You now have a solid foundation in RFID/NFC: the physics of frequency bands, the ISO 14443 protocol stack, the memory models of MIFARE Classic and NTAG, the NDEF application format, hardware options, and the Python libraries to tie it all together. This final chapter suggests concrete projects at different difficulty levels and points you toward the resources that will take you further.
Tag Scanner Dashboard Build a small web dashboard that logs every tag tap (UID, timestamp, tag type, NDEF content) to a SQLite database. Display a live table in a browser. Use nfcpy for reading, Flask or FastAPI for the web server.
Skills reinforced: nfcpy event loop, NDEF parsing, basic web API.
NFC Business Card Program an NTAG213 sticker with your contact details as a vCard MIME record or a Smart Poster. Attach it to the back of your phone case. Verify it opens your contact card when tapped against an Android or iOS device.
Skills reinforced: NDEF encoding with ndeflib, nfcpy write, vCard format.
Wi-Fi Credential Tag
Write a application/vnd.wfa.wsc NDEF record encoding your home Wi-Fi SSID and password. Tap the tag to connect a new device to Wi-Fi without typing credentials.
Skills reinforced: MIME NDEF records, Wi-Fi Simple Config TLV encoding.
MIFARE Classic Sector Inspector Build a CLI tool that takes a MIFARE Classic card, tries a list of well-known keys on all sectors, decodes and pretty-prints the access bits for each sector, and identifies Value Blocks vs Data Blocks.
Skills reinforced: MIFARE Classic key management, access bit decoding, Python struct parsing.
NFC Attendance System Issue NTAG213 tags to members of a group. Each tag stores a member ID in NDEF. A Raspberry Pi with a PN532 reads the tag, looks up the member in a database, and logs attendance with a timestamp. Display “Welcome, Alice” on a small OLED screen via I2C.
Skills reinforced: nfcpy on Pi, GPIO, I2C display, database integration.
Tag-Triggered Automation Program a set of NFC stickers to trigger different home automation actions when tapped by a phone (Android NFC Shortcuts / Tasker, or Apple Shortcuts). Include a “context” sticker for “at desk”, “in car”, “bedtime” that sets phone profile, starts/stops timers, or controls smart home devices.
Skills reinforced: NDEF URI scheme for automation apps, practical tag use.
Locked NTAG with Password Write NDEF content to an NTAG216, then configure password protection to require the password for reads. Build a reader application that provides the password before reading. Demonstrate that a standard smartphone cannot read the protected content without extra apps.
Skills reinforced: NTAG CFG pages, PWD_AUTH, AUTH0 configuration.
Transit Card Analyser Given a MIFARE Classic transit card for which you have the MAD key and at least one sector key (obtain from your transit operator via their developer programme, or from published research on cards where keys are known), parse the MAD, decode the sector structure, and display the application contents.
Requires: Legal authorisation to analyse your own card; knowledge of the transit operator’s application format.
Skills reinforced: MAD parsing, sector key management, proprietary application layer reverse engineering.
NDEF Tag Emulator
Use a Raspberry Pi and a PN532 in card emulation mode (via nfcpy’s hce module) to emulate an NTAG213 with dynamically generated content. Each time a reader taps, the emulated tag returns a freshly generated NDEF URI with a timestamp or one-time token — similar to how DESFire SUN works, but implemented in software.
Skills reinforced: Card emulation mode, NDEF generation on the fly, one-time-use token patterns.
DESFire Application Explorer With a DESFire card (your own, or one issued to you by an operator), write a Python script using pyscard that:
Skills reinforced: ISO 14443-4 APDU framing, DESFire command encoding, pyscard raw APDU transmission.
NXP MIFARE Classic EV1 — Functional Specification (MF1S50yyX/V1) NXP application note; the authoritative source for MIFARE Classic memory layout, access bits, and command set.
NXP NTAG213/215/216 — Product Data Sheet (NT3H1101/NT3H1201) Complete memory map, command reference, and configuration page details.
NFC Forum Type 2 Tag Technical Specification Defines how NDEF maps onto ISO 14443-3A tags (Ultralight/NTAG). Available from nfc-forum.org.
NFC Forum NDEF Technical Specification The normative NDEF record format spec. Available from nfc-forum.org.
NXP PN532 User Manual (UM10232) Full host communication protocol reference; essential if writing low-level PN532 code.
NXP MIFARE DESFire EV3 Application Note (AN12343) DESFire command set reference; covers EV1/EV2/EV3.
“Reverse-Engineering a Cryptographic RFID Tag” — Nohl, Evans, Starbug, Plötz (2008) The original CRYPTO1 reverse-engineering paper.
“Dismantling MIFARE Classic” — Garcia, de Koning Gans, Verdult, Wichers Schreur (2008) Follow-up paper with full cryptanalysis.
“Gone in 360 Seconds: Hijacking with Hitag2” — Verdult, Garcia, Balasch (2012) Not MIFARE, but LF RFID security; good companion to the HF papers.
“Practical Experiences on NFC Relay Attacks with Android” — Roland, Langer (2013) Relay attack methodology relevant to DESFire EV2’s proximity check motivation.
“The RFID Handbook” — Klaus Finkenzeller (Wiley) Comprehensive reference on RFID physics, standards, and applications. Dense but complete.
“RFID Security” — Frank Thornton et al. (Syngress) Security-focused; good companion for the Classic/DESFire chapters.
A reproducible Python environment for NFC development:
# Create virtual environment
python3 -m venv nfc-env
source nfc-env/bin/activate
# Install Python libraries
pip install nfcpy ndeflib pyscard
# Install system libraries (Debian/Ubuntu)
sudo apt-get install libnfc-dev libnfc-bin libfreefare-dev libfreefare-bin \
pcscd libpcsclite-dev
# udev rule for ACR122U (replace with your reader's VID/PID)
echo 'SUBSYSTEM=="usb", ATTRS{idVendor}=="04e6", ATTRS{idProduct}=="5591", MODE="0666"' \
| sudo tee /etc/udev/rules.d/99-nfc.rules
sudo udevadm control --reload-rules
# Test
nfc-list # should list any tag in the field
Use this checklist when building an NFC-based system:
Tag selection:
Security:
NDEF / Application layer:
0xFEReader infrastructure:
TagCommandError / NAK gracefullyNFC is simultaneously a mature and an evolving technology. The ISO 14443 standard and MIFARE chip family are over 30 years old; meanwhile NFC Forum Type 5 (ISO 15693) is gaining traction for logistics, and DESFire EV3 SUN messages are enabling new authentication patterns that do not require a custom reader application.
The tools available to open-source developers are excellent for the most common tasks — reading and writing NDEF on NTAG tags, analysing MIFARE Classic cards (with appropriate authorisation), and building custom NFC readers on embedded Linux. The gaps are mainly in high-security DESFire tooling and in contactless payment, where the proprietary and regulated nature of the ecosystem limits open access.
The most important thing to carry away from this book is the mental model: physical layer → protocol layer (ISO 14443) → tag type (MIFARE, NTAG) → application layer (NDEF). When something does not work, you can locate the problem at the correct layer and fix it systematically, rather than guessing.
Happy tapping.
| ← Chapter 9: Practical Examples | Table of Contents |