RFID Hacking/parallax

From Noisebridge
< RFID Hacking(Difference between revisions)
Jump to: navigation, search
(re-purposing the pic)
 
Line 21: Line 21:
 
== re-purposing the pic ==  
 
== re-purposing the pic ==  
  
i'm working on resuscitating my pic programmer (althought hey aren't that expensive on ebay) to read out the existing program to modify the board to ''clone''.
+
* i mis-wiki-ed before, the programmer's PGC (13) and PGD (14) signals are  nc. hijacking these is pretty simple.
* the led pins overlap w/ the programmer's CLOCK and DATA signals. these are inputs so it should probably be ok to drive these (from the programmer) w/ both the pic and leds connected.  
+
 
* conveniently MCLR# (4) is tied to vcc through the resistor just above the pic when looking at the board w/ the edge connector on your left. one less pin you have to lift.
 
* conveniently MCLR# (4) is tied to vcc through the resistor just above the pic when looking at the board w/ the edge connector on your left. one less pin you have to lift.
 
* RB4/PGM  (11) looks like it is nc. having only dorked w/ a pic once in my life (why it was easy to canabalize my homebrew pic programmer for something else), i've never paid attention to lvp or hvp mode. PGM only matters to lvp (and only at startup to set the programming mode).
 
* RB4/PGM  (11) looks like it is nc. having only dorked w/ a pic once in my life (why it was easy to canabalize my homebrew pic programmer for something else), i've never paid attention to lvp or hvp mode. PGM only matters to lvp (and only at startup to set the programming mode).

Latest revision as of 19:01, 18 April 2009

[edit] some random notes about the parallax readers

  • em4095 to pic16f627a (20pin ssop package)
    • DEMOD_OUT (13) -> RB3/CCP1 (10)
    • RDY/CLK (2) -> RB6/T1OSO/T1CKI/PGC (13)
    • SHD (14) -> RA1/AN1
  • pic16f627a to edge connector
    • RB0/INT (7) -> OE#
    • RB2/TX/CK (9) -> SOUT
  • pic16f627a to discretes
    • RA7/OSC1/CLKIN (18) -> LED (1)
    • RA6/OSC2/CLKOUT (17) -> LED (2)
  • em4095 xmit is controlled by MOD (12)
    • this follows the same modulation scheme as DEMOD_OUT (13)
  • edge connector
    • SOUT wiggles at 2400bps and outputs rfid in ASCII (no need to do binary conversion)
    • /ENABLE
      • this is an input signal (tying this to GND works fine if you just want the reader to stream data).
      • the leading / means that this signal is active low

[edit] re-purposing the pic

  • i mis-wiki-ed before, the programmer's PGC (13) and PGD (14) signals are nc. hijacking these is pretty simple.
  • conveniently MCLR# (4) is tied to vcc through the resistor just above the pic when looking at the board w/ the edge connector on your left. one less pin you have to lift.
  • RB4/PGM (11) looks like it is nc. having only dorked w/ a pic once in my life (why it was easy to canabalize my homebrew pic programmer for something else), i've never paid attention to lvp or hvp mode. PGM only matters to lvp (and only at startup to set the programming mode).
Personal tools