xAC alternatives / let’s build a more secure alternative?

Yeah it does.

I actually have both also but didn’t want to step on your toes with your testing.

By the way, I’m pretty sure The HF one only uses 3 bytes of the UID

No toes to step on… I just wanted to find a fix to a problem I pointed out… felt kinda bad

you shouldn’t, It was a good find


I’d love to test it. Every NFC board i tested before actually only checks like one, two, or at best 3 bytes of the ID… terrible.

1 Like


This is hugely helpful and appreciated!

You’re right!

1 Like

Can you also test byte variations? Basically to ensure it uses all 5 bytes of a typical EM tag ID, add one to memory and then change one byte at a time to see if it uses all 5 bytes or just like 3.

Should be able to with the flipper

Not at home right now, but gimme till midnight and I can

Just to confirm @amal what you want me to do is

Enroll : “12:34:56:78:90”



What really happened :

and crap :-/

Enroll : “12:34:56:78:90”

F2:34:56:78:90” - accepted
“1F:34:56:78:90” - accepted
“12:F4:56:78:90” - accepted
“12:3F:56:78:90” - accepted
“12:34:F6:78:90” - rejected
“12:34:5F:78:90” - rejected
“12:34:56:F8:90” - rejected
“12:34:56:7F:90” - rejected
“12:34:56:78:F0” - rejected
“12:34:56:78:9F” - rejected

so like @Pilgrimsmaster said for the HF version, it appears to only read the last 3 bytes of the UID
I guess this should be expected since Pilgrim said his HF board only took 3 bytes, and its almost identical to the LF board

looks like the v2 does the same thing, so at least its better than the v2



Yeah basically but easier like;


If you wanted to get specific about how many bits vs bytes you could explore the byte boundary if it’s found to be less than 5 bytes, but just proving it’s less than 40bits is all I’m after at this point.

1 Like

Not sure I follow all that, but I checked above and it’s only the last 3 bytes


1 Like

So fuck me… do we gotta make our own shit here wtf.

The xACv2 was also only 3bytes :-/

So the blue board is pretty much identical, minus the easy to guess master uid



I ended up getting both the 125 and 13.56 versions.

And now I’m looking at getting a magic ring. Cause I’m not set up for the implant yet.

Which magic ring would I want for the 13.56, the mifare one?

Can I program that for LF with my flipper (which I haven’t set up at all yet? :person_facepalming:). I just have LF locks now. But may switch to dual at some point. So would like the ring to do both.

Appreciate any help.
I’m lurking a lot but not much smarter. Haha.

It’s just an EM tag… flipper will do that no sweat

Lost me here…. I’ve only seen magic mifare… I haven’t seen magic ntags in anything but extremely niche iso cards

The 13.56 reader that I got, doesn’t require mifare, it will read anything 14443a, so ntag or mifare

Just to be clear the magic aspect isn’t required, it only lets you change the UID, or baked in serial number on 13.56 chips

LF stuff, almost all the rewritable chips you’ll see are t5577 which is in a nut shell like a magic… it will pretend to be more or less whatever LF thing you tel
It to be

Hi, thanks for the reply.

You may have answered already, but my question was, there’s two rings.
One says magic mifare 1k. And the other ntag216 I believe.

I was wondering if both would unlock the 13.56 reader above.

Sounds like maybe they both will, but the magic ring you can change the hf side if you want to essential make a new tag?

Thanks. It’s still a bit like a foreign language.


This is the other ring I was looking at.

Yea the 13.56 version will work with either since it doesn’t care what chip it finds… as long as it responds in the 14443a protocol, which both do

The big difference your looking at is,

The ntag will talk with your phone via nfc

The mifare more than likely won’t, but you can change the serial number on it

Me personally I’d go ntag for phone shenanigans

The DT dual frequency ring is out of stock, I don’t believe there are plans to restock it… but you can find dual frequency rings elsewhere (DT didn’t make it)

1 Like