The blogger in his post on habrahabr.ru tried to answer the main questions about implantable tags.
Question: What the hell is this?
Answer: This is an Rfid tag that is used in passes, subways, door phones, etc. Only small, and made of glass, which does not interfere with the body.
Question: Is there something poisonous inside? Radioactive? Is there a poison capsule to kill me from the satellite?
Answer: No. No. No. There's just a microcircuit, and a lot of very thin copper wire that acts as an antenna.
Question: What are chips?
Answer: For starters, it would be nice to read Wikipedia. I will not talk about what kind of chips are GENERALLY.
About the difference between a chip and a tag: In general, strictly speaking, there is a difference. A chip is just a microcircuit without an antenna. A tag is a microcircuit (chip) together with an antenna enclosed in some kind of shell. In practice, you can call it this way and that, because microcircuits without an antenna and a shell can only be found from manufacturers.
I will talk about those that interest us. By frequency, tags are usually divided into three categories - LF, HF, UHF. The first (LF, Low frequency) operates at a frequency of 100-150 kHz, usually the middle one is chosen - 125 kHz or 134 kHz. This is EM-Marin EM410×:
De facto standard for wireless key intercoms. EM410× is a generic name for a family of compatible chips: EM4100, EM4200, TK4100, EM4102, TK28, KB5004XK2 (from angstrom).
Briefly: the frequency is 125 kHz, a unique number consisting of 40 bits (do you see the number on the keys? that's what it is). The card, however, transmits more - 64 bits, 24 bits is a sync code at the beginning and a checksum at the end. He does not know how to give feedback, he gets into the field - he starts transmitting cyclically, and that's it. You cannot change the number, it is flashed at the factory.
The range is up to 10 cm. No, more is possible, but either a large mark or a large antenna is needed. At the physical layer, the signal is transmitted by the Manchester code:
Those. gaps in the clock signal.
This, for example, is the well-known NFC, the presence of which in smartphones was not mentioned only by the lazy. And these are the most common Mifare cards and tags in the world, used, for example, in the Moscow metro (specifically, Mifare Classic 1k cards), which are constantly trying to hack.
These are also marks in the new passports - SmartMX. And there are many more not so well-known companies, standards, protocols that are not particularly interesting to us.
All of these cards comply with the ISO 14443 standard. Distance - up to 20 cm. Unlike the previous card, the standard does not regulate the capacity of the card - send as much as you want, this is the protocol and device's concern. Accordingly, you can change codes and program - complete freedom. Of course, no one guarantees you the compatibility of your protocol with Mifare readers, this is the standard for HF access cards.
The physical layer is also Manchester, or miller code:
Question: Where should the chip be inserted? At the withers, like dogs?
Answer: If you experience a constant obsessive desire to scratch your neck on the reader, then yes, this will be ideal. For everyone else, the area between the thumb and forefinger is recommended:
Question: Where can the implanted chip be used?
Answer: Anywhere. As keys to a lock that cannot be lost or forgotten, or to make a safe that can only be opened by your hand:
For authorization on a computer or in a program. To unlock your smartphone when you take it in your hand. Like a pass to the laboratory or to work. Like an immobilizer in a car (there is also an additional reason to refuse when your brother asks for your car to drive around the city). Make a gun that only fires in your hand. Or troll believers with the seal of the beast, or supporters of the STOP RFID movement, threatening them with a bare hand:
Question: How to implant it? Under general anesthesia, perhaps?
Answer: No, under local. The dimensions of the tag are 2x12mm, although there are more and less:
The procedure is performed with a thick needle that pierces the skin (everything is done under local anesthesia):
No scalpels, incisions or scars.
Question: Okay, but how to pull it out? Half an arm needs to be shredded, right?
Answer: You don't have to. Unlike the marks used in animal microchipping, there are no marks on the surface of the flask. anti-migration coverage- Parylene-C, on which proteins adhere very actively.
Because of this, it is enough to make a small incision, 2–3 mm, and then grab and pull out the flask with tweezers.
Question: Is it possible to implant it yourself?
Answer: Well, in theory, yes. If you have strong enough nerves, and have basic medical training, this is quite possible. But it is better to turn to a professional, at least to a tattoo parlor (usually they do not only tattoos, but also piercings), or to a private clinic.
Question: What are the risks?
Answer: Small. When using a sterile label (it can be sterilized at 90 degrees in an autoclave or in alcohol, also preferably not lower than 90 degrees) and sterile instruments, the risk is minimal. The most dangerous thing that can be is that you will push (somehow) the needle five to ten centimeters further (I can’t imagine how, though - the length of the needle is definitely not enough) from the usual place for installation (marked in blue), and you will fall into the so-called. n. "Forbidden zone Canavela" - neurovascular bundle (marked in red).
Question: Is it generally possible to live normally with him? I have a friend with a pacemaker walks - neither to the bathhouse, nor to go hunting.
Answer: It is not connected to any body systems, so you can do whatever you want. The operation of the tag is guaranteed in the temperature range of -30; +100, if your body temperature goes beyond these limits, the safety of the chip will be the last thing you worry about.
It is very difficult to break it, if you experience a blow of sufficient force to destroy the flask, you will have to go to the trauma center to have your arm sewn back, and only then be interested in the fate of the chip. Of course, I'm exaggerating, but you really can't break it in any way, doing ordinary things.
Question: What about magnets, radio fields, x-rays, CT and MRI, metal detectors, frames in airports and anti-thief systems in stores?
Answer: Permanent magnets do not affect it at all - there is nothing there that can be magnetized. As for electromagnetic fields, the developers took care of this - the microcircuit does not lose functionality, being in the fields of the usual tension for an apartment or production. A microwave can destroy the tag, but you wouldn't do that with your hand, would you?
The only consequence of an x-ray or computed tomography will be the surprise of the doctor:
On MRI, the capsule will also be detected, but this will not affect it in any way - in tomographs, frequencies of 30-130 MHz are used, which are too far from the resonant frequency of the coil to excite a current in it sufficient for its operation, and even more breakdown. She won’t be torn out of her hand either, these are the speculations of the screenwriters. True, there will be slight interference in the area of \u200b\u200bthe arm during the study, and MRI of the hand will not work.
Metal detectors (as well as frames at airports) will not respond to such a small object.
Anti-theft systems are configured for their own protocol and codes, and will not accept labels from other standards. And besides, the store will absolutely not have video recordings of you trying to steal your hand.
Question: What about safety? After all, anyone can read the label by bringing the scanner closer to your hand.
Answer: Yes, EM-Marin is very easy to read or copy. If you need real security, use Mifare, cards of this standard can have a large number of data blocks, each of which can be protected with a separate password. It should be noted that even to copy EM-Marin, you need to know where you have the chip, and what standard it is - i.e. fully follow you. In this case, copying the keys to the apartment seems to be easier. Well, of course, no one bothers you to use a combined authorization system - label + password, in which the compromise of one of the links does not lead to the compromise of the entire system as a whole.
Question: Where can you buy them?
Answer: It is important to buy exactly the labels that you need. EM-marine standard tags can be found on Amal's website, the tag costs $25 separately, and the implantation kit is another $50.
The TrossenRobotics website also sells similar tags - for $6.49, but with delivery for $50 A lot of tags can be found on aliexpress, upon request glass rfid. But none of them supports the EM-marine standard, only EM4305 is the standard for marking animals.
Video of opening a door lock with an implant: Implantation process:
Smartec's ST-PR040EM, ST-PR140EM and ST-PR140EK devices are part of the Em Marine line of card readers and are a good choice for organizing a budget access control system. Having the same specifications, these proximity models differ in size and case design. Both devices read the code from cards at a distance of up to 6 cm and can be connected to the controllers of almost any access control system via the Wiegand interface. Thanks to a durable metal case and a compound-protected electronic part, proximity readers are able to work both indoors and outdoors, with a degree of vandal resistance IP68.
All three proximity models have durable metal cases and can be used both indoors and outdoors, in the temperature range from -30° to +60°С and relative humidity up to 99%. The electronic parts of the ST-PR040EM, ST-PR140EM and ST-PR140EK are weather-sealed with a polymer compound, making these proximity readers operable in harsh weather conditions and have a high degree vandal resistance. The main advantage that distinguishes these readers from analogues of this class is optimal ratio price / quality using low-budget access cards of the Em Marine standard.
Possibility to choose the appropriate size
Both ST-PR040EM and ST-PR140EM are keyboardless proximity readers that receive a code when you present an access card to them. They have the same technical characteristics and differ only in the shape and size of the case. Therefore, the user can choose a proximity reader for himself, based on the specific situation, the design of the room and the size of the installation site. In turn, the ST-PR140EK is equipped with a membrane keyboard, which allows you to use an additional identification factor.
Optimal reading distance and common card format
Smartec proximity readers of this series use the common Em Marine standard, have high identification reliability and a stable reading distance. The range of these proximity devices depends on the size of the antenna, the power of the electronics, and the electromagnetic environment in the workplace. The considered proximity readers have a reading range of up to 60 mm and are optimal for working as part of the access control system of office buildings, warehouses, shop premises, as well as for recording staff working hours.
Established identification mechanismEm Marine RFID Cards
Regardless of the model, these Smartec readers use RFID (Radio Frequency Identification) technology to receive and recognize the card code. The generator built into the proximity reader with a carrier frequency of 125 kHz constantly generates an electromagnetic field around the device, when Em Marine cards enter it, an alternating voltage is induced in its antenna. In this case, the voltage is higher, the smaller the distance between the proximity reader and the card, and the larger the size of the antenna built into the identifier.
Once the card receives the power it needs to operate, it generates an RF response modulated by its identification code. To do this, a miniature Em Marine chip is built into the proximity card, which includes a transmitter, receiver and processor. The processor's memory stores a unique ID code written to the card at the factory. After proximity demodulation, the readers transmit the received card code to the ACS controller for its verification with the database.
Compatible with ACS controllers from any manufacturer
ST-PR040EM, ST-PR140EM and ST-PR140EK have a Wiegand 26 interface that allows you to connect these proximity readers to access system controllers a large number manufacturers. This simple wired interface is used to communicate between RFID card readers and the ACS controller. The number 26 means the number of bits in the package: 24 code bits and 2 parity bits. It should also be noted that the readers of this series belong to the budget class, because. their cost is significantly lower than the cost of similar devices that use the Proximity, iClass or Mifare standards in their work.
Sound and light indicationstates
Each reader of this series has a light and sound indication of receiving an access card code. When devices in their proximity area detect the corresponding Em Marine pass, the two-color LED switches from red to green color if the code is accepted and the buzzer sounds. The decision to authorize/prohibit access is made by the ACS controller, to which proximity readers transmit the received information. If the identification is positive, the controller sends an unlock signal to the actuating device (electromechanical lock, turnstile, etc.).
Specifications forproximity readersSmartecST-PR040EM andST-PR140EM
Parameters |
Meaning |
||
Reader: |
|||
Reading distance: |
|||
Keyboard |
package 8 bit |
||
Interfaces: |
Exit Wiegand 26 |
||
10 - 14 V (DC), max 40 mA |
|||
Operating temperature range: |
As you know, many access systems use EM-Marin RFID cards with a frequency of 125 kHz. The intercom of my house was no exception. One problem - it would be nice to learn how to copy such cards, because the price tags for copying them are not encouraging. Of course, there are quite a few copier schemes on the net (and the Chinese sell their copiers for a penny - however, they often put their password on blanks when copying), but why not build your own copier? That's what the article below is about. Now we need a diagram. Let's take the analog part of such a copier from RECTO and connect it to the atmega8 microcontroller. Let's add a level converter to connect to a max232-based COM port (those who wish can use ST232 or something else to connect via USB, but I have a COM port on my computer, as well as a USB-COM adapter, so I have such a task did not stand). You get the following scheme: What is she like? Dual emitter follower, oscillating circuit, detector and RC filters. Due to the fact that RC filters have different time constants, by comparing the voltage levels between the stages, it is possible to highlight the change in the signal of the RFID tag. The comparator built into the atmega8 will deal with this task. The generation of a 125 kHz signal will be provided by the PWM controller built into the atmega8. The combination of an RFID tag and a reader form a transformer, where the tag is the secondary winding. The transfer of information by the label is carried out by changing the load of the secondary winding. As a result, the current in the reader coil (primary winding) changes. The above analog part of the circuit is engaged in the selection of these current pulses. The oscillatory circuit must be adjusted to the maximum voltage at the test point, for example, by winding / winding the turns of the coil. True, they say, the voltage is still better a little less than the maximum - it works more stable. I have about 40 V at the control point. The label to be copied uses Manchester encoding. In order to decrypt this code, it is enough to skip three quarters of the bit slot period by any change in the signal edge and, by the signal edge following it, fix the bit value that will correspond to the signal value after the edge. When decoding, it is worth setting a window in which the signal transition should occur - no more than half the period of the bit slot. The method for deciphering the Manchester encoding and the code for this I took from Shads. Of course, it was possible to write my own, but I was in a hurry to start the copier - I wanted to make sure that the scheme was working and the tags were being received. So this fragment remained in the copier code. It also turned out that my comparator is set inversely than the decoding code needs. Changed in the code. So, we got sequences of zeros and ones. How to get the card code from them? And it's very simple. Let us assume that the card number according to nibbles has the form AB CD EF GH IJ. The map shows this: 1) Nine units at the beginning; We read all 64 bits, decrypt and get 40 bits of the card code. It is logical that if we issue such a code ourselves, closing the coil of the card attached to the reader, we will get a card emulator. But now we are not interested in him. We learned how to read the map, but how to transfer data to the map? To do this, you just need to turn on or off the frequency of 125 kHz in accordance with the exchange protocol with the card. During the “silence” of the reader, the card is powered by stored energy. The T5557/T5577 blanks are fully compatible with each other in terms of recording protocols, however, they have slightly different minimum and maximum pulse times (fortunately, the T5557 times overlap with the T5577). The EM4305 has a different recording protocol. To record T5557 I used BolshoyK's code. The table below shows the signal parameters for the T5557 key fob. The recording begins with the StartGape signal - it is required to turn off the 125 kHz signal for about 300 µs. This is a signal to the card that data will now be transferred to it. Further it is necessary to transfer to a blank the information. The encoding of the transmitted data is the same Manchester. T5557 / T5577 and EM4305 blanks are multifunctional and can different types modulations, support passwords and much more. Each disc has a set of 32-bit blocks on board. The purpose of these blocks is different. In some - the issued key code (it takes two blocks). Others are configuration. Thirdly, the manufacturer's identifier. We will use limited functionality, so those who want to understand what all these bits mean can look at the documentation for the blanks (I attached it to the archive). Blocks are collected in two pages (0 and 1). In the zero page there is a configuration block with index 0. We will set it. For T5557/T5577, we will have the following configuration bytes: 0x00.0x14.0x80.0x40 in accordance with the table from the documentation (I marked the modes selected by single bits in red): Thus, we have chosen: the data transmission frequency RF / 64 (125 kHz / 64), Manchester-type coding, the issuance of blocks up to the second (in blocks 1 and 2 we will have the code issued by the card). The opcode (2 opcode bits) and one lockbit must be sent before writing. Opcodes 10b and 11b precede data writes for pages 0 and 1 (the low bit specifies the page number, the high bit specifies the page write code). We get 10b for the opcode (all work is page zero) and 0b for the latch bit. After transferring all this data, it is necessary to transfer the three-bit address of the page being written. All data transfers for the T5557/T5577 are MSB to LSB. By setting the card code in blocks 1 and 2 and the configuration in block 0, you can get a duplicate RFID tag. As you can see, everything is simple. The next type of blanks is EM4305. So I had to deal with the recording of this disc myself. It also consists of blocks of 32 bits, but their purpose is different. The coding of the data transmitted to the card is based on changes over a time interval. If there was a difference over the time interval, then this is zero, and if there was not, it is one. The configuration word is stored in 4 bytes and for myself I defined it like this: 0x5F,0x80,0x01,0x00 (Manchester encoding, RF/64, output of word 6). In words 5 and 6, I write the card code (the same 64 bits that the card produces). The EM4305 requires that the transmission be from LSB to MSB. The card understands that an exchange begins with it after the issuance of a combination of impulses to it:
Command format
Block address format This sets the configuration of the EM4305 blank and its code. Actually, nothing more is required for a simple copier. I made several versions of the copier with different displays. For example, here is a copier with a 1602 display: And here is a video of the copier working on the LPH9157-02 display: But the reason why I became interested in copiers of such keys was that I had to make many copies of the intercom key (it was too lazy to wait for a parcel from China), but the price tag is this: The archive contains all the schemes, seals, programs and documentation for blanks. There is a version for Arduino Nano (it needs to be flashed separately through programs for uploading third-party firmware). Those who wish can open the documentation for all these discs and implement support for passwords and other card modes. I personally didn't need any of this. Special huge thanks to RECTO, BolshoyK and Shads - without you I would have been having fun with development for quite some time! Thank you for your attention. P.S. I am not a professional in copying keys and in blanks, so I could well be mistaken in something. However, the copier works, and so far no one has found errors in it. EM-Marine is the most popular type of identifier in Russia. The format was developed by a Swiss company E.M. Microelectronic. Chip manufacturers
The card code in decimal form is 007369663, then the same code presented in text form is 112.29631. Number uniqueness
Card manufacturers
Identifier types EM-Marine thin cards - price from 12 rubles
Keychains EM-Marine - price from 11 rubles
EM Marine bracelets - price from 81 rubles
Tags EM-Marine - price from 53 rubles
Personalization Screen printing
Offset printing
Plastic stickers - price from 25 rubles
Readers EM Marine - price from 921 rubles
Reading range
Other features of EM Marine long distance card reading is that the range drops significantly if there is metal near the card or reader. Advantages of EM Marine
Cons of EM Marine
Well, the most important thing is your opinion.Nothing motivates me to write new articles as much as your rating, if the rating is good, I see articles further, if it's negative, I think how to improve this article. But, without your appreciation, I do not have the most valuable thing for me - feedback from you. Do not take it for work, choose from 1 to 5 stars, I tried.EM-Marine is one of the most common formats used for contactless RFID. Developed by EM Microelectronic-Marin (Switzerland, Marin). The most common chips are EM4100, EM4102. Identifiers are issued in the form of cards, key rings, bracelets, etc. based on international standard ISO14443. They belong to the category of passive, because. do not have a built-in power supply. Each card has 64 bits of memory, 40 of which are occupied by a unique identification code. Em-Marine cards are not subject to rewriting. The interaction between the card and occurs at a frequency of 125 kHz, the range can be from 5 to 70 cm. Em-Marine cards are available in two types: thin 0.8 mm and thick 1.6 mm. The popularity of equipment based on the Em-Marine format is partly due to their lower cost, unlike other standards (HID or Mifare). Material of the special project "Without a key" The special project "Without a key" is an accumulator of information about ACS, converged access and personalization of cards ArticlesSelect year: Select month:
newsSelect year: Select month: |