I have an xM1 implant that i want to unlock block 0 to change the uid. I want to do this with an arduino and either the pn532 or the rc522.
I read that the pn532 is reliable with the x series implants, but is there a library to unlock block 0 like the one from miguelbalboa https://github.com/miguelbalboa/rfid/ ?
The rc522’s field is pretty weak and does often not read the implant. if anybody has experience in building antennas this would also help.
I am pretty new to arduino and nfc but i have some experience in programming.
Regards k4lin
Edit: maybe it’s important to know what i want to make: i want to make a portable uid cloner that i can connect via BLE to my phone and send commands. It’s a project for the end of my apprenticeship
I don’t know much about the magic M1 chips but that comment changes a few things.
I’d recommend getting a magic M1 card for testing. being able to leave the card on the reader should make your life easier. Also, check if you can port the library that you have to the NFC chip that works best? And read the datasheets for the RC522 and PN532.
Hi @k4lin,
Just stumbled onto this after successfully cloning a tag onto my xM1 with RC522 and Arduino.
Check out the ChangeUID sample code in the rc522 library and make the following modification in setup():
void setup() {
Serial.begin(9600); // Initialize serial communications with the PC
while (!Serial); // Do nothing if no serial port is opened (added for Arduinos based on ATMEGA32U4)
SPI.begin(); // Init SPI bus
mfrc522.PCD_Init(); // Init MFRC522 card
mfrc522.PCD_SetAntennaGain(0x07<<4); // <--- Add this line to set antenna gain to max!
// This will make the antenna too sensitive to read a normal card but it will pick up xM1.
//Add this line to any example code to read,write from your chip. Set it back to 0x04 << 4 for default
Serial.println(F("Warning: this example overwrites the UID of your UID changeable card, use with care!"));
...
Hope that helps. I was banging my head against the wall for the past few days trying to get the reader to work on a Pi, only to reallise it has all been done brilliantly for Arduino
@k4lin did you get it to work? I’m working on a similar project: Portable UID cloner for the times you must absolutely clone a fob this very instant
If you’re making progress I’d like to collaborate a bit
I’m also about to start working on a text compression script for storing large amounts of keys/passwords/mnemonics etc on limited memory space.
If the hardnested and other attack code coil be ported from the proxmark3 to be used with the RC522 that might be interesting… not sure if the RC522 can do the necessary timings etc though
I don’t own a proxmark3 and have barely glanced at the code. Which specific tools would you be interested in having ported to Adruino+RC522? I’m happy to look into whatever you point me to, and continue developing a ISO14443 toolkit for programming your x-series chips.
(On a side note: Is there a non-invasive way to stop the KBR beeping so damn loud? )
I think i could implement the dictionary+ brute-force crypto1 attack on Arduino and make an on-the-fly MF classic cloner. No idea how quick or practical it would be but I’m treating this as a learning experience. I tend to reinvent the wheel a lot in my coding projects
It only works for me if I hold the chip exactly perpendicular to and crossing the antenna coil on it’s long edge. Mine runs off 3.3 volts as well but there may be differences between rc522 ic
Running it off 5v there was a noticeably increased range when reading cards, but i don’t know how potentially damaging that could be to the rc522. They are cheap though
where’s your implant? I have my XM1 in the outside edge of my hand and it’s a fair bit shallower than the one’s between thumb and index.
Do you get no reading at all adding the antenna gain line to the readUI code?
After playing around with it a bit more, It seems to work best with gain
RxGain_38dB = 0x05 << 4
or
RxGain_43dB = 0x06 << 4
Try a few more settings. As @Zwack referenced, you can find the gain values in the header file.
Have either of you tried this with an implanted x series? I think based on the comments I am seeing that I might need to switch to the PN532 for those.
)
