Friday, March 18, 2011

Observations of MIFARE Classic 4K Card

Recently I am developing an application for Windows environment with smartcard, and below are some notes I would like to make about MIFARE Classic 4K card:

  • Block 0 is not writable. It contains card ID and information stored by manufacturer
  • Blocks are divided into sectors, and each sector contains one trailer block
  • Trailer block stored keys to authenticate the sector it belongs and attributes which decide access right to the sector
  • Handling the trailer block not carefully may lead to all rights to that sector disabled, and I have successfully (or I should say accidentally...) locked the whole sector 0. However, as the GetID command is still functional, that command should be using some other way to read the ID from block 0 / some hidden block?
  • As trailer block stores the authentication keys of its sector, updating them means changing the authentication keys. Location of keys: first 6 bytes -> Type A; last 6 bytes: Type B
  • Reading/Writing a data block requires authentication beforehand
  • Authenticating one block is equivalent to authenticate the whole sector
  • Only one sector can be authenticated at any time. E.g. If you authenticate sector 2 after authenticating sector 1, you can now only access sector 2 but not sector 1. In order to access sector 1, you have to authenticate sector 1 again.
  • The above does not only apply to one single application. i.e. If application A authenticated sector 1 and then application B authenticate sector 2, application A will not be able to access sector 1 without authenticating sector 1 again.