RFIDIOt.org - RFID IO tools

News

April 2011: Added ubertooth-one to shop. This is an open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation, designed by Michael Ossmann. This is very cool... It brings hardware that is normally in the realms of thousands of pounds down to under 100! Sweet! You can build it yourself from the plans on his site, or order it ready built. Note that I am currently taking PRE-ORDERS... Hardware is expected to ship in May 2011.

December 2009 : Beta release 1.0b-beta integrates new version of libnfc wrapper (pynfc ver 0.2), which works with the latest libnfc SVN repo (r245).

November 2009: Release 1.0a - Started integrating Nick von Dadelszen's libnfc wrapper so we can support the new generation of usb stick readers which are practically given away with digital cash products such as Snapper. I've also done a lot of tidying up of the Mifare key handling code (the KeyA and KeyB stuff was probably some of the earliest code I wrote on this project, and was pretty broken!), as I'm starting to see a lot of live security issues with Mifare cards and their use in applications such as hotel keys etc., so I've added copy/clone functionality to readmifaresimple.py (note that it's not capable of creating a true clone as we can't set the UID, but we can copy all data blocks and set keys).

February 2009: Finally got around to writing some more detailed documentation, and also got NXP PN532 chips to run in emulator mode. Documentation to do this was released by NXP under NDA, but they have now given me permission to publish code based on that documentation, so I'm able to release two new tools:

pn532emulate.py - sets up the emulator and processes one command.

pn532mitm.py - 'pn532 man-in-the-middle', which will drive two readers: one as an emulator and one as a reader, and will log all traffic that flows between them. Additionally, you can seperate the reader and emulator onto two different machines, and relay the traffic via TCP.

I've also added a tool for reading HID ProxCard IDs.

January 2009: 0.1w released - various fixes to mrpkey.py and new jcoptool.py

January 2009: RANDOM_UID mode available on JCOP cards. These cards will present a random UID instead of a fixed one, as per ICAO 9303 requirements for Machine readable Travel Documents. See Hardware section for more details.

January 2009: version 0.1v released with source of JAVA applet for JCOP card.

November 2008: version 0.1u released with support for JCOP Mifare emulation. Also, IAIK DemoTag 13.56MHz emulators now available.

October 2008: version 0.1t released with support for JCOP Machine Readable Travel Documents (vonJeek emulator and JMRTD - A Free Implementation of Machine Readable Travel Documents).

April 2008: Windows distribution of RFIDIOt now available! See download section for where to get it.

February 2008 - 'ChAP.py' released... first cut of EMV Chip And PIN credit card reading script (currently for PC/SC readers only).
13th April 2008 - version 0.1b is out. Run 'ChAP.py -h' for features. Download it here.

An all-in-one reader/writer is now available: the LAHF is a Low And High Frequency device incorporating both the ACG LF Multitag and the ACG HF Multi-ISO into a single unit. Each reader presents it's own virtual serial interface to the O/S via a single USB connection, so can still be independantly addressed by software. See the hardware section for more details.

Also, following a re-design, the USB version of the ACG HF Multi-ISO is now the same price as the serial version.

What is RFIDIOt?
What does it do?
Hardware
What can it read or write?
What standards does it support?
Download
Documentation
Licensing
Contribute
Tag Gallery
e-Passports
Passport Certificates
Passport Profiling
Technical Notes
RFID Blocking
In The News
Who am I?

What is RFIDIOt?

RFIDIOt is an open source python library for exploring RFID devices. It's called "RFIDIOt" for two reasons:

I like puns. This one stands for "RFID IO tools"
Since I haven't done any serious programming for a long time, I felt like an idiot having to learn a whole new language and the code probably looks like it's written by an idiot. However, python rocks, so it was worth it!

What does it do?

It currently drives a range of RFID readers made by ACG, called the HF Dual ISO and HF Multi ISO, which are both 13.56MHz devices, and the LF MultiTag which is 125/134.2kHz. Frosch Hitag reader/writers are also now supported. There's no reason it couldn't work with others, these are just the first ones I got my hands on, and since they present themselves to the O/S as standard serial devices without having to install any drivers, it made interfacing very simple (but see the Technical Note section below as I've had some issues recently). I have written some example programs to read/write tags and have started on the library routines to handle the data structures of specific tags like MIFARE. It is far from complete but I thought I'd follow the "publish early, publish often" philosophy on this one...

PC/SC (MUSCLE) devices, such as the Omnikey CardMan are also supported. I am curently testing with a CardMan 5321.

Hardware

I get lots of emails asking where to buy readers/writers, so if you are looking for hardware, RFIDIOt custom built kit and other items I use for testing can be purchased here. These are RFIDIOt compatible read/write devices (where appropriate), and come with power cables and a full year's no- quibble 'fix or replace' warranty.

All prices exclude VAT and delivery which will be calculated at checkout. If you are outside the UK, please add 8 per item using the 'Overseas Postage' item at the bottom of the table. All orders will be sent via UK Post Office tracked services.

Standard Reader / Writers
Type	Frequency	Interface	Supported Tag Types	Image	Price	Purchase
ACG HF Serial	13.56 MHz	Serial RS232	ISO 14443 A/B, ISO 15693, ISO 18000-3, NFC, I-CODE		225 + VAT
ACG HF USB	13.56 MHz	USB	ISO 14443 A/B, ISO 15693, ISO 18000-3, NFC, I-CODE		225 + VAT
ACG LAHF USB	125/134.2 kHz & 13.56 MHz	USB	EM4x02 EM4x50 EM4x05 (ISO 11784/5 FDX-B) Hitag 1 / 2 / S Q5 TI 64 bit R/O & R/W TI 1088 bit Multipage ISO 14443 A/B, ISO 15693, ISO 18000-3, NFC, I-CODE		395 + VAT
OmniKey Cardman 5321	13.56 MHz	USB PC/SC	ISO 14443 A/B ISO 15693 HID iCLASS + ISO 7816 Smartcard		65 + VAT
IAIK DemoTag	13.56 MHz	Serial RS232 JTAG ISP	ISO 15693 ISO 18000-3 NFC ISO 14443A			Purchase direct from IAIK
G LF Serial	125 / 134.2 kHz	Serial RS232	EM4x02 EM4x50 EM4x05 (ISO 11784/5 FDX-B) Hitag 1 / 2 / S Q5 TI 64 bit R/O & R/W TI 1088 bit Multipage		140 + VAT
ACG LF USB	125 / 134.2 kHz	USB	EM4x02 EM4x50 EM4x05 (ISO 11784/5 FDX-B) Hitag 1 / 2 / S Q5 TI 64 bit R/O & R/W TI 1088 bit Multipage		140 + VAT
OmniKey Cardman 5325 PROX (READ ONLY)	125 kHz	USB PC/SC	HID Prox + ISO 7816 Smartcard		60 + VAT
Frosch Hitag Serial	125 kHz	Serial RS232	Hitag 1 / 2 / S		140 + VAT
Frosch Hitag USB	125 kHz	USB	Hitag 1 / 2 / S		140 + VAT
Keyboard Wedge Verification LF Reader (READ ONLY)	125 kHz	USB	Trovan 'Unique' / EM4x02		45 + VAT
Re-Writeable Q5 LF TAG blank	125 / 134.2 kHz	n/a	Trovan 'Unique' / ISO FDX-B / other		5 + VAT
NXP JCOP 31 v2.2.1 72K Smartcard	13.56 MHz	RFID only	ISO 7816 / Global Platform Mifare JMRTD vonJeek		15 + VAT
NXP JCOP 31 v2.2.1 72K RANDOM_UID Smartcard	13.56 MHz	RFID only	ISO 7816 / Global Platform Mifare JMRTD vonJeek		20 + VAT
Ubertooth One	2.4 GHz	USB RF JTAG	n/a		74 + VAT
Overseas Postage	n/a	n/a	n/a	n/a	8 per item

What can it read or write?

A London Transport Oyster card is based on a MIFARE Standard card, so if you already have an Oyster card you have something you can play with. The sample program bruteforce.py can be run against it, and it will try to log in to sector 0 by choosing random numbers as the key. This is about as likely to work as winning the national lottery three times in a row, but what the hell? Odds like that don't stop people playing the national lottery three times in a row... If you "win" please let me know! :)

See the 'Tag Gallery' section below for more detailed information on each of the devices I've seen so far.

What standards does it support?

The Dual ISO reader will read (and write) 13.56MHz devices with the following tags:

MIFARE Standard, MIFARE 4k, MIFARE Pro, MIFARE Ultralight, MIFARE DESFIRE, MIFARE SmartMX
SLE 55Rxx, SLE 66CL160S, SLE 66CLX320P, SR176, SRIX4K
ISO14443A Tags
ISO14443B Tags
Jewel Tag (IRT0302B11 KSW DIY Eng. Sample)
Sharp B
ASK GTML2ISO
TOSMART P032/P064

In addition to these, the Multi ISO will also handle ISO 15693, ISO 18000-3, NFC enabled, ICODE standards, specifically:

I-CODE SLI (SL2 ICS 20)
I-CODE EPC (SL2 ICS 10)
I-CODE UID (SL2 ICS 11)
I-CODE
NFC (Reader To Tag Mode)
SLE 55Rxx
SRF55VxxP+S
SLE 66CL160S
SLE 66CLX320P
SR176
SRIX4K
LRI 64
LRI 512
EM4135
KSW Temp Sens
Tag-it™ HF-I Standard
Tag-it™ HF-I Pro
ASK GTML
ASK GTML2ISO

So far I have played with MIFARE Standard (1K) and MIFARE 4k and have obtained some MIFARE DESFIRE cards but have not yet done anything with them.

The LFX will read/write 125kHz devices with the following tags:

EM4x02
EM4x50
EM4x05 (ISO 11784/5 FDX-B)
Hitag1
Hitag2
HitagS
Q5
TI-RFID SYSTEMS 64 bit R/O & R/W
TI-RFID SYSTEMS 1088 bit Multipage

The Q5 and Hitag2 can be programmed to emulate 'Unique' / EM4x02 and FDX-B / EM4x05 standards.

The Frosch will read/write:

Hitag 1
Hitag 2
Hitag S

The Hitag2 can be programmed to emulate 'Unique' / EM4x02 and FDX-B / EM4x05 standards.

Download

For the moment I'll just create a tarball/zipfile whenever I have anything significant to release. If it becomes a very active project then I'll move to CVS or something similar. The current tarball is version 1.0a and you can find it here. Windows distribution is here. Release date for this version is 28th November, 2009.

Beta code which may include new functionality, but may also be work in progress or completely broken, can be found here. Windows beta is here.

For the ACG or Frosch readers you'll need Chris Liechti's excellent pySerial module, and for PC/SC support you'll also need pyscard and PCSC-Lite.

If your python distro doesn't include Crypto, you'll need pycrypt too, and, if not already included, you'll also need to install Imaging.

If you want to extract the public keys from e-passports you'll need a local install of OpenSSL.

Licensing

The library is free for non-commercial use under the terms of the GPL (full terms in header of each module). For all other purposes please get in touch. My contact details are at the bottom of the page.

Contribute

If you'd like to contribute, please play with it and send me patches/comments/RFID devices/beer/money/loose women etc. You can mail me at: adam (at) algroup.co.uk, or you can make a paypal donation by clicking this button:

Tag Gallery

EM 4x05
VeriChip
EM 4x50
EM 4x02
Trovan/Unique
Q5
Hitag2
Mifare 1K
Mifare 4K
Mifare Ultralight
ISO 14443 (e-Passport)
ISO 15693

The EM4x05 range implement the animal tagging standard ISO-11784 'Radio-frequency identification of
animals - Code structure' and ISO-11785 'Radio-frequency identification of animals - Technical concept' (also known as FDX-B). These chips are ID-only transponders, operating at 134.2kHz and storing 128 bits of data, 64 bits of which are the ID:

Bit 1: 'Animal Flag' - Animal or Non-Animal application indicator
Bits 2 - 15: Reserved Field - RFU
Bit 16: Data Block Flag - Indicates if more detailed data is also stored on this chip
Bits 17 - 26: Country Code - 3 digit country code as defined by ISO-3166, or manufacturer code by icar.org
Bits 27 - 64: National ID - Unique ID assigned by manufacturer / supplier

Q5 or Hitag2 tags can be programmed to emulate an EM4x05 using the fdxbnum.py program, and the ID set to any value.

Security warning: if you have a security system, such as building access control, that relies solely on the ID of an EM4x05 type token, you may want to test that it cannot be fooled by a Q5 or Hitag2 programmed as a clone of a valid token.

The implantable VeriChip appears to be an EM4x05:

It can be read with the readlfx.py command:

This one is a sample in a paperweight from VeriCorp. Note that the Application Identifier is out of spec according to ISO-11784 as it uses some reserved bits:

 readlfx v0.1e (using RFIDIOt v0.1g)
 reader: LFX 1.0 (serial no: 00000000)
 Card ID: 0651A63EA66F0329
 Tag type: EM 4x05 (ISO FDX-B)
 Application Identifier: 94c0
 Country Code: 985 (MANUF: Destron Fearing / Digital Angel Corporation)
 National ID: 23561865824

This is Henry Porter's implant, which he had done for a TV Documentary. Note that this time they've used a 4-digit country code instead of the standard 3 digits as specified by ISO-3166 and icar.org:

 readlfx v0.1e (using RFIDIOt v0.1g)
 reader: LFX 1.0 (serial no: 00000000)
 Card ID: 77E5000001FF0001
 Tag type: EM 4x05 (ISO FDX-B)
 Application Identifier: 8000
 Country Code: 1022 (UNREGISTERED MANUF: VeriChip Corporation)
 National ID: 42990

This is an EM 4x50 based ski pass from Verbier, circa 1999:

It can be read with the readlfx.py command:

readlfx v0.1 (using RFIDIOt v0.1b)
reader: LFX 1.0 (serial no: 00000000)
Card ID: TDE2A3F00

sector 01: 00000000
sector 02: 1A1F0000
sector 03: 00100100
sector 04: 0022181A
sector 05: 00000000
sector 06: 00000000
sector 07: 00000000
sector 08: 00000000
sector 09: 00000000
sector 0a: 00000000
sector 0b: 00000000
sector 0c: 00000000
sector 0d: 00000000
sector 0e: 00000000
sector 0f: 00000000
sector 10: 00000000
sector 11: 00000000
sector 12: 00000000
sector 13: 00000000
sector 14: 00000000
sector 15: 00000000
sector 16: 00000000
sector 17: 00000000
sector 18: 00000000
sector 19: 00000000
sector 1a: 8022CABE
sector 1b: CCCC7C19
sector 1c: E3E77080
sector 1d: B1A65199
sector 1e: 8453AFB9
sector 1f: E2876F65

Related searches:
sector mifare serial reader version

gipoco.com is neither affiliated with the authors of this page or responsible
for its contents. This is a safe-cache copy of the original web site.

gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.