If you were to acquire a proxmark Id be more than happy to walk you through the process to identify the card’s technologies and advise on implants that may be able to be used to clone/emulate it.
Before you get a proxmark, it is recommended to try and read the card with your phone using an app called NXP Tag Info (on Android) or an alternative Apple app. The results from this scan will let us know what card tech is being used before any more complex/involved investigation can happen.
In addition to the card, the reader is also rather important. If you could take an image or find it exactly online this will also help with determining what implant would be most appropriate. If you do happen to get a proxmark, we can do some additional investigation into the reader and determine how it communicates with the card and comment on the communication the two are having. All of this will help answer any questions or queries you have.
Here are the two readers - there may be a third, ill keep my eyes open. What do you guys think? So I still need the Proxmark? A part of me would rather just by the implant and cross my fingers!
OK. so I scanned both readers and my fob - in the elevator and my front door - with both NFC and NXP.
The elevator and key fob did nothing
The schlage front door (with manual lock) DID OPEN MY APPLE WALLET with both NFC and NXP but did not “show” any data.
1-Does that mean I need a DT diagnostic card next?
The mystery continues.
Also, I work in a hospital (doctor) and Im thinking we can tackle that RFID system next. Id love tto show off my implant to colleagues
The TagInfo App, is for Scanning and Identifying the chips in Tags, fobs, cards etc.
(High Frequency only)
The Diagnosic card you would use to identify if your reader is High Frequency or Low Frequency. DT sell these but with most purchases you will get one of these included.
Anyway, back to your results
That is potentially good news.
To me I would guess that is Low Frequency.
The T5577 chip is a fantastic chip, it is in almost all of the LF implants.
So this is looking like it is HF.
(I have scanned one a while ago, and from memory it was a mifare 1k)
Could you try again following this video
We are getting close to an answer.
That will be awesome when it comes time for install…
So, there are two frequencies used, Low Frequency and your elevator seems to only be that at a guess. The keyfob is supposed to be dual frequency.
Your door lock is High Frequency (but might be dual frequency). NFC is High Frequency.
The diagnostic card has two LEDs, one triggered by High Frequency and one by Low Frequency so you can hold that up to a reader and see which frequencies are supported.
As for the hospital, if you are already using both high and low frequencies then you may need a second implant for that. (To some extent that will depend on how friendly and helpful your security people are).
Doc, If you’re in the FL, St. Pete (or surrounding) area. Could help in person or loan you gear if you wanted to test.
Do you feel comfortable removing the whole Schlage lock from your door?
To get the specific model number etc. You can take it off, snap photos of it all and reinstall it. Won’t hurt programming etc.
IF your hospital credentials and door are the same frequency or use the same type of cards. You could reprogram the apartment door to your work credentials and minimize the number of implants.
On the subject of implants. Are you considering the FLEX or the X series?
Ok so I downloaded NFCtaginfo, NFCtools, NFC and NFCtap (all on iOS) and none read my fob key. Again, its 1 fob key for BOTH these readers. So that probably means they are both low frequency?
Interesting the Schlage user guide above makes no mention of the protocol or RFID type etc. But I was able to unscrew the entire door lock and got the model number etc (attached photo) So what now? I guess my only option is to buy a diagnostic card? or if they are both low frequency am I good to go? Baltimore here. Hopelessly, technology unsavvy here. Thanks for all the responses.
I still think we have a bit of work to do here to get this correct for you.
Of the above, Initially I would suggest you go down the Mifare path (because you can change the NUID numbers) however the DESFire are still viable.
If you can enroll them (home SHOULD be easy) Work you will need administrators on side.
If you can’t enroll, then of the Mifare, the FlexM1 gen2 would be my most reccomended, ONLY because you can use your phone to change the UID.
Otherwise you would need to buy a ProxMark3 and I don’t think you would have fun setting it up.
And you would likely only use it once
However, if we have a community member near Baltimore They maybe able to help you out.
@Satur9 springs to mind (Philidelphia) but my USA Georgraphy is not great.
The fob number you mentioned near the beginning is dual frequency, that isn’t a problem. There are dual frequency implants, and I wear a dual frequency ring.
Most locks I have played with use NFC (high frequency) but only really care about the UID.
The elevator reader appears to be low frequency. A diagnostic card will confirm this but it isn’t necessary. A proxmark 3 easy should make it easier to clone your fob. I am not sure that the low frequency side can be cloned with a phone to be honest.
There are basically three form factors for implants that you need to consider, as well as the capabilities.
There are the X series which are encapsulates in a bio glass. These tend to be smaller, are injected into the fascia but have worse connectivity.
Next come the flex series with a small oval shape. They can be installed either with an incision and a dermal lifter, or with a large (4 ga) needle to make a pocket. They have better range and connectivity than the glassies but are harder to install.
Finally there are the round flex series, these tend to be around an inch in diameter have the best connectivity but require a scalpel install.
As you can see there are tradeoffs between the different styles, but all styles have some options that should work for you.
would help as a starting point
