Password-protect a Mifare Classic 1K (passive NFC tag) with an AVR and RC522

Log in or register to post comments
Go To Last Post
10 posts / 0 new
Author
Message
lcruz007
lcruz007's picture
Level: Hangaround
Joined: Sun. Mar 8, 2009
Posts: 151 View posts
#1
Posted by lcruz007: Tue. Feb 20, 2018 - 01:14 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

So I am using this library: https://github.com/ekapujiw2002/... with an Atmega328P reading and writing to the Mifare 1k classic NFC tag using the RC522 chip. The tag's datasheet can be found here: https://www.nxp.com/docs/en/data...

 

However... No where in the datasheet I've found how to password-protect it (so that nobody can write to it unless a password is provided).

 

At the library, this is the authentication method used:

/*
* Function Name : MFRC522_Auth
* Description : Verify card password
* Input parameters : authMode - Password Authentication Mode
0x60 = A key authentication
0x61 = B key authentication
BlockAddr - block address
Sectorkey - Sector password
serNum - card serial number, 4-byte
* Return value: the successful return CARD_FOUND
*/
uint8_t mfrc522_auth(uint8_t authMode, uint8_t BlockAddr, uint8_t *Sectorkey, uint8_t *serNum)
{
	uint8_t status;
	uint32_t recvBits;
	uint8_t i;
	uint8_t buff[12];

	// Validate instruction block address + sector + password + card serial number
	buff[0] = authMode;
	buff[1] = BlockAddr;
	for (i = 0; i<6; i++)
	{
		buff[i + 2] = *(Sectorkey + i);
	}
	for (i = 0; i<4; i++)
	{
		buff[i + 8] = *(serNum + i);
	}
	status = mfrc522_to_card(PCD_AUTHENT, buff, 12, buff, &recvBits);
	i = mfrc522_read(Status2Reg);

	if ((status != CARD_FOUND) || (!(i & 0x08)))
	{
		status = ERROR;
	}

	return status;
}

 

The only things I see there that must be provided is the block address, the serial number and the sector key. How should I:

 

1) Set a password to the NFC tag

2) Once set, use that password (provide it in the mfrc522_auth function.

 

Have anyone used Mifare classic before? Any ideas?

Tags:

Learning and Information, General Electronics, nfc, MFRC522, ATmega328P
Last Edited: Tue. Feb 20, 2018 - 03:58 PM
Top
awneil
awneil's picture
Level: 10k+ Postman
Joined: Fri. Jul 1, 2005
Posts: 21318 View posts
Location: Basingstoke, Hampshire, UK
Posted by awneil: Tue. Feb 20, 2018 - 02:29 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Surely, this is a question that you need to ask NXP ?

 

 

lcruz007 wrote:
No where in the datasheet I've found how to password-protect it

So what makes you think that it has that facility at all?

 

EDIT

 

In fact, there is no mention of write-protection at all anywhere in that datasheet (other than the factory write-protect).

Top Tips:

  1. How to properly post source code - see: https://www.avrfreaks.net/comment... - also how to properly include images/pictures
  2. "Garbage" characters on a serial terminal are (almost?) invariably due to wrong baud rate - see: https://learn.sparkfun.com/tutorials/serial-communication
  3. Wrong baud rate is usually due to not running at the speed you thought; check by blinking a LED to see if you get the speed you expected
  4. Difference between a crystal, and a crystal oscillatorhttps://www.avrfreaks.net/comment...
  5. When your question is resolved, mark the solution: https://www.avrfreaks.net/comment...
  6. Beginner's "Getting Started" tips: https://www.avrfreaks.net/comment...
Last Edited: Tue. Feb 20, 2018 - 02:30 PM
Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 24768 View posts
Location: Melbourne,Australia
Posted by Kartman: Tue. Feb 20, 2018 - 04:59 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I would normally use an app on my Android tablet to set the sector keys.

Top
lcruz007
lcruz007's picture
Level: Hangaround
Joined: Sun. Mar 8, 2009
Posts: 151 View posts
Posted by lcruz007: Tue. Feb 20, 2018 - 08:57 PM (Reply to #3)
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

So the sector keys are basically the password?

Top
lcruz007
lcruz007's picture
Level: Hangaround
Joined: Sun. Mar 8, 2009
Posts: 151 View posts
Posted by lcruz007: Tue. Feb 20, 2018 - 08:57 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

awneil wrote:

Surely, this is a question that you need to ask NXP ?

 

 

lcruz007 wrote:
No where in the datasheet I've found how to password-protect it

So what makes you think that it has that facility at all?

 

EDIT

 

In fact, there is no mention of write-protection at all anywhere in that datasheet (other than the factory write-protect).

 

Well but I can do it with an Android app, I just tried... I can set a password there. It should be possible.

Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 24768 View posts
Location: Melbourne,Australia
Posted by Kartman: Tue. Feb 20, 2018 - 09:46 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The sectors have two encryption keys. You can call this a password if you like, but they are fixed length. Key is the correct term. If you wanted a variable length password string then you would hash the string to derive the key.

Last Edited: Tue. Feb 20, 2018 - 09:51 PM
Top
lcruz007
lcruz007's picture
Level: Hangaround
Joined: Sun. Mar 8, 2009
Posts: 151 View posts
Posted by lcruz007: Tue. Feb 20, 2018 - 11:25 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Kartman wrote:
The sectors have two encryption keys. You can call this a password if you like, but they are fixed length. Key is the correct term. If you wanted a variable length password string then you would hash the string to derive the key.

 

interesting... So it's just a matter of editing these sectors and changing the default keys? That way, no one could see the keys even if they read the sectors because they are encrypted. Is that right? 

 

 

Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 24768 View posts
Location: Melbourne,Australia
Posted by Kartman: Tue. Feb 20, 2018 - 11:42 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

If my memory serves me right, you need to send the correct key in order to read the sector otherwise the card will return an error.

Top
lcruz007
lcruz007's picture
Level: Hangaround
Joined: Sun. Mar 8, 2009
Posts: 151 View posts
Posted by lcruz007: Wed. Feb 21, 2018 - 01:17 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Kartman wrote:
If my memory serves me right, you need to send the correct key in order to read the sector otherwise the card will return an error.

 

Interesting... I'll play around with the sector keys then. Thank you so much!

Top
Kartman
Kartman's picture
Level: 10k+ Postman
Joined: Thu. Dec 30, 2004
Posts: 24768 View posts
Location: Melbourne,Australia
Posted by Kartman: Wed. Feb 21, 2018 - 03:34 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Nxp have a library that supports their cards and reader chips. It might be a bit too much for the AVR, but the code is modular and you might be able to use some of its functions- its all in C. They’ll be functions to write the keys etc.

Top