USING MIFARE CLASSIC TAGS VERSION 100212



Similar documents
Gemalto Mifare 1K Datasheet

MF1 IC S General description. Functional specification. 1.1 Contactless Energy and Data Transfer. 1.2 Anticollision. Energy

AN1305. MIFARE Classic as NFC Type MIFARE Classic Tag. Application note COMPANY PUBLIC. Rev October Document information

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

AN1304. NFC Type MIFARE Classic Tag Operation. Application note PUBLIC. Rev October Document information

ACR122 NFC Contactless Smart Card Reader

RFID MODULE Mifare Reader / Writer SL025B User Manual Version 1.4 Nov 2012 StrongLink

Exercise 1: Set up the Environment

E-Blocks Easy RFID Bundle

MIFARE ISO/IEC PICC

Secure Automatic Ticketing System

Jolly Encoder Configuration Guide

Training MIFARE SDK. Public. MobileKnowledge June 2015

Application Programming Interface

advant advanced contactless smart card system

SL2 ICS53/SL2 ICS General description I CODE SLI-S/I CODE SLI-S HC. 1.1 Anticollision. 1.2 Contactless energy and data transfer

Mifare DESFire Specification

Security & Chip Card ICs SLE 44R35S / Mifare

RFID MODULE Mifare Reader / Writer SL031 User Manual Version 2.7 Nov 2012 StrongLink

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

INTEGRATED CIRCUITS I CODE SLI. Smart Label IC SL2 ICS20. Functional Specification. Product Specification Revision 3.1 Public. Philips Semiconductors

Chip Card & Security ICs Mifare NRG SLE 66R35

Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft

How To Program A Powerline System On A Dgma1D (Dgma) With A Smartcard And A Powercard (Dm1D) On A Pcv123D (Powerline) On An Iphone Or

RFID MODULE Mifare Reader / Writer SL030 User Manual Version 2.6 Nov 2012 StrongLink

AN MIFARE DESFire as Type 4 Tag. Rev May Application note COMPANY PUBLIC. Document information.

SKYEMODULE GEMINI DATASHEET VERSION

Implementation Guide. SAS Serial Protocol. for. Montana Department of Justice Gambling Control Division. October 22, Version 1.4.

Using RFID Techniques for a Universal Identification Device

ACR122U USB NFC Reader

ENTTEC Pixie Driver API Specification

M6310 USB Flash Drive Tester/Duplicator

Card Issuing Machine for Magnetic, Contact & IC Card

UM0853 User manual. 1 Introduction. M24LRxx application software user guide

Smart Card Application Standard Draft

SALTO Systems I SALTO Carriers. innovation in ID technology. MIFARE DESFire

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

Field Properties Quick Reference

Type 2 Tag Operation Specification. Technical Specification T2TOP 1.1 NFC Forum TM NFCForum-TS-Type-2-Tag_

USB Card Reader Configuration Utility. User Manual. Draft!

Programmer s Reference

AN mifare Ultralight Features and Hints. Document information. Multiple ticketing, secured data storage, implementation hints

Self-Check-In Hotels Using RFID. Technology

RFID Tag Data Standards. Kenneth R. Traub, PhD Ken Traub Consulting LLC 3 April 2012

An NFC Ticketing System with a new approach of an Inverse Reader Mode

NFCulT. An easy a nice tool that will make you have fun, or... make profit!

Systems I: Computer Organization and Architecture

RFID MODULE Mifare Reader / Writer SL032 User Manual Version 1.5 Nov 2012 StrongLink

Process Control and Automation using Modbus Protocol

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Aperio Online. Aperio. Online Programming Application Manual. Aperio Online Quick Installation Guide, Document No: ST A, Date: 8 juli 2013

AN Software Design Guide for POS Development Kit OM5597/RD2663. Rev August Application note COMPANY PUBLIC

Modbus Protocol. PDF format version of the MODBUS Protocol. The original was found at:

Traditional IBM Mainframe Operating Principles

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate

iclass Card Cloning using an RW300 Reader/Writer

MF3ICD81, MF3ICD41, MF3ICD21

Multi-Master DF1 Protocol User Guide

Configuration Variables For Digital Command Control, All Scales

RFID Tag Data Standards. Kenneth R. Traub, PhD Ken Traub Consulting LLC 12 April 2011

AN601 I2C 2.8 Communication Protocol. SM130 SM130 - Mini APPLICATION NOTE

Base Conversion written by Cathy Saxton

ROC Protocol Specifications Manual

Secure recharge of disposable RFID tickets

BT LE RFID Reader v1.0

Measurement and Analysis Introduction of ISO7816 (Smart Card)

NB3H5150 I2C Programming Guide. I2C/SMBus Custom Configuration Application Note

Hacking Mifare Classic Cards. Márcio Almeida

An NFC Ticketing System with a new approach of an Inverse Reader Mode

NFC: Enabler for Innovative Mobility and Payment NFC: MOBILIDADE E MEIOS DE PAGAMENTO

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING Question Bank Subject Name: EC Microprocessor & Microcontroller Year/Sem : II/IV

Reference Manual for the CLOUD 370x F Contactless Desktop Readers

EDI Support Services

How To Use A Powerpoint On A Microsoft Powerpoint 2.5 (Powerpoint 2) With A Microsatellite 2.2 (Powerstation 2) (Powerplant 2.3) (For Microsonde) (Micros

Decimal to Binary Conversion

SL2S General description ICODE SLIX Contactless energy and data transfer. 1.2 Anticollision. 1.3 Security and privacy aspects

Ex15x //DATASHEET. Xs4 Mini. Cutting-edge design + Amazing technology:

MODBUS for ECH 200 Serial Communication Protocol <IMG INFO>

Visa Smart Debit/Credit Certificate Authority Public Keys

NACCU Migrating to Contactless:

4511 MODBUS RTU. Configuration Manual. HART transparent driver. No. 9107MCM100(1328)

Microsoft Networks. SMB File Sharing Protocol Extensions. Document Version 3.4

RFID READER 13.56MHz Reader / Writer SL500 User Manual Version 2.6 Nov 2011 StrongLink

Using ISO Compliant RFID Tags in an Inventory Control System

Cloud RFID UHF Gen 2

S&G Audit Lock. Audit Trail Software Manual

Guard All Security Symposium. Identity and Access Management

WAN Data Link Protocols

SYMMETRY. DATASHEET ACCESS CONTROL Product Overview

SCM Microsystems. Reference Manual version 1.3. SCL010 Multiprotocol contactless stationary reader

Risks of Offline Verify PIN on Contactless Cards

LSM RELEASE NOTES LOCKING SYSTEM MANAGEMENT SOFTWARE

MF0ICU2. 1. General description. MIFARE Ultralight C. 1.1 Contactless energy and data transfer. 1.2 Anticollision. Rev May

What standards ISO/CEI ISO/CEI EPC class 1 gen 2. RFID standards. ISO14443,ISO15693 and EPCGlobal. Mate SoosINRIA.

Note: A WebFOCUS Developer Studio license is required for each developer.

Modbus Communications for PanelView Terminals

TRF7960 Evaluation Module ISO Host Commands

Aperio Online System Description

Transcription:

USING MIFARE CLASSIC TAGS VERSION 100212

U s i n g M I F A R E C l a s s i c T a g s P a g e 2 TABLE OF CONTENTS 1 Overview... 4 1.1 Required Reading... 4 1.2 Document Scope... 4 1.3 MIFARE Features... 4 1.4 Accessing Memory... 4 1.5 MIFARE Classic 1k Memory Structure... 5 1.6 MIFARE Classic 4k Memory Structure... 6 1.7 MIFARE Classic Access Control Options... 7 2 Select Tag (0x0101)...10 2.1 Command Description...10 2.2 Command Structure...10 2.2.1 Flags...10 2.2.2 Fields...10 2.3 Example 1 Selecting with Auto-detect Tag Type...10 2.3.1 Request...10 2.3.2 Response...10 2.4 Example 2 Starting a Tag Session using the TID...11 2.4.1 Request...11 2.4.2 Response...11 3 Authenticate Tag (0x0201)...12 3.1 Command Description...12 3.2 Command Structure...12 3.2.1 Flags...12 3.2.2 Fields...12 3.3 Example 1 Authenticating MIFARE Classic Tags...12 3.3.1 Request...12 3.3.2 Response...12

U s i n g M I F A R E C l a s s i c T a g s P a g e 3 4 Read Tag Data (0x0102)...13 4.1 Command Description...13 4.2 Command Structure...13 4.2.1 Flags...13 4.2.2 Fields...13 4.3 Example 1 Reading MIFARE Tag Memory...13 4.3.1 Request...13 4.3.2 Response...13 4.4 Example 2 Reading different blocks within the authenticated sector....14 4.4.1 Request...14 4.4.2 Response...14 4.5 Example 3 Reading the sector trailer...14 4.5.1 Request...14 4.5.2 Response...14 5 Write Tag Data (0x0103)...15 5.1 Command Description...15 5.2 Command Structure...15 5.2.1 Flags...15 5.2.2 Fields...15 5.3 Example 1 Writing a block of data...15 5.3.1 Request...15 5.3.2 Response...15 6 Revision History...16

U s i n g M I F A R E C l a s s i c T a g s P a g e 4 1 Overview 1.1 Required Reading This document assumes you have read and are familiar with the SkyeTek Protocol V3 Reference Guide and the SkyeTek Protocol V3 Basic Examples application note. 1.2 Document Scope This application note describes commands for the MIFARE Classic family of tags created by the NXP Corporation. These tags are used in contactless smart cards and proximity cards. 1.3 MIFARE Features The MIFARE Classic card is fundamentally a memory storage device, where the memory is divided into segments and blocks with simple security mechanisms for access control. They are ASIC-based and have limited computational power. Thanks to their reliability and low cost, these cards are widely used for electronic wallet, access control, corporate ID cards, transportation and stadium ticketing. 1.4 Accessing Memory Before any memory operation can be done, the MIFARE tag must be selected and authenticated. The possible memory operations for an addressed block depend on the key used and the access configuration as set up in each sector s trailing block. The following sections describe the memory structures of the MIFARE Classic 1k and Classic 4k.

U s i n g M I F A R E C l a s s i c T a g s P a g e 5 1.5 MIFARE Classic 1k Memory Structure The MIFARE Classic 1K offers 1024 bytes of data storage, split into 16 sectors of 4 blocks, each containing 16 bytes of storage. The first block of memory is reserved for manufacturer data including the tag s UID. Each sector is protected by two different keys, called A and B, which are stored in the 4th block of each sector. Each sector key can be programmed to control the reading and writing operations within that sector. Figure 1-1 shows the memory structure of the MIFARE Classic 1k. Figure 1-1: MIFARE Classic 1k Memory Structure The addressing of the MIFARE s memory is done at the block level where each block address is sequential. For example block 2 of sector 1 is address 6. The access control for each sector is determined by the sector trailer which holds two keys as well as the access configuration bits. Additionally, access to the sector trailer itself is also determined by the access bits and therefore care must be taken to write the proper configuration during the personalization of new tags.

U s i n g M I F A R E C l a s s i c T a g s P a g e 6 1.6 MIFARE Classic 4k Memory Structure MIFARE Classic 4K offers 4096 bytes split into forty sectors, of which 32 are same size as in the 1K with eight more that are quadruple size sectors. The following figure shows the structure of the MIFARE Classic 4k memory. Figure 1-2: MIFARE Classic 4k Memory Structure

U s i n g M I F A R E C l a s s i c T a g s P a g e 7 1.7 MIFARE Classic Access Control Options The MIFARE Classic tags require key A while leaving key B as optional. If key B is not used for security it can be used for general data storage. The byte numbers for the sector trailer are shown in Figure 1-3. Figure 1-3: Sector Trailer Byte Numbering Within the access bits only 3 bytes (6,7, and 8) control the access for each block within that sector. The following figure illustrates how the individual access bits are structured. Figure 1-4: Access Control Bit Structure In Figure 1-4 the subscripts for each bit correspond to the block number within that sector to which that bit applies. In addition, each bits compliment is included for redundancy and security. Table 3 shows the access conditions for the sector trailer. NOTE MIFARE Classic Tags ship with key A set to 0xFFFFFFFFFFFF.

U s i n g M I F A R E C l a s s i c T a g s P a g e 8 Table 1-1: Sector Trailer Access Conditions MIFARE Classic tags are shipped in the transport configuration with C1 = 0, C2 = 0, and C3 = 0. In this configuration key A can be used to enable configuration of the access conditions. The access conditions for the data blocks are shown in the following table. [1] If key B may be read in the corresponding Sector Trailer it cannot serve for authentication (see grey marked lines in Table 4). As a consequences, if the reader authenticates any block of a sector which uses such access conditions for the Sector Trailer and using key B, the card will refuse any subsequent memory access after authentication. Table 1-2: Data Block Access Conditions

U s i n g M I F A R E C l a s s i c T a g s P a g e 9 For more information about value blocks, consult the tag s datasheet.

U s i n g M I F A R E C l a s s i c T a g s P a g e 10 2 Select Tag (0x0101) 2.1 Command Description This command queries a tag placed in the reader s field and returns the tag s TID (UID) in the response data. This command requires no flags to be set (except CRC if using binary communication). The returned TID is used for further communication to select a tag out of multiple tags which may be present in the reader s field. 2.2 Command Structure 2.2.1 Flags This and all binary mode request commands require that the CRC flag be set. In addition, this command has the optional flags, RF and TID. 2.2.2 Fields This command requires the basic fields shown in 2.3.1 in addition to the TID field if the TID flag is set. 2.3 Example 1 Selecting with Auto-detect Tag Type 2.3.1 Request Start Message Length Flags Command Tag Type CRC 02 0008 0020 0101 0000 F81A In this request the tag type field is set with the auto detect tag type (0x0000) and only the CRC flag set (0x0020). This causes the SkyeModule to respond with the tag type and TID of a tag in the reader field. NOTE More information about computing the CRC, tag types, commands, and flags can be found in the SkyeTek Protocol V3 Guide. 2.3.2 Response The response data from the tag depends on which MIFARE tag you are using however the general format for a MIFARE Classic 1k is illustrated below. Message Command Tag Start TID Length TID CRC Length Response Type 02 000C 0101 0212 0004 244EEDAB 8EC2 The reader s response includes the requested command indicating a successful operation, the tag type number (0x0212) which corresponds to a MIFARE Classic 1k card, and the tag s TID which must be used in the next command in order to start a session with the tag.

U s i n g M I F A R E C l a s s i c T a g s P a g e 11 2.4 Example 2 Starting a Tag Session using the TID This time repeat the select tag request while including the TID flag and RF flags as well as the TID and tag type fields. 2.4.1 Request Start Message Length Flags Command Tag Type TID Length TID CRC 02 000D 0068 0101 0212 04 244EEDAB 2BCD The flag field is now 0x0068 due to the inclusion of the TID and RF Flags. The tag type has now been changed and the TID included, indicating the tag type and specific tag we would like to start a session with. 2.4.2 Response Message Command Start Data Length Data CRC Length Response 02 0007 0101 0001 01 037F The response from the reader will include a session number in the data field which is to be included in subsequent commands in order to maintain secure communication with the tag.

U s i n g M I F A R E C l a s s i c T a g s P a g e 12 3 Authenticate Tag (0x0201) 3.1 Command Description This SkyeProtocol V3 command handles all of the authentication routines necessary to access your tags memory. 3.2 Command Structure 3.2.1 Flags This command requires the session, RF, and CRC flags 3.2.2 Fields The session number, address, and data fields are included in this request. NOTE MIFARE Classic Tags ship with key A set to 0xFFFFFFFFFFFF. 3.3 Example 1 Authenticating MIFARE Classic Tags 3.3.1 Request The following examples shows the format of an authenticate tag command for the MIFARE Classic tag using the session number returned during the second tag select command. For this example we will authenticate to block 0 in sector 0 (address 0). The RF and session flags are set and so the TID does not need to be included. Message Tag Data Start Flags Cmd Session Address Data CRC Length Type Length 02 0014 0C28 0201 0212 01 0000 0007 00FFFFFFFFFFFF A6A2 NOTE The one-byte key value shown in bold is always 0x00 for key A and is any other value (0x01-0xFF) for key B. The next bytes define the key. 3.3.2 Response Start Message Length Command Response CRC 02 0004 0201 4158 The tag responds with the sent authenticate command (0x0201) if successful. Authentication between the tag and reader will allow access to all user blocks within that block s sector unless configured otherwise. Attempting to access a block address out of the valid range will return an error and the tag will have to be re-authenticated.

U s i n g M I F A R E C l a s s i c T a g s P a g e 13 4 Read Tag Data (0x0102) 4.1 Command Description This command is used to read blocks of data from a tag. MIFARE Classic cards require that an authenticated session be established before reading tag memory. 4.2 Command Structure 4.2.1 Flags For this command we include the session, RF, and CRC flags. Note The TID flag is not required as long as the RF flag remains set. 4.2.2 Fields This command requires that a number of blocks be included in addition to an address. 4.3 Example 1 Reading MIFARE Tag Memory 4.3.1 Request Now that the tag sector has been authenticated the tag will allow read and write operations to the tags memory blocks within that sector. The following examples illustrate reading data from the tag s memory. Number STX Message Length Flags Command Tag Type Session Address CRC Blocks 02 000D 0428 0102 0212 01 0000 0001 3004 4.3.2 Response Message Command Data Start Data CRC Length Response Length 02 0016 0102 0010 244EEDAB2C88040047C11E1855004805 A6A2 The 16 byte data block returned for block 1 is the manufacturer reserved block. The first 7 bytes of the data (shown in bold) are the tags UID while the remaining blocks are for manufacturer data.

U s i n g M I F A R E C l a s s i c T a g s P a g e 14 4.4 Example 2 Reading different blocks within the authenticated sector. 4.4.1 Request To read the 2 nd block of data we issue the following command. Message Number STX Flags Command Tag Type Session Address CRC Length Blocks 02 000D 0428 0102 0212 01 0001 0001 6AD8 4.4.2 Response Message Command STX Data Length Data CRC Length Response 02 0016 0102 0010 00000000000000000000000000000000 24AF The second block of data is user data and is not defined on shipping. For our tag, the data should be zeros. 4.5 Example 3 Reading the sector trailer For the last example we ll look at the 4 th block of data (address 0x0003) which contains the sector trailer. 4.5.1 Request Message Number Start Flags Command Tag Type Session Address CRC Length Blocks 02 000D 0428 0102 0212 01 0003 0001 DF60 4.5.2 Response Sta Message Command Data Length Data CRC rt Length Response 02 0016 0102 0010 000000000000FF078069FFFFFFFFFFFF A6A2 The sector trailer contains keys A and B as well as the access control bits. Key A (underlined) always returns 0s and is never readable. Key B is shown shipped with 0xFFFFFFFFFFFF. The bits shown in bold are the access control bits. Writing an improper format to these bits will result in locking of the block, so take precaution to format this data as shown in section 1.7.

U s i n g M I F A R E C l a s s i c T a g s P a g e 15 5 Write Tag Data (0x0103) 5.1 Command Description This command is used to write data to a capable tag. Writing data to the MIFARE Classic tags can only be done with a tag in the authenticated state. See Section 3 for examples of authenticating a MIFARE Classic tag. 5.2 Command Structure 5.2.1 Flags This command requires the RF, session, and CRC flags to be set. 5.2.2 Fields This command is similar to the read tag command however data length and data fields with the bits to be written must also be included. 5.3 Example 1 Writing a block of data In this example we will populate the second memory block with some example data. 5.3.1 Request Message Tag Number Data STX Flags Cmd Session Address Data CRC Length Type Blocks Length 02 001F 0C28 0103 0212 01 0001 0001 0010 X 4AF1 [X = CAFEDEADBABEFADE1122334455667788] The data X was chosen arbitrarily but must be 16 bytes long. The response data will include the write tag command indicating a success as shown below. 5.3.2 Response Start Message Length Data CRC 02 0004 0103 4882 You can now issue a read tag command again to see your data written to the block. That concludes this application note describing how to select, authenticate, and perform memory operations with MIFARE Classic tags.

U s i n g M I F A R E C l a s s i c T a g s P a g e 16 6 Revision History Revision Author Change 100212 Ryan Smith Initial release. Table 6-1: Revision History

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information