Hello! I’m XC-108, or Shannon for short.
I’ve been lurking for a while, reading, studying, watching videos, making spreadsheets to compare the technologies and capabilities of different implants, and I think I’m ready! My partner is so happy for me to take the plunge into this world that I’m so excited about and is helping me fund my first 2 implants.
I wanted to run this by the forum to make sure my thinking is correct.
My intention is to buy a NExT and a xSIID.
NExT would go in L0 and XSIID would go in R0. I want to use the LF side of the NExT to clone my work badge. We use HID readers at the office and almost all of them are on the left side of the door. I want to put my domain password in the HF side of the NExT and use the Keyboard/Wedge reader on my laptop to read it to avoid typing my lengthy password 10 billion times a day. The xSIID in my right hand would contain a vCard so that I can easily share my contact information when I want to. And my partner is very excited to have me light up whenever she wants me to.
Are these valid uses for these devices? I am assuming that I can clone my work badge to the LF side of the NExT and I can program my domain password into the HF side’s writable memory. I am also assuming that I can load vCard info or something similar into the xSIID. I want to be sure that I am interpreting all my research correctly before I make my purchase have the devices installed.
I am beyond excited to be starting this journey!
Thank you for your help!
Hello! I’m XC-108, or Shannon for short.
Welcome to the forum!
A few things:
XC-108 is 6 characters, Shannon is 7…
This sounds doable, but keep in mind that HID does make both LF and HF credentials, so you may want to find out more about the system you’re using before jumping in. If you are using an HF HID system you wouldn’t be able to clone it to the NExT
This one should be doable, here’s a related thread:
This one’s less doable unfortunately, off-the-shelf keyboard wedge readers only read the chip’s UID, not the user writable storage. Most people change their password to match their UIDs if they want this functionality, but I do believe you could DIY a reader to spit out the data you want, if you’re a tinkerer
in your case I might choose to do an xSIID and an xMagic, which still wouldn’t help with the password problem, but the HF side of the NExT and the xSIID are quite similar, and you may get more functionality out of having the xMagic. (That’s actually what I plan to do, as I have an xSIID now)
Thank you so much. I really appreciate the reply!
The system we are using has thin plastic ID badges that I cannot scan using TagInfo, so my assumption is that they are LF. I’m not sure how I would find out for sure with what I have on hand.
Any idea what the UID looks like? Does it meet strict password requirements?
The thing that drew me away from the xMagic was that it cannot share data with or trigger events on smartphones, according to the product page. It is also more expensive (and I would have to buy a Proxmark separately). But if I have a xSIID also, maybe I don’t need it to trigger smartphones? SO much to think about now.
I am a bit of a techy type, so I might be able to make the NExT work for the password, but I would definitely have to look into it a lot further.
After a short google search, I discovered this device, though, which looks like it might solve the password problem?
And for the xSIID, I’m using an Android phone, so the vCard thing may be easier?
That sounds like a good assumption to me, but there are a few products you could purchase if you’d like to be more certain. Others may pitch in who would know for sure that HID doesn’t make some bizzaro credential that wouldn’t scan by phone (@Equipter might pretty-please spread some of his genius here)
That’s how I see it, but everyone has different uses for them too
The ACR122U is a known device to this forum, and it appears it has some log-in uses:
But I have never used one, so I won’t be much help there
I have also never used a vCard, but as I understand it their fairly simple on either major OS, being slightly easier to use on android.
Howdy. let’s talk.
Err storing passwords on your chip, can it be done? yes. is it easy? no. you’d need to either custom encode your password as a value you save to the chips memory and build an esp reader usb and program it to decode data from those blocks and enter it as keystrokes. what i did instead was memorise the wiegand raw value as both hex and decimal values so i have two passwords one of which is alphanumerical which can also be input by a usb dongle reader i got off aliexpress.
the ACR wouldn’t be able to run as a hid emulator while the computer is locked. you’d need something running with its own brain.
for the unscannable card, is there any markings on it? does it say something like HID 000xx? could you also please hold the credentials up to a torch or bright light source so the antenna is exposed and take a picture of the antenna design as it is intentional and indicative of operative frequency.
for storing a vcard i would highly recommend storing the .vcf file (make this on vcardmaker) on a url endpoint to that file. when scanners scan it they’re automatically sent to download that file which opens just like a normal vcard, doing this allows ios users to also recieve your contact card as ios prohibits recieving vcard by way of ndef storage transfer.
edit to add: for cloning your work badge if it does end up being LF that would be a job for the NExT if you’re wanting to share ur url too, you’d need a proxmark3 to get it all scanned and programmed but i’m around and always up for the chat on discord (equip) dangerous ever the clever company know their userbase so they sell it or if you want to wait 3 human lifetimes so does aliexpress.
edit edit to edit add edit: if you wanted to go full wizard you could in the act of creating your own usb reader hid emulator, use the same relationship of your uid = your normal password and have the esp run that as logic so every recieved uid is parsed through that KDF yours just so happens to output as your desired password
You have a fully comprehensive number of replies, The ONLY thing I would add is
The xSIID going into P0 is not an issue, but consider going on the back of the hand into P1 - P5
The reson I suggest this is, the skin on the back of the hand is much thinner, therefore your blinky will blink blinkier and brighter
Have you chosen a colour yet?
Oh! Cool. Thank you for the advice!
Yes! My favorite color is Red, and I can’t imagine blinking in any other color.
@Equipter Thank you so much for your in depth reply! It’s very helpful. I’ve been looking on line for various resources, and I indeed found instructions on how to build a unit “with its own brain” that will still type the programmed password while the computer is locked. The [Arduino] is an example of something that is only slightly ambitious for my skill level.
So, yes. Most of the readers at work are HID, but the card itself is marked with Identiv 00B5A20.
When held against a flashlight, it looks like this. It looks like there is a small chipset in the corner, and a wide oval that goes around the perimeter of the card. It actually reads well regardless of the angle I present it to the readers at work.
ok yeah this is definitely a low frequency card, the proxmark should be sbke to handle the cloning of it
Sweet! Thank you so much for all your insight.
I am now pretty confident that I have made the right choices for my first devices!
I’m so excited to be starting this journey!
happy cyborg noises
Might want to lube up those joints if they’re making noise!
Ok, that’s dedication! I think that your chip is truly a part of you at this point.
This is indeed the goal and the point!
I’m looking at the instructions and videos now that I have my Proxmark all set up. I’ve been able to positively identify my card as an HID with a valid FC and CN and it’s reporting all the raw data.
In the video, the presenter clones card IDs to the LF side of the NExT chip by putting the chip right on the Proxmark device. Am I correct in assuming that I will not be able to program my new toys until they are out of the syringes (and in my body)?
That’s correct. And you need to wait about two weeks before you can successfully read and write to them as well.
However I have noticed with stronger devices like a flipper I could read and write to my implants before I installed them through the sterile packaging. Couldn’t do it with the proxmark though
I programmed and just successfully used one of the 5577 cards that came with the Proxmark instead of my ID badge at work. This makes me so excited to get my install done. I hope I can get it done this week! Ahhhhhh!
Search this forum for examples of employers looking badly on this practice, just so you understand the potential issues. More than one person has been fired for doing this workout coordinating with their employer.
This one comes to mind right away.
Yes, I have been keeping up on those threads and reviewing my company policies around badges. I intend to protect myself as best as I can and make sure the right people are in the know.
I really appreciate the reminders!
I’m somewhat fortunate that I work in a company where global security is pretty un-involved in day-to-day operations, and I’m also an engineer who is allowed to “tinker” with new technologies. I work in an industry that supports RFID and NFC devices as well, so my manager’s approval of this “testing and security measure” will go a long way toward protecting me from any potential fallout from global security.