Differenze tra le versioni di "125Khz RFID spoofing"

Versione delle 08:56, 8 apr 2019

Circuit schematics

List of materials:

an antenna (there are many 125khz antennas on e-bay)
Capacitor 1nF (maybe this value needs some tuning for the best resonance of the antenna)
4 diodes 1N4148
Resistor 100Kohm
zener diode 5.1v

Usage

Connect the two terminals of the circuit to GND and pin 12.

Compile and Load the code herebelow.

Open a serial terminal (9600 bit/s), e.g.

   screen /dev/ttyUSB0 9600

Type in 10 hexadecimal digits (characters are not echoed). (the code computes all the parity bits, both horizontal and vertical).

Code

#define coil_pin 12

char data[10];
int data_count =0;

unsigned char spoofed_card[64];

void setup()
{
        pinMode(coil_pin, OUTPUT);
        digitalWrite(coil_pin, LOW);
        Serial.begin(9600);
}

void loop()
{
        if(Serial.available()){
                char key = Serial.read();
                if(key != '\0') {
                        data[data_count] = key;
                        if(data_count == 9){
                                spoofcard();
                                data_count = 0;
                        } 
                        else
                                data_count ++;
                }
        }
}

int hexchar(char hexa)
{
  if (hexa >= '0' && hexa <= '9')
    return hexa - '0';
  else if (hexa >= 'A' && hexa <= 'F')
    return hexa - 'A' + 10;
  else if (hexa >= 'a' && hexa <= 'f')
    return hexa - 'a' + 10;
  else
    return 0;
}

//http://www.priority1design.com.au/em4100_protocol.html
void compute_em4100(char *in, unsigned char *out) {
  int i;
  int j;
  int parity;
  static const int prefix = 9;
  for (i = 0; i < prefix; i++)
    out[i] = 1;
  for (i = 0, j = prefix; i < 10; i++, j += 5) {
    int raw_data = hexchar(data[i]);
    out[j] = !!(raw_data & 8);
    out[j + 1] = !!(raw_data & 4);
    out[j + 2] = !!(raw_data & 2);
    out[j + 3] = !!(raw_data & 1);
  }
  for (i = 0 + prefix; i < 50 + prefix; i += 5) {
    for (parity = 0, j = 0; j < 4; j++)
      parity += spoofed_card[i + j];
    spoofed_card[i + j] = parity & 1;
  }
  for (i = 0 + prefix; i < 4 + prefix; i++) {
    for (parity = 0, j = 0; j < 50; j += 5)
      parity += spoofed_card[i + j];
    spoofed_card[i + j] = parity & 1;
  }
  out[63] = 0;
}

void spoofcard(){
        compute_em4100(data, spoofed_card);
        for(int h = 0; h < 50; h++)
                spoofnow();
}

void send_manchester(int clock_half, int signal)
{
        int man_encoded = clock_half ^ signal;

        if(man_encoded == 1)
                digitalWrite(coil_pin, LOW);
        else
                digitalWrite(coil_pin, HIGH);
}

void spoofnow(){
        for(int i = 0; i < 64; i++)
        {
                send_manchester(0, spoofed_card[i]);
                delayMicroseconds(256);
                send_manchester(1, spoofed_card[i]);
                delayMicroseconds(256);
        }
}

@@ Riga 32: / Riga 32: @@
 int data_count =0;
-int spoofed_card[64] = {1,1,1,1,1,1,1,1,1}; //header
+unsigned char spoofed_card[64];
 void setup()
@@ Riga 57: / Riga 57: @@
 }
-void compute_data(){
+int hexchar(char hexa)
-        // Compute raw data
+{
-        int data_iterator;
+  if (hexa >= '0' && hexa <= '9')
-        int bit;
+    return hexa - '0';
-        int bit_set;
+  else if (hexa >= 'A' && hexa <= 'F')
-        for(bit = 0, data_iterator = 0; bit < 59; bit += 5, data_iterator++){
+    return hexa - 'A' + 10;
-                int raw_data = HexToDec(data[data_iterator]);
+  else if (hexa >= 'a' && hexa <= 'f')
-                spoofed_card[bit+9] = !! (raw_data & 8);
+    return hexa - 'a' + 10;
-                spoofed_card[bit+10] = !! (raw_data & 4);
+  else
-                spoofed_card[bit+11] = !! (raw_data & 2);
+    return 0;
-                spoofed_card[bit+12] = !! (raw_data & 1);
+}
-        }
-        int i = 8;
-        // CRC ROW
-        for(int c = 3; c < 13; c++){
-                bit_set = 0;
-                for(i++; i < ((c * 5) - 2); i++)
-                        if(spoofed_card[i]) bit_set++;
-                spoofed_card[(c * 5)-2] = ((bit_set % 2) != 0);
-        }
-        // CRC COL
+//http://www.priority1design.com.au/em4100_protocol.html
-        for(int c = 0; c < 4; c++){
+void compute_em4100(char *in, unsigned char *out) {
-                bit_set = 0;
+  int i;
-                for(int a = 9; a < 55; a += 5){
+  int j;
-                        if(spoofed_card[a + c]) bit_set++;
+  int parity;
-                }
+  static const int prefix = 9;
-                spoofed_card[c + 59] = ((bit_set % 2) != 0);
+  for (i = 0; i < prefix; i++)
-        }
+    out[i] = 1;
+  for (i = 0, j = prefix; i < 10; i++, j += 5) {
+    int raw_data = hexchar(data[i]);
+    out[j] = !!(raw_data & 8);
+    out[j + 1] = !!(raw_data & 4);
+    out[j + 2] = !!(raw_data & 2);
+    out[j + 3] = !!(raw_data & 1);
+  }
+  for (i = 0 + prefix; i < 50 + prefix; i += 5) {
+    for (parity = 0, j = 0; j < 4; j++)
+      parity += spoofed_card[i + j];
+    spoofed_card[i + j] = parity & 1;
+  }
+  for (i = 0 + prefix; i < 4 + prefix; i++) {
+    for (parity = 0, j = 0; j < 50; j += 5)
+      parity += spoofed_card[i + j];
+    spoofed_card[i + j] = parity & 1;
+  }
+  out[63] = 0;
 }
 void spoofcard(){
-         compute_data();
+         compute_em4100(data, spoofed_card);
          for(int h = 0; h < 50; h++)
                  spoofnow();
@@ Riga 113: / Riga 121: @@
                  delayMicroseconds(256);
          }
-}
-int HexToDec(char hexa)
-{
-        if (hexa >= '0' && hexa <= '9')
-                return hexa - '0';
-        else if (hexa >= 'A' && hexa <= 'F')
-                return hexa - 'A' + 10;
-        else if (hexa >= 'a' && hexa <= 'f')
-                return hexa - 'a' + 10;
-        else
-                return 0;
 }
 </pre>

Differenze tra le versioni di "125Khz RFID spoofing"

Versione delle 08:56, 8 apr 2019

Circuit schematics

Usage

Code

Menu di navigazione

Ricerca