Contents

Section	Topic
1	About this Volume
2	The 125 kHz LF Subsystem
· 2.1	What it is
· 2.2	Supported card types
· 2.3	The T5577 clone story
· 2.4	Range and antenna realities
3	The 13.56 MHz HF Subsystem (ST25R3916)
· 3.1	The chip and the standards
· 3.2	The plugin parser system (firmware 1.0 reorg)
4	MIFARE Classic — The Attack Bench
· 4.1	Mfkey32 (recovery from authentication exchange)
· 4.2	Nested attack (recovery via known partial keys)
· 4.3	Hardnested
5	NTAG and DESFire
· 5.1	NTAG family
· 5.2	DESFire (EV1, EV2, EV3)
6	Magic Cards (HF clone targets)
7	NFC Read → Save → Emulate → Clone Workflow
8	The Mobile App and NFC
9	ISO 15693 (Vicinity Cards)
10	Where Proxmark3 Wins
11	Common Gotchas
12	What’s next

1. About this Volume

Two physically distinct subsystems share this volume because the on-device UI groups them: the 125 kHz LF RFID subsystem (a small discrete reader + emulator on a separate antenna) and the 13.56 MHz HF NFC subsystem (the ST25R3916 NFC AFE on a printed loop). The user- facing distinction is “RFID vs NFC”, but the implementation, the protocol catalogs, and the attack surfaces are quite different. This volume covers both, then closes with the comparison: when the Flipper is enough vs. when you need a Proxmark3.

2. The 125 kHz LF Subsystem

2.1 What it is

A 125 kHz (carrier) reader/writer/emulator with its own dedicated antenna and a discrete carrier-generation + envelope-detection front end (not the ST25R3916 — different chip, different antenna). LF cards are older, simpler, and cheaper than HF cards: typically a few hundred bits of data, no crypto on most variants, modulated by load-modulating the reader’s field.

2.2 Supported card types

Card family	Read	Emulate	Clone to T5577	Notes
EM4100 (EM-Marine)	✓	✓	✓	The most common access-control card
HID Prox (ProxCard II, ProxKey, ISOProx)	✓	✓	✓	Full FC+CC decode
Indala (26-bit, 27-bit, 224-bit)	✓	✓	✓
AWID	✓	✓	✓
FDX-A / FDX-B	✓	✓	✓	Animal microchips, Halo-Touch dog tags
PAC/Stanley	✓	✓	✓	UK access control
Paradox	✓	✓	✓
Viking	✓	✓	✓
ioProx	✓	✓	✓
Jablotron	✓	✓	✓
Nexwatch (Quadrakey)	✓	✓	✓
Securakey	✓	✓	✓
HiTag2	partial	partial	varies	Crypto challenge — Flipper handles read+sniff but not the full attack; Proxmark3 wins here
EM4x70 (Megamos crypto)	—	—	—	Car immobilizer chips — Proxmark3 only
LegIC	—	—	—	Proprietary; Proxmark3 only with paid plugin

2.3 The T5577 clone story

T5577 is a “blank” 125 kHz card that can be programmed to mimic any of the supported types above. Workflow on Flipper:

RFID → Read → (place reader against a card) → wait for parse →
RFID → save the parsed result →
RFID → Saved → pick the saved card → "Write" → place T5577 card →
   the Flipper writes the cloned data

The whole thing is one keypress per step. It’s fast and reliable; this single workflow is the headline feature for everyday RFID-cloning use.

2.4 Range and antenna realities

LF range is short — 2–6 cm, with the Flipper’s onboard LF antenna. For deep reads (cards at the bottom of a wallet, badges in a thick lanyard), you’re often margin-constrained. Proxmark3 with its larger antenna is significantly better here; there’s no easy LF range upgrade for the Flipper.

3. The 13.56 MHz HF Subsystem (ST25R3916)

3.1 The chip and the standards

ST25R3916 is the EMVCo 3.0–certified NFC analog front end. Vol 2 covered its specs; here’s the supported-cards table from the user’s perspective:

Standard	Cards	Read	Emulate	Crack
ISO 14443-3A	UID-only	✓	✓ (magic card)	n/a
ISO 14443-4A	MIFARE Classic 1k/4k	✓	✓ (with keys)	mfkey32, nested
ISO 14443-4A	NTAG 213/215/216	✓	✓	(no crypto)
ISO 14443-4A	DESFire (EV1/EV2/EV3)	✓	partial	crypto-based, no public attacks
ISO 14443-3B	Calypso	✓	partial	n/a
FeliCa	Suica, PASMO, Octopus	✓	partial	n/a
ISO 15693	ICODE SLIX, animal LF tags	✓	partial	partial
Mifare Plus	SL3 mode	partial	—	(modern crypto)

Read range is 1–4 cm typical. The HF antenna is a printed loop on the back of the PCB.

3.2 The plugin parser system (firmware 1.0 reorg)

After firmware 1.0 (Sep 2024), the NFC app got a plugin parser architecture — community plugins parse application data on top of the underlying NFC framing. So a transit-card can be read by ST25R3916, and then a parser plugin decodes:

• Stored balance + last-trip records
• Card type + issuer
• Travel history (where the system stores it on-card)

Community plugins exist for NYC OMNY, BART Clipper, Boston CharlieCard, Chicago Ventra, Tokyo Suica, London Oyster (limited), various ski passes, hotel keys (Saflok, MIWA, Salto), amusement park bands. List grows; check awesome-flipperzero plugins.

4. MIFARE Classic — The Attack Bench

The headline target. The Crypto-1 cipher is famously broken — multiple academic groups demonstrated practical attacks 2008–2015 (Garcia, Verdult, Oswald, the Hardnested paper).¹ Two attacks ship on Flipper:

4.1 Mfkey32 (recovery from authentication exchange)

Workflow:

1. Set the Flipper into MIFARE Classic emulation with the UID of a card
   you don't yet have all keys to (clone the UID via Read first).
2. Wave the Flipper at a real reader that expects that card. The reader
   sends the auth challenge; the Flipper records the (challenge, reply,
   nonce) tuple — even though it doesn't know the key, it captures the
   exchange.
3. Run "Detect Reader" or pull the .nfc to PC; mfkey32 algorithm recovers
   keys from the captured nonce pairs.
4. Paste the recovered keys back into the .nfc dictionary; the Flipper
   can now fully read/emulate the card.

Time to recover depends on how many auth exchanges you can capture. ~5–60 minutes of waving at a reader is typical for a few keys; full 16-sector recovery on a 1k card might take many sessions if reader-side randomness is high.

4.2 Nested attack (recovery via known partial keys)

Once you have one known key for any sector, the nested attack extracts the other keys without needing reader interaction. Time to recover a full 16-key dictionary on a card with one known key: a few seconds to minutes on a Flipper, faster on a Proxmark3.

The standard “default keys” dictionary (mf_classic_dict.nfc) ships with many vendor-provided defaults — start with this; if any sector authenticates with a default key, nested can take it from there.

4.3 Hardnested

The “harder” variant of nested for cards that resist standard nested (post-2014 silicon revisions). Implemented on Proxmark3 mainline; the Flipper firmware ships a partial implementation that works on most cards but may need to fall back to PM3 for the toughest ones.

5. NTAG and DESFire

5.1 NTAG family

NTAG 213/215/216 are simple memory tags with no crypto on the data side (they have NDEF for URLs, password protection on later variants). Flipper:

• Reads them fully, decodes NDEF.
• Emulates them — useful for “fake an Amiibo” workflows (every Amiibo is an NTAG 215 with specific data).
• Writes to T55x7 isn’t applicable — NTAG is HF, not LF. To clone an NTAG, you need an HF “magic” tag (see §6).

5.2 DESFire (EV1, EV2, EV3)

Modern, cryptographic. AES-128 mutual auth, application-keyed file access. Flipper can:

• Identify the card and read public application IDs
• Read files where the application key is 00000000…0 (factory default) or otherwise known
• Cannot brute-force AES. No public attack works against EV2/EV3 with reasonable effort.

Real DESFire deployments (e.g. modern transit, modern access control) are out of reach with the Flipper alone.

6. Magic Cards (HF clone targets)

“Magic” cards are special MIFARE Classic-shaped cards where sector 0 block 0 (the UID and manufacturer block) is writable. Real cards have this block read-only at the silicon level; magic cards bypass that.

Why they matter: to fully clone a MIFARE Classic, you need to be able to write the UID. Real cards will let you write all sectors except sector 0 block 0. Magic cards let you write everything, and the cloned card behaves identically to the original to most readers.

Type	UID writable	Sector 0 changeable	Notes
Gen 1A “Chinese magic”	✓	✓	Backdoor command sequence
Gen 1B	✓	✓	Different backdoor sequence
Gen 2 “CUID”	✓	partial	Only on direct write, not via auth
Gen 3	✓	✓	Multiple “personality slots”
Gen 4 (UMC)	✓	✓	All-singing-all-dancing — emulates anything
Magic Ultralight	✓	✓	NTAG-compatible

Flipper supports detect + write for Gen 1A/1B, partial for Gen 2/Gen 3, limited for Gen 4. On Proxmark3 the Gen 4 support is more complete.

7. NFC Read → Save → Emulate → Clone Workflow

Read:
  NFC → Read → place card → wait for full read (typically 5-30 sec for a
                            16-sector MFC; ~2 sec for NTAG)
  → if any sector auth fails, the reader will fall through to mfkey32
    or just save what it got.

Save:
  → Save → name → stored as /ext/nfc/<name>.nfc

Emulate:
  → NFC → Saved → pick → Emulate → Flipper looks like the card

Clone (to magic card):
  → NFC → Saved → pick → Write → present a magic card → done

For the emulation-vs-clone distinction: emulate keeps the data on the Flipper and presents it to readers when you wave the device; clone writes the data permanently to a physical card. Emulate is faster / non-destructive; clone gives you a thing you can put in a wallet.

8. The Mobile App and NFC

The Flipper Mobile App can:

• Browse /ext/nfc/ files on the device.
• Push captured .nfc files between phone and Flipper over BLE.
• Trigger Read / Emulate from the phone (slow — the BLE link is the bottleneck).
• Display NDEF content for NTAGs.

It cannot crack keys on its own; that’s all on the Flipper. The phone is mostly a remote-control + file-transfer surface for NFC work.

9. ISO 15693 (Vicinity Cards)

The other ISO standard supported by the ST25R3916. Lower data rate than 14443 but longer range (up to ~1 m with a big reader; on Flipper, ~5 cm). Use cases: animal microchips, library books, ski-pass cards, some warehouse tags.

Card	Read	Emulate
ICODE SLIX (NXP)	✓	partial
Tag-it HF-I (TI)	✓	partial
EM4233 / EM4234	✓	partial
Animal LF microchips (ISO 11784/11785, FDX-B)	✓	✓

10. Where Proxmark3 Wins

The “buy a Proxmark when…” decision tree:

Job	Why Proxmark3	When Flipper still works
HiTag2 / EM4x70 / LegIC	Flipper firmware lacks the full crypto attack	If the card is a non-crypto LF type, Flipper
Mifare Classic Hardnested edge cases	PM3 mainline more complete	Most cards — Flipper handles them
Long-range deep-read of obscured cards	Bigger antenna, finer power control	Anything in 1–6 cm range
EMV card analysis (real credit cards)	More tooling	Read public NTAG portion only
Research-grade timing control	Real TI1 / FPGA-level access	Not Flipper territory
Sniffing reader↔card live transactions	PM3 sniff mode — Flipper has nothing equivalent	n/a

The pattern: PM3 is the lab tool, Flipper is the field tool. Both are useful; they’re complementary. See _shared/comparison.md.

11. Common Gotchas

Symptom	Cause	Fix
LF Read fails with the card right on the antenna	LF antenna is on the side (where the iButton pad is)	Slide the card onto the side, not the back
HF Read repeatedly times out	Card too far / lanyard too thick	1–4 cm clear-air; remove from holder
Clone to T5577 succeeds but reader rejects it	Card type detected wrong	Re-read original; check format; some readers are picky on bit length
Mfkey32 captures nothing despite waving	Real reader uses random nonce + already-fetched key	Try a different reader if you have access; mfkey32 is reader-dependent
Magic card clone “looks right” but reader rejects	Reader checks anti-collision UID type; Gen 1A/1B may not match	Try a Gen 2/3/4 magic; or sniff the original to match more carefully
Mobile App reads card while in Flipper hands	App is talking to the Flipper, not directly to the card	Expected — phone NFC is just for file transfer

12. What’s next

Vol 6 — Infrared, iButton/1-Wire, BadUSB, U2F. The remaining “protocol-terminal” subsystems on the Flipper, before we move to GPIO and FAP development in Vol 7.

Footnotes

1. Garcia et al., “Dismantling MIFARE Classic” (ESORICS 2008); Garcia et al., “Wirelessly Pickpocketing a MIFARE Classic Card” (IEEE S&P 2009); Verdult et al., “Dismantling iClass and iClass Elite” (ESORICS 2012); Carlo Meijer & Roel Verdult, “Hardnested” attack (Radboud University, 2015). The implementations on Flipper come from the Proxmark3 codebase (the algorithms are shared). ↩