DOC/FAQ Request: Transmit and clone capability?

[EvanCarroll]

It's not clear whether or not the YRM100 can transmit and whether or not this project will support that. In Turkey the parking garages for apartment complexes are secured with UHF RFID. I understand that with this I'll be able to potentially read those car-mounted RFIDs, but will I be able to clone them or transmit the keys that are read?

I looked through the code for transmit and tx, but most of it seems uninteresting.

[frux-c]

Emulation/Transmission is a talk we're having, there seems to be a potential to do it with the flipper built in CC1101 chip. But as of right now, that is out of my capability. However, you'll be able to read and clone the tag. Being able to write is something I'm working on right now. But the module can indeed read and write. There are four banks on the ISO18000-6C tags RFU, EPC, TID, USER. Refer to page 57 of the TDS_1_9_Standard.pdf file.

The real security depends on how your IT reads and accepts those tags. The TID bank (Tag Identifier) comes prewritten with a id that can't be changed. And If the IT decides to hash the tags with that value or use that value in some way to add some layer of security, It might not be helpful to clone. But emulating is definitely something that can bypass that.

If you want to keep track of what's going on, join the official flipper zero discord page and go to this specific project 👍

[EvanCarroll]

According to the spec sheet on the c1101 it supports 779mhz-928mhz. The YMV100 supports 865-868, and 902-928. That's especially confusing. It seems like the c1101 does everything the YMV100 does? Does the flipper just lack the antenna to do UHF RFID natively? And if so, it would seem weird that you can transmit on 902-928 but not read from that range. Didn't realize that you could transmit on a range you couldn't read from with a radio.

[frux-c]

I do understand your point, however that's not the case, this is more of simplicity. I do not know how to work with radio frequencies raw data as I'm not an RF Engineer. But I'm sure that you could possibly use the c1101 chip to do the same thing that the ym100 module can.

But that requires that someone builds an framework and a code base around decoding the data transmitted over the radio frequency.

Quoting someone answer here, The EPC Gen 2 air-interface protocol is fairly complex and uses two different encoding schemes. There are a variety of commands, and so forth. I am not an RF engineer, but I would imagine that configuring the CC1101 to operate using the EPC Gen 2 protocol would be fairly laborious, whereas there are other chips on the market that contain the reader elements necessary to build a passive UHF reader.

And that's what I'm doing here. Using an external chip that already has the functionality and just communicating to it through UART, whilst giving an extra capability to the flipper by building an app around it.

Hopefully that answers your question.

[EvanCarroll]

Thanks a ton for the explanation. You rock. Good luck with the project. I'll probably pick one up when my hobby projects clear out. Look for me back here in another 3-6 months.