Tuesday, November 20, 2012

Snoop NFC RFID card with RTL-SDR dongle

It's been a big year for radio fun!
Playing with NFC / RFID tags recently it occurred to me that the RTL-SDR dongles could potentially be used to sniff 13.56Mhz tags.

As it happens the RTL tuner won't quite tune as low as 13Mhz, but.. the first harmonic at 26Mhz works great!

Here's a Mifare Classic 4K card being repeatedly read by an SCL3711 NFC reader. I wedged an antenna next to the reader, fired up SDR-Sharp and here we go...

SCL3711 reader + Mifare 4k + antenna to RTL dongle

Center signal = 13.56Mhz carrier from reader, side spurs = ASK modulated reply from card :-)

Next stop, demodulation and a nice cup of tea. 

Video:


Addendum - while video shows antenna strapped to the card, this setup seems to receive both card+reader signals just fine from 15 feet away!

Later:  Ok never mind the "15 foot" stuff - not true it seems. Because I was running RTL dongle + NFC on the same PC it was coupling the RF signals through the USB lines, making things look very much better than they really were. I tried tag reading with a non-USB-wired Nexus 7 and the antenna range (for the signal from the card) is as "near field" as you'd expect. So; handy and cheap but not ground-breaking :-)

2 comments:

Unknown said...

Interesting - I just took another look at RTLSDR to see how far it had come on in the last year, and thought that they might be a good replacement for the Proxmark

Anonymous said...

Wonderful news!!

What about decoding data ? Did you try ?