Re: RFID using LFTX/LFRX (Was [Discuss-gnuradio] GNU Radio mention in DEFCON subway presentation)

[ChoJin]

On Aug 16, 2008, at 10:52 PM, Michael Ossmann wrote:

> On Sat, Aug 16, 2008 at 08:44:56PM +0200, address@hidden  
> wrote:
> > As far as I understand, passive RFIDs communicate backs to the
> > reader  by consuming more or less power from the incoming radio
> > wave (please  correct me if I'm wrong). How one would therefore
> > implement a reader  using these daughter boards and gnuradio?
>
> I have only worked with low frequency (125 kHz) RFID tags so far,
> but this is what has worked for me.  These things work only at very
> close range (a few inches) by inductive coupling.  You need a loop
> of wire instead of an antenna.  You ought to pay attention to
> impedance matching, but I've managed to get by with a few turns of
> wire or my favorite, a ferrite core from an AM radio, at zero range.
> You need one loop for tx and another for rx.
>
> Use usrp_siggen.py to transmit the power signal (A commercial RFID
> reader will typically send short pulses of the 125 kHz power signal
> instead of a constant sine wave, but a constant carrier works
> fine.):
>
> # usrp_siggen.py -f 0 --sine -w 125e3
>
> Then capture the RFID tag's signal with usrp_rx_cfile.py or
> whatever.  The tags I've worked with produce a 125 kHz signal which
> is amplitude modulated by an FSK signal.  The result of this is a
> whole bunch of sidebands, any of which can be singled out and
> decoded as FSK.  The closest sidebands are best; I use one at 111.5
> kHz.  Anyway the demodulation and decoding details won't interest
> you unless you are using the same kind of tag.
>
> Cryptographic RFID tags require some particular signal (not just a
> sine wave) to be transmitted by the reader.  Details vary depending
> on the kind of tag, so you'll need documentation or you'll have to
> reverse engineer the signal produced by a reader.

Hello,

I tried a very simple test:
- two loops of wire, one for the LFTX (A slot, antenna TXA) and one for
  the LFRX (slot B, antenna RXB)
- generating the sinus wave using usrp_siggen.py -f 0 --sine -w 13.56e6
- trying to detect this sinus back using usrp_fft/usrp_oscope

I put my two loops of wires as close as possible from each other but I
just can't detect my sinus wave back at all.

Would you have any guideline to troubleshoot this issue?
because obviously right now, I can't even move to the next step which
is trying to get a signal from a RFID tag.

Please note that's the first time I actually try to TX something  
(usually
I just play with receivers).

As another test I used fm_tx4.py to TX some audio and I could receive
it (hardly, with a lot of noise, and not even in NFM but in AM... go  
figure...)
but with a gain set to its max value (but of course I was using the  
loop of
wires too, not a real antenna).

Anyway, any help would be welcomed,

--
Best Regards,
ChoJin