RFID
RFID readers
pcscd
Is the Linux daemon to access readers compatible with the PC/SC standard.
To dump the readers list supported by libccid of your pcscd install:
cat /etc/libccid_Info.plist|gawk '
/ifdVendorID/{
mode=1
}
/ifdProductID/{
mode=2
}
/ifdFriendlyName/{
mode=3
}
{
inarray=0
}
/<array>/{
i=0
}
/<array>/,/<\/array>/{
inarray=1
}
/string/&&inarray{
match($0,/<string>(.*)<\/string>/,a);
t[mode i]=a[1];
i++
}
END{
for (j=0;j<i;j++)
print t[1 j]":"t[2 j], t[3 j]
}'
Parallax
http://www.makezine.com/06/theorypractice/ => See MAKE n6
OpenPCD
ACR122U
Intro
based on PN532
- docs
- ISO/IEC18092 (NFC) compliant
- NFC Tags Access Speed = 212 kbps
- Support FeliCa card
- Support ISO 14443 Type A & B cards
- MIFARE® cards (Classics, DESFire)
- SAM Socket (optional)
- To get the Firmware version string in command line: (actual string here is "ACR122U203" as the last 2 bytes are not SW1/SW2 but part of the string)
$ opensc-tool -s FF00480000 Sending: FF 00 48 00 00. Received (SW1=0x30, SW2=0x33): 41 43 52 31 32 32 55 32 ACR122U2
You can also use scriptor:
$ echo ff00480000|scriptor No reader given: using ACS ACR122U PICC Interface 00 00 Using T=1 protocol Reading commands from STDIN > ff 00 48 00 00 < 41 43 52 31 32 32 55 32 30 33 : Error not defined by ISO 7816
If you get the following error:
Can't allocate Chipcard::PCSC::Card object: No smartcard inserted.
that's because you've a model without SAM support. Place a tag on the reader and try again, it should work.
So that's where a lot of confusion comes into play: the two models behave very differently!
Note that this site is talking about a difference due to the firmware version but I don't think this is the real issue, see below:
ACR122U-SAM
- With SAM slot
- Windows drivers & API docs
Usage:
- When there is a SAM inserted, ATR shown is the ATR of the SAM
- When there is no SAM inserted, ATR shown is a pseudo-ATR = 3B 00
- So for PCSC there is always a "card inserted"
- APDUs are sent to SAM
- To send APDUs to a contactless card, you must wrap them into pseudo-APDUs (FF 00 00 00 ...)
- To send special APDUs to the reader (to get fw or to control LEDs), just send them
Some more infos here about the Tikitag
ACR122U PICC
- Without SAM slot
- Windows drivers & API docs
Usage:
- When there is a contactless card, ATR shown is the ATR of the card
- When there is no contactless card, no ATR
- So for PCSC there is a "card inserted" if there is a contactless card
- APDUs are sent directly to the contactless card, which makes this reader fully transparent in this mode
- To send APDUs to a contactless card, you can also wrap them into pseudo-APDUs (FF 00 00 00 ...)
- To send special APDUs to the reader (to get fw or to control LEDs)
- If there is a contactless card, just send the APDUs
- If there is no contactless card, the CCID Escape command must be used (*)
(*) Here is one small example how to use the Escape command:
#!/usr/bin/python
from smartcard.scard import *
hresult, hcontext = SCardEstablishContext( SCARD_SCOPE_USER )
hresult, hcard, dwActiveProtocol = SCardConnect(
hcontext, 'ACS ACR122U PICC Interface 00 00', SCARD_SHARE_DIRECT, SCARD_PROTOCOL_T0 )
IOCTL_SMARTCARD_VENDOR_IFD_EXCHANGE = SCARD_CTL_CODE(1)
CMD = [0xFF, 0x00, 0x48, 0x00, 0x00]
hresult, response = SCardControl( hcard, IOCTL_SMARTCARD_VENDOR_IFD_EXCHANGE, CMD )
if hresult!=SCARD_S_SUCCESS:
raise error, 'Failed to control: ' + SCardGetErrorMessage(hresult)
print ''.join([chr(i) for i in response])
This requires also to allow libccid to use the Escape command, you've to set bit 0 of ifdDriverOptions in /etc/libccid_Info.plist to 1:
<key>ifdDriverOptions</key> <string>0x0001</string> Possible values for ifdDriverOptions 1: DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED the CCID Exchange command is allowed. You can use it through SCardControl(hCard, IOCTL_SMARTCARD_VENDOR_IFD_EXCHANGE, ...)
Pegoda
- See http://www.nxp.com/#/pip/pip=[pfp=41960]|pp=[t=pfp,i=41960]
Arygon ADRA
based on PN531
Supported Standards:
- ISO18092 ( NFC transport protocol)
- Sony FeliCa
- NXP Mifare ® family
- compliant to ISO14443A, ISO14443A – 4 (T=CL)
Communication protocol:
- ARYGON (HL - high level language), TAMA (LL - low level language)
- To send TAMA frames, send an ascii '2' as first char, e.g. to get firmware of the PN531:
0x32 0x00 0x00 0xFF 0x02 0xFE 0xD4 0x02 0x2A 0x00 => 0x00 0x00 0xFF 0x00 0xFF 0x00 (TAMA ACK) 0x00 0x00 0xFF 0x04 0xFC 0xD5 0x03 0x02 0x02 0x24 0x00 (TAMA v=2.2)
Baud rate (passive/active):
- 106 kBaud, 212 kBaud, up to 424 kBaud
- USB, seen as a serial port
Omnikey 5321
- datasheet
- ISO 14443 A/B and 15693 ( up to 848 Kbps in the fastest ISO 14443 transmission mode)
- APIs: PC/SC, Synchronous-API (on top of PC/SC), OCF (Open Card Framework) or CT-API
- contactless smartcards supported:
- HID: iCLASS®
- NXP: MIFARE®, DESFire®, SMART-MX and ICODE
- Texas Instruments: TagIT®
- ST Micro: x-ident, SR 176, SR 1X 4K
- Infineon: My-d (in secure mode UID only)
- Atmel: AT088RF020
- KSW MicroTech: KSW TempSens
- iCODE SLI, iCODE SL2 & LRI 64
- Contactless 2048 bit key generation in RSA mode (JCOP / SMART-MX)
Installing OmniKey reader under linux:
apt-get install libusb-dev pcsc-omnikey
Warning! this removes libccid!!
Note that there are also drivers here
It's better to keep libccid if needed and install the missing driver by hand:
cd ifdokrfid_lnx-2.6.0 sudo ./install -d /usr/lib/pcsc/drivers/
See here: you need also to recompile pcscd with libusb:
./configure --disable-libhal --enable-libusb
To do it by repackaging the Debian pcscd:
apt-get source pcscd apt-get build-dep pcscd
--- debian/rules 2009-01-14 13:54:42.000000000 +0100
+++ debian/rules 2009-01-14 13:46:56.000000000 +0100
@@ -38,6 +38,8 @@
dh_testdir
# we add LDFLAGS="-lpthread" for bug #253629
./configure $(confflags) \
+ --disable-libhal \
+ --enable-libusb \
--sysconfdir=/etc \
--prefix=/usr \
--enable-usbdropdir=/usr/lib/pcsc/drivers \
Then
dpkg-buildpkg -uc -us
To launch the modified pcsc in foreground, showing ADPUs and debug info: (here pcscd was installed in /usr/local/bin/pcscd-libusb)
pcscd-libusb -f -a -d
Others
- Netronix: producer of RFID readers for Unique, Mifare, Q5,Hitag, I-code transponders.
- kit from Elektor and a user experience (fr)
Other Hardware Tools
RFID killers
- http://www.acbm.com/inedits/rfid.html (French)
- WEAPONS: The RFID zapper
- RFID-Zapper(EN)
- RFIDwasher, if not hoax...
- TagZapper, if not hoax...
RFID skimmers
RFID emulators
Misc
- Universal Software Radio Peripheral
- RFID Guardian, see here what they want to come with for v4.
- RFID Reader Detector and Tilt Sensitive RFID Tag
Software Tools
librfid
librfid is a Free Software RFID library. It implements the PCD (reader) side protocol stack of ISO 14443 A, ISO 14443 B, ISO 15693, Mifare Ultralight and Mifare Classic. Support for iCODE*1 and other 13.56MHz based transponders is planned.
RFDump
RFDump is a backend GPL tool to directly interoperate with any RFID ISO-Reader to make the contents stored on RFID tags accessible.
RFIDIOt
RFIDIOt is an open source python library for exploring RFID devices
apt-get install python-pyscard $ ./mrpkey.py -L PCSC devices: No: 0 OMNIKEY CardMan 5x21 00 00 No: 1 OMNIKEY CardMan 5x21 00 01 $ ./mrpkey.py -r 1 CHECK mrpkey v0.1n (using RFIDIOt v0.1s) Reader: PCSC OMNIKEY CardMan 5x21 00 01 Device is a Machine Readable Document $ ./mrpkey.py -r 1 "EXnnnnnn<cBELyymmddcSyymmddc<<<<<<<<<<<<<<cc"
To fix reader number, edit RFIDIOtconfig.py
In MRZ passport number is coded with 9 chars. Belgian uses only 8 chars so some passport readers need a document number padded with char "<" ("EXnnnnnn<")
To use mrpkey under Windows you need:
python, pyscard, pyserial, pywin32, pycrypto, python imaging library
GNU Radio
GNU Radio is a collection of software that when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software. What this means is that it turns the digital modulation schemes used in today's high performance wireless devices into software problems.
pwnpass
RFID tool by 3ric Johanson (get info from rfid on credit cards), presented at Shmoocon 2009
See also this video showing sth probably similar
libnfc
Oen source library for Near Field Communication (NFC) using PN53x, current support for ACR122U v1.x readers.
Privacy
- Social patterns at conferences: the good and the bad ;-)
- Mining social contacts with active RFID, presentation and application of the SocioPatterns project
- Attendee Tracking/Networking, a commercial Big Brother application
- See privacy-related news on the blog
- Why it's important to consider privacy when designing a RFID infrastructure: acceptance!
- Privacy: cultural differences
Misc
- ePassport
- Belgian ePassport
- EPassport#US_Passport_Card (which is not an ePassport...)
- MOBIB
- Cambio
- Cambio (at least in Germany) is using Invers COCOS-keymanager, according to this car-sharing technology overview and if RFIDjournal is right, this is a passive 125 kHz Hitag RFID inlay, manufactured by NXP Semiconductors
- New Forum setup by Chris Paget (aka foon)
- Réflexions sur le warfidriving & experiments on skipass...