Proxmark3 community

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Best LF antenna for Implantable RFID chip

Hello,

I bought this Implantable RFID chip from this site: https://cyberise.me/21-rewritable-implantable-rfid-chip.html
But whatever I do i cant get a read from it nor write to it, the proxmark antenna is not good for this small chip.

The chip is injected in my hand and you can feel it and see it so i dont think its to deep. Im starting to panic now when i dont get a read from it nor write to it.

So if someone know about how to make or buy a good antenna for this small chip, please help me out

/morphine

ntk

Contributor

Registered: 2015-05-24

Posts: 701

Re: Best LF antenna for Implantable RFID chip

Sry, I can not help you with reading. But does it not hurt when you implant it. Just a image of a medical needle or metal sharp splint makes me already uncomfortable, but this, this is a size of a small nail!

and it causes you no infection? not ever?

Last edited by ntk (2016-08-28 14:34:44)

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

It did not hurt so much, but my face got all white and i started to feel dissy...dont like needles.  no infection no..

got this from the proxmark, what do you guys think of it?
pm3 --> lf search u
Reading 30000 bytes from device memory
         
Data fetched         
Waiting for a response from the proxmark...         
Don't forget to cancel its operation first by pressing on the button         
timeout while waiting for reply.         
NOTE: some demods output possible binary
  if it finds something that looks like a tag         
False Positives ARE possible
         

Checking for known tags:
         

No Known Tags Found!
         

Checking for Unknown tags:
         
Possible Auto Correlation of 1 repeating samples         

Using Clock:16, invert:0, Bits Found:912         
PSK1 demoded bitstream:         
0000000101010010
0000010101010101
0101010101010101
0101010101010101
0101010101011111
1101010101010101
0100101010101010
1010101010100101
0101011101010101
1010100101000000
0101010101010101
0000101001011010
0101010101010010
1001010101010101
0101010100101010
0000101101111010
1010101101010110
1001011010101010
1010101011000101
0101010101111101
1010100010010101
0001010101000101
0101010101010101
0101010101010101
0101010111110101
0101010101101010
1010101010110101
0101010101001010
1101101111010101
0100000101010101
0101010101010110
1001010101001010         
Possible unknown PSK1 Modulated Tag Found above!

Could also be PSK2 - try 'data rawdemod p2'         

Could also be PSK3 - [currently not supported]         

Could also be NRZ - try 'data nrzrawdemod

Last edited by morphine (2016-08-28 15:36:41)

ntk

Contributor

Registered: 2015-05-24

Posts: 701

Re: Best LF antenna for Implantable RFID chip

lf search u
data samples
data save

then sendspace  trace up is better.

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

OK, here is the link; https://www.sendspace.com/file/ughyvo

Last edited by morphine (2016-08-28 19:20:05)

ntk

Contributor

Registered: 2015-05-24

Posts: 701

Re: Best LF antenna for Implantable RFID chip

What SW have you?
antenna power is OK?

The package said it is a t55xx, so can you run
lf t55xx detect
lf t55xx config
lf t55xx trace/dump

Could also be that it initially has been written with a Chinese cloner which use PW so your PM3 could not write it any more.
lf t55xx should give you s.t. useful for clone

Is the trace reading consistent? I mean sometimes you should put the tag on its head, keep 3cm distance or float at 45 degree above antenna

Last edited by ntk (2016-08-28 20:26:30)

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

Here is some info:

[[[ Cached information ]]]

Prox/RFID mark3 RFID instrument
bootrom: icemanmaster/v1.1.0-1477-ged8c2ae-suspect 2016-08-25 19:35:24
os: icemanmaster/v1.1.0-1477-ged8c2ae-suspect 2016-08-25 19:35:33
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 216570 bytes (41%). Free: 307718 bytes (59%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

# LF antenna: 22.55 V @   125.00 kHz
# LF antenna:  9.49 V @   134.00 kHz
# LF optimal: 22.55 V @   125.00 kHz
# HF antenna:  1.03 V @    13.56 MHz
# Your HF antenna is unusable.
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

Chip Type  : T55x7
Modulation : DIRECT/NRZ
Bit Rate   : 0 - RF/8
Inverted   : No
Offset     : 42
Seq. Term. : No
Block0     : 0x0000001F

The modulation is most likely wrong since the ACL is not 0xE0.
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
00 | 0000000F | 0000000000000000000000000000111
01 | FFFFFFFF | 1111111111111111111111111111111
02 | FFFFFFFF | 1111111111111111111111111111111
03 | 0000001F | 0000000000000000000000000001111
05 | FFFFFFFF | 1111111111111111111111111111111
06 | 00000001 | 0000000000000000000000000000000
07 | 0000001F | 0000000000000000000000000001111
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
00 | FFFFFFFF | 1111111111111111111111111111111
01 | FFFFFFFF | 1111111111111111111111111111111
02 | 0000001F | 0000000000000000000000000001111

The chip is formated from the begining when i bought it to: FDX-A. So i must have done something with it when tryied to write to it.? And the chip have no password set on it.
I think the antenna is to big for this small chip.

Last edited by morphine (2016-08-28 21:02:39)

ntk

Contributor

Registered: 2015-05-24

Posts: 701

Re: Best LF antenna for Implantable RFID chip

The configuration you have is wierd: it is somehow wrong, but sets off coincidentally the bits RF/8, Direct, zero data, active PW and active Sequence Terminator.

Does that chip comply to what it supposes to worked on, before you have the present problem?

Could you do some LF's investigate/read after a power check. Some people on this forum have worked with microchip before, also Fdx-B and they had no problem with antenna,why now.

Appropos...
, I remember that recently iceman has a very strange read from a glass viable too, wonder you two possibly got them from same source

Last edited by ntk (2016-08-28 23:52:58)

iceman

Administrator

Registered: 2013-04-25

Posts: 9,537

Website

Re: Best LF antenna for Implantable RFID chip

My glass chip is not a t55x7,   I'm trying to figure out if its a ti-tag or somthing else.

However,  if OP's tag is t55x7,  he should use as @ntk mentioned the 'lf t55xx' commands.  The found configuration block seems false to me.  If OP used the cloner tool from that site, he'll need to use a password.  The two first pwd's in my default_pwd.dic file is known cloner tools password. 

But if you have looking for LF antennas , I've a kit of three antennas in different sizes.  You'll need to fix the connect to attach it to your pm3 though.   http://proxmark3.tictail.com/product/lf … ennkit-3st

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

Tack så mkt Iceman! Lagt en beställning. I´ll hope I can fix the connection

Ive have used the cmd: lf em4x em410xwrite tag 1 . This is the right cmd ? I have not used the cloner so their should be no password. But if I had used it, whats the right cmd when its password protected? This cmd resets the password right?: lf t55xx writeblockPWD 00148041 0 passwd

iceman

Administrator

Registered: 2013-04-25

Posts: 9,537

Website

Re: Best LF antenna for Implantable RFID chip

lets start with the beginning,  first your chip must be detected and read by the 'lf t55xx' commands.

The "lf t55xx writeblockPWD" ,..   hm,  use the latest PM3 master (compile and flash yr bootrom and fullimage aswell)
or go for my fork (same procedure)

Then you will have the most correct implementation for t55xx commands. 

As @ntk wrote,   

lf t55xx detect   -> if it fails,  you should hold yr antenna over different places to be able to energise yr small glasschip.

When you get a good detection,   yr modulation should most likley be  either ASK / FSK by default.   
After that, you can run the 'lf t5xx dump'  etc.

Once you have all that,  you can look into the 'lf em4x' commands.

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

OK, thanx, i have a hard time reading with the big antenna that i got with the proxmark. I hope the antennas i ordered from you works better with this small chip.

and yes, i have your fork, compiled just a few days ago..

No matter how i have the antenna, the big one. the cmd lf t55xx detect givs me ither:
Could not detect modulation automaticlly. Try setting is manually with l55xx config

one time i got this:

Chip Type  : T55x7
Modulation : DIRECT/NRZ
Bit Rate   : 0 - RF/8
Inverted   : Yes
Offset     : 37
Seq. Term. : No
Block0     : 0xF0000000

wich is wrong i guess..

Last edited by morphine (2016-08-29 09:40:21)

iceman

Administrator

Registered: 2013-04-25

Posts: 9,537

Website

Re: Best LF antenna for Implantable RFID chip

Still looks bad,  lets see what happens with the smaller antennas.

ntk

Contributor

Registered: 2015-05-24

Posts: 701

Re: Best LF antenna for Implantable RFID chip

@iceman,
very interesting links, why I have not seen it before.

I think @morphine should try with his arm

lf t55xx wipe
then
lf t55 config
now @morphine should be able to get something from the implanted chip like default 0x00088040

@morphine has written to implant chip meant the antenna has seen the chip. but which could be not optimal, I think, then the cause was "lf em4x em410xwrite tag 1",while the connection was not optimal, now chip presents a wrong UID, got a configuration randomly, also has PW bit set (possibly).

The way-out could be:
1/ wipe the current t55xx in your arm with "lf t55xx wipe", do lf se u to check wipe is working.
2/ take the original fob, do a "lf search u" to check what real UID it has, do several time make sure the UID coming out is consistent.
3/ lf em4x em410xwrite "UID in hex" 1
4/ do lf se make sure the written process is alright

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

OK,here some output:

Beginning Wipe of a T55xx tag (assuming the tag is not password protected)

Writing page 0  block: 00  data: 0x000880E0 pwd: 0x00000000
Writing page 0  block: 01  data: 0x00000000
Writing page 0  block: 02  data: 0x00000000
Writing page 0  block: 03  data: 0x00000000
Writing page 0  block: 04  data: 0x00000000
Writing page 0  block: 05  data: 0x00000000
Writing page 0  block: 06  data: 0x00000000
Writing page 0  block: 07  data: 0x00000000

then do a detect/config:

Chip Type  : T55x7
Modulation : ASK
Bit Rate   : 0 - RF/8
Inverted   : No
Offset     : 0
Seq. Term. : No
Block0     : 0x00000000

then search orginal fob
Reading 30000 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

EM410x pattern found:

EM TAG ID      :xxxxxxxxxxxx <- this is number to clone right? that works on my another test card
Unique TAG ID  : xxxxxxxxxxxx

Valid EM410x ID Found!

Writing T55x7 tag with UID 0xxxxxxxxxclock rate: 64)
#db# Started writing T55x7 tag ...
#db# Clock rate: 64
#db# Tag T55x7 written with 0xxxxxxxxx

then lf search u, in arm:
Reading 30000 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

No Known Tags Found!

Checking for Unknown tags:

Possible Auto Correlation of 1 repeating samples

Using Clock:16, invert:0, Bits Found:291
PSK1 demoded bitstream:
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0000000000000000
0010101010101010
1101010101011010
1010101010001010
1010101010101010
1010101010101010
10
Possible unknown PSK1 Modulated Tag Found above!

Could also be PSK2 - try 'data rawdemod p2'

Could also be PSK3 - [currently not supported]

Could also be NRZ - try 'data nrzrawdemod

Dont think its working... and it is not working with the new antennas i ordered im going to cut it out ..:/

Last edited by morphine (2016-08-29 11:29:19)

iceman

Administrator

Registered: 2013-04-25

Posts: 9,537

Website

Re: Best LF antenna for Implantable RFID chip

You could already tell by the detect after the wipe, that it doesn't work well.  You should have gotten the same block0 as you tried to write ie: 0x000880E0

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

Yes... I have to wait for the new antennas, and hope it works better.

when doing lf t55xx detect on the orginal fob its working as it should, but when in the hand its just says:
Could not detect modulation automaticlly. Try setting is manually with l55xx config

Thanks for all the feedback so far! off to work

marshmellow

Contributor

From: US

Registered: 2013-06-10

Posts: 2,302

Re: Best LF antenna for Implantable RFID chip

OK, here is the link; https://www.sendspace.com/file/ughyvo

that is one ugly read.  either too much interference or the antenna isn't focused enough.

it does appear to be ASK modulation. and i believe RF/32 data rate.  but it is to garbled to even read manually with any certainty.

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

Yepp, the LF antenna, the default one, is not good reading microchips. Hope iceman´s antennas will do the job

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

Thank you Iceman for today!! Very nice meeting you! And thank you for the beer

iceman

Administrator

Registered: 2013-04-25

Posts: 9,537

Website

Re: Best LF antenna for Implantable RFID chip

Very nice meeting you aswell,  I'm glad we got your tag written.  And fixing some antennas.

morphine

Contributor

Registered: 2015-12-17

Posts: 27

Re: Best LF antenna for Implantable RFID chip

Doing some mifare cracking here, hehe
I´ll will test the tag on monday at work!

iceman

Administrator

Registered: 2013-04-25

Posts: 9,537

Website

Re: Best LF antenna for Implantable RFID chip

Try yr pm3 kit  

Meanwhile, you can edit first post and add [solved] in your subject.
This thread is done