Have you also been bombarded with advertisements about NFC Visting Cards for 1000 rupees or 2000 rupees. Make one card and never make another. I’ve been doing it lately (yeah yeah, yada yada ad blocker : these are not simple ads (insta ads) that can be blocked via pi-hole if you could share some tips, I’d love a cleaner feed).
These cards looked interesting but after digging into them a bit, I realized a few things, which made me park those ideas because it didn’t seem possible at the time:
- Amazon sells programmable cards for much cheaper. Amazon India: LINQS NFC Card a cheaper option is to buy from the vendor itself LINQS Shop here
- The cards in the ads mostly direct users to URLs that are effectively hosted on the card provider’s domain and so if the service provider goes down (which frankly happens too often these days) the service goes down too.
- I’d love to have a card like that but I think I’d rather have more than just a URL. maybe my full contact info might be more than that, maybe a URL. in short If I get a card like that I want to have access to write something on it.
This month of November is a time of festivities and festivities in India. What people generally don’t talk about is that it is also a time to clean the house and if you live with family, that means you need to reduce the mess.
- I started cleaning out my room and realized, among all the electronic and non-electronic badges we had gotten from various conferences, we had also finally received some NFC Cards.
- I remembered the ad and I wondered, even though I don’t need an NFC visiting Card, wouldn’t it be cool if I could use these wasted cards for that purpose.
And soon my geek mind went”How difficult it must be“. So here’s what I’ve found so far and it may not be enough it may not be much but I’m just listing some tricks I’ve learned, some tools I’ve explored and references I’ve found. Hopefully they help others tinkering on their NFC exploration journey.
Background work
So I started by exploring what NFC actually is and how it works. NFC or near field communication is very closely related to RFID or Radio Frequency ID.
To focus on getting the basics, I visited my common source: Zero community presentations on the topic of NFC and RFID. This tells me that this is not a popular topic but is something people have been exploring in 2019.
My own project, the Indian Hacking Archive on the topic of RFID and NFC lists many more references for me to search with only one presentation available by Sarwar and Ashwath that provides good coverage of the basics of NFC. Discover this great presentation from 2012 @ BlackHat that covers in detail the various technology stacks and details.
But I’m not going to spend $$$$ on something because it’s a curiosity. I will spend a lot of time thinking (because that’s me: the effort to learn more is always better than wasting money to solve the problem)
So it seems like I’m very late to the party, like a decade late. So chasing around is pointless, let’s try to narrow down what exactly we are looking for.
- I have a lot of NFC based cards from hotel stays and conference tickets.
- I wanted to find out if I could rewrite it and or reuse it for my own purposes.
Studying the slides and references plus this refocusing made me realize that I first needed to narrow down what exactly I had. only then should I explore the second question. Since I wasn’t planning on purchasing any hardware, I had to rely on an existing NFC/RFid based device, namely my smartphone. So I looked for Android apps to see if there was one that could help me with this process. That brings me to NFC Tools. This application is very quickly able to read and identify the cards that I have. and I get several card variations.
- MiFare Classic 1K
- Mifare Ultra Light
- Mifare NTAG216
- Mifare Ultra Light EV1
The reference documents on their website make it clear that all of these chips are supported by the app.
So I tried to see if I could write to the cards. If life were this simple then I wouldn’t be writing this blog. I encounter typos all the time.
Further reading points to the fact that there may be a write lock on the card. So the new activity sheet becomes.
- See if the card is locked
- find a way to unlock it
- Once the lock is unlocked, find a way to use the card directly or format the card.
- After the card is formatted, write the data on the card.
What else can be done
This is where I look back at what else is out there online. This time I refer more widely via the internet but more specifically to the MiFare card.
And identified some interesting projects
There’s also been a lot of chatter about FlipperZero’s ability to crack these cards. But for me, MiFare Classic Tool (is a great choice. But after digging deeper, its fork caught my attention the most.
Let’s start.
So Mifare Classic Tools or MCT-bruteforce-key are both good starting points for my exploration of mifare classic cards.
In short the MiFare Classic 1k card I have contains 1K memory, 16 sectors or 4 blocks each. each block consists of 16 bytes of data so a total of 1K bytes of data can be stored.
Each sector has 2 keys, Key A and Key B. We need to know the key or bruteforce the key in order to write to that sector. some cards due to access conditions may not allow you to write at all.
Since I ran into a situation where I had the card but didn’t have access to a machine that read the data properly, I just had a card attack.
- Nesting attacks are automated through
- Dark side attacks are automated through
Both of these attacks have limitations so they do not currently work on Android. Maybe kali nethunter and a custom kernel can help but that’s something I haven’t looked into. So we went back to NFCtools and the classic mifare tools.
I can read all sectors for 2-3 different mifare classic cards using the built in standard keys. which allows me to go and format it at the factory. Once factory formatted, I was then able to utilize NFCtools to write my preferred data onto the card. so that sorts out my pain right now.
But another interesting tool that I found while reading many articles online is this NFC ReTag. This tool works with a different approach as each tag has a unique ID, these can be programmed to react differently when near different cards. This doesn’t require a lock or brute force but it is an interesting concept that if the phone is placed in this location then it will react differently because it is close to this card.
This allows for a new way to explore the world of NFC cards and reuse existing cards without worrying about the content inside.
Thus, it would be nice if I assume a project is closed, there are bound to be some pending tasks (looking at my 10,000 pending tasks, what harm could 2-3 more do :P). So with that being said, my next items to explore in the future are:
- Playing around with mfoc and mfcuk to see if I can use them on the Android device itself.
- To print my own visiting cards on NFC cards using an Inkject printer. Hopefully one day I will and will remember to write about it.
I’m sure I’ll lose a ton of resources but my task is done and I’d rather use my energy on an alternative task. But if you know of an easier and simpler way of doing something, share it with me. Wondering how you navigate the NFC ecosystem.
Digital Agency
we specialize in maximizing your online visibility and driving measurable results through strategic SEO solutions. We’re here to help businesses like yours rank higher, attract quality traffic, and achieve long-term growth in the ever-evolving digital landscape.