RFID Security

[ylp88]

On a slight twist to radio data communications:

I wish to use an "ID-12" RFID module to authenticate users to a system: most likely to be a standalone system such as an electronically operated door lock.

I will use the ASCII mode of data transfer. <i>Silicon Chip </i> reports that a tag will transmit 40-bits (5 bytes) of information to the module and that will be sent serially to a microcontroller (PICAXE). I was wondering how this may be accomplished?

Would it be as simple as:
<code><pre><font size=2>SERIN pin, speed (b0,b1,b2,b3,b4) </code></pre></font>

A datasheet for this device can be found at an <A href='http://www.adilam.com.au/techpage/RFID/ID%20SERIES%20SR_2004-2-10_%20rev13.pdf' Target=_Blank>External Web Link</a> or http://www.adilam.com.au/techpage/RFID/ID%20SERIES%20SR_2004-2-10_%20rev13.pdf. The data protocol can be found on page 6 of this document (and I assume that STX and ETX are &quot;start of transmission&quot; and &quot;end of transmission&quot; respectively.) I amd not overly concerened about using the checksum.

Thank you in advance for your assistance.

ylp88

Edited by - ylp88 on 4/30/2005 1:21:45 PM

 

[andrewpro]

Onpages one and 4 of the datasheet, it says that they can be accessed via a regular serial terminal. With the output set to ASCII (how to do that I cant tell, they dont seem to list the command structure or baud rate in the sheet) I dont see any problem with using picaxe serial comms for interfacing it at all. This is, provided of course, that the baud rates can be compatible. My guess, it would work jsut fine for both programming and reading, according to the datasheet, though it seems to be lacking in exact specifics.

 

[kenmac]

You read the serial data that the ID12 transmits - not the Tag transmission.
The tag transmits to the ID12, and if detected, the ID12 sends a message in either of two pre-selected formats.(ASCII or Wiegand26)
The ID12 in ASCII mode transmits 16 bytes of serial data. (9600,N,8,1)
The message format is:
Byte 1...STX Start Transmit Char.(02)
Bytes 2 to 11... 10 bytes of ident. data (ASCII)
Bytes 12,13... 2 bytes Checksum(ASCII)
Byte 14... Carriage Return Char.(13)
Byte 15... Line Feed Char.(10)
Byte 16... ETX End Tramsmit Char.(03)

So, you need 16 variables to store the received data, and the capability to operate at 9600 bd.
ASCII format is selected by linking pin 7 to Ground (0V).

kenmac

 

[kenmac]

You can display the ID12 transmitted data on any PC using Hyper-Terminal.

kenmac

 

[ylp88]

To save on variable space, do you think it be possible to just receive the first byte as a start condiction and then just store bytes 2 to 11? This would mean I only need 10 bytes of variable space.

Thanks for your help thus far.

ylp88

 

[andrewpro]

You could skip bytes one, 14,15, and 16, but if your going for security purposes, I would use the checksum bytes just to be sure.

Since all of the bytes are going to be transfered anyways, I would use something like (would probably need an overclocked picaxe)

serin x,n9600, b1,b1,b2,b3....b13,b14,b14,b14

Just overwriting the same bytes over and over again that you dont need. Unless stopping at b13 would jsut ignore the final 3 bytes. I dont know how that would work exactly. if you keep dumping the same thing into b14, then it oculd jsut be ignored in the end, or overwritten with something useful.

 

[hippy]

You can synchronise up to the STX using a SERIN qualifier, and then read the bytes of data plus checksum which should be enough to guarantee a packet, although it's always best to use as much as possible to do error checking.

- SERIN pin,baud,(STX),b0,b1,b2 ...

Edited by - hippy on 5/1/2005 3:10:32 PM

 

[kenmac]

You need the 10 data bytes and two checksum bytes to confirm that the data is valid before you process it for identity .
The checksums are the XOR result of the binary data.
To calculate the checksums you need to convert the data bytes to binary, do the calculation, then convert the result back to ASCII.
Example data &amp; checksum: 041A21EE34E5 where E5 is the checksum.
Confirm it using the XOR function on the Calculator on a PC.
(04h xor 1Ah, xor 21h, xor EEh, xor 34h = E5h)

Controlling even a simple system requires quite a bit of programmimg space.

I built and installed the Silicon Chip kit, but I decided to build my version using Microchip IC's in lieu of the unfamiliar AVR.
I needed to be able to change the program as necessary.
Initially I wanted to use a Picaxe, but I found it too difficult - the 9600bd and number of variables was limiting!
So, I ended up using Picbasic on a 16F628A - a lot easier (if you already have the compiler!)

kenmac

 

[hippy]

Variables shouldn't really be a problem with SERIN; even if using all 14 byte variables to receive data in one command. The received data can usually be put into SFR using POKE as soon as the SERIN completes. From then on all the variables are available for use as required. Variables which need to be kept during the SERIN can be POKE'd before SERIN and PEEK'd back after. There's a time penalty involved, but it shouldn't be a problem in most cases.

 

[ylp88]

Thanks a lot everbody: I appreciate your inputs. When I get the time, I will try and use a PICAXE to do this project.

Out of interest, kenmac: if you don't mind, would you please e-mail me your source code for the PIC. I have a spare 16F628A lying around and I may be able to use that.

Once again, thank you.

ylp88

Edited by - ylp88 on 5/2/2005 6:27:37 AM

 

[Simmicht]

Yep I have it working and have done for 12 months now. It controls the cat food bowl and the neighbours cats can no longer dine out at my expense and my cat learned in a day or two just how to hold his head so the magic cat bowl would open and allow him access. Saves about $4 a week in dry cat food.

&#160;

Edited by - simmicht on 5/2/2005 11:31:48 PM

 

[kenmac]

I did a quick test with a Picaxe-18X and found it works OK.
There was no need to store the last 3 bytes, but overclocking is necessary to achieve 9600bd.

setfreq m8 ' set to 8mhz
' Note: n9600 = n4800 @ 8mhz
serin 0, n4800, b0,b0,b1,b2,b3,b4,b5,b6,b7,b8,b9,b10,b11
setfreq m4 ' reset to 4mhz
debug b0 ' display characters

The debug screen confirms the data/checksum characters are correct.
That's a good start!

kenmac