1
votes

I'm using an ACR 1255U-J1 as external reader connected through Bluetooth. The library I use to access the reader is acsbt-1.0.0preview7. I use the following commands to authenticate to sector 1 (block 4) of a MIFARE Classic tag:

FF 82 0000 06 FFFFFFFFFFFF
FF 86 0000 05 01 00 04 60 00

When I authenticate to an empty MIFARE Classic tag (with manufacturer default configuration), I receive the response status word 9000. This indicates that authentication was successful.

However, when I try to authenticate to a MIFARE Classic tag that has been formatted for use as an NDEF tag, the returned status word is 6300.

Is there a difference between tag formats to authenticate?

1
Given that you use an APDU from the PC/SC memory access command set, I assume that you do not use the standard Android NFC API. Thus you need to provide some more information: What reader do you use? What framework do you use to access the reader? What tag type / tag product do you use as "NDEF tag"?Michael Roland
Hi Michael, i updated the information. I don't using Android NFC API because it's an external NFC reader.Lucas Moretto
Okay, then what key did you configure the reader to use as authentication key?Michael Roland
FF 82 00 00 06 FF FF FF FF FF FFLucas Moretto

1 Answers

7
votes

The status word 6300 indicates that authentication fails. Thus you are most likely using the wrong key for authentication.

You currently try to authenticate with key A (0x60) with the key value FFFFFFFFFFFF to sector 1 (0x04, since it starts at block 4).

NXP's proprietary NDEF mapping specification defined in the following datasheet is used when a MIFARE Classic tag is formatted for use as an NDEF tag:

That NDEF mapping changes the access keys to well-defined values:

  • MAD sector 0 (and sector 16 on 4K cards):

    • Key A will be set to A0A1A2A3A4A5.
    • Key B may be set to any value. Android, for instance, will leave it at the default value FFFFFFFFFFFF.
    • Access conditions may be set to either allow read/write access with both keys or to allow read-only access with key A and read/write access with key B.
  • NDEF sectors (as declared in the MAD, within the range 1..15 (and 17..39 on 4K cards)):

    • Key A will be set to D3F7D3F7D3F7.
    • Key B may be set to any value. Android, for instance, will leave it at the default value FFFFFFFFFFFF.
    • Access conditions may be set to either allow read/write access with both keys or to allow read-only access with key A and read/write access with key B.
  • Other sectors (as declared in the MAD, within the range 1..15 (and 17..39 on 4K cards)) that are not used for the NDEF mapping:

    • Keys and access conditions are set to their application-specific (or default) values and are not touched by the NDEF mapping specification.

Thus, as the tag uses the NDEF mapping and you try to authenticate to the first NDEF sector, you would instead need to use the NDEF key A with the value D3F7D3F7D3F7 instead:

FF 82 0000 06 D3F7D3F7D3F7
FF 86 0000 05 01 00 04 60 00

Note that depending on the configuration of the access bits you might only have read access with key A.