RFID shield from advancetec works on 13.56MHz. There are a few things not so nice about this shield.

First is that it uses the same pins for RX TX as does the arduino serial port which of course is required for uploading. I came around that by removing the pins 0 and 1 from the board and running small wires from pins 2 and 3 to the former RX and TX pins. Using softserial you can then still program the arduino without changing jumpers etc. Second weak thing is that the pins 8-13 have not been brought out and neither has the power port. This makes the connection rather fragile. Not much you can do about that. Brrrr.

RFID shieldRFID shield schematic

OK so now we have the hardware connected and ready to go its time to look at what is possible to read.
There are actually lots of different types of RFID cards out there so lets pick one and take a peek at how its memory is organised.
On the left you can see the structure of a Mifare Ultralight card and on the right the output from the software.

RFID shield mifareRFID shield output

The bytes depicted as SNx are the Serial Number bytes.

So we have for SN0 SN1 SN2 SN3 SN4 SN5 SN6       04  F1 4e 29 EE 02 80 all hexadecimal.
The software correctly states this as you can see.
Byte SN0 is the manufacturer of the device in this case Philips (04).
From page 1 we get BCC0 = 33 and from page 2 we get BCC1 =45
These are the checkbits of the Serial Number. They can be calculated as follows. 0x88  XOR SN0 XOR SN1 XOR SN2 for BCC0 and SN3 XOR SN4 XOR SN5 XOR SN6 XOR SN7.
If you do the maths you will see that they indeed give BCC0 = 33 and BCC1 = 45.
On page 3 we get the OTP bits. These are OTP0 OTP1 OTP2 and OTP3 and are 11 22 33 44
These bits are one time programmable so once you set them you can not unset them So be carefull what you do with them.
The other bytes that have specfial meaning is the internal byte page 2 byte 1 = 48 and the two lock bytes = 33 44.
The lock bytes are the field programmable read-only locking mechanism. Each page from page 3 OTP to page 15 may be locked individually to prevent any further write access by setting the corresponding locking bits to 1.
After this the page is ROM.
The LSB of the lock bytes are the Blocking bits. Once these bits are set the locking mechanism is frozen.
RFID shield blockingbits

So in this case we have 33 ( 0011 0011 ) and 44 ( 0100 0100 )
Meaning OTP and 9-4 can not be changed and Page 4, 5, 10,14 are locked.
You can check this by trying to program the appropriate page and seeing the results.
Remember that this is OTP so once set you can not unset the bit.
RFID shield output2

Above is the output of the program where first pages 4-15 have FF written to them and these are then read back.
You can see that the blocked pages have not changed.

Ok now lets have a look at another kind of card called the Mifare S50 or Mifare 1k memory card.
The structure is a bit different for these types of cards.
RFID shield mifare2

RFID shield protocol

RFID shield protocol1

RFID shield protocol2

RFID shield protocol3

RFID shield protocol4

RFID shield protocol5

RFID shield protocol6

RFID shield protocol7

RFID shield Links

http://www.thaieasyelec.net/archives/Manual/Arduino-13-56-MHz-Rfid-Shield-Protocol.pdf

Leave a Comment