You may have seen recently that I've been playing around with bar codes. Mostly just figuring out how they work and how to encode certain characters, now for the fun part, I've finally got some hardware to play around with. I bought myself a cheap USB laser scanner off ebay for about $20. It's not going to be anything fantastic, but it'll be good enough to test a few ideas I have.
USB Bar Code Scanner |
One of those ideas is, can I use an LED to impersonate a bar code? Or more specifically can I create a dynamic bar code? By taking the bar code out of the system, can the scanner be fooled by an LED flashing the reflected light pattern?
First a small refresher on how laser bar code scanners work. A laser beam is swept back and forth over the code. If the laser light hits a white area, light will be reflected, if it hits a black area, less light is reflected. A photo-diode in the scanner constantly measures the intensity of this reflected light, and with further processing the scanner is able to decode the bar code.
I plan to use an LED controlled by a micro-controller to flash the pattern of the bar code at the scanner. The speed of the pulses first needs to be determined. To impersonate a bar code, the message transmitted by the LED needs to fit within the time period of either a reverse or forward scan, this is the period of message that the scanner is designed to detect. As there was no data in the manual, this had to be done empirically. A voltage divider where one leg is a light dependent resistor (LDR) will do the job. Aiming the scanner at the LDR will allow the scan rate to be determined. The image below shows the set-up. The values aren't important, all that matters is that we can observe a voltage change when the laser sweeps across the LDR.
Light dependent resistor voltage divider |
The scope display below shows the results The time for the laser to sweep back and forth is about 44ms. This means the message has to be transmitted in at least 22ms, but to leave some wriggle room, I'm aiming for 7ms.
Output from the LDR circuit |
So, what's the message? I'm going to be sending the string "Test <Carriage return>123". Encoding this as a code 128 bar code gives the following pattern. A zero represents a white space of width 1 unit, while a one represents a black space also of width 1 unit. A quiet zone of all white has also been added at both ends of the bar code.
00000000 01101001 00001101 11000101 01100100
0x00 0x69 0x0D 0xC5 0X64
00101111 00100100 11110100 11110100 01011110
0X2F 0X24 0XF4 0XF4 0X5E
11101010 01110011 01100111 00101100 10111001
0XEA 0X73 0X67 0X2C 0XB9
11101011 10110001 11010110 00000000
0XEB 0XB1 0XD6 0X00
As a printable code it would look like this.
Bar code containing the string "Test <carriage return> 123" |
To quickly prototype the design, an old ATMega 128 development board was used. An LED in series with a couple of resistors was connected to a pin on port D. The values aren't really important as long as they limit the current through the LED to a safe amount. In a real design you would take time to choose resistor values to optimise performance.
To get stable timing, an internal timer was used to trigger interrupts that in turn control the LED. The bar code has 152 (19*8) bars, this means that for a total message time of about 7 ms, the period of each bar is approximately 46 us, this value was used to set the timing interval for the interrupts.
Prototype set-up |
The code used to flash the LED in the above pattern is pretty basic. There's nothing fancy in the code, just the basics. It's only a proof of concept after all. I'm trying to learn git and github so I've created a repository containing the code here.
Modulated LED in action |
I've put together a small demonstration showing me scanning the bar code and then scanning the LED. It's sensitive to position, and although some of this could be calibrated out, I think this is mostly a problem with the cheap scanner. I think better performance could also be obtained by synchronising the transmitter to the sweeping laser. Photo-diodes could be used to do this by dynamically, adjusting the length of the transmitted pulses and also varying the start time of pulse transmission.
I believe an increase in performance could also be obtained through component selection and using a PCB. The LED used was something I had laying on my desk, when switched on it may have large rise and fall times leading to poor performance. Choosing an LED designed for fast switching might make a difference. The prototype also has long jumper leads everywhere, adding inductance to the already capacitive breadboard, this could also affect the switching characteristics of the LED.
EDIT While doing further research on this topic I found this site on Barcode Fuzzing. Basically the same thing I'm doing, but a little more advanced.
EDIT While doing further research on this topic I found this site on Barcode Fuzzing. Basically the same thing I'm doing, but a little more advanced.
It is a nice and easy system. I watch your video. Any one can do this. Thanks for this.
ReplyDelete