Authors: jrjgjk & Zolorah Frequency: LF (125 kHz) Hardware: RDV4 (requires flash for logging)
Back to Standalone Modes Index | Source Code | Development Guide
Passively sniffs and logs Nexwatch/NexKey ID credentials to flash memory. Decodes the magic bytes and mode information from each captured card.
Nexwatch (by Honeywell) is an access control card format found in commercial buildings. This collector silently harvests Nexwatch credentials over time, analogous to IceHID but specifically targeting the Nexwatch protocol with full decode information.
- Continuously samples the LF antenna using PSK demodulation
- Attempts Nexwatch-specific decode on each signal burst
- On successful decode, extracts the magic bytes, mode, and ID
- Logs the decoded credential to
lf_nexcollect.logon flash - Repeats until button hold or USB exit
| LED | Meaning |
|---|---|
| A (solid) | Reading / recording LF signal |
| B (solid) | Writing to flash |
| C (solid) | Unmounting / syncing flash |
| Action | Effect |
|---|---|
| Hold 280ms | Exit standalone mode |
| USB command | Exit standalone mode |
stateDiagram-v2
[*] --> Sample : Startup
Sample --> PSKDemod : LF signal detected
PSKDemod --> NexDecode : PSK decoded
PSKDemod --> Sample : PSK decode failed
NexDecode --> LogFlash : Nexwatch ID found
NexDecode --> Sample : Not Nexwatch
LogFlash --> Sample : Logged, continue
Sample --> [*] : Button hold / USB data
- Log file:
lf_nexcollect.logon SPI flash - Each entry contains decoded Nexwatch credentials with magic bytes and mode
- Retrieve with:
mem spiffs dump -s lf_nexcollect.log -d lf_nexcollect.log
make clean
make STANDALONE=LF_NEXID -j
./pm3-flash-fullimage
- IceHID Collector — Multi-format LF collector (HID/AWID/IO/EM)
- Tharexde EM4x50 — EM4x50 collector