There are certain chips that support a “privacy” feature which randomizes the UID each time. The only way to get the real uid is to authenticate using a cryptographic key. The desfire chip can do this as well as various smartcard chips like the p60 and p71
Oh thanks Amal.
And do you think authenticatinothroufh a cryptographic key is something a beginner like me can do?
If you have the key, it should be easy.
1 Like
So with the P71, if someone enables this feature, then the initial ATR response will have a random UID (but I’m assuming a static manufacturer/vendor ID). Then the reader sends some kind of challenge that the P71 recognizes and it then does a second ATR but with the real UID?
That would be interesting to test on my unlocked P71 card. How is it enabled?
Not sure what thread to dump this, can’t find the original
But this is a new terminal in my area, and I’m curious how it performs
The rfid portion seems to be isolated to this area with a smaller footprint… hopefully better implant coupling
1 Like
I’ve had great luck with these. Easy reads.
It’s so strange dealing with overlapping standards but basically contactless doesn’t actually really produce an ATR. The reader will produce an ATR based on what it knows about the contactless chip it’s talking to. Contactless can produce an ATS value but getting this over a pc/sc compliant reader is not standardized.
Also I don’t think the ATR actually contains the UID. When it comes to ISO14443A, the reader will send out a sort of beacon command to any chips in the field, and they will respond with their UID. Then the reader will issue a select command with a specific uid that it wants to talk to, and all other chips hearing this select command will go silent and let the selected chip respond.
This is typically how you should be obtaining the uid of any chip you are talking to, which means things like door locks and other simple reader devices should always be able to work with any type of chip that is ISO14443A compliant… however we know there are plenty of readers and door locks that do not work with certain types of iso14443a chips, even if the byte count of the uid is the same as other chips the lock or reader does work with. For example, a lock might work with a ultralight or ntag chip but not a desfire chip. This makes no sense because all of those chips work exactly the same way when it comes to iso14443a interrogation and selection. The problem is that these readers and door lock products are using crap firmware written by some dummy that is very likely issuing read commands to the ultralight and ntag chips to get the memory contents of the first free memory pages and pulling the UID from that instead of the iso selection process.
Anyway, point here is that the p71 and other chips with privacy mode will generate a random uid once powered, and report that random uid to the reader in response to any beacon command it hears. When the reader wants to talk to that chip, it will select that particular uid and that is the uid reader will talk to the chip with during the contactless session, even if you issue other commands to get the real uid of the chip, that is akin to issuing memory read commands to get the uid from an ntag vs the iso selection process. Getting the real uid of a chip with privacy mode involves special commands and data processing. It does not change the uid in the middle of the contactless session. It can’t, that would confuse the reader and violate the ISO standard.
4 Likes
Interesting. Thanks for the detailed explanation. I’ll see if I can enable this on one of the P71 cards I have and test.
Hiiiiii! I’ve been away on medical leave for a month, but I’m back. I’ve missed you all!
This is an Ingenico terminal. I work in the point of sale industry. It’s not dramatically different from the VeriFones, but they seem to function slightly better. All of these devices are tricky to use, repair, and keep in the field for long because of their tamper detection requirements (I can go into detail if you want).
This is true with the Ingenico. That’s the sweet spot. That function at least is way better than the VeriFone.
I really wish my laptop had an NFC reader in roughly the same spot…
I’d love that 
I would love to get my verifone going … Or repurpose it …
Me too they’re very reliable
Sorry for the late reply. Things have been crazy here recovering from surgery. Doing pretty well, though, overall.
So, the tamper detection systems on these units are a series of switches that get triggered if the unit is opened or something that isn’t a card is inserted into any crevice of the device. The device uses the same type of technology as a CMOS battery to keep the tamper detection system operational while the device is powered down. We have found that these devices are crazy sensitive to the smallest amount of moisture ingress, especially in the crevices between the keys on the keypad.
I have not tried re-purposing or re-imaging a VeriFone or an Ingenico outside of what we do for our customers, so I can’t speak to how viable it would be as an NFC reader without the proper encryption keys (which are generally customer-specific) and customer software package.
I did try a generic Android image on an Ingenico tablet device with an NFC reader, but I could not get the reader to function under the usual Android OS settings. I assume an app would need to activate it. I didn’t play with it much more than that.
2 Likes
Well that’s a relief! Congrats on a successful surgery!
That’s crazy… a careless customer could spill some soda pop on one and kill it?!
2 Likes
Well, sort of. Not kill it, but Tamper it, which requires a factory reset that only a PCI-compliant repair house can do. We get a LARGE volume of devices back on warranty repair for this specific reason. In fact, there is a specific chicken-vending customer who happens to have their soda fountain at the payment counter, and the residual splash from filling sodas over the course of time has been found to Tamper out the VeriFone devices that they use.
Sigh.
We tried to make a keypad cover and sell it to them to prevent this damage, but it was rejected because the Braille on the keys could no longer be “read” making it not ADA-compliant.
Double sigh.
The crazy thing is that it is fairly drop-resistant, but a “drop” of water is it’s death-knell.
That’s insane 
I’ve seen them wrapped in seranwrapp a several times … Now I know why 
Mine has been sitting in a box for a long time, it is not connected to any systems … but I would suspect it has a triggered the temper mechanism …
I did manage to get in some menus, but I didn’t got anywhere 
Do you have any info on connecting it to a network or accessing it through the Ethernet adapter/ssh into it?
Glad you’re recovering well.
Holding 1+5+9 after boot up usually enters the diagnostic menu.
I’m afraid I wouldn’t know how to do that outside of the standard customer software that interfaces with a payment processor and the rest of the point of sale system.
If it’s a VeriFone, it will boot up to “Maintenance Required” if it’s been Tampered.
1 Like
Actually, I’ve seen these things go really whack with moisture, and I actually haven’t seen tamper issues.
My experience with this is just from being a cashier during the pandemic and everyone started blasting these with cleaners and sanitizers. A while into this, a ton of them started doing all kinds of weird stuff from just typing garbage (I forget if on their own or just entirely not what the user pressed) or the touch screen getting really off.
2 Likes