How to do authentication for MIFARE Ultralight C on Android

Question

I used an android APP (NFC tag info by NXP) to read my MIFARE Ultraglith C tag and it shows the tag has NXP default key "BREAKMEIFYOUCAN!" on page 0x2C to 0x2F. But I was still failing to authenticate this tag use this key.

    // NXP default key: BREAKMEIFYOUCAN! (16 bytes)
    byte[] mifareULCDefaultKey = { (byte) 0x49, (byte) 0x45,
            (byte) 0x4D, (byte) 0x4B, (byte) 0x41, (byte) 0x45,
            (byte) 0x52, (byte) 0x42, (byte) 0x21, (byte) 0x4E,
            (byte) 0x41, (byte) 0x43, (byte) 0x55, (byte) 0x4F,
            (byte) 0x59, (byte) 0x46 };

In details, I got following result:

1st authentication command: 1A00

response of 1st authentication command: AFCCF489BFB7B98605

ek(RndB): CCF489BFB7B98605

IV 1: 0000000000000000

RndB: 6183511C5B7EF046

RndA: 6E262630E299F94F

RndB': 83511C5B7EF04661

RndA || RndB': 6E262630E299F94F83511C5B7EF04661

IV 2: CCF489BFB7B98605

ek(RndA || RndB'): AB7AF6C6E76675F52B9FF40021A8E2D6

2nd authentication command: AFAB7AF6C6E76675F52B9FF40021A8E2D6

But I still got "Transceive failed" IOException after sending 2nd authentication command. I'm sure the tag is still connected before sending 2nd authentication command.

I have cost 8+ hours on this issue, but still cannot move ahead. Anyone can help?

Santa Teclado Santa Teclado · Accepted Answer · 2015-07-15T14:06:39

I had the same problem. The problem is that you are using the wrong Diversified Key for Authentication.

How to do authentication for MIFARE Ultralight C on Android

1 Answers