AN10927
MIFARE and handling of UIDs
Rev. 3.1 — 02 October 2013
190731
COMPANY PUBLIC
Application note
Document information
Info
Keywords
Abstract
Content
Single Size UID, Double Size UID, 4 Byte UID, 7 Byte UID, SNR, NUID,
FNUID, ONUID
This document shows the use of UIDs in contactless smartcard systems.
It indicates recommendations about the Random ID, mixed use of 4 byte
and 7 byte UIDs in the same system, and it describes the options how to
upgrade 4 byte UID systems to accept 7 byte UID smart cards.
NXP Semiconductors
Revision history
Date
Rev
3.1
20131002
3.0
2.0
1.0
20110804
20100901
20100519
AN10927
MIFARE and handling of UIDs
Description
Typos corrected in Cascade Level 3 (Section 2)
Ultralight EV1 and MIFARE4Mobile added in Table 3 (Section 2.4)
UID with shortcut for MIFARE from mobile added (Section 3.1.2)
CLRC663, CRC630, CLRC631, PR601, PRH601 added in Annex A
Annex C (Source code to derive NUID out of a Double Size UID) added
MIFARE Classic next generation added.
Bit order corrected (Section 3.2.2), 7 byte MF1 ICS x0 added in Table 4 (Section 3.2.5),
Table 3 updated (Section 2.4)
Initial version
Contact information
For additional information, please visit: http://www.nxp.com
For sales office addresses, please send an email to: salesaddresses@nxp.com
AN10927
Application note
COMPANY PUBLIC
190731
All information provided in this document is subject to legal disclaimers.
Rev. 3.1 — 02 October 2013
© NXP B.V. 2013. All rights reserved.
2 of 21
NXP Semiconductors
1.
Introduction
AN10927
MIFARE and handling of UIDs
This document shows the use of UIDs in contactless smartcard systems. It indicates
recommendations about the use of Random ID, the mixed use of 4 byte (single size) and
7 byte (double size) UIDs in the same system, and it describes the options how to
upgrade 4 byte UID systems to use 7 byte UID smart cards.
Note: A UID is not a “serial number”, but a unique identifier. There is no recommendation
how to turn the array of bytes into an integer.
Note: “UID” is a common expression, defined in the ISO/IEC 14443-3. In some case the
UID is even not unique (like RID or NUID, see below).
Note: The 4 byte UID is called “Single Size UID”, too. The 7 byte UID is called “Double
Size UID”, too. The 10 byte UID is called “Triple Size UID”, too.
2. MIFARE and ISO/IEC 14443 UIDs
In this section the use of UIDs according to the ISO/IEC 14443 is described. Fig 1 shows
the three different UID sizes defined in ISO/IEC 14443-3 as they are used during the
anti-collision and selection procedure.
4 byte UID
UID0 UID1 UID2 UID3
BCC
7 byte UID
CT
UID0 UID1 UID2
BCC
UID3
UID4 UID5 UID6
BCC
10 byte UID
CT
UID0 UID1 UID2
BCC
CT
UID3 UID4 UID5
BCC
UID6
UID7 UID8 UID9
BCC
Cascade Level 1
Cascade Level 2
Cascade Level 3
(1) BCC = Block Check Character, it is calculated as exclusive-or over the 4 previous bytes.
(2) CT = Cascade Tag, to indicate a following cascade level.
Fig 1. UIDs according to ISO/IEC 14443
Fig 2 shows the Anticollision sequence, which is a mandatory part of the card activation
sequence. It automatically selects a single PICC with 4 byte UID (= Single Size UID),
7 byte UID (= Double Size UID) or 10 byte UID (= Triple Size UID).
Cascade Level 1
In the Cascade Level 1 the PCD sends the Anticollision command CL1 (0x93) and the
PICC returns
• either the 4 byte UID (UID0...UID4) and one byte BCC,
• or a Cascade Tag (CT) followed by the first 3 byte of the UID (UID0...UID2) and one
byte BCC.
The CT (0x88) indicates that the UID is not yet complete, and another Cascade Level
has to follow.
All information provided in this document is subject to legal disclaimers.
AN10927
Application note
COMPANY PUBLIC
190731
Rev. 3.1 — 02 October 2013
© NXP B.V. 2013. All rights reserved.
3 of 21
NXP Semiconductors
AN10927
MIFARE and handling of UIDs
(3) CT = Cascade Tag
(4) CL = Cascade Level
Fig 2. Anticollision sequence
Note: The UID0 byte of a 4 byte UID must not be 0x88.
The CL1 then must be selected, using the Select command CL1 (0x93). The PICC
returns its SAK CL1, which indicates
• whether the UID is complete or not, and (if so),
− the type of card (for details refer to [1] and [2]), and
− whether the card supports T=CL.
Cascade Level 2
If the UID is not yet complete, the PCD continues with an Anticollision CL2 command
(0x95), and the PICC returns
• either the last 4 bytes of the Double Size UID (UID3...UID6) and one byte BCC,
• or a Cascade Tag (CT) followed by the next 3 bytes of the Triple Size UID
(UID3...UID5) and one byte BCC.
The CT (0x88) indicates that the UID is not yet complete, and another Cascade Level
has to follow.
Note: The UID3 byte of a 7 byte or 10 byte UID must not be 0x88.
The CL2 then must be selected, using the Select command CL2 (0x95). The PICC
returns its SAK CL2, which indicates
• whether the UID is complete or not, and (if so),
− the type of card (refer to [1] and [2]), and
AN10927
Application note
COMPANY PUBLIC
190731
All information provided in this document is subject to legal disclaimers.
Rev. 3.1 — 02 October 2013
© NXP B.V. 2013. All rights reserved.
4 of 21
NXP Semiconductors
AN10927
MIFARE and handling of UIDs
− whether the card supports T=CL.
Cascade Level 3
If the UID is not yet complete, the PCD continues with an Anticollision CL3 command
(0x97), and the PICC returns
• the last 4 bytes of the Triple Size UID (UID6...UID9) and one byte BCC.
The CL3 then must be selected, using the Select command CL3 (0x97). The PICC
returns its SAK CL3, which indicates
• the type of card (refer to [1] and [2]), and
• whether the card supports T=CL.
2.1 Single Size UID
The single size UID contains 4 bytes. As shown in Table 1, the value of the UID0 byte
defines how those 4 bytes shall be interpreted.
Table 1. Assignment of Single Size UIDs
POR = Power on reset
UID0 [Hex]
08
Definition
RID: UID1, UID2 and UID3 are dynamically generated
during or after each Power-On-Reset (POR).
Proprietary use (i.e. used for MIFARE)
Proprietary use (i.e. used for MIFARE)
Proprietary use (i.e. used for MIFARE)
Fixed number, non-unique
Cascade Tag
RFU
Range
appr. 16 million
appr. 2.1 billion
appr. 218 million
appr. 1.6 billion
appr. 268 million
-
-
x0... x7
18…78, 98…E8
x9...xE
xF
88
F8
Note: Single Size UIDs do not have a manufacturer code.
Note: The use of Single Size UIDs (unique ones) might end soon, since the number of
usable IDs is limited to approximately 3.7 billion pieces only.
2.1.1 Random ID (RID)
A single size UID with UID0 = 0x08 indicates a Random Identifier. The Random ID (RID)
is dynamically generated, when the PICC powers up. Deselecting a PICC does not reset
the RID, but a field reset does.
Note: RID is always limited to 4 bytes.
Note: Depending on the PICC implementation, a UID (i.e. Double Size UID) may be
retrieved from the card by proprietary means after the PICC is selected with its RID.
AN10927
Application note
COMPANY PUBLIC
190731
All information provided in this document is subject to legal disclaimers.
Rev. 3.1 — 02 October 2013
© NXP B.V. 2013. All rights reserved.
5 of 21
NXP Semiconductors
AN10927
MIFARE and handling of UIDs
2.1.2 Fixed but non-unique ID (FNUID)
The 4 byte UIDs with UID0 = xFh are fixed identifiers (like unique ones), but the same
UID might be used for several PICCs, so that contactless systems cannot rely on the
uniqueness of such a PICC identifier. These UIDs are called FNUID in the following.
The probability to have 2 PICCs on one PCD at the same time with the same FNUID is
still extremely low.
However, it might create conflicts, if the contactless system uses the UID not only for the
card activation but also as a logical reference to the PICC. There is a proposal how to
handle this in chapter 3.2.
2.1.3 Re-used UID (ONUID)
The very old Single Size UIDs will be re-used, which means the same UID might be used
for several PICCs, so that contactless systems cannot rely on the uniqueness of such a
PICC identifier. These ID are called ONUID in the following.
The probability to have 2 PICCs on one PCD at the same time with the same ONUID is
still extremely low.
However, it might create conflicts, if the contactless system uses the UID not only for the
card activation but also as a logical reference to the PICC. There is a proposal how to
handle this in chapter 3.2.
2.2 Double Size UID
Double Size UIDs always contain a manufacturer code in the UID0. With the double size
UIDs each manufacturer can theoretically use up to 2.8 * 1014 UIDs.
2.2.1 Manufacturer Code
In double and triple size UIDs the UID0 contains the manufacturer code which indicates
the manufacturer of the PICC as shown in Table 2.
Table 2. Manufacturer Code
UID0 [Hex]
81 ... FE
04
Definition
not allowed
NXP Semiconductors, formerly Philips Semiconductors
2.2.2 Unique ID ranges for Double Size UIDs
Double Size UIDs always contain a manufacturer code in the UID0.
Note: Due to the content of Double Size UIDs of MIFARE products the best
diversification can typically be found in the UID1 and UID2.
2.3 Triple Size UID
Triple Size UIDs always contain a manufacturer code in the UID0.
Currently there is no PICC using a triple size UID. However, according to ISO/IEC 14443
it is mandatory that every PCD supports Triple size UIDs.
AN10927
Application note
COMPANY PUBLIC
190731
All information provided in this document is subject to legal disclaimers.
Rev. 3.1 — 02 October 2013
© NXP B.V. 2013. All rights reserved.
6 of 21
NXP Semiconductors
AN10927
MIFARE and handling of UIDs
2.4 UID used in MIFARE products
In the past MIFARE Classic cards were limited to 4 byte UIDs only, i.e. normally every
MIFARE Classic related product has used a single size UID only. Due to the limited
number of UIDs in the single size range all new MIFARE related products are supporting
7 byte UIDs.
Table 3 indicates which MIFARE product uses which UID.
Table 3. UIDs and MIFARE products
NUID = Non Unique ID, ONUID = Re-used UID, FNUID = Fixed, non-unique UID
MIFARE
Product
DESFire™ (EV1)
MIFARE™ Classic
MIFARE
Plus™
MIFARE
Ultralight™
(C)
MF0 ICxx
MIFARE
Ultralight,
Ultralight C
Ultralight EV1
Name
Single Size UID
-
Single Size FNUID -
-
Single Size
ONUID
Double Size UID
RID option
UID Perso Option
UID needed for
operation
UID recommended
for key
diversification
x
-
-
-
x
SmartMX™
MIFARE4Mobile
P5 xx
P6 xx
with MIFARE
implementation
MF1SyyyyX 1 MF1
PLUS
MF3 IC Dxx
MIFARE
DESFire,
MIFARE DESFire
EV1
MF1Syyyy
MIFARE
Classic
1K/4K
-
-
x
-
-
-
x
x
MIFARE
Classic 1K/4K
-
-
x
x
x
X
x
x
MIFARE
Plus S,
MIFARE
Plus X
(2K and
4K)
-
-
x
x
x4
-
x5
x
-
-
-
x
x
-
-
x
x2
x
-
x3
x3
x3
x6
x
.
l
t
d
e
a
u
m
e
s
i
i
d
r
a
c
h
c
h
w
s
d
n
e
p
e
D
The Single Size FNUID or ONUID can be used like a Single Size UID – except the fact
that identifier of this range will be used multiple times.
RID is optional and should be used to protect privacy. In case RID is enabled, there is a
defined and confidential way to retrieve the UID for each product.
1. MIFARE Classic next generation
2. For existing masks using Singe Size UID only that have not been switched to Single Size FNUID yet
3. For MIFARE Classic implementation using the MIFARE FleX™ framework
4. MIFARE Plus support RID only in SL3.
5.
6. For the MIFARE Classic implementation.
All information provided in this document is subject to legal disclaimers.
In SL1 and SL2 only.
AN10927
Application note
COMPANY PUBLIC
190731
Rev. 3.1 — 02 October 2013
© NXP B.V. 2013. All rights reserved.
7 of 21
NXP Semiconductors
3. UID and MIFARE Classic / MIFARE Plus
3.1 Card activation
AN10927
MIFARE and handling of UIDs
In the past the MIFARE Classic always used a Single Size UID, some very old MIFARE
readers may not have implemented the additional cascade levels according to the
ISO/IEC 14443, which are required to select a Double Size UID. In such case there are
the following different options to activate a card:
• Single Size NUID (FNUID or ONUID)
• RID
In any case it is strongly recommended to implement the full 4 byte, 7 byte and 10 byte
UID card activation on the PCD, as required by the ISO/IEC 14443.
3.1.1 Single Size NUID
The MIFARE Plus card or MIFARE Classic card with Single Size NUID can be activated
like a usual Single Size UID card.
Note: There is a very small probability that 2 cards in the PCD field have the same NUID,
and therefore cannot be properly selected without the user removing one card.
Note: NUID might be an order option or an option which can be chosen during
personalization of the card.
3.1.2 Double Size UID with “shortcut”
The MIFARE Classic next generation offers the feature to use the Double Size UID, but
activate the card with REQA - Anticollision CL1 - Select CL1 – Read Block 0.
In such case the Read Block 0 command might return CRC and parity errors, if more
than one card is selected. This conflict cannot be resolved by the reader, if it does not
support CL2, but the user needs to separate a single card.
Note: The 4 bytes of the CL1 (CT + UID0...UID2) is taken as input for the MIFARE
Classic authentication, if the MIFARE Classic next generation is selected with the Read
Block 0.
Note: This feature is not supported for MIFARE Classic implementations using an NFC
device for ISO/IEC 14443 protocol handling. As the “shortcut” functionality is not
specified in ETSI/SCP TS 102 613, this feature is not supported. This needs to be taken
into account when designing a contactless system which shall also support NFC devices.
Note: This feature is neither supported by the MIFARE Classic (MF1Syyyy) nor by the
MIFARE Plus. Future versions of MIFARE Plus may include this feature.
Note: This feature is supported by the MIFARE Ultralight and MIFARE Ultralight C, too.
3.1.3 RID
Some MIFARE Classic, the MIFARE DESFire (EV1) and the MIFARE Plus offer the
option to enable RID. RID is always 4 bytes only. The MIFARE Plus offers RID only in
SL3.
AN10927
Application note
COMPANY PUBLIC
190731
All information provided in this document is subject to legal disclaimers.
Rev. 3.1 — 02 October 2013
© NXP B.V. 2013. All rights reserved.
8 of 21