125Khz RFID spoofing
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Circuit schematics
List of materials:
- an antenna (there are many 125khz antennas on e-bay)
- Capacitor 1nF (maybe this value must be tuned for the best resonance of the antenna)
- 4 diodes 1N4148
- Resistor 100Kohm
- zener diode 5.1v
Usage
Connect the two terminals of the circuit to GND and pin 12.
Compile and Load the code herebelow.
Open a serial terminal (9600 bit/s), e.g.
screen /dev/ttyUSB0 9600
Type in 10 hexadecimal digits (characters are not echoed). (the code computes all the parity bits, both horizontal and vertical).
Code
#define coil_pin 12
char data[10];
int data_count =0;
int spoofed_card[64] = {1,1,1,1,1,1,1,1,1}; //header
void setup()
{
pinMode(coil_pin, OUTPUT);
digitalWrite(coil_pin, LOW);
Serial.begin(9600);
}
void loop()
{
if(Serial.available()){
char key = Serial.read();
if(key != '\0') {
data[data_count] = key;
if(data_count == 9){
spoofcard();
data_count = 0;
}
else
data_count ++;
}
}
}
void compute_data(){
// Compute raw data
int data_iterator;
int bit;
int bit_set;
for(bit = 0, data_iterator = 0; bit < 59; bit += 5, data_iterator++){
int raw_data = HexToDec(data[data_iterator]);
spoofed_card[bit+9] = !! (raw_data & 8);
spoofed_card[bit+10] = !! (raw_data & 4);
spoofed_card[bit+11] = !! (raw_data & 2);
spoofed_card[bit+12] = !! (raw_data & 1);
}
int i = 8;
// CRC ROW
for(int c = 3; c < 13; c++){
bit_set = 0;
for(i++; i < ((c * 5) - 2); i++)
if(spoofed_card[i]) bit_set++;
spoofed_card[(c * 5)-2] = ((bit_set % 2) != 0);
}
// CRC COL
for(int c = 0; c < 4; c++){
bit_set = 0;
for(int a = 9; a < 55; a += 5){
if(spoofed_card[a + c]) bit_set++;
}
spoofed_card[c + 59] = ((bit_set % 2) != 0);
}
}
void spoofcard(){
compute_data();
for(int h = 0; h < 50; h++)
spoofnow();
}
void send_manchester(int clock_half, int signal)
{
int man_encoded = clock_half ^ signal;
if(man_encoded == 1)
digitalWrite(coil_pin, LOW);
else
digitalWrite(coil_pin, HIGH);
}
void spoofnow(){
for(int i = 0; i < 64; i++)
{
send_manchester(0, spoofed_card[i]);
delayMicroseconds(256);
send_manchester(1, spoofed_card[i]);
delayMicroseconds(256);
}
}
int HexToDec(char hexa)
{
if (hexa >= '0' && hexa <= '9')
return hexa - '0';
else if (hexa >= 'A' && hexa <= 'F')
return hexa - 'A' + 10;
else if (hexa >= 'a' && hexa <= 'f')
return hexa - 'a' + 10;
else
return 0;
}