Harald Welte hwelte@hmw-consulting.de Milosch Meriac meriac@bitmanufaktur.de 2006 Harald Welte <hwelte@hmw-consultin.de> Oct 12, 2006 1 $Revision: 1.0 $ This is the reference documentation for the OpenPCD RFID reader.

The OpenPCD project is about desinging and building both hardware and software for a user-programmable reader (proximity coupling device, PCD) of the ISO 14443 A+B (and later ISO15693) RFID protocols. The hardware is based on the Atmel AT91SAM7S128 microcontroller, featuring a 48MHz, 32bit ARM7TDMI core with many integrated peripherals, such as USB device, SSC, ADC, 128kByte Flash, 32kByte SRAM, ... Next to the AT91SAM7, there is the Pilips CL RC 632 RFID reader ASIC. It is attached via SPI (Serial Peripheral Interface) to the AT91SAM7. The SAM7 attaches to a host PC using a USB 1.1 interface. The SAM7 firmware implements various forms of interface between the RC632 and the host PC. There are multiple firmware images available, some of them acting as a dumb transceiver, while others implement the full ISO 14443 protocol suite inside the SAM7 firmware. All device firmware and host software source code is released under GNU General Public License. The hardware design (schematics, PCB) is released under "Creative Commons share-alike attribution" License.

FIXME: to be filled by milosch

Using this command, a given OpenPICC register can be written to.

Using this command, a given OpenPICC register can be read.

Using these commands, the host software can request a USB interrupt transfer to be sent once a given GPIO pin changes its level

The main_dumbreader firmware implements a very basic PCD/VCD firmware, where the USB device only implements an access layer to the RC632 registers and FIFO. All protocol and application logic has to be implemented on the host PC. This provides the greatest flexibility to the host software, since it can easily alter the behaviour of the device completely. Host development is easier than cross-compilation and remote debugging required for firmware development. Therefore, this firmware is the choice for most security researchers, since all timing and every bit of the protocol can be dealt with on the host.

This firmware is called 'main_librfid' because it contains a full copy of the librfid library, cross compiled for ARM. The librfid library implements various 13.56MHz RFID protocols from layer 2 to layer 4 and higher, including ISO 14443, ISO 15693, Mifare classic, Mifare ultralight and others. The USB protocol of this firmware has not yet been fully speicified, also there currently is no finished host software that could interface this firmware yet. Stay tuned for upcoming news on this subject.

TBD