NTAG212 Mifare超轻型带认证

时间:2014-03-28 17:25:34

标签: java android authentication nfc mifare

我是NFC Android的新手,我已经被困了几天试图获得 NTAG212 Mifare Ultralight认证的第7页,我已经有了PWD和PACK来做< strong> PWD_AUTH 基于 NTAG212 文档。

我这样做......

//assume password as array of bytes
//assume pack as array of bytes
try{
nfc.connect();
byte[] cmd1 = nfc.transceive(new byte[]{ (byte) 0x30, (byte) 0x00 }); //read the page 0     to make the NFC active
nfc.transceive(new byte[]{
   (byte) 0x1B, //command for PWD_AUTH
   pass[0],
   pass[1],
   pass[2],
   pass[3]
});
byte[] cmd4 = nfc.transceive(new byte[]{ (byte) 0x30, (byte) 0x04 }); //read the page 4
}catch(TagLostException e){
  e.printStackTrace();
}catch(IOException e){
  e.printStachTrace();
}finally{
    try{
        nfc.close();
    }catch(Exception e){
      //display failed to close
    }
}

将PWD_AUTH命令发送到NFC后,我总是收到android.nfc.TagLostException: Tag was lost.错误。有人能告诉我我做错了什么吗?我的方法是否正确?请帮忙。

注意:我已多次阅读NTAG212的文档,搜索了google,stackoverflow和所有可能的资源。

TIA,
Kenster

2 个答案:

答案 0 :(得分:7)

您发送给标记的PWD_AUTH命令没有多大意义。

PWD_AUTH命令的想法是,如果使用正确的密码进行身份验证,则发送密码(4字节值)并且标签以其密码确认(PACK)值(2字节值)进行响应。然后,您可以根据预期密码确认来验证PACK值,以“验证”标签。

所以正确的命令是:

byte[] response = nfc.transceive(new byte[] {
    (byte) 0x1B, // PWD_AUTH
    pass[0], pass[1], pass[2], pass[3]
});
if ((response != null) && (response.length >= 2)) {
   byte[] pack = Arrays.copyOf(response, 2);
   // TODO: verify PACK to confirm that tag is authentic (not really,
   // but that whole PWD_AUTH/PACK authentication mechanism was not
   // really meant to bring much security, I hope; same with the
   // NTAG signature btw.)
}

启用密码保护所需的内容(在NTAG212上):

  1. 将PWD(第39页)设置为所需的密码(默认值为0xFFFFFFFF)。

    byte[] response = nfc.transceive(new byte[] {
        (byte) 0xA2, // WRITE
        (byte) 39,   // page address
        pass[0], pass[1], pass[2], pass[3]
    });
    
  2. 将PACK(第40页,字节0-1)设置为所需的密码确认(默认值为0x0000)。

    byte[] response = nfc.transceive(new byte[] {
        (byte) 0xA2, // WRITE
        (byte) 40,   // page address
        pack[0], pack[1],   // bytes 0-1 are PACK value
        (byte) 0, (byte) 0  // other bytes are RFU and must be written as 0
    });
    
  3. 将AUTHLIM(第38页,字节0,位2-0)设置为密码验证尝试失败的最大次数(将此值设置为0将允许无限次数的PWD_AUTH尝试)。

    < / LI>
  4. 将PROT(第38页,字节0,位7)设置为所需的值(0 =仅在写访问时需要PWD_AUTH,1 =读和写访问需要PWD_AUTH)。

    byte[] response = nfc.transceive(new byte[] {
        (byte) 0x30, // READ
        (byte) 38    // page address
    });
    if ((response != null) && (response.length >= 16)) {  // read always returns 4 pages
        boolean prot = false;  // false = PWD_AUTH for write only, true = PWD_AUTH for read and write
        int authlim = 0; // value between 0 and 7
        response = nfc.transceive(new byte[] {
            (byte) 0xA2, // WRITE
            (byte) 38,   // page address
            (byte) ((response[0] & 0x078) | (prot ? 0x080 : 0x000) | (authlim & 0x007)),
            response[1], response[2], response[3]  // keep old value for bytes 1-3, you could also simply set them to 0 as they are currently RFU and must always be written as 0 (response[1], response[2], response[3] will contain 0 too as they contain the read RFU value)
        });
    }
    
  5. 将AUTH0(第37页,第3页)设置为需要密码验证的第一页。

    byte[] response = nfc.transceive(new byte[] {
        (byte) 0x30, // READ
        (byte) 37    // page address
    });
    if ((response != null) && (response.length >= 16)) {  // read always returns 4 pages
        boolean prot = false;  // false = PWD_AUTH for write only, true = PWD_AUTH for read and write
        int auth0 = 0; // first page to be protected, set to a value between 0 and 37 for NTAG212
        response = nfc.transceive(new byte[] {
            (byte) 0xA2, // WRITE
            (byte) 37,   // page address
            response[0], // keep old value for byte 0
            response[1], // keep old value for byte 1
            response[2], // keep old value for byte 2
            (byte) (auth0 & 0x0ff)
        });
    }
    
  6. 如果您使用MifareUltralight代码技术,而不是直接使用transceive方法,您还可以使用readPageswritePage方法:

    • READ命令

      byte[] response = nfc.transceive(new byte[] {
          (byte) 0x30,                  // READ
          (byte) (pageAddress & 0x0ff)  // page address
      });
      

      等于

      byte[] response = nfc.readPages(pageAddress);
      
    • WRITE命令

      byte[] data = { (byte)..., (byte)..., (byte)..., (byte)... };
      byte[] response = nfc.transceive(new byte[] {
          (byte) 0xA2,                  // WRITE
          (byte) (pageAddress & 0x0ff), // page address
          data[0], data[1], data[2], data[3]
      });
      

      等于

      nfc.writePage(pageAddress, data);
      

答案 1 :(得分:0)

PWD_AUTH 操作期间发送错误密码时会得到 PWD_AUTH

确保在 PWD 操作中发送的 4 字节密码与您使用常规 WRITE 操作设置标签的 keytool -list -v -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore 字段时使用的密码相匹配。