// the find
RfidResearchGroup/ChameleonUltra
The new generation chameleon based on NRF52840 makes the performance of card emulation more stable. And gave the chameleon the ability to read, write, and decrypt cards.
ChameleonUltra is open-source firmware for a physical NFC/RFID research device built on the nRF52840 SoC. It can emulate HF cards (MIFARE Classic, NTAG, ISO14443-A) and LF cards (EM410x, HID Prox, and others), while also acting as a reader/writer. This is for security researchers, pentesters, and hardware hackers who work with physical access control systems.
The hardware pairing is real: the nRF52840 gives you BLE, USB, and enough horsepower to do Crypto1 key cracking on-device, which older chameleon hardware couldn't manage. The protocol coverage is genuinely wide — LF demodulation handles FSK, PSK, Manchester, and biphase encoding separately, which is the correct approach rather than one-size-fits-all. The GUI companion app (ChameleonUltraGUI) is a separate project that actually looks maintained, so you're not stuck with a CLI. Build system uses Docker for the toolchain, so you're not fighting ARM GCC version hell on your local machine.
The README is basically a distributor list and a link to the wiki — if the wiki goes down or drifts, new users are stuck. The nRF5 SDK is vendored directly into the repo (firmware/nrf52_sdk/), which means the tree is massive and updates to the SDK require manual merging rather than a package bump. LF write support is thin: T55xx is referenced in headers but the actual write path isn't obvious from the tree, and several LF protocols appear to be read-only. No formal threat model or disclosure policy — for a tool explicitly designed to clone access cards, the absence of any responsible use documentation is a gap that will matter more as it gets mainstream visibility.