Forum / MIFARE general topics and applications / What is MIFARE Classic 1K Access Bits means? How to calculate and use it?
Tagged: MIFARE 1k
-
Hi,
I already have 32 Key combination. I am going to use 16 key as a KEY A and another 16 keys as a KEY B.
Example:
KEY A KEY B
40641D4C2635 720834FA77F9
49DB59CFF2F3 2CBF23931A13
19D366541AE8 ED071D2A297B
In my understanding there is 1 access condition with 4 bytes. Each bytes for;
1) Access conditions for data block 0
2) Access conditions for data block 1
3) Access conditions for data block 2
4) Access conditions for the sector trailer
Am I right? If so, what is the access condition for;
1) Use Key A for reading
2) Use Key B for writing
For all 4 condition that I stated in above.
Example: I want use the data block 0, 1, 2 and the sector trailer to be read just for Key A, and write for just for Key B.
40641D4C2635xxxxxx00720834FA77F9
a) What is the xxxxxx and the 00 means in above example?
b) I am very confuse to set the access condition bytes. I want my xxxxxx represents Use key A for reading and use key B for writing for every block. How can I do that?
c) And what is the 00 after the xxxxxx means?
Another example:
I have my access bits as follows:
0x6E 0x1F 0x09 USER
C10 C20 C30 read write
1 1 0 A|B B
If I use this access bits can I accomplish what I am trying to say as a question above?
Kind Regards
+ 1 | - 0
Hi NTMS,
From the MIFARE Classic datasheet at
http://www.nxp.com/documents/data_sheet/MF1S50YYX.pdf
page 10, section 8.6.3 (Sector Trailer) you will find the description.
From my previous example the meaning is as follow:
Here are AA... the key A and BB… the key B bytes. CC… are the access bytes and 00 is an unused byte. You can use it as general purpose byte.40641D4C2635xxxxxx00720834FA77F9
AAAAAAAAAAAACCCCCC00BBBBBBBBBBBB
The rule is as follow: you write down all C1, C2 and C3 bit values for each block and combine the Cx bits according the figure 10 for all four blocks. Then you get the three access condition bytes you have to insert in the sector trailer.
Table 7 on page 13 shows all combinations. But be careful: you can also set the access condition to “never”! In this case you cannot get access to this block and you cannot change it if the block is the sector trailer itself.
The MIFARE Team
+ 0 | - 1
Hi mifaresdk,
That is my problem. I read all the that info and get very confuse. I calculated mant time and find many diffrent answer.
And after reading your mail;
1) Access conditions for data block 0
2) Access conditions for data block 1
3) Access conditions for data block 2
4) Access conditions for the sector trailer
For all conditions I have to set "Access Bits" as follows.
1) Use Key A for reading
2) Use Key B for writing
I find that I have to use;
08778F FF (08778FFF)
as a access bits so I can use Key A to read all conditions and I can use Key B to write all conditions. I attached the picture as well.
Am I right or wrong?
Kind Regards,
+ 1 | - 0
Hi NTMS,
In the attachment I see that you are on the right way. But let me explain it for all visitors.
Have a look to table 7 and 8 (I refer to the MIFARE Classic data sheet with the link above). You can see in table 7, with none combination of C1, C2 and C3 you can read the key A, so key A is a write-only value. C1 = 0, C2 = 0 and C3 = 1 is the so called “transport condition” for the sector trailer. With the known value of default key A = FF…FF you authenticate with key A to the sector and you are able to read the access condition (ac) bytes, the key B. You are also able to write to key A, the ac bytes, key B. Table 8 shows the ac bytes for the data blocks 0, 1 and 2. Here is the transport condition C1 = C2 = C3 = 0. This means, you can read, write, increment, decrement all data blocks either with key A or key B.
You want to use key A for reading and key B for writing. This is the setting for the data blocks. In this case key A is known at the reader terminal. Let us assume you want to allow reading data block 0 (the customer ID) and decrement a credit (data value in block 1). But with key A it should not be possible to write to the ID data nor to increment the credit value. In this case C1 = 1, C2 = 1 and C3 = 0 is the ac combination for the data blocks (table 8). Writing end-user data or set a new value for the credit is only possible at the issuer station (with a cashbox) and only here the key B is known.
The sector trailer ac combination could be C1 = 0, C2 = 1, C3 =1 (table 7). Key A and key B can never be read but can be written with key B. Okay, we have:
With this information we go into figure 10 (page 12) and we get for bytes 6, 7 and 8:C10 = 1, C20 = 1, C30 = 0,
C11 = 1, C21 = 1, C31 = 0,
C12 = 1, C22 = 1, C32 = 0,
C13 = 0, C23 = 1, C33 = 1
00001000 01110111 10001111 = 08778F
Byte 9 can be used also in a user application, you can set it as you like.
That is the same you also find out! Congratulations, you a now ready to prepare a MIFARE Classic to a shopping card application.
The MIFARE Team
+ 0 | - 0
Hi mifaresdk,
Thank you very much. I understand now. I will hope not to forget it in near future. :)
You answered perfectly.
Kind Regards
+ 0 | - 0
Please help me with the calculation. I have been studying this write-up and explantin for the last 1 week and I believe I got it except that my calculation is coming wrong
Byte 6 is C23 = 1, C22 = 1, C21 = 1, C20 = 1, C13 = 0, C12 = 1, C11 = 1, C10 = 1 -> 11110111 You Have 00001000 [Like are reverse]
Byte 7 is C13 = 0, C12 = 1, C11 = 1, C10 = 1, C33 = 1, C32 = 0, C31 = 0, C30 = 0 -> 01111000 You Have 01110111
Byte 8 is C33 = 1, C32 = 0, C31 = 0, C30 = 0, C23 = 1, C22 = 1, C21 = 1, C20 = 1 -> 10001111 You Have 10001111
This 11110111 01111000 10001111 = F7788F You have 08778F
What am I missing or did not understand?
+ 0 | - 0
Hi Onyekachi,
Please have a look to this posts:
https://www.mifare.net/support/forum/topic/keya-and-keyb-and-how-to-protect-the-contacless-card-from-cloning/page/2/
https://www.mifare.net/support/forum/topic/how-to-calculate-access-bit-for-mifare-classic-1k/
Kind regards,
The TapLinx Team
+ 0 | - 0
What is nit being explained and frankly, not sure why.
Why is no person explaining the inverted bits and which bits are inverted. Anywell, it took me 4 weeks but I do not want the next person 4 hours. So, to add to the explanation from the mifare team
If you have a close look at the figure 10 of the page 12 (mentioned above, with link), you will see the access condition diagram. Please pay attention to bytes 6 and 7. bytes 6 bites are all inverted and there are denoted with line on top of them. Also, notice that bytes 7, C33, C32, C31 and C30 are all inverted.
An invert in this case means that if the calculated bit is 1, it becomes 0. if the calculated bit is 0, it becomes 1.
There is no invert in bytes 8
Bytes 6 C23 C22 C21 C20 C13 C12 C11 C10 Hex
0 0 0 0 1 0 0 0 X08
Bytes 7 C13 C12 C11 C10 C33 C32 C31 C30
0 1 1 1 0 1 1 1 X77
Bytes 8 C33 C32 C31 C30 C23 C22 C21 C20
1 0 0 0 1 1 1 1 X8F
+ 0 | - 0
Hi Onyekachi,
The both diagrams in the post shows the access condition bits for the data blocks and for the sector trailer. You go into the diagrams and select the best aligned condition for your application. Not all conditions are possible! For instance, if you need separate keys (a read key and a write key), only the lines with “read = key A or key B” and “write = key B” are possible. There exist no condition “read = key B only” and “write = key A only”!
For instance, if you decide C1 = 1, C2 = 1 and C3 = 0, all data blocks can be read with key A or B and can be written only with key B. This is a typical use-case where the terminal (which has key A) can read data and decrement account values. But to write or renew account values is only possible on a special terminal (which has key B).
With the definitions of C1, C2 and C3 you have to fill the appropriate bits in bytes 6, 7 and 8. Please have a look into the datasheet. There is a table “Access Conditions” where is shown how the bits of C1, C2 and C3 (inverted and not) are put into the bytes 6, 7, and 8. You have to use this table and you cannot arrange the bits in a different order!
The TapLinx Team
+ 0 | - 0
Hello everyone.
I'm trying to change the access bits and I'm not getting it. I am the following APDU:
"FF D6 00 03 10 FF FF FF FF FF FF 78 77 88 00 FF FF FF FF FF FF"
But the return is always:
"00 00 00 00 00 00 E6 98 71 6B 00 00 00 00 00 00"
what is happening?
Thank you all for helping
+ 0 | - 0
Hi Philipp,
If you try to read the sector trailer, you will always get zeros for the key values. You cannot read the key values back!
If the authenticate with key A = FFFFFFFFFFFF works, you know it is the default key. If you can write to any block, you know you have write permission (this is the default for a blank card).
Now you change the keys and the access condition while you write to the sector trailer. When you start a new session you have to use the new key. But careful, there are combinations where you lock the card! Please check the access condition bits carefully.
Regards,
The TapLinx Team
+ 0 | - 0
Hello everyone,
its my first time to try a MIFARE card with arduino and i tried and example which comes with the examples in the library, i think i have blocked my sector 0 & 1
i dont know what happened and i dont know what to do, from reading through the internet i think i have change the access bits and key A and key B i think, when i try to read what in the block that what appears
block 7: 30 07 BD DC C5 A5 08 B6 DD 00 FF 8A 03 00 00 21
block 6: 30 06 34 CD C5 A5 08 B6 DD 00 FF 8A 03 00 00 21
block 5: 30 05 AF FF C5 A5 08 B6 DD 00 FF 8A 03 00 00 21
block 4: 30 04 26 EE C5 A5 08 B6 DD 00 FF 8A 03 00 00 21
please help as its my graduation project.
Thanks !!
+ 0 | - 0
Hi Ahmed,
You can block your MIFARE Classic if you write key values and permission bits to the sector trailer (block 3) which content is lost. You should know the key values which you will change and calculate the permission bits carefully. If you are in doubt, use the default keys as long as possible and change the keys at the last step in your personalizing phase.
The TapLinx team
+ 0 | - 0
Hello everyone
i want to know can i change access bits in mifare classic 1k in sector 0. my access bits are FF0F0011. in other sectors FF078069.
i tried to change but it was unsuccessful. please help me
+ 0 | - 0
Hi Misha,
please read my answer in this post:
Re: Mifare Classic 1K – Access Bits
The TapLinx team
+ 0 | - 0
-
AuthorPosts
You must be logged in to reply to this topic.