17Oca
Understanding and Troubleshooting TAG IC Signature Verification Failure
I have a number of NFC tags with the following metadata:
[usb] pm3 --> hf mfu info
[=] --- Tag Information --------------------------
[+] TYPE: NTAG 215 504bytes (NT2H1511G0DU)
[+] UID: 04 B6 DD 69 5F 61 80
[+] UID[0]: 04, NXP Semiconductors Germany
[+] BCC0: E7 ( ok )
[+] BCC1: D7 ( ok )
[+] Internal: 48 ( default )
[+] Lock: 00 00 - 0000000000000000
[+] OTP: E1 10 3E 00 - 11100001000100000011111000000000
[=] --- NDEF Message
[+] Capability Container: E1103E00
[+] E1: NDEF Magic Number
[+] 10: version 0.1 supported by tag
[+] : Read access granted without any security / Write access granted without any security
[+] 3E: Physical Memory Size: 496 bytes
[+] 3E: NDEF Memory Size: 496 bytes
[+] 00: Additional feature information
[+] 00000000
[+] 000 .... - RFU
[+] ...0 ... - Don't support special frame
[+] ....0 .. - Don't support lock block
[+] .....00 - RFU
[+] .......0 - IC don't support multiple block reads
[=] --- Tag Counter
[=] [02]: 00 00 00
[=] TAG IC Signature: 24AC5CF8050663C2A1CC15546F37BF6C
[=] : 1E2730309AFBC876FEA18850CE7C37D4
[+] Signature verification: failed
[=] --- Tag Silicon Information
[=] Wafer Counter: 17574893 ( 0x10C2BED )
[=] Wafer Coordinates: x 182, y 221 (0xB6, 0xDD)
[=] Test Site: 1
[=] --- Tag Version
[=] Raw bytes: 0004040201001103
[=] Vendor ID: 04, NXP Semiconductors Germany
[=] Product type: NTAG
[=] Product subtype: 02, 50pF
[=] Major version: 01
[=] Minor version: 00
[=] Size: 11, (512 <-> 256 bytes)
[=] Protocol type: 03, ISO14443-3 Compliant
[=] --- Tag Configuration
[=] cfg0 [131/0x83]: 01000005
[=] - strong modulation mode disabled
[=] - page 5 and above need authentication
[=] cfg1 [132/0x84]: 00050000
[=] - Unlimited password attempts
[=] - NFC counter disabled
[=] - NFC counter not protected
[=] - user configuration writeable
[=] - write access is protected with password
[=] - 05, Virtual Card Type Identifier is default
[=] PWD [133/0x85]: 00000000 ( cannot be read )
[=] PACK [134/0x86]: 0000 ( cannot be read )
[=] RFU [134/0x86]: 0000 ( cannot be read )
[+] --- Known EV1/NTAG passwords
[!] ⚠️ password not known
[?] Hint: try `hf mfu pwdgen -r` to get see known pwd gen algo suggestions
[=]
[=] --- Fingerprint
[=] n/a
I'm encountering an issue with the TAG IC Signature, specifically with the Signature Verification, which is reported as "failed". I'd like to gain a deeper understanding of how this digital signature is verified and the possible reasons for the verification failure.
Specifically, I'm interested in learning more about:
- The verification process itself: What are the exact steps involved in verifying the TAG IC Signature?
- Public key storage: Where is the public key used for verification stored? Is it within the tag itself, or is it obtained from an external source?
- Potential for manipulation: Can the TAG IC Signature or the public key be tampered with? What are the security implications of such manipulation?
- Troubleshooting steps: What are some common reasons for signature verification failure? Are there any debugging techniques I can use to identify the root cause of the problem?
Any insights or resources on troubleshooting TAG IC Signature verification failures would be greatly appreciated.
