My Bus Pirate v3 just arrived today, together with a 13.56Mhz RFID mod­ule. I bought the stuff at the seeed­stu­dio webshop.

I had to update the Bus Pirate to the v4.1 firmware and v4.1 boot­loader (and resol­der the LED’s). The Bus Pirate use a FTDI USB Ser­ial chip, so make sure you installed this dri­ver.

Now let the fun begin, wire up the Bus Pirate and the RFID mod­ule like that:

1
2
3
4
5
RESET    —> AUX
RXD        —> MOSI (TX)
TXD        —> MISO (RX)
GND        —> GND
+5V (DC)  —>+5V

Now fire up a ter­mi­nal (I use CoolTerm on a Mac, 115200/8N1), acti­vate the UART Mode, enter ‘W’ to active the +5V power sup­ply, enter ‘a’ to trig­ger the reset (AUX LOW)

The whole pro­ce­dure as ser­ial dump:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
> m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. JTAG
7. RAW2WIRE
8. RAW3WIRE
9. PC KEYBOARD
10. LCD
(1) >3
Mode selected
Set ser­ial port speed: (bps)
1. 300

5. 9600

10. 31250 (MIDI)
(1) >5
Data bits and par­ity:
1. 8, NONE *default

(1) >
Stop bits:
1. 1 *default
2. 2
(1) >
Receive polar­ity:
1. Idle 1 *default
2. Idle 0
(1) >
Select out­put type:
1. Open drain (H=Hi-Z, L=GND)
2. Nor­mal (H=3.3V, L=GND)
(1) >
READY
UART>W
POWER SUPPLIES ON
UART>a
AUX LOW

Some geek pr0n:

Closeup of the RFID reader:

I also bought a 13.56Mhz Mifare-One RFID card — read the card ser­ial was my first task. But first some basics…

On the seeed­stu­dio rfid reader prod­uct page is a sdk avail­able — but I found a much bet­ter pro­to­col descrip­tion (more detail, more examples…).

How to com­mu­ni­cate with the RFID mod­ule:
[0xAA STATION-ID DATA-LENGTH CMD OPTIONAL-DATA XOR-CHECKSUM 0xBB]
Each com­mand begins with 0xAA and ends with 0xBB. The XOR check­sum is cal­cu­lated by XOR’ing each byte of the msg, exclu­sive the 0xAA and 0xBB byte. For more detail check the SDK/pdf file.

Exam­ples:
Exe­cute MF_GET_SNR (0x25, try to read the cards ser­ial nr.):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
UART>[0xAA 0x00 0x03 0x25 0x26 0x00 0x00 0xBB
UART LIVE DISPLAY, } TO STOP
WRITE: 0xAA — start of text
WRITE: 0x00 — point-to-point com­mu­ni­ca­tion mode
WRITE: 0x03 — data length
WRITE: 0x25 — cmd: MF_GET_SNR
WRITE: 0x26 — 0x26 Request Idle
WRITE: 0x00 — do not need to exe­cute the halt com­mand
WRITE: 0x00 — check­sum
WRITE: 0xBB — end of text
UART>
READ: –f 0x00
READ: 0xAA — start of text
READ: 0x00 — point-to-point com­mu­ni­ca­tion mode
READ: 0x06 — data length
READ: 0x00 — sta­tus 0x00 — ok
READ: 0x00 — 0x00 Only one card is in the read­able area
READ: 0x3C — ser­ial nr, byte 1
READ: 0xEF — ser­ial nr, byte 2
READ: 0xC8 — ser­ial nr, byte 3
READ: 0x3C — ser­ial nr, byte 4
READ: 0x21 — check­sum
READ: 0xBB — end of text

So the ser­ial for my mifare card is 0x3C 0xEF 0xC8 0x3C.

MF_Read (0x20, read data from the card)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
UART>[0xAA 0x00 0x0A 0x20 0x01 0x01 0x10 0xff 0xff 0xff 0xff 0xff 0xff 0x3A 0xBB
UART LIVE DISPLAY, } TO STOP
WRITE: 0xAA — start of text
WRITE: 0x00 — point-to-point com­mu­ni­ca­tion mode
WRITE: 0x0A — data length
WRITE: 0x20 — cmd: MF_READ
WRITE: 0x01 — Mode Con­trol, Request all, Use Key A
WRITE: 0x01 — Read one block
WRITE: 0x10 — Start address of block
WRITE: 0xFF — Start of key (6 bytes)
WRITE: 0xFF
WRITE: 0xFF
WRITE: 0xFF
WRITE: 0xFF
WRITE: 0xFF — End of key
WRITE: 0x3A — check­sum
WRITE: 0xBB — end of text
UART>
READ: –f 0x00
READ: 0xAA — start of text
READ: 0x00 — point-to-point com­mu­ni­ca­tion mode
READ: 0x15 — data length
READ: 0x00 — sta­tus ok
READ: 0x3C — ser­ial nr, byte 1
READ: 0xEF — ser­ial nr, byte 2
READ: 0xC8 — ser­ial nr, byte 3
READ: 0x3C — ser­ial nr, byte 4
READ: 0xFF — data from the card
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0xFF
READ: 0x11
READ: 0x11 — data from the card
READ: 0x32 — check­sum
READ: 0xBB — end of text

Writ­ing to the card is also tested and worked fine. You may put Bus Pirate into trans­par­ent mode (enter ‘(0)’ to get all avail­able modes) and use this mod­ule with other RFID soft­ware. Per­haps RFID­IOt or lib­nfc — both pack­ages needs a patch to sup­port the RDM880 module…

Links:
http://code.google.com/p/the-bus-pirate/
http://dangerousprototypes.com/forum/
python rb880 library

Bus Pirate fun — RDM880 RFID module

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*