• Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

Large area 13.56MHz RFID Reader

sagor1

Active Member
13.56Mhz RFID (HF RFID) has a low distance range. That is, it won't go more than a few feet in normal situations. To go up to 50 feet, you have to look at UHF RFID tags.
Bigger antennas may help the HF RFID range, but only a little bit. The issue is that the signal has to be reflected from the tag, and distance from the antenna is the main problem with low RF energy.

 

unclejed613

Well-Known Member
Most Helpful Member
there was a previous thread about this. because the antennas for the badge/tag are so small, they only work well up close.
 

Beau Schwabe

Active Member
First you need a RFID reader ... as well as a coil that is properly tuned.

To increase the detection range, you may want to take a look at this Wiki ... https://en.wikipedia.org/wiki/Resonant_inductive_coupling

Without changing the original circuit, you can introduce a larger coil "tuned" to 13.56MHz to increase your sensitivity.

I collaborated with a friend of mine who is a Pen tester (Security Penetration Tester) to build an RFID radio in 2014 using a similar method of inductive coupling/lensing to exploit the vulnerability of RFID on a business or hotel door reader.

I was a speaker in Las Vegas BSides and again at IWS-7. ( Information Warfare Summit ) involving long range RFID sniffing where we were able to achieve 15 feet from a passive 125kHz RFID tag. This particular approach is different and more of a security problem than just reading a tag by close proximity. What we are doing different, is listening to the "door reader" when a tag is brought towards it during normal access reads. During this stage, when the tag is modulating the door reader, the door reader becomes a radio transmitter that we can pick off at a considerable distance. Audibly we can "hear" the signal a good 25 or more feet away, however the noise floor is great enough we can't decipher it just yet ( more R&D required ) unless we are closer ,,, more like 10-15 feet. Keep in mind our detector coil was only about 2 inches in diameter. The real security problem here is that no matter what, we can "see" BOTH sides of the negotiation, meaning that the supposed smart RFID cards that require any kind of handshaking can be broken using this technique or similar. The fact that we were doing this with 125kHz tags is irrelevant, and for the presentation was just proof of concept. This same technique can be applied to any RFID tag.
 

unclejed613

Well-Known Member
Most Helpful Member
until recently i lived near a store that had one of those exit scanners. after buying a RSP1, i connected it to a "random" dipole and tried searching for HIFER beacons around 13.55Mhz. while i could occasionally get snippets of HIFER signals, the exit scanner often blanketed that portion of the band with pops and pings... i'll have to try again now that i'm out of the metro area in a location that's much quieter. there were actually a few RFID systems running in that area, with the really annoying one being about 1/4 mile away. i was able to hear several that were further away. i never tried to see what was in the approximately 1khz modulation (the one that was 1/4 mile away sounded very similar to the time ticks on WWV except it was just the bursts without a continuous carrier)
 

Latest threads

EE World Online Articles

Loading
Top