RFID Hacking/parallax

From Noisebridge
< RFID Hacking(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
some random notes about the parallax readers
+
== some random notes about the parallax readers ==
  
* em4095 to [http://www.microchip.com/wwwproducts/Devices.aspx?dDocName=en010208 pic16f627a] (20pin ssop package)
+
* [http://www.emmicroelectronic.com/Products.asp?IdProduct=193 em4095] to [http://www.microchip.com/wwwproducts/Devices.aspx?dDocName=en010208 pic16f627a] (20pin ssop package)
 
** DEMOD_OUT (13) -> RB3/CCP1 (10)
 
** DEMOD_OUT (13) -> RB3/CCP1 (10)
 
** RDY/CLK (2) -> RB6/T1OSO/T1CKI/PGC (13)
 
** RDY/CLK (2) -> RB6/T1OSO/T1CKI/PGC (13)
Line 19: Line 19:
 
*** the leading / means that this signal is ''active low''
 
*** the leading / means that this signal is ''active low''
  
i'm working on resuscitating my pic programmer (althought hey aren't that expensive on ebay) to read out the existing program to modify the board to ''clone''. however, the led pins overlap w/ the programmer's CLOCK and DATA signals. these are inputs so it should probably be ok to drive these (from the programmer) w/ both the pic and leds connected.
+
== re-purposing the pic ==
 +
 
 +
i'm working on resuscitating my pic programmer (althought hey aren't that expensive on ebay) to read out the existing program to modify the board to ''clone''.
 +
* the led pins overlap w/ the programmer's CLOCK and DATA signals. these are inputs so it should probably be ok to drive these (from the programmer) w/ both the pic and leds connected.
 +
* conveniently MCLR# (4) is tied to vcc through the resistor just above the pic when looking at the board w/ the edge connector on your left. one less pin you have to lift.
 +
* RB4/PGM  (11) looks like it is nc. having only dorked w/ a pic once in my life (why it was easy to canabalize my homebrew pic programmer for something else), i've never paid attention to lvp or hvp mode. PGM only matters to lvp (and only at startup to set the programming mode).

Revision as of 15:24, 13 April 2009

some random notes about the parallax readers

  • em4095 to pic16f627a (20pin ssop package)
    • DEMOD_OUT (13) -> RB3/CCP1 (10)
    • RDY/CLK (2) -> RB6/T1OSO/T1CKI/PGC (13)
    • SHD (14) -> RA1/AN1
  • pic16f627a to edge connector
    • RB0/INT (7) -> OE#
    • RB2/TX/CK (9) -> SOUT
  • pic16f627a to discretes
    • RA7/OSC1/CLKIN (18) -> LED (1)
    • RA6/OSC2/CLKOUT (17) -> LED (2)
  • em4095 xmit is controlled by MOD (12)
    • this follows the same modulation scheme as DEMOD_OUT (13)
  • edge connector
    • SOUT wiggles at 2400bps and outputs rfid in ASCII (no need to do binary conversion)
    • /ENABLE
      • this is an input signal (tying this to GND works fine if you just want the reader to stream data).
      • the leading / means that this signal is active low

re-purposing the pic

i'm working on resuscitating my pic programmer (althought hey aren't that expensive on ebay) to read out the existing program to modify the board to clone.

  • the led pins overlap w/ the programmer's CLOCK and DATA signals. these are inputs so it should probably be ok to drive these (from the programmer) w/ both the pic and leds connected.
  • conveniently MCLR# (4) is tied to vcc through the resistor just above the pic when looking at the board w/ the edge connector on your left. one less pin you have to lift.
  • RB4/PGM (11) looks like it is nc. having only dorked w/ a pic once in my life (why it was easy to canabalize my homebrew pic programmer for something else), i've never paid attention to lvp or hvp mode. PGM only matters to lvp (and only at startup to set the programming mode).
Personal tools