Is their a way to sniff an RFID signal?

[AlexTommyP]

Hi all and thanks for reading,

I'm working on a concept and am trying to establish if there is a way to sniff a signal between an RFID tag and it's reader. What I mean by this is - is there a way an ON (1) can be generated when the tag and the reader communicate? I don t need power from the reader and am assuming the tag will be passive.

A crude example would be - when I tap through the gate reader at work using my RFID key card. Could a powered LED somehow know that the key card and reader have communicated and turn on.

I hope this is enough detail. Sorry if it is not.

Thanks in advance for any help you can offer. Greatfully appreciated, ATP

 

[analogdesign]

One BIG problem you got here is that a gate reader and key card communicate using Near-Field Communications. This means the coil in the tag and the coil in the reader form a single transformer. This is only possible when their physical distance is less than about the wavelength at which they are communicating. You wouldn't be able to get enough signal at a remote position to detect communication.

If you were using a Wide-Field RFID system (such as an inventory control system) you could do it but in essence you would be building another reader, just you wouldn't be providing the CW RF to power the tag, you'd just be detecting the backscatter. This wouldn't work "in general" because you would have to know the specifics of the RFID system you were trying to sniff (e.g. carrier frequency, standard they are using, etc)

 

[AlexTommyP]

@analogdesign - thanks so much for replying, it is greatfully appreciated.

What if it was not in a remote position. What if the device was within the physical distnace at which they communicate. Say for example the NFC card with the chip in it had something strapped to it (like the powered LED) and when the card (chip) touched the reader and they communicated the powered LED sniffed that the chip and reader where communicating and turned on. Do you think that could be a possibility?

Thanks again for your help. Cheers, ATP

 

[berkeman]

Hi all and thanks for reading,

I'm working on a concept and am trying to establish if there is a way to sniff a signal between an RFID tag and it's reader. What I mean by this is - is there a way an ON (1) can be generated when the tag and the reader communicate? I don t need power from the reader and am assuming the tag will be passive.

A crude example would be - when I tap through the gate reader at work using my RFID key card. Could a powered LED somehow know that the key card and reader have communicated and turn on.

I hope this is enough detail. Sorry if it is not.

Thanks in advance for any help you can offer. Greatfully appreciated, ATP

@analogdesign - thanks so much for replying, it is greatfully appreciated.

What if it was not in a remote position. What if the device was within the physical distnace at which they communicate. Say for example the NFC card with the chip in it had something strapped to it (like the powered LED) and when the card (chip) touched the reader and they communicated the powered LED sniffed that the chip and reader where communicating and turned on. Do you think that could be a possibility?

Thanks again for your help. Cheers, ATP

Welcome to the PF.

What are you trying to do?

 

[AlexTommyP]

@berkeman - Hi and thanks for the welcome + for helping out. Greatly appreciated.

We are trying to establish if a concept we are working on is possible or not. I really hope it is.

We want to sniff / detect when a RFID tag and reader communicate. The detection simply needs to be an ON (1) to trigger an event. I used the example above of my key card at work. When I place the key card (tag) on the reader at work (and the gate opens) we want to establish is there is a way to detect that the tag and reader have connected. A crude example being if (somehow) a powered LED was attached to the key card (tag) and when it connects / communicates with the reader it turns on. It does not have to be a powered LED, it could be a small fan or a small motor that vibrates. The main thing is - can we turn something ON (1) as an event when the tag and reader communicate.

Also - off the back of @analogdesign input above (thanks again) the trigger / ON (1) can be in close proximity to the tag and reader. So, for example, the powered LED could be attached to the key card (tag).

I do hope this makes sense and thanks ever so much for any input / help you can offer.

Super cheers, ATP

 

[davenn]

It does not have to be a powered LED, it could be a small fan or a small motor that vibrates.

and how is the LED, motor etc going to work without power ??
... the power sourced from the RF field isn't likely to be enough

D

 

[phinds]

I think part of the implication of berkeman's question was WHY do you want to do this? The issue is that it is possible you are looking to do something that either is or should be illegal and we try to avoid giving aid to such efforts here on PF.

 

[Doug Huffman]

Near field only? Why, then, did my "vicinity read" Passport Card come in a aluminized card holder?

Security
To increase speed, efficiency, and security at U.S. land and sea border crossings, the passport card contains a vicinity-read radio frequency identification (RFID) chip. There is no personal information written to the RFID chip. This chip points to stored records in secure government databases. http://travel.state.gov/content/passports/english/passports/information/card.html

 

[anorlunda]

Near field only? Why, then, did my "vicinity read" Passport Card come in a aluminized card holder?

Good point. Similarly with an EZ-Pass type RFID chip used in vehicles passing highway toll collection gates.

I think that the obvious answer to the OP must be yes, it is possible. If the EZ-Pass gate can detect the response, then another detector must be able to do likewise. How to do it is a more difficult question.

 

[AlexTommyP]

@davenn - thanks for your input, appreciated. The motor or LED or whatever would be powered. We would not be taking any charge / power from the tag / reader. We are trying to establish if, when the reader and tag communicate, whether we are able to sniff that communication and tell the battery powered motor or LED or whatever to turn on. If this makes sense?

@phinds - thanks for the input, appreciated and sorry if I miss understood @berkeman question. Please rest assured that there is nothing illegal about what we are trying to concept, produce and achieve. The concept is based around building on existing (in place) tech and functionality. With the the keycard system at work in mind we are bouncing ideas around adding a visual / physical confirmation to the keycard holder that the gate has opened. Sure - the gate opening is very much a visual confirmation that the tag and reader have communicated but this is the idea we want to build upon assuming we can establish whether or not we can prove the concept.

What if the keycard was placed in a wallet that had a battery powered motor in it. If we were able to sniff the signal between the reader and tag we could tell the motor to turn on (vibrate) thus giving the keycard holder a physical confirmation that the gate has opened (the tag and reader have communicated).

On a side note and as I am sure you can see, I am new to this forum and very much appreciate any input I receive. I respect and value anybody who takes the time to reply and value this community.

@anorlunda - thanks for the input, appreciated. I fear it may be a difficult question. All we want from the tag and reader is a confirmation that they have communicated. We don't want any info / power / frequency. We just need to know that they have spoken so we can trigger an event, an ON.

Thanks to you all, ATP

 

[anorlunda]

OP, do you need it to work with a specific RFID tag whose characteristics are known, or with any arbitrary RFID?

 

[analogdesign]

Good point. Similarly with an EZ-Pass type RFID chip used in vehicles passing highway toll collection gates.

I think that the obvious answer to the OP must be yes, it is possible. If the EZ-Pass gate can detect the response, then another detector must be able to do likewise. How to do it is a more difficult question.

But an EZ pass is a far-field RFID device. The OP asked about a contact key-card reader. That's a near-field device. They are quite different. I think the OP's plan could work in a far-field device for sure. I'm not convinced it would work for a near-field device but I'm not sure.

 

[anorlunda]

But an EZ pass is a far-field RFID device. The OP asked about a contact key-card reader. That's a near-field device. They are quite different. I think the OP's plan could work in a far-field device for sure. I'm not convinced it would work for a near-field device but I'm not sure.

So, the detector has to be closer to the card. That doesn't aler the qualitative question.

The OP hasn't provided enough info to tell what he's really trying to do, to know if his detector is near or far.

 

[analogdesign]

So, the detector has to be closer to the card. That doesn't aler the qualitative question.

The OP hasn't provided enough info to tell what he's really trying to do, to know if his detector is near or far.

The OP and I discussed this at the beginning of the thread. It has to be close (very close) to detect near-field radiation. As to the qualitative question I agree with you. I think "arbitrary" RFID would be impossible to differentiate from other RF power but only a small number of standards are in use in practice so it should be possible if the OP can get access to the card. I agree also with the above poster who said we shouldn't say more until we know what the purpose is.

 

[AlexTommyP]

@anorlunda & @analogdesign - thanks both for your continued input, appreciated.

Sorry if I have not been given enough background on the project. We work as a lab concepting potential projects that once researched and developed can be brought to the board for funding. This particular project is very much still in the idea phase until we establish if a proof of concept can be produced. If you require further background on the project / us - are you ok to please detail what further information you require?

@anorlunda - regarding the type of tag, good question. Staying with our key card system at work as an example I am unsure of the type of tag within the card. I will endeavour to get hold of more information. Certainly the concept would be applied to a set tag so we can rule out the use of arbitrary RFID.

As we don't want to access anything from the tag bar an indication it has connected within the electro magnetic field (has communicated with the reader) do we believe that an answer is within the specifics of the tag and reader and not a broader solution involving the basics of RFID IE - is there an electrical solution that turns active (on) when submitted to the radio energy transmitted from the reader?

Thanks all, ATP

 

[anorlunda]

Certainly you can have a radio receiver tuned to a specifc frequency and trigger a logic signal when it received a burst of energy at that frequency. Is that enough to do what you need? Your answers about the project are beginning to sound evasive. You haven't said anything about proximity.

 

[AlexTommyP]

@anorlunda - thanks again for the reply and input, very much appreciated.

I really don't intend to sound evasive and I am sorry if I am coming across this way. I touched on above that this is my first time attempting to source input in this way and I am sorry if I am not being clear enough or offering the correct information. Perhaps our lack of overall project thought and development is coming across as something untoward. Like I said - if there is anything specific that you want to know about us / this project please do detail and I will endeavour to get you the information.

@analogdesign and I discussed proximity earlier. Using the key card system at work as an example, as it's NFC the concept (idea) would have to be in close proximity to the tag and reader.

I used this example earlier:

What if the keycard was placed in a wallet that had a battery powered motor in it. If we were able to sniff the signal between the reader and tag we could tell the motor to turn on (vibrate) thus giving the keycard holder a physical confirmation that the gate has opened (the tag and reader have communicated).

Thanks for the input regarding the radio receiver. That's really interesting and something we can look into.

Gratefully appreciated, AP

 

[analogdesign]

Presumably the reader would beep or you would hear the gate unlock, right? Having your user's wallet beep wouldn't give you any more information than the reader's beep since it only confirms that communication has taken place, not that the gate is really unlocked. Are you envisioning a system where the reader itself does not provide any visual or aural feedback?

If you know the protocol the reader is using and you can affix your powered system to the keycard, I don't think this would be too difficult of a design. Anorlunda's idea it probably the first your should look at. You may have a false positive problem if the reader uses a common frequency but maybe not.

 

[AlexTommyP]

@analogdesign + @anorlunda + @phinds + @davenn - thanks ever so much for your input and help. We are going to see if the concept can be proved using @anorlunda idea. I am very impressed with all your input and help. It is very much appreciated. We will certainly recommend this forum as a valued community. Good luck to all and thanks again, ATP