What about to add UHF RFID support? Sure, it requires additional hardware, but has a lot of pentesting potential =)
P.S.: Not sure, that I choose proper category…
As I know, UHF readers have a huge antennas, that a lot bigger then flipper itself. If you mean only implement a UHF tag functionality, can you please tell where such tags is used? I only see this type of tags in warehouses and cargo marking.
I have one for my garage door at my current apartment. The support would be much needed.
Hotel (and other communal living spaces) use them for door locks
My old job also used active RFID tags to monitor location/cleaning routines for staff working in gym chains. It would also be helpful for activating and/or killing tags (NFC/UHF)
It’s doable. There are reader/writers & dev kits that are small in size for 180006B / 180006C ISO. There isn’t really a lot of security research going into UHF so it could be a great addition for future projects and testing even though there isn’t a lot of demand for it now.
I had one reader-writter for UHF tags 8xx-900xx MHz, its not big, like a normal mifare usb reader. Those tags sometis has strong encryption, and IDK if there a clear way to bypass it. Also there is active systems, where battery and separate mcu used in pair with UHF tag. Systems like these used on toll roads. Active protocols more coplicate. But i guess simple passive UHF could be implemented in flipper zero. +1
I’m poking around trying to see if I can get this to work for my garage.
Unfortunately the card might some how be a protected one (which shocked me for my building).
Best I can tell inside the card is one of these or some variant:
I also did a random frequency analyzer while I was driving through the garage and it was BLASTING 914.999. I’m pretty sure most of the size of the antenna in the garage is just for power and large coverage.
Upside is I have 2 flippers so I can record the raw data from the antenna and then play it back myself repeatedly. It’s not something obnoxious like the 21kHz my VW fob uses to activate the LF coil lol. That one is easier to just do at the car. But it’s also encoded so I got more research to do lol. It’s really more actual pentesting with that one.
The most annoying thing for my garage UHF RFID is the card even has the sticker with the 3 digit “SC” and 5 digit “ID” so even if it has a unique ID in the card, I can work out most of the hex values that are predictable so I can hopefully reverse whatever I need to so I can have both garage fob and elevator/door fob stored.
Will be super useful since my building is access controlled and won’t let us get more than 1 fob, so I gotta let people in every time. Now they can get to my door at least (the garage is open more than it’s closed so tailgating is easy lol).
I really need to make myself setup a build environment for the source soon too. Wanna figure out how to make use of the wifi module better.
Maybe I can also some fun ways to interface with my red Komodo too. I have a few pigtails of its speshul connector lol.
Either way, I plan to at least make the basic effort needed to see what flipper can and can’t do with uhf rfid.
2 Likes
I have an RFID tag on my car from Mister Car Wash that seems to be 900MHz-range. It would be neat to poke at that and potentially read and clone it. Emulation is definitely not feasible (unless you were to hold the flipper up to the reader, which sort of defeats the purpose of UHF RFID) but reading and writing tags should be feasible I’d imagine.
Does anyone know if there is any updates /progress on this? I assume the hardware allows to do it (since it falls in the subghz range) , we just need the software to make this work?
Bumping this old thread. UHF technology has become explosive in my city where human beings are becoming less and less utilized and machines are being installed. Typically the application we are seeing this is in rented parking spaces both in garage and open lots that are non-staffed. In fact, a lot of kiosks and other people in the key making business that I know personally are trying to figure out how they can piggyback off the UHF tags for individuals seeking to make a copy of their garage tag or rented parking space tag provided they have a lease. There is no such device available that currently can clone a UHF tag that I am aware of, but the Flipper is the one device that makes me stop to think. Are there any current R&D going on in this sector of flippers potential?
1 Like
Greetings. I am in Turkey and wanted to report a use cafe of this. The company Moonwell produces Moontags which read
RFID MOONTAGS
Araç Geçiş Sistemleri
On the back seem to be UHF RFID. These are pretty popular in Turkey. The sticker on the car looks exactly like this one,
The corresponding antenna seems very likely to be this,
This antenna has a 3-5 m working distance. This is a very working class apartment complex. My assumption is that these are far more popular in Turkey then we’re giving them credit for.
Hello everyone, me and one of my friend was able to get UHF Compatibility working using the YRM100 module. the app for the flipper is still in development.
5 Likes
Where could I follow up the development of the UHF app for the flipper?
Hey guys, does anyone have an update on this or can point me in the right direction?
Theoretically, could Flipper sniff UHF-RFID-tag <=> UHF-RFID-reader exchange with CC1101 module?
UHF is also used for ski passes, which is something i am interested in, on the flipper or otherwise.
1 Like
That’s cool but functional is really low.
By the way you can buy on AliExpress TID writable tag and UHF RFID programmer that reads and writes tag, including TID, EPC and USER data. The programmer comes with software, SDK and some code examples that show how to read/write data.
I was trying to duplicate my “tag master” sticker for gate access but stuck in problem: I can read my tag, but TID writable tag from AliExpress has less memory space for TID data… So I can duplicate everything but TID…
I didn’t even know you could buy a writable tid tag. I’m going to look into that. however, im slowly adding more features to the flipper app. in my opinion i can probably add most of the main functionality from the sdk.