MCT and Sony Z3 #64
Comments
|
Hi. Another user told me that the Sony Z3 does not support Mifare Classic. Are you sure it worked before? Have you verified this by downgrading MCT to e.g. 2.0.1?. |
|
Ok, there are other users reporting issues with using Sony's Z3 in combination with Mifare Classic tags. First, Samsung's Galaxy S5 returns arrays with a length different from 16 bytes to a readBlock() (e.g. 6412ec6) call, then HTC's One m7/m8 devices deliver broken Tag objects to the app and now Sony's Z3 has Mifare Classic issues too?! Hmpf. Why do all manufacturers tamper with the NFC stack these days... |
|
@ikarus23 finally, issue with HTC is not in broken Tag. But NfcA.get(Tag) tries to get Extras from index of MifareClassic when it is enumerated in Techlist. |
|
Regarding the issue: Yeah, I thought so too. But I don't like to implement a patch every time a vendor changes the Android code. But I guess I have no choice if I want to have happy users... Off-Topic: Oh, so it's not the Tag object that is broken, it is the |
|
Now im debugging MCT 2.0.4 on Sony z3, Android 5.0.2 06-06 20:08:09.031 1643-2355/? D/NfcAdaptation﹕ NfcAdaptation::HalDeviceContextDataCallback: len=4 |
|
I can see there a " |
|
But MCT can read and write some Classic tags on Z3 whith 5.0.2 |
|
Ok, this is weird... |
|
oh shit, I just tried to read the difficult tag and once again she read! But NFC Tools 3.8.1 Free Version about "wakdev" work correctly every one.
|
|
Soon I will write test results MCT on Sony Z3 with early 4.4.2 Android |
|
@moscowneversleeping did you tried to read this card on another device? what kind of card is it? try to get info with https://play.google.com/store/apps/details?id=com.nxp.taginfolite there is some important information in your log: ... Mifare Classic is enumerated in TechList (tech=8) and uses protocol (nfc type = 128), but tag is activated wth protocol 4 coresponding to IsoDep (tech=3) May be your card is Mifare Plus switched to another security level? |
|
The screenshot of NFC Tools is showing a SAK of |
|
I'm using a MIFARE Classic emulated Can you build test version? where MCT dont see on SAK and application will be use direct commands for reading. (As you do for write zero block may be) |
|
To day I installed Android 4.4.4 instead 5.0.2 on my Sony Z3 and run MCT But yesterday I really was able to read the MIFARE Classic emulated Tag once (On Sony Z3). I know that this is possible, because Tag is reading on other phones (Sony Z1 and Nexus S, etc i'm testad it). More information about Tags And of course I can read(write) this Tags with ACR 122u (use default SDK) or with Proxmark3, load keys and read as Mifare classic tags. |
|
Regarding the stackoverflow issue: I know this issue, I posted it right at the top of this issue ;) Regarding the testing version: No, I can't build a version like this. On Android it is not possible to do real Mifare Classic commands. (Thats why only some of the UID changeable tags work). Regarding the screenshot: MCT looks at the Regarding a fix: I think this is a issue of the tag. A emulated Mifare Classic tag should not use a SAK thats reserved for Mifare Plus or Mifare DesFire. |
|
Then I must modify the MifareClassic.java for correct display TechList information. |
|
As I said. The real fix (from an Android perspective) would be to change the SAK of the tag. |
|
Oh, that is weird. In the screenshot you've taken from NFC Tools, there is a Mifare Classic in the |
|
No. It's my Sony Z3, but Android 4.4.4 (then i install to day). I can Install 5.0.2 and look Tagingo NXP. If nothing happens, I'll be grateful to you if you tell me a place in the source code to patch the TechList of the tag to make Android think that this tag is able of talking Mifare Classic. More information about tag proxmark3> hf 14a reader As you can see Proxmark write then SAK : 38 [1] but Android or MCT write SAK: 20 ((( |
|
More interesting sniffing information when MCT detectable Tag solve the information about it, and showing the message "Not a Mifare Classic Tag". https://cloud.githubusercontent.com/assets/2129699/8023350/ac7aa33a-0d11-11e5-8910-ead5b1b801a9.jpg results of proxmark3> hf 14a snoop Now I again updated my Sony Z3 to Android 5.0.2 when i want see Tag info in MCT results of proxmark3> hf 14a snoop And last, Mifare docor work and show But NFC Tools 3.8.1 by "wakdev" show
|
|
@moscowneversleeping it is strange thing in TechList NfcA occures twice. Let me guess that first (which is also returned by Tag object) contains SAK = 0x20, while second contains 0x18. It may caused by dual mode of this card. So I can try to compile test app for dumping and editing TechList tomorrow. Please contact me. |
|
@bildin it would be perfect. As i can contact you? |
|
Regarding the screenshots from this post: As you can see, the Mifare doctor app failed to read this tag. So does MCT, but it crashes from this failed read attempt. This is a thing I should definitively fix. NFC tool does not show any error because it has not tried to read the tag yet. All the information you can see in the screenshot are handed over to the app by Android. The app doesn't need to read anything to display those information. |
|
@ikarus23 my assumption has been prooved... I did OR both SAKs and put new Extra to the first occurance of NfcA. It works fine, but it makes me crazy to follow all of these variations.
|
|
Thanks again, @bildin, for bringing light into the into the dark corners of strange Android Mifare Classic issues! I'm not sure if I got you right on how to fix this. You added a new Do you think there is a more general approach to fix these issues? Maybe manipulating the list to only contain one @moscowneversleeping Lets try to find a general way to fix the TechList Extras that hopefully will work for all devices with issues (e.g. the Sony Z3 and the HTC One). I would relay like to implement something like this and not just another fix for another device. |
|
@ikarus23 Thanks. For my part, you can always count on quick tests of your application and any other help that I can provide. |
|
@ikarus23 I think more general Tag's cleanup will be something like this (in case of multi NfcA and preserving functionality with other technologies) private Tag cleanupTag(Tag oTag) {
if (oTag == null)
return null;
String[] sTechList = oTag.getTechList();
Parcel oParcel = Parcel.obtain();
oTag.writeToParcel(oParcel, 0);
oParcel.setDataPosition(0);
int len = oParcel.readInt();
byte[] id = null;
if (len >= 0) {
id = new byte[len];
oParcel.readByteArray(id);
}
int[] oTechList = new int[oParcel.readInt()];
oParcel.readIntArray(oTechList);
Bundle[] oTechExtras = oParcel.createTypedArray(Bundle.CREATOR);
int serviceHandle = oParcel.readInt();
int isMock = oParcel.readInt();
IBinder tagService;
if (isMock == 0) {
tagService = oParcel.readStrongBinder();
} else {
tagService = null;
}
oParcel.recycle();
int nfca_idx = -1;
int mc_idx = -1;
short oSak = 0;
short nSak = 0;
for (int idx = 0; idx < sTechList.length; idx++) {
if (sTechList[idx].equals(NfcA.class.getName())) {
if (nfca_idx == -1) {
nfca_idx = idx;
if (oTechExtras[idx] != null
&& oTechExtras[idx].containsKey("sak")) {
oSak = oTechExtras[idx].getShort("sak");
nSak = oSak;
}
} else {
if (oTechExtras[idx] != null
&& oTechExtras[idx].containsKey("sak")) {
nSak = (short) (nSak | oTechExtras[idx].getShort("sak"));
}
}
} else if (sTechList[idx].equals(MifareClassic.class.getName())) {
mc_idx = idx;
}
}
boolean modified = false;
if (oSak != nSak) {
oTechExtras[nfca_idx].putShort("sak", nSak);
modified = true;
}
if (nfca_idx != -1 && mc_idx != -1 && oTechExtras[mc_idx] == null) {
oTechExtras[mc_idx] = oTechExtras[nfca_idx];
modified = true;
}
if (!modified) {
return oTag;
}
Parcel nParcel = Parcel.obtain();
nParcel.writeInt(id.length);
nParcel.writeByteArray(id);
nParcel.writeInt(oTechList.length);
nParcel.writeIntArray(oTechList);
nParcel.writeTypedArray(oTechExtras, 0);
nParcel.writeInt(serviceHandle);
nParcel.writeInt(isMock);
if (isMock == 0) {
nParcel.writeStrongBinder(tagService);
}
nParcel.setDataPosition(0);
Tag nTag = Tag.CREATOR.createFromParcel(nParcel);
nParcel.recycle();
return nTag;
} |
|
@ikarus23 |
|
@bildin Thanks for clearing that up! And of course I meant 56, not 52 :) |
|
@bildin I have checked the code you provided in our application and the tag is detected and SAK is the correct one. But the problem is that when we try to read the memory from the MIFARE card we got an exception that the tag is lost. Any idea? |
|
I have created another testing version of MCT with a slightly modified version of bildin's patch (just code structure). Could somebody please test if this still works for a Sony Z3? EDIT: Updated link |
|
@ikarus23 |
|
@ikarus23 All right! |
|
No) I can Read, but i can not see Tag Info |
|
Thanks for testing! Were you able to display the Tag Info with the first testing version? |
|
failed too ( |
|
Thanks again. |
|
See you |
|
I've created another testing version. Please check if reading, writing, and the Tag Info tool is working. |
|
@ikarus23 it seems it is working correctly now. Could you please post the diff code? ;) Edit: NO IT IS NOT WORKING. The card is correctly detected but it is unable to read the memory data. |
|
Arrrrrg! But thanks for testing :) |
|
Unfortunately no. We got an exception. It is quite strange as the Tag And therefore, afterwards reading is crashing with and IOException Hope that helps. We can try to work something out, but we are "as lost On 06/07/2015 19:26, ikarus wrote:
|
|
As far as I know it is a NXP chip. A picture from iFixit and another bug report indicate this too. |
|
So you have the same info I do ;) Therefore I don't know why the hell it Do you know of a way of sending low level chipset messages within On 06/07/2015 20:37, ikarus wrote:
|
|
@ikarus23 ... Last version work with all type Mifare Classic and i can see Tag Info too. |
|
Oooh, so it's working for your tag, moscowneversleeping, but not for the tag of jlanza. @jlanza What type of tag are you trying to read? |
|
@jlanza And what do you used Android version? |
|
I'm trying to read a Dual Card. It is a JavaCard with Mifare Classic When I'm using native Mifare Classic cards, there is no problem either My guess for a solution is, is there any way of attaching a tag to an Thanks. keep in touch. On 07/07/2015 7:45, ikarus wrote:
|
|
@jlanza (OffTopic)
As far as I know, there is no easy way to do this. Most phones with NXP chips use the nfc-pn544 kernel module provided by Google/NXP which will create a device at I read a lot of forum threads or mailinglist posts of people who want to have full control over the NFC chip inside the Android phone (e.g. to crack the keys of Mifare Classic tags). But I never read of one who succeeded in doing so. However, there has been "research" in that area. I found a document of Hendri Appelmelk, who was able to port libnfc to Android (original post, pdf mirror). Also you may consider asking Michael Roland (e.g. on stackoverflow). This guy really knows his way around NFC and Android! |
|
Thanks a lot. I will read the information you attached ;) and if we find On 07/07/2015 22:14, ikarus wrote:
|
|
@jlanza It is Very interesting, may be we can emulate Mifare Classic Tags..? |
|
When I meant emulated I mean that the card is a JavaCard with On 07/07/2015 22:35, Andrey Ryabinin wrote:
|
|
I have card, mentoned above (JCOP with MC emulation). There weren't problem with it on my Samsung Galaxy S3. But Sony Xperia E3 shows only one NfcA with SAK 0x20. So it is device dependable identification of such cards. Are there any news, how to read them? Offtopic: Have you ever got cyclic tag discovery while reading tag onnewintent? I have this with some old Mifare Classic card (not all) in my app. |
|
Merged in 7ccd3d1. |
moscowneversleeping said:
The text was updated successfully, but these errors were encountered: