$339,615 raised out of $88,888
Visit site
Overview
Platform
Indiegogo
Backers
309
Start date
Apr 03, 2023
Close date
May 04, 2023
Concept

The Ultimate RFID Key Fob Solution | Opens access control systems | NFC & RFID Emulator

Story

Introducing ChameleonUltra – the ultimate tool for all your RFID needs!

Have you ever lost an RFID key card or fob and had to go through the hassle and expense of ordering a replacement from the manufacturer? Or maybe you’ve needed to create duplicates for your family or coworkers, but didn’t have access to the original key card or fob?

ChameleonUltra is here to solve all these problems and more! Our small and versatile device can clone, emulate, and analyze a wide range of RFID tags and cards. With ChameleonUltra, you can create copies of RFID tags and cards, which can be used to access secure areas or equipment that require RFID authentication. You can also emulate and stores different types of RFID cards to test and troubleshoot RFID systems.

And if you’re responsible for maintaining the security of an RFID-based system, ChameleonUltra can help you identify potential vulnerabilities or weaknesses.

ChameleonUltra is a valuable tool for anyone working with RFID technology, whether you’re an engineer, security professional, or just a curious hobbyist. And thanks to its compact and portable design, you can take it with you wherever you go!

Say goodbye to the hassle and expense of ordering replacement key cards and fobs.

What is ChameleonUltra from an engineer’s point of view?

An open-source, versatile, and portable tool using NRF52840 as the buildup of the hardware.  It will carry most functions of the ChameleonMini & also the ChameleonTiny and we added so much more to it to bring a whole new surprise for the open-source community.

How ChameleonUltra works?

The ChameleonUltra is a versatile RFID tool that can be used for a variety of purposes, including emulation, cloning, and testing of different RFID systems. Here’s how it works:

Emulation:

One of the key features of the ChameleonUltra is its ability to emulate different types of RFID tags and systems. This means that the ChameleonUltra can be programmed to behave like a specific RFID tag or system, and can be used to test and validate the behavior of other RFID readers and systems.

To emulate an RFID tag or system, the ChameleonUltra can be programmed with specific data and commands using a programming language such as Lua. The ChameleonUltra can then transmit this data to other RFID readers and systems, which will interpret it as if it were coming from a real RFID tag.

Cloning:

Another feature of the ChameleonUltra is its ability to clone RFID tags. Cloning refers to the process of creating a copy of an existing RFID tag. This can be useful in situations where an RFID tag needs to be replaced, or when multiple copies of the same tag are required.

To clone an RFID tag using the ChameleonUltra, the device is placed in “tag emulation mode” and is programmed to behave like the target RFID tag. The ChameleonUltra can then be used to read the data from the target RFID tag, and this data can be written onto a blank RFID tag, effectively creating a clone of the original tag.

Testing:

The ChameleonUltra can also be used to test and validate the behavior of RFID readers and systems. By emulating different types of RFID tags and systems, the ChameleonUltra can be used to test the behavior of RFID readers and systems under different conditions.

For example, the ChameleonUltra can be programmed to emulate an RFID tag with a weak signal, or an RFID system that is operating at a different frequency. This can help to identify potential issues or weaknesses in RFID systems and can be used to optimize their performance.

Overall: 

The ChameleonUltra is a powerful tool for RFID research and development, and its ability to emulate, clone, and test different RFID systems makes it a valuable addition to any RFID toolkit.

What is ChameleonLite then?

ChameleonLite is the economical version of ChameleonUltra where we remove the partial penetration testing functions and also the low-frequency read portion to cater to the mass market and to fill up the gap left by ChameleonTiny/ChameleonTiny Professional. 

Products Comparison

Rewards

 

Device Overview

Button Overview

A/B button Function

Already implemented:
     1. Click the A button to switch the card slot to the right. If the card slot is not enabled, it will automatically skip and switch to the next one.
     2. Click the B button to switch the card slot to the left, and other features are the same as above.
     3. In the sleep state, press and hold the B button, insert the data cable, and then release the B button to enter the UPDATE mode.

In the implementation plan:
     1. Put a card on the chameleon, and click the A button to quickly copy the card number (standalone)
     2. Click the button to forcibly acquire time-consuming tasks. For example, when planning to implement HardNested, you can press the button to end the collection of random numbers.
     3. When connecting to Chameleon for the first time, you need to press and hold the A button, and then click Connect, otherwise, any API request will be rejected (to prevent errors or malicious connections to my Chameleon)

RGB Lighting Effect

Already implemented:
     1. System startup animation
     2. USB wake-up animation
     3. BTN wake-up animation
     4. FIELD wake-up animation
     5. Shutdown animation
     6. USB plug-in charging and communication animation
     7. Click the button to switch the animation of the card slot
     Tip: When the color of the card slot is R, the card slot is enabled with IC simulation + ID simulation at the same time.
         When the color of the card slot is G, the card slot only enables IC card simulation,
         When the card slot color is B, only ID card simulation is enabled for this card slot.

In the implementation plan:
     1. More RGB dynamic effects, so that the use process can be accompanied by more prompt information with more concise RGB effects.

Supported Functions

Low-Frequency Support

ChameleonUltra Functionality

1. Ultra-low power consumption

It integrates a high-performance and low-power NFC module inside. When the NFC unit is turned on, the total current of the chip is only 5mA@3.3V. The underlying interaction is done independently by the NFC unit and does not occupy the CPU. In addition, the 52840 itself is a high-performance low-power Bluetooth chip, and the encryption and calculation process is only 7mA@3.3V. It can greatly reduce the battery volume and prolong the working time. That is to say, the 35mAh 10mm*40mm button lithium battery can guarantee to be charged once every half a year under the working condition of swiping the card 8 times a day for 3 seconds each time. The full potential for everyday use.

2. Not just UID, but a real and complete MIFARE encrypted data simulation

We can easily and completely simulate all data and password verification of all sectors and can customize SAK, ATQA, ATS, etc. Similar to an open CPU card development platform, 14A interaction of various architectures can be easily realized.

3. Super compatibility with low-power locks using batteries

The structure of the old Chameleon AVR is slow to start during simulation. Faced with a battery-powered low-power lock and an integrated lock on the door, it will be frequently interrupted, and the verification interaction cannot be completed completely, resulting in no response when swiping the card.

In order to reduce power consumption, the battery lock will send out a field signal as short as possible when searching for a card, which is no problem for the original card, but it is fatal for the MCU simulated card. Cards or mobile smart bracelets simulated by the MCU cannot wake up and respond in such a short time, so many battery locks cannot open the door, which greatly reduces the user experience.

This project specially optimizes the start-up and interaction logic and antenna for low-power reading heads. After testing a variety of common low-power reading heads, they can open the door perfectly by swiping the card.

4. Ultra-fast response speed and low interaction delay

5. 256kB super large RAM cooperates with RC522 to replace Proxmark3 magically to complete the decoding

6. RFID ferrite magnetic tile to facilitate both low & high-frequency simulation at the same time

Getting high and low frequencies to work together is a little too difficult as the interference is great. We used a custom ferrite magnetic tile to lower both interferences to achieve optimal results.

History of ChameleonMini (The predecessor of ChameleonUltra and ChameleonTiny)

ChameleonMini is an open-source, versatile, and portable tool that can be used to emulate and clone contactless smart cards, such as RFID and NFC tags. It is a device that can be connected to a computer or smartphone via USB and can be used to perform various tasks such as reading, writing, analyzing, and cloning RFID cards. It can also be used to perform security analysis on contactless systems, such as studying and understanding the behavior of smart cards, readers, and other RFID/NFC devices. ChameleonMini is a tool that is typically used by security researchers and penetration testers to test the security of contactless systems and devices.

Why NRF52840?

NRF52840 has a built-in NFC Tag-A module, but no one seems to care about it. After playing with HydraNFC’s TRF7970A and FlipperZero’s ST25R3916, the developers found that they can only simulate MIFARE UID. I accidentally tested the NFC of NRF52840 and found that it is not only surprisingly easy to simulate a complete MIFARE card, but also has very good simulation performance, friendly data flow interaction, and very fast response, unlike the former which is limited by the SPI bus clock rate. We also found that it has ultra-low power consumption, ultra-small size, 256kb/1M large RAM and FLASH, and also has BLE5.0 and USB2.0 FS, and super CotexM4F.

Below we will explain in detail how we exploited the performance of the NRF52840, and what seemingly impossible functions have been realized with it!
 

Why did we “End of Life” ChameleonTiny and release the ChameleonUltra?

First of all, it is difficult to buy chips because the lead time for the main chip is too long and because the price has skyrocketed. Secondly, because the interaction speed of the ATxmega simulation is slow, the decryption performance of the READER mode cannot meet the needs, and the low-frequency function cannot be added, so we have been trying to upgrade it, such as using the latest ARM to replace the AVR framework, and the performance will definitely be greatly improved.

Why is ChameleonUltra a must-have for RFID tools like Proxmark3?

– The other RFID swiss-knife tool besides Proxmark3

ChameleonUltra is a versatile device that can be used for a variety of RFID applications, including emulation, cloning, and testing of different RFID systems. The Proxmark3 is a popular RFID research tool that can perform tasks such as reading, writing, and analyzing RFID tags.

One of the key advantages of using ChameleonUltra with Proxmark3 is its ability to emulate different RFID tags and systems. This means that the ChameleonUltra can be used to create virtual copies of RFID tags, which can then be used to test and validate various RFID systems. Additionally, ChameleonUltra supports a wide range of RFID frequencies and protocols, which makes it compatible with a large number of RFID systems.

Another advantage of using ChameleonUltra with Proxmark3 is its ability to clone RFID tags. Cloning refers to the process of creating a copy of an existing RFID tag. This can be useful in situations where an RFID tag needs to be replaced, or when multiple copies of the same tag are required.

Overall, the ChameleonUltra is a useful addition to the Proxmark3 toolkit due to its versatility, compatibility with a wide range of RFID systems, and its ability to emulate and clone RFID tags.

Dimensions

Technical Specifications

Parameter

  • Battery Type: 302020 rechargeable lithium-ion battery
  • Charging Time: 2 hours @ 0-100%
  • Charging Current: 50mA(max)
  • Standby Current:  2.35ma@4.15V Dual frequency card slot, 1.75ma@4.15V Single frequency card slot
  • Simulation Current: 7.2ma@4.15V MF1 Card Simulation Period Average
  • Sleep Current:  5.1uA@4.15V Mean 30s after dormancy
  • Card Reading Current:  23.02ma@4.15V hf 14a info during Execution
  • Battery Capacity: 90mah
  • Usage Time: Use the tag 3 times a day, power on for 5 seconds each time, can use up to 6 months
  • Port Type: Type – C 

Open Source Github Page

 

Hardware Frame Diagram

 

Hardware Pictures


 

If you do not understand what is NFC / RFID until now after reading all the above? So maybe you are lost on the technology part?

Here is an infographic to help you understand better.

Credit: atlasRFIDstore.com

Timeline

Shipping

ChameleonUltra and ChameleonLite are available for worldwide shipping, with our default shipping method being Epacket from China. Should you prefer a different shipping method, our logistics team is available to assist you in making the necessary arrangements.

If you have any inquiries regarding our ability to ship to your specific country, please don’t hesitate to reach out to us at team@chameleonultra.tech.

Please be aware that our prices do not include any applicable local taxes, duties, or VAT, which will be subject to the laws and regulations of each individual country.

Past Projects on Crowdfunding Platforms

Development Photos

Partners


 

Country
Hong Kong
Links
Website
© Copyright CrowdFund.News