I am trying to write a PC application (Windows, .NET) that identifies students on the basis of some card equipped with RFID identification to build lecture attendance registers. Currently I have a Stronglink SL040A RFID reader (http://www.stronglink-rfid.com/en/rfid-modules/sl040.html), which operates as a HID and sends the data as a series of keystrokes.
The system works perfectly with older cards like Mifare 1K classic (even with PayPass credit cards). The new student cards (and identity cards) issued by the Hungarian authorities, however, contain Mifare PlusX 4K chips, which seem to send a new key every time one uses the card. I have tried experimenting with the settings the configuration tool of the reader offers, but to no avail. I can make the 1K classic cards send a much longer key by changing the end block parameter but the PlusX 4K keeps sending the shorter, and painfully non-consistent, keys.
I am a physicist without a deeper understanding of these chips and RFID authentication in general – I am just trying to make a job done that seemed easy at the beginning. I have no intention of cracking or abusing these cards in any way, I am just trying to find some block of data on the card that stays consistent upon each use, does not require complicated authentication protocols but is unique between different cards.
Is it possible or is it against the philosophy of these chips? If possible, shall I have to buy a new reader or can I make it do what I need?
Your thoughts are much appreciated.
From the MiFare PlusX 4K datasheet:
Section 8.2: There are three different versions of the PICC. The UID is programmed into a locked part of the NV-memory reserved for the manufacturer:
• unique 7-byte serial number
• unique 4-byte serial number
• non-unique 4-byte serial number
Due to security and system requirements, these bytes are write-protected after being programmed by the PICC manufacturer at production.
...
During personalization, the PICC can be configured to support Random ID in security level 3. The user can configure whether Random ID or fixed UID shall be used. According to ISO/IEC 14443-3 the first anticollision loop (see Ref. 5) returns the Random Number Tag 08h, the 3-byte Random Number and the BCC, if Random ID is used. The retrieval of the UID in this case can be done using the Virtual Card Support Last command, see Ref. 3 or by reading out block 0.
From what you have described, it appears that the cards are running in Security Level 3, and unfortunately, the backwards-compatible part of the card only exists at lower security levels. The mentioned command of Virtual Card Support Last is also only available after level 3 authentication.
I'm afraid what you want to do appears impossible unless you can use the ISO/IEC 14443-4 protocol layer, which I think would let you authenticate at level 3? The relevant data appears to be in section 8.7, and involves AES authentication.