XM1+ relaunch or alternative elsewhere?

Yes

Ok makes a bit more sense now

And so in my situation where I can have the implant added to the gyms id system, I wouldn’t need to buy any further writing equipment to use it

Just add the implant and I’m set ?

If that’s the case, then id say a gen1a chip would be my answer Amal
As long as it has the increased read range, in sure id be happy with it

I’d love to see a gen2 version if only for the MCT compatibility. Having the possibility to store many cards on your phone and just update the chip whenever a different card is needed, would be very convenient.

I’d prefer 1a. I’ve bricked some gen2 stuff by writing the wrong file, etc. Invalid access bits written to the 3rd sector anddd its gone.

It is does make it all require a proxmark and rule out MCT though. However I already have the proxmark and am very familiar with that.

This is definitely solved with the flex form factor… huge range… amazing range.

For gen1 chips yes, after the HALT state is achieved, you can send a special “back door” command to the gen1 chip and it will basically do away with all security of any kind and you can write whatever you want to the chip, including invalid configurations… mess something up, remove from the field and repeat the process… the command basically opens the doors to mayhem. The problem with gen1 chips is that some readers and systems are now checking for these chips by issuing this command and if the chip responds, the system rejects the chip.

Inversely, gen2 chips simply allow writing to sector 0 where the NUID lives (it’s non-unique ID because it’s only 4 bytes and even NXP has updated this specification to “NUID” because they had to start issuing repeats)… the problem with the gen2 chips is that they respect the original rules laid out by the Mifare Clasic… for example;

Yep. This is where I think the Chinese go a bit too far with their attempt to emulate the Mifare Classic perfectly… there is no need for this rule to exist on gen2 chips, but they honored it anyway and now you have to be super careful when writing data to a gen2 chip or you’ll brick any sector with an invalid access bit configuration written… and… I mean… they do some pretty dumb schoolyard shit for no reason I can see to make writing the access bits hard to do as a manual process… http://amal.net/?p=3932

NFC-Access-Control-for-Mifare-S50.pdf (631.1 KB)

So it looks like I’ll have to explore both a flexM1-G1 and flexM1-G2 product.

Sounds Good Amal,

I just need something that I can replace my current xm1+ chip with, to add to the gym’s access system.
Perhaps If you come up with something I can trial it before implant. to check if it works

Is there any way we could do a flexM1 with the magic backdoor along with an xM1 that is simply a mifare classic, no chinese backdoor?

Right now we’re not able to source Mifare Classic dies and the performance is also pretty bad.

1 Like