13.56mhz

3 Articles

The Power-Free Tag Emulator

July 27, 2025 by 12 Comments

Most of you know how an NFC tag works. The reader creates an RF field that has enough energy to power the electronics in the tag; when the tag wakes up, two-way communication ensues. We’re accustomed to blank tags that can be reprogrammed, and devices like the Flipper Zero that can emulate a tag. In between those two is [MCUer]’s power-free tag emulator, a board which uses NFC receiver hardware to power a small microcontroller that can run emulation code.

The microcontroller in question is the low-power CW32L010 from Wuhan Xinyuan Semiconductor, a Chinese part with an ARM Cortex M0+ on board. Unfortunately, that’s where the interesting news ends, because all we can glean from the GitHub repository is a PCB layout. Not even a circuit diagram, which we hope is an unintended omission rather than deliberate. It does, however, lend itself to the fostering of ideas, because if this designer can’t furnish a schematic, then perhaps you can. It’s not difficult to make an NFC receiver, so perhaps you can hook one up to a microcontroller and be the one who shares the circuit.

Ripping Up A Rothult

May 5, 2019 by 28 Comments

NFC locks are reaching a tipping point where the technology is so inexpensive that it makes sense to use it in projects where it would have been impractical months ago. Not that practicality has any place among these pages. IKEA carries a cabinet lock for $20USD and does not need any programming but who has a jewelry box or desk drawer that could not benefit from a little extra security? Only a bit though, we’re not talking about a deadbolt here as this teardown shows.

Rothult has all the stuff you would expect to find in an NFC scanner with a moving part. We find a microcontroller, RFID decoder, supporting passives, metal shaft, and a geartrain. The most exciting part is the controller which is an STM32L051K8 processor by STMicroelectronics and second to that is the AS3911 RFID reader from AMS. Datasheets for both have links in the teardown. Riping up a Rothult in the lab, we find an 25R3911B running the RFID, and we have a link to that PDF datasheet. Both controllers speak SPI.

There are a couple of things to notice about this lock. The antenna is a flat PCB-mounted with standard header pins, so there is nothing stopping us from connecting coax and making a remote antenna. The limit switches are distinct so a few dabs of solder could turn this into an NFC controlled motor driver. Some of us will rest easy when our coworkers stop kidnapping our nice pens.

Rothult first came to our attention in a Hackaday Links where a commenter was kind enough to tip us off to this teardown. Thanks, Pio! If this whets your appetite for NFC, we have more in store.

ShmooCon 2009: Chris Paget’s RFID Cloning Talk

February 16, 2009 by 13 Comments

[googlevideo=http://video.google.com/videoplay?docid=-282861825889939203]

When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

Continue reading “ShmooCon 2009: Chris Paget’s RFID Cloning Talk”