6

I have a card reader that always report 64 bits, and can read cards with 4 or 7 byte UIDs.

As an example, I see it can report:

  • 04-18-c5-82-00-00-00-00 - a 4-byte UID in the form uid0-uid1-uid2-uid3-00-00-00-00
  • 04-18-c5-82-f1-3b-81-00 - a 7-byte UID in the form uid0-uid1-uid2-uid3-uid4-uid5-uid6-00

What prevents a 7-byte UID from having uid4, uid5 and uid6 set to zero? Is this covered in a spec? If so, which spec?

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
bbaker
  • 61
  • 1
  • 1
  • 2

4 Answers4

3

What prevents a 7-byte UID from having uid4, uid5 and uid6 set to zero?

Nothing. The format of the UID (as used by MIFARE cards) is defined in ISO/IEC 14443-3. Specifically for MIFARE cards, NXP has (or at least had?) some further allocation logic for 4 byte UIDs, but that's not publicly available.

Is it possible to distinguish the two cases?

If the reader outputs the UIDs exactly in the form that you showed in your example, then the answer is no (at least not reliably). However, some readers output the UID on 8 bytes and include the cascade tag for 7-byte-UIDs. Thus, all 7-byte-UIDs start with 0x88 for those readers. This does not seem to be the case with your reader.

Are there possible strategies to distinguish the two cases?

Some strategies come to my mind to distinguish 4-byte-UIDs from 7-byte-UIDs.

  1. The first byte of a 7-byte-UID is the manufacturer code (as defined in ISO/IEC 7816-6 (see How to detect manufacturer from NFC tag using Android? on how to obtain the list). Thus, if you have a limited set of manufacturers (e.g. if you only use MIFARE cards with chips from NXP), you could interpret all UIDs that start with NXP's manufacturer code (0x04) as 7-byte-UIDs. Nevertheless, you should be aware that 4-byte-UIDs are allowed to start with 0x04 as well. Hence, this method is not 100% reliable and may fail for some cases.

  2. The first byte of 4-byte-UIDs must not contain any of the following values: 'x8' (with x != '0'), 'xF'. If you find the first byte to match any of those values, you can assume the UID to consist of 7 bytes.

Community
  • 1
  • 1
Michael Roland
  • 39,663
  • 10
  • 99
  • 206
0

if you can get the ATQA response you can distinguish it. The lower byte of the ATQA shows you how long the UID is. (4/7/10Byte) As far as I know there is no other way to distinguish with 100% assurance

br

ph10
  • 57
  • 6
0

I know its bit late to the party, but for any one who is having the same doubt; the documented way of creating a 7 Byte UID out of 4 Byte UID is in the Annex-6 of this pdf.

In case the page goes down, a shameless rip off from that page is given below. Any and all mistakes if you find in the below code snippet rightfully belongs to NXP guys, not me.

But how do you know whether the tag is a 4 byte or 7 byte uid one?

From the ATQA response. Refer page 15/36 of the document 1 and page 8/15 of document 2 .

In case the document goes down, here is the relevant excerpt from the document 1.

The MF1S50yyX/V1 answers to a REQA or WUPA command with the ATQA value shown in Table 11 and to a Select CL1 command (CL2 for the 7-byte UID variant) with the SAK value shown in Table 12.

Remark: The ATQA coding in bits 7 and 8 indicate the UID size according to ISO/IEC 14443 independent from the settings of the UID usage.

6. Annex, Source code to derive NUID out of a Double Size UID

#include <stdio.h>
#include <conio.h>
#include <stdlib.h>
#include <time.h>
#define BYTE unsigned char
unsigned short UpdateCrc(unsigned char ch, unsigned short *lpwCrc)
{
ch = (ch^(unsigned char)((*lpwCrc) & 0x00FF));
ch = (ch^(ch<<4));
*lpwCrc = (*lpwCrc >> 8)^((unsigned short)ch << 8)^((unsigned
short)ch<<3)^((unsigned short)ch>>4);
return(*lpwCrc);
}
void ComputeCrc(unsigned short wCrcPreset, unsigned char *Data, int
Length, unsigned short &usCRC)
{
unsigned char chBlock;
do {
chBlock = *Data++;
UpdateCrc(chBlock, &wCrcPreset);
} while (--Length);
usCRC = wCrcPreset;
return;
}
void Convert7ByteUIDTo4ByteNUID(unsigned char *uc7ByteUID, unsigned char
*uc4ByteUID)
{
unsigned short CRCPreset = 0x6363;
unsigned short CRCCalculated = 0x0000;
ComputeCrc(CRCPreset, uc7ByteUID, 3,CRCCalculated);
uc4ByteUID[0] = (CRCCalculated >>8)&0xFF;//MSB
uc4ByteUID[1] = CRCCalculated &0xFF; //LSB
CRCPreset = CRCCalculated;
ComputeCrc(CRCPreset, uc7ByteUID+3, 4,CRCCalculated);
uc4ByteUID[2] = (CRCCalculated >>8)&0xFF;//MSB
uc4ByteUID[3] = CRCCalculated &0xFF; //LSB
uc4ByteUID[0] = uc4ByteUID[0]|0x0F;
uc4ByteUID[0] = uc4ByteUID[0]& 0xEF;
}
int main(void)
{
 int i;
 unsigned char uc7ByteUID[7] =
{0x04,0x18,0x3F,0x09,0x32,0x1B,0x85};//4F505D7D

 unsigned char uc4ByteUID[4] = {0x00};

 Convert7ByteUIDTo4ByteNUID(uc7ByteUID,uc4ByteUID);
 printf("7-byte UID = ");
 for(i = 0;i<7;i++)
 printf("%02X",uc7ByteUID[i]);
 printf("\t4-byte FNUID = ");
 for(i = 0;i<4;i++)
 printf("%02X",uc4ByteUID[i]);
 getch();
return(0);
}
Jimson James
  • 2,937
  • 6
  • 43
  • 78
0

If you came here (as I did) to find a proper way to automatically get the UID from a card independent if it is a 4, 7 or 10 byte UID, I do it dynamically as following (found this logic somewhere on the internet but can't find it anymore to give proper credits. 10 Bytes not tested):

(this is C# code and is using winscard.dll under the hood):

public static UInt64 getCardUIDasUInt64()     // *** only for mifare 1k cards ***
    {
        UInt64 UID = 0;
        byte[] receivedUID = new byte[10];  // *** 
        Card.SCARD_IO_REQUEST request = new Card.SCARD_IO_REQUEST();
        request.dwProtocol = (UInt32)Protocol;  // *** use the detected protocol instead of statically assigned protocol type *** // Card.SCARD_PROTOCOL_T1;
        request.cbPciLength = (UInt32)System.Runtime.InteropServices.Marshal.SizeOf(typeof(Card.SCARD_IO_REQUEST));
        
        byte[] sendBytes = new byte[] { 0xFF, 0xCA, 0x00, 0x00, 0x00 }; //get UID command      for Mifare cards
        //byte[] sendBytes = new byte[] { 0xFF, 0xCA, 0x00, 0x00, 0x04 }; //get UID command      for Mifare cards
        
        int receivedBytesLength = receivedUID.Length;
        int status = Card.SCardTransmit(hCard, ref request, ref sendBytes[0], sendBytes.Length, ref request, ref receivedUID[0], ref receivedBytesLength);

        if (status == Card.SCARD_S_SUCCESS)
        {
            if (receivedBytesLength >= 2)
            {
                // do we have an error
                if ((receivedUID[receivedBytesLength - 2] != 0x90) ||
                    (receivedUID[receivedBytesLength - 1] != 0x00))
                {
                    throw new Exception(receivedUID[receivedBytesLength - 2].ToString());
                }
                else if (receivedBytesLength > 2)
                {

                    for (UInt32 i = 0; i != receivedBytesLength - 2; i++)
                    {
                        UID <<= 8;
                        UID |= (UInt64)(receivedUID[i]);
                    };
                       
                }

            }
            else
            {
                throw new Exception(ResourceHandling.getTextResource("Error_Card_Read"));
            }
            
        }

        return UID;
    }

If you need the UID in hex, then use this (in addition to above code):

 public static string getCardUIDasHex()      // *** only for mifare 1k cards ***
 {
    UInt64 cardUID = getCardUIDasUInt64();
    return string.Format("{0:X}", cardUID);               
 }

Maybe this is also of help to someone else as in the internet (also here in SO) there are many places which just read out the 1st four bytes of the UID which is just not correct anymore today.

John Ranger
  • 541
  • 5
  • 18