Continue to Site

Welcome to our site!

Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

Register Log in
  • Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

Is there any way to determine the format of an unknown data stream

Status
Not open for further replies.
W

Western

Member
How do I go about reading data from an RFID reader when I don’t know the data format.


I’ve repaired a heap of corrosion and damaged tracks on a board that’s here for repair …


I’ve hooked up the 24v and Gnd, plus antenna.


There is a D- (at 2v-dc) and D+ … and when I wave an eartag over the antenna … a green led lights up … and the D+ output has a legitimate looking signal on it … swinging between 0 - 5v ...


… but I have no idea how to interpret it to see if it is correct.


I have faked it plenty of times in the past with various other boards … and can occasionally pick out repeatable data … even if most of it doesn’t make sense … using HyperTerminal or a Texas Instruments program, “S2_Util.exe” … but this one eludes me.


I’m fairly confident the board is repaired … but would be so much more confident if I could actually read something legitimate.


I also bought “232Analyzer” in the past … but have never really worked out how to use it.


Can anyone offer any suggestions as to what would be the correct procedure to try and make sense of the data output.


Thanks for any help.
 
A "bare" reader without any kind of built-in card recogniser most likely uses Wiegand format.
That's an emulation of a very early card-access system, but the format is standard.

Info: https://www.proxwriter.com/prox-formats/

To see both 0 & 1 channels combined, I'd suggest a single pullup resistor from +5V to your scope output plus two different value resistors from scope out to to the two data lines - eg. a 4k7 pullup plus a 10k to "1" and a 2k2 to "0".

That should give you a display with three different levels for idle, 1 & 0.
 
Western said:
There is a D- (at 2v-dc) and D+ … and when I wave an eartag over the antenna … a green led lights up … and the D+ output has a legitimate looking signal on it … swinging between 0 - 5v ...
Click to expand...
Can you post an image/photo of the scope looking at both data lines so we can perhaps identify the protocol?
 
Thanks for the links guys. I've spent quite a while reading.

This RFID board is meant to read these tags ... eartags on calves ... for automatic calf feeders.

134_2-kHz-Low-Frequency-(LF)-Animal-Tracking-RFID-Ear-Tag-and-metal-pin.jpg


dougy83 said:
Can you post an image/photo of the scope looking at both data lines so we can perhaps identify the protocol?
Click to expand...


D- is at a dc level of 1.6v all the time ... whether a tag is present or not.


This is the waveform seen on D+ when a tag is near the antenna ... not quite 4v p-p.


20180615_150614_resized.jpg
 
Beau Schwabe said:
If it's 125kHz RFID, it's eather Manchester encoding or BiPhase encoding.
This may help ... https://www.priority1design.com.au/em4100_protocol.html
Click to expand...


Thanks Beau ... that was pretty helpful.


I still haven't been successful at reading anything on my pc from this board ... but I wondered if I should have tried a TTL to RS232/485 adaptor. I used to have one ... but going through my stuff last night, I remembered I had loaned it to a friend some months ago. I've ordered another one off ebay.


I then spent hours learning how to use 232Analyzer ... on a different type of ID system ... that I have been able to read on my pc using Hyper Terminal. I was able to collect data in ASCII, hex, bin etc ... and I reckon if I go back now and look at the data I collected ... I should be able to see what parts are the tags ... and what parts are the supporting data bits.
 
What I notice with that is the same pattern being sent repeatedly, but alternately inverted.

A long "low" appears to be a sync marker (5A 5A or A5A5, depending on polarity). The next block with the pattern of fast transitions a framing code to define the start, then about 40 - 42 bits of data before the pattern repeats inverted.

It's not manchester coded, just straight binary as far as I can work out, as a single long burst.
Manchester must have a transition every one or two timeslots, like in the sync section - but that does not carry on in to the data.

It's also not RS232 format as there are no regular stop/start bits (& that does not work inverted anyway).

If the tag you are reading has a printed code on it that may help tie things together.

Also, can you speed up the sweep slightly and adjust the timing so the bits exactly match the graticule markings? That would make it much easier to decode by hand.
 
Last edited:
rjenkinsgb said:
What I notice with that is the same pattern being sent repeatedly, but alternately inverted.

A long "low" appears to be a sync marker (5A 5A or A5A5, depending on polarity). The next block with the pattern of fast transitions a framing code to define the start, then about 40 - 42 bits of data before the pattern repeats inverted.

It's not manchester coded, just straight binary as far as I can work out, as a single long burst.
Manchester must have a transition every one or two timeslots, like in the sync section - but that does not carry on in to the data.

It's also not RS232 format as there are no regular stop/start bits (& that does not work inverted anyway).
Click to expand...


You got all that from one photo ... I'm amazed. I'm feeling a bit inadequate right now. :)


Ok ... so this first photo is of a tag ... SA271345XBD02300 ... DEC 116153672 ... HEX 6EC5D48

I believe the first number is simply the printed number on the front of the tag which has no relation to the RFID code inside ... so I don't think you'll see any connection there.


20180616_112256_resized.jpg



Photo of a second tag ... SA271345XBE02452 ... DEC 123672304 ... HEX 75F16F0


20180616_113228_resized.jpg



In comparing the two images I see I captured two identical sections ... I'll have a play and see if I can trigger it elsewhere to grab the variable sections.
 
If you happen to have a PICkit 2 programer (Microchip) or clone, the logic analyzer with the stand alone GUI may be helpful. It will capture 3 channels with a large data buffer for a long record. A less than $10 clone might be a worthwhile investment.
 
Once again ... Tag 1 ... SA271345XBD02300 ... DEC 116153672 ... HEX 6EC5D48

I've changed the window section to 500uS to get more in.


20180616_123221_resized.jpg



And Tag2 ... SA271345XBE02452 ... DEC 123672304 ... HEX 75F16F0


20180616_123957_resized.jpg
 
JonSea said:
If you happen to have a PICkit 2 programer (Microchip) or clone, the logic analyzer with the stand alone GUI may be helpful. It will capture 3 channels with a large data buffer for a long record.
Click to expand...


Mmm ... I have a PICkit 3 ... and a handful of other programmers. I understand the value of capturing a large string of data ... can you expand a little please.



JonSea said:
A less than $10 clone might be a worthwhile investment.
Click to expand...


Yes, no argument there.

If I can make some progress here ... I have a heap of other equipment I could test more fully when I work on it.
 
Unfortunately, Microchip in their infinite wisdom eliminated the logic analyzer and UART tool from the PICkit 3.

5KHz 10 percent.jpg
 
A little off topic, but a quick trick with the PICkit 2 is to set up a software UART to use the ICSP pins to monitor program operation during dev. Have the code send messages at key events or pertinent data.

Load the code, then switch to the PICkit 2 UART tool to monitor program execution without having to change any connections.


I may have to order one of those logic analyzers Nigel. At that price it's too cheap not to have one of those in your kit just in case.
 
I've spent a couple of hours working through those displays & values, but nothing definite yet.

One has a lot of correlation between the data and the hex value - but reading the other in the same way has next to none...


What are the decimal numbers visible around the tags in one of the early pictures - are they the same things you are reading? The numbers you give do not seem to match that format.
 
Those little logic analyzers look interesting!

A quick search on ebay turns up places in the UK selling them at around the same price, eg.
**broken link removed**

Also some rather faster ones, though priced to match the performance...
**broken link removed**
 
Status
Not open for further replies.

Similar threads

K
  • Question
How to determine wiring of DC motor controller
Replies
13
Views
1K
Diver300
D
G
Is there such a thing as a 2 way switch for a 1/8" phone jack?
Replies
18
Views
689
ZipZapOuch
ZipZapOuch
C
  • Question
Is there a way to convert SGL8022W touch switch to momentary switch?
Replies
4
Views
1K
call_sign_diesel
C
electronium
  • Question
▓How to increase the amperage of the tp4056 module to 3A?▓
Replies
8
Views
2K
rjenkinsgb
rjenkinsgb
S
  • Question
Any E-bikers out there?
Replies
2
Views
2K
tepalia02
T

Latest threads

New Articles From Microcontroller Tips

Back
Top