Share this project


Share this project

RFIDler (RFID Low-frequency Emulator & Reader). An open platform RFID reader/writer/emulator that can operate in the 125-134 KHz range.
695 backers pledged £28,377 to help bring this project to life.

Looks like it's going to happen!

Posted by Aperture Labs Ltd. (Creator)

Firstly, we can't believe how quickly you came on board and got us to our funding goal! A great big thank you to all of you for your support and for such a great confidence booster. We really look forward to getting started!

So much so, in fact, that we're already hard at it... Zac's busy working on the hardware, and I've been implementing some low level commands that I'll refer to as 'primitives'. The idea here is to provide functionality for testing and playing with tags from the CLI without having to write any code...

For example, we've already discussed the way a reader 'talks' to a tag by interrupting its carrier signal to send PWM commands, so we've created a simple command called 'RWD'. This is short for 'Read Write Device', and is a term often used in the tag datasheets to describe the reader, so it seemed an appropriate handle.

The way it works is simple: tell it the command you want to send and some timing values and off it goes. You can play around with different commands to read or write raw data, and once you're happy, maybe wrap it in an external API program or even add it to the core firmware if it's particularly useful...

Here's an example, using my car keys as the source of the tag:

I happen to know this particular vehicle uses Hitag2 standard tags, so I can just refer to the datasheet to get timings etc. If I place the tag on the reader and generate a 125kHz clock, I can see that nothing happens:

 The green section is my clock/carrier, and the red is RFIDler's output. We are getting no output because the Hitag2 needs a 'wakeup' command before it will respond by sending its UID. According to the datasheet:

"After an instruction START_AUTH from the read/write device (RWD) all transponders (TAGs) in the field respond with a start sequence (5 bits “1“) followed by their 32 bit serial number."

the command 'START_AUTH' is a binary 11000, so all we need to know is the correct values for the timings in order to send ones and zeroes, and we should be able to create the command and get a response from the tag.  Again, according to the dataseet, the base unit of timing 'T0' is 8 microseconds, and a '0' is a pulse of 22 x T0 (176 uS), a '1' a pulse of 28 x T0 (224 uS), and the gap between bits is a silence of 6 x T0 (48 uS). We also need to allow 3200 uS after powerup for the tag to be fully operational. So giving these values to the RWD command:

 We can now see some response:

 The tag has seen our 'START_AUTH' command, and responded as expected with its UID (don't worry that the response is not very tidy - I'm using an early prototype here and I'm not really too fussed about the data itself - just making sure I get something back to confirm the tag is reading my commands).


Only backers can post comments. Log In