xM1 “magic” 1k
The xM1 is a Mifare “Magic” 1k gen1 chip emulator with a writable sector 0 and “Chinese Magic Backdoor” feature. This allows you to change the 4 byte ID (serial number) of the chip and overwrite all pages in every sector, including Sector 0, regardless of A/B key values or access bit settings.
More DetailsWARNING This kit definitely contains dangerous things. While our x-series chip implants have undergone several quality checks during manufacture, and have been put through a battery of tests, they have not been certified by any government regulatory agency for implantation or use inside the human body. Use of this device is strictly at your own risk.
The xM1 kit contains the xM1 tag and all the sterile procedure materials required for a professional to perform installation. The xM1 tag is made with a 13.56MHz ISO14443-A compliant “Classic 1k” emulator chip, which is encased in a biologically safe 3x13mm cylindrical bioglass tube. The bioglass cylinder is laser sealed and the finished xM1 tag is tested for function before loading into the injector assembly, and the whole injector assembly with xM1 tag inside is EO gas sterilized.
What’s so great about the xM1 ?
For many years the Mifare MF1ICS50 1k chip was used for all kinds of applications as a “secure chip” for everything from access control to stored value cards, and used for making localized payments within closed systems like public transit and laundry services. However, it uses a security mechanism called “crypto1” which is a simple, proprietary encryption mechanism that hardly has anything to do with modern cryptography. It has been broken for many years now, but the sheer number of systems out there that still use it means the Mifare S50 1k will continue to be used by legacy systems around the world for years to come. So now, you can crack the security on those cards and clone their content (including the ID “serial number”) to your xM1!
Important Things To Know
- 13.56MHz ISO14443A Mifare “magic” 1k emulator chip
- Emulates Mifare MF1ICS50 1k chip with “Chinese Magic Backdoor”
- 4 byte ID and all of sector 0 is writable using CMB commands
- 10 year data retention. Rated for 100k writes per memory block.
- Encased in 3mm by 13mm bioglass with non-toxic epoxy
- Pre-tested and pre-loaded in sterile injection assembly
- No “anti-migration” coating means easy removal/replacement
The xM1 kit contains the following products and materials, which are designed to enable you to bring the kit to a professional installation partner for installation.
- 1 sterile injector assembly, pre-loaded with xM1 chip implant
- 2 single use ChloraPrep antiseptic wipes
- 1 sterile gauze pad for post-installation wound care
- 1 sterile expandable-fabric adhesive bandage
- 1 pair of non-sterile, non-latex procedure gloves
The following accessories also come with the xM1 kit. These accessories are “field detection” tools designed to assist you with identifying the type of readers you may encounter, but also the best location and orientation to present your xM1 chip implant to any reader to get reliable performance.
- 1 RFID Diagnostic Card
- 1 13.56MHz X Field Detector
Our X Field Detectors (XFD) will show you the best position and orientation to present your chip implant to any readers of the same frequency, while our RFID Diagnostic Card will tell you all about the frequency and duty cycles of random readers you encounter in the wild.
How to clone cards to the xM1
The first thing you have to do is ensure your source card or fob is a 4 byte “Classic” 1k card, not a new 7 byte “Mifare 1k” card. With the discovery of Crypto1 vulnerabilities in the “Classic” Mifare S50 1k and S70 4k chips, NXP (the company who makes Mifare chips) released a number of different updated versions of Mifare chips. These include Mifare Plus 1k and a Mifare “Classic” 1k EV1 (evolution one) chip. The memory structures of these new chips are identical to the real “Classic” 1k chips but they have 7 byte UIDs not 4 byte IDs. While new attacks on these new chip types do exist, success is limited and you will not be able to copy the complete 7 byte ID number to the xM1 since it only supports 4 byte IDs. If you have a Mifare “Classic” S50 1k card or fob you want to clone to your xM1, there are a few tools you can use.
We’ve curated a couple tools from the internet (so, right there, you might want to consider skipping this option). It requires Windows and an ACR122U reader. You can download this toolset from here. Below is a video of how to use these tools.
By far the most powerful tool is the Proxmark3 – an RFID diagnostics and security research tool that is open source, so it comes in many flavors, shapes, an sizes. It’s flexibility and ability to update the firmware to support the latest security tactics and tools means it’s a great investment for anyone wanting to experiment with RFID. While we do not offer a guide for how to use the Proxmark3 to clone Mifare cards to your xM1, there are plenty of other guides already written that detail how it’s done.