I recently acquired an RFID reader and writer, which I had to buy for my lock picking. Like the product name implies, it can easily read the data from the unlocking RFID tags since it is not encrypted and copy it to another tag so that we get a perfect replica that also works with my door system. But of course, that is not the end of the story for me here since the to be copied tag needs to be super close to the RFID reader which in my opinion does not count as lock picking because this is more like stealing a key and then replicating it.

No, what I want is to read the RFID tag from a distance, like at least 30cm, and to do that, I initially thought that I have to increase the strength of the electromagnetic field of the reader. But after opening it up, I noticed that its circuitry was rather complex, and I honestly do not want to mess with it because there is a possibility I might destroy it, and I do not want to lose my only way of writing to RFID tags.

Instead, I rather switched to this RDM6300 RFID reader board that you can get for way cheaper from the internet. Since the board can easily communicate with an Arduino, it is no problem reading out the RFID data and then typing it into the writer in order to create a copy. But the big advantage of this board is that after I reversed engineered its circuit to create this schematic, I realized that it does the coil power amplification as well as the data transformation all discreetly with Op-amps and PNP Bipolar Junction Transistors.

This is great because this way I can more easily play around with the amplification circuit which I did right after I determined that the unmodified reader can read the RFID tags up to a distance of around 4 to 5cm. With that out of the way, I started my modifications by desoldering a resistor in order to inject my own voltage to power the coil.

And while increasing the voltage did beef up the sinusoidal voltage through the coil as well as the electromagnetic field that can get received, it did also surprisingly decrease the RFID tag reading distance. I think the problem is that the feedback from the tag does not get detected better with a higher voltage aka electromagnetic field which in conclusion should mean that we should not strive for super awesome amplification but instead another coil design to maximize the distance.

And since I have 4 wireless power videos under my belt which I definitely recommend you to check out, I had some idea what I was doing while creating two 12cm diameter coils with my patent pending world famous coil making machine. Now as a reference, I hooked up the old coil to my LCR meter to determine its resistance and inductance.

And the first DIY coil I then tried out came with higher values in both categories and performed let's say pretty horrible. In case you are wondering why I am adding new capacitors here then let me tell you that the circuit is creating a resonance circuit for the coil here, and since the inductance of my new coils changes around, I also had to fine tune the fitting capacitance for the 125kHz frequency.

But anyway, my second DIY coil actually came with similar values as the original coil and did also perform quite a bit better with a reading distance of 7cm. So for the next test, I reduced the numbers of turns of this coil in order to decrease its resistance and inductance but increase its coil quality. This time, the reading distance went up to 8cm which I thought was an almost ideal for a 12cm coil in combination with such an off-the-shelf reader.

Of course, I also tried out other types and bigger coil designs but here is have to say that the small reader circuit with its transistors and without proper MOSFET driver is not up to the task. So sadly, I didn't get to complete a practical prototype that can read over a bigger distance but I certainly had a suitable theory in mind which I might try out in a future video.

But through the experiments, I am now at least very sure that you can build such long-range RFID readers and if you don't believe that then let me tell you that there are already such readers available on Amazon that work over a distance of 30cm. So in conclusion, everyone can theoretically pick this lock easily by getting a bit closer to the person who carries the tag so I would highly recommend not investing in such a security system.

RFID is not always this bad though because it is a big field with also lots of encryption involved so better have a look at that when ordering your next locking system. With that being said, I hope you enjoyed the video. If so, consider supporting me on Patreon and as always, don't forget to like, share, subscribe, and hit the notification bell. Stay creative and I will see you next time.

WEBVTTKind: captionsLanguage: enThis is not the Lock Picking Lawyer and todayI got a little mock-up RFID door locking systemhere.As you would expect the door is normally lockedand when I bring a specific RFID tag closeto the access control unit we can hear andsee that the door unlocks successfully.This all sounds fine but I was wondering howeasy it is to electrically pick this locksince such 125kHZ RFID tags are not that secure.Now the real Lock Picking Lawyer did a similarvideo about this topic in which he read outthe RFID tags authentication data betweenthe reader and control unit.But I however can not do that because thereader and control unit is combined in oneand I honestly feel like messing with thelock system itself it not the best way todo it.Instead I was wondering whether I could readout and copy the RFID tag from a distanceso that I can create a replica without theoriginal RFID tag owner knowing.So in this video I will try to do just thatso that I can hopefully tell you at the endwhether you can trust such an RFID securitysystem or whether you should look for alternatives.Let's get started!This video is sponsored by Morning brew whichis a free daily newsletter delivered fromMonday to Sunday.Now before subscribing to Morning Brew I normallyspent my mornings browsing through my Twitterfeed which let's face it is not that informative.But after subscribing I received daily informativeand actually fun to read news about tech,business and finance like for example thatElon Musk bought quite a bit of Twitter stocks.It is a perfect mix between wit and informativeand since you can easily read it on the gousing your smartphone I do it quite often.So go ahead and give it a try by clickingthe link in the description to subscribe.And remember, it's 100% free.First off before getting to the whole RFIDtag copying stuff we have to know a few thingsabout RFID itself and my door locking system.So let's rewind time back to the moment whenI saw this RFID access control system on Ebayfor less than $10 at which point I thoughtto myself: “This can't be safe, right?”To find that out I obviously had to buy itand after studying its surprisingly well mademanual I found out that I also needed a powersupply as well as a lock.After choosing suitable options on Amazon,I unpacked them and also studied their manualsin order to find a general consensus betweenthem.So initially I thought a wiring diagram likethis would work in which the access controlunit and the lock would get powered by 12V.And at first sight this setup did seem towork just fine after powering the system.Using the given programming operations fromthe manual did also work to add an RFID tagthat unlocks the whole system.But as you can see after trying just thatthere seems to be a short circuit which thepower supply luckily survived by shuttingoff.You see the the problem was that the “Electricmortise lock instryctions” say that youhave to hook up the 4 wires of the lock likethis.But in reality you only have to connect thered wire and black wire like it is shown inthis final wiring diagram.This way you do not create a short circuitwhen unlocking which means that the electricalsystem was basically done.Of course I also had to come up with a smallmock-up door to go along with this lockingsystem but I do not want to bore you withthe details here because I am not that greatwith woodworking.So instead let's move on to the moment inwhich I bring the RFID tag close to the controlpanel.In case you do not know RFID stands for RadioFrequency identification and radio frequencyis the right term here because if we observethe electromagnetic field in front of thereader with the help of a coil we can seea sinusoidal voltage on the oscilloscope witha frequency of around 125KHz which is thefrequency this specific RFID system uses.This field is of course created by the RFIDreader itself by letting a sinusoidal currentflow through a coil which we can actuallysee by having closer look inside the controlpanel.Now the RFID tag obviously gets penetratedby this field and what happens next can bebest explained by looking at this clear onewhich only consists of a coil and a smallIC.So what happens is that a voltage gets inducedinto the coil by the electromagnetic fieldwhich now powers the IC.The ICs only job is now to short its own coilusing a transistor according to the data akabits saved in its memory which by the wayis basically the unlock key/data for our lockingsystem.So by doing that the transmitters coil voltagegets a bit altered as you can see on the oscilloscope.When the amplitude is lower it means thatthe tags coil is shorted and when the amplitudeis higher it means the coil is not shortedand thus our reader can turn this mess intoan easily recognizable data stream which hopefullycontains the correct code that lets the accesscontrol unit unlock the door.And with the theory out of the way I startedbrowsing through Amazon and Ebay to find fittingcircuits that could help with my lock pickingtask.What I found were of course some Arduino RFIDreaders which I already had lying around andthis rather interesting Multi frequency RFIDreader and writer which I of course had tobuy for my lock picking.Like the product name implies it can easilyread the data from the unlocking RFID tagsince it is not encrypted and copy it to anothertag so that we get a perfect replica thatalso works with my door system.But of course that is not the end of the storyfor me here since the to be copied tag needsto be super close to the RFID reader whichin my opinion does not count as lock pickingbecause this is more like stealing a key andthen replicating it.No what I want is to read the RFID tag froma distance like at least 30cm and to do thatI initially though that I have to increasethe strength of the electromagnetic fieldof the reader.But after opening it up I noticed that itscircuitry was rather complex and I honestlydo not want to mess with it because thereis a possibility I might destroy it and Ido not want to loose my only way of writingto RFID tags.Instead I rather switched to this RDM6300RFID reader board that you can get for waycheaper from the internet.Since the board can easily communicate withan Arduino it is no problem reading out theRFID data and then typing it into the writerin order to create a copy.But the big advantage of this board is thatafter I reversed engineered its circuit tocreate this schematic, I realized that itdoes the coil power amplification as wellas the data transformation all discretelywith Op-amps and PNP Bipolar Junction Transistors.This is great because this way I can moreeasily play around with the amplificationcircuit which I did right after I determinedthat the unmodified reader can read the RFIDtags up to a distance of around 4 to 5cm.With that out of the way I started my modificationsby desoldering a resistor in order to injectmy own voltage to power the coil.And while increasing the voltage did beefup the sinusoidal voltage through the coilas well as the electromagnetic field thatcan get received, It did also surprisinglydecrease the RFID tag reading distance.I think the problem is that the the feedbackfrom the tag does not get detected betterwith a higher voltage aka electromagneticfield which in conclusion should mean thatwe should not strive for super awesome amplificationbut instead another coil design to maximizethe distance.And since I have 4 wireless power videos undermy belt which I definitely recommend you tocheck out I had some idea what I was doingwhile creating two 12cm diameter coils withmy patent pending world famous coil makingmachine.Now as a reference I hooked up the old coilto my LCR meter to determine its resistanceand inductance.And the first DIY coil I then tried out camewith higher values in both categories andperformed let's say pretty horrible.And In case you are wondering why I am addingnew capacitors here then let me tell you thatthe circuit is creating a resonance circuitfor the coil here and since the inductanceof my new coils changes around I also hadto fine tune the fitting capacitance for the125kHz frequency.But anyway my second DIY coil actually camewith similar values as the original coil anddid also performed quite a bit better witha reading distance of 7cm.So for the next test I reduced the numbersof turns of this coil in order to decreaseits resistance and inductance but increaseits coil quality.This time the reading distance went up to8cm which I thought was a almost ideal fora 12cm coil in combination with such an offthe shelf reader.Now I of course also tried out other typesand bigger coil designs but here is have tosay that the small reader circuit with itstransistors and without proper MOSFET driveris not up to the task.So sadly I didn't get to complete a practicalprototype that can read over a bigger distancebut I certainly had a suitable theory in mindwhich I might try out in a future video.But through the experiments I am now at leastvery sure that you can build such long rangeRFID readers and if you don't believe thatthen let me tell you that there are alreadysuch readers available on Amazon that workover a distance of 30cm.So in conclusion everyone can theoreticallypick this lock easily by getting a bit closerto the person who carries the tag so I wouldhighly recommend not investing in such a securitysystem.RFID is not always this bad though becauseit is a big field with also lots of encryptioninvolved so better have a look at that whenordering your next locking system.With that being said I hope you enjoyed thevideo.If so consider supporting me on Patreon andas always don't forget to like, share, subscribeand hit the notification bell.Stay creative and I will see you next time.