flipperzero-firmware icon indicating copy to clipboard operation
flipperzero-firmware copied to clipboard

Published 20 hours ago verified publisher icon flipperdevices

Mifare Ultralight authentication

Open ezhevita opened this issue 2 years ago • 6 comments

What's new

  • Adds authentication for Mifare Ultralight tags and some algorithms to generate password based on UID of the tag.

Supported algorithms:

  • Amiibo
  • Xiaomi Purifier
  • Default (0xFFFFFFFF)

Verification

  • Read an ultralight tag with password generated by one of the algorithms (Amiibo is fine) - it should be read successfully

Checklist (For Reviewer)

  • [ ] PR has description of feature/bug or link to Confluence/Jira task
  • [ ] Description contains actions to verify feature/bugfix
  • [ ] I've built this code, uploaded it to the device and verified feature/bugfix

ezhevita avatar Jul 04 '22 21:07 ezhevita

Exceeding negative auth limit counter is definitely a risk. If you want to try authenticating, best start with positively identifying which tag type it is, figure out where its config pages are, and read AUTH0 and AUTHLIM, skipping authentication if AUTH0 is past the last page. Reference NXP NFC TagInfo for behavior: usually if there's no AUTHLIM it'll try factory default password and display it in dump together with the PACK, but will not attempt at all if it can't read the config page or if AUTHLIM is set.

Code-wise, I would suggest moving authentication out of the page read function for separation of concerns, and you also need to check whether authentication is actually supported before attempting to send the command.

GMMan avatar Jul 05 '22 13:07 GMMan

and read AUTH0 and AUTHLIM

Sadly, pages where they are located may be protected, so we can only try reading them and hope they are accessible. I would suggest asking for user permission if those are not available.

ezhevita avatar Jul 05 '22 21:07 ezhevita

and read AUTH0 and AUTHLIM

Sadly, pages where they are located may be protected, so we can only try reading them and hope they are accessible. I would suggest asking for user permission if those are not available.

I will discuss with our UX team and come back with our solution later

gornekich avatar Jul 06 '22 09:07 gornekich

Hello @ezhevita We decided to add "Extra Actions" in main NFC menu to give users option to read locked card with chosen password. I will finish NFC design rework #1364 and then we can merge your PR after small rework

gornekich avatar Jul 14 '22 17:07 gornekich

Hello @ezhevita ! Let me share with you our new NFC design: https://miro.com/app/board/uXjVOlznagk=/ First iteration of new design is in dev now however It's not completely equivalent to MIRO reference yet. I want to discuss new approach for reading locked Mf Ultralight and NTAGs. We want to read as much as possible data from locked cards and notify user that flipper couldn't read all pages. After that we want to save all data that we managed to read. I think we should add new line in Flipper File Format for Mf Ultralight / NTAG, with how many pages were read. Then in extra actions we will add new option for reading locked cards with generated or manually entered password. (Not in MIRO yet)

It seems like a lot of work has to be done. However we can't merge your PR and refactor code, because users can brick their cards. Please, let me know if you want to rework your PR to meet mentioned requirements. If you won't, please let me use your code to write everything myself.

gornekich avatar Jul 27 '22 15:07 gornekich

Hello! Sure thing, I'll try to rework this in the nearest future - I have already started moving authentication part to extra actions.

ezhevita avatar Jul 27 '22 15:07 ezhevita