1

I would like to store data in an NFC tag in a secure way to avoid copying, but I would like the tag to be affordable and supported by most devices (smartphones).

The NTag21x seems better than the classic Mifare whose algorithm has been corrupted. But is it possible with this one to lock part of the data by leaving an NDef record accessible for reading?

Is the NTag21x secure? I saw that its password was 32 bits, and it seems easy to break with a dictionary. Am I wrong?

On the other hand, after a lot of research I can't really find any detailed documentation on the subject. I don't understand how a reader can tell the difference between the different tags, and what they have in common at the communication protocol level, how to detect a type of tag, and know if I can support it in my application. I would like to make a C# / Xamarin application.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Mayzz
  • 116
  • 1
  • 9

1 Answers1

1

You need to read the datasheet for the tag.

It is section 8.5.7 and allows you to set the first page with the AUTH0 field at which the password is used from.

Thus the first part of the tag can be readable and later pages can be read/write protected. As long as the tag is big enough to store Ndef message at the beginning of the tag and your private data at the end of the tag without using overlapping pages, you can achieve free-to-read and password-protected data.

You can also set the AUTHLIM to set the maximum number of negative password verification attempts, so that it is not possible to brute force the password.

To configure these features, you need to write to the appropriate memory pages using the low level NfcA transceive commands detailed in the datasheet.

The biggest problem you have with password protection is if you freely hand out an app that uses the password as it is trivial to reverse engineer the password from the JVM byte code that uses it.

You don't really need to know how the different tags are identified, but having a good understanding of how the different levels of protocols and standards fit together is key, and this is where this diagram from Wikipedia is good.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Andrew
  • 8,198
  • 2
  • 15
  • 35
  • Thank you for this information, it helps me a lot. For password security, it will not be stored by the application, but retrieved from a server. Obviously, the memory of the program can always be read... – Mayzz Feb 25 '22 at 18:51
  • It is also possible with the right hardware to listen in on the password being transmitted to the NFC Tag or sent it by you App to an emulated Tag. Or fake the right network request to get the server send you the password or modify the App to show the password, lots of ways around password protection. – Andrew Feb 25 '22 at 19:03
  • 1
    While it is very difficult to totally secure cards like these you can make it more difficult, another thing that would make it more difficult would be transmitting the `PACK` back to the server as well for verification, and you make sure that private data/pack is unique then you might get some data about if a Tag has been cloned. – Andrew Feb 25 '22 at 19:22
  • Indeed the PACK as acknowledgment of receipt is a very good idea. As for the listening between the application and the server, the channel will be secured by SSL. On the other hand, we cannot actually do much if the password is transmitted in clear text during the NFC authentication. If the hacker has the password, then he will have the PACK and will send it to the server. I guess for NTags it is and the communications don't go through SSL. But it still limits hacking attempts. The user must be in possession of the tag, and must have specific listening equipment. – Mayzz Feb 25 '22 at 21:14
  • As recently shown with an Apple iPhone it was easy enough to implement a man in the middle attack on Nfc payment transactions with 2 Android phones with custom software and do it while the iPhone was locked as well (iPhone Bug for the while locked part). So a man in the middle type attack can easily get the password and pack. Hopefully you are not trying to verify something high value that make it worth going to the effort of this type of attack. – Andrew Feb 25 '22 at 21:58
  • The elements that I wish to identify via the tags may have a certain value, but the tag will not be the currency of exchange. I'm just trying to limit copying as much as possible. Apparently the Mifare Desfire is best placed for this job, but I would like the price of the tag to remain affordable and the problem is that the number of formats is very limited. Found only in the form of pellets or Keyfob – Mayzz Feb 26 '22 at 23:34
  • I think with the higher end tags like the desfire there is better supply chain control so less likely to get clones and Tags pre UID setting. Also NXP do have what they call Tamper Control tags like https://www.nxp.com/docs/en/fact-sheet/NTAG213TTLF.pdf and https://www.nxp.com/products/rfid-nfc/nfc-hf/ntag-for-tags-labels/ntag-424-dna-424-dna-tagtamper-advanced-security-and-privacy-for-trusted-iot-applications:NTAG424DNA if that helps with security – Andrew Feb 27 '22 at 00:00
  • Also because of the supply chain issues and clone Tags that Ntag 213 and others have a `READ_SIG` command to "returns an IC specific, 32-byte ECC signature, to verify NXP Semiconductors as the silicon vendor", but how to verify this signature is under NDA I believe to get the key to decrypt the signature to verify it's not a clone tag. Which might be worth doing – Andrew Feb 27 '22 at 00:20