Share this project

Done

Share this project

Done
RFIDler (RFID Low-frequency Emulator & Reader). An open platform RFID reader/writer/emulator that can operate in the 125-134 KHz range.
RFIDler (RFID Low-frequency Emulator & Reader). An open platform RFID reader/writer/emulator that can operate in the 125-134 KHz range.
695 backers pledged £28,377 to help bring this project to life.

About

RFIDler - A Software Defined RFID Reader/Writer/Emulator project video thumbnail
Replay with sound
Play with
sound

£28,377

695

Software Defined is the buzz-word in RF these days, and we use SDR (Software Defined Radio) in our work as reverse-engineers all the time, with great projects like HackRF and GNU Radio, etc.

So when it came to looking at RFID for a recent engagement, we decided to see if we couldn't apply the same thinking to that technology. And guess what? Yes, you can!

One of our team, Adam Laurie (aka Code Monkey), has spent many years playing with RFID, and is the author of RFIDIOt, the open-source RFID python software library, so is very familiar with the higher-level challenges associated with these devices. However, a complete understanding of what goes on 'under the hood' is harder to come by, and it was only when he teamed up with Chip Monkey, Zac Franken, who has been hardware hacking and pulling things to bits (and putting them back together so they do something much more fun) since he was big enough to hold a screwdriver, that the full picture started to emerge...

The Goal

To produce a tool for Low Frequency (125-134Khz) RFID research projects, as well as a cut-down (Lite) version that can be embedded into your own hardware projects. The fully featured version we hope to bring in for around £30.00, and the Lite version for under £20.00.

Features

We have written extensive firmware which includes a user interface and an API to allow easy use of the system and to allow you to explore, read and emulate a wide range of low frequency RFID tags.

  • Utilise ANY modulation scheme, including bi-directional protocols
  • Write data to tag
  • Read data from tag
  • Emulate tag
  • Sniff conversations between external reader & tag
  • Provide raw as well as decoded data
  • Built-in antenna
  • External antenna connection
  • USB power and user interface
  • TTL interface
  • GPIO interface
  • JTAG interface for programming
  • USB Bootloader for easy firmware updating
  • External CLOCK interface if not using processor
  • External power connector if not using USB

The hardware gives you the capability to read/write/emulate more or less any LF tag, but we've also taken the hard work out of most of them by implementing all the tag types we can find in the public domain. These include:

  • EM4102 / Unique
  • Hitag 1/2/S
  • FDX-B (ISO 11784/5 Animal Standard)
  • Q5
  • T55xx
  • Indala
  • Noralsy
  • HID Prox
  • NXP PCF7931 
  • Texas Instruments
  • VeriChip
  • FlexPass

Firmware

We have working firmware that proves the concept, and we will continue to develop the code to provide both command line interface and API for end-user applications. This will be posted in a github repository, here:

https://github.com/ApertureLabsLtd/RFIDler

Hardware

The three devices we will produce are:

RFIDler-LF-Nekkid - The bare naked circuit board with built-in antenna, ready for you to populate the electronic components yourself.

RFIDler-LF-Lite - This is the board with only the low-level RFID communication components, to allow you to incorporate it into your own projects (e.g. controlling it with Arduino, Rasperry-pi, Beagle-Bone etc.), providing GPIO, power and clock interfaces only. Firmware can be ported from (and/or contributed to) the RFIDler repository, or write your own from scratch.

RFIDler-LF-Standard - This is the fully populated Low Frequency (125/134KHz) board with on-board processor that can be used as a stand-alone device for research and in-the-field testing etc., providing TTL and USB serial command line and API interfaces as well as raw GPIO, clock and power.

Your pledges will help us get this from working prototype to final production run, and incorporate where possible any cool ideas/features that we hadn't thought of, and bring Software Defined RFID to the masses!

The challenges we have left to complete are:

Processor selection - we've used the Pic32 as a proof-of-concept chip, but there may be others better suited to this kind of application. We will research and test 2 or 3 other chips before making a final decision.

Coil design - coils are almost as mysterious as RFID itself, so we need to try various designs to see which on-board and external coils give us the best performance across the target frequency ranges.

Final Board Layout - Layout the final boards and send to manufacturing.


Further Details

Here is Adam's blog entry on the subject:

http://adamsblog.aperturelabs.com/2013/08/rfidler-open-source-software-defined.html

And here is the prototype:

And here we are reading an Indala PSK tag:

The logic analyser trace shows that RFIDler is pulsing on the PSK Reader line whenever there is a phase change on the analogue line (the small green pulses are negative, and the large ones positive). All our software has to do is detect those pulses at each bit period, and clock out the data. The 'Bitstream' line shows the software bit value detection in action, as it's being driven by the UBW32 board. The other nice thing we can do in software is monitor the quality of the read: the width of the reader pulse will narrow as the coil goes in and out of the field, and the coils 'de-couple', so we can flag a read error when the pulse gets too narrow. This is important when you're looking at unknown tag types: the manufacturer may have a built-in parity or other data checks so their native reader knows when it's getting a good read, but we don't have the knowledge of the relevant algorithms, so cannot do the same. With this technique, we can easily filter out bad reads that will give us corrupt data.

Of course, as well as reading a tag, we want to be the tag, so here we are emulating PSK:

and we could do that for any bitrate, modulation scheme or data pattern (within reason), as well as have 2-way conversations (e.g. Hitag2).

So that brings us to where we are now...

Timeframe

We've allowed the following timeframes for each stage:

Project starts in October (assuming we get funded! :)

Full circuit design and CPU selection: 4 weeks, taking us to November.

Beta test phase: 6 weeks up to mid-December, then it's the Christmas & New Year break...

Final production run: 4 weeks starting in January, so we should be done by February.

We all know that in real life timescales slip, but since the underlying hardware is already proven in our prototype, and all we're really doing now is fine-tuning and incorporating feedback from the beta test, we expect this to be a fairly quick project!

Risks and challenges

We have great facilities in-house for prototyping electronic circuits, and so we expect the main challenges to have been worked out before we go to the trouble and expense of outside manufacturing. However, we also have a great relationship with our fab company, who we have used for several years on many successful projects, so we know they have the resources to get the job done.

We look forward to working with you! :)

Learn about accountability on Kickstarter

Questions about this project? Check out the FAQ

Support

  1. Select this reward

    Pledge £5 or more About $8

    Hall of Fame! Your name in the "BACKED-BY" file and a set of groovy RFIDler stickers!

    Less
    Estimated delivery
    Ships to Anywhere in the world
    1 backer
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  2. Select this reward

    Pledge £12 or more About $19

    Eary Bird Nekkid! Receive one final production run RFIDler-LF-Nekkid at the pre-production price of £12.00

    Less
    Estimated delivery
    Ships to Anywhere in the world
    Limited 9 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  3. Select this reward

    Pledge £14 or more About $22

    Nekkid and proud! You'll get one RFIDler-LF-Nekkid from the final production run.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  4. Select this reward

    Pledge £18 or more About $28

    Early Bird Lite! - Receive one final production run RFIDler-LF-Lite at the pre-production price of £18.00

    Less
    Estimated delivery
    Ships to Anywhere in the world
    Limited 11 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  5. Select this reward

    Pledge £20 or more About $31

    RFIDler-LF-Lite - Receive one final production run RFIDler-LF-Lite.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  6. Reward no longer available

    Pledge £24 or more About $38

    Early Bird! Get one fully populated final production run RFIDler-LF-Standard at the pre-production price of £24.00.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    Reward no longer available 300 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  7. Select this reward

    Pledge £28 or more About $44

    Skinny dipper! Receive one limited edition first-run Beta RFIDler-LF-Nekkid, and one final production run version.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    Limited 15 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  8. Select this reward

    Pledge £30 or more About $47

    RFIDler-LF-Standard - Get one final production run Standard board.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    143 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  9. Select this reward

    Pledge £36 or more About $56

    Beat my tester Lite! Help us get it right by being one of the one hundred testing the first run RFIDler-LF-Lite boards, and receive a final Lite version, possibly even incorporating all the great suggestions you made!

    Less
    Estimated delivery
    Ships to Anywhere in the world
    Limited 8 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  10. Reward no longer available

    Pledge £48 or more About $75

    Beat my tester! Help us get it right by being one of the one hundred testing the first run RFIDler-LF-Standard boards, and receive a final LF-Standard version, possibly even incorporating all the great suggestions you made!

    Less
    Estimated delivery
    Ships to Anywhere in the world
    Reward no longer available 100 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  11. Select this reward

    Pledge £50 or more About $78

    Prototyper - Get one RFIDler-LF-Standard and one RFIDler-LF-Lite from the final production run, for both in the field testing and embedding in your own project.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    72 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  12. Select this reward

    Pledge £64 or more About $100

    Prototyper Plus! - Get one RFIDler-LF-Standard, one RFIDler-LF-Lite and one RFIDler-LF-Nekkid from the final production run.

    Less
    Estimated delivery
    Ships to Anywhere in the world
    31 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  13. Select this reward

    Pledge £1,000 or more About $1,563

    One of the gang! You must really love us, because not only do you want 10 x RFIDler-LF-Standard first-run Beta boards and 10 of the final production run, but you're also prepared to fly the both of us out to your location for a full day's training for up to 10 people (you will need to pay our travel and lodging expenses, which, sadly, will not be a champagne-fueled pleasure cruise, but will be at least a business-class flight if it's long-haul (i.e. 4 hours or more)).

    Less
    Estimated delivery
    Ships to Anywhere in the world
    Limited 0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.

Funding period

- (30 days)