Looking for advice on first implant project.
  • slicedbradslicedbrad August 2016
    Greetings! I wanted to make a post to get some advice on an NFC implant in my hand.

    My first concern is some contradicting information on the dangerousthings.com website. Under their FAQ a line reads, "At this time, none of our products in the 13.56MHz frequency range can be re-programmed with new IDs." This seems to go against the description of the xM1 chip, which reads, "The xM1 can be read and written to by many types of 13.56MHz RFID systems." Can I, or can I not, write to this tag? I am quite confused.

    My second concern is finding the right implant for my idea. I use an ID regularly with an aptiQ 8520M1 NFC chip. I wanted to copy the UID from the chip and write it to the chip I am interested in putting in my hand. I believe the xM1 chip is the correct type of chip. I am new to NFC technologies and I cannot seem to find a straight answer on whether or not it is possible to clone my physical card.

    Lastly, I wanted to give some more info on the physical card I am interested in working with. As mentioned, it is an aptiQ 8520M1 card. When I read it with my phone's NFC reader, It gives me a UID and lists IsoDep, NfcA, and NdefFormatable under "technologies" for the card.

    Any help is appreciated! I am excited to find this new community! Thanks!
  • MeanderpaulMeanderpaul August 2016
    I haven't specificly looked at the faq for dangerous things but to me the trump description would be the product. In other words I'd trust what he typed in with the product over the FAQ simply because the product will most likely be the newer updated info then the FAQ which could have been made when the site first started.

    That felt like one hell of a run on sentence.

    Basicly if the product says it can I would trust that but hey let's ask @amal since he is dangerousthings!
  • amalamal August 2016
    Hi guys,

    The xM1 is based on the Mifare S50 1K chip from NXP which is not NFC compliant, though it is ISO14443A. If you have a phone that uses an NFC controller from NXP, it comes with a built-in hardware license to be able to read and interact with "Mifare" chips like the S50 and S70 using NfcA (dumb name for the class since it's not NFC). If your phone uses a Broadcom chip or some other NFC reader chip/controller, you will not be able to do much besides obtain the UID since the UID is part of the selection process... but going beyond that and actually reading or writing data to the xM1 with that phone will not be possible.

    Furthermore, the S50 chip from NXP does not allow you to change the UID bytes in Sector 0. There are unlicensed chinese knock-off chips that "look like" legit mifare chips to readers, and their UID bytes can be changed... but aside from one small batch of huge prototypes I made, we do not have any in inventory and do not offer them for sale. I don't trust chinese chip makers very much because they disregard patent law and I presume their look alike chips will have one, possibly multiple, badly constructed back doors to allow complete reconfiguration of the chips, or at best a simple bypass of any security actually implemented via the Mifare key system. 

    Admittedly, for the purposes of cloning another system's card data to an implant, it does seem enticing... but rather than focus our efforts on knock offs of decades old RFID technology with severely cracked/defanged security protections (cyrpto1 used by Mifare is easily cracked with a proxmark iii), we've decided to focus on the future by developing UKI - www.myuki.com ... which, incidentally, will be able to emulate any Mifare or even DESFire card via javacard application that can be loaded on to it from your NFC phone.
  • slicedbradslicedbrad August 2016
    Thanks for the answer! I am highly interested in an implant but I can only justify the expense and the risk if it is going to be of some significant use for me. Other than my organizational ID, I do not use any NFC tech in my daily life. I don't own my own house either and have no use for NFC locks or such.

    It seems far fetched since the tech seems more complicated or secure, but is it possible to start cars with an implant without significant modifications to the car? Are there any other practical uses of an implant?

    I really appreciate all your advice!
  • MeanderpaulMeanderpaul August 2016
    It is possible to do with out heavy modding on a car. I thank amal actually has a video of him and a motorcycle with the setup. A couple of us have modified the set up in our own ways but the basis is the same. Also @amal I will be ordering that set up from you next week since my income has come up slightly ;)
  • slicedbradslicedbrad August 2016
    I took a look at the UKI and signed up for more information. How is the closed beta going to operate, @amal? I would be very interested in testing it out as it seems to have a great number of uses for my lifestyle.
  • amalamal August 2016
    Modding things in your world to use the implant does require a certain level of skill and outright tenacity. Modding my bike was easy compared to my 2004 VW that has all kinds of anti-theft measures built in.. but if you are lucky enough to have a really old car with none of that shit, or a really new car with "keyless" feature where you just keep the key in your pocket, then it's really damn easy to mod.

    If you're looking for an easy setup for simple access control applications check out the xEM chip and xEM Access Controller;

    https://dangerousthings.com/shop/xemi-em4200-2x12mm-injection-kit/

    https://dangerousthings.com/shop/125khz-em4200-access-controller/

    @slicedbrad the UKI is close to beta... we have to wait a few more months until we have access to the chips.. the chip we selected is not even out yet aside from the few engineering samples we received from the manufacturer.
  • ightdenightden August 2016
    how big will the UKI be, similar to the flexNTs?
  • slicedbradslicedbrad August 2016
    I would love to be a part of the UKI beta. I could maybe even receive funding from my school if I did some research and turned it into a security research/report.

    As for my car, its a 2010 model with a wireless key that I usually keep in my bag. I just bought it though, and it is my first car so I'm very hesitant to tamper with it.