RFID tag block no longer accessible after writing data to it

Question

I just got a RFID-RC522 module for Arduino and a RFID tag. This is all new to me. In this tag the memory block 7 (sector 1) data is:

00 00 00 00 00 00
FF 07 80 69
FF FF FF FF FF FF

Originally, the first 8 bytes oof the block (key A) were set to 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF.

Playing with it I wrote this data to block 7:

00 00 00 00 00 00
00 00 00 00
FF FF FF FF FF FF

And now I can no longer access it. Reading the tag with NXP TagInfo (Android app) says the default key is 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF. However, using this value, or a key consisting of all-zero bytes, I can't authenticate to the block.

How can I find out the new authentication key? How exactly did I change it?

Answer 1

Obviously, the "RFID tag" is a MIFARE Classic card. With that type of card, block 7 is the sector trailer for block 1. The sector trailer stores the access keys (key A in the first 6 bytes, key B in the last 6 bytes) and the access conditions (byte 6-8) for that sector.

So you wrote the sector trailer as:

• Key A: 00 00 00 00 00 00,
• Key B: FF FF FF FF FF FF,
• Access conditions: 00 00 00

The value 00 00 00 does not represent valid access conditions. Unfortunately, once you wrote an invalid value to the access conditions field, the whole sector becomes inaccessible and there is no way to reverse this condition. Hence, this sector is permanently unusable.