RFID tags are all over the place.  They’re used in building access control systems, passports, inventory tracking… even ski resorts have started using them in lift tickets.

This instructable will show how you can use an Arduino and a few simple components (wire coil, transistor, capacitor, resistor) to make a device that can spoof an 125 KHz (low frequency) RFID tag.  This is version 1, so there are many enhancements that can be made, but this version is stupid simple, yet it works.  I did this in a few hours without much previous knowledge of RFID and without any fancy equipment (like a radio tuning hardware or an oscilloscope… I guess an oscilloscope is fancy, I need to pick up one of those.

Step 1: Parts
Some enamel coated solid core copper wire (I used the green spool from the 3 spool set Radio Shack carries). A NPN transistor, I used a 2N3904. A 10 K Ohm Resistor. A 10 nF capacitor (0.01 uF). I’m using a Metalized polyester film cap I got from Radio Shack, others should work though. A toilet paper roll to wind the wire on. I tested my circuit using…

Step 2: RFID background
A passive RFID tag has a coil and a chip with data on it.  An RFID reader has a coil in it that has a coil in it that creates a varying electronic field (in this case 125 KHz), which is called the carrier signal.  When the tag is close to the RFID reader then the magnetic field powers the chip on the tag, which then responds by tuning and detuning its own antenna.  This…

Step 3: The Data
The serial number of a tag is sent over using a fairly simple protocol. It starts by sending 9 one’s Then it sends 10 sets of 4 bits, then one parity bit (it’s using even parity) Then it sends “column” parity bits (even parity of the rows in the previous step) Last it sends a 0 stop bit So an example looks like this: (start bits) 11111…

Step 4: Building the Circuit
You need to create a coil that’s about 150 to about 162 uH (different sources say it should be different values).  To determine how many winds to do you can use an induction calculator like the one here www.crystalradio.net/cal/indcal2.shtml .  I used the green spool from the Radio Shack set of wires and wound it about 133 times around the toilet paper roll (I did thi…

Step 5: The Code
The Arduino now needs to tune and detune the antenna.  When pin 9 is low then the antenna is tuned (sending out a “high” signal).  When the pin is high then it sends power to the base of the transistor.  This reduces the resistance between the two ends of the coil, which “detunes” the antenna.  We just need to do this in the right sequence to send data to the reader.

Step 6: Testing
To test the circuit hold the antenna right up to the reader (go ahead and touch it to the reader for the first test), if everything’s right you should see the tag ID you’re hoping to see.  If not (and you’re sure the sketch is uploaded properly and the circuit is connected correctly) start adding and removing winds from the coil and retesting it.  It should be somewher…

Step 7: The Video
First I hold up a real tag to the reader, and you’ll see by the screen behind it that the tag ID is read and displayed on the screen behind it.  Next I hold my coil up and the reader sees it as a tag and reads the serial number off it.

Step 8:Elephants in the Room
This project does have a few deficiencies that should be mentioned.  First, since the RFID emulator runs on it’s own clock instead of using the one from the magnetic field the reader creates not every serial ID broadcast is received by the broadcaster.  This isn’t a huge deal because in my experience they end up matching up close enough every about every second or two…

Step 9: References
PDF on a similar project, good discussion of how it all works and schematic  mrl.cz/projects/rfid/rfid.pdf Similar project, including C code www.alexanderguthmann.de/en/emulator.html An RFID tag that’s just a small Microchip uController and a resistor micah.navi.cx/2008/09/using-an-avr-as-an-rfid-tag/ A similar project, also a reader www.cq.cx/pro…

via: instructables