChickens may also be useful to try

@Satur9 is a very Knowledgeable and helpful member, plus for him having another “local” installer might be awesome for him.


I still think we need to get to the bottom of you acess cards

Damn that is bothersome
Neither my georgraphy nor my geography or my spelling or my grammar are/is great :wink:

Anyway new post here is the manual for the Schlage
schlage-control-smart-interconnected-lock-installation-instructions-FE410F (1).pdf (9.2 MB)

interactive instructions here


The fob number you mentioned near the beginning is dual frequency, that isn’t a problem. There are dual frequency implants, and I wear a dual frequency ring.

Most locks I have played with use NFC (high frequency) but only really care about the UID.

The elevator reader appears to be low frequency. A diagnostic card will confirm this but it isn’t necessary. A proxmark 3 easy should make it easier to clone your fob. I am not sure that the low frequency side can be cloned with a phone to be honest.

There are basically three form factors for implants that you need to consider, as well as the capabilities.

There are the X series which are encapsulates in a bio glass. These tend to be smaller, are injected into the fascia but have worse connectivity.

Next come the flex series with a small oval shape. They can be installed either with an incision and a dermal lifter, or with a large (4 ga) needle to make a pocket. They have better range and connectivity than the glassies but are harder to install.

Finally there are the round flex series, these tend to be around an inch in diameter have the best connectivity but require a scalpel install.

As you can see there are tradeoffs between the different styles, but all styles have some options that should work for you.