OpenPCD is a free hardware design for Proximity Coupling Devices (PCD) based on 13,56MHz communication. This device is able to screen informations from Proximity Integrated Circuit Cards (PICC) conforming to vendor-independent standards such as ISO 14443, ISO 15693 as well as proprietary protocols such as Mifare Classic. Contactless cards like these are for example used in the new electronic passports.

 

The intention of the OpenPCD project is to offer the users full hardware control of the RFID signal and to provide different output signals for screening the communication. With already existing Free Software from the OpenMRTD project for implementing the PCD side protocol stack of various RFID protocols, this project will happily extend the free toolchain around RFID verification.


Hardware

OpenPCD first release
OpenPCD first release

The OpenPCD hardware design is based on the CL RC632 Multiple Protocol Contactless Reader IC from Philips, which supports ISO 14443 A&B, ISO 15693, Mifare and ICODE protocols. This reader IC is connected via SPI to an ARM Microcontroller. We chose the AT91SAM7S128 with a 32-bit RISC processor architecture, 128 kbytes Flash and 32 kbytes SRAM. The Microcontroller is accessible via USB-B-MINI plug and optionally via a 20-pin JTAG header. The design provides several interesting interfaces for monitoring and studying the RFID signal:

 

  • serial RS232/TTL interface on 1x5 header
  • two-wire I2C interface on 1x4 header
  • SAM-BA reset control on 1x4 header
  • 4 analog inputs on a 1x5 header
  • bootloader reset via push-button
  • HF output of the trigger signal on U.FL connector
  • HF output of the AUX signal (intermediate demodulated steps) on U.FL connector
  • HF output of the MFOUT signal (demodulated digital signals) on U.FL connector
  • optional 1x3 header for an external antenna

TOP ↑

License

The hardware design has been released under a CC attribution share-alike license, the reader firmware and drivers (librfid glue code, plus some extras) have been released under GNU/GPL. You can find both at our download page. Your participation is welcomed in our OpenPCD Subversion repository and our Wiki.

 

Design and SDK are available under non-open license types upon request.

TOP ↑

History

The projects prehistory started in May 2005 with Harald and Milosch working in the lab of the CCC-Berlin on different ways to passive receive and demodulate RFID signals. The RFID tag responds to the RFID reader by using the transmitted 13,56MHz carrier signal as a power supply and modulates the carrier with a 847.5kHz subcarrier by load modulation according to its contained informations. With further knowledge of how to downmix the incoming signal to make filtering with common filter possible before amplify the signal, a hardware (rfiddump.org) was designed to simulate the RFID transponder. Brita got involved with the HF PCB layout for the RFID Mini Sniffer and trials with different antennas.

 

In a one hour presentation at the 22C3 (Chaos Communication Congress December 2005 in Berlin) Harald and Milosch first public announced the project. Harald covered the technical background about the RFID technology, the ICAO MRTD specification, and his efforts to develop a free software protocol stack. Milosch described the current progress in developing hardware and software defined radio based passive sniffing of the RFID radio interface.

 

Meanwhile Harald launched the project OpenMRTD, which provides a free (GPL) toolset for reading and verifying various RFID protocols from MRTDs (Machine Readable Travel Documents). As part of this project the Free Software RFID library 'librfid' implements the RFID reader side protocol stack of ISO 14443 A, ISO 14443 B, ISO 15693, Mifare Ultralight and Mifare Classic. In order to use these free tools, users still have to rely on commercial and closed hardware readers with their limitations and faults.

 

To fill this gap in the free toolchain for verifying RFID protocols, this project tries to develop a free hardware design of an RFID reader with free firmware (which either works with librfid on the host PC, or runs librfid in the reader). The first prototype of the OpenPCD free RFID reader is still under testing but already offers the basic functionality of reading different RFID cards/transponder and transmitting freely modulated signals.

TOP ↑

Team

Harald Welte is a long-term supporter and active member of the Free Software community. His expertise in Linux Kernel development and networking security made him Chairman of the netfilter coreteam. He's one of the principal authors of the Linux 2.4+Kernel Packetfilter, securing virtually every linux installation. As manager of hmw-consulting in Berlin Harald Welte is offering professional consulting, development and training in the fields of networking security, Linux kernel development and embedded Linux.

 

Milosch Meriac is a freelance hard & software developer/consultant with a broad range of experience in software engineering and hardware development. His focus is on deeply embedded systems, hardware development, embedded linux, lowlevel programming, realtime, IT-security and reverse engineering. He was part of the coreteam at the Xbox Linux project which did the GNU/Linux porting process to the Xbox gaming system. Milosch Meriac provides custom-tailored hard- and software developments and consulting through Bitmanufaktur IT-Solutions in Berlin.

 

Brita Meriac (formerly known as Brita Rausch ;-)) is working in the field of electronic design. As a freelance assistant to Bitmanufaktur IT-Solutions she is creating electronic designs and PCB layouts.

 

Further help on this project is very much appriciated. Please feel free to contact us via email.

TOP ↑