RFIDler (RFID Low-frequency Emulator & Reader). An open platform RFID reader/writer/emulator that can operate in the 125-134 KHz range.
So when it came to looking at RFID for a recent engagement, we decided to see if we couldn't apply the same thinking to that technology. And guess what? Yes, you can!
One of our team, Adam Laurie (aka Code Monkey), has spent many years playing with RFID, and is the author of RFIDIOt, the open-source RFID python software library, so is very familiar with the higher-level challenges associated with these devices. However, a complete understanding of what goes on 'under the hood' is harder to come by, and it was only when he teamed up with Chip Monkey, Zac Franken, who has been hardware hacking and pulling things to bits (and putting them back together so they do something much more fun) since he was big enough to hold a screwdriver, that the full picture started to emerge...
To produce a tool for Low Frequency (125-134Khz) RFID research projects, as well as a cut-down (Lite) version that can be embedded into your own hardware projects. The fully featured version we hope to bring in for around £30.00, and the Lite version for under £20.00.
We have written extensive firmware which includes a user interface and an API to allow easy use of the system and to allow you to explore, read and emulate a wide range of low frequency RFID tags.
- Utilise ANY modulation scheme, including bi-directional protocols
- Write data to tag
- Read data from tag
- Emulate tag
- Sniff conversations between external reader & tag
- Provide raw as well as decoded data
- Built-in antenna
- External antenna connection
- USB power and user interface
- TTL interface
- GPIO interface
- JTAG interface for programming
- USB Bootloader for easy firmware updating
- External CLOCK interface if not using processor
- External power connector if not using USB
The hardware gives you the capability to read/write/emulate more or less any LF tag, but we've also taken the hard work out of most of them by implementing all the tag types we can find in the public domain. These include:
- EM4102 / Unique
- Hitag 1/2/S
- FDX-B (ISO 11784/5 Animal Standard)
- HID Prox
- NXP PCF7931
- Texas Instruments
We have working firmware that proves the concept, and we will continue to develop the code to provide both command line interface and API for end-user applications. This will be posted in a github repository, here:
The three devices we will produce are:
RFIDler-LF-Nekkid - The bare naked circuit board with built-in antenna, ready for you to populate the electronic components yourself.
RFIDler-LF-Lite - This is the board with only the low-level RFID communication components, to allow you to incorporate it into your own projects (e.g. controlling it with Arduino, Rasperry-pi, Beagle-Bone etc.), providing GPIO, power and clock interfaces only. Firmware can be ported from (and/or contributed to) the RFIDler repository, or write your own from scratch.
RFIDler-LF-Standard - This is the fully populated Low Frequency (125/134KHz) board with on-board processor that can be used as a stand-alone device for research and in-the-field testing etc., providing TTL and USB serial command line and API interfaces as well as raw GPIO, clock and power.
Your pledges will help us get this from working prototype to final production run, and incorporate where possible any cool ideas/features that we hadn't thought of, and bring Software Defined RFID to the masses!
The challenges we have left to complete are:
Processor selection - we've used the Pic32 as a proof-of-concept chip, but there may be others better suited to this kind of application. We will research and test 2 or 3 other chips before making a final decision.
Coil design - coils are almost as mysterious as RFID itself, so we need to try various designs to see which on-board and external coils give us the best performance across the target frequency ranges.
Final Board Layout - Layout the final boards and send to manufacturing.
Here is Adam's blog entry on the subject:
And here is the prototype:
And here we are reading an Indala PSK tag:
The logic analyser trace shows that RFIDler is pulsing on the PSK Reader line whenever there is a phase change on the analogue line (the small green pulses are negative, and the large ones positive). All our software has to do is detect those pulses at each bit period, and clock out the data. The 'Bitstream' line shows the software bit value detection in action, as it's being driven by the UBW32 board. The other nice thing we can do in software is monitor the quality of the read: the width of the reader pulse will narrow as the coil goes in and out of the field, and the coils 'de-couple', so we can flag a read error when the pulse gets too narrow. This is important when you're looking at unknown tag types: the manufacturer may have a built-in parity or other data checks so their native reader knows when it's getting a good read, but we don't have the knowledge of the relevant algorithms, so cannot do the same. With this technique, we can easily filter out bad reads that will give us corrupt data.
Of course, as well as reading a tag, we want to be the tag, so here we are emulating PSK:
and we could do that for any bitrate, modulation scheme or data pattern (within reason), as well as have 2-way conversations (e.g. Hitag2).
So that brings us to where we are now...
We've allowed the following timeframes for each stage:
Project starts in October (assuming we get funded! :)
Full circuit design and CPU selection: 4 weeks, taking us to November.
Beta test phase: 6 weeks up to mid-December, then it's the Christmas & New Year break...
Final production run: 4 weeks starting in January, so we should be done by February.
We all know that in real life timescales slip, but since the underlying hardware is already proven in our prototype, and all we're really doing now is fine-tuning and incorporating feedback from the beta test, we expect this to be a fairly quick project!
Risks and challenges Learn about accountability on Kickstarter
We have great facilities in-house for prototyping electronic circuits, and so we expect the main challenges to have been worked out before we go to the trouble and expense of outside manufacturing. However, we also have a great relationship with our fab company, who we have used for several years on many successful projects, so we know they have the resources to get the job done.
We look forward to working with you! :)
Yes, we will be looking at 13.56 MHz as soon as this project is complete. One of our main aims is to keep this simple and cheap, so we're trying not to cram too much in to the first version and avoid too much "feature creep", so there is currently no plan to combine the two into one device.
Yes, as long as you have enough information about the tag's operating frequency and modulation scheme, command parameters and timings etc. (and it's within the supported frequency range for the antenna), it should be possible to implement support for more or less any new tag.
The CLI and API are presented over USB Serial, so by default RFIDler can be driven from any platform that supports USB Serial. Since the USB interface is itself a firmware implementation, it would also be possible to flash it with your own interface (e.g. convert it to a HID device), or even to use some other I/O lines such as TTL, I2C etc. should you so desire.
We are planning for it to go into full production once the project is complete, so yes, you should be able to purchase one later. We would like you to be part of the group that help us get it launched though, so why not sign up now? Go on... You know you want to! :)
I backed the project but wasn't asked for any shipping info! How will you know where to send my device?
Once the funding period ends we will send out a survey to collect all that information. Thank you for being a backer!
seconds to go
Pledge £5 or moreYou selected
Hall of Fame! Your name in the "BACKED-BY" file and a set of groovy RFIDler stickers!Estimated delivery:Add £3 to ship outside the UK
Pledge £12 or moreYou selected
9 backers Limited (291 left of 300)
Eary Bird Nekkid! Receive one final production run RFIDler-LF-Nekkid at the pre-production price of £12.00Estimated delivery:Add £8 to ship outside the UK
Pledge £14 or moreYou selected
Nekkid and proud! You'll get one RFIDler-LF-Nekkid from the final production run.Estimated delivery:Add £8 to ship outside the UK
Pledge £18 or moreYou selected
11 backers Limited (289 left of 300)
Early Bird Lite! - Receive one final production run RFIDler-LF-Lite at the pre-production price of £18.00Estimated delivery:Add £8 to ship outside the UK
Pledge £20 or moreYou selected
RFIDler-LF-Lite - Receive one final production run RFIDler-LF-Lite.Estimated delivery:Add £8 to ship outside the UK
Pledge £24 or moreYou selected
300 backers All gone!
Early Bird! Get one fully populated final production run RFIDler-LF-Standard at the pre-production price of £24.00.Estimated delivery:Add £8 to ship outside the UK
Pledge £28 or moreYou selected
15 backers Limited (85 left of 100)
Skinny dipper! Receive one limited edition first-run Beta RFIDler-LF-Nekkid, and one final production run version.Estimated delivery:Add £16 to ship outside the UK
Pledge £30 or moreYou selected
RFIDler-LF-Standard - Get one final production run Standard board.Estimated delivery:Add £8 to ship outside the UK
Pledge £36 or moreYou selected
8 backers Limited (92 left of 100)
Beat my tester Lite! Help us get it right by being one of the one hundred testing the first run RFIDler-LF-Lite boards, and receive a final Lite version, possibly even incorporating all the great suggestions you made!Estimated delivery:Add £16 to ship outside the UK
Pledge £48 or moreYou selected
100 backers All gone!
Beat my tester! Help us get it right by being one of the one hundred testing the first run RFIDler-LF-Standard boards, and receive a final LF-Standard version, possibly even incorporating all the great suggestions you made!Estimated delivery:Add £16 to ship outside the UK
Pledge £50 or moreYou selected
Prototyper - Get one RFIDler-LF-Standard and one RFIDler-LF-Lite from the final production run, for both in the field testing and embedding in your own project.Estimated delivery:Add £8 to ship outside the UK
Pledge £64 or moreYou selected
Prototyper Plus! - Get one RFIDler-LF-Standard, one RFIDler-LF-Lite and one RFIDler-LF-Nekkid from the final production run.Estimated delivery:Add £8 to ship outside the UK
Pledge £1,000 or moreYou selected
0 backers Limited (4 left of 4)
One of the gang! You must really love us, because not only do you want 10 x RFIDler-LF-Standard first-run Beta boards and 10 of the final production run, but you're also prepared to fly the both of us out to your location for a full day's training for up to 10 people (you will need to pay our travel and lodging expenses, which, sadly, will not be a champagne-fueled pleasure cruise, but will be at least a business-class flight if it's long-haul (i.e. 4 hours or more)).Estimated delivery:
- (30 days)