Generated using AI. Be aware that everything might not be accurate.


Chapter 10: Action Plan — Projects & Next Steps

You now have a solid foundation in RFID/NFC: the physics of frequency bands, the ISO 14443 protocol stack, the memory models of MIFARE Classic and NTAG, the NDEF application format, hardware options, and the Python libraries to tie it all together. This final chapter suggests concrete projects at different difficulty levels and points you toward the resources that will take you further.

10.1 Project Ideas by Difficulty

Beginner

Tag Scanner Dashboard Build a small web dashboard that logs every tag tap (UID, timestamp, tag type, NDEF content) to a SQLite database. Display a live table in a browser. Use nfcpy for reading, Flask or FastAPI for the web server.

Skills reinforced: nfcpy event loop, NDEF parsing, basic web API.

NFC Business Card Program an NTAG213 sticker with your contact details as a vCard MIME record or a Smart Poster. Attach it to the back of your phone case. Verify it opens your contact card when tapped against an Android or iOS device.

Skills reinforced: NDEF encoding with ndeflib, nfcpy write, vCard format.

Wi-Fi Credential Tag Write a application/vnd.wfa.wsc NDEF record encoding your home Wi-Fi SSID and password. Tap the tag to connect a new device to Wi-Fi without typing credentials.

Skills reinforced: MIME NDEF records, Wi-Fi Simple Config TLV encoding.

Intermediate

MIFARE Classic Sector Inspector Build a CLI tool that takes a MIFARE Classic card, tries a list of well-known keys on all sectors, decodes and pretty-prints the access bits for each sector, and identifies Value Blocks vs Data Blocks.

Skills reinforced: MIFARE Classic key management, access bit decoding, Python struct parsing.

NFC Attendance System Issue NTAG213 tags to members of a group. Each tag stores a member ID in NDEF. A Raspberry Pi with a PN532 reads the tag, looks up the member in a database, and logs attendance with a timestamp. Display “Welcome, Alice” on a small OLED screen via I2C.

Skills reinforced: nfcpy on Pi, GPIO, I2C display, database integration.

Tag-Triggered Automation Program a set of NFC stickers to trigger different home automation actions when tapped by a phone (Android NFC Shortcuts / Tasker, or Apple Shortcuts). Include a “context” sticker for “at desk”, “in car”, “bedtime” that sets phone profile, starts/stops timers, or controls smart home devices.

Skills reinforced: NDEF URI scheme for automation apps, practical tag use.

Locked NTAG with Password Write NDEF content to an NTAG216, then configure password protection to require the password for reads. Build a reader application that provides the password before reading. Demonstrate that a standard smartphone cannot read the protected content without extra apps.

Skills reinforced: NTAG CFG pages, PWD_AUTH, AUTH0 configuration.

Advanced

Transit Card Analyser Given a MIFARE Classic transit card for which you have the MAD key and at least one sector key (obtain from your transit operator via their developer programme, or from published research on cards where keys are known), parse the MAD, decode the sector structure, and display the application contents.

Requires: Legal authorisation to analyse your own card; knowledge of the transit operator’s application format.

Skills reinforced: MAD parsing, sector key management, proprietary application layer reverse engineering.

NDEF Tag Emulator Use a Raspberry Pi and a PN532 in card emulation mode (via nfcpy’s hce module) to emulate an NTAG213 with dynamically generated content. Each time a reader taps, the emulated tag returns a freshly generated NDEF URI with a timestamp or one-time token — similar to how DESFire SUN works, but implemented in software.

Skills reinforced: Card emulation mode, NDEF generation on the fly, one-time-use token patterns.

DESFire Application Explorer With a DESFire card (your own, or one issued to you by an operator), write a Python script using pyscard that:

  1. Selects the card (RATS, gets ATS)
  2. Lists all applications on the card (GetApplicationIDs)
  3. For each application, lists files (GetFileIDs, GetFileSettings)
  4. Authenticates with a key you own and reads file data

Skills reinforced: ISO 14443-4 APDU framing, DESFire command encoding, pyscard raw APDU transmission.

Standards (freely available or low-cost)

  • NXP MIFARE Classic EV1 — Functional Specification (MF1S50yyX/V1) NXP application note; the authoritative source for MIFARE Classic memory layout, access bits, and command set.

  • NXP NTAG213/215/216 — Product Data Sheet (NT3H1101/NT3H1201) Complete memory map, command reference, and configuration page details.

  • NFC Forum Type 2 Tag Technical Specification Defines how NDEF maps onto ISO 14443-3A tags (Ultralight/NTAG). Available from nfc-forum.org.

  • NFC Forum NDEF Technical Specification The normative NDEF record format spec. Available from nfc-forum.org.

  • NXP PN532 User Manual (UM10232) Full host communication protocol reference; essential if writing low-level PN532 code.

  • NXP MIFARE DESFire EV3 Application Note (AN12343) DESFire command set reference; covers EV1/EV2/EV3.

Security Research Papers

  • “Reverse-Engineering a Cryptographic RFID Tag” — Nohl, Evans, Starbug, Plötz (2008) The original CRYPTO1 reverse-engineering paper.

  • “Dismantling MIFARE Classic” — Garcia, de Koning Gans, Verdult, Wichers Schreur (2008) Follow-up paper with full cryptanalysis.

  • “Gone in 360 Seconds: Hijacking with Hitag2” — Verdult, Garcia, Balasch (2012) Not MIFARE, but LF RFID security; good companion to the HF papers.

  • “Practical Experiences on NFC Relay Attacks with Android” — Roland, Langer (2013) Relay attack methodology relevant to DESFire EV2’s proximity check motivation.

Books

  • “The RFID Handbook” — Klaus Finkenzeller (Wiley) Comprehensive reference on RFID physics, standards, and applications. Dense but complete.

  • “RFID Security” — Frank Thornton et al. (Syngress) Security-focused; good companion for the Classic/DESFire chapters.

Online Resources

  • nfc-tools.org — Home of libnfc, libfreefare, mfoc, mfcuk. Forums and wiki.
  • Proxmark3 community (proxmark.org / GitHub RRG/Iceman) — Active wiki and issue tracker for Proxmark3 firmware.
  • NFC Forum (nfc-forum.org) — Formal standards; some specifications freely downloadable.
  • Mifare.net (NXP) — Product pages, datasheets, application notes.
  • Android NFC developer guide — developer.android.com/guide/topics/connectivity/nfc
  • Apple CoreNFC documentation — developer.apple.com/documentation/corenfc

10.3 Setting Up a Development Environment

A reproducible Python environment for NFC development:

# Create virtual environment
python3 -m venv nfc-env
source nfc-env/bin/activate

# Install Python libraries
pip install nfcpy ndeflib pyscard

# Install system libraries (Debian/Ubuntu)
sudo apt-get install libnfc-dev libnfc-bin libfreefare-dev libfreefare-bin \
                     pcscd libpcsclite-dev

# udev rule for ACR122U (replace with your reader's VID/PID)
echo 'SUBSYSTEM=="usb", ATTRS{idVendor}=="04e6", ATTRS{idProduct}=="5591", MODE="0666"' \
  | sudo tee /etc/udev/rules.d/99-nfc.rules
sudo udevadm control --reload-rules

# Test
nfc-list    # should list any tag in the field

10.4 Checklist: Before Deploying NFC in Production

Use this checklist when building an NFC-based system:

Tag selection:

  • Chosen tag type is appropriate for the security requirements (MIFARE Classic → only for low-risk)
  • Tag memory is sufficient for the application data + NDEF overhead
  • Tag form factor suits the physical application (label, card, coin, inlay)

Security:

  • All factory default keys have been changed before deployment
  • Keys are derived per-card (UID-based diversification), not the same on all cards
  • Access bits are set correctly: data sectors write-protected where appropriate
  • Sector trailers are not left with Key A readable
  • For new systems: DESFire EV2/EV3 or JCOP is used instead of MIFARE Classic

NDEF / Application layer:

  • Capability Container is correctly written before NDEF
  • NDEF TLV is correctly terminated with 0xFE
  • Multi-language Text records are included if needed
  • Total NDEF payload fits within tag capacity with margin

Reader infrastructure:

  • Reader firmware is up to date
  • Reader antenna is correctly tuned for the expected tag form factor
  • Software handles TagCommandError / NAK gracefully
  • System behaves correctly when no tag is present, wrong tag type is presented, or tag is partially read

10.5 Closing Thoughts

NFC is simultaneously a mature and an evolving technology. The ISO 14443 standard and MIFARE chip family are over 30 years old; meanwhile NFC Forum Type 5 (ISO 15693) is gaining traction for logistics, and DESFire EV3 SUN messages are enabling new authentication patterns that do not require a custom reader application.

The tools available to open-source developers are excellent for the most common tasks — reading and writing NDEF on NTAG tags, analysing MIFARE Classic cards (with appropriate authorisation), and building custom NFC readers on embedded Linux. The gaps are mainly in high-security DESFire tooling and in contactless payment, where the proprietary and regulated nature of the ecosystem limits open access.

The most important thing to carry away from this book is the mental model: physical layer → protocol layer (ISO 14443) → tag type (MIFARE, NTAG) → application layer (NDEF). When something does not work, you can locate the problem at the correct layer and fix it systematically, rather than guessing.

Happy tapping.

← Chapter 9: Practical Examples Table of Contents

>> You can subscribe to my mailing list here for a monthly update. <<