Locked NFC tag can still be formatted?

0
votes

We are testing NFC tags for public places with simple URL.

I have a NXP Mifare Ultralight EV1 card. Writing and reading worked as expected. Then I put desired URL on the tag and locked it. (permanent write-protection).

I couldn't write to it after, but I could still "Memory format" the tag (with iOS app NFC Tools).

This removed the URL but since the tag is locked, it won't allow me to write to it again.

Does this mean, I can't trully protect NFC tags and anybody with this app can format them?

Is this card unusable now?

Should I choose different NFC type to prevent this?

SCREENSHOTS: https://imgur.com/a/qJmXCdJ

1
nfcmifare
When you say "locked it", the NFC specification for the card has no such term, you can remove write access in the Capability Container or you can password protect the card, which did you do? The value of last byte of Page 4 will tell you which you did.Andrew
That would be the first, I "permanently write-protected" it with the desired URL, then "Memory formated". Sorry, I don't really know where to look, so I took screenshots of what it reads right now in the App: imgur.com/a/qJmXCdJGabriel Uhlíř

1 Answers

1
votes

From the Capability Container it looks like a Tag and with the Capability Container security set to prevent write access.

So at the hardware level setting this type of write access is irreversible BUT this type of Tag does not seem to be listed as NFC compliant but it does seem to be compatible with the NFC Type 2 specification.

The NFC Type 2 specification does not specifically say whether this protection should be enforced at the hardware level or software level BUT as this Tag is not listed as NFC Type 2 complaint in it's datasheet then this might be the cause of the funny behaviour as it only seem to be NFC Type 2 compatible.

So to answer the question "I can't trully protect NFC tags"
I would not use Capability Container security access field ("Lock Tag") to prevent writing even on a compliant card. Instead set a Password on the Tag and set the Password to protect write access.
This achieves the same end goal of normal users not being able to write to the Tag and is definitely implemented at the hardware level and not not reliant on specification that this Tag does not says it is complaint with (and that might be implemented in compliant software). But is also reversible IF you know the password.

To answer the question "Is this card unusable now?"
Unknown but likely you will get varied results with different hardware and software so best to not use this particular Tag.

To answer the question "Should I choose different NFC type to prevent this?"
As you seem to be writing NFC Forum specification NDEF data to the Tag it might be wise to use a Tag that is fully compliant to the NFC Forum's Tag specifications as this might provide better compatibility with all NFC Forum compliant reading hardware. A similar Tag that is fully compliant is the NTAG 21x series.

Update I think the main problem with that card is page for the "Capability Container" comes blank from the factory and therefore could be used for other purposes. Which means the card hardware cannot be certain that a value in that page means lock the card, therefore it cannot implement that locking in hardware.

Where as a compliant card must come from the factory with a correct initialised "Capability Container" therefore the card can guarantee the meaning of these values and correctly lock the card if the right value is set.