xAC alternatives / let’s build a more secure alternative?

Thank youuuuuu

Where do you get the relay board? Is there a post on this setup anywhere?

They make it themselves I believe

Yeah he does, you will find him and his simple sexy channel over on the Discord.
He is much more active over there

I get home in maybe maybe 4-5 hours and I’ll
See what’s what

Sorry I came home last night and went to sleep lol

I have good news :grin:

The blue board version seems immune to the vulnerability

I have 2 other boards to test,
One of which is nfc… so I don’t think it will even be possible to test? But yay non insecure options

I have noticed, as a quirk… the wiring harness is close but not the same… so you can’t technically just unplug and swap the board in like I hoped, you’ll need to wire in the new harness since the relay wires are transposed

Good news blue board, that appears 99% the same, but uses a daughterboard for nfc seems to read x series just fine, it lights up and triggers my Xsiid
(Amal, I’d be willing to send this one to you to play with to see if you might want to sell it or whatever, I have no active plans for it yet… and shipping from China is terrible)

Bad news, the double antenna board fails, and will open with the vulnerability


So this is a winner??


Thanks so much! For ordering and testing them.
I’d definitely chip in on your costs. I couldn’t do anything to help.

I’ll get a few ordered.

Much appreciated :partying_face:

That’s the one that’s works for me,
The nfc version of that listing also appears to work with x series implants also

1 Like

Yeah it does.

I actually have both also but didn’t want to step on your toes with your testing.

By the way, I’m pretty sure The HF one only uses 3 bytes of the UID

No toes to step on… I just wanted to find a fix to a problem I pointed out… felt kinda bad

you shouldn’t, It was a good find


I’d love to test it. Every NFC board i tested before actually only checks like one, two, or at best 3 bytes of the ID… terrible.

1 Like


This is hugely helpful and appreciated!

You’re right!

1 Like

Can you also test byte variations? Basically to ensure it uses all 5 bytes of a typical EM tag ID, add one to memory and then change one byte at a time to see if it uses all 5 bytes or just like 3.

Should be able to with the flipper

Not at home right now, but gimme till midnight and I can

Just to confirm @amal what you want me to do is

Enroll : “12:34:56:78:90”



What really happened :

and crap :-/

Enroll : “12:34:56:78:90”

F2:34:56:78:90” - accepted
“1F:34:56:78:90” - accepted
“12:F4:56:78:90” - accepted
“12:3F:56:78:90” - accepted
“12:34:F6:78:90” - rejected
“12:34:5F:78:90” - rejected
“12:34:56:F8:90” - rejected
“12:34:56:7F:90” - rejected
“12:34:56:78:F0” - rejected
“12:34:56:78:9F” - rejected

so like @Pilgrimsmaster said for the HF version, it appears to only read the last 3 bytes of the UID
I guess this should be expected since Pilgrim said his HF board only took 3 bytes, and its almost identical to the LF board

looks like the v2 does the same thing, so at least its better than the v2



Yeah basically but easier like;


If you wanted to get specific about how many bits vs bytes you could explore the byte boundary if it’s found to be less than 5 bytes, but just proving it’s less than 40bits is all I’m after at this point.

1 Like

Not sure I follow all that, but I checked above and it’s only the last 3 bytes