Key Card Cloner

 

 

Background/Introduction

The Key Card Cloner (KCC) is a device that can read RFID and NFC codes, store them, and retransmit them.  The user is able to select the type of signal to read (RFID or NFC).  They then use the appropriate hardware reader to scan the code.  This is then stored within the device.  The user can then select from a list of stored codes which one they wish to retransmit and via which medium.  The KCC will then broadcast the emulated signal.

 

There are several use cases that make this project interesting to me.  The first is to have a universal key card.  Because you can read and store multiple codes,  the KCC can be used as selectable key card.  Users could scan their ID card, Charlie card, hotel room key, and others and then selectable retransmit each one as needed.  This would eliminate the need to carry all of those different cards and allow them to just use the KCC.  A second interesting use is to clone key cards.  In the case of MIT ID cards which allow for access to buildings, the KCC could be used to provide someone else with temporary access.  It is also possible for the creation of a joint Charlie card account.  In this case the KCC would be used to clone an existing Charlie card.  This would allow two different people to add money to and use the same account balance.  A third use case is as a repeater.  In this case, the KCC will rebroadcast a read and stored signal with more power.  Now, instead of having to pull your key card out of your pocket, the KCC stored somewhere about your person will broadcast in a local range large enough for a reader to pick up.  This is mostly a matter of convenience allowing you to just open any door that you have access to.

 

Hardware Description

The hardware for the KCC can be broken into two main parts.  The first part is control (white).  User I/O and memory is handled by the PSoC which can more easily drive complicated logic than the 8051.  The PSoC will use the 8051 to interface with and drive the other part of the system, read/write hardware components.  The 8051 will use a variable timer to create carrier waves of 125Khz and 13.25MHz.  This will allow the KCC to read and write data through any RF protocol in this frequency range.  A Digital to Analogue Converter (DAC) will be used to convert signals between the 8051 and the RF transmitter.  An Analogue to Digital Converter (ADC) will be used to convert signals between the RF reader and the 8051.  The yellow blocks show the outside hardware that will interact with each component of the KCC.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Software Description

The KCC will run software on both the PSoC (green) and 8051 (blue).  The Main Loop on the PSoC will be written in C.  This will handle the user interface and input commands.  It will be able to display to the user the choice of either reading or writing a code.  If reading is selected it will ask for which method (RFID or NFC).  If writing is selected it will ask for which method (RF or  NFC) as well as which stored code to transmit.  The Main Loop will then convey the command request to the 8051.  The 8051 will run the Chip Control program written ins assembly.  It will parse the command request from the PSoC and power up the correct hardware.  If the command request is a read the Chip Control program will return the read data to the Main Loop.  If the command request is a write then the Chip Control program will transmit the requested data until told to do otherwise.  The PSoC will also run post processing on signal data received from the 8051.  Because the PSoC is more powerful it is well suited to perform modulation and demodulation in order to extract and package data that is received and sent.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Project Scope and Management

Tier 1 Goals would be to complete a working system that can read and write data from RFID, NFC, or Magnetic media.  The capability of the KCC would merely be to clone a given tag or card.  The user would select the appropriate protocol and then tap or swipe a tag or card.  The KCC would then automatically begin retransmitting the read code via the same protocol until the user either turns the device off or reads another code.

 

 

Tier 2 Goals would be to provide a graphical user interface (possible via the amulet) as well as the ability to read and store multiple codes and select one from memory to retransmit.  An additional complication would be to combine the RFID and NFC hardware components into a general RFID reader/writer with variable frequency, amplitude, and phase compatibility.

 

 

Tier 3 Goals would be to improve packaging so that this is a portable system.  It would also be cool to create a universal ID card that the KCC would be able to reprogram arbitrarily.  This card would support general RFID (including NFC) and magnetic media.  The NFC portion could be accomplished by using bluetooth to communicate to a smartphone and then using it’s integrated NFC chip to read or retransmit data from the KCC.  A software expansion would be to try and create a code cracker that would cycle through RFID, NFC, or Magnetic codes in order to spoof a reader.

 

 

Special Component needs

In terms of special chips I will require the RF reader/writer.  While there are several pre built solutions available on the market there are also open source designs that allow for these to be build with minimal specialized hardware.  If I were to use prebuilt chips the difficulty of this project would be reduced.  While if I build the readers and writers myself then the difficulty of this project would increase.  I may wish to try to scratch build the RF reader/writer initially.  If it proves too difficult I could then use more pre made chips instead.  The requirements for the RFID and NFC readers would be to emit a specified RF frequency.  They then have to sense the amplitude, frequency, or phase shift that the tag produces in response to the RF signal.  This data would be then be post processed and converted into a digital signal.  The writing or transmitting chips would need to complete these processes in reverse.

 

 

Timetable

April 13-RF research, Circuit design, chip selection, order hardware

April 20-Build RF receiver and transmitter with high and low frequency antenna, Test ability to read and write data

April 27-Implement post processing for RF signals,  Implement various protocols as well as a search mode to scan and determine the appropriate protocol

May 4-Debug Hardware and Software, Add storage ability, Add GUI (Amulet)

May 11-Debug Hardware and Software, If time allows explore more Tier 2-3  goals