I am a software developer so I have quite a lot of reading to do on hardware. My questions is this :
My goal is to create an RFID tag that has dynamic data. So I plan to use a microcontroller to be the processor and input data to an RFID module. I have did some research on RFID in general, is it actually possible to change RFID/NFC tag values via wiring instead of and RFID writer?
I really hope someone could give me some guidiance on this.
There are commercial ICs available from different manufacturers - e.g. NXP's NTAG I2C or ST's ST25 Dynamic NFC Tags.
You can connect them to your µController and share data to a phone. Most conveniently in the form of an NDEF message, as this can be read by iPhones as well.
Also the other direction (phone to µC) works, e.g. for configuration or firmware upload purposes (restricted to Android).
Commercial rfid tags generally have a manufacturer assigned ID (similar to a MAC address. Additionally, programmable tags have a raw memory that you can directly write bytes into sections.
When you read one with a reader, you'll get back this ID and the byte contents of the section you ask for.
A more typical use would be using the id to access a dataset stored somewhere else. Storing data locally isn't impossible though, you can also get write once types, each memory section can't be overwritten. The accrual memory capacity tends to be extremely small, like long url only.
Related
First, I want to apologize. I am complete noob in this area and many of my thoughts are probably misleading.
I need to verify that a user of my app is on a specific place in order to be authirized to perform an action. I want to use NFC for this purpose. The user have to put his smartphone by a NFC tag in order to be authorized to perform the action. Easy but I need it to be reasonably hackerproof. It means that the NFC tag must be impossible to clone without physical damage to the plastics around the NFC chip. It also means that the NFC chip must not contain only static data. The NFC chip must contain an app, that can receive some data (cryptographic challenge) and signs them using secure built-in private key (which must be unreadable through NFC interface). When the user wants to perform the action, he will ask server for the challenge, then he lets the chip to sign it, and then he sends the signed challenge back to the server which will verify the signature using known public key. This should be achievable using NFC JavaCard. But do these NFC JavaCards actually exist? I wasn't able to find a company which would be able to produce such NFC tags for me. When I try to explain my requirements to a NFC tags producer he looks like he has never heard of NFC JavaCards. I have tried about 10 producers without luck.
Can a commonly available chip meet my requirements? I mean a chip from the Mifare familly. I suspect that Mifare DESfire might be able to meet my requirements, but I am not sure.
Feel free to respond with an advertisement, because relevant advertisement is exactly what I look for :)
I try to collect some useful facts:
NFC is a very broad term, just finding that on both sides does not ensure interoperability.
Any ISO 14443 (one of the NFC flavours) compliant smart card with crypto functionality should be usable. Note, that a card with native OS may be a viable alternative to a JavaCard, since the functionality to sign a random number is pretty standard.
Any smart phone sporting a NFC chip can address such a card in principle. Unfortunately this is strongly dependent on the OS of the smart phone, for Android the relevant class to use is IsoDep, which gives you the APDU interface. After triggering the "card enters field" event, then the app receives a handle, via which further communication can take place.
Real smart cards can't be cloned, since you are not able to dump them; especially keys can't be read.
Now some things to consider:
Your approach looks unusual, which might become a problem. (To have a portable card somehow fixed to a wall, just to get the location; so you know where somebody is, but not who? While I don't consider cloning to be an issue, you somehow must ensure destruction in case of a theft attempt, which may collide with the distance topic below.)
I don't see, where the server comes into play. If not involved in the authorized action, provision of a random number is not sufficient reason.
Asymmetric key operations have a comparatively high power consumption, and this power has to be supplied via the electric field. This severely limits the distance between card and phone and may even require direct touch. While a power supply of its own would solve the issue in principle, it is not what ISO-14443 was designed for.
Yes JavaCards do exist.
https://github.com/OpenJavaCard/openjavacard-ndef is a project makes these JavaCards to output standard NDEF messages (thought note issue 4 in that there example uses the wrong APDU but that is easily changed)
This project also give a number of cards it is fully working and tested for
ACS ACOSJ - fully working
NXP JCOP J3D040/J3D081/J2E145 etc - fully working
Both ACS and Cardlogic do cards (just google the model numbers)
e.g.
https://www.acs.com.hk/en/products/405/acosj-java-card-combi/
https://www.smartcardfocus.com/shop/ilp/id~707/j3a081-80k/p/index.shtml
The answer a was looking for is not a chip which runs a custom code. Although this might be possible it is definitely not the best way to achieve the target.
I was looking for a solution that enables strong authentication using NFC data. There might be multiple chips that offers this, but probably the most available chip is NTAG 424 DNA TT. It works like this:
The chip has a memory, which is not readable through NFC. Private key is stored there.
The chip has a read counter. It increments everytime the data are read through NFC.
The chip can generate an AES-128 signature of string UID (chip serial number) + counter using the private key in the inaccessible part of the memory.
The chip can dynamicaly inject the data above into a URL that is stored in the readable memory.
So the solution will be like (I am waiting for delivery of NFC tags right now, so I don't know for sure yet):
Read the tag UID (serial number) and the actual counter value (should be 0 on an unused tag)
Generate the key-pair
Load private key to the chip
Load some data (URL, eg: https://my.app/) to the chip
Store UID, public-key, last-counter on the server
Configure the chip to inject UID, counter, signature to the URL stored on the chip
When a client reads the data, they should contain required variables, eg: https://my.app/?counter=1&uid=ff:ff:ff:ff&signature=xyz. Then on the server:
Fetch stored info (public-key, last-counter) using uid as a primary key
verifies the signature
verifies the counter that must be > last-counter
stores counter as the last-counter
successfully authorized
Is anyone able to hack this without reading the hidden memory of the chip which would require physical tampering with the chip?
I have a nfc card which supports multiple technologies. (For example NfcA,MifareClassic, ISOdep). I want to understand what technology has been used to write to the tag.
Are these technologies independent? I mean can I use mifareclassic to write some data and use NfcA (or ISOdep) to read that data?
Or these technologies each have their own memory?
I have been reading a lot about this subject last few days but have not found a good reference.
I also did some tests myself. I wrote an android app to write a NdefMessage to a tag. and I found the corresponding data bytes when I used MifareClassic APIs to dump the memory.
I took a look at the code inside MifareClassic library, and found out that all of the relative functions(e.g readblock,writeblock) create a byte array and pass it to transceive(). In android documention it is mentioned that calling MifareClassic.transceive is the same as calling NfcA.transceive.
which is a bit ironic since it is mentioned in NfcA documents that NfcA and MifareClassic are not the same and they have different transmission protocols.
another thing that I realized was that Ndef is not a protocol by itself. it a standard format to store data. apparently Ndef class has different implementations for different tags. on a MifareClassic tag you can only use Ndef class to write data to it if the tag is using the default keys. otherwise you will not be able to write to the tag.
I have one stupid question. I have mifare classic tags (1k). I want to hide content of this card (any data stored there). How to do it?
What about ndef records?
MFC (MiFare Classic) got reverse engineered completely, so storage should be considered read-write, and clear text, copiable/clonable, etc.
If you can afford encryption of the payload before putting it on the card, you may be able to make data confidential, but not "hide" it: third parties will be able to tell card is not blank, but will not be able to tell what is actually stored.
NDEF wont help you there.
MIFARE Classic allows to store data in sectors, which can be access protected. So authentication with the sector key needs to be done before any read operation (if configured that way).
"Generic" apps like NFC TagInfo usually try out "well-known" keys, before declaring a sector content "unknown". They don't try to hack the keys.
You can also use more advanced products, like MIFARE Plus or MIFARE DESFire, which both use AES cryptography for authentication and data encryption.
As part of my university project I am trying to read NFC data (13.56MHz) at a longer range (~60 cm). I have already developed code that reads data from the card at close proximity, using libnfc and a standard USB based NFC reader.
I am facing the challenge to read data from distance. All the information I have seen out there seems to be a few years old with unsupported hardware.
My initial thoughts were to try to find a NFC reader that I could just plugged a bigger antenna, as you can do with 802.11 wireless technology...
I would appreciate some tips on how to achieve my goal, what type of hardware would I need? And could I still use libnfc and my code?
Cheers
The current state of the NFV standard relates to the RFID standard ISO14443, which is a shortrange system. The NFC forum works on adding ISO15693 to the NFC standard, which allows longrange applications. Some NFC devices do support ISO15693 already.
With a proper longrange reader and a large antenna, 60cm with ISO15693 tags is possible.
However, aside of the type of RFID used in the tags, there is also the issue of the RF power for the reader antenna. A mobile device, like a phone, does not have enough energy to power a longrange antenna to read over 60cm distance.
Do RFID tags have a "real" processor capable of simple computations? If so, what is the processing power of nowadays RFID processors?
That depends.. RFID is a very broad field.
There are very simple tags that really only send back their ID when activated using a fixed function logic. I doubt many of them are still in use.
And then there are very sophisticated ones that even run programs written in JAVA and have crypto-processors and other funky stuff built in.
One example of this is the SmartMX Mifare card from NXP.
http://en.wikipedia.org/wiki/MIFARE
Note: Don't confuse active and passive tags with processor/no processor tags. A tag is active if it has it's own power supply. That does not imply that it has a processor and vice versa.
They do not. They're just an antenna hooked to a data-providing chip, powered by the external radio waves of a reader.
Neither I do know of any RFID with real processing capabilities. However according to Wikipedia description of RFID "[m]ost RFID tags contain at least two parts. One is an integrated circuit for storing and processing information...".
http://en.wikipedia.org/wiki/Radio-frequency_identification