#UHF | RFID for flipper

Not sure about standalone forked repos, but if you check the CFW bundled apps repos you'll find folders with compile-able code + minor changes

I'd kinda freak out if it happened to me

Definitely did a double take; the ad-serving algo was working overtime

That's oddly specific lol

pinged. hello

bonjour

hola

1

0

Hello from the land of Wizard of Oz 🤣

I will say that one screw hole being super near the traces makes me weirded out a little lol, hopefully I don't ever fuck with the screws enough to wear through it and the traces and short it 😂

May have to locate myself some nylon washers or something

yep

thick nylon washers are nice to have for exactly those kinds of builds^^

Where in Seader is the multiple attempts? I can't seem to find it; was planning on emulating your approach for a PR to the UHF app

let me find it

Just realized I never said a single word here, but got mine in the mail today looks great!
Time to start learning, I have no clue about uhf and sam yet lol
Still waiting on the yrm and sam chip themselves

https://github.com/bettse/seader/blob/main/ccid.c#L13
search retries in that file, it's all there. The value is set to 3 and decremented; anywhere you see it being set to 3 is a reset.
IIRC the overall path starts with seader_ccid_check_for_sam which sends the initial message checking for the adapter and SAM.
Obviously if the add-on is missing there is no decrementation of retries, which is where the timeout provided by the UI component (https://github.com/bettse/seader/blob/main/scenes/seader_scene_start.c#L30) kicks you over to the "Y U NO NARD?" screen

start with UHF first, once you get the basics it's pretty easy for a while 🙂
SAM can come after, you probably won't have a use for it anytime soon 😉
(plus you actually need to have keys on the SAM, either from a vendor or by putting them in yourself, and if you can put them in yourself there's little use for the SAM anymore, ya got the keys!)

plus you actually need to have keys on the SAM, either from a vendor or by putting them in yourself, and if you can put them in yourself there's little use for the SAM anymore, ya got the keys!)
This might be technically true for an arbitrary SAM, but almost everyone here says "SAM" and means "HID SAM", which already has the keys on it. And Seader only works with HID SAM.

@teal laurel did I give you an iClass SE or Seos? if so, if you get a HID SAM, Seader can read them

ah, didn't know that about seader ^^

With our powers combined… (no board, YRM only)

does the app use the main uart that normally has logs? seader uses the 2nd uart (AKA LPUART) so I can watch logs for poor man's debugging

ill double check rn, i still have the card pile on my desk 😉

do they have any special marking?

the UHF app? normal UART, pins 13/14

:p

Glad we got that clarified. There are some people who have bought rando SAM and didn't realized seader required that specific one 😦

bottom back will say "HID seos" or "HID iClass .............. -SE"

is it just code limitations? as in support for other manufacturer SAMs hasn't been implemented/is impossible to do?

yep just found it

i see
1 hid iclass chonky boi
1 hid iclass dp
2 hid iclass dp se
1 hid desfire px
2 ioprox xsf
1 hid seos ip
3 cards with no markings

i suspect one of the iclass dp will say "-SE" on the far end

ah yes

2 of them

1 dp and 2 dp se

ill order the HID SAM rn then, hotdog linked me this one https://www.ebay.com/itm/204533453585 is it ok?

it is all about code, nothing about hardware, but you gotta keep in mind that a SAM is a mini computer and it's talking to it in an API that the computer has some control over. In the case of a HID SAM, HID defined that protocol and if you look at sam_api in seader, it is big.
Seader is incredibly tailored for HID credentials (UI, credential format, etc), so there wouldn't be any real value in adding support for some other SAM.
That said, someone could write their own app using the NARD or Flippermeister for some other SAM for whatever it's purpose was. I don't have any ideas though of any mini-SIM size SAM used by any other system that we'd find interesting

or you could literally put a phone SIM into it and talk to it 😁

there's some made by NXP for Mifare Desfire I've seen on their site, but I don't think it has any keys on it

exactly, that's like blank hardware someone would customize for their product. lIke the Mifare AV3 that some people mistakenly bought (sold be vendors who also sold the HID SAM)

tried it while I was waiting for my SAM, the app did see it! I'd love to do that one day

you know how we say that you should never use your flipper for U2F or anything secure because it can't store secrets securely? well, a SAM would change that

ooooh, interesting!

you could write an app that would use an "empty" SAM and store secrets on it. As long as you keep the SAM safe (remove when not using), the data is safe. SAMs can even be programmed to generate things liek public/private keys on the chip, and then your flipper could be used to cryptographically sign stuff.

if I ever get that good at programming, I'll definetly do that, it's awesome

and it'll sell like hot cakes I'm sure! and I won't need a super special sim slot that time!

imagine selling it as blockchain wallet on flipper?

exactly!

even just a proper 2FA add-on for flipper

Get a yubikey and attach the keyring to the flipper?

dreamkiller 😉

for real

xD

was just reading up and saw this, yeah i remember hummusec had a fork updated for a while but it recently vanished, unsure why. i dont think theres any more updated fork around, except as you say the ones on all-the-plugins and our unnamed-Apps repo. i dont have a magspoof board yet (another thing i need to look into after uhf and sam) and didnt dig deep enough to know what the improvements hummusec had were in practice, but might be something worth porting back into your repo? on our unnamed-Apps repo we preserve the commit history when importing changes with subtrees, if maintaining authorship of the changes is a concern

Would be very happy to pull those changes back to my repo; happy to add you as having some control over the repo too

Do you know what the “read” changes (presumably hummusec’s) are meant to interface with?

I had done some loose exploring of making a USB-host board so one could plug in any normal mag reader, but that petered out with the internal TX stagnation + work getting extremely busy

all i heard was that it was meant to hook up to something else, not sure if a pc or another module, for read to work

Hm gotcha. I could keep that as debug-mode-only, same with the internal TX modes

I’ll pull this discussion to the side to keep from sidetracking this group, but looks like hummusec’s repo 404s / is private — could use your GitHub-guru-guidance on a proper way to integrate commit history from the missing repo / make sure any of their changes are properly credited

yep ill ping you in our unnamed server, but as i mentioned we keep commit histories when merging from remote repositories, so looks like the whole branch is preserved

_ _

@harsh igloo that link i mentioned for HID SAM doesnt ship to me, searching for Y7C07A i found just 2 links on the first google results page that seem to have it in stock:
https://www.serviceparts.uk/products/y7c07-67001
https://www.cdw.com/product/hp-printer-configuration-sim-card/4854794
theres a lot of mentions of HP printers while looking for it... am i on the right track? are there any other model numbers i could look for?

theres a lot of mentions of HP printers while looking for it
yeah, these are sold for HP printers so they can read iclass se/seos (like so an office worker can auth and the big printer will start printing queued documents)

ahhh

i just realized that the cdw link i found on google is the same one you have on your repo, which also links rfideas-shop for EU, however that link seems to be dead? it only shows the featured products and so on, not a product in particular. searching for the model code gave no results on that website, searching for "seos" i found
https://www.rfideas-shop.com/en/kt-4ffsim-av2-nano-sam-card-mifare-secure-memory.html
https://www.rfideas-shop.com/en/kt-sim-av2-sim-card-mifare-and-ev1-secure-memory-f.html
which seem to have a similar pricepoint and formfactor to the pictures ive seen here, but not sure if its what im looking for

I think the AV2 ones are different

I don't believe anyone is selling them directly anymore

HID stopped that

when the link 404s it usually means they're out of stock or stopped selling

I think CDW is

its weird that the page shows no error, its simply missing the acual product itself xD but yeah got it

so then my options are seeing if cdw ships to uk, or trying this on serviceparts.uk and hoping its not a scam

@vernal cape outkof curiosity are the tags you included with the board TID rewritable or no?
I'm assuming not

Nope, just bog standard Alien H9 tags.

Would have been a steal for only a buck if they were rewritable 😁

The tags I put in when people ordered them all have what they are marked on them I think?

Maybe?

shit I woke you at 4am

Nah, still up ^^

for what it's worth I stumbled upon a video a couple of days ago of a guy demoing the app with the YRH module (he didn't have a board the loser) where turning on 5V was one of the steps so I played with that a little yesterday but I didn't find it to improve the module detection (likely due to the missing sleep I suppose) and the reading, if anythihng, was a bit more flaky. Can't say my testing was particularly thourough though, so take it with a grain of salt

link?

the reading, if anythihng, was a bit more flaky.
separate problem

modern problems require modern solutions
I didn't have any plastic M2 washers, so I just 3d printed em
Next step is to make a nice cover

was I supposed to use washers?

Well, there's exactly one hole that is very close to the traces of the board

So in effort not to just wear through the traces long term with me fucking around with the module, I added some plastic washers lol

Also seller just got back to me, don't know if anyone has the data sheet yet for the YRM1001, havent seen it float around anywhere

if only someone could pin that

good idea

But yeah, this particular spot was what made me decide to break out plastic washers lol

https://www.youtube.com/watch?v=O-iruKFoSOc at around 7:03. Before that he goes over the app repo and the schematic, then I suppose he explains some stuff but I didn't listen cause it's in Spanish xD

right! You just reminded me that I also have a case to print for the board

so for him turning on the 5v made the detection work the first time (at least for a single sample size of that video), but when you did it, it didn't improve detection?

yeah, although the first 2 times I plugged in the board it was recognized without issues without switching to 5V. Then I had a few crashes while playing with the app and now it pretty much always shows the "No UHF Module found" message when opening the app regardless of the 5V setting but if I click on "Skip" it works fine

keep track of if you have the flipper plugged into USB: that automatically enabled 5v

yeah, good point but I'm pretty sure I was never plugged in when playing with the board 🤔

btw @vernal cape did you end up uploading the model files for the case somewhere? Are they for sale perhaps

I.... probably not actually, I should do that huh!

wait, I did!

https://github.com/Didgitalpunk/UHF-RFID_SAM-interface_Board/tree/main/Case

there's both .3mf and .sldprt if you want to print or open back in solidworks 🙂

aha! Nice

tbh? I have no clue what those files are anymore

ah yes, the enough time has passed and I sure hope past me knew what they were making moment 🤣

Ooh finally got a tracking update, it landed in Sydney! Now just another week because auspost are useless

Just saw that! 🙌

XDDD pretty much!

But also I worked a whole lot more on the v2 case since I made those two files, so I don't quite remember what I uploaded to GitHub back then ^^;

Mine is apparently off on its own adventure

An error occurred in the routing of your shipment. We are making every effort to ensure that he resumes his journey and ask you to accept our apologies.

You know, Frodo, journeys, package deliveries.... There's some lesson in there somewhere

For anyone who wants a SAM still I bought mine from this seller on ebay: https://www.ebay.com/itm/204533453585 came in official sealed HP packaging.. but i haven't tested it yet

Yeah eBay is the way to go

i found it on some other "questionable" places online for a little cheaper but most places had the whole "out of stock, but we will get it for you if you just order it" note on them.

I had seen also something about extracting sams out of readers? I'm guessing there's only some very specific readers you can do that with?

#1136167977708957737 message

so any reader that can interact with iClassSE?

do you know if they're soldered on, or still a SIM inside the potting?

thanksss

That might have been a comment by me. Yes, it's doable. They are soldered chips like the one on the adapter board.

(The blue pcb).

Interesting...
there's some cheap HID R10 readers on our french craigslist, 10 to 30 euros per... Could be worth it?

Do you want to make adapter pcbs?

Do you want to invest in desoldering equipment?

I also saw some omnikey readers, would that be interesting?

Kinda ^^

Those are easier to extract, but you can't use reader manager

Already have 😄

And HID doesn't give that firmware out anymore

Reader manager?

Ah, ok

https://www.hidglobal.com/products/reader-manager

Huh. I wonder if that was intentional on HIDs part to discourage SAM salvaging.

So basically, HID is anti legacy anymore.

When you reader manager a reader, it turns off config cards and tries to get you to turn off legacy.

To turn it on once it's off, you have to claim the reader by adding elite or mobile keys

If you scavenge readers, they will have unknown fw and unknown configs

It's a problem I deal with in my reader recycling.

Is there a way to test / upgrade /reset them?

I'll essentially do a bad firmware update (specially corrupted) that puts reader manager into a recovery mode

It forces reader manager to install new firmware on a bricked sam. Have to be very careful doing it right or I perma brick.

There are basically 3 things that destroy a reader

I can, but it takes special tooling and software, and even then isn't 100 percent effective. The alternative is a landfill, so it's worth it to me.

I have a bunch of phones set up to run reader manager, and some firmware cards that I remove at the wrong time.

Have to set a timer

XD

-0-0000 sku readers are usually fine

And do all the things

Ooh only hours away apparently!

Yay!

Yrm has arrived

seeing a few issues with the app, first it crashes on app open if the module wasnt already enabled with 5v manually or with usb plugged in. second it seems to crash if the uhf tag is moved even slightly by accident. but plugging into usb and leaving the tag in place, got a successful read!

it really likes to malloc(0) apparently lol

ill try to dig into the app and see what i can come up with when i have some time

yeah, the app is still a wip, and the newer realease is very unstable.

if you want a more stable version, you'll have to go back all the way to ofw.... 94.1 ? I think?
still a lot of crashes but that time it's firmware related and not fap related for the most part

module get 😄

just checking @vernal cape the colours on the cable are meaningless right? (black is VCC) looks like the colour order as this pic

I've got one of the larger modules so just wanting to make sure the pinouts didn't get swapped between them lol

I went off of how the connector was shaped, getting it in like you see in that pic was tedious, getting it in the other way was impossible lol and it seems to work for me, but yeah better to check if colors are different for you

do you have the pinout of your module handy?

(mine is printed on the pcb)

actually nevermind, just realised I could trivially check by buzzing out the gnd and 5v lines on the connector and the flipper header

it matches, 5v is indeed the black wire on those cables 😄

yes! I realized/rememberd too late in production that the wire colors for the cables I sent out are all a load of BS

For V2 that will be corrected, the sample I sent out to [secret] has the correct colors, since I did that a few days after doing my whole batch for V1 shipping.

but just in case, let me pull up the pinout for y'all

seen from the top

like you see on the board.

it should be the same pinout on the modules (don't look at that usb adapter, the cable they send you is crossed)

yeah sweet

is https://github.com/frux-c/uhf_rfidthe most up to date uhf app for the flipper these days?

yep

lol bus fault or mpu fault every time I try to do a read, but it can talk to the module at least so hardware is working 😄

That's my experience aswell

I've found positioning matters

Try putting the tag in a spot before clicking read and keeping it there, if it crashes move it a bit and try again

Still I want to look into it when I have some time to get it fixed, hopefully tomorrow

my slightly larger module fits 😄

need some smaller screws (or maybe I'll just use a dremel)

used some nylon washers to lift it off the board a little since the connector is underneath and a little bit of foam (held to the flipper module with some double sided tape) I had laying around to support the rest of the board

M2 screw for the smaller hole and M3 for the larger

nice!

I've experienced the same, reported that to the author, and they said it's unlikely related to position

yes and no. positioning is realted to tag pickup speed/reading speed, and reading the tag is related to the crashes.

I gotta say the read distance is kinda impressive for such a small module

Got it to pick up and successfully read at like 30-40cm distance with 20dbm

yep, it's not too bad!

The one I've got I read a tag at Defcon last year from about a meter away

https://www.jyl-world.com/wp-content/uploads/2023/06/JYL-Tech-Passive-UHF-LED-label-Flashing-Guidance.en_.pdf LED flashing UHF tags 😄

Yep, I got some as well, but I don't think the yrm1001 is powerful enough to activate it

Mine are Kiloway chips

Holy crap! They're the ones that made the inlays I had as an option!

Props for taking the time to figure it out and do it right 🙂 tons of people take shortcuts and it usually leads to bad experiences. That said I received mine the other day how to pick up a UHF module for it lol

Aww thanks! The link for the modules is pinned, just in case, but any yrm module should work (or M5 stack and clones, too)

just finished my finals. time to pick up a little on this project

but did you get passing grades

i did😎

Fuck yeah, that rocks! Congrats!

I think that's the hid Sam

indeed it was!

@harsh igloo managed to successfully read the iclass SE cards and i think the seos IP one

though im struggling a bit. works fine on ofw, but crashes when i try to read on the unnamed firmware. the new TLSF allocator (not yet merged on ofw) complains a lot about memory mismanagement and causes busfaults. i suspect theres some use after free()s, or some double free()s. ive fixed 3 or 4 apps that had this issue thus far, seader is up next )

Seader? @harsh igloo

right maybe i should move to #1185787657268240394 ? this is for uhf afterall 😄

^^

so i was debugging today, and it seems like i was sending the commands way too fast. I'm using my esp32 to see the incoming cmds

it would start cutting off

saw this shared on the flipper reddit, seems to require a m6e nano uhf rfid reader, as for emulate/write im not entirely sure, screenshots mention "internal" antenna, idk if internal as in somehow using flipper zero hardware, or internal to the m6e nano.
https://github.com/haffnerriley/Simultaneous-UHF-RFID-FlipperZero
they also mentioned they want to add support for YRM1001
https://www.reddit.com/r/flipperzero/comments/1d278i1/simultaneous_uhf_rfid_app/?rdt=38149

it mentions reading up to 150 tags per second

also it mentions requiring a rpi zero for the "ThingMagic mercury" api, which im not entirely sure if its necessary for regular usage

i can contact him on dev for yrm modules, i need more brains on this😅. but i’ve not heard of the module hes using before

and this repo is new

2hrs ago

yep, shared as soon as i saw it

Sweet, I have that one too

This is odd

Heh.
I guess if you want to run the Flipper, or a fleet of flippers as rapid UHF writers 😅

Although the github insinuates they're using it as an abstraction layer to the UHF hardware

Booooooooooooo!

Also just looking a bit at the price of those modules, it's almost at the point where making a board with these would turn the flipper into the add-on itself.

And good thing it's the nano version

It's at least using an Impinj chip inside, the M7e hecto uses an E310. So at least you know there's good documentation.

sup guys!
https://github.com/frux-c/uhf_rfid/commit/0e03ab5d41be874c5be1a763f430feac46309fed

really need that device, how and where can i buy this one?

how? with money of course?

https://tenor.com/bo3K0.gif

where? from my store! but for now I'm out of stock and parts are not available to buy for another few months (mid/end august iirc), so you'll have to wait a bit 🙂

Good! Where can i check your store?

by clicking their profile picture and reading

Internal to the sparkfun simultaneous reader. Using an external antenna has different power requirements so I thought I would add a feature in the future to protect against overpowering anything.

Hey everyone, just joined and thought I would share the app I just made. I didn’t realize @eager moss ‘s app was a thing until I had gotten to the end of making mine. However, it works with the m6e nano module. I had trouble getting the flipper and m6e nano to communicate directly so that’s why I used the pi zero to intermediate. I plan on figuring out how to do this without the pi in the future and also wanted to add more support for other modules. Feel free to check it out and also provide any feedback, ideas, or concerns: https://github.com/haffnerriley/Simultaneous-UHF-RFID-FlipperZero

Also I would be interested in collaborating with anyone interested!

Hi @shy wadi was planning on contacting you if you look earlier in the message. @teal laurel had mentioned you

Yea I just saw. Dm me and let’s talk!

I’ll contact you later in the day. I work fulltime atm😅

I had trouble getting the flipper and m6e nano to communicate directly
can you elaborate on this? I have an m6e I haven't played with yet.

Sounds good!

So the m6e requires the thing magic api which has a c api but I was overwhelmed by it and couldn’t quite figure out how to get it to compile correctly for the flipper zero 😅

does it ultimately speak to the device over uart?

I was going to look at "ThingMagic Baremetal Interfacing Guide" on https://www.jadaktech.com/product/thingmagic-mercury-api/, but it's locked behind giving personal details

Def seems to be just UART comms

the mercuryapi download also seems to have a stm32 based code example in the baremetal directory as well.

Are you the guy from reddit?

indeed they are

Yes I am from Reddit

And yea it does just use uart. So there is definitely a way to do it. Could definitely use all the help I can get

see you all in #1063477855482286154 momentarily

ah yeah it looks snapped in other pics too.

didn't turn out too bad

Noproto got a flippermeister? 👀

I've had it for a while but didn't want to risk losing it while I traveled in europe. I still need to find a SAM on eBay

truthfully I wanted a portable handheld QR code to the seader repository. great for rapidly pulling up the seader application source on a moments notice

That's not a bad idea actually... I could make a little pendant thing with art on one side and all three repos' QR codes on the other...

Now if only I could art.

god I know that feeling...

We can sob together in our non-artisticness

If you're that bored I don't suppose you know a thing or two about PLLs? 😂

I’ve been running into PLL issues as well of late — can’t get the “pll/osc stabilized” IRQ to assert on the chip I’m trying to use for a F0 usb host

Pain

PLL internal to the USB host chip?

Indeed

Damn. I guess I'm 2 months late from ordering the custom board from Digits.

Anyone had success with copying their transcore gate tags?

nah, just three~ish months early for the V2!

what could cause furi check failed?

here's the callstack?

this only happens when i run the app without power plugged in

this is the last part in my code base that raises the assert faliure

i think i figure it out. i had to enable 5v before initializing my app

It tells you the line number

778

You have the same callback for usart and lpuart

oh i should set the other callback to null

Also init by app is weird, I suggest you do it all in there, what you're doing is reminiscent from before the serial refactor, dangerous to do like that now. And you're missing a furi check in the uart handle, the acquire could return null so you need to check it

No, you should find out what logic issue lead to them being the same

Don't overwrite callbacks if you don't need to, maybe the system is using lpuart

How we have it in an unnamed CFW

@teal laurel here's my observation. the app with the original code didn't crash while plugged in to power

the app crashes while not plugged into power

do you use expansion_disable() at app start?

when i debug it. it lands at that furi_check, as you mentioned because the callbacks are the same.

i do not

why it thinks the callbacks are the same im not sure, but from

the app with the original code didn't crash while plugged in to power
the app crashes while not plugged into power
it soudns to me like if its already plugged, the module already started, so it doesnt output any data on serial when openin the app. instead, if its powered on by the app, it maybe outputs some data on serial. if you dont disable expansion, it will try to acquire serial as soon as any activity is on it, so your serial acquire is probably failing because the expansion service is fighting for it too. disable expansion, then acquire. i have a sneaky suspicion that this will help out, but not sure

i see the docs now

let me try that out

yeah when these changes are introduced upstream us CFW devs usually go through all apps we include and quickly patch them for the new changes. its often too much to make PRs to the original repos, but authors are always welcome to check and backport the changes. ive been making an effort more recently to PR back most of my changes, but this serial stuff was months ago

yea, i didn't have time to catch up on any changes.

i'm peeking at them as i go

as far as i recall, these serial init / expansion stuff are the only differences that CFW versions of your app have currently compared to your repo

but i can check in in a few minutes

fosho. thanks again

so far i added disabling the expansion as well as furi check on the handle

all is good for now

if anyone wants to test the changes out it. it will be in this commit
https://github.com/frux-c/uhf_rfid/commit/e8633bd4e541b4badf16605c4895e31c6e60dfba

once i address the instability issues i can then work on the ui updates.

so far looking so good

👀

"no longer produced"

https://tenor.com/bv7lg.gif

Oh shit

Well that’s not good…

Was that the part you were waiting for lol? Or what was the one out of stock

yeah. imma do a revision of this board after that to ensure better compatibility with other slots.

both!

I was waiting for it because it was out of stock, stated for back in stock in august

Yeah but it’s still a pain in the ass

it is not august and I have not received an email saying they had it again

ye

lol I can’t tell you how many times that’s happened

Surprise restock I guess

At least they have 1200 of them still

I'll also be working on a better sim-adapter-board thingy for those SAM cards that have the chip on them, so I can use a more normal socket

yeah. putting 200 in my basket

hurts to have to do that, but oh well

I mean how many boards where you planning on dropping this time around?

got 30 boards already spun up, so at most 60 slots (2 per board), potentially less if people want to solder down their own chip instead of using a card

Oh damn I guess 200 makes sense then it’s only about 3-4 boards drops I suppose

well, 29 actually, one already got assembled ans sent out as a demo unit 🤫

but maybe still 30, PCBway has a tendency to give you more boards than you ordered

exactly

For you maybe. I’ve never received anything extra from them 😢

I got lucky then maybe

They just don’t like me maybe

well, I mean, for sure I got lucky. on one of my orders I ordered 5 and got 11

matt black and yellow silk, but no enig

Oh wow that’s not like an extra 1 or 2

They definitely like you then lol

Last few orders I got from them didn’t even have a sticker it was just packed without love in a little box

wait, they give stickers?!

Yeah I got a few stickers with my first like 3 or 4 orders

Simple white ones and they just stopped afterwards

well, now I'm mad.

FREYA WANT STICKIES

I love stickers and I don’t even put them on anything lol I have a bowl full of stickers I get with my orders

I guess putting them on something is too much commitment for me but I love having them

I have a little drawer cabinet with some stickers on it

When I get home I’ll look for the pcbway stickers and show you

They are pretty plain and small but stickers nonetheless

actually, there is that green letter seal beside the MOTUL sticker that is from PCBway. was on a happy new year letter thing I got this year.

when no stickers you make do with what sticks!

Wait you got a happy new year letter?

They are just playing with my feelings now

Yeah, it was in with one of my orders

Not even signed, just print and pack

I think I just ordered at the right time

But look at this lil guy! So cute! And holographic!

shitty trumpet noises
HEAR YE HEAR YE, GOOD PEOPLE OF THE [UHF | RFID FOR FLIPPER] PROJECT THREAD,
I have good, nay, fantastic news for ye!
V2.5.4 flippermeister boards will soon be available on redteamtools.com!
Page should go up by the end of the week if final assembly goes smoothly, which it should!

When I finally do get the SIM slots I need and I put my own boards up on Tindie, they'll very likely be the same price, so no need to wait!
Go get you a V2 board!

Just the news I needed to hear!

apologies for not RTFMing, whats new in v2? 👀

You can all thank @lime hull for putting me in contact with the wonderful folks over there and enabling this 🙂

That's awesome

They're also in the US, which is nice for some shipping

I guess that would make it easier

Better layout, two Sam slots instead of one, 100% less bodges , ability to solder sam chips directly to the board, no more tiny switch to go between always on and software enabled for the UHF module, it devolved into a solder bridge, more text!, still all the original flippermeister logos and quote courtesy of @stuck nymph , better QR codes that scan more consistently (or at all) for some devices, and I'm sure more tiny details like that 🙂

I love that the quote made it there

It had to, and, project evolution and feature creep willing, it'll stay there for every board revision in the future 🙂

That makes me very happy

Make me very happy that it makes you very happy 😊

ability to solder sam chips directly to the board,
hello

Makes me even more happy that the fact that it makes me happy makes you happy

Hey there 😏

Might need to reach out to RTA and see about 3d printing some cases.

that'd be dope. I have files they can use!

For UHF?

for the case, I made one for me so the files are already done 🙂

Would you be willing to send them over to Babak?

yeah, for sure

I'll do that tomorrow, I need to make sure the files are all good, I think I remember modifying them to work on the printer at work

@vernal cape any update on board availibiity from redteamtools? Been keeping my eyes peeled but haven't seen anything yet and eager to get my hands on one 🙂

nope sorry, no final deadline for when it'll be up, but the gist of it is very_soon™️

They just launched their site redesign, so I imagine soon

I saw something I think might be useful for anyone interesting in working on the UHF app + add-on. Rabbit labs has a USB UART/TTL adapter that can go in between the add-on and the flipper. Would allow you to monitor the UHF module serial (and maybe monitor the Flipper logs?): https://rabbit-labs.com/product/rabbit-labs-supercereal-usbc-to-ttl-ftdi-breakout-w-flipper-board-uart/

i use an esp32 to redirect the uart for debugging but that looks handy

Howdy! Any updates on the new batch of boards? or from red team tools?

No news, no, I'll shoot them a message to see what's up Monday

thanks to @stark bay for being so patient with the shipping on his order, it was an absolutely insane ride

THREE FUCKING MONTHS. TWO TRANS-ATLANTIC AIRPLANE TRIPS. Holy shit at the carbon emisions of a tiny package like that. if I ever want to get an 'eco-friendly' sticker for my store, I better start planting trees real quick

It was a wild ride.

JAMAICA
amazing lol

(P sure that's just the Jamaica in Queens, NY; still a wild trip though)

(yeah, it is, surprised me too at first though! ^^)

Hey @vernal cape did a schematic of the UHF board ever get published? Curious which pins are used for UHF vs NARD, contemplating making up a cable so I can plug my USB ttl adapter to it directly rather than having to disconnect the module from the board if I want to use it with my PC

hmmmm, yes and no. The whole kicad project is right there in the repo, but I never exported a pdf of the schematics! lemme pull up that info

Haha got a link to the repo? I did a quick google and couldn't even find that only the tinde page 😅

there we go. schematic won't completely match with the V1 boards that have shipped out, but the headers going to the flipper zero are unchanged

Yeah headers is what I'm after really

damn! https://github.com/Didgitalpunk/UHF-RFID_SAM-interface_Board

(it's fixed on the V2+ boards, got my repo on it :p )

Ah I was searching for digits not didgitalpunk

:p

On the v1 board is the EN connected to 3v3 or C3 header by default?

(EN on the picoblade)

neither, it goes to the mini switch between the headers, allows you to select either 🙂

changed it to a solder bridge on V2+ because odds are you'll set it once and leave it anyways, and that mini switch is very nice, but not exactly cheap

ahh

there's writing on the board on either side of the switch to tell you what's selected 😉

Yeah of course

Made up a quick cable before Defcon 😁

(that's red sharpie not blood)

I need to get my m5stack hooked up USB to PC.

I have some personalization to do of some tags.

Whats the current status of the v2 boards, haven't bin here in a while 🙂

still on hold for a bit, still need to pass the order for the sim slots.
I haven't had any news from RedTeamTools in a bit about their V2 batch, I'm guessing they've had their hands busy lately, and I've been too out of it to work on all this lately ^^;

oof, gotcha. Thanks for the update!

thanks for asking! motivated me enough to pass the order for those darn slots!

lol I mixed up black and dark blue, didn't damage anything though at least

yeah, their color code is shit. and so is mine since I copied it ^^;

I really need to find out what screws you all used to mount the YRM to the FlipperMeister

When I get some time I'll use the FlipperMeister to research ValidFill tags. It's odd how popular it is, and yet nobody has cloned one to test it out 👀

There are posts online that say a UHF reader will cost me thousands of dollars lol. I guess they never heard about a YRM?

Could be dated. When I got my uhf gun reader some years ago it was considered a steal if it was less than 100 USD.
Used to be you basically had to look for used industrial/commercial stuff.

Maybe? It was a 2 year old post

M2.5 screws, iirc I used 10mm long ones

unless you were looking for a link to the srews we bought ^^;

I'd suggest screw kits from aliexpress/amazon, or McMaster if you're in the US, or even mouser (https://www.mouser.fr/c/electromechanical/hardware/screws-fasteners/?q=M2.5)

long ago i got a roll of some thin double sided glue-tape thingy, saw it lying around so i just slapped some around the cutout and yrm stuck perfectly

precise one i bought back then https://www.amazon.co.uk/dp/B09MSTLH2R

but screws are probably better

Am I gonna have to make a UHF mounting gore thread? 😂
Next some one is gonna use hot glue lol

#1136167977708957737 message tell me with a straight face that you can even tell theres some adhesive there... i know you cant

Just because you hid the crimes doesnt mean they don't exist 😂 /s
But nah, your tape job is clean lol

ok fair you have a point xD

no body no crime!!

My HID door simulator uses hot glue to stick on a boost converter and rs485 jigger

Rejoice! Things are moving slightly!

btw, is anyone here at defcon right now?

If you are, and can find Babak, ask them about the Flippermeister and how to get one!
Don't tell him I sent you 😏

Yes, a good chunk of the NFC lotr folk are

Yeah, saw some of the boards. Look nice!

Don’t mind me, I’m here for the FlipperMeister

O.o

if this keeps up, imma run out of stock instantly again xD

Curious if V2 is still in the works?

yes, that's the one I have in pre-prod right now.

boards are made, components are had, I just need time and space to make'em

Exciting news!

I can’t wait to get my hands on one!

So quick question: Will V2 be a separate listing on Tindie, or will my notification request still be valid from the V1 listing?

Separate listing. Technically it's already made, but not published.

Can't remember if I put pictures in it actually 🤔

How screwed am I :)

Can’t tell if this is just UHF or UHF+HF

Was gonna pick up some modules to play around with it, can’t tell if this is beyond me yet haha

#nfc message

is there an STL somewhere for a case for the board?

I feel like I saw one at one point

You definitely most probably did

There might be one in my repo? Not sure anymore, and not sure which version it is for either ^^'

Depends on what you want to do, what you have is a UHF parking tag.

Make a duplicate

very unlikely to succeed, but you can try! you'll need a TID changeable tag to have any chance at all though, and those are kind of a black box at the moment.

Gotcha, figured I’d need a TID changeable. Curious as to why those are a black box… thought TID is easily readable

Prob gonna go with Mr Key Fob online, one of those private guys that know what they’re doing

that's one way to do it, yep!

black box because we have 0 info on them. no datasheet, basic blurb, manufacturer, silicon photograph, anything. all the folks that sell it that have been contacted all seem to either juste recite the product page, or just tell you they don't have/ can't share anything. fairly infuriating ^^

Could he use one of these to make a duplicate? It is labeled as: “UHF Card RFID tracking Alien H3 Chip long Reading distance Card”

No clue, Mr key fob does his own thing, and iirc, is not very liked by the community because they don't share anything they find, but do use what the community find.

But from my (limited) perspective, no. The system probably checks the TID, which is completely unique for each tag, so you need a tag where you can change the TID, but possibly also need other features from the OG tag to be present.

If the system doesn't check the TID, then you're in luck and can try and copy all the rest to a similar tag. For that you'll need to scan your OG tag to determine what chip it uses

Yeah I figured, I’m sure it’s super specific for commercial use too, I don’t doubt he’s in this server

He’s payed though so I’m sure he has decent incentive to research deeper and more expensive equipment.

Any experience with this device? found it on eBay. Don’t know much about it, looking forward to playing around with it.

not really, a lot of folks making actual discoveries aren't payed to do them, they just like tinkering with stuff and sharing knowledge 🙂

not at all, never seen or heard of it!

looks good!

xD

pass through cable be like

laughed my ass off for a good two minutes at that pass-through cable xD

maybe change the picture of the connector pin removal to one done with an X-acto blade, less chance to pry the plastic tabs off in my experience, since the tool is thinner

this one

looks like the person is using a super duper small screwdriver

Got a better name for it?

I included a picture of a cable with the wires color-coded for clarity.

I'm sure there's an even more specific name for cables where the connectors are oriented the same way and pinned to the same wires(1-1, 2-2, ...) but no clue on what that might be, and tbh pass-through cable is plenty descriptive enough

that's a very nice touch actually

cable schematics are usually pretty confusing even for super simple stuff, I'm still looking for a cable cad software that doesn't just output a crappy diagram, but is simple to use and set up

Just added support for the yrm100 reader. Supports locking and killing tags too. It is based on frux’s code. Check it out! https://github.com/haffnerriley/Simultaneous-UHF-RFID-FlipperZero

Does it do direct connection or need the raspberry pi bridge?

Looks like no. The pi should be easy to remove for the spark fun board. Just need to interface the lower level commands.

I checked that with YRM100 wired to gpio (no rpi or digits’ board) and it works, but crashes after reading a few tags. Errors are oom and mpu fault. Edit: can’t get oom anymore, only mpu fault, possible stack overflow

No pi needed for the yrm100! Yea. I can figure out removing the pi for the m6e and m7e readers later.

Yea it’s possible there are still some bugs. I will work on resolving them as they are found!

But yea any bugs that you all find please lmk and I will try to get them fixed when I have the time!

yeah, I'm sure Frux is working on that too when they got time, you two should work together!

Yea we’ve been in contact. He told me he’s a bit busy with work atm. But you’re right we should work together!

Tag for my neighborhood, looking for guidance on making a duplicate

what have you tried so far?

Not much yet, I put my little Bluetooth reader on it and it just popped out “0058”. I’ll put my Mtools reader on it to see if it’ll spit out more data.

what bluetooth reader is taht?

Tertium Blueberry HS. I love it. This is it in the video, scanning a different tag.

Iirc, AWID stuff can't be cloned

We talked (and tried) about it a bit of time ago

#1136167977708957737 message

Noo! For real? What is special about them so that they can’t be duplicated?
Could I just use one of their recommended cards/tags?

no, you couldn't, not without going to your access supervisor and enrolling the new tag in the system.

MKF can

https://www.redteamtools.com/flippermeister/

Ordered!

Nice

Nice. Those SAMs should be R8. R8.9.2.1 specifically.

Seader vulnerable to that CVE finally 😂

Yep!

ah, good to know!

aaaawwwwwww sweet!

@eager moss ! they're here!

I'm naive to the SAM variants, bringing my own (Y7C07A). Cursory search on R8.9.2.1 / general SAM variant info not yielding results for me; any relevant distinctions across versions / reference materials on the versions out there?

It doesn't make much difference beyond the auth bypass bug for iClass

Seader can emulate it if @harsh igloo wants by just lying to the SAM and pretending everything is SR and using known legacy keys.

it's up!

@vernal cape 🙏

was scrolling to try and find something and came across it, so hey!

Meister on the way! Pretty jazzed about it

Sweet! Thank you for the purchase!

I’m excited! What Flipper app does it interface with? What data from the UHF tags does it read? EPC, TID and user?

look in the pins for a link to Frux's repo, unfortunately it's not in the flipper store (yet!)
as for what it reads, it depends on what your tag has! some tags don't have user data for example. but whatever your tag has, it'll read it, provided it's not behind a password

Awesome, thanks. Got a feeling I’m about to have a lot of questions for y’all😂

wait what? what'd I miss?

Must’ve been the wind

guess so

lol, just a breeze

I got a little broad with a UHF question. Off-topic, if you will

Mine is on the way as well. Also purchased from RedTeamTools. Thanks @vernal cape looking forward to receiving it and putting it to use.

ah, ok

nice, ty!

Mine as welL! 🙂 Got the shipping info late yesterday

Ty very much!

I needed that setup guide. Now I'll finally get the M2 bolts and nuts I need. Wasn't sure how to secure the YRM.

Looking forward to giving Seader a spin

(will order a SAM soon)

is the sam located in the board? i dont see it on the back of the motherboard

You see where the SAM, or a SIM holder, can be soldered on, in the product photos: https://www.redteamtools.com/flippermeister/

Depends on if you ordered with or without it

and the choice for without/with is only for normal SAMs, RTT does not offer a U90 SAM version

i see, i will obtain that myself

Anyone come up with a 3d printed case for the flippermeister yet? I thought I remembered seeing links to an STL at one point, but I can't seem to find them now.

Flippermeister arrived today! Should I use the module that came with it or spice it up a bit?🤣🤣

Well do you want to read tags across the damn parking lot? lol

Ideally

unless you have code to use with it, knowledge on how to extract the SAM from a U90 reader, and access to @lime hull 's mind, I doubt you will have any use for a +300$ chip 🙂

badabim badaboom
I got the link, my choom!

https://github.com/Didgitalpunk/UHF-RFID_SAM-interface_Board/tree/main/Case V2.0/case parts

Case options for days!

you can get the inserts specified (IUTB-M2-318-PennEngineering) on mouser, or find your own from other suppliers 🙂

well i got one to mess with and a giant antenna from it

nice then!

Thx for posting, case works good

😮 how do you get that design? is that the filament?

its the Build plate that allows me to do that

Neat

You rock!!

Just received some cards from Ali. They are supposed to be dual rfid (T5577 and UHF).

What is the best software for using the YRM100 module via the USB PC connection?

Yes, I know I’m lazy I haven’t mounted my YRM module 😂. Do all these zeroes mean my AWID tag is locked?

what app is that?

is ther a datsheet?

Have you already seen previous AWID conversations: #1136167977708957737 message

It's the Simultaneous UHF RFID app by Riley Haffner. I also tried the Frux varient with same results. As @harsh igloo mentioned, I was able to do some further research via the search on this group and there doesn't seem to be much success with AWID tags. I notice the information read from the tag literally changes upon every read.

There doesn't seem to be much success with AWID tags
I'd read previous discussions of AWID

Yeah, I should of read as well. O well, at least I have a UHF module for future projects 🙂

and MKF can do it, so someone with a UHF module might be the one who figures out how they do it and helps the community

Looking forward to this project gaining further traction and being able to provide what it needs for the community. MKF can make me a copy to an AWID keycard for $120. Seems like a lot but I guess when you're the sole source provider you can charge what you want lol

Does anyone know if there is a Windows program we can use in conjunction with the YRM100 module?

oh sweet! I didn't realize he had implemented Frux's code already!

well, Frux's code or any code that works with the YRM modules for that matter

I'll have to play with it a bit, lots of crashing for me for now

Yeah, it crashes here and there but not too bad honestly. I don't have other tags only my AWID. What I do notice is that everytime I read the tag it gets a differen't result

yeah, then it's like credit cards where the UID changes each time

does all the data chage every time?

Dang! Finally sat down to get started on this thing and realized that Red Team didn’t send me the connector cable for the full kit. Can I just cut and reverse order the rainbow colored wires that are on the current module wire harness?

I thought their kid included the cable

and also has instructions about re-ordering (without cutting)

It was supposed to! Then I realized from looking at other pictures that they must’ve forgot to include that connector cable with my order. if I use the cable that came with it, I just need to reverse order everything except for the yellow wire in the middle?

Double check that, I think the one my module came with ages back didn't need reversing

I don't think you have v2

Check the Vcc pin on the module and the board against the flipper header pinout

I have v1 from Digits direct and didn't need to make an adjustment

Did they change the pinout on the board? Or was it the little black cable that's the issue?

I figured it was the little black cable that was the problem and the board pinout was the same

At any rate double checking the Vcc pin with a multimeter is cheap insurance against accidentally blowing up your UHF module 😅

I cut them and reversed them. It’s working great!

This one needed reversing, but I emailed red team tools to get the proper cable.

yeah, if you bought it from RTT thats v2

Not every time, just every couple reads.

wierd

very wierd

I know. Any idea what these values mean? I noticed it’s the same between mine and @potent orbit AWID tags. I’m guessing it’s a proprietary reading to AWID cards.

you should read the EPC standard, it explains all the acronyms you'll encounter 🙂
in this case.... I forgor
I know CRC is just your checksum, you can dismiss that. If that changes, then it means the PC and EPC have changed.

PC iirc determines what size your EPC is, among other things.

you can configure your EPC to have a length of 0 for example

here ya go, found it

@soft saddle 👆

just ctrl+F the terms like EPC, PC, CRC, and they should take you to very clear explanations for them 🙂

Sweet. Thanks

Hi there, does the UHF Flipper Zero App (https://github.com/haffnerriley/Simultaneous-UHF-RFID-FlipperZero ) still support YRM100?

I’m asking it because after the install, I opened the app, but it is frozen

Flipper Zero Firmware 1.0.1

With other App UHF_RFID I successfully read the tags, but that App unfortunately doesn’t contains the same features

It supports the Firmware 1.0.1 ?

Yea it still supports it. I haven’t had the time to work on it recently because I just started a full time job a few months ago. If anyone is experiencing any bugs don’t hesitate to reach out [email protected]. I usually respond within a few hours. I don’t check discord as often

Actually, after I installed the App, it isn’t usable, there is a button but doesn’t works, I didn’t receive any kind of error

I used the Flipper Zero Official Version 1.0.1 and YRM100 module without any other device, I mean the YRM is connected directly to the to the F0

Did you toggle the connect setting in the configure menu?

Yea the setup you have sounds fine

Wait a sec

I will send a video

To be mentioned that using the other UHF App I was able to read the tags

This

Also If you back out of an app, generally, assume it loses settings.

Also GPIO apps enable 5V when you launch them usually

No need to do it in the GPIO menu beforehand

The external antenna setting is currently working in progress and may cause confusion so sorry about that. Just use the internal antenna selection and make sure you press the connect button before you change any of the reader settings.

The reader app settings will not persist across runs, so you’re corrected when it is closed out of the settings will not be saved. I have added that as a feature to work on for a future release so that the reader settings will be saved, and you can just open the app and start reading immediately but for now every time you open the app, you’ll have to enter the correct settings and make sure you’ve toggle the connect button in the configuration menu before you change any of those.

sorry if any of this is unclear, I’m currently driving and using speech to text

I reproduced the steps and this time something is changed, actually when I pressed start button the F0 is shut down

Hmm that’s strange. Try theses steps: make sure the module is plugged in. Open the uhf rfid app. Go to the config menu and first select the YrM100 module. Next select connect (should display Disconnect afterwards). Then toggle any other settings such as power, region, etc… then once you go to the read screen it should hopefully work. Once again there are certainly bugs that I need to hunt down so you may experience some crashing but hopefully those steps work.

I’ve gotten some emails from others who have had trouble getting the app working so I think I will make a tutorial video and update my documentation to be more clear and specific. Sorry if any of my instructions were unclear! Hopefully you get it working!

Some news, by respecting your steps the Flipper Zero LED is blinking, but still not able to read the Tag. For the last “power off” what I told you, I received the following error after the restart (maybe it could help you for your error fix - video)

Maybe there is a bug during the compilation process, if I remember I received an error - something about an Application List or Manifest which is missing

Do you have another UHF tag to test with?

Yes, I have cards and stickers too

Different tags

It fails and the F0 is automatically restarted

Works

The problem is that the F0 restarts more times until it’s able to read it

I’m not sure where is the bug actually

the UHF app is quite unstable

I’m committed with a new question, is there a difference between YRM100 and Simultaneous UHF RFID Reader? I know the reading distance is a difference, but are sometimes else? Some additional protocols?

not quite sure what you mean, YRM100 is a reading hardware module, Simultaneous UHF RFID Reader is a piece of software?

Simultaneous UHF is from Sparkfun (hardware)

wait, is the app just also named like that?!

Yes the app is named after the sparkfun board because it supports it as well

Yea sorry the app is unstable. I’m sure there are some underlying memory management issues that I need to fix up. If you find anything that is easy to recreate I would appreciate you opening up a GitHub issue so it is easier for me to track 🙂

👍🏻

What is the difference between getting the YRM1001 module and connecting it directly to flipper compared to buying something like https://www.tindie.com/products/didgitalpunk/flippermeister-v1/ (sold out) and attaching the YRM1001 to this?

SIM card slot and SEC1210 chip on the back of the board (2nd photo)

I dunno if a run of v1 will be made again. v2 is here: https://www.redteamtools.com/flippermeister/

I am trying to use the YRM100 module to read my condo's garage fob and duplicate it. Would I still need something like flippermeister to achieve this or is the YRM enough?

I would do further investigation before investing. Have you identified the system used? Search the server for AWID and you'll see an example of one that cannot be cloned by the flipper

The YRM100 can be directly connected to the flipper. The board makes it a nice/easy connection

https://github.com/frux-c/uhf_rfid has pictures of such

And YRM100 (connected directly to F0) can write to a new tag as well assuming the card isn't locked?

I dunno if a run of v1 will be made again.
nope! V1 is dead and buried, V2 is already up at redteamtools, and will be up at some point on my tindie as well when I get time

Is there a possibility to use UHF module for frequency Analyse?

Does the UHF App support it?

Frequency analysis?

Yes, sorry for the mistake, the keyboard used other layout 🙂

nah, can't do that, the app has no option for it, and the readers don't either afaik

If anyone is feeling generous, I'd love an ELI5 of why I can read and write using https://github.com/frux-c/uhf_rfid with a YRM100, but cannot emulate a saved tag? My dumb self just assumed "writing is surely more complicated than emulating"..

I tried reading and understanding all existing convos around UHF emulation, it just seems like the boulevard of broken dreams tho

All of the RF is being done by the module and the code is just controlling it and displaying results. UHF tags work by reflecting transmitted power back to a receiver and the module is the transmitter and receiver and not set up to do the reflecting

Interesting, thank you for the explanation

More interestingly there are actually very few references around about emulation and based off my reading of the specifications a bad acting tag could cause a lot of trouble in a uhf reader environment

I could see the longer range the tag the greater need for security

Newbie question: I got a YRM-100 from Ali Express and it came with a USB-TTL. Can I connect it directly to the F0 through the usb port? I would also need to use a usb A to C adapter if that makes a difference.

No, it has to communicate over gpio.

Thanks. Bummer. That would have made it so much easier.

Do you have any recommendations for a temporary no-solder, no-frills method of attaching it?

You'd be looking for the board that is sold in this very thread when it's in stock

Ah, thanks for the quick answer. I should have done my homework.

Well...this calls for a project that will be 3 times as expensive and require two modules (one to replace the one I burn out)!

what are you trying to do?

Just trying to connect the YRM-100 module. It came with a USB-TTL and I wondered if I could connect through that instead of GPIO.

You already got an answer to that

Yup. Just responding Digits

then yep, you either need to buy my board ( horray for me!!!! :p) or you can scroll up a lot in this very channel to see what we were doing before we had the flippermeister 🙂

I'm just going to solder some headers onto the module and connect it temporarily with jumpers when I need it. I'm actually just about to do that as soon as I get my shit set up. 🤷‍♂️

Any advice?

Yep, I have advice:
Don't use the onboard headers xD

They aren't a duplicate output of the onboard connector already present, found that out the hard way with my V1 board

Lol. Okay why? I was just confirming the pinout before getting started.

Afair, they're used do the initial programing of the module's brains

Oh. Well fuck.

yeah, apart from gnd an VCC, completely useless.

Well that's good to know!

Okay, so this is what I have to work with. Micro JS something or other?

Molex picoblade

Thanks. I assume adapters exist? Going to look now.

Never looked! I have the tools to crimp both Dupont clones and picoblade ^^

I was just thinking about crimping them myself. I did find some premade:

https://a.co/d/3pkg2Gw

Good find!

I guess I'll just get one of those.

Do you use picoblade connectors in your build or did I just order the module with the wrong configuration?

Heyyyy, what about using these? 🙂 Think that would work?

Actually yes! That should work!

Hell yes, this thing is going to be fugly. 😂

Thanks for the help. I'll report back.

Picoblade all the way, I make custom short-length cables for my customers

Ugly as promised but F0 says no UHF module found.

BUT, if the square pad is 1 and I disregard the labels... here is what I find on github:

YRM100: 1 (VCC) -> FZ: 1 (5V)
YRM100: 2 (RXD) -> FZ: 13 or 15 (these are TX pins)
YRM100: 3 (TXD) -> FZ: 14 or 16 (these are RX pins)
YRM100: 4 (EN) -> FZ: 9 (3.3V)
YRM100: 5 (GND) -> FZ: 8 or 11 or 18 (GND)

Switch between UART Pins 13/14 and 15/16 setting in:
Flipper -> GPIO -> USB-UART Bridge -> LEFT -> UART Pins

Also make sure to enable 5V in Flipper -> GPIO

When in doubt, swap TX and RX pins

Nope. I also switched them to 15,16 and tried that.

I notice that when I plug in 3V3 the blue led on the module lights up briefly, then goes out. Does that say anything to you?

Only connect +5V, you don't need 3.3v.
Connect module, then launch app

Okay, I removed 3.3, connected module, then launched app- Blue lit briefly, then went out. No module found

Switched TX and RX - same thing.

Switched location of ground from 8 to 11, to 18 - all the same.

I'm going to check settings and retry everything.

Look at the labels on the USB-TTL. Are those correct?

Thanks for all the help by the way. I really appreciate it.

This is the software I am using: https://search.app?link=https%3A%2F%2Fgithub.com%2Ffrux-c%2Fuhf_rfid&utm_campaign=aga&utm_source=agsadl1%2Csh%2Fx%2Fgs%2Fm2%2F4

I admittantly haven't read through it. It just occurred to me that we may not be talking about the same software. I'm going to do that next.

Spam retry, Frux's software has a delay issue between 5V_enable and detect_reader

I'm confidant at one point we'll have an app that works smoothly 😌

Also you can plug your flipper to charge while using peripherals, that forces the 5V to be always on, so no more delay problems 🙂

Okay, I'll try spamming and charging.

I enabled 5V manually. The sofware doesn't just "toggle it" on/off I hope.

It does toggle it on and off automatically

So that you don't need to do it manually

I'm at a loss. I even went back and resoldered.

It flashes blue momentarily, then back to red.

Maybe it's something with the USB-TTL?

Well anyway, I ordered the picoblade to dupont adapter. That's my next step.

But, just to confirm, from top to bottom in the picture?:
5V
GND
RX
TX
3V

I got the adapter. I get a solid blue light on the module now, so I take that as a good sign. The F0 still says no detector though. Even when I plug in to charge. I also tried swapping RX and TX. 🤔

Any other ideas?

Feel free to check out my app that also supports the YRM100 😄. https://github.com/haffnerriley/Simultaneous-UHF-RFID-FlipperZero

and it doesn't require a downgrade!

i can’t keep up 😭, im a full time swe and a full time student. hopefully starting spring i can work on it again. im graduating this fall 🕺💃

this spring 🙌 hopefully

Take your time, this is a hobby

Yeah man, no worries. It's awesome what you've done already.

Alright, does anyone have other ideas for me to try to get this thing working? Are there settings in the F0 I might be missing?

Any ideas for testing to make sure the module is working correctly?

I'm out of things to try.

Sorry Riley, I haven't tried your app yet. Does it work with all the most common f-wares?

Hey! I had similar problem. I’m not entirely sure why, but it seems yrm100 can’t be connected to usb-ttl (even if it’s not connected to pc) and flipper. Try to wire up your module with usb-ttl completely separated

Thanks. I did. No luck.

Just checked mine (the module is directly wired to flipper, without digits’ board) with a simultaneous rfid app. It crashes the flipper, so it must be still working😅. What app do you use? Frux’s app had issues detecting the module, simultaneous rfid just lights up the module and crashes.

I mean, you won’t be able to read tags on the first try (both apps are WIP), so you have to try multiple times. But if LEDs are glowing - it’s a good sign. When I was wiring the module I had like 3 success detections out of 10 and 2 successful reads out of 10.

I'm wired direct too. I'm using Frux's app. I think I've ruled out the voltage detection bug. I can skip past the "module not found" and attempt to read anyway but haven't had any luck there. I have started the app many, many times in many ways and it's never detected the module either.

@frux.c What is the reason for the option to skip past the "module not detected" message? Will it attempt to read anyway?

it will attempt to do so. however the original intention is incase you want to see the saved tags

you could call it "offline mode"

and disable the read button as well

Well gang, somehow I got it to work. I was messing with various setting in the F0 and it started working. I cant say for sure what I did. Under settings/system Log Device is set to USART, I changed Log Baud Rate to 9600 (I found that in the YRM100 specs). Also, under Settings/Expansion Modules I have Listen UART set to USART.

I also successfully read, saved, a wrote a tag. The new tag I wrote to didn't open my gate, but the reader did register that it read a tag. I'm going to look into that a bit.

Did you read the new tag after wrote it and check that it has the new data on it?

Instead of just the original data it came with on it

also, your garage tag, is it any specific brand? like AWID for example?

No, I didn't even think to check the new tag. I will.

Yeah. Here are the specs on it and the reader.

Yes to AWID?

Oh, sorry. The tag I read was an EMX TRES 900 Viper. The gate is an EMX TRES Patriot.

I wrote to two tags. One was another EMX-TRES tag (not sure if it was actually writeable but the app said it was a successful write). The other tag was one that came with the module. I'm not sure if it's writeable either.

I'm going to check the tags to see if they match what I read off the original. I will also buy some tags that are for-sure writeable. I just haven't messed with it much since I was able to read a tag.

I also found, and started to read the Generation 2 UHF RFID communication protocol last night to try to make some sense of the data on the tag I read, but it's way out of my wheelhouse.

not sure if the app checks data after a write operation

alright, do a read to make sure the data is indeed what you wrote, and at the same time look at the TID and give me the first eight digits, should look like E2xx-xxxx

that should let us determine what chip is in there

because this is just the end of the chain, the chip inside that inlay is not made by them, and even the picture of the inlay on their website says Smartrac, which is yet another manufacturer.

nesting dolls of manufacturers

Yeah, it does say Smartrac. It took some searching to figure out EMX TRES.

Okay, I checked the written tag. The EPC bank (12 bytes) matches the original read.

However...This seems weird - when I look at the info of the original read on the Flipper, the TID is blank. But, when I look at the read info of the tag I wrote to, the TID is E2 80 11 00 20 00 72 45 A1 8D

I'm wondering if I didn't get the TID on the original read, and when I wrote to a new tag it just left its TID as whatever it was when manufactured?

I read 4 different blank tags repeatedly. Sometimes I didn't get a TID, sometimes I got 2 or 6 bytes. The longest I got was 10 on all of them.

Okay, I got everything to work - gate opened! Yay!

I'll detail some observations a little later.

Okay - so everything worked. Nice job @eager moss and thanks to @vernal cape for all the help.

I still have no idea how I got the module to start working, but it has ever since.

A few notes about the app: It does as promised, but crashes weren't uncommon. Sometimes it said the crash was memory related, sometimes something about a BUS error, but most of the time it said it may have been a stack overflow. It seemed to crash frequently when I used the back button to navigate back rather than the left arrow navigation option.

On "successful reads" for the tags I'm using, it always successfuly read the 12 bytes EPC Bank. It didn't always read the 10 Byte TID Bank. Sometimes it read nothing, sometimes just partial reads. Sometimes I had to read a tag several times before I got the entire TID. It also didn't always read the 2 byte User Bank (although it didnt seem to matter - the values were either absent or just 00 00).

It would be nice in the app if you could view the TID after a read without having to save first. It would also be nice to be able to view the PC and CRC values when selecting info from saved reads. Finally, it would be nice to be able to rename files.

I read a few consecutive tags if anyone is curious about what data they contained. Just ask. Also, if I can help in anyway with something just let me know. Thanks.

Yea it should be supported on most firmwares. It was designed with the official firmware so most firmwares are just forks of this.

Does it crash still on my app? I haven’t pushed out a release in a few months and there may be some new bugs. Will try to investigate next week. Love to get feedback!

My app displays all this info after a read :). Will take a look some of the crashing behavior soon. Similar to Frux I am a full time swe and have a lot of other projects going on so trying to balance it all 🙂

You're welcome!

Awesome that you got it to work!

Every time someone says I'm a full time swe my brain reads I'm a full time Swede

I haven't tried it, but I will and get back to you.

I figured out why I had such a hard time getting the module to work. I wired it incorrectly. I assumed the pinout based on wire color and the order they are shown on the USB-TTL. That was totally wrong. I finally got it working when I referenced the correct pinout I found online. I didn't notice at the time it was different than what I had been doing. 🤦‍♂️

So, for those who may follow, may these pictures save you heartache and headache.

Also I would love to hear if people have been using the locking and killing features on my app.

<@&932724996210573333> could you pin this?

I haven't unfortunately, 90% of my tags are from clothes I bought, so I don't have the passwords for them.
Though I could try anyways, maybe the password is still all zeros 🤔

@dry jay the 3.3v line is the Enable line, it's hard wired on YRM1001, but not on the other sizes !

Haha yea it’s possible!

I’ve read online that some people forget to lock the actual reserved bank after writing to it so if you’re lucky maybe you’ll get a tag that isn’t locked for reading 😂

I'll try it as soon as I'm back in the metro/train, got a couple on me

Done.

Ty!

damnit, my app's out of date ><

If you are on the latest flipper firmware then you can update.

That's wierd

Damnit, don't have my flipper with me

OH

I'm just an idiot.
I put your and Frux's apps in a seperate UHF folder, and so of course it doesn't recognise them as installed

Okay Riley, I'll install your app tomorrow and give it a shot.

@shy wadi I have some remarks for UX, the scrolling on the tag data is really annoying, if there was a way to pause it, say by holding down the middle button, that'd be nice

Yea thanks for the feedback! I can certainly add that in!

noice, tyvm!

I've got it installed. I confirmed the module was working using Frux's.

No luck for me. I first tried just hitting read. It takes me to the Read Menu. It doesn't appear to have read anything and Prev, Start, and Next buttons don't work.

I backed out and checked Configure. Ah. I selected YRM100. Backed out, hit read, nothing. Took me to the Read Menu. No buttons work. Backed out and went back to configure. Power Level? Not sure what YRM100 wants. I believe Baud rate is ideally 9600 so I went to change that. It crashed "Null pointer deferference". I repeaded that a couple times andngot the same result.

Thoughts on troubleshooting?

Comments thus far: Can the App detect what reader module is attached? That would be nice. Also, it would be great if the power level and Baud rate adjusted automatically based on the reader you select.

baud and power, you don't need to touch.
what your missing is in that same menu, at the very top, Connection Connect>

switch it to Connection <Disconnect

the < and D are mushed together

then go back to your read menu, and it should work 🙂

Yea sorry for the confusion with getting this connected. Seems like I should fix this so it is more straightforward

Any suggestions on UX/UI for connecting to the reader? Do I need to reword my instructions in the readme/about screen? Or would changing the wording of the actual configure menu be better? Wanted to do auto connect but didn’t get to it. Any thoughts or feedback is greatly appreciated! 😄

Ah, yes. That's not at all clear. Maybe require connection before being able to go to the read screen (with simple direction). Or, on the read screen, provide some sort of dialog if there isn't an active connection?

Anyway. One step closer for me but It won't read (even though it seems to be trying). I tried switching TX and RX just to make sure I didn't switch them. That crashes the flipper hard. I notice that the blue LED on the module flashes on briefly when I start the app but doesn't come on again after that (even when It's attempting to read). Os that meaningful in any way?

Meh, I did have TX and RX switched. I got them right, then restarted the app from the beginning. It attempted to read. I got the blue light on the module. Then the app crashed. I'll try a few more times.

...annnnd got it.

It crashes a lot - "MPU Possibly stack overflow".

I also find the scrolling annoying. Also, the Next> button didn't work for me the time it didn't crash. 🙂

blue light is, I think, initialization and reading

Thanks for the feedback, I will be trying to add these changes in as soon as I can and find the time. The last month has been quite busy with work and the holidays so trying my best to work on it when I can.

Is anyone else having issues reading with my app?

I figured out why the scrolling bothered me much, its because once it ends scrolling to the left, the text doesn't reappear from the right and keeps scrolling, it just snaps back to the beginning, making the first ~4 characters impossible to read

Makes total sense. Will fix it asap!

Oh btw, if you want to use my Json file for chip recognition, it's there for that of course!

https://github.com/Didgitalpunk/UHF-tag-and-IC-database/blob/main/Digits'_mdid_list.json

Where do you find that info - tmnHex etc?

Omg chip type recognition would be sooo awesome

First eight characters of the TID !
Should look something like E280 6984 for example.
Grossly meaning:
E28 is not much to worry about,
0 6 corresponds to the manufacturer NXP
984 corresponds the the chip id, in this case Ucode8 iirc

I say grossly because the delimitation is done in pure binary and not interpreted characters.

Hmmm. Interesting.

Hi can someone help me guide me on how to install the github files to the flipper zero?

What are you trying to install?

what are you trying to do? which app are you trying to install?

Thanks for replying, I am trying to install this

https://github.com/frux-c/uhf_rfid

This https://github.com/frux-c/uhf_rfid

This https://github.com/frux-c/uhf_rfid

There are easier ways. Install the mobile app and/or the desktop app. When the F0 is connected, there are installation tools for many, many apps.

You might the one you want here: https://lab.flipper.net/apps

Wrong person 😛

I suggest you don't try and install this one. Go for simultaneous UHF RFID reader in the app store.

Whoops

hello anyone knows how to configure the simultaneous UHF RFID reader app? i dont seem to get it work 😦

make sure you go in the settings, choose the reader you have plugged in, and then at the top make sure the thing says 'connected'

Describe the problem in detail please.

Do you get a blue light on the module?

Check to make sure it's wired properly. See my post from 11-21-24 above.

Yup, the blue light goes on for a few moments and then it turns off, is that ok? Only the red light keeps lighting on. After that, I go to configure the settings, and select the YRM100 option in UHF mode, leave the other settinga as it comes. But when I go back to Read mode, and push the circle button (start) nothing happens. Am I missing a step or something else?

yes. topmost setting. click the right arrow so it says 'disconnect'

Blue light is good. See Digits' post above. The modules are not "Connected" by default.

Just select the module and then above, use the right arrow button to "Connect".

Finally got it working! thanks a lot, I had to set the Connection to Disconnect to be able to get it work. However, is it normal that it only reads one time and the second time it gets stucked? I have to restart everytime after this.

No, it's not normal, but might already be a known bug

Seems for now Frux's is still the most complete, as for the YRM100 its still the only way to be able to save tags and write tags.
also simultaneous UHF RFID reader is quite unstable and seems to MPU fault my flipper even trying to read.

Here is Frux's UHF_RFID compiled fap for firmware 1.1.2 for the YRM100.
for those using it, you may need to hit connect a few times for it to register the reader.

this is way more stable, thanks for the update! @next kelp, Have you found difficult to write?

Write works fine, however you'll need a full charge on your Flipper's battery

or have it plugged in