Background information
I was studying Mifare Classic 1K (S50) protocols. Most of the data come from this document.
I found that authentication command is 60 (with keyA) or 61 (with keyB) followed by 1 byte of address (two bytes of CRC is ignored in this question). The address is the block number of the block you want to access. For example, Mifare Classic 1K has 16 sectors with 4 blocks in each sector. This gives a total of 64 blocks.
If I want to authenticate for block 3 in Sector 0, the address should be 0 * 4 3 = 3
which is 0x03; if I want to authenticate for block 2 in sector 12, the address should be 12 * 4 2 = 50
which is 0x32. Any address greater than or equal to 64 (0x40) should be rejected because Mifare 1K does not have that many blocks.
However, I have noticed that data blocks can be configured as value blocks. In the end of a block the 4 bytes are the address value (3 out of 4 bytes are backup values for the address).
Question
I am confused but I can't actually test it: If I set the address of a value block (let's say it is block 2 of sector 12, which is 0x32) to be 0x41, could I authenticate this block by sending the command 0x60 0x41
? If I could, can I still authenticate this block by sending 0x60 0x32
?
Thank you in advance! If my description is confusing please leave a message!
CodePudding user response:
No, the authentication does not change by setting the address bytes, consider the address bytes as an informational addition to the stored value.
Nothing in Mifare protocol will resolve the address or do something with the data pointed to automatically. The byte is just a hint for an intelligent application, where to look in fallback-case of desaster.