Here’s an open source RFID cloner design that is about the same size as a standard RFID key card. It doesn’t need a battery to capture key codes, just the magnetic field generated by an RFID reader. You can see the functionality demonstrated in the video after the break. By holding the bottom button as the cloner is moved in range of the RFID reader, the microcontroller goes into learning mode. Now just hold up the card you wish to clone and the LED just above the buttons will light up when it has captured the code. Now the device will act just as the original RFID tag did.
This was developed by [Ramiro], the same person who built the barebones RFID emulator we saw a few days ago. When researching that story we complete skipped over this gem. He’s posted a ton of information on the tag itself. It doesn’t look like he has any PCBs or kits left, but the schematic and code are available for download. You should check in on the design considerations section because it discusses the read/write function that isn’t built into the current version. That’s why you see some add-on components on the hardware used in the demo video.
It seems like this is a lot more user-friendly than the last RFID spoofer we looked at.
Continue reading “Passive RFID Tag Cloning”
Here’s a field-programmable RFID spoofer developed by [Doug Jackson]. He was inspired by the spoofers we looked at near the end of September that didn’t have source code available. With the idea seeded in his mind he figured he could develop his own version, and then decided to share the build details with the rest of us.
The tags that he purchased for testing and developing the spoofer have a code printed on the back of them. A bit of sleuthing at the data from a tag reader and he managed to crack the code. From there he built this tag spoofer with a keypad on which you enter the number from the back of any 125 kHz tag and the device becomes that tag. If you have been waiting to test your RFID hacking skills there should be nothing holding you back now that [Doug] shared the details of his own adventure.
[Craig’s] magnetic card spoofer is both simple and brilliant. There are two parts to spoofing these cards and he took care of both of them. The first part is getting the actual card data. He designed the spoofer board with a header that connects to a card reader for doing this. The second part is the spoofing itself, which is done with an electromagnet. As with past spoofers, he wrapped a shim with enamel-coated magnet wire. An old knife blade was picked for its thickness and ferromagnetism. This magnet is driven by an ATtiny2313 which stores the data, and is protected by a transistor driving the coil. There were a few design flaws in his board, but [Craig] was able to get the same track data out of the spoof as the original card despite the LED being used as a protection diode and an ‘aftermarket’ resistor on the transistor base.
This hodge-podge of components is capable of spoofing the magnetic stripe on a credit card. [Sk3tch] built an electromagnet using a ferrous metal shim wrapped in enameled magnet wire. While he was doing the windings [Sk3tch] connected his multimeter to the metal shim and one end of the wire, setting it to test continuity. This way, if he accidentally scraps the enamel coating and grounds the wire on the metal the meter will sound and alarm and he’ll know about the short immediately. An Arduino takes over from here, actuating the coil to simulate the different data sections of a magnetic stripe.
From his schematic we see that the electromagnet is directly connected to two pins of the Arduino. We haven’t looked into the code but is seems there should be either some current limiting, or the use of a transistor to protect the microcontroller pins (we could be wrong about this).
[Sk3tch’s] realization of this spoofer can be made quickly with just a few parts. Card data must be written in the code and flashed to the Arduino. If you want to see what a more feature-rich version would entail take a look at this spoofer that has a keypad for changing data on the go.
[Carl] has done a lot of work developing a collection of RFID hardware. The two cards you see above are spoofers that can be programmed in the field using the keypad on the left, or the rather intimidating banks of DIP switches on the right. We also enjoyed his look at the Atmel T5557 and ATA5567 on-card chips used for the tags themselves. He shared the schematics for his designs but unfortunately he’s not distributing the firmware. None-the-less, if you’re interested in learning more about RFID this is a wonderful resource as it covers readers, writers, spoofer, and tags.
[Alexander] built an RFID emulator. It uses a wire coil (not pictured here) and an ATmega8 to represent any tag that is EM4001 compliant. This iteration requires connection to a computer to send the tag ID information to the microcontroller. In the video after the break it looks like he’s using a DIY RFID reader to test this. If the two were combined, cutting out the need for a computer, he would have an RFID spoofer on his hands.
Continue reading “RFID Emulator”
Do you remember the magnetic card spoofer in Terminator 2? It was a bit farfetched because apparently the device could be swiped through a reader and magically come up with working account numbers and pin numbers. We’re getting close to that kind of magic with [Jaroslaw’s] card spoofer that is button-programmable.
Building off of a project that allows spoofing via an iPod and electromagnet, [Jaroslaw] wanted something that doesn’t require a computer to put together the card code. He accomplished this by interfacing a 16-button keyboard and a character LCD with an AVR ATmega168 microcontroller. Card codes can be entered with the buttons and verified on the LCD. Of course this is still dependent on you knowing the code in the first place.
As you know, credit cards use this technology. We don’t think Walmart is going to be OK with you pulling this out in the checkout line, not to mention local five-oh. This technology is also used for building access in Universities, businesses, and hotels. If used in conjunction with some other spy technology you’ll be on your way to becoming a secret-agent-man.