{"id":24501048,"url":"https://github.com/androidcrypto/ntag424sdmfeature","last_synced_at":"2025-04-14T05:42:36.931Z","repository":{"id":245138759,"uuid":"817366077","full_name":"AndroidCrypto/Ntag424SdmFeature","owner":"AndroidCrypto","description":"This is an accompanying application to an articles series about demystifying the Secure Dynamic Message feature of NTAG 424 DNA NFC tags.","archived":false,"fork":false,"pushed_at":"2024-06-19T15:22:21.000Z","size":18843,"stargazers_count":12,"open_issues_count":3,"forks_count":10,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-03-27T19:40:43.446Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AndroidCrypto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-19T14:51:41.000Z","updated_at":"2025-02-21T13:34:12.000Z","dependencies_parsed_at":"2024-06-20T02:55:03.629Z","dependency_job_id":null,"html_url":"https://github.com/AndroidCrypto/Ntag424SdmFeature","commit_stats":null,"previous_names":["androidcrypto/ntag424sdmfeature"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndroidCrypto%2FNtag424SdmFeature","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndroidCrypto%2FNtag424SdmFeature/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndroidCrypto%2FNtag424SdmFeature/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndroidCrypto%2FNtag424SdmFeature/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AndroidCrypto","download_url":"https://codeload.github.com/AndroidCrypto/Ntag424SdmFeature/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248830420,"owners_count":21168272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-21T22:23:01.017Z","updated_at":"2025-04-14T05:42:36.900Z","avatar_url":"https://github.com/AndroidCrypto.png","language":"Java","readme":"# NTAG 424 DNA Secure Dynamic Messaging (\"SDM\") Feature\n\nThis is the accompanying app to my articles **Demystify the Secure Dynamic Message with NTAG 424 DNA NFC tags (Android/Java) Parts 1 and 2**,\navailable here:\n\nPart 1: https://medium.com/@androidcrypto/demystify-the-secure-dynamic-message-with-ntag-424-dna-nfc-tags-android-java-part-1-b947c482913c\n\nPart 2: https://medium.com/@androidcrypto/demystify-the-secure-dynamic-message-with-ntag-424-dna-nfc-tags-android-java-part-2-1f8878faa928\n\n## Overview\n\nThe NTAG 424 DNA tags are using a feature that was available only with the Mifare DESFire EV3 tags before.\n\nHere is an excerpt from the datasheet: \n*Using AES-128 cryptography, the tag generates a unique NFC authentication message \n(SUN) each time it is being tapped. An NFC mobile device reads this tap-unique URL \nwith the SUN authentication message, sends it to the host where tag and message \nauthentication take place, and returns the verification result. The SUN authentication \nmechanism is working on Android without a dedicated application and from iOS11 \nonwards using an application. This way, NTAG 424 DNA TT offers tag authentication, \nas well as data assurances on authenticity, integrity and even confidentiality, while also \nsecuring physical tag presence.*\n\nIn the documentation you will find two namings for the same feature:\n- **Secure Dynamic Message** (\"SDM\")\n- **Secure Unique Number** (\"SUN\")\n\n## Technical informations about NTAG 424 DNA tags\n\nIn this document I'm always writing \"NTAG 424 DNA\" but there are \"NTAG 424 DNA Tag Tamper\" available as \nwell. The SDM/SUN feature is working on both tag types.\n\nNTAG 424 DNA datasheet: https://www.nxp.com/docs/en/data-sheet/NT4H2421Tx.pdf\n\nNTAG 424 DNA and NTAG 424 DNA TagTamper features and hints: https://www.nxp.com/docs/en/application-note/AN12196.pdf\n\nSymmetric Key Diversification AN10922: https://www.nxp.com/docs/en/application-note/AN10922.pdf\n\nThe tag has a predefined application and 3 predefined **Standard Data** files:\n- **File 01h**: 32 bytes size, suitable for the \"Capability Container\" data (necessary for NDEF messages). The Communication mode is **Plain Communication**.\n- **File 02h**: 256 bytes size, suitable for long NDEF messages. The Communication mode is **Plain Communication**.\n- **File 03h**: 128 bytes size, suitable for protected data. The Communication mode is **Encrypted Communication**.\n\nThe application is setup with **5 application keys** that are of AES-128 size (meaning 16 bytes long). The default (fabric) keys are (in hex notation):\n```plaintext\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n```\n\nThe tags are using the **AES authentication** on default (fabric), but the authentication scheme can get changed to **LRP authentication** - this is an \none-time-change that cannot get reversed.\n\nThis app can work with both authentication modes, but does not have an option to change the mode from AES to LRP (but the underlying library has a function\nfor this, see the documentation).\n\n### Default content of file 1 (Capability Container)\n\nNFC Forum Type 4 Tag Technical Specification: https://nfc-forum.org/uploads/specifications/97-NFCForum-TS-T4T-1.2.pdf\n\n```plaintext\nCapability Container File\nThe Capability Container (CC) file is a StandardData file with respect to access rights\nmanagement and data management. This file will hold the CC-file according to [14]. At\ndelivery it will hold following content:\n• CCLEN = 0017h, i.e. 23 bytes\n• T4T_VNo = 20h, i.e. Mapping Version 2.0\n• MLe = 0100h, i.e. 256 bytes\n• MLc = 00FFh, i.e. 255 bytes\n• NDEF-File_Ctrl_TLV\n– T = 04h, indicates the NDEF-File_Ctrl_TLV\n– L = 06h, i.e. 6 bytes\n– NDEF-File File Identifier = E104h\n– NDEF-File File Size = 0100h, i.e. 256 bytes\n– NDEF-File READ Access Condition = 00h, i.e. READ access granted without any security\n– NDEF-File WRITE Access Condition = 00h, i.e. WRITE access granted without any security\n  or NDEF-File WRITE Access Condition = FFh, i.e. NO WRITE access, Read Only\n```\n\nThis content is written to the  file 1:\n\n```plaintext\nOriginal CC with Read and Write Access\nbyte[] NDEF_FILE_01_CAPABILITY_CONTAINER = Utils.hexStringToByteArray(\"000F20003A00340406E10401000000\");\n\nModified CC with Read Only Access\nbyte[] NDEF_FILE_01_CAPABILITY_CONTAINER = Utils.hexStringToByteArray(\"000F20003A00340406E104010000FF\");\n```\n\n### NDEF URL-template (File 02)\n\nThis URL is written in File 02h as template for a SUN/SDM message with **Plain Tag UID** and **Plain Read Counter**, \nadditional the **CMAC** of the data.\n\n```plaintext\nhttps://sdm.nfcdeveloper.com/tagpt?uid=**************\u0026ctr=******\u0026cmac=****************\n```\n\nWhen the prepared tag is tapped to a NFC reader (on a smartphone) the system will recognise that the NDEF data are an URL, \nso the system will forward the data to a browser and open the website **https://sdm.nfcdeveloper.com/tagpt**. As you can see \nthe parameter \"uid\", \"ctr\" and \"cmac\" are filled with placeholders (\"**...\"), so the \"Secure Dynamic Messaging Backend Server Demo\" \nis giving an error message (\"400 Bad Request: Failed to decode parameters\").\n\nIf the SUN/SDM feature is enabled you will get the \"real\" tag data and a positive test result.\n\n## Example for a NDEF URL-Link with Plaintext data (UID and Read Counter):\n```plaintext\nhttps://sdm.nfcdeveloper.com/tagpt?uid=049F50824F1390\u0026ctr=000001\u0026cmac=2446E527C37E073A\n```\n\nValidation at the backend server:\n```plaintext\nSecure Dynamic Messaging Backend Server Demo\nCryptographic signature validated.\nEncryption mode: AES\nNFC TAG UID: 049f50824f1390\nRead counter: 1\n```\n\n## Example for a NDEF URL-Link with Encrypted PICC data (UID and Read Counter):\n```plaintext\nhttps://sdm.nfcdeveloper.com/tag?picc_data=EF963FF7828658A599F3041510671E88\u0026cmac=94EED9EE65337086\n```\n\nValidation at the backend server:\n```plaintext\nSecure Dynamic Messaging Backend Server Demo\nCryptographic signature validated.\nEncryption mode: AES\nPICC Data Tag: c7\nNFC TAG UID: 04de5f1eacc040\nRead counter: 61\n```\n\n## Example for a NDEF URL-Link with Encrypted PICC data (UID and Read Counter) and Encrypted File data:\n```plaintext\nhttps://sdm.nfcdeveloper.com/tag?picc_data=4E8D0223F8C17CDCCE5BC24076CFAA0D\u0026enc=B56FED7FF7B23791C0684F17E117C97450723BB5C104E809C8929F0264CB99F9969D07FC32BB2D11995AEF826E355097\u0026cmac=5FD76DE4BD942DFC\n```\n\nValidation at the backend server:\n```plaintext\nSecure Dynamic Messaging Backend Server Demo\nCryptographic signature validated.\nEncryption mode: AES\nPICC Data Tag: c7\nNFC TAG UID: 049f50824f1390\nRead counter: 16\nFile data (hex): 31392e30352e323032342031323a32323a333323313233342a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a\nFile data (UTF-8): 19.05.2024 12:22:33#1234************************\n```\n\nBtw.: the named website is run by \"Arx Research, Inc.\". The source code is available here: https://github.com/nfc-developer/sdm-backend.\n\n### Default file access rights (fabric settings)\n\n| **File Nr** | **Read Access** | **Write Access** | **Read \u0026 Write Access** |\n|:-----------:|:---------------:|:----------------:|:-----------------------:|\n|  File 01h   |       Eh        |        0h        |           0h            |\n|  File 02h   |       Eh        |        Eh        |           Eh            |\n|  File 03h   |       2h        |        3h        |           3h            |\n\n### Modified file access rights\n\n| **File Nr** | **Read Access** | **Write Access** | **Read \u0026 Write Access** |\n|:-----------:|:---------------:|:----------------:|:-----------------------:|\n|  File 01h   |       Eh        |        0h        |           0h            |\n|  File 02h   |       Eh        |        1h        |           1h            |\n|  File 03h   |       2h        |        3h        |           3h            |\n\n**SDM Meta Read Access Key**: 03h (used for Encryption of PICC data)\n\n**SDM File Read Access Key**: 04h (used for Encryption of File data and CMAC calculation)\n\n**SDM Counter Retrieve Access Key**: 04h\n\n## About this app:\n\nIt is developed using Android Studio version Jellyfish | 2023.3.1 Patch 2 and is running on SDK 21 to 34 (Android 14) (tested on\nAndroid 8, 9 and 13 with real devices).\n\nSome notes on typical sessions with the card: I recommend that you lay your phone on the tag and after the connection don't move the phone to hold the\nconnection.\n\n## Ready to use compiled and build debug app\n\nA ready to use app in DEBUG mode is available under the debug folder.\n\n## Dependencies\n\nThis app is based on the **NXP NTAG 424 DNA Library**, developed by **Jonathan Bartlett**. \nThe full code is available here: https://github.com/johnnyb/ntag424-java. As the library is \nusing a MIT license this app is under the **MIT license** as well.\n\n## NDEF Reader Examples\n\n```plaintext\nAll examples are for AES encryption scheme\n\nPlaintext UID + Counter:\nNDEF message: https://sdm.nfcdeveloper.com/tagpt?uid=049F50824F1390\u0026ctr=000001\u0026cmac=2446E527C37E073A\nUID:049F50824F1390\nCounter:000001\nCMAC:2446E527C37E073A\nThe CMAC is VALIDATED (AES)\n\nPlaintext UID:\nNDEF message: https://sdm.nfcdeveloper.com/tagpt?uid=049F50824F1390\u0026cmac=B1EE1FD5DC0D9654\nUID:049F50824F1390\nCounter:\nCMAC:B1EE1FD5DC0D9654\nThe CMAC is VALIDATED (AES)\n\nPlaintext Counter: \nNDEF message: https://sdm.nfcdeveloper.com/tagpt?ctr=000003\u0026cmac=C288EB1DF43C6A78\nUID:\nCounter:000003\nCMAC:C288EB1DF43C6A78\nThe CMAC is VALIDATED (AES)\n\nEncrypted PICC data UID + Counter:\nNDEF message: https://sdm.nfcdeveloper.com/tag?picc_data=DF33C65555C7BD93FBD5BF32811FE51C\u0026cmac=E1EB1235588A4E74\nPICC:DF33C65555C7BD93FBD5BF32811FE51C\nUID:049f50824f1390\nCounter:4\nCMAC:E1EB1235588A4E74\nThe CMAC is VALIDATED\n\nEncrypted PICC data UID:\nNDEF message: https://sdm.nfcdeveloper.com/tag?picc_data=BFA4ECDA959BB0B6A05A594250E9C22A\u0026cmac=B1EE1FD5DC0D9654\nPICC:BFA4ECDA959BB0B6A05A594250E9C22A\nUID:049f50824f1390\nCounter:0\nCMAC:B1EE1FD5DC0D9654\nThe CMAC is VALIDATED\n\nEncrypted PICC data Counter:\nNDEF message: https://sdm.nfcdeveloper.com/tag?picc_data=6AE2FC322BDA1DEE03C0141CBC6F5180\u0026cmac=8415EA4B86F5D7D5\nPICC:6AE2FC322BDA1DEE03C0141CBC6F5180\nUID:\nCounter:5\nCMAC:8415EA4B86F5D7D5\nThe CMAC is VALIDATED\n\nEncrypted PICC data UID + Counter and encrypted File data:\nNDEF message: https://sdm.nfcdeveloper.com/tag?picc_data=A891203194DA2DAA219FE68290EC52CA\u0026enc=4ED043CDA1771D47B87AE219BAC52D5B4653D92D1B5A987E7A218D1F82CFA5B3\u0026cmac=EA18B774C93F34AE\nPICC:A891203194DA2DAA219FE68290EC52CA\nUID:049f50824f1390\nCounter:6\nCMAC:EA18B774C93F34AE\nEncrypted File Data:\n4ED043CDA1771D47B87AE219BAC52D5B4653D92D1B5A987E7A218D1F82CFA5B3\nDecrypted File data:\n26.05.2024 23:44:56#1234********\ncmacCalc length: 8 data: ea18b774c93f34ae\nThe CMAC is VALIDATED\n\nEncrypted PICC data UID + Counter and encrypted File data (here I'm using the DEFAULT keys but not the CUSTOM keys):\nNDEF message: https://sdm.nfcdeveloper.com/tag?picc_data=E483814B288D504257C04520287C3DBA\u0026enc=193B0831AD6A3C0CDE8F22E8720389E015C5C7CB7BE71975F2DE02A0013B9FB9\u0026cmac=6D2D5671D902213E\nPICC:E483814B288D504257C04520287C3DBA\nUID:5758994b5a7352\nCounter:9931778\nCMAC:6D2D5671D902213E\nEncrypted File Data:\n193B0831AD6A3C0CDE8F22E8720389E015C5C7CB7BE71975F2DE02A0013B9FB9\nDecrypted File data:\nql!$Yi�\u0004���p�;q�h�\\�Q2�a��o-�h�\ncmacCalc length: 8 data: 58ed8583800cc144\nThe CMAC is VOID\n\nEncrypted PICC data UID + Counter and encrypted File data (here I'm using the CUSTOM keys):\nNDEF message: https://sdm.nfcdeveloper.com/tag?picc_data=4818429EDACA68F1CECC481548C7F3E9\u0026enc=D48C419E1183A5E2918B212F711FB790229D4CEE2BB3991F44D54EEE5E2A92A7\u0026cmac=F5CBFBFDE04D4548\nPICC:4818429EDACA68F1CECC481548C7F3E9\nUID:049f50824f1390\nCounter:8\nCMAC:F5CBFBFDE04D4548\nEncrypted File Data:\nD48C419E1183A5E2918B212F711FB790229D4CEE2BB3991F44D54EEE5E2A92A7\nDecrypted File data:\n26.05.2024 23:46:41#1234********\ncmacCalc length: 8 data: f5cbfbfde04d4548\nThe CMAC is VALIDATED\n```\n\nTag Overview after \"Encrypted PICC data UID + Counter and encrypted File data using the CUSTOM keys\"\n```plaintext\n============================\nAuthentication with FACTORY ACCESS_KEY 0\nAES Authentication SUCCESS\n----------------------------\nApp Key 1 is FACTORY key\nApp Key 2 is FACTORY key\nApp Key 3 is CUSTOM key\nApp Key 4 is CUSTOM key\n============================\nGet the File Settings\n= FileSettings =\nfileNumber: 1\nfileType: n/a\ncommMode: PLAIN\naccessRights RW:       0\naccessRights CAR:      0\naccessRights R:        14\naccessRights W:        0\nfileSize: 32\n= Secure Dynamic Messaging =\nisSdmEnabled: false\nisSdmOptionUid: false\nisSdmOptionReadCounter: true\nisSdmOptionReadCounterLimit: false\nisSdmOptionEncryptFileData: false\nisSdmOptionUseAscii: true\nsdmMetaReadPerm:             14\nsdmFileReadPerm:             14\nsdmReadCounterRetrievalPerm: 14\n----------------------------\n= FileSettings =\nfileNumber: 2\nfileType: n/a\ncommMode: PLAIN\naccessRights RW:       2\naccessRights CAR:      0\naccessRights R:        14\naccessRights W:        2\nfileSize: 256\n= Secure Dynamic Messaging =\nisSdmEnabled: true\nisSdmOptionUid: true\nisSdmOptionReadCounter: true\nisSdmOptionReadCounterLimit: false\nisSdmOptionEncryptFileData: true\nisSdmOptionUseAscii: true\nsdmMetaReadPerm:             15\nsdmFileReadPerm:             15\nsdmReadCounterRetrievalPerm: 4\n----------------------------\n= FileSettings =\nfileNumber: 3\nfileType: n/a\ncommMode: FULL\naccessRights RW:       3\naccessRights CAR:      2\naccessRights R:        0\naccessRights W:        3\nfileSize: 128\n= Secure Dynamic Messaging =\nisSdmEnabled: false\nisSdmOptionUid: false\nisSdmOptionReadCounter: true\nisSdmOptionReadCounterLimit: false\nisSdmOptionEncryptFileData: false\nisSdmOptionUseAscii: true\nsdmMetaReadPerm:             14\nsdmFileReadPerm:             14\nsdmReadCounterRetrievalPerm: 14\n============================\ncontent of file 01 length: 32 data: 000f20003a00340406e104010000ff060d5be8466c63ca49e58a22a62988ace3\n----------------------------\ncontent of file 02 length: 256 data: 00abd101a7550068747470733a2f2f73646d2e6e6663646576656c6f7065722e636f6d2f7461673f706963635f646174613d2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a26656e633d32362e30352e323032342032333a34363a343123313233342a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a26636d61633d2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2ad1f1d27d7d505e24f5a05a7f8cca0b1b01e8355c873dcf1ed74abfb14a620edd200c98d9790fa5d214ea94565cf89f5d66ee1c6511c5acc5fb1918fa3f55a32b77adead939aabce405df1e22c62b7add23c017\nCommunicator: BytesReceived: 7856B8214336102F8F269C2E15715777FD8AABDD5D7786D652EBB29469F5983237C2702CDAC402ABE72C0974A2942AB75C77323378EF96BB97D14CB39A8760403C0DB61FA4770069EF31C5622DE1A84E0F2E9350627726FFFF1E5EB62710ADCFF59C73AE02F1411D08C6614F71887D36A80C1D42D1E3071A021A410F057D08E4E3D1C4120461DF757182D16E69EEB323A427E05F0FC695129100\nCommunicator: Decrypted data: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80000000000000000000000000000000\nASCII Data: ??��\u0001�U??https://sdm.nfcdeveloper.com/tag?picc_data=********************************\u0026enc=26.05.2024 23:46:41#1234****************************************\u0026cmac=****************���}}P^$��Z��\u000b\u001b\u0001�5\\�=�\u001e�J��Jb\u000e� \f��y\u000f��\u0014�V\\��]f�\u001ce\u0011Ŭ��\u0019\u0018�?U�+w���9���\u0005�\u001e\"�+z�#�\u0017\n----------------------------\ncontent of file 03 length: 144 data: 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f80000000000000000000000000000000\n----------------------------\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroidcrypto%2Fntag424sdmfeature","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandroidcrypto%2Fntag424sdmfeature","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroidcrypto%2Fntag424sdmfeature/lists"}