RFID Hacking/parallax

From Noisebridge
Jump to: navigation, search

some random notes about the parallax readers[edit]

  • em4095 to pic16f627a (20pin ssop package)
    • DEMOD_OUT (13) -> RB3/CCP1 (10)
    • RDY/CLK (2) -> RB6/T1OSO/T1CKI/PGC (13)
    • SHD (14) -> RA1/AN1
  • pic16f627a to edge connector
    • RB0/INT (7) -> OE#
    • RB2/TX/CK (9) -> SOUT
  • pic16f627a to discretes
    • RA7/OSC1/CLKIN (18) -> LED (1)
    • RA6/OSC2/CLKOUT (17) -> LED (2)
  • em4095 xmit is controlled by MOD (12)
    • this follows the same modulation scheme as DEMOD_OUT (13)
  • edge connector
    • SOUT wiggles at 2400bps and outputs rfid in ASCII (no need to do binary conversion)
    • /ENABLE
      • this is an input signal (tying this to GND works fine if you just want the reader to stream data).
      • the leading / means that this signal is active low

re-purposing the pic[edit]

  • i mis-wiki-ed before, the programmer's PGC (13) and PGD (14) signals are nc. hijacking these is pretty simple.
  • conveniently MCLR# (4) is tied to vcc through the resistor just above the pic when looking at the board w/ the edge connector on your left. one less pin you have to lift.
  • RB4/PGM (11) looks like it is nc. having only dorked w/ a pic once in my life (why it was easy to canabalize my homebrew pic programmer for something else), i've never paid attention to lvp or hvp mode. PGM only matters to lvp (and only at startup to set the programming mode).