Actions
Forum Thread Details
  • Replies 19 replies
  • Subscribers 57 subscribers
  • Views 15073 views
  • Users 0 members are here
Related

Looking for RFID hardware and software insight

colporteur

I am looking at pursuing some security research into  RFID cards. I would like to be able to read and replicate lower freq and mid freq cards. My focus is more on the mid freq cards but the lower freq cards can provide some insight. I have watched a few youtube videos to get some idea of what is involved. I have found a myriad of hardware options and mostly Proxmark for software.

 

I'm looking for insight into hardware and software recommendation that support a working solutions?

I'm looking for insight into operating system that supports a working solutions?

I'm looking for insight into a working solutions using Raspberry Pi and Arduino?

I'm looking for insight from a person that has a working solutions and not heard about or seen about it. Getting it to work from bare metal ,to me provides experience. I'm looking to tap that experience. My goal is to get a working solution. I am willing to invest the time to get to that point but, I am trying to avoid the numerous dead ends I would follow if I did it on my own, to get it working. You could try this or you could try that if it fails, is not what I am looking for.

 

My immediate need is the working setup for the research project, not really the journey through the valley of learning to get there. What I need to learn will be done in the working solutions, at least I hope.

  • Is this engineer speak? What frequencies do you mean when you say "My focus is more on the mid freq cards but the lower freq cards can provide some insight"

     

    Do you see 13.56MHz as high or medium, for example, as there is also an ultra-high frequency range too. I'm assuming that 125kHz is regarded as low - but I too could be wrong.

  • in reply to BigG

    My inexperience in the technology is showing through. I in no way will try to impersonate any engineering in this field.  How to mask my newborn face?

     

    You are correct low frequency 125Khz, middle 13.5Mhz and I my understanding is their is an upper frequency. I can't recall the frequency number of Hz.

     

    My understanding is the low freq cards have the least security measures. Learning without cumbersome security, I think may be helpful. My goal is the mid freq cards. I would like to understand why my replication exercise is doomed to failure. Maybe I won't succeed in reading and writing the card but I am hoping to understand the limits.

  • in reply to colporteur

    There's a difference between RFID and NFC technologies despite the overlap. RFID usually is for "identification" purposes, mostly "dumb" memory that "bleeps" out their ID into a field (for lack of a more technical way of saying it). Sure, there are some low frequency 125kHz (or 133kHz) which may still be used for access control, and some other systems in the 900MHz region for asset tagging (e.g. livestock, car tollways, library books). Security with these systems usually is not so high.

     

    NFC cards on the other hand, are a bit more complicated. NFC is more of a data-communications channel for close-range, higher speed two-way communication and power. Most 13.56MHz cards are ISO 14443 standard compliant. Such cards have an internal microcontroller or CPU, non-volatile memory, some RAM and often cryptographic hardware to perform operations on the memory. More complicated cards even have their own operating system stack and run Java internally (e.g. the Global Platform cards, e.g. bank cards, some Sony FeliCa cards). Because of this, it's similar to the contact-type smart cards - they have a brain so you're not just "cloning" memory. You'll have to authenticate to the card to access protected areas, and even then, depending on the key you will only have limited privileges. There is also the "immutable" card ID data which is burned in at manufacturing, to allow for unique identification and selection of cards when multiple cards are in a field. But whatever the case may be, usually unless you are the designer/commissioner of a system, you won't know the master key and will have no way to obtain it - and for cards with an OS, you won't have the application code either, let alone the user data.

     

    There are exceptions - e.g. the NXP MiFare Classic cards are relatively weak cryptographically, so they can be cloned. Some aftermarket UID-changeable cards allow for perfect clones of these to be made. But since the issue of their vulnerabilities have been long known, most users have always transitioned away to more secure MiFare DESFireEV3 cards which are practically immune to attack (to my knowledge, at this time) and utilise mutual authentication. The design of the chips also has a bearing as to what can be done as some will have security keys, write-once areas, etc.

     

    Another issue is that the frequency doesn't tell you all that much - in 13.56MHz you can have MiFare Classic, MiFare DESFire (EV1-EV2-EV3), Mifare Ultralight, Broadcom Topaz, Sony FeliCa, etc, Each behave somewhat differently and have different capabilities, memory layouts, etc.

     

    - Gough

  • in reply to Gough Lui

    Ouch! That is my one RFID nerve getting pinched.

     

    Am I naive in thinking I can start small with some working solutions and build from that?

  • in reply to colporteur

    In the end, it depends on what your aim is ... if you're happy to play with cloning LF tags, that's fairly simple with commercial equipment available.

     

    You could build your own 13.56MHz based NFC card systems if you wish and understand more about how the cryptographic functions on some more modern cards work. However, don't expect to be able to clone commercially issued cards if they have their security set-up right.

     

    - Gough

  • in reply to Gough Lui

    I'm thinking start small.

     

    I have some vendor RFID cards, I first would like to examine and then try to replicate. I anticipate failure more often than success, since I have no idea what the standard is for the cards.

     

    RFID is a subject I have rolled around as a learning exercise for some time. I recently had an inquiry and thought what would it take equipment and software to make an entry.

     

    I have seen the hand held read and write guns for making card copies. My definition of low freq card it appears. I have also seen screen shots of the Proxmark RFID card standards. My question is to see if I can close the gap on what I could develop a working solution.

     

    I'm more interests in the Pi and Arduino options but that may be a stretch.

  • in reply to colporteur

    If you just wanted to get some experience with NFC tags/cards and were okay with just using 13.56MHz, Amazon has inexpensive modules based on the PN532.

     

    I have one that works with SPI or I2C https://www.amazon.com/gp/product/B0746GB1RQ/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

     

    I currently have it hooked up with an Arduino MKR1000 over I2C.  I have not tried SPI yet, but I have used SPI with an RC522 module and a Sparkfun ESP8266 Thing Dev board.

     

    I'm using the Adafruit_PN532 library which had the following examples - (I'm using readMifare, which can also write to the card).

    image

    You can use this with the RPi using libnfc, but I haven't tried that.

     

    If you have an Android phone/tablet, you could probably use that with an NFC app to try to read/write the cards that you have.

  • in reply to colporteur

    Haha, yes unfortunately no one has written a bluffers guide to RFID/NFC. Still, a man of your talent will pick it up quick enough, especially with all the excellent commentary made by others so far.

     

    You've made a good start nonetheless to ignore UHF as UHF is outside the realms of most maker budgets.

     

    Starting with a quick tip.

     

    If you want to determine if any RFID card you have is using 13.56MHz and is NFC enabled (i.e. using 14443 or 15693 protocols etc.), I suggest you use an NFC enabled phone (many Android phones have NFC and I believe some of the newer iPhones have it on offer too) to test. You can download one of the free RFID/NFC apps available onto your phone, like NXP TagInfo app or the generic NFC Tools app. These apps can tell you much very quickly and painlessly.

     

    Then as said, the most common 13.56MHz reader/controller around for makers is the NXP PN532 reader/controller.

     

    Adafruit have an excellent breakout board available: https://www.adafruit.com/product/364

    SeeedStudio have an NFC board too for both Raspberry Pi and for Arduino R3:

    https://www.seeedstudio.com/PN532-NFC-HAT-for-Raspberry-Pi-Arduino-and-STM32-I2C-SPI-UART-p-4374.html

    https://www.seeedstudio.com/NFC-Shield-V2-0.html

     

    There are also other NXP readers/controllers out there too. E.g.

    https://www.seeedstudio.com/NFC-Module-for-Raspberry-Pi-p-1951.html

     

    I did a roadtest on the PN7150 NFC controller - although maybe not recommended if just starting out as this controller does a lot: Integrating NFC with the NXP PN7150 - Review

     

    You should also take a look at STMicroelectronics offerings too. They have a good range of products. For example:

    https://www.waveshare.com/st25r3911b-nfc-board.htm

    https://www.st.com/en/nfc/st25r3911b.html

     

    You'll probably find that for 125kHz (low frequency) there is not much available in terms of breadth of choice. I suggest looking at either a Sparkfun reader or SeeedStudio Grove reader. Both are reasonable in terms of price and both offer good documentation to get started with on Arduino, or equivalent.

    https://www.sparkfun.com/products/15191

    https://www.seeedstudio.com/Grove-125KHz-RFID-Reader.html

     

    Hope that helps.

  • You may want to look at the Proxmark 3. It's the go to tool for investigating and hacking RFID - both 125kHz and 13.56MHz. It's not particularly simple to use though. The cheap Proxmark 3 Easy version you'll see on eBay works well enough.