xNT w/HID iCLASS SE

The xNT’s UUID cannot be changed. It is unlikely that the reader will use data from the user memory of the xNT (that can be changed) to authenticate.

Have you scanned your existing card with an android app like TagInfo? This will tell you all you need to know if there is an implant you can use.

xLED

ok, so with TagInfo i confirmed I could ready my xNT, but it could not read anything from work card/badge

This is the secondary type of reader we use at the office https://www.cdw.com/product/RF-IDeas-pcProx-Plus-82-Series-RF-proximity-reader-USB/4848405?cm_cat=GoogleBase&cm_ite=4848405&cm_pla=NA-NA-RF1_MX&cm_ven=acquirgy&ef_id=Wo8a8wAAALWbOhAj:20180601181314:s&s_kwcid=AL!4223!3!198553132230!!!g!338631845896!

It will read our badges, but not my xNT as well.

It could be a LF (125khz) HID card that you might be able to clone to an xEM.

Thanks I guess I’m going to need another implant… has anyone made a placement guide for multiple chips in one hand?

has some data…

1 Like

Just picking this back up, if I can’t read my work badge with taginfo on my android phone how do I know what chip would work to clone it?

if you updated to Android Pie, it could be difficult to read an implant.

I have also the xIC implanted and it took with TagInfo about a minute to read it - with the older system it was quick.

The best stuff is, ask at your company. You can’t clone HF Cards (only mifare classic yould work, but at the moment there isn’t a xM1+ avaible

The first thing you need to do is identify the card. Does it have any markings in the corner next to a small blue HID logo?

If you can’t read the badge with your phone, then in all likeliness, the reader you said it is is not correct.

You can’t ID HID readers from the outside. They all look the same and the can be radically different inside. It does little to identify the card.

You want answers but it requires other information and tools to gather that information. Invest in these tools and it will be a lot easier to answer your questions…

At the very least you should have an xLED HF and xLED LF. I would get the RFID Diagnostic Card. All available on the DT website.

I agree. Get the diagnostic card and hold it up to the reader. That’ll give a pretty definitive statement as to whether or not it’s 125k or 13.56. I’ve personally seen and installed HID multiClass readers that do both the old 125k style and newer 13.56. It’s very possible your installer just put them in for forwards compatibility - although they look like iClass they bear a different nameplate. Could be a weird fluke or not, who knows. Most likely the reader is just getting what it thinks as garbled data and refusing to read - like when you scan an EM card on an HID reader, nothing happens. There’s also a small possibility that the reader is programmed to not even make any outwards signs that it read an invalid card although that’s unlikely unless you’re in some crazy secure facility with 3-letter agencies.

Bottom line, get a diagnostic card. They’re cheap and work for way more than just this.

Unfortunately our badges are very custom and do not have any markings that would explain anything about its technology or standards. I’m 100% sure that the USB reader i linked to is the correct one (as its the one that we can request from our internal hardware store) but I do know that our physical security does flash/configure the device with some sort of custom setup before they’re usable.

I’ll order the diagnostic card and see if I can learn anything from that. Physical Security isn’t willing to give me any details about the badges or readers only to allow me to clone my existing badge if I can provide a compatible proxy for our badge.

If you can read your work badge with your android phone it is almost 100% likely to be 13.56Mhz.

Does TagInfo give you any details about the type of chip it is seeing when you scan it with your phone? I’m wondering it the HID iClass reader just reads the UUID or if it does anything else (such as read/interact with the card)

This sounds like your work badge is a 125khz card then. If your phone isn’t getting anything from it, then it very likely is an RFID badge not NFC. I personally have an xEM and xNT, and use my xEM for scanning in at work. For me I cloned my work badge using one of those “10 Frequency RFID Cloner” machines, though people have had success with the cheap blue HID Cloners you can get on Amazon. Getting one of the DT RFID diagnostic cards which will tell you 100% whether the readers you have at work are 13.56mhz or 125khz is what I would do as a first step before investing in another implant.

Got my card, The readers on the doors did read as HF 125

You’re going to need an xEM. Depending on the reader’s config you’re looking at (most likely) HID Proxcard, or (less likely but possible) Indala or EM. All can be done with the xEM (not xNT). Due to the unknown nature of what you’re working with I’d suggest a Proxmark just to make your life a bit easier when it comes down to cloning it. If I were you I’d just go and have security program a new “badge” using the chip instead of cloning as this gives better security. Just generate a random facility code and card code and securely give those to security.

Hmm… HF is 13.56MHz … LF is 125kHz … which did you mean to say?

I second that suggestion.

1 Like

Just to confirm. We use an iClass reader at work.

Scanned my xNT to get an authentication fail in the logs. Added the serial number as appeared in the logs (had trouble working it out from my phone) and worked excellent.

1 Like

Can you give any more info on this?

I’m kind of in the opposite situation
I need to make SOMETHING look like an iclass
But I don’t have anything to copy

I have a reader now that will only read iclass, and is only 13.56, but I can’t get it to recognize anything since as far as I can tell nothing is configured to show up as an iclass

This is the first evidence that I can put an iclass id onto a ntag

You can’t put an actual iClass card type credential onto an NTAG, but iClass readers can be set to work with any ISO1443a tag using UID only. Sounds like this lower security mode was enabled on @JamesW’s reader so when xNT was scanned, they just copied the UID out of the logs and used that.

The iClass readers can also use an iClass credential on a Mifare Classic (these cards will have MF written on the back near the card number usually but not always) and these are a good candidate for xM1s, but you’d need an iClass cred and UID details to put on it.

If either of these two modes isn’t enabled, I believe you’re SOL unless you buy a configuration card (like @cexshun did to change modes on his reader)

Hope that help clarifies things, HID don’t make it easy to figure out!

1 Like

The reader I’m monkeying with, states it will only work with iclass se or seos I believe, doubt that helps my case

I was afraid that he was using his xNT as it’s own thing and not an iclass

I HAVE a xm1, and a couple mifare cards but have been unsuccessful to get those to read either… think it needs to be formatted somehow