NFC Emulation Mifare Worked but now Doesnt


I have received my FZ a couple of days ago, everything appeared to be working properly and today I did my first physical assessment with it.

I used the flipper to save two Mifare DESFire UIDs, I have actually used them to open up a few doors but the problem was during emulating that the FZ froze and had to be hard resetted (back and left). After 4-5 uses the NFC emulation stopped working, the reader does not see my FZ emulation anymore. The reader was not broken, an actual card kept working on the receiver at the door but it just stopped recognizing the signal coming from my FZ. Edit: i tried other receivers on other doors, did not receive any signal either.

I have read there is no support (for Mifare DESfire), but it seems that the hardware suddenly broke down, which to my opinion should be shameful if that’s the case. is there any way to verify this?

And even though not in support… the fact of the matter is that it worked and now it doesn’t absolutely fks with me mentally.

The FZ can still read the card without problem, it’s just the emulation doesn’t work and I actually wanted to use the FZ for demo and awareness training purposes so I’m kinda sad. I tried a factory reset. Any other idea’s?

It appears to be well-known problem. Try:

  • Extra actions → Read NFC-A data, then emulate
  • Downgrading the firmware, details are in adjacent topic.
  • Waiting for someone to fix it.

Thanks for that Maqumih. I actually tried doing the extra actions: reading the card and directly emulating without saving, did not work. I did not yet try to downgrade, i will try that tonight.

I actually tried to use my iPhones NFC functionality to test the receiving and sending of NFC signals coming from the FZ. With a Mifare Classic 1K emulation i can get my iPhone to respond, not with a Mifare DESfire.

I actually tried to use the ‘Detect Reader’ functionality on the reader as well, same issue: first it worked and now it doesn’t. Its driving me crazy.

For more reference: i continued doing more testing. Flashed back to older version, tried recovery via DFU. Even tried flashing other forked firmware… this specific NFC card is still not working. I’m totally frustrated, i just don’t get it why it worked this morning and now it doesn’t anymore, even when i fully resetted the device.

I manually tried to add all various types: ultralight, ntags, mifare classic (both 4 and 7 bytes), mifare mini, all worked without problems. I’ve pinpointed the problem and it focuses in on NFC-A ATQA 4403 SAK 20 which is Desfire. I tried various adjustments SAK 08, 10, 13, 15, 19… all worked with same UID (12 6x00)… interestingly enough: SAK 08 worked, but freezes (like the SAK 20 did this morning…). I also tried SAK 20 with a different ATQA but that did not work.

At least this confirms that the NFC hardware should not be broken, tags can be read and emulated just fine- but for NFC-A not in this specific case. Considering this very specific element of NFC and transmission of SAK 20 is broken specifically seems sooooo far fetched. But if it’s a software issue, why isn’t it fixed when fully resetting the FZ?

Do you have any ideas, thoughtpoints or tips, please share them with me so i can troubleshoot further, i’d really want to make this card usuable again.

Sorry to spam, i have created an issue now on the Github.

1 Like

Weird. Emulating a Classic for DESFire reader shouldn’t work.
What do you mean by working there? Did it collect any nonces?

Let me confirm: you did it in NFC-A mode, not in DESFire or any other?

@maqumih sorry, been up and about. The situation was as follows:

  • I scanned a DESFire card; saved it, emulated it and used it on a card reader and this worked.
  • The FZ got ‘stuck’ so i forced reboot, and every time i emulated the NFC card at the door it froze up.
  • I manually tried to set-up some UIDs and tested those on the door, now when emulating NFC type-A manually no signals are received. Reading and emulating my DESFire card does not work anymore.

Ftr: I can emulate the DESfire card but it is never read, even though i know that only the UID is emulated, also that is not received anymore by ANY reader.

After further testing i noticed NTAG, Classic 4K and 1K and Ultralight (from the NFC menu) to be working, but setting up a SAK20 ATQA 0344 NFC-A 7-bytes UID manually creates no signal when emulating.

I have read online that there is a way to ‘brick’ magic cards with a bad BCC checksum. Could that be the issue? And if so, is there a way to fix that on a FZ? It could be a possible solution.


And in response to the first question: it did not acquire any nonces - but the reader did respond to the signals (flashing lights and beeping as if it read a card). A colleague pointed out that the readers that this company was using maybe used a some sort of dual band mode and therefore the simulated ID was still able to be read. It could be a great coincidence that exactly on that day the system was upgraded to disable this dual band mode, i know for a fact that this company was phasing out their old card system.

If this is the ‘what are the odds’ case, shouldn’t my FZ still would be able to emulate the ID of the Desfire card to the extent that a NFC reader could pick up the signal?

Best Regards,

It doesn’t even need to be dual band. Classic and DESFire share underlying technology. Your description means that Flipper and reader sensed each other, Flipper sent identification info, reader decided it is not a valid card and gave up. Zero nonces mean no attempts no read as Classic.

How did you test? Original reader or mobile phone?

I can’t find anything related to magic cards out there. We have original card - not writable, FZ - too smart, reader - hopefully immune to external bad behaviour blackbox.

Set SAQ and ATQA to all-zeros and leave the UID untouched. Record the results. Repeat with ones from Classic (0004, 08).