1

I am working on an Android project which relies on the unique UID of a discovered NFC tag to process the tag. I extract this UID using the following code:

byte[] extraID = intent.getByteArrayExtra(NfcAdapter.EXTRA_ID);

However, for some technologies this UID is randomly generated for security purposes. Does anybody have an idea how I could detect that this is a randomly generated UID? Is there some kind of flag that is set?

note: a simple solution would be to read the tag twice and compare the UIDs. However, I would like to avoid this.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Pierto
  • 45
  • 1
  • 5

2 Answers2

4

For NfcA (and IsoDep and/or MifareClassic combined with NfcA), the ID is random if it exactly 4 bytes long and starts with 0x08. There are some cards (MIFARE DESFire) that can be configured with a random ID that is 4 bytes long and starts with 0x80.

For NfcB (and IsoDep combined with NfcB), there is no predetermined ID range that is reserved for random IDs. In fact, any NfcB ID can be a random one. The NfcB ID is actually called PUPI, which stands for "Pseudo Unique PICC Identifier". So the name already indicates that uniqueness is not guaranteed.

For NfcF and NfcV, the ID will generally not be random.

Reading the tag twice to detect a random ID only works if you remove the tag from the RF field. A tag will usually keep the same random ID as long as it stays powered by the Rf field.

NFC guy
  • 10,151
  • 3
  • 27
  • 58
  • 1
    This is actually a bit surprising. Of what use is a UID if it changes each time I read it? – zundi Aug 03 '15 at 15:26
-1

This RFC: https://www.rfc-editor.org/rfc/rfc4122#section-4.1.3 defines the format of a UID; it includes a field indicating what type of UID it is:

 Msb0  Msb1  Msb2  Msb3   Version  Description

    0     0     0     1        1     The time-based version
                                     specified in this document.

    0     0     1     0        2     DCE Security version, with
                                     embedded POSIX UIDs.

    0     0     1     1        3     The name-based version
                                     specified in this document
                                     that uses MD5 hashing.

    0     1     0     0        4     The randomly or pseudo-
                                     randomly generated version
                                     specified in this document.

    0     1     0     1        5     The name-based version
                                     specified in this document
                                     that uses SHA-1 hashing.
Community
  • 1
  • 1
jimw
  • 2,548
  • 15
  • 12