@abacus this is the location that the member whose pic I sent you had their flexEM installed in 
Can’t wait to hear how it goes, and do let me know if you need any more help!
1 Like
I use mine on my MAC and Android devices without issues. “brew update” “brew update pm3”
Did you check your hospital keycard? Is it also LF? if that’s the case, both work and home using LF, then you would need two (2) separate flexEM chips.
Did he do it?, Did it work?
Don’t you just hate reading stories that have no ending?
2 Likes
I work in the apartment industry and can speak to this. The fobs are dual tech as stated previously.
The common area readers are probably just standard HID readers (H10301 format). That can easily be cloned, as we are all aware.
The unit lock is the Schlage BE467 (or adjacent model). They use HF MIFARE. Most of the time, the property manager doesn’t enable (or doesn’t pay for) DESFire, so you can probably crack the HF side of the fob using a PM3 (specifically hf mf autopwn). If they enabled DESFire, then good luck because they’re AES encrypted 
Regarding the ButterflyMX, there’s nothing to really attack. The RFID reader on it just passes Wiegand through to the common area access control system (DoorKing or whatever they used), but in most cases, that doesn’t get hooked up since a dedicated reader is normally installed right next to the BMX anyways.
1 Like