RFID Gen2
RFID Gen2¶
Memory Banks¶
- Electronic Product Code (EPC) Memory Bank (01)
- Varies in length from 96 bits to 496 bits
- Common lengths are 96 bits and 128 bits
- May be unique depends on the manufacturer
- Unless locked they can be read and rewritten
- TID Memory Bank (10)
- 32-80 bits long
- Contain Chipset type, manufacturer
- Read only data
- Unique ID
- User Memory Bank (11)
- Not available on all tags
- Memory Bank length 32 bits to over 64k.
- Reserved Memory Bank (00)
- Contains the Kill and Access Passwords (32-bits long)
- The Kill command only executes if the password has been set (that is, is non-zero).
- The default Kill password value is zero.
- Contains the Kill and Access Passwords (32-bits long)
You can Kill memory with a password
You can Password protect access.
both passwords are 32-bits
EPC¶
EPC Memory consists of the 16-bit Cyclic Redundancy Check (CRC-16), which is an error detection code, a 16-bit Protocol Control (PC) and starting with Word 2, the EPC number (96 to 496 bits).
Source
The security of EPCGen2 compliant RFID protocols
Locking a memory bank¶
Once written, the access code is stored on the reserved memory bank along with the kill code and prevents anyone from changing the ‘lock’ state without first sending the 32-bit code.
Four lock states exist on each memory bank:
- Unlocked
- Perma-unlocked (can never be locked)
- Locked
- Perma-locked (can never be unlocked)
Killing a badge¶
The kill code is used primarily for applications that require tags to change state (or phase) to indicate a specific event has occurred. Applications like retail benefit from the kill code because once an item is purchased the tag can be killed, making it permanently unreadable. If this method is used, a reader is generally set up at the register to send the kill code after checkout. Using this state change, retailers are able to know if an item was actually purchased versus stolen if it is returned.