iCopy-X / iCopy-XS — Side-by-Side Comparisons: PM3 RDV4, Flipper Zero, Cheap Duplicators, Chameleon Family

The engineering-detail comparison — what shares silicon, what shares ideas, what shares nothing, and which combinations make sense

1. The comparison framework

Vol 1 §4 sketched the decision graph at the executive-summary level: portability versus capability, with the iCopy-X anchored at one extreme (handheld, push-button, vendor-closed appliance) and the Proxmark3 RDV4 anchored at the other (laptop-tethered, scripted, fully open). That sketch is correct as far as it goes. This volume goes further. Each of the four major comparisons — against the Proxmark3 RDV4, against the Flipper Zero, against the cheap AliExpress handheld duplicators, against the ChameleonMini/Ultra family — is unpacked here in the engineering detail an operator needs to defend a tool-selection decision in writing, to a client, to a security committee, or to a future self trying to remember why a particular tool ended up in the engagement bag.

1.1 The two axes

The first axis is portability. A tool that runs on its own battery, fits in a jacket pocket, and gives the operator a usable UI without any peripheral devices is field-ready. A tool that requires a laptop, a USB tether, and a console session is lab-bound. Everything else falls between these poles. The iCopy-X is at the field-ready extreme. The PM3 RDV4 is at the lab-bound extreme. The Flipper Zero is field-ready but multi-purpose. Cheap duplicators are field-ready but capability-anaemic. The Chameleon family is field-ready and capability-rich within its narrow scope (NFC emulation only).

The second axis is capability ceiling — what the tool can do at its best, with the best operator, in the best environment. Capability is not the same as ease of use; a tool can have a high ceiling and a high floor (PM3 RDV4 — you need to know what you are doing) or a high ceiling and a low floor (iCopy-X — Auto Clone covers most use cases without the operator needing to think). Capability ceiling defines what is technically possible; the floor defines who can get there. Both matter when choosing a tool.

1.2 The three operational contexts

Most physical-pentest, RFID-research, or access-control-audit work happens in one of three operational contexts. The choice of tool follows the context, not the other way around:

Field engagement — the operator is on the client’s site, often in plain view of staff or cameras, with limited time and no opportunity to set up a workstation. The tool must be quick, quiet, and ideally pocketable. The operator must be able to look at a badge, hold a tool against it, and walk away with a clone or a captured dump. This is the iCopy-X’s home turf.
Lab work — the operator has the card in hand at a workstation. There is time. There is a laptop. There is the ability to script, log, retry, dump, analyze, replay. The tool can be tethered, large, fragile, expensive. This is the PM3 RDV4’s home turf.
Casual demonstration — the operator is at a meeting, a client briefing, a conference booth, or a sales call. The goal is to show that “this thing exists” without revealing too much of the operational toolkit or risking the loss of a high-value device. A €30 duplicator that does the trick on a Prox card is the right prop here; a €530 iCopy-X is not.

1.3 Why no single tool wins every comparison

The temptation, looking at the iCopy-X’s spec sheet and the PM3 RDV4’s spec sheet side by side, is to ask which is “better.” The question is malformed. They were designed for different operational contexts and different operator skill profiles. The iCopy-X exists because the PM3 client + laptop combination is too cumbersome for field work; the PM3 RDV4 exists because the iCopy-X’s closed application layer cannot be extended for research. They are answers to different questions.

Likewise the Flipper Zero, the cheap duplicators, and the Chameleon family. Each is an answer to a specific operational question — multi-modal pocketable pentest tool, single-purpose throwaway demo prop, multi-slot NFC emulator — and each is wrong for the other contexts. A practitioner who owns all five for the right reasons has a complete toolkit. A practitioner who chose any one of them as “the best” and skipped the others is going to be the wrong-tool-for-the-job operator at some point.

1.4 The shared-silicon family tree

Before getting into the comparisons it is worth establishing what each tool is built from. The silicon lineage matters more than the product positioning, because it determines what is and is not architecturally possible:

Tool	Application processor	RFID modem	RFID protocol layer	NFC frontend
iCopy-X	NanoPi NEO (Allwinner H3, Linux)	Xilinx Spartan-3 XC3S100E FPGA	Atmel AT91SAM7S512 (ARM7TDMI)	(handled by FPGA + STM32)
PM3 RDV4	(none — laptop tethered)	Xilinx Spartan-3 XC2S30 FPGA	Atmel AT91SAM7S512 (ARM7TDMI)	(handled by FPGA + STM32)
Flipper Zero	STM32WB55RG (Cortex-M4 + M0+ radio coprocessor)	(none — discrete NFC + LF readers)	(firmware on the M4)	ST25R3916 (HF) + custom analog (LF)
Cheap duplicator	(anonymous Chinese MCU, often unidentifiable)	(varies — sometimes TI TRF7970A, sometimes a clone)	(closed firmware)	(varies)
ChameleonUltra	RISC-V SoC (Nordic nRF52840 in some revisions)	(handled by NFC frontend)	(firmware on the SoC)	Custom NFC frontend (HF only)
ChameleonMini (Rev G/RebootedEdition)	Atmel ATXMega128A4U	(none — direct NFC frontend)	(firmware on the ATXMega)	Custom NFC frontend (HF only)

The first row in this table is the headline finding for this volume: the iCopy-X and the PM3 RDV4 share the AT91SAM7S512 silicon for their RFID protocol layer, and both use Xilinx Spartan-3-family FPGAs (different variants — XC3S100E for the iCopy-X, the older XC2S30 for the RDV4). At the lowest level, the iCopy-X is, architecturally, a Proxmark3 RDV4 with extra software on top — the SAM7S512 chip is running firmware that descends from the same upstream lineage as the firmware on the RDV4’s SAM7S512. The Proxmark3-RRG mainline now supports both FPGA variants via the fpga-xc3s100e and fpga-xc2s30 build flavours, exactly because the iCopy-X’s FPGA bitstream was contributed back upstream in August 2021 (see Vol 10 §3). This is not a coincidence and it is not a licensing fig leaf — the iCopy-X is, at the RF layer, a PM3 in a different case.

The Flipper Zero is a different silicon family entirely. The STM32WB55RG is an ARM Cortex-M4 with an M0+ radio coprocessor that handles the BLE stack; the RFID work happens entirely in M4 firmware driving the ST25R3916 NFC frontend chip and a separate LF read/write subsystem. Nothing in this design lineage touches the Proxmark3 codebase.

The Chameleon family is its own thing — the original Kasper & Oswald ChameleonMini Rev G used an Atmel ATXMega128A4U; the community-maintained “ChameleonMini RebootedEdition” continues that line; the newer ChameleonUltra (RfidResearchGroup, the same group that maintains the Iceman PM3 fork) uses a Nordic nRF52840 RISC-V-class SoC and a custom NFC frontend. None of it shares silicon with anything else in this comparison.

Cheap duplicators are unidentifiable in detail. The chips are usually unmarked or carry Chinese-supplied marking that does not correspond to anything in a standard catalog. Reverse-engineering them is unrewarding because the cost of a unit is comparable to the cost of an hour of an engineer’s time.

With that lineage clear, the four major comparisons follow.

2. iCopy-X vs Proxmark3 RDV4 — the deepest comparison

The iCopy-X and the Proxmark3 RDV4 are siblings at the silicon level. They are not siblings at the product level — the iCopy-X is a closed appliance, the RDV4 is an open development platform — and the product-level differences matter more for the operator’s daily life than the silicon-level kinship. This comparison is the longest in the volume because the two tools are the closest in capability and the most likely to be confused at purchase time.

2.1 Hardware

The iCopy-X is the larger device by volume but the smaller device by operational footprint. The iCopy-X enclosure is 120 × 55 × 24 mm at 113 g, with everything an operator needs in the field — LCD, keypad, battery, USB-C, microSD — integrated. The PM3 RDV4 is a smaller PCB-only product at roughly 80 × 40 × 10 mm and 30 g, but it has no UI of its own; the operator brings a laptop. Counting the laptop, the PM3 RDV4 system is much larger and heavier than the iCopy-X. Counting only the dedicated tool hardware, the PM3 RDV4 is smaller.

Inside, the two tools share:

The AT91SAM7S512 microcontroller — an Atmel ARM7TDMI with 512 KB flash and 64 KB SRAM, originally selected by the Proxmark3 community in 2007 and still the canonical Proxmark3 silicon. This is the part that implements the LF and HF protocol state machines, drives the FPGA’s transmit/receive cycle, and handles the SPI/UART communication with whatever sits above it.
A Xilinx Spartan-3-family FPGA — XC3S100E in the iCopy-X, XC2S30 in the RDV4. The bitstreams are not identical (the XC3S100E has more LUTs and a different routing topology) but the functional behaviour is the same: the FPGA implements the carrier modulation, demodulation, and bit-level filtering for the LF (125 kHz) and HF (13.56 MHz) signals.
LF and HF antenna front ends — the impedance-matching networks, the resonant capacitors, the analog amplifiers and filters that turn a coil voltage into a digital pulse train and vice versa. The RDV4 has socketed antennas (LF Hilo, HF Hilo, the various long-range options); the iCopy-X has integrated antennas on the PCB underside. The integrated approach is what makes the iCopy-X pocketable; the socketed approach is what makes the RDV4 versatile.

What the iCopy-X has and the RDV4 does not:

The NanoPi NEO Linux SBC — a quad-core Allwinner H3 at 1.2 GHz with 256 MB RAM running OpenWrt. This is the application processor that hosts the iCopy-X’s UI software, the Python/Node.js application bundle, the .ipk firmware update mechanism, and the operational logic of the seven on-device modes (Vols 7 and 8).
The 1.3-inch 240 × 240 colour LCD + 4-button keypad — the on-device UI, driven by the NanoPi NEO.
The 2000 mAh lithium battery — typically good for a half-day of intermittent use, longer if the LCD spends most of its time off.
The USB-C port + microSD card — host communication and storage, both managed by the NanoPi NEO Linux side.

What the RDV4 has and the iCopy-X does not:

A standardized antenna socket that accepts the various Hilo / long-range / coil options Lab401 and RRG sell separately. The RDV4 can be reconfigured for an engagement by swapping antennas; the iCopy-X cannot.
A smartcard slot (on the RDV4.01 and later) for direct ICAO smartcard work.
Direct USB host control — the RDV4 connects to a laptop USB port and is driven entirely from the laptop. There is no on-device autonomy, but there is also no on-device limitation. Everything the silicon can do, the operator can ask it to do.

2.2 UX and operator workflow

This is where the two tools diverge sharply. The iCopy-X is push-button: the operator picks the device up, holds it against a card, navigates a menu with four buttons, and gets a result on the screen. The PM3 RDV4 is command-line: the operator opens a proxmark3 (or pm3) shell on a laptop, runs commands like lf hid read, hf 14a read, hf mf autopwn, and sees results in the terminal.

The iCopy-X workflow for cloning a typical HID Prox card looks like this:

Power the device on. Wait for boot (~30 seconds for the Linux SBC to come up).
Press the menu key. Navigate to “Auto Clone”.
Hold the source card against the antenna face.
Press the action key. Wait for the read (“LF: HID, Facility 123, Card 4567”).
Remove the source card. Hold a T5577 blank against the antenna face.
Press the action key again. Wait for the write (“Wrote successfully”).
The clone is done. Total elapsed time: 60-90 seconds including the boot.

The PM3 RDV4 workflow for the same task looks like this:

Connect the RDV4 to the laptop USB port.
Open a shell. Run pm3 (or ./client/proxmark3 /dev/ttyACM0 on Linux).
Wait for the client to negotiate the firmware version with the device.
Position the LF Hilo antenna over the source card.
Run lf hid read. Note the facility/card numbers.
Position the antenna over the T5577 blank.
Run lf hid clone -w h10301 --fc 123 --cn 4567 (or use clone --raw with the raw bit pattern from the read output).
Verify with lf hid read on the blank.
Total elapsed time: 2-5 minutes for an experienced operator who knows the commands, considerably longer for someone working from a cheatsheet.

For a MIFARE Classic 1K with default keys both workflows compress to similar elapsed times — both tools do the heavy lifting in firmware/FPGA, and the operator’s keystrokes are short. For a MIFARE Classic 1K with unknown keys requiring a hardnested attack, the PM3 RDV4 is faster in real terms because its operator can spawn the attack in a terminal and walk away while it runs against the laptop’s compute; the iCopy-X has to run the attack on the NanoPi H3, which is much slower than a modern x86 laptop (10-30 minutes versus 1-3 minutes typical).

For an iCLASS SE / SEOS clone the two workflows are similar in elapsed time but the iCopy-X workflow is genuinely simpler in cognitive load: the iCS Decoder Tool on the iCopy-X exposes a single menu path that runs the relevant attack sequence and writes to the appropriate blank, while the RDV4 workflow requires running hf iclass elite or the equivalent script with the right key dictionary, then hf iclass clone with the right blank type, then verifying with hf iclass info. The RDV4 operator has more visibility into the steps; the iCopy-X operator has less to remember.

2.3 Capability ceiling

This is where the silicon-level kinship pays off, and it is also where the application-layer closedness costs the iCopy-X some points. At the protocol level, everything the RDV4 can do, the iCopy-X can do — the SAM7S512 firmware is doing the same work in both cases. At the application level, the iCopy-X exposes a curated subset of what the protocol layer is capable of; the RDV4 exposes everything because the client is open and the operator can write their own client commands.

What this means in practice:

The standard pentest workload (HID Prox, EM4XX, MIFARE Classic, MIFARE Ultralight, NTAG, iCLASS Legacy / Elite, iCLASS SE / SEOS with the iCS Decoder) is fully covered by the iCopy-X application UI.
The research workload — custom RFID experiments, new tag families, novel attack development, scripted batch operations, dictionary-attack tuning, raw signal capture and replay — requires the PM3 RDV4 because the iCopy-X application layer does not expose these. The iCopy-X has an “Expert” / “Proxmark Mode” escape hatch (Vol 8 §5) that opens a PM3-compatible client over USB, but using Expert Mode is laptop-tethered, defeating the iCopy-X’s portability advantage. If 80% of a session ends up in Expert Mode, the operator should have been using a PM3 RDV4 to begin with.
Several specific attacks are PM3-RRG-mainline-recent (added since 2023) and may or may not be exposed in the iCopy-X 2.0 firmware family without a firmware update. The current iCopy-X firmware is generally at parity with the Iceman fork as of late 2024 for the supported tag families, but novel attacks added in the PM3-RRG mainline in 2025-2026 (for example, refined MIFARE Plus AES-128 attacks, novel HID Seos sniffing approaches, FM11RF08S backdoor key handling) may be RDV4-only until the iCopy-X firmware catches up. The iCopy-X firmware-update cadence is roughly biannual, slower than the RDV4 client which can be rebuilt from source the day a patch lands.

2.4 Posture and operational fit

The iCopy-X is the field tool. Its enclosure, battery, antennas, and UI are built for use in a hallway, in a meeting room, in a parking lot, in a cafe — anywhere the operator cannot set up a laptop without drawing attention. The closed application layer is a feature in this context: the operator does not need to remember command syntax, does not need to look at a terminal, can do the work with one hand while holding a coffee in the other.

The PM3 RDV4 is the lab tool. It is the right tool for the workstation in the engineering room. Cards come into the lab from the field, are characterized and dumped on the RDV4, attacked or replayed at leisure, and the artifacts (key dictionaries, dump files, write recipes) go back to the field with the operator on an iCopy-X SD card or in a notebook. This is a divisional-of-labour pattern that works well: the RDV4 does the heavy research thinking; the iCopy-X does the field execution.

An operator who does both field and lab work will, in time, own both tools and use them as a complementary pair. An operator forced to choose between them by budget or by operational scope should choose based on the 80/20 of their workload:

80% field, 20% lab → iCopy-X. The few times lab work is needed, the operator can drop into Expert Mode or borrow a colleague’s PM3.
80% lab, 20% field → PM3 RDV4 + a laptop. The few times field work is needed, the operator carries the laptop and accepts the operational cost.
50/50 → both, if budget allows. If not, the PM3 RDV4 because it has the higher capability ceiling.

2.5 Price and total cost

The iCopy-X is priced (mid-2026, direct from icopyx.com) at €375 Basic / €465 Intermediate / €530 Advanced, with the difference being the blank-card stock included (Vol 1 §5, Vol 9). The iCS Decoder Tool for SE/SEOS adds ~€200. A fully-loaded iCopy-X is therefore ~€730 including the SE/SEOS capability and a substantial blank-card pack.

The PM3 RDV4 is priced at $299 USD direct from RfidResearchGroup, with antennas typically $50-100 USD extra (LF Hilo, HF Hilo, or a long-range coil for specific use cases). The RDV4 needs a laptop — but every pentest practice already has one. A fully-equipped RDV4 with the full antenna set is ~$450-500 USD.

In absolute terms the RDV4 is cheaper, especially after the currency conversion (~€420-470 for the equivalent equipment). The total cost picture is more nuanced once the laptop is counted, but most practices treat the laptop as sunk cost that exists regardless.

The right way to think about price here is: the iCopy-X’s premium over the RDV4 is the cost of the portable form factor + the on-device UI + the curated application layer. For an operator who works in the field often, that premium pays back quickly in faster engagements and fewer “give me a minute to set up the laptop” moments. For an operator who works in a lab, the premium is wasted.

2.6 The architectural irony

The iCopy-X’s tagline could be: “The PM3 RDV4 you do not need to know is a PM3 RDV4.” The casual user holds an iCopy-X and sees a card cloner. The engineer holds an iCopy-X and sees an AT91SAM7S512 + Xilinx Spartan-3 doing the same job a PM3 RDV4’s SAM7S512 + Spartan-3 does, with a Linux SBC and a screen bolted on top. Both views are correct. The product positioning makes the engineering background invisible; the engineering background makes the product positioning rational.

This is also why the iCopy-X firmware can stay reasonably current with PM3 research developments: the underlying SAM7S512 + Spartan-3 codebase shares an upstream lineage, and the iCopy-X vendor pulls in PM3 mainline improvements when those improvements are relevant to the closed application layer’s exposed functions. The iCopy-X is not as fast to absorb PM3 developments as the RRG mainline is, but it is not on a fundamentally different track.

3. iCopy-X vs Flipper Zero — the breadth-vs-depth comparison

The Flipper Zero is the most-discussed tool in the Hack Tools hub by a wide margin, and “iCopy-X vs Flipper Zero” is a question that surfaces in nearly every conversation about RFID tooling. It is the wrong comparison framed as a contest; it is the right comparison framed as “what does each cover that the other does not?“

3.1 Different silicon, different design philosophy

The iCopy-X is purpose-built for RFID and NFC. Its entire signal chain — antennas, FPGA, SAM7S512, application software — is dedicated to LF and HF tag work. Nothing else.

The Flipper Zero is multi-modal. Its STM32WB55RG Cortex-M4 hosts firmware that drives:

Sub-GHz radio (CC1101) — 433/868/915 MHz transmit and receive for car remotes, garage doors, weather sensors, some legacy door entry systems, and the IoT scrap pile generally. The iCopy-X has nothing in this band.
NFC (ST25R3916) — ISO 14443A, ISO 14443B, ISO 15693, FeliCa, and partial iCLASS in mainline firmware.
LF RFID (custom analog) — 125 kHz LF reader for HID Prox, EM4XX, T5577, Indala, AWID, ioProx, and a few less-common families.
Infrared TX/RX — universal remote, IR protocol learning, the appliance-control vector.
iButton (1-Wire) — Dallas DS1990A and similar low-end identity tokens.
BadUSB — USB HID emulation when tethered to a target machine, the keystroke-injection vector (../../Ducky Script/CLAUDE.md is the deep dive on this technology class).
GPIO — general-purpose I/O for embedded experimentation, the “I want to talk to that mysterious header on a PCB” vector.

The Flipper Zero is a Swiss Army knife. The iCopy-X is a chef’s knife. Different design problems.

3.2 RFID capability — head-to-head

When the comparison narrows to “just the RFID work,” the iCopy-X wins on depth and the Flipper wins on breadth-of-form-factor. The relevant axes:

LF range and read reliability — the iCopy-X has a substantially larger LF coil than the Flipper Zero, and its impedance matching is tuned for the specific 125 kHz band. The iCopy-X will read an LF card from 3-5 cm; the Flipper Zero needs the card to be in contact with the device. In a field engagement where the operator is reading a card off a lanyard at conversational distance, that difference matters.
HF range and read reliability — closer between the two. The Flipper’s ST25R3916 is a capable HF frontend with its own integrated matching network. In practice the Flipper reads HF at about 1-3 cm; the iCopy-X reads at 2-4 cm. Not a decisive difference.
Tag family coverage in mainline firmware — the iCopy-X covers HID Prox, Indala, AWID, EM4XX, ioProx, T5577, MIFARE Classic, MIFARE Ultralight, NTAG, iCLASS Legacy, iCLASS Elite, and with the iCS Decoder add-on, iCLASS SE / SEOS. The Flipper mainline firmware covers HID Prox, Indala, AWID, EM4XX, T5577, MIFARE Classic (with limitations), MIFARE Ultralight, NTAG. It does not cover iCLASS in mainline. Momentum firmware adds iCLASS Legacy with some caveats; Xtreme firmware adds further iCLASS coverage. SEOS and SE are not covered by any Flipper firmware (mainline or alternative) as of mid-2026.
MIFARE Classic key recovery — the iCopy-X has darkside, nested, and hardnested key-recovery built into its Sniff mode (Vol 7). The Flipper mainline has basic nested attacks; the Momentum and Xtreme alternative firmwares add hardnested and a broader attack toolkit. For unknown-key MIFARE work, mainline Flipper is weaker than the iCopy-X; alternative-firmware Flipper is at parity for the supported attack types but slower in compute (the iCopy-X has an Allwinner H3 quad-core vs the Flipper’s single-core M4).
FM11RF08S handling — Fudan’s MIFARE Classic clone with a built-in backdoor key, which has become a recurring target in 2025-2026 research. The iCopy-X firmware family handles this natively. Flipper mainline does not; Xtreme firmware added support in 2025.
Emulation — the iCopy-X emulates LF and HF cards in dedicated modes (Vol 8). The Flipper emulates LF and HF cards similarly. Neither is the natural emulation tool — that title goes to the Chameleon family (§5). For one-or-two-card emulation, both work; for multi-slot emulation, neither is ideal.
Cloning to physical blanks — the iCopy-X is purpose-built for this. The Flipper can write to T5577, magic MIFARE blanks, and similar, but its UI for managing card stock is less convenient than the iCopy-X’s. For a field operator who routinely produces physical card duplicates, the iCopy-X is the better daily tool.

3.3 What the Flipper has that the iCopy-X does not

The Flipper’s multi-modal nature is the entire point of the comparison’s other half. An engagement that includes a sub-GHz garage-door system, a Bluetooth-connected access controller, a Wi-Fi-enabled door reader (via the WiFi Devboard), an IR-controlled appliance, or a USB HID injection vector cannot be served by the iCopy-X at all. The Flipper covers all of these in addition to RFID.

The Flipper also has a substantial application ecosystem — the FAP (Flipper Application Package) store, the multiple alternative firmware projects (../../Flipper Zero/CLAUDE.md has the full ecosystem map), the active community contributing tools, attacks, games, and utilities. The iCopy-X has nothing equivalent. The Lab401 product page, the icopyx.com firmware-update workflow, the (mostly dormant) iCopy-X-Community GitHub orgs (Vol 10) — and that is it.

The Flipper additionally has the expandable hardware ecosystem: WiFi Devboard, video game module, AWOK Dual Touch V3 (../../AWOK Dual Touch V3/CLAUDE.md), Ruckus Game Over (../../Ruckus Game Over/CLAUDE.md), and many third-party modules that snap onto the GPIO header. The iCopy-X is a closed appliance with no expansion path beyond the iCS Decoder Tool.

3.4 The complementary-pair pattern

The right way to think about the iCopy-X and the Flipper Zero is as a complementary pair. They share little — different silicon, different posture, different UX, different scope — but they together cover the majority of what a field-ready hacker needs:

RFID/NFC work primarily → iCopy-X handles it with one device and a card stock.
Sub-GHz / IR / BadUSB / multi-modal work → Flipper Zero handles it with one device and the optional modules.
The 10% of engagements that need both → both tools come along; one or the other is in hand depending on which phase of the engagement is active.

This is the loadout most practising operators converge on. The iCopy-X is the RFID/NFC depth tool; the Flipper is the everything-else breadth tool. Neither replaces the other; both have a place in the bag.

Where this comparison gets tricky is in budget-constrained operators choosing between the two. The Flipper is roughly $170 USD plus a few modules, totalling ~$300-400 USD for a well-equipped Flipper. The iCopy-X is ~€530 ~$575 USD for the Advanced tier with iCS Decoder. For a starting practitioner whose budget allows one of the two, the Flipper is the more versatile single choice — it covers RFID well enough for non-iCLASS work, plus everything else. For a practitioner whose work is genuinely 80%+ RFID/NFC, the iCopy-X earns its premium. For everyone else, the Flipper is the first purchase and the iCopy-X is the second.

4. iCopy-X vs cheap AliExpress handheld duplicators

There is an entire product category on AliExpress, Amazon, and equivalent platforms marketed as “RFID copier,” “RFID duplicator,” “ID card copier,” or “key card duplicator.” They sell for $15-50 USD. They look superficially like the iCopy-X — a handheld plastic enclosure, an antenna face, a few buttons, sometimes a small LCD. They are not the iCopy-X. They are barely the same tool category.

4.1 What they actually are

The typical $30 duplicator has:

An anonymous Chinese MCU, often unbranded or carrying markings that do not correspond to any standard catalog part. Sometimes a TI TRF7970A is recognizable from the PCB layout; more often the chip is a clone or a custom-marked variant.
A single small antenna coil, sometimes tuned to 125 kHz LF only, sometimes dual-tuned to 125 kHz and 13.56 MHz with mediocre performance on either band.
4-AAA-battery or 18650-cell power, depending on the form factor.
A handful of buttons (typically: read, write, scan).
A small LCD or a few LED indicators showing read/write status.
Closed firmware, no firmware-update mechanism, no community support.

There is variation within the category — some are better than others — but the typical capability ceiling is fixed by the hardware: they can read a UID, they can write a UID to a blank, and that is essentially all.

4.2 Capability — what they can and cannot do

What they can do:

Read the UID of an HID Prox LF card.
Write that UID to a T5577 LF blank (or, on cheaper models, to a proprietary blank the seller bundles in the kit).
Read the UID of a MIFARE Classic HF card.
Write that UID to a UID-changeable MIFARE Magic Gen1a or Gen2 blank.
Sometimes, sporadically, read and write EM4XX, NTAG, or MIFARE Ultralight UIDs.

What they cannot do:

Recover MIFARE Classic keys. The Crypto1 attack workflow requires either a darkside / nested / hardnested implementation in firmware, or a sniffing mode that captures reader-card exchanges for offline key recovery. Cheap duplicators have neither. If the card’s keys are not the factory defaults (typically FFFFFFFFFFFF for all sectors on a fresh card), the cheap duplicator cannot read the card’s sector data, cannot clone the full card contents, can clone only the UID.
Handle iCLASS Legacy / Elite / SE / SEOS. The iCLASS protocol family is not exposed in the cheap-duplicator firmware. The card reads as encrypted nonsense or as a UID-only object.
Decode HID Prox correctly. Many cheap duplicators write the UID but not the facility/card-number format correctly, producing a card that reads back as a different facility/card pair than the source, or reads back as garbage. This is the failure mode that gets the operator embarrassed in front of a client. The iCopy-X (and the PM3) handle HID Prox encoding correctly because they understand the H10301 / H10302 / H10306 / Corporate-1000 frame formats.
Emulate any card. Cheap duplicators write to physical blanks; they do not emulate.
Recover MIFARE Plus AES keys, work with DESFire, work with FeliCa, work with ISO 15693 SLIX. All beyond the silicon.
Update firmware. If a new tag family appears in the wild, the duplicator is obsolete the day after; no patch path exists.

4.3 Failure modes

The standard failure modes of a cheap duplicator, in approximate order of how often they cost the operator something:

Silent UID-format mismatch. The duplicator writes a 32-bit raw UID to a T5577 blank when the source card was an H10301 26-bit format. The reader does not recognize the clone because the bit pattern is in the wrong sector / wrong format. The operator does not know why and has no debug visibility.
Blank-card incompatibility. The duplicator writes to the seller’s bundled blanks but does not write to T5577 blanks bought elsewhere, because the magic-write opcode it uses is non-standard. The operator buys blanks in bulk and discovers half of them do not work with the duplicator.
Sporadic field strength. The antenna design is mediocre and the read works for some cards but not others, with no obvious pattern. The operator wastes time troubleshooting and concludes the duplicator is unreliable.
Loss of OTP / lock-bit handling. Some duplicators do not correctly handle the one-time-programmable bits or the lock bits on the target blank, producing a card that reads correctly once and then becomes corrupted on subsequent reads as the lock bits flip.
No way to roll back a mistake. When the duplicator writes a wrong UID to a T5577 blank, the iCopy-X (or the PM3) can re-write the same blank — T5577 is rewritable. The cheap duplicator, if it understands T5577 at all, may not expose the rewrite path; the blank is bricked from the operator’s perspective.

For a $30 device, none of this is shocking. The economics do not support better engineering. The point is that the failure modes cost engineering time and engagement reputation that vastly exceed the price difference between a duplicator and an iCopy-X.

4.4 When a cheap duplicator is the right tool

There is exactly one operational context where the cheap duplicator earns its keep, and it is not pentest work. It is the “boss gave me his Prox card and I need a backup” use case — a single-card, single-format, no-stakes duplication of a card the operator owns. For this use case:

The card is a known good HID Prox or MIFARE Classic factory-default.
The blank is the seller’s bundled blank or a verified-compatible T5577.
The operator does not need to verify or troubleshoot — if it works, it works; if it does not, the operator can try again at no cost.
The operator does not need iCLASS, SEOS, key recovery, emulation, or any of the other capabilities the duplicator does not have.

For this use case, $30 is the right answer. For anything in pentest or red-team or access-control-audit work, $30 is the wrong answer at any price.

4.5 The demonstration tool case

There is a secondary case where a cheap duplicator earns its keep in a pentest practice: as a demonstration tool for client conversations.

The setup: the operator is in a sales meeting or a kickoff briefing, explaining what an access-control compromise looks like. The operator wants to show — visibly, on a chair-side table, in a way the client can see and ask about — what an attacker would actually use. The operator does not want to show their €530 iCopy-X (which signals “expensive specialized tool”) or risk the iCopy-X in a setting where it could be stolen, dropped, or seen by people who should not see it.

A cheap duplicator on the table — visible, unremarkable, clearly available for $30 on Amazon — makes the point. The client sees what an attacker could buy at any time, in any quantity, with no expertise needed. This is genuinely useful for selling the client on the upgrade-to-iCLASS-or-SEOS spend that the engagement is going to recommend.

A pentest practice that owns both a €530 iCopy-X (for the actual field work) and a €30 duplicator (for the demonstration role) has the right total loadout for most engagements. The duplicator costs almost nothing and is a useful prop. The iCopy-X does the work.

5. iCopy-X vs ChameleonMini and ChameleonUltra — the emulation-focused alternative

The Chameleon family is the third major category in this comparison. It is not an iCopy-X competitor in any direct sense — Chameleon devices do not clone to physical blanks — but it is a tool an operator might own instead of or in addition to an iCopy-X depending on the engagement profile. The relevant variants:

ChameleonMini Rev G (original Kasper & Oswald GmbH, 2013-2018) — the foundational device. Atmel ATXMega128A4U, NFC frontend, 8-slot card emulation, button-driven slot selection.
ChameleonMini RebootedEdition (community fork, ProxGrind, 2018-present) — continues the ATXMega platform with refined firmware. Functionally similar to the original Rev G; production from a different supplier.
ChameleonUltra (RfidResearchGroup, 2023-present) — the newer iteration. Nordic nRF52840-class SoC, custom NFC frontend, BLE connectivity for app-based control, 8-slot card emulation, button-driven slot selection plus BLE management. Significantly more capable hardware than the Mini.

5.1 What the Chameleon family is for

The Chameleon family is designed for one task: multi-slot HF card emulation. The headline use case is “I need to test 8 different NFC cards against a single reader in rapid succession, switching between them with a button press.” This is a workflow that:

An access-control auditor uses when validating that a reader correctly accepts authorized cards and rejects unauthorized cards across a representative range.
A red-team operator uses when staging a card-cycling attack across several captured cards without re-loading each one.
A researcher uses when comparing several card revisions against a target reader.

The Chameleon’s slot mechanism makes this workflow efficient. Press button 1 → card slot 1 is active. Press button 2 → card slot 2 is active. The reader does not know it is the same physical device emulating different cards in sequence.

5.2 Hardware capability

The ChameleonUltra (the modern variant most relevant to current decisions):

HF only — 13.56 MHz. No LF. This is a significant scope limitation; HID Prox, EM4XX, T5577, and the entire LF tag family are out of scope.
Emulates MIFARE Classic 1K/4K, MIFARE Ultralight, NTAG21x, NTAG424, ISO 15693, ISO 14443A more broadly, FeliCa partial.
Emulates iCLASS Legacy at the protocol level (the ChameleonUltra firmware added this in 2024 — see the RfidResearchGroup firmware release notes).
Does NOT emulate iCLASS SE / SEOS — the AES-128 + Secure Element layer is beyond the device’s authentication primitives.
Does NOT write to physical blanks. Emulation only.
BLE app control via the ChameleonUltra Android/iOS apps — load cards into slots, inspect emulation state, configure parameters.
Button + RGB LED for slot indication.
Small lithium battery, ~2 hours of active emulation, USB-C charging.
Small form factor — roughly business-card-sized, ~30 g.

The ChameleonMini Rev G / RebootedEdition is older silicon (ATXMega128A4U) with less emulation depth but the same multi-slot UX.

5.3 What Chameleon does that iCopy-X does not

Multi-slot live emulation. The iCopy-X has emulation modes (Vol 8) but they are single-card-at-a-time and require loading the card dump from the menu before each emulation session. The Chameleon’s “load all 8 cards, switch with a button” UX is genuinely faster for the multi-card-against-one-reader workflow.
No physical artifact. A Chameleon emulation leaves no card behind. The reader sees a card present, then absent. For engagements where the test must leave no physical artifact (a card that the client could later find in a desk drawer), the Chameleon is the right tool.
Smaller, more covert. The ChameleonUltra is the size of a business card. The iCopy-X is the size of a small TV remote. For covert use cases the Chameleon hides more easily.

5.4 What iCopy-X does that Chameleon does not

LF coverage. HID Prox, EM4XX, T5577, Indala, AWID — the whole 125 kHz LF family. The Chameleon family is HF only.
Cloning to physical blanks. The iCopy-X writes T5577, MIFARE Magic, iCLASS blanks, etc. The Chameleon family does not.
iCLASS SE / SEOS (with the iCS Decoder). The Chameleon family does not handle SEOS.
Key recovery from a target reader. The iCopy-X Sniff mode captures reader-card exchanges for MIFARE Classic key recovery; the Chameleon family does not.
Standalone operation without a phone or laptop. The iCopy-X has its own UI; the Chameleon is button-driven but the multi-slot management is done through the BLE app. The Chameleon can operate fully standalone once cards are loaded, but loading cards requires the app.

5.5 Price

ChameleonUltra is roughly $100 USD (€100-150 in Europe) direct from RfidResearchGroup or its distributors. The ChameleonMini RebootedEdition is roughly $200 (€200) — older hardware, smaller market. The iCopy-X is €375-530.

The ChameleonUltra is genuinely cheap for what it does. A pentest practitioner who needs multi-slot HF emulation should buy a ChameleonUltra without hesitation; €100 is a low bar.

5.6 The decision

The iCopy-X and the ChameleonUltra are complementary in the same way the iCopy-X and the Flipper Zero are complementary:

Cloning to physical blanks, LF coverage, iCLASS SE/SEOS → iCopy-X.
Multi-slot HF emulation, no-physical-artifact engagements, covert form factor → ChameleonUltra.
Engagement that needs both → both, totalling ~€600-650 for the pair, less than a fully-loaded iCopy-X alone.

For an operator whose work is primarily HF emulation testing (validating that readers correctly accept and reject across a card population), the ChameleonUltra is the daily driver and the iCopy-X is a secondary tool. For an operator whose work is primarily cloning and LF coverage, the iCopy-X is the daily driver and the ChameleonUltra is the secondary tool. Most pentest practices end up owning both.

6. iCopy-X vs the larger Proxmark3 family

The Proxmark3 RDV4 is the most prominent member of a larger Proxmark3 family, and a brief tour of the family clarifies the iCopy-X’s place in the broader landscape. The relevant variants:

PM3 RDV4 / RDV4.01 — the canonical lab tool covered in §2. RfidResearchGroup is the upstream; Lab401 is a distributor. The .01 revision (2023+) added a smartcard slot and refined the LF/HF antenna sockets. Functionally similar to the original RDV4.
PM3 EasyLite — a cheaper PM3 variant, often available through AliExpress and similar channels, frequently as a clone of the original PM3 v2/v3 designs. Software-compatible with the RDV4 (uses the same client and firmware base) but with simpler antenna provision and sometimes flakier USB. Typical price ~$80-120 USD. The right choice for a budget-constrained practitioner who wants PM3 capability and does not need the RDV4’s smartcard slot or premium antennas.
PM3 v2 / v3 (older generations) — predecessors to the RDV4. Still functional, still supported by the Iceman fork and PM3-RRG mainline, but missing the RDV4’s improvements (battery, antenna sockets, smartcard slot). Available secondhand for $50-100 USD.
PM3 RDV4 with Blueshark module — the BLE-connected variant. Adds Bluetooth Low Energy for tethered-to-phone operation instead of laptop, with a battery pack. Functionally a different way to be portable than the iCopy-X — still requires a controller device (the phone), still has no integrated UI of its own.
Iceman fork client + any PM3 hardware — the “PM3-RRG” software stack. The Iceman fork (now merged into the RfidResearchGroup mainline) is the canonical PM3 client for serious RFID research, with darkside, nested, hardnested, T55xx flexibility, dictionary attacks, and the broad set of community-contributed scripts. This software runs on a laptop and drives whatever PM3 hardware is connected.

6.1 The iCopy-X as the handheld PM3

The framing that emerges from the family tour: the iCopy-X is “the PM3-RRG toolchain in a handheld form factor with a vendor-closed UI on top.” The silicon is shared. The FPGA bitstream is shared (now part of the PM3-RRG mainline as the fpga-xc3s100e variant). The STM32 firmware is shared in lineage. The application layer is Lab401’s value-add — the UI, the curated mode set, the iCS Decoder integration, the on-device autonomy.

For a practitioner who already owns and uses a PM3 RDV4 with the Iceman fork client, the iCopy-X is a portable extension of an already-familiar toolchain. The same key recovery attacks work; the same blank-card stock works; the same mental model applies. The differences are the form factor and the UX.

For a practitioner who does not yet own a PM3, the iCopy-X is a viable on-ramp into the PM3 ecosystem — buy it, learn how Proxmark3 silicon behaves through the curated UI, and later add an RDV4 for lab work. The portable-first acquisition path makes sense if 80% of the work is field engagement.

6.2 PM3 EasyLite as the budget alternative

A practitioner whose primary constraint is budget and whose work is lab-bound has an alternative path: PM3 EasyLite at ~$100, plus a laptop they already own, plus the open-source Iceman client. This combination gives them ~80% of the RDV4’s capability at ~25% of the price. The downsides are the EasyLite’s lower build quality (occasional USB issues, less reliable antenna performance) and the lack of the RDV4’s smartcard slot for ICAO work.

The iCopy-X does not compete on price in this comparison; it competes on portability. A practitioner who values portability over budget chooses the iCopy-X; a practitioner who values budget over portability chooses the EasyLite. Both are valid optimizations.

7. The matrix at a glance

The headline artifact of this volume — the consolidated comparison matrix across the five tool categories:

Capability	iCopy-X	PM3 RDV4	Flipper Zero	Cheap duplicator	ChameleonUltra
LF read (HID Prox, EM, T5577, Indala, AWID, ioProx)	Yes (full)	Yes (full)	Yes (most families)	Yes (UID only)	No
LF clone to T5577	Yes	Yes	Yes	Yes (sometimes wrong format)	No
HF read (ISO 14443A/B, MIFARE family, NTAG)	Yes (full)	Yes (full)	Yes (full in mainline)	Yes (UID only)	Yes (full)
MIFARE Classic key recovery (darkside / nested / hardnested)	Yes (Sniff mode)	Yes (Iceman fork)	Partial (mainline) / Yes (Momentum, Xtreme)	No	No
MIFARE Classic full clone (sector data + UID)	Yes (Magic blanks)	Yes (Magic blanks)	Yes (Magic blanks)	UID only	No (emulation only)
MIFARE Plus AES-128 attacks	Limited	Yes (full with key dictionaries)	No	No	No
iCLASS Legacy / Elite	Yes	Yes	Mainline: no / Momentum, Xtreme: yes	No	Yes (emulation, 2024+)
iCLASS SE / SEOS	Yes (with iCS Decoder add-on)	Yes (with effort and key dictionaries)	No (any firmware)	No	No
ISO 15693 / FeliCa	Yes (basic 15693, partial FeliCa)	Yes (full)	Yes (15693, partial FeliCa)	No	Yes (15693, partial FeliCa)
Emulation (general)	Yes (single-slot)	Yes (limited, laptop-tethered)	Yes (single-slot)	No	Yes (multi-slot, headline feature)
Multi-slot emulation	No	No	Limited (rapid card switching via UI, not hardware buttons)	No	Yes (8-slot, button-driven)
Sub-GHz (433, 868, 915 MHz)	No	No	Yes (CC1101)	No	No
Bluetooth Low Energy	No	Yes (with Blueshark module)	Yes (M0+ coprocessor)	No	Yes (control only)
Wi-Fi	No (NanoPi Linux has it but not exposed for user RF work)	No	Yes (WiFi Devboard, AWOK Dual Touch V3, Game Over)	No	No
Infrared TX/RX	No	No	Yes	No	No
iButton (1-Wire)	No	No	Yes	No	No
USB HID BadUSB injection	No	No	Yes (mainline + alternative firmwares)	No	No
GPIO for embedded experimentation	No (NanoPi has it but not exposed)	No	Yes (broken-out header)	No	No
Standalone operation (no laptop, no phone)	Yes	No (laptop required)	Yes	Yes	Partial (slot management needs phone)
On-device UI (LCD + buttons)	Yes (240×240 LCD + 4 buttons)	No	Yes (128×64 mono LCD + 5-way)	Yes (varies)	No (RGB LED + 4 buttons only)
Open source — hardware schematics	Yes (main PCB, antenna PCB, FPC PCB)	Yes	Yes	No	Yes
Open source — firmware (radio layer)	Yes (PM3 layer, FPGA bitstream, STM32 firmware)	Yes (full PM3 stack)	Yes (full firmware, Cortex-M4)	No	Yes (full firmware)
Open source — application layer	No (Lab401 closed app)	Yes (Iceman fork client)	Yes (mainline + Momentum + Xtreme forks)	No	Yes (RfidResearchGroup)
Firmware update path	Lab401 per-device .ipk (closed pipeline)	git pull, make, flash (fully open)	qFlipper or web flasher, official + community firmware	None (typically)	RfidResearchGroup releases via app or USB
Field portability	Excellent (pocketable, battery, integrated UI)	Poor (requires laptop)	Excellent (pocketable, battery, integrated UI)	Excellent (pocketable, often battery)	Excellent (pocketable, battery, BLE app)
Lab capability ceiling	Good (Expert Mode bridges, but laptop-tethered)	Excellent (the canonical lab tool)	Good (mainline + alt firmware ecosystem)	Poor	Good (HF emulation depth)
Price (mid-2026)	€375-530 (+€200 iCS Decoder)	$299 USD + $50-100 antennas	$170 USD + modules (~$300-400 fully loaded)	$15-50 USD	$100 USD (€100-150 EU)

The matrix should be read as a tool-selection aid, not as a scorecard. Each tool is the right answer for some column. The wrong question is “which tool wins overall?” The right question is “which tool wins for the work I am about to do?”

A reading of the matrix that highlights the load-bearing capabilities:

The iCopy-X dominates the cloning-to-physical-blanks and iCLASS-SE/SEOS columns. These are the columns where pentest practices doing serious access-control work earn their bread.
The PM3 RDV4 dominates the research-grade capability columns — MIFARE Plus AES-128, novel attack development, scripted batch operations. The lab work columns.
The Flipper Zero dominates the multi-modal columns — sub-GHz, IR, iButton, BadUSB, GPIO. None of which the iCopy-X touches.
The cheap duplicator dominates the price column and nothing else. Honest about its niche.
The ChameleonUltra dominates the multi-slot emulation column. The right answer for a specific workflow that no other tool serves as well.

8. The “which combination” question

The matrix collapses into a small number of canonical loadouts. The right loadout depends on the operator’s primary work mode and budget.

8.1 The full pentest practitioner loadout

The complete loadout for a working pentest practitioner whose engagements range across the access-control technology landscape:

iCopy-X (Intermediate or Advanced tier, with iCS Decoder Tool) — €465-730. The field cloning workhorse. Used in 80%+ of field engagements.
PM3 RDV4 (with LF and HF Hilo antennas) — ~$450 USD. The lab tool. Used for any engagement that involves novel cards, key recovery beyond what the iCopy-X auto-attacks handle, or scripted batch work.
Flipper Zero (with WiFi Devboard, possibly with AWOK Dual Touch V3 and/or Ruckus Game Over modules) — ~$300-500 USD. The multi-modal pocket tool. Used for any engagement that touches sub-GHz, BLE, BadUSB, IR, iButton, or general embedded probing.
(Optional) ChameleonUltra — $100 USD. The HF multi-slot emulation tool. Used for engagements that require testing many cards against one reader, or engagements that must leave no physical-card artifact.
(Optional) Cheap duplicator — $30 USD. The demonstration prop. Used for client briefings.

Total: ~~€1,200-1,700 (~~$1,300-1,850 USD). Substantial but not unreasonable for a working practice — most engagements bill at multiples of this in a single week. The loadout covers essentially every access-control and adjacent-RF task that comes up in normal pentest work.

8.2 The RFID-researcher loadout

For an operator whose work is concentrated on RFID research — novel attack development, card-family characterization, key-recovery algorithm work — the loadout is simpler:

PM3 RDV4 (with the full antenna set, including long-range options for specialized work) — ~$500 USD. The primary research tool.
(Optional) Older PM3 hardware for parallel experiments or for travel — ~$100 USD secondhand.
(Optional) ChameleonUltra for emulation-side research — $100 USD.

Total: ~$600-700 USD. The iCopy-X is genuinely not the right purchase for this profile — its closed application layer is a liability for research work, and the portable form factor is not useful in the lab. The Flipper Zero is also not the right purchase unless the researcher branches into multi-modal work; for pure RFID research, the Flipper’s RFID capabilities are weaker than what the researcher needs.

8.3 The casual hobbyist loadout

For someone whose interest is “hacking culture, RFID is one part of it, I want one device that does a lot of stuff”:

Flipper Zero — $170 USD. The Swiss Army knife. Covers RFID (well enough for hobbyist use), plus sub-GHz, IR, BadUSB, iButton, GPIO, BLE, and an active community ecosystem.
(Optional) ChameleonUltra later, if the RFID work becomes specifically interesting — $100 USD.
(Optional) PM3 EasyLite later, if the RFID work becomes deeply interesting — $100 USD.

Total: $170-370 USD depending on growth path. The iCopy-X is overkill for this profile; the Flipper covers enough RFID for non-professional use, plus the other capabilities the hobbyist is going to want to explore.

8.4 The “I just need to clone the boss’s Prox card” loadout

For a single specific task with no broader ambition:

Cheap duplicator — $30 USD. Done.

Spending more than this is the wrong move for this use case. The duplicator handles the simple HID Prox or MIFARE Classic UID copy that the task requires.

8.5 The constrained-budget pentest practitioner

For an operator getting into pentest work with a constrained budget who must choose ONE tool to start:

PM3 RDV4 (without antennas initially) — $300 USD. The highest capability ceiling of any single tool. Lab-bound, but everything starts in the lab.

The Flipper Zero is the next tool to add (multi-modal). The iCopy-X is the third tool (field portability for RFID/NFC). Building this loadout over time is the right path for a practitioner whose budget grows with engagements.

8.6 The wrong combination

A specific pattern to avoid: iCopy-X without PM3 RDV4 for a pentest practice that does serious research. The closed application layer of the iCopy-X means the operator cannot extend the toolkit when novel cards appear, cannot script batch operations, cannot examine the internal state of an attack in progress. The Expert Mode escape hatch helps, but using Expert Mode means a laptop is tethered, which means the iCopy-X is not in its native mode and the operator should have been using a PM3 RDV4 to begin with.

The opposite pattern — PM3 RDV4 without iCopy-X for a practice that does serious field work — is less wrong but still suboptimal. The PM3 RDV4 with a laptop in the field works, but slowly, conspicuously, and with operational overhead the iCopy-X eliminates.

The right rule of thumb: a pentest practice that has both an iCopy-X and a PM3 RDV4 has the right RFID toolkit. A practice that has only one of them is either lab-bound (RDV4 only) or capability-limited (iCopy-X only), and should plan to add the other when budget allows.

9. Cross-references and where to go next

This volume is a comparison reference, not an operational reference. For operational depth on the individual tools, the cross-references are:

iCopy-X operating modes — Vol 7 (Auto Clone, Scan, Read LF / Read HF, Sniff) and Vol 8 (Emulation LF / HF, Expert / Proxmark Mode).
iCopy-X firmware and open-source story — Vol 10 covers the per-device .ipk update workflow, the iCopy-X-Community teardown and upstream repositories, and the boundary between the open and closed layers.
Proxmark3 RDV4 depth — ../../Proxmark3 RDV4/CLAUDE.md (when the Proxmark3 RDV4 deep dive is authored). The iCopy-X’s silicon-level sibling, treated as a separate tool in the Hack Tools hub.
Flipper Zero depth — ../../Flipper Zero/CLAUDE.md and the Flipper Zero deep dive (when authored). The multi-modal sibling.
Cross-tool decision matrix in prose — ../../_shared/comparison.md — the project-level reference for “which tool wins when?”
Cross-tool capability matrix (sortable) — ../../_shared/capability_matrix.html — the structured view of the same material across all tools in the hub.
Hacker Tradecraft Vol 15 (RFID / NFC / Access Control) — ../../Hacker Tradecraft/02-inputs/volume_sources/vol15.md — the cross-cutting tradecraft view of the RFID/NFC/access-control domain, links back to this comparison volume.

Back to Vol 1 (Overview) for the executive-summary view of where each tool fits in the broader Hack Tools lineup. Vol 12 (Legal, ethics, posture, cheatsheet, glossary) is the close-out reference for actually using any of these tools in the field within the legal envelope every operator works inside.