From Noisebridge
(Redirected from Rfid)
Jump to: navigation, search


[edit] 950 MHz UHF RFID system

This RFID reader is installed near the entry door of Noisebridge (at the top of the stairs). If it can be made to work properly, we can put RFID tags in any items we want (private or public) and program our computer systems to react if and when those items go near or through the door (or elevator room). This could be useful in deterring or preventing theft, so that Noisebridge CAN Have Nice Things.

current state of things: the reader works, we talk to it through serial, and it detects tags, but all the tags we have result in the same line of text from the reader. We need to figure out what command to send to the reader to get it to tell us the full data of the tags, or at least their unique serial number. We have over 100 tags, but they aren't readable until a piece of wire is soldered onto them as an antenna, which can be tailor made for the article they are being fixed onto. The PDF for the tags we have is linked to below, uploaded to the wiki as rfid.pdf If you want to help with this project, contact me. -jake

  • We got this reader: SAMSys MP9320 2.8

Various files related to this device: http://techsupweb.satoamerica.com/public/06_RFID/Software/RF%20Command%20Suite/

the protocol the reader talks is detailed at: CHUMP Protocol Reference Guide v7.0

The MP9320 cannot be made to work on ethernet, even though it has a port.

The reader is connected to Minotaur through a USB to Serial adaptor which comes up as /dev/ttyUSB2 (this time) BUT
you should talk to it through its reliable pathname which is:
try the following command (as root on minotaur)
# screen /dev/serial/by-path/pci-0000:02:02.3-usb-0:1.1.4:1.0-port0 57600
(press control-A and then k to "kill" or exit screen when you're done)

the reader is now configured and it works. when it detects a tag, the windows software tells you
Tag ID,Tag Name,Tag Type, Total Reads, Rate, Antenna, Date/Time
3005FB63AC1F3841EC880467,,EPC1G2,1648,0.0,0,1/21/2013 11:04:06 PM

this is what the serial data looks like, 57600 baud: (it repeats constantly while the tag is nearby)

this reader has four antenna ports. The windows software seems to tell you which antenna the tag was seen on, but we will need to find that information in the serial data, which should be easy. The reason this matters is because we will end up having antennas in different locations (door at the top of the stairs, elevator room door, bottom of the steps) and we will want to react differently depending on where a tag is detected.

Getting status of the beep
Enabling the audio beep
Disabling the audio beep
Permanently disable the beep

  • Tags:

File:Rfid-SL3ICS1002 1202.pdf finally! we have the PDF for these tags.

File:AN173211.pdf frequently asked questions about these RFID tags.

we got these 900mhz band RFID tags available from mouser.com as part number SL3S1202AC0,118 they cost 7.4 cents each.
mouser.com link to buy these tags
(the picture on the mouser site is wrong for these parts, they do not look anything like a 1206 capacitor)

zipfile containing many PDFs relating to these RFID tags including the NXP app notes

these tags do not have an antenna - they are a grain of sand in the middle of a 3mm x 9mm piece of plastic. On either side of the grain of sand is a copper contact that you can solder to if you're careful. don't melt the plastic backing! the whole thing will probably stick to whatever it was resting on when you soldered it, so prepare. Make your antenna (a loop of wire probably, we are trying to figure out what works best) and solder it to the two contacts and then protect the thing with some hard (hitemp) hotglue or epoxy or something.

the PDF for the RFID tags above File:Rfid.pdf

similar to this from TI: http://elcodis.com/parts/1758620/RI-UHF-STRAP-08.html#datasheet

  • Antennas: From the NXP app notes:
    • AN1523 has a reference design for a mid-range less than one meter read distance antenna. The antenna is 34 mm x 15 mm.
    • [AN0972|http://www.nxp.com/documents/application_note/097211.zip] has a reference design for a "general purpose" antenna with an optimal read range of 2.5 meters. The antenna is 1.25" x 0.875"
    • AN0969 has a 98 mm long antenna design, with a read range of 1 m to 6 m depending on the substrate you use. Teflon and polystyrene are best; Rogers TMM6 is the worst but has the least variation across the frequency range.
    • AN1615 has a short range ring antenna design. 8.3mm diameter ring. Read range of 2 cm.
    • AN1685 has an 80mm x 35mm antenna design, with a 6 meter read range.
  • we did not get this reader:

http://www.alibaba.com/product-gs/572423327/RFID_reader_900MHz.html?s=p http://www.alibaba.com/product-gs/608914064/long_range_900mhz_rfid_reader_from.html?s=p

  • if we can figure out the protocol or find a driver, these PC card-based 900Mhz RFID readers are very inexpensive


[edit] Some General Commands

Show reader and software version info:


Show config:


Quiet a given tag from the output:


Read any tag in field


[edit] Setting Tag EPCs

Memory map for cheap NXP RFID tags. We can change the EPC in bank 01. We want to read the TID in bank 02

GEN2 (aka ISO 18000-6C) tags contain a unique, factory set tag ID (TID) and a user configurable EPC. Per the datasheet the EPC is the same for all our tags until configured otherwise

The ICs are delivered by NXP with a default 96 bit EPC number:

UCODE G2XM: 3005 FB63 AC1F 3681 EC88 0468

UCODE G2XL: 3005 FB63 AC1F 3841 EC88 0467 

Our reader appears to display some form of the EPC when a tag is in range. It's possible the query tags in the field for TID, but I'm not sure if we can display TID by default when a tag is in range (the EPC appears to be read by default) -- but we can reprogram the EPC to some arbitrary value!

  • Chump Reference Guide
  • User Guide - Though for a different model, pg 52-56 provide some good examples on writing to gen2 tags
  • code - script to read/write to a serial port, to filter out duplicate output]

Some example commands (note: wa command will write to any unlocked tag in the field):

To write an EPC ID value of 332233445566778899aabbcc onto a tag with the Protocol Control field set for a 96 bit tag, enter:


To add the length field, enter:


To request a read/verify cycle following the write operation, enter:


In order to write an EPC ID to a blank tag, the Protocol Control bits must also be
set. This can be accomplished in a single write command since the Protocol Control
bits are contained in the same memory bank as the EPC ID. Following the previous
example, the command would include setting the Protocol Control to 3000 as follows:


[edit] Changing Registers

Example bits of the P2I register, which controls the identification layer for gen2 tags (source: CHUMP guide)

This reader has a number of config registers we can modify. Use the following CHUMP command to read the current registers:


To make changes to a setting you'll need to generate a hex value for the 32 bit register. Refer to section 4 and 5 in the CHUMP reference guide for bit positions and usage. This calculator can make the process easier. Of particular interest is P2I, the GEN2 identification layer control register, which maybe will allow us to change the default memory read location (from EPC to TID).

When you're done you can write your register as follows:


add ",f:1" to save to NVM, otherwise the setting will revert upon restart.

[edit] 125KHz and 13.56MHz card-style and fob-style and implant-style RFID systems

Please bring RFID tags and readers to Noisebridge! We currently have very few tag samples. We're also looking for readers and ways to interface with RFID.

The current tag types (as detected by RFIDIOt) we have are:

* MASTERCARD - a0 00 00 00 04 10 10 (HSBC MASTERCARD)

The current readers we have are:

* Jake A. has a CardMan 5321 in his backpack, Noisebridge could use one if someone wants to donate one.
* chris paget brought a small stack of parallax (grand idea studios) units to the  2009-04-11 talk. 

[edit] Software

We're using RFIDIOt.

Personal tools