maltepöggel.de

RFIDtect

Detects RFID readers and analyzes the carrier frequency

Contactless ("RFID") smart cards are becoming more and more common - whether as access systems or payment cards. If you take a closer look at such systems, you will notice that two relatively widespread standards are common in the industry. On the one hand, insecure 125KHz read-only transponders are used for simple door openers; the Chaos Computer Club has already shown that these can be cloned with the help of an iPod and a few components. The second widely used system is based on the 13.56MHz Mifare transponder technology from Philips NXP. This has encrypted transmission and rights management for individual sectors on the smart card - in other words, it's a bit more intelligent.

Picture: Front view
Picture: Side view

If you want to reverse engineer such a smart card system, you first have to know which system you are dealing with. If you have a smart card, you can try out different readers; if you don't have one, you have to look at the reader to draw conclusions about the system.

The transponders - whether in the form of an ISO chip card, a key fob or a tiny glass capsule - are supplied with power via the reader. This is done via a magnetic field which is emitted by the reader at a certain carrier frequency.

If you connect a wire coil with a sensitive frequency counter and lead it into the field of the reader, it shows the carrier frequency.

Picture: Circuit design
Picture: Signal on the oscilloscope

This is exactly the task of RFIDtect: The carrier signal received by the coil built into the device is amplified, divided down and evaluated by an Atmel microcontroller. The LC display shows the detected carrier frequency.

Picture: Circuit diagram

It is NOT possible to detect hidden RFID transponder chips with this device. Only the appropriate readers transmit the necessary carrier.

Picture: View inside the housing
Picture: Device in action

Unfortunately there are no more schematics or documents for this project. It should therefore only be considered as a suggestion for own developments.