Barebones PIC RFID tag

An inductor and 8-pin microcontroller are all that make up this barebones RFID tag. You might have done a double-take when first seeing the image above. After all, there’s nothing hooked up to the power and ground pins on the chip. As [Ramiro Pareja] explains in his post, the power is actually supplied via the I/O pins to which the inductor is soldered. It seems that each I/O pin has a parasite capacitor and a pair of clamping diodes inside the chip. When the AC current that is induced by the magnetic field of the RFID reader hits those pins, the capacitors charge and the clamping diodes form a bridge rectifier. This results in power being injected into the chip, which turns around and sends the RFID code back through the inductor.

This isn’t the first time that we’ve seen this concept. We featured a hack that is exactly the same except it used an AVR chip. This one uses a PIC 12F683 but should work with just about any 12F or 16F model. The code is written in Assembly and shouldn’t need any changes for different hardware. [Ramiro] does talk a bit about adding a decoupling capacitor to Vss and Vdd, as well as a tuning capacitor to the two I/O pins used above to help make the device a little more robust. But, as you can see in the video after the break, it works just fine without them.

[Thanks Conundrum]

Comments

  1. NatureTM says:

    really!?!?!? wow.

  2. chango says:

    I wonder what the minimum PIC you can do this with is… 10F200 at 256 words is probably not going to cut it once the macro is unrolled. But that’s not to say you can’t do this programmatically on the micro.

  3. Thopter says:

    That’s not a resistor?

  4. Marcus Porter says:

    It’s worth noting that all RFIDs are like this, getting their power over the air from the reader. It’s neat having this illustrated so plainly here, and that a micro-controller can run on this power.

    • tulcod says:

      Of even more interest is the fact that they get their power on a separate wave. One radiowave is for power, another frequency for the actual data. Or at least that’s what I was told.

      • wernicke says:

        Marcus,
        not exactly true. Active RFID tags use a power source… generally for longer range reading.
        http://www.rfidjournal.com/faq/18/68

        In my experience, however, passive tags are much more common. This hack is a great example of how a ‘normal’ passive tag works (without the fancy antenna)

        tulcod,
        kinda true, kinda not. The data is modulated on a carrier. That carrier wave provides power to the transceiver. When you hear about 125khz or 13.56Mhz RFID, they’re talking about the carrier frequency.

  5. Lee says:

    I live in the San Francisco Bay Area and was wondering if anyone’s been successful at executing a replay type attack on the clipper rfid system.

  6. Erik Johnson says:

    @Lee All you need to do is have a recorder playback the BEEP sound. There are no validation lights and the bus/train driver doesn’t have any indicator that I’ve noticed.
    This won’t work in BART though…

  7. jbb says:

    I’m really impressed that it can be done with so few components. I could suggest two modifications: 1) add a little capacitor (maybe 1nF?) between GND and VCC on the PIC to provide a little bit more reserve power.
    2) for improved range use an external Schottky diode rectifier, which will waste less energy than the internal CMOS protection diodes.

  8. Temperature sensor anyone?

    You could use one of the spare outputs to charge up an ORB cell (basically a posh supercapacitor) that then runs the PIC at minimal clock rate.
    This could then run the A-D, take a sample and store it to working memory until the chip is scanned.

    I think it is possible to use the 10F20x but the code would also need to synchronise to the incoming clock (perhaps use OSCCAL?) to get it to read.

    Another interesting idea, use a reverse biased LED driven via a second inductor from one of the spare outputs to tune the circuit in order to make it work more reliably at extreme range.

  9. zuul says:

    saw the pic, loled

  10. Smoking says:

    Will someting like this also work for mifare s70 cards? Other chip / antenna?

  11. xorpunk says:

    Any of these chips capable of decent sized math? You could do security protocols for things like car keys.

  12. Dude says:

    “The code is written in Assembly and shouldn’t need any changes for different hardware”

    Yea thats why we choose to deal with slowdown and wordy high level languages, cause ASM is totally portable…

    • MrX says:

      “The code is written in Assembly and shouldn’t need any changes for different hardware”
      For different hardware .. from PIC, that’s what I understand of it. Other than that, thank you for stating the obvious, I’m sure you are really smart…

  13. RapidPrototype says:

    I would never use RFID for anything it is weak nobody out there had ever convinced me that the system could be secure using physical or in code i keep my passport and bank cards in shielded wallets i admire the effort to refine it but it is more of a challenge to create a system that cannot be compromised (cloned).

  14. Mental2k says:

    This has given me a couple of ideas, firstly how compact could it be made? Incorporating this into a wrist strap would save me getting my wallet out when I’m working late and I invariably forget i need to use 3 times to get to my desk. So cloning my access card would be good.

    Also a digital key ring could possibly made add a push button to cycle through different cards, very handy, if the chip has the headroom.

  15. that1guy says:

    Does this PIC not have a master clear pin (MCLR) that needs to be held high? Or maybe that was disabled in software. Pretty cool little trick.

  16. luckycharms says:

    cost?

  17. nono33 says:

    It think using a normal rfid coil and a capacitance to make it resonate, the reading distance could be improved quite a bit.

  18. gdogg says:

    Very cool, but his site has been suspended. SUSPICIOUS!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,041 other followers