Turning An $8 RFID Reader Into Something Useful

[Fabien] ran across a very, very inexpensive RFID reader on Deal Extreme a while ago and with money to burn, added it to his cart. When the USB RFID reader arrived, he noticed something fairly odd about it (French, Traduction). The RFID reader presented itself to his computer as a USB HID device that spit out characters into a text editor whenever an RFID card was waved above the coil. The only problem was these characters weren’t the hex values recorded on the RFID card. So what’s going on here?

As it turns out (Anglais), this random piece of Chinese electronica sends 10 bytes of data to the computer, just like this well-documented RFID reader. Apparently, both these RFID readers take the hex value of an RFID card, convert those bytes to base 10, and pass each digit through a lookup table. Exactly why it does this is anyone’s guess, but since [Fabien] figured out how it worked, he could also figure out how to reverse the process.

Unfortunately, the RFID reader in question is currently out of stock at Deal Extreme. Seeing as how most of the electronics available there are remarkably similar and differ only in the name printed on the enclosure, though, we wouldn’t be surprised if a nearly identical RFID reader was available elsewhere.

37 thoughts on “Turning An $8 RFID Reader Into Something Useful

  1. I have one of these and I want to make it work with my arduino.

    Unfortunately I wasn’t successful because everywhere I read was that arduino isn’t capable of being a usb host.

    Can I intercept the signal before it goes into the usb circuit?

      1. check for capacitors to find the GND and + then you have the +5V ( that is id the whole board is on the same voltage)

        The Rx is the pin where you would get some data if connected to an serial port, the Tx connection if avallable would produce nada ( nothing )

    1. hello , I am the RFID reader supply ,my name is shelley cao ,my skype is :shelley cao ,my phone number is +86-18676651530 .too ,I can send a softeware to u to change the 8H10D to want u want to putout , then u dont need send back to China .

  2. I haven’t read either set of documentation (and I am definitely shooting in the dark here re: HID), but could it be the case that the RFID reader is sending the hex values, but the HID protocol simply interprets these as characters?

  3. You can get these on ebay, pretty much all of the cheap RFID readers on ebay use this board (the ones with the black cases) a few things to note, first, the coils are bad. The one I ordered didn’t work at all with the stock coil.
    Second there’s a footprint for a mini usb connector under the A socket on the board so you can replace the connector and use a standard cable (ie one that is compliant with the usb spec).
    and third the unpopulated 4 pin header on the board seems to output serial data each time a tag is scanned (haven’t analysed this yet but there is defiantly some signal there there)

  4. sold out probably because semi script kiddies found some potential uses that it could extract the exact number say for example a credit card that has paypass could then reveal the exact card number or the encrypted string insteadof hex

      1. I’m surprised the following doesn’t happen more often:

        1. Work in restaurant.
        2. Get phone, turn video on, stick in pocket.
        3. Get card from customer.
        4. Quickly check both sides of the card.
        5. Review recorded footage, write down details (plus CVV on back).
        6. Hell, you’ve even got their signature.
        7. Bonus points for recording them entering the PIN.
        8. Profit.

        A bit more work than stealing underpants, and the phone could be any miniature camera, but you only hear of people using skimmers (swipe the card twice – once for you, once for the boss.)

        Might explain the ‘my card details were stolen but it never left my sight’ stories.

        1. The major card processors do frequency analysis and correlation of reported fraudulent charges. Large merchants (think Walmart or 7-11) get discounted processing rates by passing on an employee identifier with each swipe.

          1. This.

            Also, many companies also have crazy conditions set up where if your card is used in two places separated by X miles in Y hours the card will automatically be locked. Had a buddy get burned by that when his parents on the other side of the country randomly used his card number without permission minutes before he tried to buy textbooks for college. People with the brains and knowledge to use this kind of hackery to steal credit info are usually smart enough not to shit where they eat, ie steal while on the job.

        2. I used to know someone in High School who pulled this exact scheme in the god ol’ days of the early 90s. Didn’t get too greedy and quit before he was *forced* to quit. These days you’d have to be crazy to try that crap, as someone else said, you don’t mess where you eat…. somewhat literally in this case.

          Also, beware in places with high definition surveillance cameras, they could probably read the numbers right off the card as well. Actually read an interesting pen test where they shoulder surfed people’s passwords by hacking the surveillance camera system.

  5. I have the same rfid reader bought from ebay($7.20). It’s very easy to read the keys with arduino. This dude did some hacking(http://thetransistor.com/2011/10/hacking-cheap-rfid-readers/) for a very similar rfid readerso i decided to give it a try.After connecting the reader to arduno and with his code i have been able to read the key numbers correctly. Apparently all of these Chinese readers have serial but they are sending values in some strange format. Overall a very nice and cheap rfid reader. I was able to read keys trough a 2cm wood table, perfect for rfid door lock :)

  6. Came across your site when searching for RFID. Waaay too techie for me. However, maybe you bright sparks can help. Some New Zealand government idiot who had nothing better to do came up with a new law that all cattle and deer had to have RFID tags in their ears, and any time they are moved to another property, you have to send a report in with the 22 digit number for each animal. Nice, especially when they control the sale of the tags. Scanners are selling for crazy money, and farmers and livestock agents are furious. Need to connect a RFID reader to a cell phone, produce a csv of the numbers scanned, then send it in. Any ideas?

  7. Would it be possible to use this with an android tablet?
    I would like to use this as a lap counter for running, using the tablet as a display for lap times and numbers.
    Could this be accomplished with a simple app?

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.