OpenPICC SnifferOnly 13.56MHz

OpenPICC Sniffer Hardware Design

 * [[Media:Bm180_1_SCH_004.pdf|PCB Schematics]]
 * [[Media:Bm180_1_PCB_004.pdf|PCB Layout]]
 * [[Media:Bm180_1_BOM.pdf|Bill of Materials]]

Our RFID hardware projects for RFID Security Analysis
"You can support our project by buying RFID hardware in our shop."

Software

 * PicoRFID-3K Windows Software for sniffing using a PicoScope 3204A and an OpenPICC SnifferOnly frontend. Make sure to have the latest PicoScope software installed before running this program.
 * Audacity Wave editor software for browsing the gathered data.
 * sox audio processing software for converting binary log files into WAV files

Example usage
You can download the latest sources from our OpenBeacon git repository - and browse the source code at tree/host/openpcd/sniffer.

resulting output from running 'make demo':
The make file will download demo data if a sniff of a iCLASS SE reader reading a iCLASS SE card successfully. In the process of running this software a WAV-file with the filtered waveform (*.wav) will be created together with a text file of the binary wave form (*.csv). After converting the recorded binary log file into a WAV file you can review it nicely in Audacity.

g++ -Werror -Wall -D_REENTRANT -DPROGRAM_VERSION=\"1.0.1-39-g200e-dirty\" -DPROGRAM_NAME=\"openpcd-sniffer\" -O3 -MM src/filter.cpp > .depend g++ -Werror -Wall -D_REENTRANT -DPROGRAM_VERSION=\"1.0.1-39-g200e-dirty\" -DPROGRAM_NAME=\"openpcd-sniffer\" -O3 -c src/filter.cpp -o src/filter.o g++ -lm  src/filter.o -o openpcd-sniffer curl -f -o iCLASS-002.img.bz2 http://mirror.openbeacon.net/iCLASS-002.img.bz2 % Total   % Received % Xferd  Average Speed   Time    Time     Time  Current Dload Upload   Total   Spent    Left  Speed 100 21.0M 100 21.0M    0     0  1706k      0  0:00:12  0:00:12 --:--:-- 1830k bzip2 -cd iCLASS-002.img.bz2 > iCLASS-002.img ./openpcd-sniffer iCLASS-002.img iCLASS-002-filtered.img > iCLASS-002-filtered.csv processed 001 seconds (written 434027) processed 002 seconds (written 434028) processed 003 seconds (written 434028) processed 004 seconds (written 434028) processed 005 seconds (written 434027) processed 006 seconds (written 434028) processed 007 seconds (written 434028) processed 008 seconds (written 434028) processed 009 seconds (written 303762), filtered @ 434027 Hz [DONE] sox -2 -b 16 -s -c 2 -r 434027 -t raw iCLASS-002-filtered.img iCLASS-002-filtered.wav

decode filtered iCLASS SE RFID card sniff of a successful door authentication:
see HID iClass demystified for more information in iCLASS SE cards and readers. Output:

Converting sniffed binaries to WAV-files
Record the sniff using the PicoRFID-3K software that samples at 15.5Mhz and outputs a filtered waveform at 423750Hz. Use sox to convert the recorded binary log file into a WAV file for review in Audacity.

Example Sniffs

 * iCLASS-002-filtered.txt (decoded iCLASS SE reader/card transaction)
 * iCLASS-002-filtered.csv (binary level text file of filtered sniff waveform)
 * iCLASS-002-filtered.wav (please use Audacity to browse the sniffed and filtered analog wave form)

Excerpt showing the delta-compressed time stamp in nanoseconds (ns) of the sampled RFID waveform data sniffed: DeltaTime[ns],SignalEnvelope 1479882005,0 103834,1 47962241,0 4719,1 4719,0 4719,1 9439,0 4719,1 9439,0 4719,1 9439,0 4719,1 14159,0 4719,1 1899705,0 ...