Turning an $8 RFID reader into something useful

RFID

[Fabien] ran across a very, very inexpensive RFID reader on Deal Extreme a while ago and with money to burn, added it to his cart. When the USB RFID reader arrived, he noticed something fairly odd about it (French, Traduction). The RFID reader presented itself to his computer as a USB HID device that spit out characters into a text editor whenever an RFID card was waved above the coil. The only problem was these characters weren’t the hex values recorded on the RFID card. So what’s going on here?

As it turns out (Anglais), this random piece of Chinese electronica sends 10 bytes of data to the computer, just like this well-documented RFID reader. Apparently, both these RFID readers take the hex value of an RFID card, convert those bytes to base 10, and pass each digit through a lookup table. Exactly why it does this is anyone’s guess, but since [Fabien] figured out how it worked, he could also figure out how to reverse the process.

Unfortunately, the RFID reader in question is currently out of stock at Deal Extreme. Seeing as how most of the electronics available there are remarkably similar and differ only in the name printed on the enclosure, though, we wouldn’t be surprised if a nearly identical RFID reader was available elsewhere.

Comments

  1. a3 says:

    I have one of these and I want to make it work with my arduino.

    Unfortunately I wasn’t successful because everywhere I read was that arduino isn’t capable of being a usb host.

    Can I intercept the signal before it goes into the usb circuit?

  2. mental2k says:

    I haven’t read either set of documentation (and I am definitely shooting in the dark here re: HID), but could it be the case that the RFID reader is sending the hex values, but the HID protocol simply interprets these as characters?

  3. skywodd says:

    My name is “Fabien” not “Fabian” ;)

  4. Hyena-Of-Doom says:

    You can get these on ebay, pretty much all of the cheap RFID readers on ebay use this board (the ones with the black cases) a few things to note, first, the coils are bad. The one I ordered didn’t work at all with the stock coil.
    Second there’s a footprint for a mini usb connector under the A socket on the board so you can replace the connector and use a standard cable (ie one that is compliant with the usb spec).
    and third the unpopulated 4 pin header on the board seems to output serial data each time a tag is scanned (haven’t analysed this yet but there is defiantly some signal there there)

  5. ejonesss says:

    sold out probably because semi script kiddies found some potential uses that it could extract the exact number say for example a credit card that has paypass could then reveal the exact card number or the encrypted string insteadof hex

    • Moses says:

      Or they could, you know, just read the front of the card.

      • Tony says:

        I’m surprised the following doesn’t happen more often:

        1. Work in restaurant.
        2. Get phone, turn video on, stick in pocket.
        3. Get card from customer.
        4. Quickly check both sides of the card.
        5. Review recorded footage, write down details (plus CVV on back).
        6. Hell, you’ve even got their signature.
        7. Bonus points for recording them entering the PIN.
        8. Profit.

        A bit more work than stealing underpants, and the phone could be any miniature camera, but you only hear of people using skimmers (swipe the card twice – once for you, once for the boss.)

        Might explain the ‘my card details were stolen but it never left my sight’ stories.

        • Mike says:

          The major card processors do frequency analysis and correlation of reported fraudulent charges. Large merchants (think Walmart or 7-11) get discounted processing rates by passing on an employee identifier with each swipe.

          • Blue Footed Booby says:

            This.

            Also, many companies also have crazy conditions set up where if your card is used in two places separated by X miles in Y hours the card will automatically be locked. Had a buddy get burned by that when his parents on the other side of the country randomly used his card number without permission minutes before he tried to buy textbooks for college. People with the brains and knowledge to use this kind of hackery to steal credit info are usually smart enough not to shit where they eat, ie steal while on the job.

        • kitsune361 says:

          I used to know someone in High School who pulled this exact scheme in the god ol’ days of the early 90s. Didn’t get too greedy and quit before he was *forced* to quit. These days you’d have to be crazy to try that crap, as someone else said, you don’t mess where you eat…. somewhat literally in this case.

          Also, beware in places with high definition surveillance cameras, they could probably read the numbers right off the card as well. Actually read an interesting pen test where they shoulder surfed people’s passwords by hacking the surveillance camera system.

    • Julian says:

      I suspect that I might microwave my credit card for a few seconds if it gets an RFID chip.

  6. wity says:

    I have the same rfid reader bought from ebay($7.20). It’s very easy to read the keys with arduino. This dude did some hacking(http://thetransistor.com/2011/10/hacking-cheap-rfid-readers/) for a very similar rfid readerso i decided to give it a try.After connecting the reader to arduno and with his code i have been able to read the key numbers correctly. Apparently all of these Chinese readers have serial but they are sending values in some strange format. Overall a very nice and cheap rfid reader. I was able to read keys trough a 2cm wood table, perfect for rfid door lock :)

  7. MasterFX says:

    I already did a teardown and reverse engineering mir last year http://www.pcmx.de/?p=216

  8. illwill says:

    8H10D conversion rule: take last eight hexadecimal digits, 00 62 D9 B2, convert it to
    maximum 10 decimal digits. http://www.batag.com/download/rfidreader/LF/RAD-A200-U00-125kHz.8H10D.EM.v1.6.pdf

  9. sjkkjdf says:

    its avaiable again… mine arrived today

  10. Phil North says:

    Came across your site when searching for RFID. Waaay too techie for me. However, maybe you bright sparks can help. Some New Zealand government idiot who had nothing better to do came up with a new law that all cattle and deer had to have RFID tags in their ears, and any time they are moved to another property, you have to send a report in with the 22 digit number for each animal. Nice, especially when they control the sale of the tags. Scanners are selling for crazy money, and farmers and livestock agents are furious. Need to connect a RFID reader to a cell phone, produce a csv of the numbers scanned, then send it in. Any ideas?

  11. Aleza says:

    I didnt got how he got to fix it, I did a new software? I just found the way to transfome into hex?

    Will this one work with no fixes: http://dx.com/p/usb-rf-id-card-reader-black-174273 ?

    Also: item is back on stock (http://dx.com/p/intelligent-id-card-usb-reader-174455)

    Is it possible to hack the antenna a make a bigger one? (like 1meter diammeter?)

  12. Hesham says:

    i am using AliExpress

    http://www.aliexpress.com/wholesale?SearchText=uart+rfid

    you can find many modules here better prices than DX ;)
    what i am wondering is there any similar module can support HID Cards ??!!!

  13. Brecht says:

    Would it be possible to use this with an android tablet?
    I would like to use this as a lap counter for running, using the tablet as a display for lap times and numbers.
    Could this be accomplished with a simple app?

  14. wansie says:

    Would it be possible to use this as a lap tracker in combination with an android tablet?
    Like with a simple usb cable and an app that shows lap times and numbers?

  15. Alex says:

    Would it be possible to attach this to a safe and use a specefic chip to unlock the safe?

  16. LOLA says:

    how can i turn a reader i already have into a writer?PLEASE HELP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,409 other followers