Reprogramming the DT-xEM for use with HID readers

Recently started a new job, large building and every door locked with HID RFID readers and everyone has a RFID keycard around their neck to open the doors.

I already had the Dangerous Things xEM ATA5577 microchip in my left arm (EM400 emulation) but I bought an unwritten ATA5577 chip from cyberize.me.

I did the initial tests on the cyberize chip, still in the packaging and when I got that working I decided to try to write it to my DT chip.

While the standard readers managed to read both chips very well the keypad readers had a very hard time reading the cyberize.me chip, even though it wasn’t even inside me.

 

I tried using a handheld RFID copier I bought online but it didn’t work

 

41+Q4XkbM1L._SX466_

(Thankfully these are quite cheap)

I knew I could do this with the Proxmark3 but at 450$ I thought it was too expensive, so I decided to try out some cheap RFID writer from aliexpress

Capture

(I believe multiple versions of this exist, not all supporting HID cards)

In the aliexpress listing was a download link for the software for it, hosted on a Chinese server, it was pretty hard to navigate so I decided to keep a copy on my server as all

Download writer software

The software is very minimalist but it does its job. It can read and write ID’s

Capture2

While getting the RFID reader/writer to read my keykard was very easy it did have a hard time reading the small RFID implant, I attempted to remove the antenna from the reader but it was hot glued to the plastic case (real quality construction) but after some trial and error I managed to find a small “sweetspot” on the reader where I was able to read and write the chip

rr

(by pressing my arm against this location and spamming the write button I finally manged to write to the chip)

  • Note: The writer software adds 1 to the ID each time write is pressed, to write a specific ID to it you must keep correcting the ID

 

 

I had a friend assist me with the final writing to the chip, him correcting the ID and spamming the write button while I moved the writer around on my skin.

And voilla, the DT xEM chip now works with the HID keycard system at work

Leave a Reply

Your email address will not be published. Required fields are marked *

Developed by nadzHQ