Motivation
Since one work mate in my previous company used his place in a car park just three days a week, I was able to use this the other two days without wasting the time for searching a parking possibility. The problem was, the renter didn’t shared more than one keyfob per place.
OK, than lets hack it…
Since the entrance system of the car park use the 125kHz RFID solution I’ve made toughs how to duplicate the keyfob of my ex work mate. The system was hacked very fast. An other work mate Michael (also known as author of the famous RF simulation software QucsStudio), is an excellent RF professional. He helped me to capture the signal to a wave file by a sound card, audacity software and a simple circuit. Than I used a coil, a transistor and a headphone connector for the sender side. Playing the captured wave file on my phone in a loop. Finally Sesame opened the door 🙂
Going deeper
I wanted to be more flexible and also feed my curiosity to learn more about the RFID stuff and maybe to use it in other projects. This was the reason why I decided to design my RFID Reader. To make it more challenging I didn’t want to take some RFID Reader IC’s like EM4102. Contras were the size and the price of EM4102. After I exactly known what my solution shall do, the decision which uC to use used felt on Attiny45 8-bit microcontroller, because of his build in EEPROM, size, availability, peripherals, speed and ability to be power sourced by one knob cell battery.
Multi purpose RFID125 Reader
After the hardware and firmware of my RFID cloning tool was done, I’ve decided to create this multi purpose RFID Reader module. The design is based on my RFID duplicator.
RFID Reader Features:
– Working distance: up to 7 cm
– Serial data output via UART Interface (9600 baud)
– Wiegand26 Interface
– Shut down pin
– Small size 25mm by 25mm
– 2.54 mm pin header connector (breadboard compatible grid)
RFID Antenna Coil
For my project I’ve used this 1.6mH Coil from Pollin Shop:
Link http://www.pollin.de/shop/dt/NTc2OTQ3OTk-/Bauelemente_Bauteile/Passive_Bauelemente/Spulen_Filter/Luftspule.html
If you are going to use an other coil or want to create a coil on your own, take a look on the data sheet. There you will find all important information.
Project related files:
RFID 125kHz Reader – Data sheet
RFID 125kHz Reader – PCB Manufacturing Files and BOM
RFID 125kHz Reader – HEX Programming File
Example how to flash the HEX File with USBasp:
C:\WinAVR-20100110\bin\-e -P usb -c USBasp -B 2 -p t45 -e -U lfuse:w:0xe2:m -U hfuse:w:0xd6:m -U efuse:w:0xff:m -U flash:w:"C:\RF125e_125kHz_RFID_Reader_firmware.hex.hex":a -U lock:w:0xFC:m
Need to modify rfid to add a buzzer when tag detect.can u send a code
Not received any reply from you.
Hi! great post! could you detail how did you sniffed + replayed the RFID code and the sender side that you have mentioned “a coil, a transistor and a headphone connector for the sender side.” ?
Hi Bogdan,
I can’t not describe all things detailed here, but summarized:
If you know the pattern of the Keyfob, you can create a wave file based on those bits using audacity software, the frequency of the signal shall be 1/64th rate of the 125khz carrier signal. The best way is to create a wave file which repeats the code 10-20 times with a pause of 1-2miliseconds. If you don’t have the Keyfob data, you can use a simple AM demodulation circuit: http://www.radio-electronics.com/images/am-diode-detector-circuit-01.gif. Where the signal is coupled via an receiver coil. But at first you will need to setup e.g. Arduino with 125khz PWN with 50% duty cycle some pin. Use this signal AC coupled for sending the data to a sender coil. How to calculate the coil, you can find in the data sheet. Audacity Software is able to capture the data on sound card’s input. After you have the generated wave file, transfer it to your phone. The Phone circuit is a simple non inverting amplifier circuit .