FlexDF timeline

Support
1

I ordered a flex DF tag mid February. I was just curious on the current timeline for the next batch to ship. No rush, but I’m excited and thought I would ask. Thanks!

2

We have a batch of flexDF PCBs with chips on. We still have to set up in our new lab space and then we can coat them and ship out the first batch! That should be happening some time in the next couple weeks.

3

Awesome, that is great to hear. Congrats on moving out of the garage by the way, is the new lab still local to where you are now?

4

Oh yeah… the new lab is a new garage hahaha… but better setup. I don’t really want to make my commute worse than it is. I like working from home :slight_smile:

1 Like
5

Amal, the Disney Magic Bands have the Mifare Desfire ev1 chips installed in them for room access and point of sale. Do you think it’s possible for me to implant a FlexDF and attempt to have a park employee “activate” it the way they would a new magic band? (I doubt my Proxmark3 would be any good in this situation.)

If so, I’ll be heading to Disney World in October. Will you have a batch ready to ship before then?

This is one of my higher priority projects.

6

Hmm good idea. You’d need to talk to a park employee first. Technically yes it can be programmed with the proper AIDs (application IDs) and data, but the real question is whether or not the magic bands come pre-initialized with the proper AIDs and the park simply writes user-specific data to that band when it’s issued… or if the bands come totally “factory” and the issuing process configures the AIDs.

I have a magic band here… let me test it… this is what the band I have says;

IC manufacturer:

NXP Semiconductors

IC type:

MIFARE DESFire EV1

DESFire Applications:

Access control data for electronic locks #0

  • Timelox AB
    Disney MagicBand

– NDEF ------------------------------

No NFC data set storage

– EXTRA ------------------------------

Memory information:

Size: 512 bytes
Available: 320 bytes

IC detailed information:

Capacitance: 70 pF

Version information:

Vendor ID: NXP
Hardware info:

  • Type/subtype: 0x01/0x02
  • Version: 1.0
  • Storage size: 512 bytes
  • Protocol: ISO/IEC 14443-2 and -3
    Software info:
  • Type/subtype: 0x01/0x01
  • Version: 1.4
  • Storage size: 512 bytes
  • Protocol: ISO/IEC 14443-3 and -4
    Batch no: 0xBA35519360
    Production date: week 51, 2012

– TECH ------------------------------

Technologies supported:

ISO/IEC 7816-4 compatible
Native DESFire APDU framing
ISO/IEC 14443-4 (Type A) compatible
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible

Android technology information:

Tag description:

  • TAG: Tech [android.nfc.tech.IsoDep, android.nfc.tech.NfcA, android.nfc.tech.NdefFormatable]
    android.nfc.tech.NdefFormatable
    android.nfc.tech.IsoDep
  • Maximum transceive length: 261 bytes
  • Default maximum transceive time-out: 618 ms
  • Extended length APDUs not supported
    android.nfc.tech.NfcA
  • Maximum transceive length: 253 bytes
  • Default maximum transceive time-out: 618 ms

Detailed protocol information:

ID: 04:6F:8F:9A:9D:2B:80
ATQA: 0x4403
SAK: 0x20
ATS: 0x067577810280

  • Max. accepted frame size: 64 bytes (FSCI: 5)
  • Supported receive rates:
    • 106, 212, 424, 848 kbit/s (DR: 1, 2, 4, 8)
  • Supported send rates:
    • 106, 212, 424, 848 kbit/s (DS: 1, 2, 4, 8)
  • Different send and receive rates supported
  • SFGT: 604.1 us (SFGI: 1)
  • FWT: 77.33 ms (FWI: 8)
  • NAD not supported
  • CID supported
  • Historical bytes: 0x80 |.|

Memory content:

PICC level (Application ID 0x000000)

  • PICC key configuration:
    • AES key
    • PICC key changeable
    • PICC key required for:
      ~ directory list access: no
      ~ create/delete applications: no
    • Configuration changeable
    • PICC key version: 254

Application ID 0xF70090

  • Key configuration:

    • 3 AES keys
    • Master key changeable
    • Master key required for:
      ~ directory list access: no
      ~ create/delete files: yes
    • Configuration changeable
    • Master key required for changing a key
    • Key versions:
      ~ Master key: 0
      ~ Key #1: 0
      ~ Key #2: 0

  • 1 file present

    • File ID 0x00: Standard data, 128 bytes
      ~ Communication: encrypted
      ~ Read key: master key
      ~ Write key: master key
      ~ Read/Write key: master key
      ~ Change key: master key
      ~ (No access)

Application ID 0x78E127 (Disney MagicBand)

  • Key configuration:

    • 2 AES keys
    • Master key changeable
    • Master key required for:
      ~ directory list access: no
      ~ create/delete files: yes
    • Configuration changeable
    • Master key required for changing a key
    • Key versions:
      ~ Master key: 1
      ~ Key #1: 1

  • 2 files present

    • File ID 0x01: Standard data, 16 bytes
      ~ Communication: plain
      ~ Read key: free access
      ~ Write key: free access
      ~ Read/Write key: blocked
      ~ Change key: free access
      ~ Contents:

[0000] D1 27 2F 00 00 00 00 00 05 D9 00 05 00 89 01 88 |.’/…|

  • File ID 0x02: Standard data, 56 bytes
    ~ Communication: plain
    ~ Read key: key #1
    ~ Write key: free access
    ~ Read/Write key: blocked
    ~ Change key: free access
    ~ (No access)
7

I think I’m just going to purchase a chip from you and take it with me to the parks. I have a disassembled magic band 2 which will allow me to gut the internals and place the FlexDF inside. I’ll then ask the guest services rep to activate this band and see what happens. If all goes well, it worked and I can implant it already programmed.