xM1 “magic” 1k
The xM1 is a Mifare “Magic” 1k gen1 chip emulator with a writable sector 0 and “Chinese Magic Backdoor” feature. This allows you to change the 4 byte ID (serial number) of the chip and overwrite all pages in every sector, including Sector 0, regardless of A/B key values or access bit settings.
We are reintroducing a small quantity of fully tested xM1 3mm glass implants. This small run is meant to test improved performance and validate the stability of the “magic” silicon chip from a new supplier. NOW SHIPPING.
WARNING: This kit definitely contains dangerous things. While the xM1 transponder device has undergone several quality checks during manufacture and has been put through a battery of tests within our lab, it has not been tested or certified by any government regulatory agency for implantation or use inside the human body. Use of this device is strictly at your own risk.
The xM1 kit contains the xM1 tag and all the sterile procedure materials required for a professional to perform installation. The xM1 tag is made with a 13.56MHz ISO14443-A compliant “Classic 1k” emulator chip, which is encased in a biologically safe 3x13mm cylindrical bioglass tube. The bioglass cylinder is laser sealed and the finished xM1 tag is tested for function before loading into the injector assembly, and the whole injector assembly with xM1 tag inside is EO gas sterilized.
For those of you familiar with our previous offering, the xM1+, we’ve improved RF performance to nearly double the typical read range of the original xM1+. We’ve done this by optimizing the antenna tuning and optimizing the L/C circuit specs for power transfer at the sacrifice of Q-factor and bandwidth. These sacrifices are not relevant to the Mifare protocol though since the original Mifare S50 chips were low bandwidth compared to today’s newer faster chips.
What’s so great about the xM1 ?
For many years the Mifare MF1ICS50 1k chip was used for all kinds of applications as a “secure chip” for everything from access control to stored value cards, and used for making localized payments within closed systems like public transit and laundry services. However, it uses a security mechanism called “crypto1” which is a simple, proprietary encryption mechanism that hardly has anything to do with modern cryptography. It has been broken for many years now, but the sheer number of systems out there that still use it means the Mifare S50 1k will continue to be used by legacy systems around the world for years to come. So now, you can crack the security on those cards and clone their content (including the ID “serial number”) to your xM1!
Important Things To Know
- 13.56MHz ISO14443A Mifare “magic” 1k emulator chip
- Emulates Mifare MF1ICS50 1k chip with “Chinese Magic Backdoor”
- 4 byte ID and all of sector 0 is writable using CMB commands
- 10 year data retention. Rated for 100k writes per memory block.
- Encased in 3mm by 13mm bioglass with non-toxic epoxy
- Pre-tested and pre-loaded in sterile injection assembly
- No “anti-migration” coating means easy removal/replacement
How to clone cards to the xM1
The first thing you have to do is ensure your source card or fob is a 4 byte “Classic” 1k card, not a new 7 byte “Mifare 1k” card. With the discovery of Crypto1 vulnerabilities in the “Classic” Mifare S50 1k and S70 4k chips, NXP (the company who makes Mifare chips) released a number of different updated versions of Mifare chips. These include Mifare Plus 1k and a Mifare “Classic” 1k EV1 (evolution one) chip. The memory structures of these new chips are identical to the real “Classic” 1k chips but they have 7 byte UIDs not 4 byte IDs. While new attacks on these new chip types do exist, success is limited and you will not be able to copy the complete 7 byte ID number to the xM1 since it only supports 4 byte IDs. If you have a Mifare “Classic” S50 1k card or fob you want to clone to your xM1, there are a few tools you can use.
We’ve curated a couple tools from the internet (so, right there, you might want to consider skipping this option). It requires Windows and an ACR122U reader. You can download this toolset from here. Below is a video of how to use these tools.
By far the most powerful tool is the Proxmark3 – an RFID diagnostics and security research tool that is open source, so it comes in many flavors, shapes, an sizes. It’s flexibility and ability to update the firmware to support the latest security tactics and tools means it’s a great investment for anyone wanting to experiment with RFID. While we do not offer a guide for how to use the Proxmark3 to clone Mifare cards to your xM1, there are plenty of other guides already written that detail how it’s done.