Great long range 125kHz reader and writer example using the T5567 protocol. It reaches a read distance of a “couple of feets”.


Valuable article about the security lacks in the HID Standard Security iCLASS™ Cards.

  1. 21. September 2008: Using an AVR as an RFID tag by Author Beth (Micah Dowty) and version 1.0 of the avrfid.S . Also found as the Emulator RFID.
  2. 15. June 2010: AVRFID 1.1 Firmware by Author Beth (Micah Dowty) version 1.1 of the avrfid.S which incoporates a few patches by Luke Koops who improved the FSK modulation for HID tags, so that the resulting waveform is much more regular and Cesar Fernandez who described the HID card format in more detail.
  3. 16. May 2011: Duct Taped AVRFID by Author Beth (Micah Dowty) uses her version 1.1 avrfid.S
  4. November 2011: AVRFID PCB Implementation by Daniel Smith
  5. September 2012: RFID Spoofing by Eric Barch who only uses Beth’s (Micah Dowty)  HID part of her version 1.1 avrfid.S .
  6. 1. December 2012: AVRFID 1.2 Firmware last update by Daniel Smith on his version 1.2 of Beth’s avrfid.S which adds support for 35 bit HID Corporate 1000 format and fixed 26 bit parity.
  7. 27. December 2012: AVR RFID Multipass by Trammell Hudson of the NYC Resistor hacker collective, which come up with an optimized version of Beth’s version 1.2 avrfid.S and convert it to C ending in the avrfid2.c file. Beth (Micah Dowty) welcomes this transition as it uses less of the 8kB flash memory of the AVRs etc… and has an nice application scenario of an action figure, whose body parts trigger different IDs in the AVRFID tag. The whole code in C for latest AVRFID tag and the reader can be found here. In his post Hudson also describes how easy it is to reprogramm AVRs with some Bus Pirate Tools, which provide an recovery clock. But a few patches are still needed!

A few links about reprogramming the ATtiny85 and AVRs in general. Once the external clock is enabled you also speak about an ‘locked out’ AVR and you will need a crystal/resonator which serves as the clock source while reprogramming the chip. I found one thread and a blog post about it. In another blog post they use PonyProg to set the fuse bits. More to come, when I have done it myself…

The T5557 protocol by Atmel supports read and write operations on RFID tags. Here a shorter summary of the T5557 protocol. By that it’s easy to clone tags, like in this example. But at the same time this rises security issues, which is probably the reason why it is not so commonly used (yet). The difference to the successor, the T5567 protocol is simply some improvements in terms of power on reset if the tag enters the field very slowly.

Really comprehensive explaination of the EM4100 protocol. The whole data structure of this common communication is illustrated, which also gives me orientation for the demands on my custom AVRFID code. Here the official EM4100 datasheet which is part of a whole family of EM protocols by EM Microelectronic. There is also an overview of their protocols by the field of application. The latest protocol is the EM4200 which actually replaces the precursor protocols EM4100/4102 and EM4005/4105.

Stumbled over a news article on the China Post about an engineer who hacked a payment system by the Easy Card Corporation. I can’t deny the thought of an R(obinhood)FID guy giving hacked RFID EasyCards to the poors.

Nearly all search results for RFID on Hack A Day are really interessting examples of what is currently possible with this technology. For example there is the open source passive RFID tag cloner and the configurable RFID tag. The last one (here on its official homepage) is a really close example of what I want to archieve with my AVRFIDs.

Two more online shops with useful RFID sketching materials:

Once more I have a handfull of links, which I haven’t summed up here. First of all I found a really nice tutorial by the Teaching Enhancement via Small-Scale Affordable Labs (TESSAL) Center, introducing into experiments with 13.56 MHz RFID. Their summery of the fundamental concepts is really helpfull in my opinion. Further they provide an short online test, proofing your basic knowledge on RFID, as well as all their materials on this class.

One more short introduction into the RFID basics by Priority 1 Design.

Another RFID introduction mainly from the EPCglobal perspective.

Further more the articles by Roy Want should not be missing.