Samsung 3321 not able to register implant

I think the flexM1 is a back burner project ATM. It’s coming though…

1 Like

Ok, that makes sense. Well then I suppose that would be an option when that comes out then.

1 Like

Well that’s annoying, especially after that model of lock has been shown to work with implants. Maybe Samsung have updated their code? I have a mifare classic tag and that isn’t recognised, a card too but no joy. I suspect something hidden in the memory of their tags that is Samsung specific.

1 Like

Most likely. If you wanted to get it to work you would most likely have to crack the MIFARE classic provided by samsung and clone it directly to another MIFARE classic or appropriate stand-in, as they can have some level of encryption, however it has been cracked as I mentioned earlier, though I am uncertain of the details of how to crack them. That would probably be your best bet.

1 Like

Thanks @Jaroot I was hoping for a simple solution where my implant would “just work” … oh well. I suppose I will have to keep typing in the pin entry code if I want to be keyless.
Not tremendously happy with Samsung at the moment.
Big thanks for everyone’s help. Fingers crossed for a solution that will work with implant without the risk of bricking it.

Ok…some digging around…

The code
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
seems to be the key to all of this. I copied it to a black mifare classic card using mifare classic tool, and success! the Samsung lock recognised AND registered the tag.

Now the tricky part…how to get this to work on an NTAG216 implant?

As far as I am aware it will not work on an NTAG chip, as the MIFARE classic 1k is a different beast all together. However, there is word of a new Classic 1k implant floating around, as there was one previously. For right now you may be SOL tbh.

These are two different types of chips… you have an NTAG216, not a Mifare Ultralight… even though NFC Tools thinks they are the same thing, they are not. NFC Tools is a great app, but pretty stupid in a lot of places.

I also have this lock, and it does work with NTAG216 chips. The trick is positioning your chip correctly to get a read. Also, the registration process requires you use a new “slot” number… though they call it something else… basically when you assign a “position” you need to assign a new empty position number because if there’s already a PIN code or a RFID tag in that position, then you cannot add anything to that position. This is a dumb move by Samsung and you have to manually use some kind of clear command to clear that position before you can add something else there.

What does this mean exactly? How does it “recognize fine”?

Your words are literally an accidental pun… that is KEY A, access bits, and KEY B in the Mifare Classic chip. FFFFFFFFFFFF is key A, which is set to factory default, and the trailing FFFFFFFFFFFFFF is key b, also set to factory default. FF078069 are the access bits for the sector.

This data has nothing to do with anything really… it’s not user data it’s the crypto1 key values and permission settings.

This makes no sense really… did you try the black mifare classic card BEFORE you copied this data to it? Chances are it would have worked just fine because it’s 1) mifare classic, 2) a card with a large antenna… it has nothing to do with the data and everything to do with the large antenna size.

I still think this all comes down to positioning the implant correctly. If you have put it into the common area between the thumb and index finger, then I find the best way to position it is to wrap your hand around the lock barrel, or where the cylinder would typically be, and twist it like a door knob.

4 Likes

Looks like I wasn’t going crazy or didn’t have the knack of correct twisting and alignment. Other people reported inability to register implant ntag216 chips with Samsung. I have tried with a non implanted ntag216 chip with every conceivable orientation…no joy. I suspect Samsung firmware has changed in latest models of lock.

2 Likes

Seems like I’m having the exact same issue.

If Samsung is rolling out firmware updates to remove 3rd party support of other tags, that’s bad news for this community.

All I can think of is if somebody can hook up a JTAG to their implant-functional 3321 and dump the firmware. I’m no hardware developer but it’d be nice if there was a way for us to flash our dysfunctional units back to a working firmware. Else I think I’m just gonna return this lock. $200 is too much to pay for a deadbolt that isn’t compatible with my NExT.

1 Like

I will offer a loaner Samsung lock for this purpose… this needs to happen!

3 Likes

After some thought, the only way to not be at the mercy of lock makers is to make our own locks… unfortunately that’s a very expensive proposition… do we have any mechanical engineers in the house? Can we reverse engineer some locking mechanisms? Can we make our own design? The electronics are not the issue for us, it’s the mechanical design that’s at issue.

I started this topic just now: https://forum.dangerousthings.com/t/open-source-deadbolt-lock

with a fresh empty github repo: https://github.com/vivokey/lock-deadbolt

3 Likes

There are a few retrofit RFID Bluetooth locks that bolt onto existing hardware. An RFID reader, servo and Arduino equivalent, esp32 which has sleep function with touch wakeup to save battery power.

Issue I see is getting insurance company onboard, no-one wants their house broken into then insurance company refusing to pay due to unapproved locks.

Having said that I’d definitely want to work on this. The lock mechanism is relatively simple, and cheap, building the housing is the hard part. Needs to be waterproof, extreme weather proof, vandal proof etc etc. 3D print prototype then cast alloy for production.

Real danger of getting obsessed by this…

3 Likes

Or we could ask Samsung REALLY NICELY to put the code back to how it was.

1 Like

We could petition but we don’t have the numbers, the best shot we have is attempting to get in direct contact with the EZON team at Samsung via email or other means.

I’ll send out some emails to Samsung and see if I can get a response.

@amal has a higher likelihood of getting a response from them, because of his position as the father of biohacking lol.

Realistically, them allowing an xNT is not a security risk for them, so maybe by asking nicely we can get a yes?

2 Likes

Missed def con by a couple of months…hacking the Samsung firmware to allow ntag216 would have been a great challenge for convention attendees. Or a retrofit circuit board. Now there is a thought! The RFID reader and all locking hardware is in place, we need to swap out the brain (little piggy back esp32 board) Maybe there are other locks this approach could be applied to?

4 Likes

Power consumption is the only real challenge with that if you’re gonna add an Arduino or Raspberry Pi to the circuit, also would have to figure out how to take the (possibly serial) output of the NFC reader and feed that into the new controller.

1 Like

The esp32 which has WiFi & Bluetooth in addition to usual Arduino capabilities has an ultra low power sleep mode with touch wakeup built in. I suspect something similar is at the heart of many smart locks. This would explain the need to touch the screen to wake up the lock, and it’s ability to run off AA batteries. I agree normal Arduino or pi would use way too much power.

Deep sleep power usage is in the micro amp range

3 Likes

I bought one of the new ones to tear it up. Interesting stuff.

The “outer” board (the one on the “locked” side of the door) shows where the antenna used to connect to. There are unpopulated parts including an IC that was clearly a RFID reader chip. The antenna is now connected to the inner board. This makes sense from a security standpoint.

The inner board has an 18 series PIC microcontroller and a TRH031M reader chip… What is interesting is this chip should be able to read anything, including ISO-15693 tags.

In all likelihood, the PIC is locked down so you cant read the program flash (but you never know)… but a very possible solution would be just to pull the PIC off and replace with your own unlocked one. You’d be starting from scratch but have some decent hardware…

One downside is most of the board is covered in a rather thick conformal coating. It’s not going to be easy to get through it.

5 Likes

That’s a great idea, just dropping your own microcontroller onto an existing board.

Honestly, thick conformal coatings are easier to work with than thin ones. If you toss the board in the fridge you might be able to just chip the coating off of the areas you’re interested in. Thin conformal coatings can general only be removed with heat or solvents, which can put some seriously volatile chemicals into the air.

3 Likes