How can I protect a Mifare Classic Tag that contai

2020-08-01 04:36发布

问题:

It's easy to protect a Mifare Ultralight with Android, there is the Ndef.makeReadonly() method for that. But Mifare Classic tags return Ndef.canMakeReadonly() == false, so this is not possible. I heard that one can make such a tag readonly or at least protect it with a key by setting the a or b keys.

There's this methid in MifareClassic tech: authenticateSectorWithKeyB(int sectorIndex, byte[] key)

Does anyone know if this can be used to make a ndef message on a mifare classic tag read-only? Or how else could I write a ndef message onto the tag and then somehow lock it against new writes?

回答1:

It is possible using the authenticate methods.

First, here is the datasheet for the Mifare Classic 4k:

http://www.nxp.com/documents/data_sheet/MF1S703x.pdf

The important chapters for your are:

  • 3.6 Memory Organization
  • 3.6.3 Sector Trailer

In short a write protection works like this:

The Mifare Classic is divided into sectors of 4*16 bytes each (only applies to the first 1k or so... the higher blocks are a bit different, but thats documented in the spec). Of these 64 bytes 16 are used for authentication/protection. For each sector of the card you do the following:

  1. Authenticate the sector using KeyA
  2. Read the sector trailer.
  3. Modify the access bits of the sector trailer.
  4. Write the sector trailer back to the card.

The KeyA values for Mifare Classics are:

byte[] KEY_DEFAULT = {(byte)0xFF,(byte)0xFF,(byte)0xFF,(byte)0xFF,(byte)0xFF,(byte)0xFF};

For unformatted, factory fresh cards.

byte[] KEY_MIFARE_APPLICATION_DIRECTORY = {(byte)0xA0,(byte)0xA1,(byte)0xA2,(byte)0xA3,(byte)0xA4,(byte)0xA5};

For the first sector of the card

byte[] KEY_NFC_FORUM =
{(byte)0xD3,(byte)0xF7,(byte)0xD3,(byte)0xF7,(byte)0xD3,(byte)0xF7};

For all other sectors.

Important: You have to write back the original KeyA keys to the card. If these differ from the keys shown above the card will not be Ndef compliant anymore.

For the modified access bits you have two choices:

  1. Only enable Read for KeyA. This will give you a 100% write protection that can't be revoked.

  2. Enable Read for KeyA and Read/Write for KeyB. Also store a secret key in KeyB. This will allow you to authenticate a write protected sector using your secret KeyB to unprotect the card.

Background: Android will only authenticate a Ndef formatted tag using the KeyA values shown above. The Ndef detection code never tries KeyB on its own, therefore you can use KeyB for your own purposes.



标签: android nfc