Hello, few weeks ago I got my first implant, the NeXT implanted and things got very wild from there. Now I have a ProxMark3 with ProxLF antenna and quite a few things I would love to try out! But… I can only seem to successfully ever clone hid, i have never succeeded yet in cloning em41xx or fdx protocol.
So far, I will start with hw ver & hw tune lf, it shows this, seems fine (check for version mismatch between pm3 / client sw?, half year old fpga image?):
Summary
[usb] pm3 --> hw ver
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman/master/v4.9237-479-g4daa8aac 2020-06-24 21:21:47
compiled with MinGW-w64 9.3.0 OS:Windows (64b) ARCH:x86_64
[ PROXMARK3 RDV4 ]
external flash: present
smartcard reader: present
[ PROXMARK3 RDV4 Extras ]
FPC USART for BT add-on support: present
[ ARM ]
bootrom: RRG/Iceman/master/v4.9237-529-gb5b55205-dirty-unclean 2020-06-29 17:12:04
os: RRG/Iceman/master/v4.9237-529-gb5b55205-dirty-unclean 2020-06-29 17:11:23
compiled with GCC 6.3.1 20170620
[ FPGA ]
LF image built for 2s30vq100 on 2020-02-22 at 12:51:14
HF image built for 2s30vq100 on 2020-01-12 at 15:31:16
[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 262664 bytes (50%) Free: 261624 bytes (50%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory
[usb] pm3 --> hw tune lf
[=] Measuring antenna characteristics, please wait...
[|] 9
[+] LF antenna: 27.22 V - 125.00 kHz
[+] LF antenna: 26.63 V - 134.83 kHz
[+] LF optimal: 28.27 V - 129.03 kHz
[+] LF antenna is OK
[!] HF antenna is UNUSABLE
[+] Displaying LF tuning graph. Divisor 88 is 134.83 kHz, 95 is 125.00 kHz.
[usb] pm3 -->
Then t55 wipe seems to always work fine and I can even do a lf hid clone 2004840534 without problems, see:
However, trying 410x_write or fdx clone does never seen to work:
Summary
[usb] pm3 --> lf em 410x_write 0700281464 1
[+] Writing T55x7 tag with UID 0x0700281464 (clock rate: 64)
[#] Clock rate: 64
[#] Tag T55x7 written with 0xff81e0016234b134
[+] Done
[usb] pm3 --> lf search
[=] Checking for known tags...
[-] No known 125/134 kHz tags found!
[usb] pm3 --> lf fdx clone 203 199308091100
[=] Preparing to clone FDX-B to T55x7 with animal ID: 0203-199308091100 (extended 0x0)
[+] Blk | Data
[+] ----+------------
[+] 00 | 00098080
[+] 01 | 00277788
[+] 02 | 6F9AEF4C
[+] 03 | C0402BF7
[+] 04 | 98040201
[=] Block0 write detected, running `detect` to see if validation is possible
[+] Done
[usb] pm3 --> lf search
[=] Checking for known tags...
[-] No known 125/134 kHz tags found!
Any advice how to proceed or what to try to make these protocols compatible with my implant will be greatly appreciated. I doubt this is about bad coupling, because I have a ProxLF and the hid cloning and wiping works fine…
I have done this before. I will have a go later and get back to you.
This post I showed some info about the tag.I know I cloned it but there was some data the PM3 is not able to clone atm. The ID works fine, Think the National code too, I know the “Animal Tag = True” failed to clone as it is not implemented in the code, if you really want a full clone I might be able to submit a patch to the PM3 repo.
Definitely interested! I would love to test your patch with both my NeXT and some animal implants that I expect to arrive in about a week from china. I am not a veterinarian, but I intend to do some research about local (Czech republic) use of animal “tracking” implants, which are mandatory for animals since January 2020. The problem is, that no registration is mandatory and there are only private registries, which does bad justice for the (lost) animals. So my interest is part academical, part activist, since I am a furry and feel like I can speak for at least some animals in the sense of criticizing the current insufficient state of the law and writing about to hopefully change it for better.
The wider the PM3 options for tag emulation and writing, the better for real world research.
I found there is a donation based / free registry service of animals with solid integration and for free so guess what, now I have a unique number registered and I just need to clone it into my hand, so I can go outside and make some experiments along the lines of: “hello local policemen, I am a lost dog, who is properly chipped, can you identify me in the real dark world of registered animal IDs?”. There is an Android app, Najdi zvíře, which, locally, seems to work way better than Petmaxx.
TLDR: Implants are mandatory for animals in , but registration isn’t. Less than optimal.
Update:
It turns out that programming the NeXT is probably working fine for EM tags as well as previously tested HID. I cloned the EM tag according to instructions and the reader at my work was satisfied with it and let me in just fine, several times. So I got that going for me, which is nice… But my Proxmark for some reason fails to detect and read the NeXT properly when there is EM tag on it. T55 detect also fails. My current hw ver:
Thank you, I already do this in the beginning of every session or change of client and unfortunately It seems to have no effect on my situation. When I read the programmed NeXT with lf em 410x_read 32 0, the plots look like this:
Finally got my Proxmark to recognize the cloned EM tag in my NeXT, with stock antenna tuned to F = 125 KHz (obviously) and Q = 14 (range). I must have been making some kind of substantial mistake with the ProxLF, otherwise I can’t explain it. Now to fiddle with the FDX stuff!
EDIT: even the FDX stuff is working, the important missing step was - wipe the t5577 with antenna tuned to 125 KHz, switch the antenna to 134 KHz, then run fdx clone and viola!
All this with the stock Proxmark3 Rdv4 antenna, what helped greatly was pushing the implant towards the reader from the inner side of the palm, seems to be well placed, far away from bones, but less than optimal for RF performance.
, but registration isn’t. Less than optimal.
