It’s kind of a convoluted title, but [Hudson’s] attempt to replace multiple HID Prox cards with one AVR chip didn’t fully pan out. The project started when he wanted to reduce the number of RFID access cards he carries for work down to just one. The cards use the HID Proximity protocol which is just a bit different from the protocols used in most of the hobby RFID projects we see. He ended up taking an AVR assembly file that worked with a different protocol and edited it for his needs.
The device above is the complete replacement tag [Hudson] used. It’s just an AVR ATtiny85 and a coil made of enameled wire. The coil pics up current from the card reader’s magnetic field, and powers the chip through the leakage on the input pins (we’ve seen this trick a few times before). The idea he had was to store multiple codes on the device and send them all in a row. He was able to get the tag to work for just one code, but the particulars of the HID Prox reader make it difficult if not impossible to send multiple codes. The card must send the same code twice in a row, then be removed from the magnetic field before the reader will poll for another combination.
Just a quick question. Considering this is going to go into a small plastic enclosure instead of a regular pvc plastic card. Why not design a circuit that emulates the specific code to a button? As you scan, you complete the circuit by pressing the button in relation to which access door you are entering.
Or you could do a sequential scanning technique. Where you scan a variety of times until the RFID protocol picks up the the correct key.
pretty sure they did implement this king of procedure as protection against brute forcing
It makes sense… like putting a time-out on login attempts.
Or better yet, have a nc button between the chip and the coil. When one code fails, press the button, the chip powers off, then goes on to the next code.
Hey, if nothing at all, I imagine it was a good learning experience! Perhaps you could write a byte to the EEPROM with the “card” that you last tried, so the next time it powers up it reads the EEPROM for the last card, adds one and tries the card at that index? That way it would advance during power-down state.
Very cool, regardless.
I doubt it. Writing to eeprom need more current, a few mA. I don’t think the induced current is strong enough. By the way I new there was protecting Schottkey diode pair on each input of MCU but it never occured to me connecting ac voltage between two pins will make those 4 diodes togethers act as full bridge rectifier. So if someone need a low power/low voltage full bridge rectifier he can pickup a small MCU, no need to program it, just putting a filtering capacitor between Vdd and Vss and its done.
I’d put a tiny FET on the AVR supply, then send each individual code at the required interval, turn off the AVR (FET), wait then power up with the next code top be tried.
Any reason this wouldn;t work?
The reader can’t know there’s an unpowered CPU in the field.
As as there is no current drawn from the coil. But if there is current draw by the coil it coult be sensed by the transmitter. There no free lunch this power comes from the transmitter.
Maybe you could have a system where holding one of several buttons down before scanning caused a particular code to be sent?
Or connect it to your GSM and use it’s GPS position to dictate which rfid code to put out.
By GSM I mean mobile phone (sorry i’m Dutch)
This would explain why my T5557-based atempt at multi-card HID cards didn’t work.
I see a coil, no flyback(flybacks leakage might be to high ?)… considering a short lifetime ?
Did you read the project? It’s an RFID tag. The coil is the power source for the device and barely catches enough power to run the AVR as it is. The ESD diodes in the chip are more than enough rectification to work with here.
Or have a membrane switch for each code you want and press and hold before you put the card into the field and have the avr read the array of buttons then transmit the code for the button pressed. Maybe combine the last RFID clone feature by holding down a program button at the same time the location you want to place the code. hold the multipass to the reader then present the orig card.
With that being said you could make it look like a ID badge and use it to skim a valid card at the same time the valid card is presented to the reader. The average user wouldn’t be the wiser.
“Leeloo multipass! Yes, yes, he knows it’s a multipass. Muuuuuuultipass!”
This. I like this idea.
Good thing he didnt succeed. If he did and his employer would find out it’s quite likely he wouldn’t need any access-cards in the near future.
Punishing people for insecure systems… that is a wise solution indeed.
On the other hand, we have chip-and-pin, and of-course it is secure.
We live in a sad world.
If that is a concern he could always explain what he is intending and ask permission first. Really, there is no reason an employer should get upset over this. After all, he is only duplicating his own code. Were he fired or quit they would deactivate that code right?!? If not, well, that’s their fault.
Maybe it will make them uncomfortable that he posesses the ability, which could be used to copy someone else’s code. That’s not really a good reason to justify any kind of action though as anyone could posess that ability, even a non-employee who knows an employee and copies their card in a sneaky way while visiting the employee’s home.
Still, I do see your point. Some.. no.. many companies have IT/Security staff that are prone to irational knee-jerk reactions towards this sort of thing. I am very lucky to work at a place which is not like that. I have certainly worked at other places where I would neither ask nor try anything of this nature. Hopefully he has a good idea of the personalities where he works and already knows he will be ok.
Spot on Jeff.
Power it with battery and coil, Turn the battery on on first pulse, send 2 id’s, disconnect the coil, wait and reconnect, send the next id. Turn the battery off after last attempt
If you need to have buttons or a switch then so be it. But… it isn’t as convenient. I know I like to just keep my entrance card in my wallet, I just bump up against the reader to get in. It’s especially nice when I am carrying stuff (most of the time) or in the winter when I have gloves on.
So.. I am thinking… if you can get it small enough, it would be awesome to mount it in the case of a wrist watch. Maybe you could even make it still tell time so it looks like a watch too? Then you just have to push the button or slide a switch to the correct position before you get to the door.
Hey! For bonus points, your RFID ‘watch’ could be smart about it. If your schedule works that way it could ‘know’ that at a certain time of day, day of week, etc… you are likely to enter door X, door Y some other time. Then it defaults to the correct one. You only need to manually push a button if the situation is an exception!
Isnt it that the rfid comm works even if several cards are pilled up tpgether, e.g. In a wallet? Are they all sending at the same time when powered up? I dont know the protocoll but i would expect some hand shaking and recognition before comm stars.
That can only work if the cards are all on different frequencies. If I keep all the acess cards I have in my wallet non of them work. I have to keep them separate. I.E only cary the one I need for that day. I have 15 different sites that have the same frequency HID tags. I would love to consolidate them.
How about asking the BACS manager for each of your sites to change your code and consolidate on one card?
Could you use a supercapacitor or something of that nature to power the AVR while it’s pulled out of the field? Or is the fact that you would have to repeatedly scan it the problem? If the AVR has analog input it might be possible to wire in a potentiometer that could be changed depending on which code it needs to output, though that would probably require much more voltage than you have already. Another option could be a small DIP switch array read through a parallel-to-series shift register that could be changed depending on the RF code needed.
This is a neat project and I hope you can figure out a good way to go about solving the problem.
If the idea is just to have one card could set this up with capacitive buttons to select the proper code and a watch battery to power the microcontroller during the selection process. Then it will just send the code you selected. Could fit it in a very sleek circuit board if you used the traces as the capacitive buttons.
Why not have the unit include multiple AVRs each with a single code, then have a slider, or something that would allow each quadrant of the card to be selected that allows you to squeeze a certain realm of the device to activate the intended code?