I just purchased a proxmark3 to play with so I am VERY VERY new to this.
I have a card I want to clone that says “HID iClass DY” and that scans as an iclass/picopass chip with the proxmark.
What am I looking for in a fob that can be disassembled or loose chip (or implant chip) to be able to clone this.
I want to put the chip into my cane (yeah, I’m old :P) so I can mess with my students by waving the cane at the access sensor that pops the door open, and the payment scanners on our coke machines. The ID card I’ll be cloning from responds as a pre-paid debit card and as a wireless ID that you slide over the external sensor to unlock doors.
My first thought would be to extract the chip (put the card in an acetone bath)
desolder from the antenna and attach to a new antenna ( grab another HF chip and antenna. links to follow if that sounds like it may suit your purpose) or reshape the original to fit in the cane
The cane I’m using has a decorative ring that hides about a .25" gap between the handle and shaft. That’s why my first impression is one of the implant chips would work. But I don’t know which one.
I’ll swing by my personnel office this week and see if I can get a blank one to play with.
The decorative ring I have the arrow pointed at has a gap between the handle piece and the cane’s main shaft. It’s about 1/4th of an inch wide. It’s the only gap in this manufacturer’s canes that you could put something in without having to cut into the wood to make a deeper groove. The decorative facing on the top of the handle is not removable.
That’s why I was hoping one of the implant chips would fit, it seemed like the smallest answer.
I also looked at putting a chipped ring (size 4-6) under the decorative one, but they’re to tall unfortunately.
I’ve got a spare card from work currently being dissolved, but I “think” the chip may be too wide. And I’m not convinced I can soldier the antenna back on very well (hands shake).
Best I’ve got at the moment. And thanks to anyone who helps.
Unfortunately I wont be able to help too much more, because I only understand civilised measurements.
I do have a couple of thoughts though.
Bearing in mind, the first priority should be to maintain the integral strenth of the cane.
drilling a hole for an xSeries to be inserted may work with a snug fit may work, but im not sure how this will affect the strength of the cane.
also in that orientation, you would need a powerful reader.
Similarly, if you were to inlay the xSeries in the cane, however this would be easier to present to a reader.
Im not sure if thats what you were meaning here, or just the Dwarf head
If It does, potentially slipping something like this over the join may be an option
otherwise, if you think you could do some winding with you shaky hands, you may be able to unwind from a similar antenna as above and then re-wind that into the gap you mentioned,
if this was metric, I maybe able to visualise how this would fit…
If the winding fits, try to get sombody to help solder and hide the chip
When its screwed in, the gap left inside that decorative ring (which acts as a spacer) is about 6.5mm wide.
What I’m trying to figure out is which xSeries chip to get if I can’t get the spare card in there. The screw shaft is also conductive, so I’m wondering if I wrap the copper coil around the shaft if I’ll get better reception, or just an electromagnet.
I had to swear off metric after the mars climate orbiter.
I’ve also reached out the man who made the cane to see if I can get just a handle with the face detached so I can drill a hole behind that and attach the face later. (Either with a rare earth magnet to hold it on REALLY well, while still being removable, or permanently)
Okay, now we are speaking the same language, I am back onboard.
Personally, I would be writing off the thought of an xSeries sized implant, there will be a coupling / range hurdle that I feel will be too far.
Especially with this plan.
I really don’t think this plan will work through all that metal, but I stand to be proven wrong.
This (below) would be my persoanl recommendation of the path you should be going down
You can find these for quite cheap in a variety of sizes, and will almost be a plug an play. IF you can find the correct diameter, just swap out and solder your chip from the dissolved card.
If you need a hand with the assembly, I think a quick visit to a maker space or similar, you will find someone willing and able to help ( I know I would be willing )
HOWEVER
If you cant find a “plug and play” antenna of the correct dimensions, you could wind the copper antenna from you dissolved card into that ~6.5mm gap, and resolder the chip, and in effect, achieve the same result as above.
If i was near by you, I would happily help you with this project, but I’m not even on the same continent, so this is the best I can do for you unfortunately.
Even Now, I am not certain my proposed plan will work, due to the way the antenna will need to be presented to the reader, but I still fell this will have a better chance of success.
Before pushing you too far down this path, I would prefer to do some actual testing rather than theoretical surmising, but I am away from home and the things I can test with in a similar fashion to your setup ( I have some adhoc stuff I can play around with for the time being to get a better idea, but not ideal )
Let me find you a link with some different sized antennas for you
Faster than I thought ( Sounds like a quote from my Mrs )
Here you go ( Sounds like a quote from me to my Mrs )
So I have with me:
my Phone
my Flipper
a Key Fob Sized Field detector
an HF+LF fob keyring ( Appox Similar size as may suit your cane ~25-30mm)
I simulated a “Low Power” Reader with my phone
I simulated a “High Power” Reader with my Flipper
I simulated an HF Antenna and chip mounted on your cane with my Fob keyring and presented it to each reader at 90⁰ i.e how I expect you will need to present your cane to the reader.
My phone would read the Fob Keyring at ~10mm
My Flipper would read the Fob Keyring at ~15mm
Very similar results with my Key Fob Sized Field detector
I was pleased with that, and I would call that some reasonable testing.
I am quietly optimistic if you choose to follow this path
At this stage, I can’t think of anything else I can do to help you.
I hope this is of some use to you and your project, and I will be following your progress, and looking forward to seeing what you end up with
Trying several things over my December break. (The joys of being a professor).
I was able to clone my new ID card onto my “lost” /cough old one.
I’m dissolving the old card now to pull the bits out.
I also found the cane maker who made my cane. I’ve got a new handle on order without the face attached. I’m going to drill a cavity into that handle and use a rare earth magnet to hold the face on once I get whatever chip I end up using inside of it. That will put only wood on 5 of the 6 sides (if you think of it as a cube) from the chip and wrapped antenna. It will also put the drilled hole past the screw joint that holds all the weight in the cane, so it shouldn’t have to weaken it.
I asked if they could custom cast me a face piece out of a solid copper but that was a no-go.
If you feel the aliexpress chips you linked will work on the listed chipset, I’ll go ahead and buy one pack of each size and use the largest antenna I can get to fit.
The gentleman who made my cane has sent me a loose handle with no face attached so I can hollow out behind it. I’ve got an appointment with a maker shop to hollow out about 20mm x 10mm into it and put a removable clip for the decorative facing. The facing itself is very hollow as well.
I’ve removed a chip from my old ID card, and I’m ordering a digital magnifier to take a picture of it to make sure I find a compatible chip. If I have to use the card sourced chip I’ll have to hunt down a maker with VERY steady hands. I had no idea just how small these things were, and the size of the joining to the antenna was O.o small.
When the magnifier gets here and the facing is modded I’ll post pics.
As I have eluded to a number of times through our chats, I really don’t think it will work, and I don’t think it is the best approach.
BUT
Don’t get me wrong, I want it to work and for your sake I really hope it does.
I look forward to being proven wrong, and you can tell me “I told you so”
It is entirely possible to make your own antenna that will fit in the space. Just needs a bit of math. The card sourced chip will work for cloning, you can re-write it with the pm3.
Yes, but it’s a little more complicated than that. Cloning a card really depends on if the source iClass card is secured or not. The DY is one of those cards that can easily be either.
SE, and I think you’re mistaken. There are plenty of institutions that use SE blocks. Look around the forum, there are plenty of people who are running into SE blocks.
But that isn’t the full story. There are plenty of institutions that use both SE and non-SE blocks. For example, at my school, I can get into my dorm with a card with copied non-SE blocks, but not into the math building. It really comes down to how the readers are configured.
Those last 2 letters like DY have no real relevance (I believe it is just where the card was manufactured). ‘SR’ cards are iClass legacy that have an SIO written to them like you’re describing. ‘SE’ cards will say ‘SE’ on them, and are different in that the card keys use a different main key and KDF from legacy, and contain no legacy component. But all of the above are the same picopass cards under the hood.
Fair enough. I was unaware that that’s how HID terms them. We’ve been calling them SE blocks. For all we care, they act roughly the same in that those blocks can’t be successfully copied. DY cards are SR cards. It depends on how @Nunya’s institution has set up their system. If the readers are looking at the secured bits, there isn’t a lot of hope for cloning them.
~25-30mm)
