5

I'm trying to authenticate a Mifare Ultralight C (ISO/IEC 14443-2 and 14443-3 type A compatible) tag.

I send the authentication command with the MifareUltralight.transceive() function provided in Android. I have also checked NfcA.transceive() (IsoDep seems not to be compatible with this kind of tag because this object is for dealing with ISO/IEC 14443-4 tags and that's why I don't use IsoDep.transceive()).

So, when I first send the authentication request command the tag answers the transceive() with AFxxxx..... where I process the tag answer and then I send another transceive() with the response to that answer but... just before sending the transceive() the tag is connected, when it's sent I get a "tag was lost" warning and a "transceive failed".

Also, if I try it with NfcA the same problem happens.

Finally, if I try to send one authentication command after the first one response I get also a "Tag was lost" warning with the transceive fail.

So my question is:

Why does the NFC tag get lost when I send the second transceive()?<<

(It doesn't seem to be a timeout problem because just before sending the second transceive() the connection is open with the tag) I made all the stuff in a different Thread from the UI one.

Thanks in advance!

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Miguel
  • 53
  • 1
  • 6
  • My guess is that response (the second send) doesn't authenticate properly and the tag never responds, thus looking to the phone like the tag was lost. Try writing (4 byte writes) a number of times and see if that works. It would be transcieve(0xA2, 0x06, 0x01, 0x02, 0x03, 0x04) where the 0x06 is the page number. If that works then your attempt at authenticating would be what's wrong. – Ben Ward Mar 12 '12 at 20:56
  • First, thanks for your reply :). After reading it I think that you could be right and the problem could be that my reply to the authentication is incorrect, so I'll try what you suggested me to know if this makes sense. But, seems to be a good point of view. Thanks again! ;) I'll post here if writing a number of times was ok as soon as I implement it. – Miguel Mar 13 '12 at 09:31
  • Yes, after making several writings it works, so it seems to be a problem with my authentication request. Thanks for your help, I'll check my request procedure to find which's the problem. Thanks for your help! :) – Miguel Mar 13 '12 at 09:52
  • I was reviewing my authentication algorithm and I found one premise which could be wrong. I use as the default authentication key all "0h". Could that be the problem? - Thanks in advance! – Miguel Mar 15 '12 at 16:04
  • I have been unable to find information about communicating with Mifare Ultralight C on transceive level or authenticating. Can anyone post some material? – endre Apr 26 '12 at 13:56

2 Answers2

3

Your approach seems to be correct. However, the tag's behaviour indicates that your response to the tag's answer was incorrect. In that case, the tag refuses to answer. From the phone's point of view this is indistinguishable from the tag having disappeared, so you get a TagLostException.

NFC guy
  • 10,151
  • 3
  • 27
  • 58
  • Yes, maybe you're right, i'll try to make the consecutive writings that Ben suggested and we will get the tuth of my error. Thanks for your reply NFC guy! – Miguel Mar 13 '12 at 09:35
  • You have reason, I'll check my authentication procedure to find what's wrong! Thanks for yout help :) – Miguel Mar 13 '12 at 09:54
  • I was reviewing my authentication algorithm and I found one premise which could be wrong. I use as the default authentication key all "0h". Could that be the problem? - Thanks in advance! – Miguel Mar 15 '12 at 16:06
  • That depends on where/how you got your Ultralight C. I have seen demonstration samples with different keys. I suggest you request an Application Note from the manufacturer showing a step by step walk-through of the authentication that will allow you to verify the correctness of your own implementation. Debugging cryptographic code by trial and error is unlikely to succeed and in any case very cumbersome (been there, done that ;) – NFC guy Mar 15 '12 at 21:17
  • Lets close the topic, i found the solution some time ago, tags had a key but is given under NDA conditions and is not "0h" so I cannot say here how to authenticate, but finally it was sucessfully implemented. Thanks for all your support! – Miguel Aug 02 '12 at 13:40
  • How could I mark this topic as resolved or closed? I don't find the form or doing it hehe. – Miguel Aug 02 '12 at 13:45
  • @Miguel There's a link to close your own question under the list of tags (I don't remember if it requires a certain amount of rep, but I believe anyone can close their own questions) but I would recommend instead simply accept this answer if it helped you, or write your own answer and accept that one if you found your own solution, *rather* than simply closing the question – Nick Aug 02 '12 at 13:48
  • Well I would like to say how to make the authentication, buy I cannot because I found the required information to authenticate under NDA (Non-disclosure agreement), so I can't :( – Miguel Sep 07 '12 at 15:56
  • Miguel - I am also trying to authenticate with a MiFare Ultralight C and I *am* also under NDA with full access to the DocStore. I have the full data sheet and the AppNote on DESFire Hints and Tips. Nonetheless I am still unable to authenticate with my tags. I can write to tags and read what I wrote, so I'm sure it's not my test phone. I would dearly love some input from someone else who is in a position to give me a hand (i.e., someone else under the NDA). Any chance you could help me figure out what I'm doing wrong ? – Matt Redmond Oct 25 '13 at 15:41
0

For me It was the same issue ,but then It solved in weird way

step 1: pass1 1A00 command to card

step 2: able to retrieve pass1 response challenge

step 3: Algo computation step Arbitrary (tag lost at this point assuming) and getting a sound kind of tag lost from device

Step 4: pass 2 with AFxxxxx throws exception transceive failed, but by then If I check Tag lost already!!!

I after struggling few days, one of my collogue asked me to try to reduce any delay between pass1 to pass2, it was taking almost 1-1.5 sec and in between it was failing so.

I removed any logs writing in between and made simple quick call after pass1 within 500mili sec , here we go weirdo WORKING FINE !!!!

It could be having some reason in card technology has some security purpose or I don't know still trying to investigating.

Hope this would be helpful.

satya ram
  • 1