How To Detect In Android Whether Uid From Nfc Tag Is Random?

I am working on an Android project which relies on the unique UID of a discovered NFC tag to process the tag. I extract this UID using the following code: byte[] extraID = intent.g

Solution 1:

For NfcA (and IsoDep and/or MifareClassic combined with NfcA), the ID is random if it exactly 4 bytes long and starts with 0x08. There are some cards (MIFARE DESFire) that can be configured with a random ID that is 4 bytes long and starts with 0x80.

For NfcB (and IsoDep combined with NfcB), there is no predetermined ID range that is reserved for random IDs. In fact, any NfcB ID can be a random one. The NfcB ID is actually called PUPI, which stands for "Pseudo Unique PICC Identifier". So the name already indicates that uniqueness is not guaranteed.

For NfcF and NfcV, the ID will generally not be random.

Reading the tag twice to detect a random ID only works if you remove the tag from the RF field. A tag will usually keep the same random ID as long as it stays powered by the Rf field.

Solution 2:

This RFC: https://www.rfc-editor.org/rfc/rfc4122#section-4.1.3 defines the format of a UID; it includes a field indicating what type of UID it is:

Msb0Msb1Msb2Msb3VersionDescription00011The time-based version
                                     specified inthisdocument.

    00102DCESecurity version, with
                                     embedded POSIXUIDs.

    00113The name-based version
                                     specified inthisdocument
                                     that uses MD5 hashing.

    01004The randomly or pseudo-
                                     randomly generated version
                                     specified inthisdocument.

    01015The name-based version
                                     specified inthisdocument
                                     that uses SHA-1 hashing.