Thank youuuuuu
Where do you get the relay board? Is there a post on this setup anywhere?
They make it themselves I believe
Yeah he does, you will find him and his simple sexy channel over on the Discord.
He is much more active over there
I get home in maybe maybe 4-5 hours and I’ll
See what’s what
Sorry I came home last night and went to sleep lol
I have good news
@amal
The blue board version seems immune to the vulnerability
I have 2 other boards to test,
One of which is nfc… so I don’t think it will even be possible to test? But yay non insecure options
I have noticed, as a quirk… the wiring harness is close but not the same… so you can’t technically just unplug and swap the board in like I hoped, you’ll need to wire in the new harness since the relay wires are transposed
Good news blue board, that appears 99% the same, but uses a daughterboard for nfc seems to read x series just fine, it lights up and triggers my Xsiid
(Amal, I’d be willing to send this one to you to play with to see if you might want to sell it or whatever, I have no active plans for it yet… and shipping from China is terrible)
Bad news, the double antenna board fails, and will open with the vulnerability
So this is a winner??
https://a.aliexpress.com/_m03qeCw
Thanks so much! For ordering and testing them.
I’d definitely chip in on your costs. I couldn’t do anything to help.
I’ll get a few ordered.
Much appreciated
Yep
That’s the one that’s works for me,
The nfc version of that listing also appears to work with x series implants also
Yeah it does.
I actually have both also but didn’t want to step on your toes with your testing.
By the way, I’m pretty sure The HF one only uses 3 bytes of the UID
No toes to step on… I just wanted to find a fix to a problem I pointed out… felt kinda bad
you shouldn’t, It was a good find
I’d love to test it. Every NFC board i tested before actually only checks like one, two, or at best 3 bytes of the ID… terrible.
THANK YOU!!
This is hugely helpful and appreciated!
You’re right!
Can you also test byte variations? Basically to ensure it uses all 5 bytes of a typical EM tag ID, add one to memory and then change one byte at a time to see if it uses all 5 bytes or just like 3.
Should be able to with the flipper
Not at home right now, but gimme till midnight and I can
edit
Just to confirm @amal what you want me to do is
Enroll : “12:34:56:78:90”
Test
“F2:34:56:78:90”
“1F:34:56:78:90”
“12:F4:56:78:90”
“12:3F:56:78:90”
“12:34:F6:78:90”
“12:34:5F:78:90”
“12:34:56:F8:90”
“12:34:56:7F:90”
“12:34:56:78:F0”
“12:34:56:78:9F”
done,
and crap :-/
Enroll : “12:34:56:78:90”
Test
“F2:34:56:78:90” - accepted
“1F:34:56:78:90” - accepted
“12:F4:56:78:90” - accepted
“12:3F:56:78:90” - accepted
“12:34:F6:78:90” - rejected
“12:34:5F:78:90” - rejected
“12:34:56:F8:90” - rejected
“12:34:56:7F:90” - rejected
“12:34:56:78:F0” - rejected
“12:34:56:78:9F” - rejected
so like @Pilgrimsmaster said for the HF version, it appears to only read the last 3 bytes of the UID
I guess this should be expected since Pilgrim said his HF board only took 3 bytes, and its almost identical to the LF board
looks like the v2 does the same thing, so at least its better than the v2
Yeah basically but easier like;
Test
“AA:34:56:78:90”
“12:AA:56:78:90”
“12:34:AA:78:90”
“12:34:56:AA:90”
“12:34:56:78:AA”
If you wanted to get specific about how many bits vs bytes you could explore the byte boundary if it’s found to be less than 5 bytes, but just proving it’s less than 40bits is all I’m after at this point.
Not sure I follow all that, but I checked above and it’s only the last 3 bytes