First Look: RC522 RFID Reader/Writer ($4 on eBay)

good morning all and today I’m looking at this which is an RFID tag or card reader writer and uses the rc5 to to chip from nxp now with this typically you get a card and also a single tag keyring type type tag and then also separately I bought a set of five tags so that I could take a look at them take them apart and see how they work so this is the item on ebay it’s described as a Mifare RC five two two card read antenna RF module RFID reader IC card a proximity module there just 3.38 for the kit which includes the reader writer and the keyring tag and the card free shipping and this one came from Alice one mono 1983 now Alice is also selling five tags for one dollar fifty where you can get a hundred smart cards for twenty five dollars five smart cards for three dollars and so on so they are very cheap so I’ve got no hesitation in taking one apart and if I can probably see that I’ve had this one apart before so let’s see if I can get the cover off not easily it would seem okay the covers off this is the little insert actually and inside you can see there’s a chip with effectively two pins they’re kind of metal wings and there’s a coil of wire let’s get a close-up of that magnifying glass so there’s the chip doesn’t appear to have any markings on it and the coil of wire is quite neatly wound not sure how many turns that’s got what we reckon ten or twenty or something like that now the card is credit card style it’s extremely thin hard to believe there’s a coil in here but you can find it if you use a torch so there’s the chip and you can see the wires coming out to the coil of wire which runs around the outside with the chips embedded in the card just there so let’s wire this up I’ve put seven wires from the RFID card into this which is an Arduino Pro Mini now because this is 3.3 volts I’ve decided to go for a 3.3 volt Pro Mini that’s my blue type but they’re generally speaking marked on the back there are little pads here indicating the voltage and the frequency this is a 3.3 volt 8 Meg and I’ve also got one of my USB to serial adapters here this is actually an FTDI one I probably could have used a CH 340 switch to 3.3 volts but I thought I’d go for an F TBI today just for the fun of it now google search for RC 5 to 2 gives you the datasheet of the chip this is an xpcom so we’re sending you’re looking at that Arduino playground so people have been playing with these reader/writer some images they’re an Instructables article on using it for door unlock which is the general usage of this kind of system it’s for access control but here we’ve got a library and this is miguel balboa rfid now this is the library that I chose to use to get this thing up and running so if we click through to that we get to github and then on here in the readme which is immediately below the file of the directory listing here there’s useful stuff like a pin layout so you can see how to connect your NFRC 5 to 2 to an uno or a mega or a nano the uno and the nano pins are very similar for the pro mini they’ve also got Tyler Leonardo there so you can see here on the reader writer I’m using 3.3 volts that’s VCC or VDD reset which goes to one of the pins on the Arduino and ground we’ve got a full SPI implementation here is labeled s da s CK mozzie and MS o but SP I generally uses s s rather than s da let’s have a look at Wikipedia on that so here’s Wikipedia on the serial peripheral interface bus and the diagram over here shows the signals as s clock mazi MS o and s s with a bar over it so it’s active low that’s the master and the slave yes the names are the same so this SS is the equivalent of the SD a on the RFID card and in fact in me girls notes under this connection table it does say the SD a pin might be labeled SS on some older m FR c 5 to 2 boards while it’s labeled s da on this one so i’ve wide the RC 5 to 2 to the arduino pro mini as per Miguel’s connection table I’ve connected the pro mini to the USB to serial converter using VCC ground TX Rx and DTR for reset and my FTDI board is connected through to my PCs USB now I’m going to stick this to my monitor because I want to watch what comes back on the serial monitor in Arduino IDE there’s not much point this being down on the bench so I’ve installed Miguel’s RFID library into my Arduino now this is a brand new sketch today’s date so if I go file examples and then come all the way down to the bottom of my monitor there’s RFID and here are some of the examples that Miguel has provided and I’m going to start with this one dump info because it’s so that opens there it’s kind of the one that gives the most information magazine in this dump info sketch once again we’ve got the connection information here for SS otherwise called s da ma z ms o and clock also reset and then there’s the sketch itself now it’s not a very long sketch in fact that’s it I’ve scrolled right to the bottom I’ll just come out a bit there it’s a very short sketch but everything appears to be done in this function which is the dump to serial and you can’t go and look at dumped serial on github and it’s quite complicated there’s a lot going on in there but let’s compile this dump to serial this dump info sketch I’ll just press the compile button you can see the red and green lights there are flashing to indicate that the data is going down to the pro mini so that should be in and running and next I need to click up here to open a serial monitor and then it actually speaks to me and says M FRC 5 2 2 software version scan P ICC to see the UID that’s the unique ID type and data blocks so now I’ve stopped the reader to my monitor here so if I put one of these cards I’ll do the card first over there you can see that immediately it starts picking up all the data and displaying it on the monitor so the first thing that this tells me about this card is that it has the unique ID 76 f.3d 65 now that’s hexadecimal numbering it also tells me that it’s a my fair one kilobyte card otherwise known as a Mifare classic and then it starts listing out the sectors well there are 16 sectors it goes from sector 15 down to sector 0 there are 64 blocks it goes from 63 down to 0 and here’s the actual data these are bytes so they’re hexadecimal digit pairs there are 16 bytes per block and there are four blocks per sector ok let’s try let’s try this one that I took apart if it reads that so yeah once again here’s the second block ah now we’ve got some problems it’s saying timeout in communication and in fact there’s another one of these cards this tag came with the card as a set with this also it reached the UID you can see the UID scrolling up there it won’t actually read any data I’m not quite sure why that is yet so there is some issue with this tag and the tag that I took apart but let’s try a tag that does work let’s try this one and there’s the data coming up the screen now it’s going to place this tag in front of the reader but not long enough for it to dump all the data to see what the effect is so let’s put it on there and then take it off and it will stop but what the reason I wanted to do that was because I wanted to show that the sector 0 down here and block 0 in fact this is sector 0 and block 0 you can see that the first 4 bytes are 2371 c4a 9 and they happen to be the same as the card UID there’s then some other stuff in that sector 0 but in the sectors above it’s this repeating pattern in fact this one I think I’ve done some things to it so it’s slightly different but you’ll see that in the top is it a sectoral block I can’t remember but you get this pattern of six zero zeros then this for byte code and then you get six ffs well now it’s time to go to the datasheet because none of this makes much sense until you start reading the data on the chip so I’m going to start here at n xpcom and in their search box I’m going to type our C 5 to 2 and just see what comes up there so here’s a page on the NXP website on the m FR c 5 to 2 chip and it’s worth reading a little bit of the introduction to this and it’s a highly integrated reader writer I see for contactless communication at thirteen point five six megahertz and it supports these my fare cards but what I really wanted to do is look at the data sheet of one of the actual card chips well here’s one it’s got a horrible number the MF 1s 50 X V one and all that stuff but it is a Mifare classic 1k mainstream contactless card smart card I see and there is a datasheet so let’s take a look at that now here’s the thing on the memory organization of the chip it says it’s a 102 4 by 8 bit a EEPROM organized in 16 sectors of four blocks one block contains 16 bytes now you can see that in the upper block block three of each sector we’ve got two keys key a spanning six bits then some access bits sorry six bytes and then key B spanning the upper six bytes now if I scroll down you’ll see that in sector zero block 0 we’ve got this gray bar and it says manufacturer data and if I go down a little bit further it says the manufacturer block this block is programmed and write protected in the production test so this first block is actually read-only and if I go back to my listing on the serial monitor you can see how in this block 0 we have the UID in these first four bytes we then have this manufacturer data you can’t write to this block here if I go a little further up you can seized for here in it for example in Sector three here are 6 0 0 so that’s key a and then this ffo 780 69 these are the access bytes and then the 6 lots of FF is actually key B so what’s all this key a and key B business well let’s look at Wikipedia’s article on the Mifare classic this is the card that you get these reader writers says the cards fundamentally just a memory storage device memories divided into segments they are ASIC based and have limited computational power thanks to reliability low cost etc they used for transportation in other words like rail system Stadium ticketing these are used as access control and tickets for events so the Mifare classic 1k offers one or two four bytes of data storage split into sixteen sectors each sector is protected by two different keys called a and B and this is where the whole business of encryption comes in the data in these tags is encrypted so says here it uses an XP proprietary security protocol called crypto one for authentication and ciphering and then interesting me down here it says Mifare classic encryption has been compromised see below for details and if you click through the links provided you’ll see this really lengthy document from University in Netherlands I presume its students who actually broke the encryption system on the Mifare classic it’s extremely complicated it goes on forever and ever and ever I did read it it’s quite fun how you would set up your own breaking of this encryption system I honestly don’t know I didn’t understand much of it to be honest now also supplied in the examples in this RFID library something called change UID so we should theoretically be to change the user ID let’s compile and install that sketch and have a go at that see when these lights start to flash there they go so once that’s in and running I’ll need to put up the server monitor let’s wait for that to install it’s just verifying now the red light okay let’s go to 0 monitor and try that one out so this one says warning this example overrides the UID of your UID changeable card is this EU ID changeable card well it doesn’t appear to be because it’s just doing a dump there but if I scroll back up it says here card did not respond to Oh X that’s hexadecimal 40 after Hulk command are you sure it’s a UID changeable card error timeout in communication activating the UID backdoor failed and then it just does a UID listing and a memory dump so what on earth does all that mean okay well I can’t see trying this one called read and write so let’s load that one in okay so this one says Stan a Mifare classic P ICC to demonstrate read and write it’s going to be using the key for a and B of six lots of FF B where data will be written to the P I see CPI C C stands for proximity integrated circuit card let’s bring one of the tags up what let’s bring the camera down here communicating again using key B reading data from block 4 did this actually do it or not like it did because in block 4 here the data is all zeros on this bottom line and it said it read all those zeros it then said it was writing data a 1 o 2 O 3 o 4 so this is clearly data that was written in then said it’s checking the result the number of bytes that matches 16 success with a smiley face and here in what’s it’s block for we’ve got that data 1 2 3 4 5 6 7 8 9 and then it seems to stop it oh well then it does FF b c d e f what happened – Oh a so this is an interesting device um it kind of works that library seems to work the hardware works it can read the cards and the little key ring tags there DCB saw quite a lot of problems with certain tags they either seem to fail or maybe I’ve written dated them that has somehow corrupted them in some way I think the miguel bob our library was the right way to go this certainly seems to be current it says here that something was authored 8 days ago and in fact it’s actually the example so they’re being updated they’re quite recent but this is complicated stuff the data sheet for this MFR c52 to reader/writer chip is 95 pages long I mean it’s very complicated in terms of all the registers that are inside this chip and the encryption system just adds to that complexity so this was just a fun first look at this RFID reader writer the rc5 – – and all the tags that come with it and it is complicated there’s a lot more work to be done on this if I wanted to actually use it for something but to be honest I don’t really know what I’d use this for I mean I got the obvious access control getting in and out of doors and rooms but I can’t really think what I’d use it for much beyond that cheerio

发表评论

电子邮件地址不会被公开。 必填项已用*标注

相关