ndeftlv

Resolving contents of MiFare Ultralight NFC tag


I'm currently working with NFC/NDEF and I'm running into an issue where I'm unable to understand the data coming in. I have a general understanding of the NDEF standard and have looked over the MIFARE datasheet, so I'm able to pick out a few things, but there are a few bytes that are seemingly out of place and are puzzling me.

Here is the hexdump of the data on the tag, collected via nfc-mfultralight r:

00000000  04 02 2f a1 d2 11 5f 81  1d 48 00 00 e1 10 12 00  |../..._..H......|
00000010  01 03 a0 0c 34 03 1b 91  01 05 54 02 65 6e 68 69  |....4.....T.enhi|
00000020  11 01 05 54 02 65 6e 68  69 51 01 05 54 02 65 6e  |...T.enhiQ..T.en|
00000030  68 69 fe 00 00 00 00 00  00 00 00 00 00 00 00 00  |hi..............|

I know the first 16 bytes (04 02 2f a1 d2 11 5f 81 1d 48 00 00 e1 10 12 00) are the NFC/MIFARE header (first 9 being the serial number/check bytes, 1 byte for internal, 2 for lock, and then final 4 are OTP bytes.)

Starting at byte 21 I can see the start of a TLV record with the Terminator TLV flag at the end (03 1b ... fe), indicating a record of NDEF type with length 27. This matches the length of the expected NDEF record.

However, I'm confused by bytes 16..20 (01 03 a0 0c 34). What are these?


Solution

  • It appears these are a part of the Lock Control TLV, a part of the NFC Type 2 Tag standard (pages 10-11).

    The bytes are laid out as such: