如何在 MIFARE Ultralight EV1 标签上设置和取消设置密码? [英] How to set and unset password on a MIFARE Ultralight EV1 tag?
问题描述
我希望能够在 Android 上使用 NfcA? 标签技术对 MIFARE Ultralight EV1 (MFOUL21) 标签设置和取消密码保护.
我知道我会为此使用 nfcA.transceive() 方法,但我不确定该方法的参数是什么,所以任何人都可以提供代码片段来设置和取消设置密码?
更新:
关于 TapLinx 库,我基本上希望 nfcA.transceive(...) 代码片段相当于:
ultralightEV1.programPwd(passwordBytes);ultralightEV1.programPack(packBytes);ultralightEV1.enablePasswordProtection(enabled, fromPageNum);ultralightEV1.authenticatePwd(passwordBytes);
认证
<块引用>ultralightEV1.authenticatePwd(passwordBytes);
为了使用 MIFARE Ultralight EV1 标签(或 NTAG21x)的密码进行身份验证,您需要发送 PWD_AUTH (0x1B) 命令(并可能验证 PACK 响应是否符合您的期望):
byte[] pass = { (byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78 };byte[] pack = { (byte)0x9A, (byte)0xBC };字节[]响应= nfc.transceive(新字节[] {(byte) 0x1B,//PWD_AUTH通过[0],通过[1],通过[2],通过[3]});if ((response != null) && (response.length >= 2)) {//成功byte[] packReceived = Arrays.copyOf(response, 2);if (Arrays.equal(packReceived, pack)) {//PACK 验证,所以标签是真实的(不是真的,而是整个//PWD_AUTH/PACK 身份验证机制并不是真正的意思//带来很多安全,我希望;顺便说一句,与 NTAG 签名相同.)}}设置密码和密码确认
<块引用>ultralightEV1.programPwd(passwordBytes);ultralightEV1.programPack(packBytes);
对于 MF0UL11,密码在 0x12 页,密码确认 (PACK) 在 0x13 页(配置页从 0x10 开始).对于 MF0UL21,密码在 0x27 页,密码确认 (PACK) 在 0x28 页(配置页从 0x25 开始).
为了动态确定您的标签是 MF0UL11 还是 MF0UL21,您可以发送 GET_VERSION (0x60) 命令:
int cfgOffset = -1;字节[]响应= nfc.transceive(新字节[] {(字节)0x60//GET_VERSION});if ((response != null) && (response.length >= 8)) {//成功if ((response[0] == (byte)0x00) && (response[1] == (byte)0x04)) {//标签来自NXP如果(响应[2] ==(字节)0x03){//MIFARE 超轻if ((response[4] == (byte)0x01) && (response[5] == (byte)0x00) {//MIFARE 超轻 EV1 (V0)开关(响应[6]){案例(字节)0x0B://MF0UL11cfgOffset = 0x010;休息;案例(字节)0x0E://MF0UL11cfgOffset = 0x025;休息;默认://未知休息;}}}}}找到配置页面的开头后,您可以使用 WRITE (0xA2) 命令更新这些页面的值(假设您使用当前密码进行身份验证,而配置页面不受保护):
byte[] response = nfc.transceive(new byte[] {(字节) 0xA2,//写(byte)((cfgOffset + 2) & 0x0FF),//页面地址pass[0], pass[1], pass[2], pass[3]//新的页面数据});响应 = nfc.transceive(新字节 [] {(字节) 0xA2,//写(byte)((cfgOffset + 3) & 0x0FF),//页面地址pack[0], pack[1], (byte)0x00, (byte)0x00//新页数据(总是需要写整页)});启用密码保护
<块引用>ultralightEV1.enablePasswordProtection(enabled, fromPageNum);
为了启用密码保护,您需要配置需要密码的第一页(AUTH0,MF0UL11 的第 0x10 页上的字节 3/MF0UL21 的第 0x25 页上的字节)并且您需要配置保护模式(PROT,第 7 位)MF0UL11 的第 0x11 页上的字节 0/MF0UL21 的第 0x26 页).
您通常会首先读取(READ (0x30) 命令)这些页面的旧值,更新受影响的位和字节,然后将新值写入标签:
int fromPageNum = 4;布尔启用保护=真;boolean enableReadProtection = true;字节[]响应= nfc.transceive(新字节[] {(byte) 0x30,//读(byte)(cfgOffset & 0x0FF)//页面地址});if ((response != null) && (response.length >= 16)) {//成功//注意 READ 将返回从页地址开始的 *4 页*字节auth0 =(字节)0xFF;if (enableProtection || enableReadProtection) {auth0 = (byte)(fromPageNum & 0x0FF);}byte[] writeResponse = nfc.transceive(new byte[] {(字节) 0xA2,//写(byte)((cfgOffset + 0) & 0x0FF),//页面地址response[0], response[1], response[2], auth0//新页面数据});字节访问 = (byte)(response[4] & 0x07F);if (enableProtection && enableReadProtection) {访问|=(字节)0x80;}byte[] writeResponse = nfc.transceive(new byte[] {(字节) 0xA2,//写(byte)((cfgOffset + 1) & 0x0FF),//页面地址access, response[5], response[6], response[7],//新页面数据});}I would like to be able to set and unset password protection on a MIFARE Ultralight EV1 (MFOUL21) tag using the NfcA? tag technology on Android.
I understand I would use the nfcA.transceive() method for this, but I'm not sure what the arguments to that method would be, so could anyone provide code snippets to set and unset the password?
Update:
With respect to the TapLinx library, I would basically like the nfcA.transceive(...) code snippets equvalent to:
ultralightEV1.programPwd(passwordBytes);ultralightEV1.programPack(packBytes);ultralightEV1.enablePasswordProtection(enabled, fromPageNum);ultralightEV1.authenticatePwd(passwordBytes);
Authenticate
ultralightEV1.authenticatePwd(passwordBytes);
In order to authenticate with the password to a MIFARE Ultralight EV1 tag (or NTAG21x), you would need to send the PWD_AUTH (0x1B) command (and possibly verify if the PACK response matches your expectations):
byte[] pass = { (byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78 };
byte[] pack = { (byte)0x9A, (byte)0xBC };
byte[] response = nfc.transceive(new byte[] {
(byte) 0x1B, // PWD_AUTH
pass[0], pass[1], pass[2], pass[3]
});
if ((response != null) && (response.length >= 2)) {
// success
byte[] packReceived = Arrays.copyOf(response, 2);
if (Arrays.equal(packReceived, pack)) {
// PACK verified, so tag is authentic (not really, but that whole
// PWD_AUTH/PACK authentication mechanism was not really meant to
// bring much security, I hope; same with the NTAG signature btw.)
}
}
Set password and password-acknowledge
ultralightEV1.programPwd(passwordBytes); ultralightEV1.programPack(packBytes);
For MF0UL11, the password is on page 0x12 and the password-acknowledge (PACK) is on page 0x13 (configuration pages start at 0x10). For MF0UL21, the password is on page 0x27 and the password-acknowledge (PACK) is on page 0x28 (configuration pages start at 0x25).
In order to dynamically find out if your tag is MF0UL11 or MF0UL21, you could send a GET_VERSION (0x60) command:
int cfgOffset = -1;
byte[] response = nfc.transceive(new byte[] {
(byte) 0x60 // GET_VERSION
});
if ((response != null) && (response.length >= 8)) {
// success
if ((response[0] == (byte)0x00) && (response[1] == (byte)0x04)) {
// tag is from NXP
if (response[2] == (byte)0x03) {
// MIFARE Ultralight
if ((response[4] == (byte)0x01) && (response[5] == (byte)0x00) {
// MIFARE Ultralight EV1 (V0)
switch (response[6]) {
case (byte)0x0B:
// MF0UL11
cfgOffset = 0x010;
break;
case (byte)0x0E:
// MF0UL11
cfgOffset = 0x025;
break;
default:
// unknown
break;
}
}
}
}
}
Once you found the begin of the configuration pages, you can use a WRITE (0xA2) command to update the values of those pages (assuming you are authenticated with the current password otr the configuration pages are unprotected):
byte[] response = nfc.transceive(new byte[] {
(byte) 0xA2, // WRITE
(byte)((cfgOffset + 2) & 0x0FF), // page address
pass[0], pass[1], pass[2], pass[3] // new page data
});
response = nfc.transceive(new byte[] {
(byte) 0xA2, // WRITE
(byte)((cfgOffset + 3) & 0x0FF), // page address
pack[0], pack[1], (byte)0x00, (byte)0x00 // new page data (always need to write full page)
});
Enable password protection
ultralightEV1.enablePasswordProtection(enabled, fromPageNum);
In order to enable password protection, you need to cofigure the first page that requires the password (AUTH0, byte 3 on page 0x10 for MF0UL11/page 0x25 MF0UL21) and you need to configure the protection mode (PROT, bit 7 of byte 0 on page 0x11 for MF0UL11/page 0x26 MF0UL21).
You would typically first read (READ (0x30) command) the old value of those pages, update the affected bits and bytes, and write the new value to the tag:
int fromPageNum = 4;
boolean enableProtection = true;
boolean enableReadProtection = true;
byte[] response = nfc.transceive(new byte[] {
(byte) 0x30, // READ
(byte)(cfgOffset & 0x0FF) // page address
});
if ((response != null) && (response.length >= 16)) {
// success
// NOTE that READ will return *4 pages* starting at page address
byte auth0 = (byte)0xFF;
if (enableProtection || enableReadProtection) {
auth0 = (byte)(fromPageNum & 0x0FF);
}
byte[] writeResponse = nfc.transceive(new byte[] {
(byte) 0xA2, // WRITE
(byte)((cfgOffset + 0) & 0x0FF), // page address
response[0], response[1], response[2], auth0 // new page data
});
byte access = (byte)(response[4] & 0x07F);
if (enableProtection && enableReadProtection) {
access |= (byte)0x80;
}
byte[] writeResponse = nfc.transceive(new byte[] {
(byte) 0xA2, // WRITE
(byte)((cfgOffset + 1) & 0x0FF), // page address
access, response[5], response[6], response[7], // new page data
});
}
这篇关于如何在 MIFARE Ultralight EV1 标签上设置和取消设置密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
