I am working on an Android project which relies on the unique UID of a discovered NFC tag to process the tag. I extract this UID using the following code:
byte[] extraID = intent.getByteArrayExtra(NfcAdapter.EXTRA_ID);
However, for some technologies this UID is randomly generated for security purposes. Does anybody have an idea how I could detect that this is a randomly generated UID? Is there some kind of flag that is set?
note: a simple solution would be to read the tag twice and compare the UIDs. However, I would like to avoid this.
For NfcA (and IsoDep and/or MifareClassic combined with NfcA), the ID is random if it exactly 4 bytes long and starts with 0x08. There are some cards (MIFARE DESFire) that can be configured with a random ID that is 4 bytes long and starts with 0x80.
For NfcB (and IsoDep combined with NfcB), there is no predetermined ID range that is reserved for random IDs. In fact, any NfcB ID can be a random one. The NfcB ID is actually called PUPI, which stands for "Pseudo Unique PICC Identifier". So the name already indicates that uniqueness is not guaranteed.
For NfcF and NfcV, the ID will generally not be random.
Reading the tag twice to detect a random ID only works if you remove the tag from the RF field. A tag will usually keep the same random ID as long as it stays powered by the Rf field.
This RFC: http://tools.ietf.org/html/rfc4122#section-4.1.3 defines the format of a UID; it includes a field indicating what type of UID it is:
Msb0 Msb1 Msb2 Msb3 Version Description
0 0 0 1 1 The time-based version
specified in this document.
0 0 1 0 2 DCE Security version, with
embedded POSIX UIDs.
0 0 1 1 3 The name-based version
specified in this document
that uses MD5 hashing.
0 1 0 0 4 The randomly or pseudo-
randomly generated version
specified in this document.
0 1 0 1 5 The name-based version
specified in this document
that uses SHA-1 hashing.
来源:https://stackoverflow.com/questions/9797030/how-to-detect-in-android-whether-uid-from-nfc-tag-is-random