I posted a blog highlighting some videos and stories from the recent “RFID Implants and Biohacking Class” (https://talk.dallasmakerspace.org/t/rfid-implants-and-biohacking-class-9-19-12pm-1pm/4704), and upcoming “RFID, NFC Implants & Biohacking” class (https://talk.dallasmakerspace.org/t/rfid-nfc-implants-biohacking-january-23rd-2016-11-00am/6877)…
4 Likes
Don’t forget… Any active Dallas Makerspace member can write a blog post!
Check out this thread for more information: The Blog + Se7en
Or check out the shiny new wiki entry about posting to the blog:
2 Likes
Does this mean the Mitchster and others have a Silicone implant?
1 Like
Bioglass actually. 
An RFID tag encapsulated in [8625] (http://www.us.schott.com/epackaging/english/glass/transponder.html?highlighted_text=8625 8625)
I just realized that some recent posts I thought I was sharing with the entire space via Discourse were actually part of a group PM thread. I re-post them here because it is relevant to some other discussions and perhaps some of you will enjoy the videos,
Here’s one where I demonstrate using a cheap Chinese cloner to re-write my implant:
For your amusement…
Try not to let the edited-on-a-phone-using-the-first-app-i-tried production value be too distracting.
https://drive.google.com/file/d/0B4MXdNsnIo77MXdfUTczOC02bkk/view?usp=docslist_api
This is a purely fictitious demonstration of what one could very realistically in most places of work accomplish very easily and in no way should this be interpreted as being done by a real employee at his real place of work. A “dramatization”, but not special effects, if you will. (Clarification: the “found” card was my own. I did not exceed my authorized access or use anyone else’s credentials. I’d rather not get fired over a misunderstood video. Thanks. )
Stayed tuned for the next installment which involves having the protagonists bag searched before entering a secure datacenter, checking out a badge to get into the needed part of the facility, returning said badge, having bag checked on the way out yet somehow, somewhere leaving with a copy of the badge.
It isn’t quite Johnny Mmemonic, but it does give some interesting ideas about smuggling/theft in the digital age, no?
upon being asked about HID/EM42xx on the same tag:
The ATA5577 (or T5557/ATA5567 or whatever is in your hand, ymmv) in our implants is capable of many different data rates and encodings, (11784/5 hdx, fdx, etc.) depending on what is written to certain configuration blocks of the 363-bit eeprom, which means it essentially emulates an em43xx, em42xx, if that’s how its bits were set. So… the Atmel ATA5777 is presently the current IC, and it replaces the 5xx7 and previous models, which are all capable of being written to just like they were an Emmi em4200. (For what is worth, when the 4200 came out, it too was backward compatible with the 4100 and could be written for ISO11784/5, others. It just doesn’t make sense to keep manufacturing slower clock rate, smaller memory tags, when the newest one can be programmed to act just like the older one.
Now, em4200’s are normally shipped with lock bits set and a password so they are read-only, except by the manufacturer. When HID orders a bunch of 5777’s from atmel to act as read-only em4’s they use “traceability registers” for 32 or 36 bits of the memory I think. (Think MAC OUI plus batch/lot number) But if you or I or a small Chinese vendor just buys a couple hundred 5777’s blank to program in-house, you probably don’t have such requirements - you just want the chips and don’t really care… Here is where it gets interesting… it seems most every implantable 125 kHz tag I’ve seen is an at5xxx that is either a) not programmed with a unique ID at all, and thus no operating mode defined until first programmed or b) was programmed by a machine using the same Chinese IC as everyone else, which happens to be the same chip in the little hand held cloners I’ve mentioned in a previous post), which means they all come with either no password or the same password as everyone else which the 32-bits decimal: 51243648. No, really.
In summary, the ones we received were ata5xx7’s, programmed as em4200’s, and with that same password set by their manufacturer before sending them to DT. Then I bought another much smaller one elsewhere that was just a t5777 in a capsule, not programmed, no serial. Or perhaps our chips from DT just had no password set. (They will if you write them with my cloner, whether they did before or not. )
The 32-bit password is only validated when WRITING to the chip and if it doesn’t match, the chip just goes to normal read mode operations. My experience has been that different readers/writers from similar gray-market-quality generic Chinese vendors is that odds are, you can rewrite any cheap EM or ATA 125 kHz rfid tag with one of these things since they either have no password initially or, as many do, use 51243648 already regardless of where they were sourced.
Tired. Rambling. Going back to bed. Did I even answer the question? Oh yeah…HID and EM was the question. Yes, I often switch between my parking garage and my DMS badge, and other random badges I surreptitiously read, having disabled the leds and beeps.of the cloner
Carry on.
–VR
2 Likes
1 Like