[Project] Hackable NFC module

NFC (Near Field Communication) is a contactless communication technology used for almost all contactless things, transit cards and (recent) contactless bank chip cards to Nabaztag rabbit tags. The radio signal is modulated on a 13.56 MHz carrier, which is an ISM band, just like the wifi 2.4 GHz or sub-GHZ 433.92 MHz. Apart from NFC, this frequency is used for RF plasma technologies, used in Physics, semiconductors industries, etc.

I noticed a lack of hackable and usable NFC devices.

The only one I know is OpenPCD, which uses an NXP contactless frontend, without NFC capabilities. This project is therefore an experimental contactless card reader, with hackable firmware and card emulation capablities (at least, the datasheet says so).

I recently noticed the TRF7970A from Texas Instruments, which is not only able to work just like the NXP chip (card reader mode or “initiator” in NFC slang), but also to use the “peer to peer” and “target” modes, with possible card emulation. The chip is packaged in a damn small QFN, but it’s really worth evaluating, because of its availability and functions. An evaluation board is available from TI, but 1) I don’t like canned evaluation kits, 2) it’s quite expensive and3)  its antenna is not really suited for card emulation. So I’m building my own board.

By RTFMing all reference documentations from TI, I was able to develop my own evaluation card, in a 5×5 format suitable for SeeedStudio manufacturing.

The first board is an suitable loop antenna with 50-ohm matching circuitry as recommended by the app notes. The components values will be deduced from (magic but provided) formulas, but this requires measuring the antenna inductance using a network analyzer. I will come back to this chapter later.

Schéma antenne
Antenna board schematic

This antenna uses a design by NXP with multiple turns. This allows me to get a very symmetic, low capacity antenna (traces are spaced apart, just follow them!) with the connections on the same side of the loop.

Circuit de l'antenne
Antenna PCB

The second board is the core of the reader. It has a matching section to adapt the NFC driver amplifier to the 50-ohm coax wire to the antenna board, the TRF chip, an SPI link to a Tiva C microcontroller, the same kind as what is used on the Stellaris Launchpad boards. Here are some specs:

  • Texas Instruments TRF7970A NFC frontend
  • UFL Coaxial Connector to the antenna
  • ARM Cortex-M4 Tiva C Series TM4F123 Microcontroller
  • 256k flash
  • 32k RAM
  • Device USB port (OTG not wired, I’ll play with that somewhere else)
  • I2C port (would enable simplified control via another microcontroller)
  • UART
  • JTAG port on 10-pins 1/10″ header (standard ARM pinout)
  • 20 available GPIOs on a 1/10″ pitch header
  • 5V power input, via USB or external supply
Schéma frontend NFC
NFC frontend Schematic


PCB Frontend NFC
NFC Frontend PCB

I managed to severely limit the number of PCB traces on the copper side, so that the ground plane is uninterrupted on the whole bottom of the board. This is important for thermal dissipation and noise immunity.

In the next week, I will send both circuits for manufacturing at SeeedStudio, I will have 10 of each. If you are interested to build this project, please ask me, I can sell a set to you if you promise to build it, use it, and not let it collect dust in a drawer…

On the build difficulty side, this board has a TQFP chip (easy to solder) and a QFN one, which is not very friendly. I have access to a hot air station via a friend, that will be very useful to solder the bottom thermal pad. If you’re a hacker, you can solder that with a fine-tip soldering iron.

On the software side, I know that it will take a long time to get a decent reader firmware. I hope to get some help with the coding. I plan to release the software as open source, as well as the hardware, as soon as I have proved that the design works. On the radio side, the Internet is full of interesting documentation.

The low level libs will be based on my current freestella project, that I will publish as well when I start working on this software. At the moment, I have CPU init, GPIO and UART core running fine.

I’ll continue to communicate on this project as it evolves, both here and on twitter.

Now please tell me your thoughts: what would you do with such a device?