xMagic Chip Implant

The xMagic implant contains two microchips inside which are fully re-programmable to emulate a range of common types of cards, fobs, and access badges in both 13.56MHz and 125kHz frequencies.

X-Series FAQ Partner Map


More Details

WARNING This kit definitely contains dangerous things. While our x-series chip implants have undergone several quality checks during manufacture, and have been put through a battery of tests, they have not been certified by any government regulatory agency for implantation or use inside the human body. Use of this device is strictly at your own risk.

The xMagic kit contains the xMagic chip implant and all the sterile procedure materials required for a professional to perform installation. The xMagic has two chips inside, a 13.56MHz ISO14443-A compliant “Magic” Mifare S50 Classic 1k gen1a emulator chip, and a 125kHz T5577 emulator chip. Both chips are encased in a biologically safe 3x15mm cylindrical bioglass tube. The bioglass cylinder is laser sealed and the finished xMagic is tested for function before loading into the injector assembly. Then the injector assembly with xMagic tag inside is placed into a sterilization pouch and sterilized with ethylene oxide (EtO) gas.

What’s so great about the xMagic?

Generally speaking, RFID and NFC chips have read-only unique IDs. These are used as a sort of serial number, which cannot be changed. The xMagic has two different chips inside which are designed to emulate many different types of commonly used simple RFID chips found in access badges, key fobs, gym cards, etc. This means you can copy or clone both the ID (serial number) of many types of chips to the xMagic!

13.56MHz Magic Mifare 1k gen1a 
One of the chips in the xMagic is the “Magic Mifare 1k” emulator chip. For many years the Mifare MF1ICS50 1k chip was used for all kinds of applications as a “secure chip” for everything from access control to stored value cards, and used for making localized payments within closed systems like public transit and laundry services. However, it uses a security mechanism called “crypto1” which is a simple, proprietary encryption mechanism that has anything to do with modern cryptography standards. Even though crypto1 has been broken for many years now, the Mifare Classic 1k is still commonly used in all sorts of access control systems. That means you can crack the security on those cards and clone their content (including the ID “serial number”) to your xMagic using devices like our Proxmark3!

125kHz T5577
In addition to the Magic Mifare 1k emulator chip inside the xMagic, we also have the 125kHz T5577 chip which is designed to be able to emulate a wide array of chip types in the 125kHz range. Typically key fobs and access cards used for things like gym memberships, gates, apartment complexes, etc. which use a 125kHz chip are very cheap and have no encryption or security at all, making it extremely easy to copy an ID from one of these devices into your T5577 emulator chip using our Proxmark3 device!

What can this chip implant do?

Copy certain HF 13.56MHz chip IDs to this chip
Copy certain LF 125kHz chip IDs to this chip
Some types of access control applications
Scan this chip implant to log into your computer

What this chip implant can’t do

Share data with NFC enabled smartphones
Trigger events on NFC devices like smartphones
Can’t make payments with this chip implant
Chip implants can’t be used for GPS or tracking

Important Things To Know

13.56MHz Magic Mifare Classic 1k Emulator

  • Emulates Mifare MF1ICS50 1k chip with “Chinese Magic Backdoor” (CMB)
  • 4 byte ID and all of sector 0 is writable using CMB commands
  • Proxmark3 can clone Mifare Classic 1k badges, fobs, cards, etc. to xMagic
  • 10 year data retention rated for 100k writes per memory block
  • Pre-tested and pre-loaded in sterile injection assembly
  • No “anti-migration” coating means easy removal/replacement

125kHz T5577 LF Chip Emulator

  • Emulate common EM41xx, EM4200, HID, Indala (and more!) chips
  • Proxmark3 can clone common 125kHz badges, fobs, cards, etc. to xMagic
  • T5577 chip is preprogrammed in EM41xx mode with a 40 bit unique ID
  • 10 year data retention rated for 100k writes per memory block
  • Pre-tested and pre-loaded in sterile injection assembly
  • No “anti-migration” coating means easy removal/replacement

Kit Contents

The kit contains the following products and materials, which are designed to enable you to bring the kit to a professional installation partner for installation.

  • 1 sterile injector assembly, pre-loaded with xMagic chip implant
  • xMagic encased in 3mm by 15mm bioglass cylinder with non-toxic epoxy
  • 2 antiseptic wipes to disinfect installation site
  • 1 sterile gauze pad for post-installation wound care
  • 1 sterile expandable-fabric adhesive bandage
  • 1 pair of non-sterile, non-latex procedure gloves

Kit Extras

The following accessories also come with the kit. These accessories are “field detection” tools designed to assist you with identifying the type of readers you may encounter, but also the best location and orientation to present your xMagic chip implant to any reader to get reliable performance.

  • 1 RFID Diagnostic Card
  • 1 13.56MHz Field Detector Keychain
  • 1 125kHz Field Detector Keychain

Our X Field Detectors (XFD) will show you the best position and orientation to present your chip implant to any readers of the same frequency, while our RFID Diagnostic Card will tell you all about the frequency and duty cycles of random readers you encounter in the wild.

A review of the RFID Diagnostic Card & X Field Detector devices


How to clone cards, fobs, etc. to the xMagic

By far the most powerful tool you can use to work with RFID chips is the Proxmark3. It’s an open source RFID diagnostics and security research tool, so it comes in many flavors, shapes, and sizes. It’s flexibility and ability to update the firmware to support the latest security tactics and tools means it’s a great investment for anyone wanting to experiment with RFID. Here are some example videos that show how to use the Proxmark3 to clone both Mifare 1k and T5577 cards and fobs.

Mifare S50 Classic 1kB cloning
The original 4 byte “Classic” 1k Mifare card has only 4 bytes for an ID, and uses the vulnerable version of Crypto1 protocol. NXP (the company who makes Mifare chips) released a number of different updated versions of Mifare chips, including the Mifare Plus 1k and a Mifare “Classic” 1k EV1 (evolution one) chip. The memory structures of these new chips are identical to the original vulnerable “Classic” 1k chips but they have been updated with improved cryptographic algorithms and have 7 byte IDs not 4 byte IDs. While new attacks on these new chip types do exist, success is limited and you will not be able to copy the complete 7 byte ID number to the xMagic since the mifare emulator chip inside only supports 4 byte IDs.

You can check the chip type in your 13.56MHz card and fobs using the Proxmark3 or in some cases by scanning them with an NFC capable Android phone using the TagInfo app.

125kHz chip cloning
There are many types of 125kHz chips in use today that can be emulated by the T5577 chip in the xMagic. They have no security features, just different communication protocols. The T5577 chip is highly configurable so it may emulate many types of these communication protocols, making it a highly versatile chip! You can use the Proxmark3 to clone the following types of 125kHz LF (low frequency) chips to the xMagic. Currently that list includes; AWID, COTAG, EM, FDX-B, Gallagher, Guarall Prox II, HID Prox, Idteck, ioProx, Jablotron, Keri, Motorola, Nedap, NexWatch, Noralsy, PAC/Stanley, Paradox, Presco, Farpointe/Pyramid, Securakey, and Viking.