[Fabien] ran across a very, very inexpensive RFID reader on Deal Extreme a while ago and with money to burn, added it to his cart. When the USB RFID reader arrived, he noticed something fairly odd about it (French, Traduction). The RFID reader presented itself to his computer as a USB HID device that spit out characters into a text editor whenever an RFID card was waved above the coil. The only problem was these characters weren’t the hex values recorded on the RFID card. So what’s going on here?
As it turns out (Anglais), this random piece of Chinese electronica sends 10 bytes of data to the computer, just like this well-documented RFID reader. Apparently, both these RFID readers take the hex value of an RFID card, convert those bytes to base 10, and pass each digit through a lookup table. Exactly why it does this is anyone’s guess, but since [Fabien] figured out how it worked, he could also figure out how to reverse the process.
Unfortunately, the RFID reader in question is currently out of stock at Deal Extreme. Seeing as how most of the electronics available there are remarkably similar and differ only in the name printed on the enclosure, though, we wouldn’t be surprised if a nearly identical RFID reader was available elsewhere.
Subscribe for weekly videos
I have one of these and I want to make it work with my arduino.
Unfortunately I wasn’t successful because everywhere I read was that arduino isn’t capable of being a usb host.
Can I intercept the signal before it goes into the usb circuit?
You might be able to, someone figured out how to read the TTL serial signal before it got to the USB output stage of a different cheap Chinese RFID reader:
http://hackaday.com/2011/11/19/getting-useful-data-from-a-dirt-cheap-rfid-reader/
That reader for less than $10 inc. postage from China: http://www.ebay.co.uk/itm/290682700629
It’s probably easier to just get something for the Arduino board. http://www.instructables.com/id/Arduino-and-RFID-from-seeedstudio/
It may be that some of the more powerful arduinos can act as USB host.
See this project using a mega 32 as low speed host.
https://instruct1.cit.cornell.edu/courses/ee476/FinalProjects/s2007/blh36_cdl28_dct23/blh36_cdl28_dct23/index.html
(As noted in other responses, accessing serial probably easier.)
Well I have the exact same board, but I am not sure which connection he used for 5v and which is for RX?
I haven’t read either set of documentation (and I am definitely shooting in the dark here re: HID), but could it be the case that the RFID reader is sending the hex values, but the HID protocol simply interprets these as characters?
My name is “Fabien” not “Fabian” ;)
You can get these on ebay, pretty much all of the cheap RFID readers on ebay use this board (the ones with the black cases) a few things to note, first, the coils are bad. The one I ordered didn’t work at all with the stock coil.
Second there’s a footprint for a mini usb connector under the A socket on the board so you can replace the connector and use a standard cable (ie one that is compliant with the usb spec).
and third the unpopulated 4 pin header on the board seems to output serial data each time a tag is scanned (haven’t analysed this yet but there is defiantly some signal there there)
sold out probably because semi script kiddies found some potential uses that it could extract the exact number say for example a credit card that has paypass could then reveal the exact card number or the encrypted string insteadof hex
Or they could, you know, just read the front of the card.
I’m surprised the following doesn’t happen more often:
1. Work in restaurant.
2. Get phone, turn video on, stick in pocket.
3. Get card from customer.
4. Quickly check both sides of the card.
5. Review recorded footage, write down details (plus CVV on back).
6. Hell, you’ve even got their signature.
7. Bonus points for recording them entering the PIN.
8. Profit.
A bit more work than stealing underpants, and the phone could be any miniature camera, but you only hear of people using skimmers (swipe the card twice – once for you, once for the boss.)
Might explain the ‘my card details were stolen but it never left my sight’ stories.
The major card processors do frequency analysis and correlation of reported fraudulent charges. Large merchants (think Walmart or 7-11) get discounted processing rates by passing on an employee identifier with each swipe.
This.
Also, many companies also have crazy conditions set up where if your card is used in two places separated by X miles in Y hours the card will automatically be locked. Had a buddy get burned by that when his parents on the other side of the country randomly used his card number without permission minutes before he tried to buy textbooks for college. People with the brains and knowledge to use this kind of hackery to steal credit info are usually smart enough not to shit where they eat, ie steal while on the job.
I used to know someone in High School who pulled this exact scheme in the god ol’ days of the early 90s. Didn’t get too greedy and quit before he was *forced* to quit. These days you’d have to be crazy to try that crap, as someone else said, you don’t mess where you eat…. somewhat literally in this case.
Also, beware in places with high definition surveillance cameras, they could probably read the numbers right off the card as well. Actually read an interesting pen test where they shoulder surfed people’s passwords by hacking the surveillance camera system.
I suspect that I might microwave my credit card for a few seconds if it gets an RFID chip.
I have the same rfid reader bought from ebay($7.20). It’s very easy to read the keys with arduino. This dude did some hacking(http://thetransistor.com/2011/10/hacking-cheap-rfid-readers/) for a very similar rfid readerso i decided to give it a try.After connecting the reader to arduno and with his code i have been able to read the key numbers correctly. Apparently all of these Chinese readers have serial but they are sending values in some strange format. Overall a very nice and cheap rfid reader. I was able to read keys trough a 2cm wood table, perfect for rfid door lock :)
Using that information from that site I bought a reader of my own and got it working on a Picaxe microcontroller, very easily:
http://www.picaxeforum.co.uk/showthread.php?20044-Cheap-Chinese-125khz-RFID-reader-Picaxed
It includes better quality photographs of the reader and example code.
Can you provide a link for your model from ebay? I guess the one you have works great, right?
Here’s the link. http://www.ebay.com/itm/321014077334?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649
I already did a teardown and reverse engineering mir last year http://www.pcmx.de/?p=216
And a short Video http://www.youtube.com/watch?v=RcZI6fK948w
very nice !!
8H10D conversion rule: take last eight hexadecimal digits, 00 62 D9 B2, convert it to
maximum 10 decimal digits. http://www.batag.com/download/rfidreader/LF/RAD-A200-U00-125kHz.8H10D.EM.v1.6.pdf
its avaiable again… mine arrived today