search

emsec / ChameleonMini

The ChameleonMini is a versatile contactless smartcard emulator compliant to NFC. The ChameleonMini was developed by https://kasper-oswald.de. The device is available at https://shop.kasper.it. For further information see the Getting Started Page https://rawgit.com/emsec/ChameleonMini/master/Doc/Doxygen/html/_page__getting_started.html or the Wiki tab above.
Other
1.73k stars 391 forks source link

Mifare Ultralight EV1 support #104

Open ogsts opened 7 years ago

ogsts commented 7 years ago

Is it possible to emulate Mifare Ultralight EV1 using Chameleon Mini ?

http://www.nxp.com/products/identification-and-security/mifare-ics/mifare-ultralight/mifare-ultralight-ev1-contactless-ticket-ic:MF0UL1101DUD?tab=Documentation_Tab

doegox commented 7 years ago

I'm afraid not currently. Feel free to propose a patch ;)

geo-rg commented 7 years ago

@ogsts If you feel confident with C, I would encourage you to start a development on Mifare Ultralight EV1 emulation. AFAIK it uses ISO14443 only with low data rates, so you can use the codecs, which are already on the Chameleon right now. The only thing you have to do is implementing the Application layer.

You could start with a look at Firmware/Chameleon-Mini/Application/MifareUltralight.c. There you can see, how the application for MifareUltralight is realized. Maybe you copy-paste it to another file, e.g. MfareUltralightEV1.c and then add the EV1 functionality. We would look forward to you contribution! I also think you would get help from others here.

ogsts commented 7 years ago

I have created first version of Mifare Ultralight EV1 support on Chameleon-Mini. I can read it using phone and NXP TagInfo application identifies Chameleon Mini as Mifare Ultralight EV1. I have turned LOGMODE=memory and I see all expected ISO14443A commands REQA, ATQA, SELECT_CL1, etc. However, target reader where I would like to use emulated EV1 does not read it. And log contains nothing. So, I believe it is related to antenna matching. Any idea if/how this can be tuned ?

geo-rg commented 7 years ago

Hi @ogsts sorry for the late response. Have you solved this?

If not: the log shows really nothing? Not even receiving the REQA? Then I would think that the log function was deactivated at that time ;) But also, there has been a fix within the codec, but the bug which was fixed would not cause receiving nothing.

arne182 commented 6 years ago

Hi @ogsts I would also be interested in testing and help integrating this feature.

dev-zzo commented 6 years ago

@ogsts Ping. :-) If you don't mind sharing your implementation as a pull request, I am sure it will be greatly appreciated by the community here.