It’s easy to protect a Mifare Ultralight with Android, there is the Ndef.makeReadonly() method for that. But Mifare Classic tags return Ndef.canMakeReadonly() == false, so this is not possible. I heard that one can make such a tag readonly or at least protect it with a key by setting the a or b keys.
There’s this methid in MifareClassic tech: authenticateSectorWithKeyB(int sectorIndex, byte[] key)
Does anyone know if this can be used to make a ndef message on a mifare classic tag read-only? Or how else could I write a ndef message onto the tag and then somehow lock it against new writes?
It is possible using the authenticate methods.
First, here is the datasheet for the Mifare Classic 4k:
http://www.nxp.com/documents/data_sheet/MF1S703x.pdf
The important chapters for your are:
In short a write protection works like this:
The Mifare Classic is divided into sectors of 4*16 bytes each (only applies to the first 1k or so… the higher blocks are a bit different, but thats documented in the spec). Of these 64 bytes 16 are used for authentication/protection. For each sector of the card you do the following:
The KeyA values for Mifare Classics are:
For unformatted, factory fresh cards.
For the first sector of the card
For all other sectors.
Important: You have to write back the original KeyA keys to the card. If these differ from the keys shown above the card will not be Ndef compliant anymore.
For the modified access bits you have two choices:
Only enable Read for KeyA. This will give you a 100% write protection that can’t be revoked.
Enable Read for KeyA and Read/Write for KeyB. Also store a secret key in KeyB. This will allow you to authenticate a write protected sector using your secret KeyB to unprotect the card.
Background: Android will only authenticate a Ndef formatted tag using the KeyA values shown above. The Ndef detection code never tries KeyB on its own, therefore you can use KeyB for your own purposes.