Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MIFARE Ultralight C hex dump shows bogus data for locked pages #3772

Open
supersat opened this issue Jul 9, 2024 · 1 comment
Open

MIFARE Ultralight C hex dump shows bogus data for locked pages #3772

supersat opened this issue Jul 9, 2024 · 1 comment
Assignees
@gornekich
Labels
NFC NFC-related Triage Issues under initial investigation UI Affects UI

Comments

@supersat
Copy link

supersat commented Jul 9, 2024

Describe the bug.

At a recent event, we gave everyone MIFARE Ultralight C wristbands with some pages locked as part of a CTF. Many people tried reading their wristband with their Flipper Zero, and unfortunately, rather than seeing some pages locked in the hex dump, they saw bogus data (seemingly copied starting from page 0). The NXP TagInfo app for Android correctly showed those pages as XX XX XX XX.

Reproduction

  1. Auth-protect some pages on a MIFARE Ultralight C card. This can be done by writing 25 00 00 00 to page 0x2a and 00 00 00 00 to page 0x2b. This locks pages 0x25 and up from being read without authentication.
  2. Read the tag with the Flipper Zero.
  3. Select Info, then more, then scroll down to the bottom. The last 3 pages should show as locked, but are copies of pages 0, 1, and 2.

Target

No response

Logs

No response

Anything else?

FW version 0.103.1
@hedger hedger added NFC NFC-related UI Affects UI Triage Issues under initial investigation labels Jul 9, 2024
@gornekich
Copy link
Member

Thanks for the report, working on it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gornekich gornekich

Labels
NFC NFC-related Triage Issues under initial investigation UI Affects UI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hedger @supersat @gornekich