I bought a Proxmark3 RFID device. On Monday January 11, we decided to explore the possibilities of this device. Using only the supplied LF antenna, we were able to some RFID tags. Next time, we will build a HF antenna, so that we can read more cards.
The process of identifying an RFID tag using the proxmark is as follows:
After connecting the reader, we issue the tune command without a card. Then, we place a card near the antenna and issue the same command again. This tells us whether the card is HF or LF. Next, we give the command loread, followed by losamples 2000, to get some samples of the signal. Using the plot command, we can see the waveform of the RFID data. From this, we can determine what the actual frequency is and what type of modulation is used. This can help in decoding the signal. For most card types, the proxmark software already contains demodulation routines. This makes life easier, but takes away a bit of the fun of seeing how things really work.
Motivated by the first results, we are of course curious to explore all kinds of cards. To most people, RFID is something magical. By sharing our explorations, we hope to make RIFD less of a mystery.
Addition (part 2)
Building a HF antenna and a LF antenna for a dual-band setup. Using the ProxMark3 Manual we’ve decided to build a HF antenna and also build a LF antenna to make a dual-band setup. We found out a good diameter for the LF antenna seems to be a regular 0,33l soda can.
LF Antenna :
We also had a shot at fixing a HF antenna, which the documentation was a little vague about the distances for the cable cuts/loops etc.
At first the voltages from the HF antenna didn’t go over 9V, which was too low for a proper reading. After cutting the cables a little shorter we got nearly 11V.
We got some HF readings from several cards, but due time we we’re unable to get enough results yet. Also we still need to make the dual-band setup. What we have done is using a Tikitag HF reader to search for exisiting keys on several cards. We did find some keys, but due lack of time we haven’t gotten around to see if we could actually decode the data on the cards. RFID is really much fun to play around with and lots of stuff has been learned from these session already. Hopefully we can get some results in a next session.