Can confirm, works just fine, but man does it get the heart pumping! Once you build a custom one it changes the game!
I actually bought all the things to make my own and did some uneducated attempts at it months ago but it got put on the back burner because I needed to focus on my Calculus and C programming for school, but today is the last day of that for a while so hopefully this weekend maybe. It’s comforting to know I was on the right track with my purchases though, because I have the same components you had except no LCR meter. Just going to kinda tinker in the same path you did, build until I get the right frequency then play with resistance until the voltage comes down, then 3d print a snazzy case for it, and maybe pot it at work with some PU like the xAC antenna. Once I’ve kind of got a method to my madness, custom antennas for all the things(motorcycles included).
I will leave the finer details for GrandpaMumbo to share, but we got a successful read on my proxmark3 rdv2 with one of his fobs and it looks like an EM410x tag. I gave him an image of the read from it so he can share if so inclined. If I am not mistaken, he should not share the UID or the tag ID in public, anything else not to share? Also, an xEM or NExT should work with that lock he has if setup/used properly. Please correct me if I am wrong on any of this.
I started this thread a bit ago.
This is what came back from the proxmark reading that we got earlier today I don’t fully understand it hopefully one of you do and I really do appreciate you guys helping me out
And in the event that I forgot to blur anything out and someone thinks that it would be a good idea to break into my house that lock is on an interior door in the house so if you managed to get your way through the front door and then through my room door you will be met with a gun because I’m not too friendly with people who break into my house
FYI all the data in the image DEZ8 - Pattern Sebury are just alternative formats of the ID. Basically the only non sensitive data is the fact it detected it as a EM410x.
I wrote a post that should help you understand it if you want to have a look see.
Out of interest did it say anything about t55xx detected below the last line you sent?
But essentially, your xEM should definitely be able to clone it. It even should be enrollable without changes as it comes pre configured as a em41xx…
No, no reference to a t55xx in the scan. I probably should have run a t55xx specific scan while I was at it just to be sure, something to be more thorough with next time I guess.
I doubt they would be T55xx chips if they are EM41xx, the EM tags are a dime a dozen, the factories probably are desperate to clear out the old stock. Should be able to just learn a NExT or xEM into it, but if it doesnt work the RFID reading circuit just may not be appropriate for small implanted tags
I would agree, I am still scratching my head as to why the Diagnostic card doesn’t work, even when the pad is active and can read a fob…
@Compgeek Nice new DT avatar
Maybe the field is extremely weak all the time - tuned down barely enough to read a full-size tag at close range, but not enough to light up a diagnostic card, to save batteries.
Yeah, It seems to be the only logical explanation.
If anybody knows about the foibles and idiosyncracies of a large number of RFID locks, It would be you
I kind of thought this would there be a way to strengthen the signal even if it included taking the doorknob apart
You could look at custom winding a coil to act as a new antenna, with a cylindrical coil shape it would couple better with implants at the cost of working worse with full size cards and key fobs. This may make it useable but may not do enough. If the reader is just low power as @Rosco suspects, there still might not be enough power with a custom antenna. If it looks for power draw before upping the output power as others suspected earlier, it still may not draw enough to kick it in to high gear.
It may be possible to modify components on the circuit board to increase the power output or overvolt it. High risk of damaging the circuits if you don’t know what you’re doing, and would probably result in horrendous battery life, hence why they didn’t do it from factory.
All electronic design is trade offs, the sad reality is that nobody sells a door lock designed for implants, so working reliably with our tiny cylindrical antennas is so far out of their design goals its the first thing to go.
If you do decide to modify it, good luck! Please do keep us updated and we’ll try to help as much as we can, but to my knowledge nobody has done this to one of those locks, so we don’t have a tutorial guide either!
I am going to look into it and will def have to find someone with more knowledge than myself in electronics before I would want to start opening things up.
Just going to throw this out there but the diagnostic card that I received (the PCB one with lf and hf LEDs) the lf side was doa and I have never been able to get it to light up, with either the xAC or my proxmark3, so I wouldn’t exactly count that not lighting up as confirmation that it has a week field. I also remember somewhere on this forum (I think it was somewhere in the Samsung lock section) that some locks when activated by touch turn off the RFID side, and some when activated by touch turn the RFID side to full power. I would suggest trying to use the lf field detector (confirm the one you think is lf by testing the hf one on your phone) and try all the positions turbo2ltr suggested with the lock in both the powered down and activated states. With a regular coil like on my proxmark3 it is like… Super sensitive to the angle, and position that you hold it to the edge of the coil to actually light up. I’m talking like 2 mm.
Sounds like you’re LF side is dead. All of mine are incredibly easy to light up… Mumbo has 2 of them so the odds of both being faulty seems low.
By incredibly easy I mean sending a 2.5v square wave at 125kHz through a random coil of wire got it to light up very well.
Odds are definitely very very low that both his cards are defective, but I’ve seen crazier things happen in my field of work. If he puts the diagnostic card on the lock then reads a tag through it, and let’s say it works and opens the lock, the diagnostic card should at the very least flicker right? It would be receiving more power than the tag at that point and the tag read/lock open would confirm that the coil activated at its fullest power.
Well according to the em4100 data sheet it’s min voltage is 0.3v… the green led likely requires more than that so I am leaning towards this
Well… That’s not promising.
So what would the voltage need to be ideally?