Challenge response LF RFID tags (2 way communication)

hey @Astra,

in this post you’re mentioning that Flipper Zero likely will not be able to support challenge response LF RFID tags as a tradeoff for supporting Indala:

The problem here is that Flipper’s LFRFID system can’t work with challenge-response cards, only one-sided communication is supported. This was a sacrifice to support indala cards (which work on 62.5 khz, actually), so Hitag chips are probably out of the question

is that a hardware limitation in the design, or a software limitation.
or in other words, any chance we can expect future firmware updates supporting challenge-response cards on LF RFID? or would it be possible to write an app ourselves eg to read UID’s from these type of cards?

1 Like

I’m not an expert but my first guess is the radio stack or hardware. Hopefully someone more knowledgeable will come along and enlighten us. If I understand correctly the radio stack firmware is on the radio chip separate from the Flipper firmware. I had to reprogram the radio chip on a different project to interact with a different set of protocols. It involved using a USB to serial flashing device directly connected to the chip. I don’t know what the process would be on the Flipper but it was mentioned that you couldn’t easily jump back and fourth with the radio stack. That comment might have only referred to the sub ghz radio though so take my statement with a grain of salt.

hehe, no worries, plenty of salt here.

As for as I’m informed, I thought there’s no LF RFID radio chip, that most of the LF RFID is handled in software.
in contrast with subghz which has the CC1101 chip and the NFC which has the ST25R3916-AQWT chip.

so i’m kinda hoping that LF RFID challenge response support could be hanlded in software as well :crossed_fingers:

1 Like

fyi, I’m working my way through the flipper schematics and source code to hopefully find how I could write some external app for reading eg Hitag x cards.

@Astra , my idea is to (ask) modulate the carrier wave generated by flipper in reading mode with the hitag ‘request uid’ phrase (11000b) and then leave the field on, to read the uid response.
That, I believe, should be possible. the following comms to read/write configuration on the tag is likely a whole other matter.
Please do share your thoughts on this, cuz after going through the schematics and LF RFID source code I do not understand why you posted that challenge response was sacrificed for supporting indala (PSK) cards.


1 Like