RFID instant cloner (dangerous project) y? :)

I am interested in showing how useless these are Rfid chips really are. I have found some information about people building cloners but the design that I have found looks like it could be ported to Arduino. Check out this link http://cq.cx/vchdiy.pl it looks like real fun to build such as device.

I'm amazed how much rfid is being depended on and there are storys about someone making a $50 dollar cloner and the controversy that followed (google 'defcon $50 cloner'). However I can assure you that I'm not searching for such. I may go missing in the night!

If anybody is up for working on such a project please let me know. I have seen a video of someone using a Arduino to do magnetic cards using a ipod, but such technology is so generic.

Basically the more heads on board the better! I look forward to hearing from anybody interested.

Snipez (White hat)

I know this thread was posting some time ago but is anyone still interested in this project. It is pretty simple to emulate EM tags with the Arduino board but I would like to go further and emulate some HID tags. Let me know if your interested on working on this project.

It shouldn't be that hard, there is already many rfid projects and this would just be incorporating them all into one.

125khz rfid reader (managed to pick up a parallax reader from radioshack for $10, it was on sale a few days ago maybe it is still, i should have bought like 5 of them) scans cards maybe writes them to eeprom (or flash/SD) for multiple cards saved at once

then its just sent back via a coil check rfid spoofer

and if they are saved add 2 buttons next/previous and an lcd screen to display the card number so you know which one youre using

I have found many EM tag emulators but very few HID from what I understand HID uses FSK modulation which is different from the EM tags. I am currently working on emulating the HID tags but I am not really sure how to code FSK modulation yet which is slowing me down.

I believe you are referring to the RFID tags by the company HID.

I would take a look at these pages. This is becoming more interesting the more i read.

http://www.schneier.com/blog/archives/2007/02/cloning_rfid_ch_1.html http://www.zbasic.net/forum/about798.html http://www.hidcorp.com/pdfs/HID_wp_smartcardAC.pdf

there is always a way.

If anyone needs it. RFID tags in a given frequency have many protocols, let it be encryption or something. This is a software issue you can get the data from them but seeing what it says it a different matter.

Its like speaking, in the audio range we hear x to x Hz but the language (protocol) is different

That is ss far as my understanding of this goes.

there is always a way.

Yes but you are not up to it so you are hoping to find someone who is. First off is to know the difference between an HID tag and an EM tag. Clue, it's not only software protocol.

I am interested in showing how useless these are Rfid chips really are.

Why, what have you got against them? And if they were that useless you'd have done it by now wouldn't you.

Remember a lock only stops an honest man.

The reason I started back on this topic is to learn how to perform the different modulations needed to emulate the different tags. I sort of understand the different modulation schemes but I don't really yet know how to perform FSK modulation using the Arduino board. I am hoping to spark conversation so I can work with the group to understand how to perform modulation and better understand the technology as a whole.

Sorry, this really smells like BS to me.
Why is it that people join the forum with their first goal as being able to record a mag stripe or cloning RFID cards ?

I can give a lot of credence to obscure goals, but I can’t understand someone going to all this trouble just to show how RFID cards can be hacked. Wanting a better ‘understanding of the technology’ is a bit more plausible, but it still just doesn’t ring true.

Provide help if you want. This seems more benign than helping someone make a card skimmer.

You can almost justify it in that any (good) monetary system that uses RFID cards should provide strong encryption to protect against fraud.

Obviously IMO. :-X

Wow I thought these forums where to help people learn about Arduino, electronics and programming. I think it is great that when I try to reach out to the forum to learn about something I get smacked down. Yes my current project happens to be RFID related but I am not asking anyone here to write all the code for me or anything I am asking how to go about learning to program the Arduino board and I don't currently know how to perform any type of modulation. I really appreciate your response in the matter your a great teacher. So to anyone else out there that isn't to elitist can you point me to what I should read or learn so that I can work with the Arduino board and more specifically modulation? I have started to read some manual and information on programming the board but I don't really understand how to manipulate pulse width modulation to perform different type of modulation schemes.

Wow I thought these forums where to help people learn about Arduino, electronics and programming.

Yes they are.

I think it is great that when I try to reach out to the forum to learn about something I get smacked down.

Yes just like some one who is really interested in chemistry and wants to learn about fast reactions that release a lot of energy. Nothing to do with making bombs you understand he just likes chemical reactions and wants to understand how they work.

So to anyone else out there that isn't to elitist

I think you mean "too elitist" not "to elitist" - that answer your question?

No? Well let me tell you I used to design RFID system for a living and so I know all about them. I also know the commercial havoc it causes when some twerp publishes something on the net saying he has hacked something. The amount of damage that causes is horrendous. That is acceptable if the person managed to work it out for themselves but to have someone who has to ask how to do it first is not. No system is secure, a lock only ever stopped an honest man.

I never said I was publishing this to anyone I am personally learning the system myself and have worked out most of it myself. If you have such a problem with this topic go else where there is no reason for you to blast people about something. Your assuming that I am trying to take this information and go around saying I hacked something this is not the case. If you need a place to blast people go play on Facebook or something I am here to learn to not argue with you.

Just curious, Grumpy_Mike:

No? Well let me tell you I used to design RFID system for a living and so I know all about them. I also know the commercial havoc it causes when some twerp publishes something on the net saying he has hacked something.

Explain, please - what kind of "havoc"? I can see potential financial loss, I can see theft of product due to a broken system. Other?

Also - are you for or against DRM (ala DVD CSS)?

The amount of damage that causes is horrendous.

What kind of damage? Loss of profit potential?

That is acceptable if the person managed to work it out for themselves but to have someone who has to ask how to do it first is not.

So is a collaborative effort (discussion, meeting, trade of code/plans, etc) to break an encryption scheme or other "locked" system a problem for you? I am not saying that is what is -currently- happenning here, but if it were, would you be against it? Would you be against discussion or collaboration toward the understanding of "closed" systems?

No system is secure, a lock only ever stopped an honest man.

Very true - so then why have locks at all? Are all men at heart really dishonest, and the lock enforces a sense of conscience on those who usually act honest, while doing nothing to stop the dishonest man?

Of course, this is treading outside the waters of "Hardware Development" and into "Bar/Sport", but I am curious as to your answer(s).

I mean no disrespect, though.

Explain, please - what kind of "havoc"?

What happens is that someone publishes the way to clone a tag. Little detail is actually given and there is normal lots of exaggeration in the reporting, but potential customers (for tag systems) think that all tags are vulnerable to cloning and that cloning is an everyday experience. I know of no documented case of where a cloned tag has been used for an illegal purpose. Plenty of show-offs trying to rubbish tags but no actual real use. In fact some of these highly publicised events have been people trying to promote their tag and rubbish some one else's. You then have to spend considerable amounts of time and effort trying to explain the true situation and true risk. The problem with society today is that the concept of risk and probability is not at all well understood. To prove my point just look at the number of people doing the lottery.

Also - are you for or against DRM

Tricky because DRM is used to stop you from doing things that are / should be legitimate. Like playing some legitimately purchased music on other types of players. On the other hand creators of content deserve to be paid for what they produce. The problem here is that "industry" types often unfairly wrest copyright control at times when a creators is vulnerable and reap rewards out of all proportion to their deservedness.

What kind of damage?

I have seen a customer not bother installing an access control system in the belief that tag cloning was something that everyone does. This leaves both parties considerably worse off.

to break an encryption scheme or other "locked" system a problem for you?

It very much depends on what the system was and how fairly it was being used. For example I would disprove of the hacking of pay TV systems as that would just be people trying to get away with not paying for something that they should pay for. On the other hand the regionisation of DVDs so that different prices could be charges in different parts of the world I would consider unfair and so would not disapprove of that.

Are all men at heart really dishonest,

No I think not.

and the lock enforces a sense of conscience on those who usually act honest, while doing nothing to stop the dishonest man?

Yes ... nicely put.

Cloning HID cards can certainly be done. You can check out an example and description of how it can be done at proxclone dot com.

Good Luck.

This is the topic that got me back into electronics and programming. Granted I am only starting again after being out of it for some years but this was the topic I searched for and the reason I purchased this platform and am starting to learn this language.

I started to research RFID do to an increase in rfid being used to track consumables in the industry as well as others. My curiosity came about because machimes are saying saying that a toner cartridge was exhausted because the count had been exhausted rather than actual page count or pixel count. If I can find the RFID system or type for that application I may be able to save people money while putting some in my pocket as well.

I understand what you are talking about in security and hacking credit cards but some people like me are wanting to use this type of discussion for a means of growing in our own industry, our own knowledge and maybe make a dollar or two along the way.

If a customer of mine buys a toner cartridge rated at 5000 pages rated at 5% coverage and only uses 3% coverage they are still limited to 5000 delivered pages. My interest is getting my customers their other 1/3 money out of that cartridge of toner they probably spent well over $200 for.

So there are honest people who do search for the RFID topic on this website who are not interested in hacking a credit card or trying to break into a base somewhere.

True, just one problem.

There are no RFID tokens in a cartridge.

You are correct. The ones I have seen that use this technology have been mounted on the external portion of the cartridge which would make it easier to clone or manufacture than one that had been mounted on the inside of the cartridge.

:)

So in that way, there are no rfid tokens mounted in a cartridge but attached to the outside.

Thanks for the response everyone, I am currently working on the modulation of these cards and have come along way on the topic. I have currently figured out how the EM4100 style tags modulate the signal and hopefully will soon be able to figure out HID tags. I am waiting on a scope so I can see how the signal differs between the two tags and make adjustment of the modulation scheme accordingly.