125Khz RFID spoofing
Jump to navigation
Jump to search
Circuit schematics
List of materials:
- an antenna (there are many 125khz antennas on e-bay)
- Capacitor 1nF (maybe this value needs some tuning for the best resonance of the antenna)
- 4 diodes 1N4148
- Resistor 100Kohm
- zener diode 5.1v
Usage
Connect the two terminals of the circuit to GND and pin 12.
Compile and Load the code herebelow.
Open a serial terminal (9600 bit/s), e.g.
screen /dev/ttyUSB0 9600
Type in 10 hexadecimal digits (characters are not echoed). (the code computes all the parity bits, both horizontal and vertical).
Code
#define coil_pin 12
char data[10];
int data_count =0;
unsigned char spoofed_card[64];
void setup()
{
pinMode(coil_pin, OUTPUT);
digitalWrite(coil_pin, LOW);
Serial.begin(9600);
}
void loop()
{
if(Serial.available()){
char key = Serial.read();
if(key != '\0') {
data[data_count] = key;
if(data_count == 9){
spoofcard();
data_count = 0;
}
else
data_count ++;
}
}
}
int hexchar(char hexa)
{
if (hexa >= '0' && hexa <= '9')
return hexa - '0';
else if (hexa >= 'A' && hexa <= 'F')
return hexa - 'A' + 10;
else if (hexa >= 'a' && hexa <= 'f')
return hexa - 'a' + 10;
else
return 0;
}
//http://www.priority1design.com.au/em4100_protocol.html
void compute_em4100(char *in, unsigned char *out) {
int i;
int j;
int parity;
static const int prefix = 9;
for (i = 0; i < prefix; i++)
out[i] = 1;
for (i = 0, j = prefix; i < 10; i++, j += 5) {
int raw_data = hexchar(data[i]);
out[j] = !!(raw_data & 8);
out[j + 1] = !!(raw_data & 4);
out[j + 2] = !!(raw_data & 2);
out[j + 3] = !!(raw_data & 1);
}
for (i = 0 + prefix; i < 50 + prefix; i += 5) {
for (parity = 0, j = 0; j < 4; j++)
parity += spoofed_card[i + j];
spoofed_card[i + j] = parity & 1;
}
for (i = 0 + prefix; i < 4 + prefix; i++) {
for (parity = 0, j = 0; j < 50; j += 5)
parity += spoofed_card[i + j];
spoofed_card[i + j] = parity & 1;
}
out[63] = 0;
}
void spoofcard(){
compute_em4100(data, spoofed_card);
for(int h = 0; h < 50; h++)
spoofnow();
}
void send_manchester(int clock_half, int signal)
{
int man_encoded = clock_half ^ signal;
if(man_encoded == 1)
digitalWrite(coil_pin, LOW);
else
digitalWrite(coil_pin, HIGH);
}
void spoofnow(){
for(int i = 0; i < 64; i++)
{
send_manchester(0, spoofed_card[i]);
delayMicroseconds(256);
send_manchester(1, spoofed_card[i]);
delayMicroseconds(256);
}
}