Step 2Whats stored on the card?

I started by building a RFID card reader (more details in a  future article).  That showed me the data that was being sent when the card transmitted its information.

The RFID cards that I brought have numbers printed on the back of them.  This number says what data the card has included in it.

the card with  0007820706  119,21922 printed on it transmits this pattern:
1111111110010111000000000000001111011110101001010101000010101100

The first set of 111111111 bits are the start sequence - it is used to tell the reader that a code is coming - the reader also uses the sequence to lock onto the card data.

Data stored is transmitted in groups of 4 bits, with a parity bit at the end of every group.

The data can be broken up as follows;
00101 11000 00000 00000 01111 01111 01010 01010 10100 00101 0110                0

If we ignore the parity bit at the end of every nibble we have

0010    1100    0000    0000    0111    0111    0101   0101  1010   0010    0110              0
     2          C        0           0            7          7          5          5           A          2     CHECKSUM   STOP


This code is  2c 0077 55a2  if we break the code into 3 groups, we have 2c, followed by 0077 (which is 119 in decimal), and finally 55A2, which is  21922 in decimal - this corresponds to the 119,21922. 

The same number is also written in another way on these cards 0007820706 (in decimal) is simply the hexadecimal number 7755A2.

WOOT we now understand how the data is stored.

2C is a constant code that is sent with all of the cards.  It is simply a facility identifier for this RFID system.


How does the parity and checksum work?

One final piece of data that the card transmits is a checksum word - this is used to ensure that all of the data has been received successfully.  Firstly, the parity bit at the end of each nibble of data is Even parity - this means that the transmitter will add a 1 to make sure that each block of data has an 'even' number of '1' bits -  So if we look a the '2', which is 0010 in binary - the parity system would detect that there was an odd number of '1' bits, and would add one to compensate.  Compare that to the 'C' which is 1100, the parity system would detect that there are an even number of '1' bits, so it would add a zero.


00101 2
11000 C
00000 0
00000 0
01111 7
01111 7
01010 5
01010 5
10100 A
00101 2

0110 checksum    + 0 stop bit

Finally, the checksum is an even parity bit applied to each of the vertical row bits.  This way, there is a horizontal and vertical check of every bit sent - everything has to line up, or the reader will simply reject the transmission.

When I decoded the data for my work prox card, it followed a similar sequence here, but (for obvious reasons) I won't actually publish the numbers.  Again, part of the sequence was a facility code, and the rest of the sequence held the same number that was printed on the back of the card.