Skip to content
/ usrp_nfc Public

USRP NFC/RFID Project: Eavesdropping on and Emulating MIFARE Ultralight and Classic Cards Using Software-Defined Radio (SDR)

Notifications You must be signed in to change notification settings

giech/usrp_nfc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Eavesdropping on and Emulating MIFARE Ultralight and Classic Cards Using Software-Defined Radio

By Ilias Giechaskiel https://ilias.giechaskiel.com

This project contains a Software-Defined Radio (SDR) implementation for ISO 14443 Type A NFC/RFID communications. Specifically, it can eavesdrop and decrypt MIFARE Ultralight and Classic 1K communications and partially emulate them. It can also work with a USRP N210, with the BasicRX/TX and LFRX/TX daughterboards. For more details, please read the detailed PDF write-up, or take a look at the summary poster.

The usage is as follows:

Usage: usrp_nfc.py [options]

Options:
  -h, --help            show this help message and exit
  -t TYPE, --type=TYPE  action type [tag, reader, all]
  -a ACTION, --action=ACTION
                        action [eavesdrop, emulate]
  -i SRC, --input=SRC   input wav file or uhd
  -s IN_RATE, --sample_in_rate=IN_RATE
                        input sample rate
  -S OUT_RATE, --sample_out_rate=OUT_RATE
                        output sample rate
  -o DST, --output=DST  output
  -e EXTRA, --extra_file=EXTRA
                        helper file for emulation

The defaults are as follows:

action = eavesdrop
type = all
input = uhd
sample_in_rate = 2M samples/sec
sample_out_rate = sample_in_rate
output = None
extra_file = None

The output and input parameters can either be a WAV file or uhd for the USRP (see the recordings folder for examples that can be used).

Note that the project is somewhat sensitive to the antenna -- any errors can usually be fixed by changing the hi_val parameter passed into the transition_sink module (called from the decoder module). In my tests, values from 1.05 to 1.1 work, depending on the antenna/PCD/PICC setup.

For the emulate action, a .json file (with examples in the data folder) needs to be passed in through the extra_file parameter. See the create_json module for an example of how to create it. Note that the rands parameter is only needed for MIFARE Classic 1K cards, and is used to ensure that when emulating against a recording (with the input switch) the parameters match.

Example outputs of the program are found under the outputs folder.

About

USRP NFC/RFID Project: Eavesdropping on and Emulating MIFARE Ultralight and Classic Cards Using Software-Defined Radio (SDR)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages