114 lines
6.2 KiB
Markdown
114 lines
6.2 KiB
Markdown
|
**BIG CHANGES COMING TO THIS! Need to update info as the below is no longer (entirely) true.**
|
||
|
|
|
||
|
|
Some files that are fun to use. Starting to get a better idea on the structure (Flipper format) of NFC files and payloads.
|
||
|
|
|
||
|
|
Some great reading about [Hacking MIFARE & RFID](https://hackmethod.com/hacking-mifare-rfid/?v=7516fd43adaa).
|
||
|
|
|
||
|
|
----------------------------------------------
|
||
|
|
|
||
|
|
**Flipper Zero can read the following**:
|
||
|
|
- T5777 Card Freq 125K
|
||
|
|
- 125 kHz RFID (MiFare Classic Card)
|
||
|
|
- NFC MiFare Classic Clear Tag
|
||
|
|
- NFC HID Card Freq 125KHZ
|
||
|
|
- 125 kHz RFID FourPoints.Com Card NFC
|
||
|
|
- NFC Mifare Ultral/NTAG Gen1A 1k S50 HF RFID Card
|
||
|
|
- NFC UID Freq 13.56MHZ Card | NFC Hotel KeyCards
|
||
|
|
- NFC ValuProx 125kHz ISO
|
||
|
|
|
||
|
|
----------------------------------------------
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
----------------------------------------------
|
||
|
|
|
||
|
|
Example using the [RickRoll.nfc](https://github.com/UberGuidoZ/Flipper/blob/main/NFC/Fun_Files/RickRoll.nfc) file. Leave the data in pages 1 through 6 alone (though not always true, but it is for YouTube links.)
|
||
|
|
|
||
|
|
```
|
||
|
|
Page 7: 79 6F 75 74
|
||
|
|
Page 8: 75 2E 62 65
|
||
|
|
Page 9: 2F 64 51 77
|
||
|
|
Page 10: 34 77 39 57
|
||
|
|
Page 11: 67 58 63 51
|
||
|
|
```
|
||
|
|
|
||
|
|
This is simply the YouTube "[share](https://support.google.com/youtube/answer/57741)" link encoded into HEX and split into 4 byte chunks. See for yourself...
|
||
|
|
|
||
|
|
HEX from above: `79 6F 75 74 75 2E 62 65 2F 64 51 77 34 77 39 57 67 58 63 51` <br>
|
||
|
|
[Converted](https://www.binaryhexconverter.com/hex-to-ascii-text-converter): youtu.be/dQw4w9WgXcQ
|
||
|
|
|
||
|
|
The last byte in page 6 (0x04) defines what type of encoding ([data sheet](https://www.nxp.com/docs/en/data-sheet/NTAG213_215_216.pdf) and [URI identifier codes](https://learn.adafruit.com/adafruit-pn532-rfid-nfc/ndef)). To convert your link to HEX, use anything such as an [online tool](https://onlinehextools.com/convert-ascii-to-hex). Read up on [generic cloner passwords](https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/cloner_notes.md) as they may exist and may be needed to access information.
|
||
|
|
|
||
|
|
One limitation is the URL will be truncated if it goes beyond page 11! If your URL is less than exact, pad it with 00, making sure page 12 stays as "FE 00 00 00". Note that [TinyURL](https://tinyurl.com/app) links appear to fit well and conversion/use is free. If your link doesn't launch automatically when scanned, try using a different URI identifier.
|
||
|
|
|
||
|
|
----------------------------------------------
|
||
|
|
|
||
|
|
[NTAG Differences](https://www.rfidfuture.com/difference-between-ntag213-ntag215-and-ntag216.html) | [NTAG Datasheet](https://www.nxp.com/docs/en/data-sheet/NTAG213_215_216.pdf) | [ASCII to HEX](https://onlinehextools.com/convert-ascii-to-hex) | [HEX to Decimal](https://www.binaryhexconverter.com/hex-to-decimal-converter) (Other converters at both links.)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
Value Protocol ([SOURCE](https://learn.adafruit.com/adafruit-pn532-rfid-nfc/ndef))<br>
|
||
|
|
------ ---------- <br>
|
||
|
|
0x00 No prepending is done ... the entire URI is contained in the URI Field <br>
|
||
|
|
0x01 `http://www.` <br>
|
||
|
|
0x02 `https://www.` <br>
|
||
|
|
0x03 `http://` <br>
|
||
|
|
0x04 `https://` <br>
|
||
|
|
0x05 `tel:` <br>
|
||
|
|
0x06 `mailto:` <br>
|
||
|
|
0x07 `ftp://anonymous:anonymous@` <br>
|
||
|
|
0x08 `ftp://ftp.` <br>
|
||
|
|
0x09 `ftps://` <br>
|
||
|
|
0x0A `sftp://` <br>
|
||
|
|
0x0B `smb://` <br>
|
||
|
|
0x0C `nfs://` <br>
|
||
|
|
0x0D `ftp://` <br>
|
||
|
|
0x0E `dav://` <br>
|
||
|
|
0x0F `news:` <br>
|
||
|
|
0x10 `telnet://` <br>
|
||
|
|
0x11 `imap:` <br>
|
||
|
|
0x12 `rtsp://` <br>
|
||
|
|
0x13 `urn:` <br>
|
||
|
|
0x14 `pop:` <br>
|
||
|
|
0x15 `sip:` <br>
|
||
|
|
0x16 `sips:` <br>
|
||
|
|
0x17 `tftp:` <br>
|
||
|
|
0x18 `btspp://` <br>
|
||
|
|
0x19 `btl2cap://` <br>
|
||
|
|
0x1A `btgoep://` <br>
|
||
|
|
0x1B `tcpobex://` <br>
|
||
|
|
0x1C `irdaobex://` <br>
|
||
|
|
0x1D `file://` <br>
|
||
|
|
0x1E `urn:epc:id:` <br>
|
||
|
|
0x1F `urn:epc:tag:` <br>
|
||
|
|
0x20 `urn:epc:pat:` <br>
|
||
|
|
0x21 `urn:epc:raw:` <br>
|
||
|
|
0x22 `urn:epc:` <br>
|
||
|
|
0x23 `urn:nfc:` <br>
|
||
|
|
|
||
|
|
-----
|
||
|
|
|
||
|
|
Acknowledgements: [RogueMaster](https://github.com/RogueMaster/) | cyanic | Null Silvry | [Equip](https://github.com/equipter/) | DDVL (for discussions, testing, and any files.)
|
||
|
|
|
||
|
|
-----
|
||
|
|
|
||
|
|
## Donation Information
|
||
|
|
|
||
|
|
Nothing is ever expected for the hoarding of digital files, creations I have made, or the people I may have helped.
|
||
|
|
|
||
|
|
## Ordering from Lab401? [USE THIS LINK FOR 5% OFF!](https://lab401.com/r?id=vsmgoc) (Or code `UberGuidoZ` at checkout.)
|
||
|
|
|
||
|
|
I've had so many asking for me to add this.<br>
|
||
|
|
 
|
||
|
|
|
||
|
|
**BTC**: `3AWgaL3FxquakP15ZVDxr8q8xVTc5Q75dS`<br>
|
||
|
|
**BCH**: `17nWCvf2YPMZ3F3H1seX8T149Z9E3BMKXk`<br>
|
||
|
|
**ETH**: `0x0f0003fCB0bD9355Ad7B124c30b9F3D860D5E191`<br>
|
||
|
|
**LTC**: `M8Ujk52U27bkm1ksiWUyteL8b3rRQVMke2`<br>
|
||
|
|
**PayPal**: `uberguidoz@gmail.com`
|
||
|
|
|
||
|
|
So, here it is. All donations of *any* size are humbly appreciated.<br>
|
||
|
|
 
|
||
|
|
|
||
|
|
Donations will be used for hardware (and maybe caffeine) to further testing!<br>
|
||
|
|
|