Some questions I didn't find out myself, PM3 Easy and xDF2

Hey there,
Im 20 jears old, live in Germany.
I got into biohacking some months ago because a friend of mine had a magnet implanted.
First I thought it was a very dumb idea, then I spent quite some time on this great forum and now I want an Implant myself lol
No magnet sadly, because I’m apprenticing as a blacksmith and probably steel dust and needle like splinters would be really annoying^^

My housing association recently installed an RFID access control system, I can get to the garbage cans, into the house and into the basement where I keep my bike all with one fob, love it.
I asked them what chips they were using- they use MIFARE DESFire 4k ev2 chips and a EM4200 for the trashcans (but they work with my DF2 fob, too)
I also asked if they would enroll my chip into their system, they looked at the datasheet and said yes, I’m not sure how well informed this answer is though.
I read this, will try it like amal suggested. I think they will try, too, at least I possess 11 shares of the association :woman_shrugging:

So, I looked out, and found the xDF2.
First thing: I can only use that one with my access control system, can’t I? Because for most other applications a NExT seems to be more suitable and it’s also much more common.

Other applications I’d like to have in the future:

  • Bike lock. I’d love to build one and open source it, I just have no idea of this whole topic sadly, until now I am more of a hardware- guy, wood and steel, welding and drilling. So this is for future and I have much to reseach until then.
  • giving my number (or other silly stuff like my favourite meme or recipe) to people
    This point makes me questioning if I’d rather take a flex implant, If I meet a girl and want to give her my number it would really suck if I had to search for the antenna first haha
    But I think I prefer the easy installation, also I trust glass more than some polymeres… Or do you think a flex is preferable for one who works with his hands daily?
  • login applications. like, using it as a 2nd factor or even standalone password to my password manager, unlocking maybe my phone and definitely my computer.
    At the moment my phone isn’t even NFC compliant, so I think well in the future here, hope it lasts another 2-3 jears…
  • I don’t know what the future brings. Maybe payments, maybe cool stuff with Javacard applications, but by now I don’t even know what that is and don’t know if I will ever really do. Just read about emulating other chips and found it a great idea if possible.
    As far as I understood, those things would be possible with xDF2, is that true?

Don’t want to self -install, due to Covid pandemic the bodymod studio I was hoping to do the implant it around cristmas is closed until further notice. Now thinking of easter might be a good time for implantation- we’ll see. I just want a week or so between implantation and the next time I have to work, also its a 3 hour train ride to the studio.

Now, that I have a lot of homealone- time and don’t know when I can get my implant, I think it’d be great having some further research and experimentation, so I want to get reader, cards and maybe a book or so? and just play around.

  • As far as I understood, a proxmark3 easy is the thing I need and would also be good enough for my applications. I am a bit scared of all the getting-it-to-work-struggles and possible bricking I heard of, but hey, I love open source and am willing to learn.
    Question: Can I also use my PM3 easy as PC unlock reader? Couldn’t find out that easy thing :confused:
    Otherwise I found this one, just not sure if I could build it DF2-compliant, because it’s specifically designed for a xNT implant :thinking:

I would like to have just one implant, maybe an additional xLED (because its cool), but not 5 or so.

Sorry for that long post, it helped to structure my thoughts and I hope you can help me with the strong typed Questions
I’d have researched longer on my own, but my father wants to buy my cristmas presents and is pressuring :smiley:
Thanks so much, you are a really great community I think <3
Greetings :slight_smile:

2 Likes

First of all - I’ll leave the technical bits to the people with more knowledge :smile:

I can only speak for the flexNExT, and I tend to put a “maybe not” here - depends on how big your hands are. I still think I have some problems with mine because I have too small hands that I use too much…

Though… with a flexNExT, you could impress her with blinky LEDs while doing so! :wink:

Similar here. Depending on your implant, it might make sense to take 1-3 weeks off work - I had one free week after my flexNExT. and that was definitely not enough, I was pretty useless at work for at least one or two more weeks :wink:
Just out of curiosity (and since I’m in Germany, too) - mind to tell which studio you plan on visiting?

1 Like

Hi :slight_smile:

No, that sounds like the VivoKey Apex.
The DF2 can do some crypto stuff, the “applications” there are not really like applications or applets.
The Apex will be able to run your custom code, generate secrets that never leave the chip and theoretically it’s capable of payments… but that will probably still take years from the release of the Apex itself. Read the post I linked above.
Until then, if you want payments in germany, get a VIMPayGO converted by amal.

Flex all the way. But you mentioned 1 week healing, that’s more realistic with a x-series IMO (depending on position).

3/3 ^^

My guess is you want a flexDF2, because those readers are likely not perfect for small little glass chips.
Maybe buy the flexDF2, enroll and test it, then implant it?
OR since they seem helpful already, make a testrun with a DF2 test card before buying a huge implant?

Thanks for the answers so far :slight_smile:

That thing scared the f*ck out of me when I first saw it haha its huge :scream_cat:

The friend I spoke of got his magnet at Nakedsteel in Berlin and recommended them to me.
Still not sure if I will go there, since I live in Wernigerode now, it would be easier for me finding a shop somewhere near… But I am in Berlin when I visit my family, so its not too much of a hassle.
Well, just looked at the DT partner map and found one thats pretty near, “bonnie&clyde”, only doing x-Series though.

Okay, well, this applet and payment thing was more of a thought with low priority. But thanks, I didn’t look into VivoKey that much by now. Maybe when Payment becomes possible I’ll take one.
Thanks for the hint with the converted payment cards, but I somehow don’t like the thought of putting something with an expiration date inside me, as cool as it would be to pay with my hand :sunglasses:

Thats kinda funny ;D

hmm… So I could still send it back within 30 days if it doesn’t work, right?
Sounds good to me…
Even though this isn’t the answer I hoped for- I am kinda scared of the installation of such a “huge” (compared to x-Series) implant…
I could try and manage to get more than 1 week of healing time, maybe even two weeks. Would just eat up all of my free days this year :roll_eyes:
Still undecided there.

I can vouch for them, good team, did my PAY, will do my titan.

You could ask for a needle based install, not so different.

No need to go 2 weeks, 5 days + 4 days weekend and maybe one or two more days if it’s not good yet should be enough. Leaves another long weekend for the year.

[quote=“yeka, post:5, topic:9139”]
I can vouch for them, good team, did my PAY, will do my titan.
[/quote] Great! He was also super happy.

I read this a lot, can’t really imagine but when you all say it^^ Have to think about it…

Yeah and maybe use some public holidays…

Just read this :" Beware though , enrollment of a DESFire EV1 would mean the access control system might greedily hog the entire chip’s memory space with its secure application… one you cannot remove… essentially dedicating your implant to that one application with that one system." in that Thread
wich got me a bit scared. I hope this is not true for the EV2?
Thanks so much, I read about this stuff maybe half of my free time and get a better understanding of it every day, I’m just starting to feel less lost in all these abbreviations around here lol

Unfortunately, it probably is true for the EV2… they’re not going to want to give you their master keys needed to create new files.

Shit, that would be a dealbreaker :confused:
Don’t know how long I will stay here, probably only 1-3 years…
I really don’t understand enough how this enrollment works to understand why I can’t just put other files in the free sectors of the chip or, if there are no free sectors, just delete their application when I don’t want to use it anymore.
Have to do more research…

If I don’t figure out a way to make this particular application work without basically bricking my DF2 after I move out of my flat, I am completely open to any chips, maybe Apex or NExT.
Sad, this would’ve been really cool, taking out the fob when carrying my bike really sucks.

If the admins are cool, they could unlock your implant then.

Have you looked if they actually use secure applications on the DF2? Maybe it’s just ID based… unlikely but possible.

HAHAHAHAHAHA, We all know EXACTLY what you mean.

But that is such a first world comment right there.

Anyway
You have been given some really great advice :arrow_heading_up:

I would add to this another option for you. Grab yourself a Test card Bundle from KSEC and you can test out all of these theories with your friendly Sys Admins, and then you can grab whatever implant(s) suit you best.

Keep us updated, keep reading, keep asking questions.
We will have you stabbed :syringe: in no time…

1 Like

How could I find out? By simply scanning the keyfob I have or would I have to ask the right person?

Hmm. Kinda risky depending on some admin to unlock my Implant, but would be an option… I could try adding a testcard first, so I know the admins before I decide for any implant stuff.

hahaha true^^ First two weeks with the new locks I was all thrilled about how great it worked :sweat_smile:

Thanks for the recommendation! Will do that, additionally to a proxmark, (or will ask my father to buy them for me for cristmas lol)

2 Likes

Okay for real, even if you move out in 3 years. 50/50 chance you can take the flexDf2 out and replace it with an Apex Flex :smiley:

Scan it with the right app, idk, TagInfo will probably tell you.
For real world tests use https://cyborg.ksecsolutions.com/product/mifare-desfire-ev2-8k/ and a M1 test card (just in case it only checks the first 4 bytes of any tag)

Good plan!

2 Likes

Like @yeka said, scan it with TagInfo. The first good sign would be it not having any / many applications / files (ideally there should be 0).

They may not know how to / they might not even have access to the keys… often the software stores / hides that information since with it you can access / modify any card for the system (potentially). Best thing to do is to ask them / use a test card.

Ok, I’ll try to explain. DESFire has one master key (think password) which allows for applications to be added and deleted. Then each application allows for up to 14 keys, with the potential for each one to have different permissions. Secure / well designed systems will only use the master key once - to create / delete applications in a secure facility to setup a card. Then two keys are usually added per application, one with read / write access (for admins / readers) and one with read only access.

Afaik, most access control systems do not allow entering a custom masterkey on a card level - you can change it, but that changes it for all cards…

Thus they do not want to share that master key, which is needed to create / modify your own applications.

The only way you might be able to get around this would be to create a NDEF application of a suitable size with keys you know before giving it to them for enrollment, and hoping that their system / process does not remove it.

Hope this makes things a bit clearer

1 Like

I would rather avoid to let myself being cut open multiple times.
Maybe I just drop the whole door access thing and take maybe an apex directly, haven’t read much about it yet but you all seem to be hyped^^

If it turns out that its not possible to get myself a door access implant, I will maybe try and build a bike lock of some sorts and then get the appropriate implant for that.

Well, I dont have an NFC compliant smartphone yet ^^ I can try it with the proxmark next month or so, or I convince a friend to install taginfo on his phone. Then I will post what came out, maybe I’m lucky :woman_shrugging:

I don’t really understand how I don’t know the masterkey when I own the chip. Or is the masterkey changed/ created in the moment they write their application on my implant?
Sorry for the dumb questions…
Well, okay. So only options fo me would be finding out if they maybe sucked at building the system secure, or making friends with the sysadmin.
I think I will try both after cristmas holidays.

hmm just read a bit in the data sheet of the DF2 and found something about the MIsmartApp wich is “enabling to offer or sell memory space for additional applications of 3rd parties without the need to share secret keys” according to Wikipedia.
Sounds like what I need to me (probably its not), but I just don’t have the motivation to do further research now, will do that sometime… would be easier if english was my native language I guess.

Thanks so far, you gave me some great advise!

Okay, just to keep you updated on my foolish journey, I got a PM3 Easy for christmas and today I set it up following the getting started guide and it seems to have all worked out!
Hopefully, tomorrow I will be able to try and read stuff with it haha

2 Likes