RFID Evaluation Toolkit
We have provided in this toolkit a systematic analysis for the RF protocol of RFID systems. The tools are either written for the Gnuradio software and the USRP software radio hardware or for post processing the extracted data. USRP provides the flexibility of supporting any modulation and frequency (the basic module supports frequencies 0-30 MHz).
We used gnuradio version 3.1.2. Here instructions how to install it: RFID Audit Hardware
It lacks some components that are included in the newer versions. I had to do things like: Rx tuning study and Rx tuning study part two. Some of our self written blocks are nowadays included at the gnuradio too. The GNURadio is very much alive and the API is still living quite much. It might be a good idea to just wait a year and rewrite these tools (use hierarchical blocks, Model View Control -model in application design instead of single class, better UI signal/event handling, command line options ...). There might be some issues with 64 bit machines due different variable bit sizes. These tools were built for our own security evaluation usage while doing the evaluation. We found these useful and we hope that so do you.
MATLAB simulated signals: To get some clue about what signals should look like
Signal analysis tools
The first task is to analyze the spectrum of each device in the system. This is useful when identifying the frequencies used by each device in the system and analyzing the bandwidth of each signal (for example, is data present and some estimate of the bitrate or bandwidth of the signal).
psk_demod.py: Standalone PSK demodulation utility
ask_demod.py: since FM is AM on two or more frequencies and because the filter might be nicely nonlinear for used frequencies, this can be used to demodulate FM signals too.
sinesender.py: Simple sine carrier sender
signalsender.py: Sender tool for recorded signal playback
Recording data format utilities
Signalrecorder stores files in quadrature (I/Q) float format, where samples are stored as pairs of 32 bit single precision floating point numbers. The first float in the pair is the I and the second is the Q component of the sample. No header data is used.
complexreader.c: Print the samples from a captured file in plain text
read_complex_binary.m: For reading the IQ signal files in Matlab
write_complex_binary.m: For writing the IQ signal files in Matlab
octave_read_complex_binary.m: For reading the IQ signal files in Octave
signal_to_wav.py: convert signals to a wav form
Replaying of RFID tag signals is possible. Instructions given on the Replay attack page.
Sanity check for gnuradio and octave: generate and plot sine
autocorrelation.py For repeat interval analysis. (can be used for signal analysis as well)
fieldborders.py For field border analysis.
codings.py Check out some encodings
bruteforcer.py for brute force and data generation. Supports some encodings.
Alibaba gnuradio modules (and tools)