Tutorial: how an RFID 13.56 Mhz read/write ISO-14443A tag works.
In 2 previously developed projects, an RFID read/write module connected to a Bolt 18F2550 system through an SPI or UART interface were described.
In both cases, the RFID reader module used was based on the surface mount 32 lead MFRC522 circuit.
For those 2 projects, a firmware for Bolt system was developed to perform the read/write functions of the RFID tags ISO-14443A, using any of the following read/write devices:
Additionally, a project for school attendance control was implemented using a low cost RFID reader, using ISO-14443A tags.
RFID TAG 13.56 MHZ ISO-14443A KEYCHAIN
RFID TAG 13.56 MHZ ISO-14443A CARD
ISO-14443A S50 TAGS:
These tags are sold either as cards or keychain. There are ISO-14443A tags with 1 Kb (which is described in detail in this tutorial) and 4 Kb of EEPROM.
The tag basically contains two electronic components (see image above): a specialized microcontroller known as 'chip' and an antenna for transmission and reception of data at a frequency of 13.56 MHz, which is the standard used in RFID radio link systems.
The microcontroller or 'chip' contains a read-write EEPROM, which is where the tag information is stored. All tags have a serial number, known as NUID (Non Unique Identification Number) of 4 bytes which is factory prerecorded. Some recent manufactured tags feature a serial number of 7 bytes, called UID (Unique Identification Number).
The tags do not have their own power supply, and are energized from the electromagnetic field generated by RFID reader antenna (RFID MF522, RFID-UART, or RFID-USB-READER) to establish the radio link. To this end, it is necessary to bring the tag to a distance of about 2-4 cm of the RFID module and remain in that position until the read/write cycle of the tag has been concluded.
The communication between the tag and the RFID reader module is handled, as mentioned, by radio link, at a frequency of 13.56 MHz and through a proprietary protocol. During the exchange of data between two devices, 16-bit CRC protection codes are managed to ensure the integrity of the stored and read information from the EEPROM. The speed of data transmission between the tag and the RFID device reaches about 100 kbits/sec.
EEPROM MEMORY ORGANIZATION OF THE TAG:
For the 1 Kb tag, the total capacity in the EEPROM is 1024 bytes. However, because of the locations used for security codes, the number of user available locations for data storage is 768 bytes. The memory of the 1 Kb EEPROM is organized in 16 sectors of 4 blocks each, for a total of 64 blocks. Each block in turn is constituted by 16 bytes. The figure below summarizes the organization of the tag memory:
Sector 0, block 0, serial number NUID and BBC byte:
In sector 0, block 0, the first 4 bytes store the tag's serial number (NUID) and manufacturer information. This block is protected and can only be read. The byte number 4 is known as BCC (Block Check Character) and is a checking value for the serial number, calculated with the logical operation 'Exclusive OR' of the previous 4 bytes.
Each sector, as mentioned, has 4 blocks. The fourth block is called 'Sector Trailer' and has the function of setting permissions and access codes for reading / writing data from that sector. In this block, 2 security codes called Key A and Key B are included as well as 4 bytes (Access bits) for configuration management to be given to the data in that sector. The Key A code can be written but not read.
The Key B code is optional and may be used or not, to the convenience of the system programmer. Data can only be read or modified in any sector only if the Key A and / or Key B are known. Both keys provide a safety mechanism for the protection and integrity of data in each sector.
The ISO-14443A purchase a new card, by default, both Key A and B have values 0xFFFFFFFFFFFF and the "Access bits" have values 0x07 0x80 0x69 0xFF. This initial settings in ISO-14443A tags, are called 'transport configuration'.
The 16 blocks called "Sector Trailers' are identified with the numbers 3, 7, 11, 15, 19, 23, 27, 31, 35, 39, 43, 47, 51, 55, 59 and 63, and can not be used by the user to store information, but only for the purposes outlined in the paragraphs above, ie, select the configuration and security settings of each sector.
The so called "Access bits", are arranged as shown in the table below. The base is formed by 3 bits, C1, C2 and C3, which define permissions for each of the 4 blocks of the sector. To identify the function of each bit, subscripts are used, for example, for the configuration of block 3, bits C13, C23 and C33 would be used.
In total, 12 bits are used for the configuration of the 4 blocks. As shown in the figure, the 12 bits of access are stored, including its complement, to provide a verification of the integrity of this data.
SAMPLE READING OF THE EEPROM TAG:
A typical reading of the 1024 bytes stored in the EEPROM of tag, receive the hex data as shown in the example below, obtained through a terminal emulator: On block 0, observe the 4 bytes that make up the serial number (D3 9C AB 34). Byte number 4 is the BBC (block check character)byte (D0). Blocks 3, 7, 11, etc., are known as Sector Trailers. Please note that, for data protection, Key A is always read as 0's.
In this example, blocks 8 and 9 were previously writen with the hexadecimal values (0x00...0x0F).
Reading of ISO-14443A tag, with text strings (ASCII data) stored:
MF522 RFID module connected to Bolt 18F2550, with visualization of data in mobile smartphone.
The easiest way to manage RFID: an UART serial port interface
Low cost school attendance RFID system, using an Excel spreadsheet.
The functioning of an RFID 13.56 ISO-14443A S50 read/write tag