Mifare tags

Tag info

HF Tag B:

1x Mifare 1K

1x Mifare 4k

1x Mifare Ultralight Tag

LF Tag Bundle: 

EM4100

1x HID 1326 ProxCard II

1x T5577 Tags

There are also types:
“Mifare Classic 4k”
“Mifare Mini” each having a different memory size.
“Mifare Classic 1k” tag. 1k stands for the size of data the tag can store.
MIFARE Ultralight

RFID Technologies
HID iClass (13.56 MHz)
HID ProxCard (125 kHz)
EM4100x (125 kHz)
MIFARE Classic (13.56 MHz)

Manufacturer	Product	ATQA	SAK	ATS (called ATR for contact smartcards)	UID length
NXP	MIFARE Mini	00 04	09		4 bytes
	MIFARE Classic 1k	00 04	08		4 bytes
	MIFARE Classic 4k	00 02	18		4 bytes
	MIFARE Ultralight	00 44	00		7 byte
	MIFARE DESFire	03 44	20	75 77 81 02 80	7 bytes
	MIFARE DESFire EV1	03 44	20	75 77 81 02 80	7 bytes
IBM	JCOP31	03 04	28	38 77 b1 4a 43 4f 50 33 31	4 bytes
	JCOP31 v2.4.1	00 48	20	78 77 b1 02 4a 43 4f 50 76 32 34 31	7 bytes
	JCOP41 v2.2	00 48	20	38 33 b1 4a 43 4f 50 34 31 56 32 32	7 bytes
	JCOP41 v2.3.1	00 04	28	38 33 b1 4a 43 4f 50 34 31 56 32 33 31	4 bytes
Infineon	MIFARE Classic 1k	00 04	88		4 bytes
Gemplus	MPCOS	00 02	98
Innovision R&T	Jewel	0C 00
Nokia	MIFARE Classic 4k - emulated (6212 Classic)	00 02	38		4 bytes
	MIFARE Classic 4k - emulated (6131 NFC)	00 08	38		4 bytes

Tools: 

MIFARE Classic RFID-Tags - https://github.com/ikarus23/MifareClassicTool

About:
Mifare Classic in general is stated insecure, because it’s encryption protocol has been cracked. More detailed Information about this can be found in the following links:

A Mifare Classic 1k tag contains 16 sectors. Each of these sectors has 3 blocks of data storage and 1 block for storing the secret access keys and access controls. Each block contains 16 bytes of data. Before reading a sector, the reader must authenticate to the tag with a secret access key. Each sector has two keys: Key A and Key B Each of the 16 sectors can define it’s own access right and wich key is needed for a particular action. As an example you can define to use Key A for reading the block and Key B for writing to it. Sector 0 Block 0 also contains a non changeable UID (the tags unique ID) and some manufacturer data. This section is only writeable on some special chinese tags.

About:

 MF1S50yyX/V1

• Authentication: Preceding any memory operation the authentication procedure ensures that access to a block is only possible via the two keys specified for each block
• Crypto unit: The CRYPTO1 stream cipher of the MF1S50yyX/V1 is used for authentication and encryption of data exchange. • EEPROM: 1 kB is organized in 16 sectors of 4 blocks. One block contains 16 bytes. The last block of each sector is called “trailer”, which contains two secret keys and programmable access conditions for each block in this sector.

8.2.4 Three pass authentication
After selection of a card the reader specifies the memory location of the following memory access and uses the corresponding key for the three pass authentication procedure. After a successful authentication all commands and responses are encrypted. Remark: The HLTA command needs to be sent encrypted to the PICC after a successful authentication in order to be accepted.

8.2.5 Memory operations
After authentication any of the following operations may be performed:

• Read block 
• Write block 
• Decrement: Decrements the contents of a block and stores the result in the internal Transfer Buffer 
• Increment: Increments the contents of a block and stores the result in the internal Transfer Buffer 
• Restore: Moves the contents of a block into the internal Transfer Buffer 
• Transfer: Writes the contents of the internal Transfer Buffer to a value block

8.4 Three pass authentication sequence

1. The reader specifies the sector to be accessed and chooses key A or B. 
2. The card reads the secret key and the access conditions from the sector trailer. Then the card sends a number as the challenge to the reader (pass one). 
3. The reader calculates the response using the secret key and additional input. The response, together with a random challenge from the reader, is then transmitted to the card (pass two). 
4. The card verifies the response of the reader by comparing it with its own challenge and then it calculates the response to the challenge and transmits it (pass three). 
5. The reader verifies the response of the card by comparing it to its own challenge. After transmission of the first random challenge the communication between card and reader is encrypted.

8.6.1 Manufacturer block
This is the first data block (block 0) of the first sector (sector 0). It contains the IC manufacturer data. This block is programmed and write protected in the production test. The manufacturer block is shown in Figure 6 and Figure 7 for the 4-byte NUID and 7-byte UID version respectively.


The MF1S50yyX/V1 product family offers two delivery options for the UID which is stored
in block 0 of sector 0.

• 7-byte UID
• 4-byte NUID (Non-Unique ID)

Vilniečio kortele:
UID: ** ** ** ** (4 byte)
RF technology: ISO/IEC 14443,Type A
Tag type: MIFARE Classic 4k, NXP / ISO 14443-3a
Memory size: 4096 byte
Block Size: 16 byte
Number of sectors: 40
Number of blocks: 256

MF1S7035DUC: MIFARE® Classic 4K - Mainstream contactless smart card IC for fast and easy solution development

1.3 Security

• Manufacturer programmed 4 byte Non-Unique IDentifier (NUID) for each device
• Mutual three pass authentication (ISO/IEC DIS 9798-2)
• Individual set of two keys per sector to support multi-application with key hierarchy
• Features
• Contactless transmission of data and supply energy
• Operating distance up to 100 mm depending on antenna geometry and reader configuration
• Operating frequency of 13.56 MHz
• Data transfer of 106 kbit/s
• Data integrity of 16-bit CRC, parity, bit coding, bit counting
• Anti-collision
• Typical ticketing transaction time of less than 100 ms (including backup management)

2.1 EEPROM

• 4 kB, organized in 32 sectors of 4 blocks and 8 sectors of 16 blocks (one block consists of 16 byte)
• User definable access conditions for each memory block
• Data retention time of 10 years
• Write endurance 100.000 cycles

Memory layout of a Mifare Classic tag

The MIFARE Classic 1K offers 1,024 bytes of data storage, split into 16 sectors; each sector is protected by two different keys, called A and B. Each key can be programmed to allow operations such as reading, writing, increasing value blocks, etc. 

MIFARE Classic 4K offers 4,096 bytes split into forty sectors, of which 32 are same size as in the 1K with eight more that are quadruple size sectors. 

MIFARE Classic mini offers 320 bytes split into five sectors. For each of these card types, 16 bytes per sector are reserved for the keys and access conditions and can not normally be used for user data. Also, the very first 16 bytes contain the serial number of the card and certain other manufacturer data and are read only. That brings the net storage capacity of these cards down to 752 bytes for MIFARE Classic 1K, 3,440 bytes for MIFARE Classic 4K, and 224 bytes for Mini. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.

Meanings:

• 1K and  4K are memory version,
• UID
• A UID is not a “serial number”, but a unique identifier. There is no recommendation how to turn the array of bytes into an integer.`
• “UID” is a common expression, defined in the ISO/IEC 14443-3. In some case the UID is even not unique like RID, NUID (FNUID and ONUID) see below
• The 4 byte UID is called “Single Size UID”, too. The 7 byte UID is called “Double Size UID”, too. The 10 byte UID is called “Triple Size UID”, too.
• 1 byte = 2 Hex-Characters
• 1 Hex-Characters = 4 bits 
• Sectors
• Sector 0 = Blocks 0 to 3
• Sector 1 = Blocks 4 to 7
• Sector 2 = Blocks 8 to 11
• 1 Sector = 16 byte = 32 Hex-Characters = 128 bits

Magic tags

• magic tag generation 1,  needs special chinese backdoor commands.  These are 7bits cmds and NFC enabled phone can not use them.
• magic tag generation 2.  Only need a normal write command to write to block0. NFC enabled phones can use this one, but some phones might not be able to write to block 0 because of software limits anyway.
• A Gen2 tag can be bricked quite easily and Gen1 tags is easily identified as magic so countermeasures in valid readers exists.

Questions:

 MIFARE Classic MF = The MF1S50yyX/V1 ???

Resources

Software + hardware:
Wiki free nfc tools - http://nfc-tools.org/index.php?title=ISO14443A
Hardvare + Software + tutorials - https://github.com/micolous/metrodroid/wiki/Cracking-keys
Multiple cards - Chamelion - https://shop.kasper.it/chameleonmini/170/chameleonmini-revg-color
Mifare Classic - https://github.com/nfc-tools/mfoc

NFC tools:
Locale NFC Plugin - https://play.google.com/store/apps/details?id=se.badaccess.locale.nfc&hl=en

Tutorial:
https://firefart.at/post/how-to-crack-mifare-classic-cards/

Info:

MIFARE Classic MF  datasheet - https://www.nxp.com/docs/en/data-sheet/MF1S50YYX_V1.pdf 
https://en.wikipedia.org/wiki/MIFARE
https://forum.xda-developers.com/showthread.php?t=1706057&page=6
Forum - http://www.proxmark.org/forum/viewtopic.php?id=1829
About  Proxmark3 - https://www.youtube.com/watch?v=W22juSqhJSA
About magic cards - http://www.proxmark.org/forum/viewtopic.php?id=3793
Xda NFC forum - https://forum.xda-developers.com/hardware-hacking/nfc