HackerBox 0117: RFID Lab

Welcome to HackerBox 0117. Explore Radio-Frequency Identification (RFID) Technology. Experiment with 13.56 MHz (HF) S50 Mifare Cards, 125kHz (LF) T5577 ID Cards, and an 13.56MHz NFC NTAG215 embedded onto an exclusive PCB Dog Tag. Configure the Raspberry Pi RP2040-Zero Dev Board for operation with the Arduino Integrated Development Environment. Integrate the RP2040-Zero with a dual-frequency, dual antenna RFID system and a full-color TFT display module to assemble an embedded RFID Laboratory Platform. Experiment with capacitive touch inputs and voltage level shifters. Investigate opportunities in the fascinating field of Penetration Testing.

There is a wealth of information for current and prospective members in the HackerBoxes FAQ. Almost all of the non-technical support emails that we receive are already answered there, so we'd really appreciate it if you can take a few minutes to read the FAQ.

This Instructable contains information for getting started with HackerBox 0117. The full box contents are listed on the product page for HackerBox 0117 where the box is also available for purchase while supplies last. If you would like to automatically receive a HackerBox like this right in your mailbox each month, you can subscribe at HackerBoxes.com and join the party. Subscription members save at least $15 every month and automatically receive each new HackerBox shipped immediately off the production line.

A soldering iron, solder, and basic assembly tools are generally needed to work on the monthly HackerBox. A computer for running software tools is also required. Have a look at the HackerBox Workshops for tools and supplies along with a wide array of introductory activities and experiments.

The most import thing you will need is a sense of adventure, hacker spirit, patience, and curiosity. Building and experimenting with electronics, while very rewarding, can be tricky, challenging, and even frustrating at times. The goal is progress, not perfection. When you persist and enjoy the adventure, a great deal of satisfaction can be derived from this hobby. Take each step slowly, mind the details, and don't be afraid to ask for help.

WEAR SAFETY GLASSES WHEN SOLDERING, WHEN TRIMMING WIRE LEADS, OR WHEN CUTTING, DRILLING, ETC.

RFID (radio-frequency identification) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder, a radio receiver and transmitter. When triggered by an electromagnetic interrogation pulse from a nearby RFID reader device, the tag transmits digital data, usually an identifying inventory number, back to the reader. This number can be used to track inventory goods. Unlike barcodes, an RF tag does not need to be within the line of sight of the reader, so it may be embedded in the tracked object. (Wikipedia)

RFID tags or cards generally comprise three elements:

1. an integrated circuit chip that stores and processes information and modulates/demodulates radio-frequency (RF) signals
2. an antenna for receiving and transmitting the RF signals
3. a substrate or housing

RFID tags may be read-only, having a factory-assigned serial number that is used as a key into a database, or may be read/write, where object-specific data can be written into the tag by the system user.

There are three common frequency ranges used for RFID tags:

1. Low-Frequency (LF): 120-135 KHz Key Fob
2. High-Frequency (HF): 13.56 MHz Card
3. Ultra High Frequency (UHF): 865 – 960 MHz

NFC, or near-field communication, is a modern subset of RFID. You’ll often see NFC at work in smartphones for identification and payment capabilities. In NFC format, devices can both send and receive messages. NFC tags operate in the HF (13.56 Mhz) range and can transmit data such as credit card account numbers, ID codes, and other information.

HackerBox 0117 RFIDs

There are five RFIDs included in HackerBox 0117:

1. One PCB Dog Tag with a circular adhesive 13.56MHz NFC NTAG215.
2. Two white S50 Mifare Classic 1K Cards operating at 13.56 MHz (HF). These support the ISO/IEC 14443 protocol standard and provide 1 KB of EEPROM memory organized in 16 sectors and 64 blocks. This type of card generally has a fixed ID number, which cannot be overwritten.
3. Two white T5577 Cards operating at 125 kHz (LF). These use the ATMEL ATA5577 chip. The T5577 card is a rewritable card meaning you can rewrite the ID number on the card.

Smartphone NFC - Contact Sharing

Modern mobile phones usually have NFC functionally built-in and support simple NFC apps to read and write 13.56 MHz RFIDs. A lot of folks like the NFC Tools app from wak dev, which is available for both iOS and Android.

You can write some contact information (as little or as much as you wish to share) into the NFC sticker on your PCB Dog Tag (or on your DEF CON 33 Mini Badge) and then tap to share that information with anyone you want to stay in touch with.

This video demonstrates how to easily write whatever info you wish into an NFC tag. If you're interested to take things a step further and create your own vCard, check out this video.

NFC Tags for Any and All Things

This video shows how to cleverly automate all kinds of tasks using NFC tags.

Web NFC is an interesting technology that aims to provide websites the ability to read and write to nearby NFC tags in a secure and privacy preserving manner.

Prior to Soldering

Complete the IDE setup and initial test of the RP2040-Zero module prior to soldering anything to the module.

The RP2040-Zero (Manufacturer Wiki) is a high-performance pico-like MCU module based on the Raspberry Pi RP2040 chip. The microcontroller unit (MCU) features a dual-core ARM Cortex M0+ processor, flexible clock running up to 133 MHz, 264KB of SRAM, and 2MB of on-board Flash memory.

The RP2040-Zero can be connected to a PC using a USB-C cable. When the RP2040-Zero is first powered up, a new storage device (drive) should appear on the computer with the name RPI-RP2. If not, you can force the RP2040-Zero into bootloader mode by holding the BOOT button down while hitting the RESET button.

Arduino IDE Configuration

Install the Arduino IDE.

Use the IDE's Board Manager to search for and install support for "Arduino Mbed OS RP2040" Boards.

Select Tools > Board > Arduino Mbed OS RP2040 Boards > Raspberry Pi Pico

Select Tools > Port > [USB port for Pico]

LED Rainbow Demo

Use Tools > Manage Libraries to search for and install the "Adafruit NeoPixel" Library.

(At the time of this writing, the latest version for this library is 1.15.1, but it appears to have some issues with the PIOs so it is suggested to select version 1.15.0 instead. This will most likely be corrected soon and may not apply by the time you read this. "Screws fall out all the time, the world is an imperfect place.")

Download the attached RP2040Zero_RGB_LED.ino sketch. Compile and upload the sketch.

The uploaded code with smoothly cycle through rainbow colors on the MCU module's onboard RGB LED.

The process of holding the BOOT button down while power cycling (or resetting) the RP2040-Zero should not need to be performed again, but remember this technique if you ever run into problems uploading code to any RP2040 device.

The 7941W module is a multi-protocol dual-frequency module. It is capable of reading and writing RFID tags at both LF (125KHz) and HF (13.56MHz). The module is easily wired up to the UART interface of any microcontroller, such as the RP2040-Zero Dev Board. However, the 7941W module has an operating voltage of 5V, so it is best to use a voltage level shifter when interfacing it to a 3.3V microcontroller.

The 7841W.pdf file attached here outlines the command protocol for the UART interface.

1. Solder five 1 MegaOhm SMD1206 Resistors onto the back side of the RFID Lab PCB. Each resistor can be soldered in either orientation. Resistors are not polarized.
2. Trim the five wires of the JST pigtail to about 17mm, measured from the back edge of the white connector.
3. Strip about 1mm of insulation from the end of each of the five wires.
4. Tin the stripped ends with solder. The insulation will shrink back 2-3 additional mm from the heat.
5. Solder the tinned wires onto/into the five holes near the top of the PCB as shown in the image.
6. Use the provided header pins to solder the RP2040-Zero Dev Board onto the PCB.
7. Carefully orient the Two Channel Logic Level Shifter according to the 3V3 and VIN (5V) pin labels.
8. Double check the orientation of the Level Shifter and then solder it into place on the PCB.
9. Position the 170x320 pixel TFT Color Display Module onto the PCB. Hold the display module parallel to the PCB and solder the header pins into place.
10. In the region of the PCB labeled for the 7941W RFID Module, position two nylon standoffs into the mounting holes and thread a nylon nut onto each at the rear of the PCB.
11. Position the 7941W RFID Module over the nylon standoffs and thread the nylon screws through the module and into the standoffs.
12. Gently plug the JST header into the port on the right side of the 7941W RFID Module.
13. Peel and stick four silicon bumper pads onto the circles printed on the rear of the PCB.

To compile the demonstration firmware, setting up a couple of libraries is required...

Use Tools > Manage Libraries to search for and install the "Adafruit ST7735 and ST7789" library.

When asked to include all dependencies, elect to do so.

Use Tools > Manage Libraries to search for and install the "TouchyTouch" library by Tod Kurt.

Finally, download the attached HB_RFID_Demo.ino sketch. Compile and upload the sketch.

"A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might."

- UK National Cyber Security Center

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The test is performed to identify weaknesses (or vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. Security issues uncovered by a penetration test are reported to the system owner. Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce the risk. (Wikipedia)

Educational Resources:

Cybercrime Magazine: History of Penetration Testing (video)

TryHackMe: Becoming a Pentester

IBM (coursera): Penetration Testing, Threat Hunting, and Cryptography

Georgia Weidman (no starch press): Penetration Testing

"There is only one good, knowledge, and one evil, ignorance.” - Socrates

We hope you are enjoying this month's HackerBox adventures into electronics, computer technology, and hacker culture. We aim to curate a challenging and rewarding experience of learning through experimentation and exploration. Thank you for joining us on this journey.

Reach out and share your success in the comments below. Email support@hackerboxes.com anytime with questions or whenever you need some help.

Hungry for more? Surf over to HackerBoxes.com and join us as a monthly HackerBox subscription member. You'll get a cool box of hackable gear delivered right to your mailbox every month and you'll enjoy a generous member discount.

Please consider sharing this free Instructable with others who may be interested in learning about these subjects. Word of mouth advertising is the greatest compliment that we can receive. We sincerely appreciate your support.