An Attempt To Replace Multiple RFID Cards With A Single Hacked-together Tag

It’s kind of a convoluted title, but [Hudson’s] attempt to replace multiple HID Prox cards with one AVR chip didn’t fully pan out. The project started when he wanted to reduce the number of RFID access cards he carries for work down to just one. The cards use the HID Proximity protocol which is just a bit different from the protocols used in most of the hobby RFID projects we see. He ended up taking an AVR assembly file that worked with a different protocol and edited it for his needs.

The device above is the complete replacement tag [Hudson] used. It’s just an AVR ATtiny85 and a coil made of enameled wire. The coil pics up current from the card reader’s magnetic field, and powers the chip through the leakage on the input pins (we’ve seen this trick a few times before). The idea he had was to store multiple codes on the device and send them all in a row. He was able to get the tag to work for just one code, but the particulars of the HID Prox reader make it difficult if not impossible to send multiple codes. The card must send the same code twice in a row, then be removed from the magnetic field before the reader will poll for another combination.

31 thoughts on “An Attempt To Replace Multiple RFID Cards With A Single Hacked-together Tag

  1. Just a quick question. Considering this is going to go into a small plastic enclosure instead of a regular pvc plastic card. Why not design a circuit that emulates the specific code to a button? As you scan, you complete the circuit by pressing the button in relation to which access door you are entering.

    Or you could do a sequential scanning technique. Where you scan a variety of times until the RFID protocol picks up the the correct key.

  2. Hey, if nothing at all, I imagine it was a good learning experience! Perhaps you could write a byte to the EEPROM with the “card” that you last tried, so the next time it powers up it reads the EEPROM for the last card, adds one and tries the card at that index? That way it would advance during power-down state.

    Very cool, regardless.

    1. I doubt it. Writing to eeprom need more current, a few mA. I don’t think the induced current is strong enough. By the way I new there was protecting Schottkey diode pair on each input of MCU but it never occured to me connecting ac voltage between two pins will make those 4 diodes togethers act as full bridge rectifier. So if someone need a low power/low voltage full bridge rectifier he can pickup a small MCU, no need to program it, just putting a filtering capacitor between Vdd and Vss and its done.

  3. I’d put a tiny FET on the AVR supply, then send each individual code at the required interval, turn off the AVR (FET), wait then power up with the next code top be tried.
    Any reason this wouldn;t work?
    The reader can’t know there’s an unpowered CPU in the field.

    1. As as there is no current drawn from the coil. But if there is current draw by the coil it coult be sensed by the transmitter. There no free lunch this power comes from the transmitter.

    1. Did you read the project? It’s an RFID tag. The coil is the power source for the device and barely catches enough power to run the AVR as it is. The ESD diodes in the chip are more than enough rectification to work with here.

  4. Or have a membrane switch for each code you want and press and hold before you put the card into the field and have the avr read the array of buttons then transmit the code for the button pressed. Maybe combine the last RFID clone feature by holding down a program button at the same time the location you want to place the code. hold the multipass to the reader then present the orig card.

    1. If that is a concern he could always explain what he is intending and ask permission first. Really, there is no reason an employer should get upset over this. After all, he is only duplicating his own code. Were he fired or quit they would deactivate that code right?!? If not, well, that’s their fault.

      Maybe it will make them uncomfortable that he posesses the ability, which could be used to copy someone else’s code. That’s not really a good reason to justify any kind of action though as anyone could posess that ability, even a non-employee who knows an employee and copies their card in a sneaky way while visiting the employee’s home.

      Still, I do see your point. Some.. no.. many companies have IT/Security staff that are prone to irational knee-jerk reactions towards this sort of thing. I am very lucky to work at a place which is not like that. I have certainly worked at other places where I would neither ask nor try anything of this nature. Hopefully he has a good idea of the personalities where he works and already knows he will be ok.

  5. Power it with battery and coil, Turn the battery on on first pulse, send 2 id’s, disconnect the coil, wait and reconnect, send the next id. Turn the battery off after last attempt

  6. If you need to have buttons or a switch then so be it. But… it isn’t as convenient. I know I like to just keep my entrance card in my wallet, I just bump up against the reader to get in. It’s especially nice when I am carrying stuff (most of the time) or in the winter when I have gloves on.

    So.. I am thinking… if you can get it small enough, it would be awesome to mount it in the case of a wrist watch. Maybe you could even make it still tell time so it looks like a watch too? Then you just have to push the button or slide a switch to the correct position before you get to the door.

    1. Hey! For bonus points, your RFID ‘watch’ could be smart about it. If your schedule works that way it could ‘know’ that at a certain time of day, day of week, etc… you are likely to enter door X, door Y some other time. Then it defaults to the correct one. You only need to manually push a button if the situation is an exception!

  7. Isnt it that the rfid comm works even if several cards are pilled up tpgether, e.g. In a wallet? Are they all sending at the same time when powered up? I dont know the protocoll but i would expect some hand shaking and recognition before comm stars.

    1. That can only work if the cards are all on different frequencies. If I keep all the acess cards I have in my wallet non of them work. I have to keep them separate. I.E only cary the one I need for that day. I have 15 different sites that have the same frequency HID tags. I would love to consolidate them.

  8. Could you use a supercapacitor or something of that nature to power the AVR while it’s pulled out of the field? Or is the fact that you would have to repeatedly scan it the problem? If the AVR has analog input it might be possible to wire in a potentiometer that could be changed depending on which code it needs to output, though that would probably require much more voltage than you have already. Another option could be a small DIP switch array read through a parallel-to-series shift register that could be changed depending on the RF code needed.

    This is a neat project and I hope you can figure out a good way to go about solving the problem.

  9. If the idea is just to have one card could set this up with capacitive buttons to select the proper code and a watch battery to power the microcontroller during the selection process. Then it will just send the code you selected. Could fit it in a very sleek circuit board if you used the traces as the capacitive buttons.

  10. Why not have the unit include multiple AVRs each with a single code, then have a slider, or something that would allow each quadrant of the card to be selected that allows you to squeeze a certain realm of the device to activate the intended code?

Leave a Reply to Louis Charles BrucknerCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.