How are they defined?
- The NTAG424 that produces a CMAC (Cipher-based Message Authentication Code) which cost about $0.50 per chip
- CMACs are based on block ciphers like AES
- There is a shared secret key on the chip and on the verification server that can verify authenticity of data
- Data included: UID of the chip + incrementing counter
- Similar to digital signatures, but cannot be verified against a public key
- As a result, they are somewhat “dead” — their validity can only be checked with a centralized server, if that goes down or stops getting maintained the chip is useless
Where to get them?
I have primarily sourced CMAC chips and related software to use them from my friends at IYK! They are also cheaply available for mass purchase on sites like Amazon and Alibaba.
Reload if nothing is visible.