Skip to content

NFC

NFC

Tesla NFC

Tesla Key Card Protocol

RFID Recording

Reading a Password from a RFID Recording
NFC Tag Information and commands

  1. Record at 13.736 MHz with gqrx.
  2. Use GNURadio to wav file into i and q parts with a 2Mhz sampling frequency
  3. Use NFC-laboratory to view the recording and view the data interaction

gqrx config:

[General]
crashed=true
configversion=3

[input]
device="hackrf=4d34cd"
sample_rate=2000000
frequency=13736000
swap_iq=true
gains=@Variant(\0\0\0\b\0\0\0\x3\0\0\0\x4\0R\0\x46\0\0\0\x2\0\0\0\x8c\0\0\0\x4\0I\0\x46\0\0\0\x2\0\0\x1\x1b\0\0\0\x4\0\x42\0\x42\0\0\0\x2\0\0\x1{)
dc_cancel=true

[gui]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x1\xd7\0\0\0\x88\0\0\fW\0\0\x6\x88\0\0\x1\xd8\0\0\0\xb5\0\0\fV\0\0\x6\x87\0\0\0\0\0\0\0\0\xf\0\0\0\x1\xd8\0\0\0\xb5\0\0\fV\0\0\x6\x87)
state=@ByteArray(\0\0\0\xff\0\0\0\0\xfd\0\0\0\x2\0\0\0\x1\0\0\x1R\0\0\x5h\xfc\x2\0\0\0\x2\xfc\0\0\0M\0\0\x3\x63\0\0\x1\x87\0\b\0\x1a\xfa\0\0\0\x1\x2\0\0\0\x3\xfb\0\0\0\x18\0\x44\0o\0\x63\0k\0I\0n\0p\0u\0t\0\x43\0t\0l\x1\0\0\0\0\xff\xff\xff\xff\0\0\x1i\0\xff\xff\xff\xfb\0\0\0\x12\0\x44\0o\0\x63\0k\0R\0x\0O\0p\0t\x1\0\0\0\0\xff\xff\xff\xff\0\0\x1l\0\a\xff\xff\xfb\0\0\0\xe\0\x44\0o\0\x63\0k\0\x46\0\x66\0t\x1\0\0\0\0\xff\xff\xff\xff\0\0\0\xc8\0\a\xff\xff\xfc\0\0\x3\xb6\0\0\x1\xff\0\0\0\xcf\0\xff\xff\xff\xfa\0\0\0\0\x2\0\0\0\x2\xfb\0\0\0\x12\0\x44\0o\0\x63\0k\0\x41\0u\0\x64\0i\0o\x1\0\0\0\0\xff\xff\xff\xff\0\0\0\xcf\0\xff\xff\xff\xfb\0\0\0\xe\0\x44\0o\0\x63\0k\0R\0\x44\0S\0\0\0\0\0\xff\xff\xff\xff\0\0\0\x88\0\xff\xff\xff\0\0\0\x3\0\0\0\0\0\0\0\0\xfc\x1\0\0\0\x1\xfb\0\0\0\x1a\0\x44\0o\0\x63\0k\0\x42\0o\0o\0k\0m\0\x61\0r\0k\0s\0\0\0\0\0\xff\xff\xff\xff\0\0\x1\x42\0\xff\xff\xff\0\0\t'\0\0\x5h\0\0\0\x1\0\0\0\x2\0\0\0\b\0\0\0\x2\xfc\0\0\0\x1\0\0\0\x2\0\0\0\x1\0\0\0\x16\0m\0\x61\0i\0n\0T\0o\0o\0l\0\x42\0\x61\0r\x1\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0)

[receiver]
demod=Raw I/Q
offset=89100
sql_level=-38.3
filter_low_cut=-200
filter_high_cut=200

[audio]
gain=-494
udp_host=localhost

[remote_control]
allowed_hosts=127.0.0.1
enabled=true

[baseband]
rec_dir=C:/Users/g3tha/Downloads

[dxcluster]
DXCAddress=localhost
DXCPort=7300
DXCUsername=nocall
DXCSpotTimeout=10
DXCFilter=

[fft]
bandplan=true

GNU Radio Decode:

options:
  parameters:
    author: ''
    catch_exceptions: 'True'
    category: '[GRC Hier Blocks]'
    cmake_opt: ''
    comment: ''
    copyright: ''
    description: ''
    gen_cmake: 'On'
    gen_linking: dynamic
    generate_options: qt_gui
    hier_block_src_path: '.:'
    id: sniff_NFC
    max_nouts: '0'
    output_language: python
    placement: (0,0)
    qt_qss_theme: ''
    realtime_scheduling: ''
    run: 'True'
    run_command: '{python} -u {filename}'
    run_options: prompt
    sizing_mode: fixed
    thread_safe_setters: ''
    title: Not titled yet
    window_size: (1000,1000)
  states:
    bus_sink: false
    bus_source: false
    bus_structure: null
    coordinate: [32, 84.0]
    rotation: 0
    state: enabled

blocks:
- name: samp_rate
  id: variable
  parameters:
    comment: ''
    value: '2000000'
  states:
    bus_sink: false
    bus_source: false
    bus_structure: null
    coordinate: [336, 88.0]
    rotation: 0
    state: enabled
- name: blocks_complex_to_float_0
  id: blocks_complex_to_float
  parameters:
    affinity: ''
    alias: ''
    comment: ''
    maxoutbuf: '0'
    minoutbuf: '0'
    vlen: '1'
  states:
    bus_sink: false
    bus_source: false
    bus_structure: null
    coordinate: [1312, 476.0]
    rotation: 0
    state: enabled
- name: blocks_file_source_0
  id: blocks_file_source
  parameters:
    affinity: ''
    alias: ''
    begin_tag: pmt.PMT_NIL
    comment: ''
    file: 'path to gqrx capture '
    length: '0'
    maxoutbuf: '0'
    minoutbuf: '0'
    offset: '0'
    repeat: 'False'
    type: complex
    vlen: '1'
  states:
    bus_sink: false
    bus_source: false
    bus_structure: null
    coordinate: [360, 428.0]
    rotation: 0
    state: true
- name: blocks_wavfile_sink_0_0
  id: blocks_wavfile_sink
  parameters:
    affinity: ''
    alias: ''
    append: 'False'
    bits_per_sample1: FORMAT_PCM_16
    bits_per_sample2: FORMAT_PCM_16
    bits_per_sample3: FORMAT_VORBIS
    bits_per_sample4: FORMAT_PCM_16
    comment: ''
    file: path to output file
    format: FORMAT_WAV
    nchan: '2'
    samp_rate: samp_rate
  states:
    bus_sink: false
    bus_source: false
    bus_structure: null
    coordinate: [1744, 428.0]
    rotation: 0
    state: enabled
- name: low_pass_filter_0
  id: low_pass_filter
  parameters:
    affinity: ''
    alias: ''
    beta: '6.76'
    comment: ''
    cutoff_freq: '400000'
    decim: '1'
    gain: '1'
    interp: '1'
    maxoutbuf: '0'
    minoutbuf: '0'
    samp_rate: samp_rate
    type: fir_filter_ccf
    width: '400000'
    win: window.WIN_HAMMING
  states:
    bus_sink: false
    bus_source: false
    bus_structure: null
    coordinate: [752, 408.0]
    rotation: 0
    state: true
- name: qtgui_sink_x_0
  id: qtgui_sink_x
  parameters:
    affinity: ''
    alias: ''
    bw: samp_rate
    comment: ''
    fc: '0'
    fftsize: '1024'
    gui_hint: ''
    maxoutbuf: '0'
    minoutbuf: '0'
    name: '""'
    plotconst: 'True'
    plotfreq: 'True'
    plottime: 'True'
    plotwaterfall: 'True'
    rate: '10'
    showports: 'False'
    showrf: 'False'
    type: complex
    wintype: window.WIN_BLACKMAN_hARRIS
  states:
    bus_sink: false
    bus_source: false
    bus_structure: null
    coordinate: [1288, 620.0]
    rotation: 0
    state: disabled

connections:
- [blocks_complex_to_float_0, '0', blocks_wavfile_sink_0_0, '0']
- [blocks_complex_to_float_0, '1', blocks_wavfile_sink_0_0, '1']
- [blocks_file_source_0, '0', low_pass_filter_0, '0']
- [low_pass_filter_0, '0', blocks_complex_to_float_0, '0']
- [low_pass_filter_0, '0', qtgui_sink_x_0, '0']

metadata:
  file_format: 1
  grc_version: 3.10.6.0