Forum › MIFARE general topics and applications › Identifying mifare card in wallet application › Reply To: Identifying mifare card in wallet application
Hi Hinko,
Yes, you need to authenticate to a sector before you can read the data blocks. If the authentication fails, it could be another card, but it also could be a simple read error. I would not base the test only on the UID of the card. Specially, for 4-byte UIDs the UID is not unique anymore and the UID can be counterfeited easily.
You must distinguish between retrieving the UID in the anti-collision procedure of the card reader and reading the UID from first data block in sector 0 after authenticating. If you really need the UID to know, you should always read the UID from first data block.
In your case I would use a one-way-function like a hash or a MAC function, put the UID and some other information you only know as input and save the hash in a data block. If you can authenticate it is a strong indication of trust. If the hash value can also be verified, you can accept the card as yours.
The TapLinx team
Yes, you need to authenticate to a sector before you can read the data blocks. If the authentication fails, it could be another card, but it also could be a simple read error. I would not base the test only on the UID of the card. Specially, for 4-byte UIDs the UID is not unique anymore and the UID can be counterfeited easily.
You must distinguish between retrieving the UID in the anti-collision procedure of the card reader and reading the UID from first data block in sector 0 after authenticating. If you really need the UID to know, you should always read the UID from first data block.
In your case I would use a one-way-function like a hash or a MAC function, put the UID and some other information you only know as input and save the hash in a data block. If you can authenticate it is a strong indication of trust. If the hash value can also be verified, you can accept the card as yours.
The TapLinx team
+ 0
|
- 0