MIFARE CLASSIC® 1K SECTOR TRAILER ACCESS BITS

Radio Frequency Identification (RFID) has become an effective, low cost, contactless method of transferring data between a tag and reader. A reader is a device that has one or more antennas that emits radio waves. These radio waves energize a close proximity passive tag allowing for the exchange of data between the tag and reader. Some common RFID applications include inventory management, asset tracking, loyalty cards, fare cards, employee cards, and access control. The radio wave frequency affects the distance between the tag and reader.

  • Low-Frequency 30kHz to 500kHz (typical 125kHz) range few inches to less than 6 feet.
  • High-Frequency 3MHz to 30MHz (typical 13.56Mhz) range few inches to several feet.
  • Ultra High-Frequency 300MHz to 960MHz (typical 433MHz) up to 25+ feet.
  • Microwave 2.45GHz up to 30+ feet.

The MIFARE Classic® 1K is a common low cost RFID tag that operates at 13.56MHz. These tags come in key card and keychain styles and costs less that $1 each in low quantities. As the 1K indicates, this tag stores 1K bytes of data. For the reader you can use a standard product like the ACR122U that has a USB connection to your computer. If you are making your own embedded system then the RC522 module is a simple, low cost reader module that interfaces to a processor using SPI.

The MIFARE Classic® 1K tag is organized into 16 sectors (0 – 15) with each sector containing 3 data blocks (blocks 0-2) and 1 sector trailer (block 3). Each data block/sector trailer has 16 bytes (16 sectors * 4 blocks/sector * 16 bytes/block = 1024 bytes). Not all bytes are available for user data. Sector 0, data block 0 is reserved for manufacturing data and each sector trailer can contain up to 7 user data bytes if key B isn’t being used. If only data blocks are used then 752 bytes are available for user data.

MIFARE Classic® 1K Data Organization

Manufacturer block (sector 0, block 0, address 0, 16 bytes) is programmed and write protected during product test. Data blocks are configurable as either read/write or value blocks as defined by the access bits in the sector trailer. Value blocks have special commands such as increment and decrement for direct control of stored values, which are helpful in electronic purse applications.

The sector trailer is the last block of the sector. Each sector trailer contains:

  • secret keys A (bytes 0-5) and B (bytes 10-15), which when protected from reading returns ‘0’
  • access conditions for all four sector blocks (bytes 6-8)

All keys are set to 0xFFFFFFFFFFFF at chip delivery and key A is never readable.

Sector Trailer Byte Definitions

Access bits control the access conditions for every data block and sector trailer in the given sector. Access control is defined by 3 bits for each block, which are stored in the sector trailer bytes 6-8 (3 bits/block x 4 blocks/sector = 12 bits/sector * 2 for true and inverted values = 24bits/sector = 3 bytes/sector). Access control limits the ability to read or write sector areas including the sector trailer as well as defining data block’s functions (read/write vs. value block). Formatting of bytes 6-8 is somewhat complex. These three bytes are formed by combining the access bits values of the four sector blocks as shown in the next figure (e.g., bit C22 is the C2 bit value for block 2 within the sector).

Access Bits Byte Definition

Conditions for sector trailer access are defined in the table below. Access control includes the ability to write key A (reading key A is never allowed), read and write key B, and the ability to read and write access bits. For example if you never want to write either key A or key B, but you still want to change the access bits in the future, then C1C2C3 = 101 (5) is a good selection. With this access setting you can never read or write either key, but you can still read the access bits using either key A or key B and write the access bits using key B. The factory default value is C1C2C3 = 001 (1), where key A is used for read and write access to all sector trailer values.

Sector Trailer Access Conditions

A similar table is used to configure the sector data blocks access bits. Access conditions include read, write, increment, decrement/transfer/restore. If you want to only read a data block using only key B, then C1C2C3 = 101 (5) could be used. Note that if key B is readable (set by the sector trailer access bits), it can’t be used for access control (see note [1]).

Data Block Access Conditions

Unless you are using a tag reader with support software, the calculation of the access control bytes is a little tedious. I have created an Excel spreadsheet where the user selects each blocks access bits integer decimal values (unshaded table area) using the appropriate tables (C1C2C3) and the access bits byte values are automatically calculated (B6 B7 B8).

Excel Worksheet to Simplify Access Bits Byte Calculation

This has been a quick discussion on setting the MIFARE Classic® 1K tag access bits. If you want to learn more about this tag, Sanga Chidam YouTube channel has excellent video tutorials on the MIFARE Classic® 1K tags. All figures and tables in this post are from the NXP MF1S503X datasheet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s