Ok - I could lie and say this worked, but it didn't. We picked Chris' card to practice on (and photograph) because his card had quit working (each card is $5 a pop). We were able to remove the coil, intact, from his card, but because it started out not working, it certainly didn't work after we re-coiled it into my car fob. But the idea was proven! We then grabbed a new, functioning RFID card and practiced the same method. Unfortunately during the second heating-un-gluing process, the coil broke.
Pete claims that we could create our own coil but I'm not convinced. So to date, I still have to carry my keys and a SparkFun key card. Lolol I am one of the patent holders on the 13.56mhz rfid tagging system readers and have been messin' with these readers and tags for almost 20 years. To just pull the coil and fold it is a No-nololol. Now, if you go back many years and look up a bit on the ‘Mifare’ system you can find out a little on how to use these. Quite a number of years ago, I designed an antenna as just a coil trace on the circuit board, (with the chip of course), which was then injection molded in a teflon button, (25mm dia.
It would take up to 550 Fahrenheit.when applied to the bottom of the stool legs it made it REALLY slide in the lab too. Sois that small enough for a keyfob? I’ve looked into making an RFID antenna for a project once. They have to have a very particular resistance and inductance in order to resonate properly during the charging cycle, and incorrect antennas can damage the chip. Mr 5k mynah mp3 song free download. By folding the antenna in half like that, you’re changing its inductance; I’d bet it wouldn’t work at all.
It’s not that bad to design and wind a new antenna, though, at least for someone in your line of work. And especially if you have an inductometer handy. Here’s a nice doc with all the theory, math, and design spelled out for you:. If this does turn out to be a 125 kHz HID card, they’re pretty easy to read and emulate. I built a really simple homebrew HID card reader a while back as a garage door opener, and just for fun I built my own emulated HID card using just an AVR and a coil. Here’s a schematic and details on the HID card reader. It’s just a Propeller microcontroller and a few passive components: And this is a blog post on the AVR firmware that emulates a HID card: Cheers, and good luck on your quest to carry fewer things (and take more of them apart)!
![]()
My Emag isn’t that great but I’m guessing that when you fold the coil like that you create two loops, whereby the current induced in each loops is in the opposite direction causing your signal to be completely canceled out. Here is an idea: You always have your keyfob with you, but I bet you also always bring your wallet to work. Perhaps you can sew the coil and IC inside of you wallet w/o folding it. (I see a lot of people carrying the card in the wallet and scanning the badge via swiping the wallet, but that isn’t geek enough IMO.). I agree that the RFI card you are showing is most likely a 125khz card. A 13.5 Mhz card has only one or two windings.
Here’s the thing. When you fold the coil to fit into the key, you change it’s inductivity as you increase the number of coil windings (by folding it). Inside the chip is a fixed value capacitor which forms a resonant circuit with the coil.
Hid Keyfob Cracked
The resonant frequency of this circuit determines the operating frequency of the card. If you folded the coil you have increased it’s inductivity. Thereby lowering it’s resonance frequency. You could counteract this by reducing the number of coil windings (or, better, wind a completely new coil).
If you want to be completely sure of the operating frequency of it’s base station, wind 3 feet of wire into a coil and attach it to an oscilloscope (or a counter) and watch the waveform.
I have one of each kind and I still prefer the fob style to the card. The card style has the electronics in a raised circle of plastic mounted in the center of the credit card sized piece of plastic.
This makes the whole thing very thick for a card and it also causes damage to the electronics when you sit on the wallet if it's in a back pocket. I destroyed my first one after only a month by doing this. My employer told me that the card was never meant to be placed in a wallet but rather worn behind a name tag on a lanyard or clip.
![]()
Not a good idea if you sit on your wallet. I am sure for those that do, have had cracked cards.
Cracked prox cards irritate mgmnt I personally dislike HID but it is one of the most popular systems installed. I typically install Rosslare card systems & it does not work for HID systems. The fobs are a bit more round, not as streamlined but the cards are much more robust.
Also I carry both cards on a lanyard that has a clip. I clip it to my pocket, stuff neck lanyard inside pocket & let cards dangle. If I dont need cards exposed they slip inside front pocket. I can also remove & wear it around neck when I need it and use the clip to hold them tight to shirt so they don't flop as much. One thing I have noticed on my hospital HID card, you have to face it the right way to get it to work & it has to be held closer.
Just a couple reasons I prefer Rosslare Sent from my Mobile Command Center via Tapatalk II. The HID cards are about twice the thickness of a credit card. Pretty durable though, I've had one for 12 years and never had an issue. I don't carry that one all the time because I have a Lenel card in my wallet and they don't play well together. HID has cards that are thinner as are the ones from Lenel, I've seen these die if bent. If you put them in front of a strong flashlight, you can see the chip and the loop antenna. I front pocket my wallet so it's not in danger of getting sat on but I'd jump at the chance to have one of those key fobs instead.
Clip it to a self-retracting cable (whatever those things are called, can't think just now) and put it on a belt.
HD color screen, the display effect is clear. ID/IC full hand, voice broadcast. Can replicate these frequencies of the card ID with IC card: 125KHz, 250kHz, 500KHz, 375KHz, 750kHz, 875KHz, 1000KHZ, 13.56MHz,125KHZ H-ID Digital key input number can be directly input. 4 AAA batteries, standard mobile phone, easy to carry. (Batteries are not includes.) Also can use USB cable power supply. Comes decoding, direct preparation of various types of smart card access door.
It can crack the encryption card. When you order from Banggood.com, you will receive a confirmation email. Once your order is shipped, you will be emailed the tracking information for your order's shipment.
You can choose your preferred shipping method on the Order Information page during the checkout process. The total time it takes to receive your order is shown below: The total delivery time is calculated from the time your order is placed until the time it is delivered to you. Total delivery time is broken down into processing time and shipping time. Processing time: The time it takes to prepare your item(s) to ship from our warehouse.
This includes preparing your items, performing quality checks, and packing for shipment. Shipping time: The time for your item(s) to tarvel from our warehouse to your destination.
A subreddit dedicated to hacking and hacking culture. What we are about: quality and constructive discussion about hacking and hacking culture. We are not here to teach you the basics. Please visit for posting beginner links and tutorials.
Hacking related politics welcome. Penalty table: Offense Penalty Spam/Clickbait Permanent ban. 'How to hack (x)/Help me hack (x)' type of questions 30 days ban. Aiding those who want help to hack anything 5 days ban Sharing private data (dumps etc.) 15 days ban Rules. WE ARE NOT YOUR PERSONAL ARMY. Questions and discussion prompts should be geared towards intermediate to advanced hackers.
Eve tools planetary interaction production. Requesting help/instructions on how to hack anything will be met with ridicule and a ban. Also, nobody cares if you got hacked. Sorry, have a better password. Aiding those who are looking for help to hack anything will be banned. Sharing Private data is forbidden (no IP dumping).
Spam is strictly forbidden and will result in a ban. (Spam as in links that violate the spam guidelines ). Off-topic posts will be treated as spam. Jail-breaking and rooting of phones and posts that aren't directly related to mobile security should be directed to other subreddits such as.
Off-topic or surly responses will be removed (a cryptographic hash!= potato hashes). Want to learn 'How to hack'?, Please head on to as questions about 'how to hack' anything aren't allowed here. IRC Note: if no one answers immediately, stick around and someone will read it. Recommended Subreddits:.
Hey Hacking whats up? I was thinking the other day that what if it was possible to program android devices capable of NFC (Near Field Communication) to unlock RFID enabled doors. RFID and NFC both operate in the same frequency bands, so would it possible to design an app that spoofed the lock? I have little understanding of how the the identification system works and how the system verifies whether someone is legit. But it seems plausible to me.
Also, anyone else have any information on NFC hacking, like installing mal-ware software on mobile devices without permissions. I've seen some videos, but haven't seen anything relevant. If the door used the same frequency that NFC uses (13.56 MHz), and the door only looked at the information written to the card, then it's possible. If you had access to the card, then you could easily spoof the door in this situation. However, I imagine people who make locks are a little more clever than this. I'm not sure exactly how it's done, but I believe that some keys may actually shift codes each time they are activated. Electronic garage door openers used to have similar problems until they implemented this solution.
Some information - In my experience, the 13.56 MHz RFID chips most commonly have 1KB of data storage, in addition to a read-only serial number. Spoofing the serial number may be impossible for an app (as that may be handled on a lower level by the phone), but could be done with your own handmade device. The 1KB of storage can hold a looong key, so brute forcing is impractical. Finally, I believe there may be more security embedded into the cards that I haven't got around to reading about yet, which may have to be compromised first. Oh, and remember, this is only for the 13.56 MHz cards, so NFC may be completely incompatible. If you're interested, look around online - all of this information is easy to find. My first step would be to write an app to get the raw data the card is transmitting, and see if it changes.
Try repeating it from the app to the door, see if that works. If you phone doesn't like it, you could try building your own reader/writer from something like, or its component parts.
Read the datasheet. Experiment and be curious!
Thanks man for the comment! I have been working through some New Boston tutorials on Android programming ( ), I've gone through like 50 so far. Still a novice, but learning fast. I think it would be an exciting first real app project. Thinking about buying a Nexus 4 hopefully in the next month to develop on and use. I couldn't find squat specification on the Nexus 4 NFC chip, but I did find that many 'signature' lock systems work off of 13.56 Mhz., and are compatible with NFC!
However, what I've read so far about RFID locks, cloning will not work. And even emulating it will be tough, Google doesn't include anything in their SDK to help you out with that. It would be interesting to see the data the RFID card submits as well as the card reader itself. What information is passed back an forth. If any from the card reader. I believe NFC is passive, meaning that it can't read information off of cards, there has to be some sort of fluctuating magnetic field to go through the card in order for information to be read.
Wow, that website's awesome - thanks. The lack of SDK support was what I was referring to with being unable to spoof a serial number. That's the great part about building systems from scratch, you can make them work the way you want them to, as opposed to how they should work. On the other hand, it can get complicated and difficult. NFC is not entirely passive - technically, no RFID is. One of the communicating devices has to provide power, making it active. With NFC tags or cards, the phone/reader is active, and is generating that electromagnetic field which provides enough power to the tag to have it transmit something back.
The has information on this as well, if you look under 'Essential specifications'. The entire article is useful, though. Most RFID systems nowadays are 13Mhz (mostly Mifare DESFire/Plus), so technically you can communicate with them using an Android NFC device because the underlying protocol and technology is pretty much the same. It won't open doors for you though – the authentication works by challenge-response and all communication is encrypted, so without the secret keys you're out of luck. One exception are Mifare Classic cards – which are still VERY common – the encryption (Crypto1) has been broken by hardware reverse-engineering some time ago (surprise!
![]()
Almost as if security by obscurity doesn't work). This means that you can easily crack the keys for pretty much any card. This would allow you to copy and clone a card from someone who has access. Now for the Android part: the framework doesn't give you enough low-level access to simulate a Mifare card with the correct timing, but for a few devices there was some progress on this:.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |