NFC
Main Fields
Main FieldsThese fields are part of the NFC protocol and are used to identify and configure the NFC tag:
UID (Unique Identifier):
A unique identifier for the
NFCtag. It’s like a serial number.
ATQA (Answer to Request)
Indicates the tag’s type and capabilities.
Different types of tags have different security models.
For instance,
Mifare Classicuses a key-based system for access control, whileNTAGmay use simpler memory segmentation.
SAK (Select Acknowledge)
Confirms the tag’s type and protocol compatibility.
This byte indicates the tag’s status in response to a request.
It’s often used in combination with
ATQAto determine access rights and compatibility with certain devices or reader types.
Signature
A cryptographic signature used for authentication (optional).
Mifare version
Indicates the version of the
Mifareprotocol used by the tag.In
Mifaretags, each memory sector can be individually protected by keys.These keys (often referred to as
Key AandKey B) can be used to lock down access to specific sectors, allowing different users or systems to read or write only certain sections based on the permissions associated with the keys.
Counters and Tearing Flags
Counters and Tearing FlagsCounters
Counters These are
32-bitcounters that can be used to track how many times theNFCtag has been read or written.Each counter has a
tearing flag.
Tearing Flags
Tearing FlagsThese are
8-bitflags used to prevent tearing (partial writes) during a write operation.Tearing occurs when power is lost during a write, leaving the tag in an inconsistent state.
The tearing flags help ensure that writes are atomic (either fully completed or not at all).
Tag Pages
Tag PagesThe data is stored in hexadecimal format, and each page typically contains 4 bytes of data.
Metadata Tags
Metadata TagsPages 0-6 contain critical metadata and configuration data. Here’s a breakdown of what each page typically stores:
Page 0: Contains theUID (Unique Identifier).The
UIDis a unique serial number assigned to the tag during manufacturing.
Page 1-2: Contain theCapability Container (CC)and other configuration data.The
CCdefines the tag’s memory size, supported features, and access permissions.
Page 3: Often containslock bitsor additional configuration.Lock bitsdetermine which parts of the tag’s memory are read-only or writable.For tags that require tamper-proof data, this feature can be crucial. Once locked, a section of memory cannot be altered, which can prevent malicious or accidental modifications.
Page 4-6: May contain additional metadata, such asmanufacturer dataorsignature.These pages are often used for tag-specific data or reserved for future use.
Data Tags
Data TagsWhen concatenated, these pages form the URL: youtu.be/dQw4w9WgXcQ, which is the classic Rickroll:
Page 7:79 6F 75 74→youtPage 8:75 2E 62 65→u.bePage 9:2F 64 51 77→/dQwPage 10:34 77 39 57→4w9WPage 11:67 58 63 51→gXcQ
Termination Marker
Termination Marker This marker tells the NFC reader where the useful data ends, so it doesn’t try to interpret the empty pages as part of the data message -->
FE 00 00 00
Cryptographic Protection
Cryptographic ProtectionSymmetric Encryption (Shared Secret Key): In this system, both theNFCtag and the reader share the same key. The tag and the reader must first authenticate the key before communication occurs.Asymmetric Encryption (Public/Private Key): In more advanced systems,NFCtags may use asymmetric encryption, where the reader has a public key and theNFCtag has a corresponding private key.Hardware security modules (HSMs)are sometimes used to store these keys securely on the reader or the tag itself.
Last updated