SiRFIDaL - Simple RFID authentication for Linux

Okay, I’ve added support for the following transponders:

  • ISO15963 [Dangerous Things xSLX]
  • EM410x [Dangerous Things xEM when stock]
  • FDX [Dangerous Things xBT]
  • Indala [that’s just for me, because I have an xEM implant programmed as a 224-bit Indala]

More can be added easily, but I just wanted to support my own implants. So that’s good enough for me. But if you feel like adding support for other transponders, feel free to contribute the relevant PM3 sequences and regexes.


FYI for your notes, ISO15963 covers Spark original also :+1:

Right. I wasn’t trying to be exhaustive, just to give examples of DT products that correspond to the listed standards, for casual visitors reading this thread who might wonder what any of this has to do with DT’s offerings. Because this is DT’s forum after all :slight_smile:

Hi @anon3825968 and thank you for this project!
I aim to use it for a professional project and I need to have card UIDs server-side in an LDAP server. Do you think it is doable without hacking your server to check the UID over LDAP, i.e. by using the LDAP PAM module?
Thank you,

Not currently. It saves the file in a proprietary format in /etc with the UIDs encrypted, for obvious reasons. If you just want it on a server, the easiest is to stick it on a network drive mounted somewhere in the filesystem and symlink to it (or point it somewhere else in the script), or rsync it. If you really want to use LDAP, then I guess you’ll have to implement that bit :slight_smile:


I added support for the ChameleonMini, ChameleonTiny and ChameleonTiny Pro Bluetooth in SiRFIDaL.

You can connect your Chameleon device with a USB-C cable, SiRFIDaL will automatically see it (if you configured it properly), set the slot you chose in reader mode and transparently poll the Chameleon continuously for ISO14443A transponders in the field.

In other words, you can use your Chameleon as a regular NFC reader to log in and out, unlock your screensaver, send automated commands or passwords, emulate a keyboard wedge, and all the other fabulous things you can do with SiRFIDaL. Yeees, you know you want it :slight_smile:

This is pretty useful if you travel a lot with a laptop and you want to authenticate with your implant, but you don’t want to clutter up your laptop bag with a full-size desktop reader. Particularly if you own a ChameleonTiny, because it truly is tiny. Personally, I always carry mine in my pocket. Now it doubles as a reader I can use with my PC also:

I’ll add support for the ChameleonMini / Tiny over BLE when I finally find time to figure out the exact protocol. For now it only works with a USB connection. But at least there’s a rationale for it: you can charge the Chameleon while it serves as a reader at the same time, so it’s not just sitting there doing nothing useful.


That is an awesome addition, Thanks for sharing, I have a Linux Laptop and a Chameleon; I am whatever is less than a Noob with Linux, but I will put this on my list of things to do /learn.

Is it simply reading the NUID?
(Then I will only have to memorise 4bytes as a backup…and not change it)

It is UID-based, but it’s not like a keyboard wedge. It doesn’t “type” your UID. This is a proper PAM module. You can keep your normal password and either combine it with one or more RFID/NFC UIDs to do 2FA, or log with either for ultimate laziness like I do.

1 Like

I added support for the uFR Nano Online NFC reader over Wifi in SiRFIDaL.

The way it works is, you configure the reader to connect to your Wifi router, then you configure it in master mode, enable HTTP POST and point it to the computer address / port the SiRFIDaL server is running on - meaning it should have a fixed IP or a resolvable address on your LAN of course.

You can leave this little reader quite far from your computer, and it doesn’t need to be tethered to it by yet another cable. Nice.

As for the reader’s performances, it’s on par with the good ole ACR122U, despite being half the size. Digital Logic readers usually aren’t short of power. This one reads my IAR glass M1k without any problem:

And of course, like all Digital Logic readers, it has more lights than a Christmas tree, so it’s perfect for the season :slight_smile:

Seriously though, I don’t know why that company has such an obsession with ultra-powerful status LEDs: they’re so bright they’re almost painful to look at. This is my third Digital Logic reader, and each time I’m astonished by how bright the LEDs are.

1 Like

I feel this one, bit of a derail but I have a TCL TV in my bedroom. In their infinite wisdom they decided it should have a white standby LED that burns with the intensity of 1000 suns, and no option to turn it off.

To make it worse, it’s also where the IR receiver is, so can’t just put black gaff over it. Best solution to date has been multiple layers of red electrical tape…

I appreciate status lights, but come on guys, read the room!

I don’t mean to sound boring, but electrical tape is your friend :slight_smile:



1 Like

If a really bright LED is enough of an annoyance to me I’ll pop the case open and either cut it out or modify it to be dimmer.

@anon3825968 Could SiRFIDal be able to do more than just uid matching? Perhaps some cryptographic key or something like the spark 2?

1 Like

It’s setup for UID-only by design: it’s meant to be usable with as many different readers / protocols as possible, at the cost of sticking to the lowest common denominator.

Adding crypto stuff would be possible, but it would be a bunch of work.

I definitely could, I just can’t be bothered clearing out a big enough spot on my workbench to pull the back off a 48” tv when red tape does a good enough job. If it was a smaller TV I would for sure

1 Like


For information, I added support for networked readers that transmit UIDs through TCP, for the few ethernet-enabled readers out there (mostly industrial) and for things like this serial-to-wifi converter that let you use serial readers over TCP. Use this on your own secure LAN of course, as the UIDs are transmitted in clear-text.

1 Like

What about support for an ESP-RFID-Tool?

That’s a Wiegand datalogger. It captures UIDs from another reader and logs them for later retrieval by penenetration testers (or bad guys, depending on the use case). It’s not a reader.

I know what it is, but if it was supported then you could use any Weigand reader, by providing it with power and attaching an ESP-RFID-Tool. I actually use one with an unconnected HID reader as a test platform. I am assuming that you are not supporting Weigand natively, this would be an easy way to expand the supportable readers.

Well kind of. Among other things, SiRFIDaL supports any old reader that shows up as a character device or PTY in the system and outputs UIDs in LF-terminated text lines. So it’s more a hardware problem than a software support problem: if you manage to connect your Wiegand reader and it shows up in /dev, you’re good to go.

Typically, you want to do that with a Wiegand-to-serial converter. Or, you may have some board that reads Wiegand readers and makes the data immediately available through telnet, or with a HTTP server, or with a HTTP client that connects to a fixed server. SiRFIDaL supports all those schemes too.

But the key here is that it should get the UIDs in real-time. To my knowledge, the ESP-RFID just sits there and collects UIDs it sees on the Wiegand interface and stores them in memory, to be retrieved at a later date. That’s not what SiRFIDaL is for at all. Unless I’m mistaken and the ESP-RFID does have a mode to report UIDs in real-time that I’m not aware of, in which case, it might be supported depending on how it’s done.