Hi,
Can this RFID be cloned? If so, with what tools? Alien G RFID White Wet Inlay (ALN-9654, Higgs-3)
Thanks
From the little research I did, it looks like the tag operates using UHF. It might be possible to clone (not entirely sure tho; I’ve never messed with UHF stuff), but you’d need a UHF reader/writer. The Proxmark3 won’t cut it for this one.
In terms of implants: someone correct me if I’m wrong, but I don’t believe UHF implants are really feasible. The range would be very disappointing once implanted.
This link has some more info on the chip:
1 Like
No it’s just that UHF is an active RFID thing, so you’d need a battery and no one wants to implant currently available batteries.
1 Like
There are both passive and active UHF systems. Passive tags are like what stores use on packaging (or the tag linked above).
It’s 100% possible to implant a passive tag, but Amal and Satur9 have stated in the past that skin messes with it a lot more than HF or LF tags.
2 Likes
A post from Amal on the topic:
2 Likes
Ah thank you, missed that
1 Like
Also many UHF tags are Global EPC style tags which generally speaking only carry an EPC code (sorta like an RF version of a UPC product code)… and it is common that you can re-write the EPC ID of these tags fairly easily which, on UHF tags, is called “recycling”. The question becomes - why would someone want to clone one of these? The obvious inference is that someone is using the EPC code as some sort of access or security measure? That would be pretty dumb, but I’ve seem a lot of pretty dumb security implementations before. Though, read the bit below about the 4 memory banks… the EPC code is recyclable but the TID memory is read only… perhaps someone figured the TID would be just as “secure” as most passive UID based systems?
From UHF RFID standards | UHF RFID frequencies
In the UHF (Ultra High Frequency) band, where RFID tags work according to the principles of the electromagnetic coupling, the most popular technology at the moment is the one based on the ISO 18000-6C protocol, best known as EPC Class 1 Gen 2 or for short Gen 2. The EPC Class 1 Gen 2 standard was proposed by the private organization EPCGlobal and then adopted in 2006 as the ISO 18000-6C standard by the International Standards Organization (ISO).
The EPC Class 1 Gen 2 standard was created to address some issues of previous UHF RFID standards conceived for logistics applications (such as the ISO 18000-6a and the ISO 18000-6b ). The new standard was developed specifically to track fluxes of goods between different companies and across all world regions with good read performance in environments with a high density of tags.
According to the standard specifications, EPC Class 1 Gen 2 tags have four memory banks: reserved, EPC, TID and user memory. The EPC bank, typically 96 bit in size, is the one that mainly characterizes EPC Gen 2 tags. It allows to univocally identify an enormous number of objects and controls anti-collision and wake-up functions. Since the EPC number is programmed by the user, more and more Gen 2 RFID tags in the market, as well as tags of other technologies, have a unique serial number that is set at the factory by the IC manufacturer and is inalterable in order to make the tag really unique. This feature is particularly important in applications where counterfeiting is an issue.
EPC Gen 2 RFID tags work in the frequency band that goes from the 860 MHz to the 950 MHz, but there are three main frequency sub-bands used in different geographical regions:
– Europe, India, Middle East, Africa: 865-868 MHz (ETSI)
– US (plus South America and some regions of Asia): 902-928 MHz (FCC)
– Japan: 950-956 MHz (JPN)
There are EPC Gen 2 tags that are designed to work well across the entire 860-950 band and others that are optimized to provide the best performance in a specific sub-band.
The majority of EPC Class 1 Gen 2 tags on the market are passive tags, but Gen 2 BAP tags and semi-passive Gen 2 RFID tags are also available.
1 Like
So what device do I need that can do the UHF “recycling”?. Thanks
well i think if that’s the case then my hunch would be that it’s using the TDI memory bank of the EPC tag… at least i would hope so… and you can’t change that… but if you wanted to play around with it, pretty much any UHF reader should have the capacity to update / change the EPC code of just about any tag… the only thing is all these UHF readers typically require middleware or some form of commercial software to do this … that’s because they are used in factories and warehouses typically… and these are well outside the scope of what we normally deal with here.