The primary advantage of the Chameleon Mini RevG RDV2 by RFID Research Group over the other device variations on the market is definitely its connectivity to the Android app for easy and discreet access to advanced features. But just like the original model designed by Kasper and Oswald back in 2013, the Chameleon also has a very robust standalone mode that allows for the use of core functions using only the two onboard buttons. This feature allows the user to take full advantage of the ultra-small form factor in situations where even a smartphone might draw too much unwanted attention
The Chameleon Android app makes programming the standalone functions of the device as easy as making a selection from a drop down menu and can be done without physically interacting with the device itself for quick and clandestine configuration in the field. In this article, we will demonstrate how to program the standalone functionality of your Mini RevG using the RRG app.
Out-of-the-Box Functionality
As long as the battery has some charge, the Chameleon Mini RevG can be put into standalone mode by pressing either button 2 times in rapid succession. The LED will appear red in the position of whatever card slot was last used, or slot one on a fresh device. Pressing the buttons once while the device is off will trigger the white LED battery indicator, which utilizes the right four positions to indicate the level of battery charge in roughly 25% increments.
The default behavior of the device when not connected to software allows to the user to cycle up or down through the eight different card slots available with a short press of the A or B buttons. Pressing and holding either of the buttons will trigger the CLONE function, and if there is an HF RFID tag near the antenna, the device will attempt to read and store the tag’s UID to the current slot. With the 8 different card slots, you will be able to clone and store up to 8 different unique tag IDs at a time, making the device especially valuable for engagements where multiple credentials must be collected and selectively used throughout.
Customizing Standalone Functions
Within the app UI, the button functionality settings are located in the “Home” screen in the section labeled “Full Device Function” and consists of 4 drop down menus. The top 2 menus correspond to the pressing of buttons B and A, while the bottom 2 correspond to holding the buttons down and by default will be set to “Cycle Settings/Cycle Settings Decrement” for pressing and “Clone” for holding the buttons.
While the device is connected to the app, any changes you make to these settings will be immediately updated to your Chameleon and ready for deployment. There are 14 different functions to select from, covering multiple use cases. Below is a table of the various options and description of their functions:
| Button Functionality | |
|---|---|
| Label | Description |
| NONE | Button has no function |
| UID_RANDOM | Generate a random UID value in the current Card Slot |
| UID_LEFT_INCREMENT | Increase the highest byte value of the current UID value by 1 (00-FF) |
| UID_RIGHT_INCREMENT | Increase the lowest byte value of the current UID value by 1 (00-FF) |
| UID_LEFT_DECREMENT | Decrease the highest byte value of the current UID value by 1 (00-FF) |
| UID_RIGHT_DECREMENT | Decrease the lowest byte value of the current UID value by 1 (00-FF) |
| CYCLE_SETTINGS | Cycle up through Card Slots 1-8 |
| CYCLE_SETTINGS_DEC | Cycle down through Card Slots 1-8 |
| STORE_MEM | Write current card data to memory |
| RECALL_MEM | Write current card data to temporary buffer |
| TOGGLE_FIELD | Toggle antenna connectivity on and off |
| STORE_LOG | Writes the current log from SRAM to FRAM and clears the SRAM log. |
| CLEAR_LOG | Clears the log memory (SRAM and FRAM) |
| CLONE | Read target card UID and start emulation mode |
There are many potentially useful configurations for these buttons depending on the nature of your scenario. One of the more advanced uses includes manually changing the UID value by incrementing or decrementing the byte values of either the leading or trailing sector of the block – granting the user some limited brute force/fuzzing capabilities against readers in a given RFID system. In any case, the customization of the device to suit different use cases is an extremely handy feature to have using such a simple interface.
Even for use in standalone, the Chameleon Mini RevG RDV2 by RRG provides quick and easy configuration for veteran users and beginners alike by eliminating need to learn terminal commands. Still don’t have a Chameleon Mini RevG RDV2 in your RFID arsenal? Visit Hacker Warehouse, exclusive North American distributor for RRG. Stay tuned for future updates and tradecrafts on this device, and until then, keep it between the laws and between LOLs.
