Hello.
I’ve purchased a Proxmark 3 rdv4 and was experimenting with trying to clone a hid prox card to my xEM implant. I managed to clone it to a separate T5577 card as a test.
I’m unable to get the implant to convert from EM410x to HID, to copy the data.
I know where the antenna can see the implant due to “lf search” kicking back a result, but “lf hid clone (Id #)” doesn’t seem to work, no matter how many times I’ve tried.
Any help would be appreciated!
What antenna are you using? Are you using the bluetooth add on for the proxmark?
This sounds like the classic poor coupling issue. Doing a write takes more power than doing a read, so its common for lf search to work, but the writes to not take effect.
Try getting it in what you think is a good spot with lf search, then run lf t55xx detect (takes more power), then run lf t55xx trace. If all of those succeed, don’t move at all and try the write again. 1mm can be the difference between success and failure, and the read has a lot more tolerance than that.
I’m using the base model Proxmark 3 RdV4 with what included. Nothing more, If i continue, should I look into buying the additional LF antenna?
That’s a personal decision based on how often you’ll be writing. You can write just fine using the stock antenna, its just more time consuming and sometimes frustrating to get it in the right spot before you write.
Using the purpose designed antenna makes it much easier to just slap it over the implant and basically nail the placement every time. Your margins are MUCH more forgiving.
If you’ll only be doing it occasionally and don’t mind the frustration, save the dollars. If you’ll be doing it frequently or would rather the ease of use than the cash, its a quality product and easy to make that call too.
If you have the money to, then yes, the whole purpose of the antennas existence is for coupling with the LF xSeries implants. (Thanks @TomHarkness and DT)
I remember you mentioning that you got the xEM and xNT because they were cheaper than the NExT, if you were still considering the NExT, you can buy one with the LF Antenna which then makes the LF Antenna only $10, whereas, if you buy it on its own, it’s $35.
OTY
UPDATE
Whilst I was typing
Alrighty! Thank you all so much for your help! I’m going to keep spending some time trying to get it with the pre-included antenna, but if I have too much of a problem, I may purchase the antenna. I had a couple of friends interested in what I was doing, so if they express an interest in it, the antenna may be worth it to just program theirs, as I might have the patience to fiddle with it, I can imagine others just wanting to be “in and out” so to speak.
EDIT: I managed to get it! I basically would use the clone command and wait a second between entering the command again moving it very slightly around my whole implant area!
I did and have never looked back the lf antenna has made my life a lot easier. And yes as others have stated it does sound like poor coupling. I bought the proxmark and the antenna specifically for my xEM implants, due to my fear of data tearing. I have found I can read with the default antenna but writing is a whole other story.
Do you use lf tune ? it will help you find the sweet spot on your implant.
Honestly, unless I’m writing multiple times, I don’t bother with the proxlf. In the time it takes to remove the stock antenna and install the proxlf, I have already read and write with the stock antenna and moved on.
I’ve found it much easier to place the RDV4 onto the hand rather than placing my hand onto the RDV4. Also, make sure to remove the plastic shield when doing implant work.
For LF writing, make sure the antenna is in Q7 mode, and the frequency switch on 125.
Could you describe what “didn’t work” means? What does lf t55 detect give you while reading the implant?
I did not, but managed to get it to work. Notable advice for the future though.
t55xx detect issued a error point towards not being configured, I still managed to get it programmed though.
Sounds like you didn’t complete the configuration process on the proxmark.
scripts run init_rdv4.lua
Glad you got it, but just a heads up that this is considered bad practice! The T5577 chip in your implant is subject to ‘tearing’ - basically if it only partially writes it can brick the chip and make the implant useless. Thats why finding the exact sweet spot using the commands I mentioned is so critical. You want to be sure the write will work before you run it multiple times.
Yep, do this! Also make sure you run hw tune every time you use your proxmark.
Just a tip for anyone with an xem or any other lf implant really. Before write run lf tune that will show a voltage reading look for the location with the lowest voltage as this is the best coupling then do your write there. Usually you should see at least 1-2v drop in voltage for decent coupling.
So my proxmark client doesn’t have lf tune, that seems distinctly odd
What proxmark do you have and what firmware are you using ?
Proxmark 3 easy
Iceman as far as I know from the seller… but there’s a solid chance I botched the install into windows
FYI
If you got the Piswords one, there is a chance it is 2.0 and not iceman.
It happened to somebody previously, definitely worth looking at that.
I requested iceman from them, but possible
Not sure I would know the difference, a lot of the prox stuff is over my head programming wise
I’ll probably need someone knowledgeable to help to fully erase and start fresh and correctly