MIFARE只读&同时写受保护的块? [英] MIFARE read-only & write protected block at the same time?
问题描述
哪些MIFARE卡支持一个块,可以将其编程为需要密码才能写入,但每个人都可以读取它的数据?并且在所有平台(特别是iOS)上均符合此类标准.它可以使用其NFC芯片在该卡上执行上述两项操作吗?
Which of MIFARE cards support a single block that can be programmed to require a password for writing, but is available to everyone for reading its data? And is such standard eligible on all platforms, specifically iOS. Can it use its NFC chip for doing both mentioned operations on such card?
推荐答案
MIFARE产品系列中的很多产品 1 允许使用身份验证密钥/密码进行写保护的信息(同时可以自由读取该信息):
There are quite a few products in the MIFARE product family1 that would allow write-protecting information with an authentication key/password (while at the same time having that information freely readable):
- MIFARE Ultralight EV1:32位明文密码验证,该密码可用作写密码(自由读取,已认证"写)或用作读/写密码(仅已认证"读/写).不能为单个块设置密码,只能从特定的偏移量开始为所有块设置一个密码.请注意,恩智浦的许多NTAG产品也具有这些功能.
- MIFARE Ultralight C:与上述功能类似,但是使用2键TDES具有更强的身份验证机制.
- MIFARE Classic:每个扇区可以具有单独的密钥.您始终需要用于读写的键.
- MIFARE DESFire EV1:不是按块组织,而是按文件组织.每个文件可以具有多个用于读取保护和/或写入保护的密钥集.因此,您可能拥有一个可自由读取但需要密钥才能写入的文件.
您的第二个要求"在所有平台上都符合这样的标准,尤其是iOS ",回答起来有点复杂:首先,在iOS中无法写入NFC标签(除了加上一些越狱?)因此,我会解释为:哪些标签支持写保护并且可以在iOS设备上读取?
Your second requirement, "is such standard eligible on all platforms, specifically iOS", is a bit more complex to answer: First of all, writing to NFC tags is not possible in iOS (except with some jailbreak?) Hence, I would interpret that as: What tags support write-protection and can be read with an iOS device?
iOS设备只能从已经包含NDEF消息的NFC论坛标签中读取.此外,由于NFC论坛标签规范尚未(还?)定义访问NDEF数据的身份验证方式,因此所有数据都需要可自由读取.
iOS devices can only read from NFC Forum tags that already contain an NDEF message. Moreover, since the NFC Forum tag specifications do not (yet?) define a way to have authentication for accessing NDEF data, all data needs to be freely readable.
因此,可以使用上述所有内容,但可能适用于MIFARE Classic.您将需要格式化标签以包含NDEF消息.
Hence, all of the above, except probably for MIFARE Classic, can be used. You will need to format the tags to contain an NDEF message.
例如,您可以使用Ultralight C/EV1标签,在其上存储NDEF消息,然后为存储NDEF数据的区域(即所有页面> = 3)设置写保护.但是,仅对特定块添加写保护将不起作用.您可以通过以下方式来编写NDEF消息:将写保护的部分放在NDEF消息的末尾,位于Ultrlaight标签的块边界处.然后,您可以仅对该特定块(以及所有更高但未使用的块)添加写保护.不幸的是,这为NDEF消息的大小字段上的潜在操作开辟了新的可能(从数据中切掉该写保护的块).因此,从安全角度来看,对NDEF消息进行部分写保护可能不是一个好主意.
For instance, you could use a Ultralight C/EV1 tag, store an NDEF message onto it and then set write-protection for the area where the NDEF data is stored (i.e. all pages >= 3). However, only adding write-protection for a specific block won't work. You may be able to craft your NDEF message in a way that the write-protected part sits at the end of the NDEF message at a block boundary of the Ultrlaight tag. Then you could add write protection for only that specific block (and all higher, but unused, blocks). Unfortunately, this opens up for potential manipulations on the size fields for the NDEF message (chopping off that write protected block from the data). Hence, partial write protection of the NDEF message might not be a good idea from a security perspective.
与上述类似,您也可以使用DESFire EV1.当用作NFC论坛标签时,NDEF消息存储在单个文件中.因此,您可以限制使用身份验证密钥对该文件的写入.
Similarly to the above, you could also use DESFire EV1. When used as an NFC Forum tag, the NDEF message is stored in a single file. Therefore, you could restrict writing to that file with an authentication key.
由于iOS无法写入标签,因此您可能会使用其他平台将更新写入标签.例如,Android能够将身份验证所需的低级命令发送到上述任何标签.同样,许多基于PC的阅读器都支持此功能(尽管DESFire通常在那里有更好的支持).
As iOS can't write to the tags, you will probably use another platform to write updates to the tags. Android, for instance, is capable of sending the low-level commands necessary for authentication to any of the above tags. Similarly, many PC based readers support this (though DESFire usually has better support there).
1 )请注意,还有其他产品(甚至来自其他制造商)也提供类似的功能.
1) Note that there is other products (even from other manufacturers) as well that provide similar capabilities.
这篇关于MIFARE只读&同时写受保护的块?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
