RFID Sniffer Hardware

This device is obsolete - please use OpenPICC SnifferOnly 13.56MHz instead for sniffing

22C3 Presentation (2005-12-27)


The presentation covers an introduction into the two popular RFID Standards, ISO14443 and ISO15693, as well as Harald's Free Software implementation "librfid" The number of deployments of RFID based solutions is growing every day. Still, detailed low-level knowledge of the involved protocols is rare, even within the hacker community. Harald's part of this presentation describes the two commonly-deployed ISO standards 14443 and 15693 - from physical layer up to session layer. We then continue to look at the typical architecture of RFID readers. The second part covers "librfid", the GPL licensed Free Software implemetation of an ISO 14443 and 15693 host-side stack. In Milosch's part we also give an insight into our current progress in home-brewn hardware and software defined radio (SDR) based passive sniffing of the RFID radio interface. After all, who wouldn't want to have "tcpdump" like functionality for RFID?

Presentation papers

 * Harald Welte
 * Milosch Meriac (Bugfix: page 14 shows Tag->Reader data

Downloads
'''This device is deprecated - we instead provide the OpenPICC device for sniffing Reader-To-Tag data and for RFID tag emulation. For short range sniffing GNUradio and a simple passive loop antenna does a great job.'''
 * Layout Files: Gerber, Bm108_1.pdf, mirrored PDF
 * Schematics (HF Part) (Fixes: R1=0.0 Ohm, J1/Pin2-3 shorted)

Suggested equipment for further signal processing

 * GNUradio: The GNU Software Radio
 * make sure to use a 100nF inline capacitor when connecting the Sniffer to GNUradio

Parts used



 * ANTENNA: 5 windings of 2.0mm copper wire - inner diameter 89.0mm
 * BT1: 9V battery connector (Digikey: 594K-ND & 593K-ND)
 * C11: 3.0-10pF Trimmer Capacitor p/n:GKY10066 (Digikey: SG2021CT-ND)
 * F1,F2: 10.7Mhz SAW Filter 180kHz Bandwidth p/n: SDECS10M7HA00-R0 (Digikey: 490-1224-1-ND)
 * P1: 3-pin terminal connector 5.08mm (reichelt.de: AKL 220-03 + AKL 249-03)
 * U1: SA615 FM Mixer p/n:SA615D/01 (Digikey: 568-1205-5-ND)
 * U2: LM340MP-5.0 Voltage regulator +5V p/n:LM340MP-5.0 (Digikey: LM340MP-5.0CT-ND
 * U3: OPA354 Operation amplifier p/n:OPA354AIDBVT (Digikey: 296-13033-1-ND)
 * X1: 3.6864MHz 20pF Crystal p/n:ECS-36-20-5P-TR (Digikey: XC562CT-ND)
 * J1,J2,P2: 2.54mm headers
 * R,C: mainly 0805 SMD