I would like to store data in an NFC tag in a secure way to avoid copying, but I would like the tag to be affordable and supported by most devices (smartphones).
The NTag21x seems better than the classic Mifare whose algorithm has been corrupted. But is it possible with this one to lock part of the data by leaving an NDef record accessible for reading?
Is the NTag21x secure? I saw that his password was 32bits, it seems easy to break with a dictionary, am I wrong?
On the other hand, after a lot of research I can't really find any detailed documentation on the subject. I don't understand how a reader can tell the difference between the different tags, and what they have in common at the communication protocol level, how to detect a type of tag, know if I can support it in my application. I would like to make a C# / Xamarin application.
CodePudding user response:
You need to read the datasheet for the tag.
Section 8.5.7 and allows you with the AUTH0
field to set the first page at which the password is used from.
Thus the first part of the Tag can be readable and later pages can be read/write protected. As long as the tag is big enough to store Ndef message at the beginning of the Tag and your private data at the end of the Tag without using overlapping pages you can achieve free to read and password protected data.
You can also set the AUTHLIM
to set the maximum number of negative password verification attempts so that it is not possible to brute force the password.
To configure these features you need to write to the appropriate memory pages using the low level NfcA transceive
commands detailed in the datasheet.
The biggest problem you have with password protection is if you freely hand out an App that uses the password as it is trivial to reverse engineer the password from the JVM byte code that uses it.
You don't really need to know the different Tags are identified but having a good understanding of how the different levels of protocols and standards fit together is key, this is where this diagram from wikipedia is good.