Reader / Cloner Overview

The picture below is of my prototype combination card reader and cloner. The unit is self contained and does not require the use of a PC or other external equipment to operate. Operation is simple and straightforward. Simply hold a card near the antenna and the unit reads and decodes the information from the card. The information is then formatted and displayed on a 4x20 character LCD. If the operator wishes to make a copy of the card he simply brings a T5557/5567 Read/Write card near the antenna and presses the "write" button. The LED flashes and in less than a second the R/W card has been programmed with the information that was read from the original. Voila !! - A clone card.

The cost to build the device was minimal (approx. $30) including the LCD display and circuit board. The design fit on a single sided circuit board that I etched myself. The PWB was made to be the same size as the LCD so that they could be plugged together as a single assembly.
A detailed description of my design concept is included below.





Background

I initially began this activity by trying to build a simple card reader that could be used to obtain all of the information that was transmitted by the card during a simple read operation. Most commercial card readers do not output all of the data that is read. Information such as the header and card format are never transmitted as part of the readers normal output stream. Knowing this information is critical for being able to replicate a cards operation. As a result, I set out to build my own custom reader.

The Design

A document that I found to be invaluable during my learning process was Microchip's 125 Khz RFID Sysem Design Guide which can be found on their website. RFID System Design Guide. Their FSK reference design circuit was basically what I used for my design. I made a couple of small modifications to simplify the design and to allow the use of a Parallax SX28 microcontroller instead of the PIC.
A photo of my initial "reader-only" design (without write capability) is shown below:



After studying the datasheet for the T5557/5567 IC (used in many vendors access cards), I soon realized that the reader circuit would only have to be modified slightly in order to also be able to function as an RFID writer. To function as a writer the design simply needed to be able to modulate the 125Khz RF carrier using On/Off Keying (OOK) modulation since this is how the T55x7 chips are programmed. I modified the design to accomplish this by basically giving the microcontroller the ability to control the 125 Khz divide counter reset signal. An extra push button was also added to an unused GPIO input on the microcontroller. A schematic of my reader circuit (modified to become a writer) is shown below:



Download a PDF version of the schematic here. Schematic

The reader/writer circuit design can be broken down into four main components.

1) The clocking circuit, which generates a 4 Mhz clock for the microcontroller and a 125Khz carrier signal for the RFID interface.
2) The RF front end consisting of a tuned LC resonator and an AM peak detector
3) A series of low pass and band pass filters to extract the 12.5Khz and 15.6Khz FSK signals.
4) The SX28 microcontroller which performs the following functions:
   - LCD initialization
   - Decoding and storage of the FSK data from the op amp filter output.
   - Parsing and formatting of the card data.
   - Driving the LCD display.
   - Programming the clone card by modulating the 125 Khz carrier (per the T55x7 datasheet).

My updated "write-capable" version of the Reader/Writer assembly along with a commercial 44780 4x20 LCD and 125Khz loop antenna is shown in the photo below. The completed unit was installed onto a piece of acryllic plastic in lieu of trying to find an off-the-shelf plastic box that everything would fit in and still look halfway decent.



I have tested the unit with numerous card types including 26-bit, 34-bit, 36-bit, 37-bit and the 35-bit Corporate 1000 formats. The cloner was able to duplicate all of them without any difficulty. In all cases, the vendors own commercially available readers were unable to distinguish between the original and the clone cards.