I hope it wasn’t a bad lot. I ordered mine on Aug 1st and was having issues with the UID. But before I can dare to claim anything other than user error (most likely). I’m waiting on a new Prox kit. The old one disappeared from my office. I’ll follow up when it arrives.
3 Likes
I hope it wasn’t a bad lot
Me too. Me too.
having issues with the UID
While its fresh in memory, Ive got a few questions (before your proxmark3 arrives):
Were you able to/did you read from it successfully?
What did you use to try to write to it and what did you try to write?
What error are you getting/how do you know something isn’t right?
From reading the post it looks like the tag in question was listening to some commands but not everything. They also still have a valid block 0 (and were able to successfully write to it) and their 14a list has more promising info.
Whereas, my tag doesn’t have a ‘normal’ block 0, doesn’t write when asked to and the 14a list verifies this. I mentioned it to Iceman too in case my theory is wrong.
A semi-unrelated question/thought:
Do the flexM1 Gen1a and the xM1 use the same chips?
Could this issue bleed into the flexM1 Gen1a tags also (if they use similar architecture)? Testing on the flexM1 Gen1a you sent (thanks again for that!), I was able to read from it and successfully write to it multiple times so doesn’t look like am issue.
@amal I could not find rev 709 tried it on the iceman fork removed the break from all three case statements in the code compiled flashed and tried the blk write command. Same results. I was hoping this would work. Would be a hell of a lot easier than replacing the implant.
Ok… good news… we shipped Iceman 20 of our xM1 chips… he sorted shit out super fast… turns out these chips have a very long timeout delay required before the wipe command works. He’s already updated the RRG repo. Pull down the latest, compile, and run your wipes… should work to revive your xM1s!
7 Likes
Thought it was worth dragging in Amals post from another thread, because this is why, if you can, you should support IceMan
IceMan Patreon
I am having no luck 
Am I using the wrong wipe ?
[usb] pm3 --> hf mf cwipe -u 09080706 -a 0004 -s 18
[/]wipe block 41[#] write block send command error
[!] retry block 41 ...
[|]wipe block 63
[+] Card wiped successfully
[usb] pm3 --> hf 14a read
[=] Card doesn't support standard iso14443-3 anticollision
[+] ATQA: 00 00
[usb] pm3 -->
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman/master/release (git)
compiled with MinGW-w64 10.2.0 OS:Windows (64b) ARCH:x86_64
[ PROXMARK3 RDV4 ]
external flash: present
smartcard reader: present
[ PROXMARK3 RDV4 Extras ]
FPC USART for BT add-on support: present
[ ARM ]
bootrom: RRG/Iceman/master/release (git)
os: RRG/Iceman/master/release (git)
compiled with GCC 9.2.1 20191025 (release) [ARM/arm-9-branch revision 277599]
[ FPGA ]
LF image built for 2s30vq100 on 2020-07-08 at 23: 8: 7
HF image built for 2s30vq100 on 2020-07-08 at 23: 8:19
HF FeliCa image built for 2s30vq100 on 2020-07-08 at 23: 8:30
[ Hardware ]
--= uC: AT91SAM7S512 Rev A
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 291064 bytes (56%) Free: 233224 bytes (44%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memoryis that todays release? 2020 07 08 seems wrong.
ya I saw that but I compiled and flashed with a fresh git I downloaded 5 minutes before
1 Like
Thats because it the fpga image doh 
$1 per month is a no brainer. He’s the first person/project I’ve supported on Patreon. He often chimes in with help even if you don’t ask him directly. Learned a lot from him. A lot of us on Discord has.
3 Likes
So people where chatting and getting help in the discord i thought I would summarise here
So do this:
hf 14a config a 1 b 2
hf 14a reader
Then
hf mf cwipe -u 01020304 -a 0004 -s 08
And to finish it all off
hf 14a config a 0 b 0
Now this may not work for everyone but worth a go.
5 Likes
this managed to bring my xm1 back from the brink for long enough until I can replace it which is way more than I could ask for. big props to all who helped figure a solution
4 Likes
I had high hopes for this but no
usb] pm3 --> hf 14a config a 1 b 2
[usb] pm3 --> hf 14a reader
[!] iso14443a card select failed
[usb] pm3 --> hf 14a reader
[+] UID: 00 00 00 00
[+] ATQA: 00 00
[+] SAK: 00 [2]
[=] field dropped.
[usb] pm3 --> hf mf cwipe -u 01020304 -a 0004 -s 08
[/]wipe block 63
[+] Card wiped successfully
[usb] pm3 --> hf 14a config a 0 b 0
[usb] pm3 --> hf 14a read
[=] Card doesn't support standard iso14443-3 anticollision
[+] ATQA: 00 00
Need to see where the anticollision is failing first.
Can you do hf 14a reader then a hf 14a list please?
here ya go
[usb] pm3 --> hf 14a reader
[=] Card doesn't support standard iso14443-3 anticollision
[+] ATQA: 00 00
[usb] pm3 --> hf 14a list
[=] downloading tracelog data from device
[+] Recorded activity (trace len = 21 bytes)
[=] start = start of start frame end = end of frame. src = source of transfer
[=] ISO14443A - all times are in carrier periods (1/13.56MHz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52(7) | | WUPA
2100 | 4468 | Tag |00 00 | |
[usb] pm3 -->
It looks like no matter what My chip is bricked. @amal do we have any more information on this from iceman? As much as I hate to say it it looks like I am going to have to replace this implant.
More documentation up about magic cards;
@Blu3Rats I am talking to iceman about some other possibilities… we will sort it out one way or another, but looking for ways to do it that don’t involve a scalpel is preferred.
1 Like
Ya I saw this when he put it up. I have tried everything I can find each time it says its successful but with the same results when reading the implant. It seems as if this chip will not respond to any command