How to check the frequency of an RFID chip?
I am sorry if this is a very newbie question, but I could not find the answer.
How do I tell the frequency of an RFID chip?
I have a box of chips that work with some equipment I have. The chips are used to allow the machine to turn on and off. I would like to recycle the chips. My hope is that I can read a chip that has never been used and take that data and put it on a chip that has been used. But how do I tell what frequency Reader / Writer I would need to even try? For what it's worth, I have attached a pic of one of the chips that I opened.
Thanks in advance for any help.
Doc
- - - Updated - - -
One more thing...the device works when the RFID chip is placed right next to the equipment within a target area of about 1 inch.
Does that help narrow it down?
Judging by the size of coil I would say that is almost certainly a 125KHz passive RFID tag. Probably a HITAG 1 type.
You can read the data memory from them but the first page (4 bytes) is normally programmed once in manufacture to give it a unique serial number and you can't erase it or reprogram it. The remaining memory is normally non-volatile static RAM so you can put anything you like in it. I've re-programmed similar tags many times but the serial number is fixed for life.
Brian.
Brian,
Thanks for your help!
Assuming you are correct, what equipment would you suggest I use to read the chip?
Second, can I use the data I obtain to make new chips with my own unique serial numbers?
If so, where would I buy the equipment and chips?
I have unused chips and new chips. My thought is that I want to see what changes are being made to the chips when they are used and "reset" them so I can reuse them. If that does not work, then I wonder if I can create new chips from scratch if I can read the chips that I have?
Doc
Got the PM - thanks.
The tags have varying amounts of memory but the first 4 bytes are fixed in manufacture and contain the unique seral number, you can't change it unfortunately. However, the rest of the IC is reprogammable so if you want to put your own serial number in you could always ignore the factory programmed one and read yours at a different address.
The reader/writer units I use are these:
http://www.rfsolutions.co.uk/acatalo..._S_Module.html
They are fairly easy to use, you talk to them through a 9600 bauds serial interface and they have outputs to tell you if a tag is within range so you can interrogate or write to it. I use them in gate entry systems where based on the time of day and serial number, I can control whether entry is allowed or not before operating an electric lock mechanism.
Nothing changes in the tag when it is used unless you specifically write new data to it each time so there is no 'reset' to worry about. If their memory contains data you want to erase, just write zero or some other data into all the memory locations.
Your only potential problem is verifying if they are HITAG 1, HITAG 2 or HITAG S devices because they look the same, only the protocol to communicate with them is different and they are incompatible. There are other types too such as MIFARE but they are not as common. The only way to tell them apart is by trial and error.
Brian.
Thank you again!
In this application, the chips can only be used one time. I would have to assume that the chips are being modified by the device when they are read, or there is data from the chip being stored in the machine so that the chip can not be used a second time in the same machine. Does either of those two scenarios sound reasonable?
I found this on ebay, ... Handheld 125Khz EM4100 RFID copier / writer / duplicator + R/W Card & Keyfob
If the chip is being modified by the reader,then perhaps it can be restored by cloning it from a virgin chip.
If not, then I would need a device to read the chip and try to produce my own chips with similar but unique data.
Is there any device that I can use to tell me what kind of chip I have so I can shop for the correct reader/writer?
Doc
Your two options are to read and record the key serial number and block it from future use or if it's possible, to write (or overwrite) some data in the RAM to stop it being recognized in the future. There is no 'intelligence' in the chip itself, it's just a memory with an RF data link to it. I would doubt you could clone a chip becuase the serial number is in read-only memory but you might be able to clone everything except the serial number if that would be of any use. The whole idea of these things is that every chip inthe World has a unique number stored inside it so the manufacturer has to program it during production.
I don't know of any machine that can identify a chip and the one you found only works with EM4100 devices. I can identify HITAG 1 and HITAG S types but not the others. I can check if it's one of these for you by holding it near one of my gates, the serial number would be displayed in the corner of the CCTV picture if it's a readable tag. Where inthe World are you?
Brian.
I am in the USA, I would be happy to mail a couple of used chips to you for analysis.
Doc
Send me a PM again so I can pick up your email address and I'll write back with my home postal address. As I said, I can only verify if it's HITAG1 or HITAG S though, if it's any other kind it will be ignored by my reader module and no information will be shown at all.
Brian.
You would need to use an RFID spoofer if you wanted to clone a chip . Here is a link to some examples http://hackaday.com/tag/spoofer/
- Correction, you would need an RFID emulator if you wanted to create your own serial numbers instead of just copy existing ones. Cheers
- - - Updated - - -
I hope you don't mind if I ask a question in your thread, but, what frequency would this card be operating at?
If i remember correctly, antennas length varies according to the wavelength of the signal, so based on that alone I would guess it would be a lower frequency than the op's? Since this is bigger.
That looks like it contains a multi-turn coil so the chances are it's 125KHz, the 13MHz ones have fewer turns so they don't create such a vivid silhouette.
Technically, RFID is very low power so it can be used on any frequency without a license in most countries but for ease of bulk manufacturing, most are either 125KHz or 13.56MHz. If you have access to a GDO, it should be possible to sweep the frequency and see if any energy is absorbed at the resonant frequency.
Doc, if you are out there, I haven't heard from you.
Brian.
Thanks for the response, I was thinking it was 125KHz as well. What does a GDO stand for though, I have access to University labs so might be able to use one.
What type do you think it would be EM4100, HITAG 1, HITAG 2 or HITAG S? Or something else. I was thinking of buying or building a reader for it. Im curious to see what data is actually on it.
Sorry for jacking your thread! This is my last question.
GDO = Gate Dip Oscillator (or Grid Drip Oscillator in vacuum tube days) which is a tunable oscllator with a meter showing how much load the oscillator places on it's power source. Basically, you tune it looking for a dip or peak in the current which would indicate somethng nearby is absorbing energy at that frequency. As RFID tags use tuned antenni and are designed to absorb RF to power themselves, they should show a reasonably good change in reading as the oscillator is tuned near to their resonant frequency.
That wont tell you the type of tag though because that's entirely a software function of the procesor inside it. By design, the tag will ignore anything which doesn't match the expected protocol so the only way to tell is by trial and error. Don't expect anything exciting inside them, typically it's just four bytes of ID number (32 bits). Some have additonal RAM which might contain something but for the most part, they are just used as a key with a unique number.
Brian.
Thanks for your help, I think I want to do some sort of rfid project either way, so will probably need a reader. If it works with this card it would just be a bonus.
Cheers.