Hi just a quick impromptu tear down video of one of these RFID cards. This one is actually the card to access my uh lab here in the EV blog corporate towers and uh, it has been slowly failing over the last uh, week or two if you've been following my Twitter updates and now it is finally dead I had to get a new card and uh yeah, like for a while I had to sort of like bend it in this direction like this with my thumb. No actually that was about the sweet spot right there and with my th with my finger like that I sort of got it down to a fine art in the end because when you're you know, stuck in the lift uh you know, trying to get up after hours and it uh yeah, you learned how to sort of do it. but it is finally dead.

So there's obviously some something cracked inside some Bond contact or uh, or something like that with the dye inside or you know I don't know. but yes, something has certainly uh, intermittent inside this card and yeah, like it wouldn't wouldn't go in that direction. it had to specifically be on this face here with this angle with my tongue at the right angle and I'd finally get in anyway, it has died so I thought I'd just uh, crack it open and see if we can uh see anything inside now I tried to uh copy uh this card and I do have a 125 khz reader and I believe uh the system we've got here and and this car is a 125 uh KZ car but I have to actually go down to the car park to verify that and I will, uh, do that um at the moment and I will do that right now after this shot actually just to verify that is 125 khz. Anyway, the reader I've got couldn't actually uh copy the thing I believe this might it might be uh, a hid uh brand 125 khz card and apparently, um, there is a lot of trouble copying the Hid card.

you can uh do it if you get a specific reader that cost big dollars and they claim to do it I don't know but the generic reader I've got claims to I think uh do some variation of Hid 125 khz car but it's certainly could not read this one so it was no good. All right. I'm down in the car park and uh, about the only time that uh, something like this little DSO quad will actually be uh, useful I think I'm just going to check the uh frequency of this thing and see what we get, see whether or not it's the one of the 125 uh khz uh frequency readers. Um, because I don't know so let's uh sorry I can't hold this at the same time, but hey, there we go.

prob I've got the right there we go that's 125 khz one I'm just uh uh using the probe sorry lot like that and uh, set it to 5 micr seconds per Division and there we go. So there you go. It was a 125 khz card and uh reader. So let's uh, crack this thing open and uh, see what we get? Shall we? I Mean you should just be able to? Oh yeah yeah, there we go.

should just be a cover I believe. Hopefully it's not potted on the inside, but hopefully like we should. Usually can just peel these things, peel these things off, and uh, access the oh yeah yeah, there we go. There's there.

we can see the coil already. Oh look at that too easy. We're in like Flyn almost. Well let's not count our chickens yet.

But anyway, let's open this thing up and Tada there we go. I can just peel, peel that back, might even be able to fix it. There's our chip in the corner so I don't know so that me having my thumb over here was a bit out. but uh, there's not much doing in these.

Of course there's the big uh coil. This is where spe specifically for the 125 khz cards. Of course the 13 MHz um cards will be entirely different, but uh I'll get my macro lens out but maybe there solder joint has come off in there. That would be an easy oh look there it is.

look, is that broken? Yeah, look I can see it, it's broken I might actually be able to fix this sucker, you beauty. There's the culprit. There we go. The coil's actually the wire is actually broken off from the base of the coil.

It's probably on the underside there. I'd have to flip it open really fine. I'm not sure how many turns are on this thing I Don't know if anyone wants to get in there and count. There could be multiple layers, but there's you know, many, many dozens of turns on this sucker.

That's for sure. There's our chip there, completely gunked. There it is. and uh, no, you know, apart from deting that, uh, we're not going to, uh, see what's inside that sucker.

But uh, yeah. basically the way these things, um, operate if you haven't uh SE if you don't know how these RFID systems work. Basically, there's a carrier frequency in this case 125 Kilz which is picked up by the coil and then that generates uh, voltage in there, which then Powers the chip and then the chip can communicate. Um, it's in this case, it's got like a specific ID number in there.

All these tags are individually ided so they can track uh, which person comes in and out and then what it does is just remodulate the coil back so that the reader can pick it up and that's uh, called back scattering and uh, that's how it is able to send you know a small amount of data back to to the reader. In this case, probably just the ID number and that's uh, that's most likely it. So yes, these things don't need any internal power. Of course they are passively.

uh, what's called passive reader? They are powered from the 20 125 khz signal from the coil and we've got a Rough and Ready Dave CAD Roughly how this thing works. Inside the card, there's a coil of course, Cple, you know, couple of dozen turns, couple of hundred turns uh, depending on the particular card and frequency, and a par a little cap there forming an LC uh tank circuit. and then from that we can actually, uh, tap off, uh, both. the voltage.

Of course there's going to be a rectifier which I haven't showed here to rectify the voltage to generate some DC to then power our little chip. And then we've got a modulation transistor directly across the coil. Now, it doesn't essentially shorted out it, just basically either you know the coil is damped properly or undamped depending on how, uh, well, the state of the transistor and and the chip just feeds back to feed back its data. All it does is just turns that transist on and off one and zero and that then modulates amplitude, modulates the Um carrier frequency like that, Which then the reader over here can have some smarts in it to actually read back and decode this data.

but that's pretty much all it does is changes it between 1 and zero, changes the modulation of the 125 khz carrier frequency, and that's how the chip in here is able to send data back it. and also this generates the clock as well. The 125 khz frequency here also generates the internal clock for the chip as well to send data back. Fantastic! And of course, there's various modulation schemes here, depending on uh, which one.

You know. the various standards or manufacturers have different types, so that data could be encoded certain ways. So that's probably why the Um our reader that we've got here can't read this particular Uh type of card or that Hid card cuz they probably use a um, you know, an encrypted or proprietary algorithm or something like that. and that's why they sometimes give it the term back scatter up modulation because we're modulating the signal coming in and then the sort of you know we're just get the reader here is just getting the back scatter modulated signal from our RFID tag.

Well, there really are quite a few turns in that sucker, that's for sure. and I have been able to find the other end of that coil. There it is on the bottom side and uh, I can. actually? oh yeah, you saw it there.

You can't see it again now. I didn't break that, it's just the angle. Um, hopefully I can peel that back up and uh uh, scrape that cuz this is enameled copper wire. Of course you got to take off or you got to burn off the enamel from the outside of it.

But uh yeah. I probably can rejoin that sucker. All right. I'm looking through the uh Times eight lens on my mantis here.

sorry, it doesn't. You know work very well, but you can see the size of those wires compared to my tweezers here. So anyway, I can't uh uh uh, you know I can't scrape off the enamel on these wires. So I'm just going to burn it off with the iron and some solder.

Not the best way to do it, but it's going to be good enough for the purposes here and we'll try try and burn that off and get some solder to take on the end of that. and now we wire there. I Think we may have. yeah, I think we may have got it.

Beauty And there you go. I have actually been able to solder that wire back on there. It's absolutely tiny. In comes my Swiss army knife blade.

It's tiny but yeah my Soldier and I accidentally hit hit the plastic there. oops and uh, that is repaired so it should probably work again and I just went and tried it and yep, what do you know? it works. A treat. Um I didn't expect to.

uh, you know I expected the odds of been able to repair this quite low. First of all, I expected it to be uh, potted but it wasn't and uh. next I expected the uh because where I was applying seemed to be applying pressure. It seemed to, um, indicate that that the uh, uh, that the chip was in the middle and it certainly wasn't and uh yeah, it was off to one side.

So I don't know, you know the angle of how it was making contact I have no idea but uh, why it finally died. So the construction of this thing is. you know, um, pretty piss week considering you know these things are designed to be like credit cards to go in your wallet and they Bend and all sorts of stuff. you know I expected them to be uh, potted or have some.

you know they've obviously gunked it a little. tiny bit around there, but not much all. so uh, when I put this back together I think I might U you know, put some silicon and in there and Gunk all that up before I put the uh cover back on and uh, well, hopefully it'll last a little bit longer, but there you go. I was uh, quite happy with that.

Nothing to see in here. of course it's coil and a potted chip. Yeah, sorry. but anyway, I was able to repair it so I thought I'd shoot a video.

why not catch you next time? Wait, stop the Press I've actually got another card here. It's an old uh Hid prox card 2 I had from a former company I worked at and uh, there it is Hid Corporation and I thought we just uh, take the cover off this see if it's any different Here we go. Once we get that off, should be a to oh yeah yeah here we go. we can access the coil on this one too.

Jeez, aren't any of them potted? I'm sure I've opened some in the past that have been potted. that coil is really stuck down on there. That one is uh yeah, may not come off in one piece like the other, one lot more stickiness. but before we destroy it I Just thought I'd try it on my Um card reader here.

my Card Copier which doesn't work for my card and um well press the read button and no, it doesn't work at all I mean you press the you know the cards that you can um the generic cards that you can buy and of course you can uh read those and uh copy them. no problem whatsoever. but this one and uh my one uh for the building no not compatible at all. even though it is 125 khz and there you go.

that's the 125 khz wave for my captured 100 MTS per division there captured from that Card Copier and there you go. Yes it did stick to the adhesive, not to the Uh inside of the Uh card there. and yes, this one actually does have its sensor more towards the sensor like I have seen before. So this is an genuine Hid Prox card but I don't think we're going to see much inter in there now that looks for all the world like the bottom of it.

so we'll see if we can. uh, get that up and uh, flip it over perhaps? Oh, just chopped the wire? Who cares? Not going to reuse this sucker. Oh and that one is blobbed as well. Sorry folks.