Successful xEM and xNT implant and clone


#1

I had an xEM implanted in my left hand and an xNT implanted in my right hand over the weekend. I’m rather heavily pierced, and I have a good relationship with my piercer. I wouldn’t recommend two hands in one day for someone who isn’t used to how getting pierced feels.

The sterile kit that is delivered is great. Everything from alcohol and marker to gloves and a big absorption pad.

The injection needle works really well, but it appears that removing the lock is a little tricky - she was concerned about accidentally triggering the ejection while removing the lock. It didn’t happen, but I could imagine the chip flying across the room.

The healing is great. Because nothing is left protruding from the skin (like the jewelry from a piercing), it heals very similar to a small cut. A small cut with some bruising inside. It bled some, but skin was cut, it didn’t surprise either of us.

Now onto the programming.

the NFC programming on the xNT is a breeze, whatever, nothing to even discuss. The worst part is finding the sweet spot on my phone to get a reading.

for xEM programming, I am using a Proxmark 3 Easy (Pm3E). I programmed an indala code onto the implant and then was not able to get a reading off the chip using the Pm3E. I was kinda freaking out because I was sure I’d bricked the chip. I came back to it the next night with a clear head and was looking at various things. I tried taking the antenna from the xEM access controller and putting it on the Pm3E. I couldn’t get a reading from anything (neither various demo cards I have or the implant). I put the lf antenna back on the Pm3E and tried programmign the indala code onto a T5577 card I have. Success. So I was sure I was using the right commands. (I had trouble with the GUI for the Pm3E, so I was using command line). I read a forum post about being really careful with chip location in relation to the antenna. I used the lf t55xx wipe command and was able to get a reading from the implant again. I programmed the indala code, and I couldn’t a reading again. I went through this cycle a few times and then decided to leave the indala code and try using it the next day.

SUCCESS. I was able to open the door using my hand instead of my key fob.

So it appears that the Pm3E is able to successfully WRITE to the xEM implant, but it is not able to READ if it is any mode other than raw T5577.


#2

Interesting… I’ll yank out my proxmark and try to confirm… possible. What hw version and firmware version do you have?


#3

I’m sorry, it’s the Elechouse Proxmark3 Easy (not Lite as I said originally)

Does this give the answer you’re looking for?

Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-361-ge069547-dirty-suspect 2018-04-05 01:56:43
os: master/v3.0.1-361-ge069547-dirty-suspect 2018-04-05 01:57:38
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59

uC: AT91SAM7S256 Rev C
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 197081 bytes (75%). Free: 65063 bytes (25%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory


#4

yep cool. i don’t have a working proxmark at the moment but i also have to clone an indala card to my xEM so i’ll see what the results are after.