On Jul 26, 5:37 pm, wrote:
On 25 Jul, 21:43, Chris wrote:

Of course they can - incorrect data downloaded to cards can easily
makethem inoperable.

I've not yet come across r/w memory that can't be reset if theres
dodgy data on it so unless they're upgrading any software there may be
on it I can't see how it could happen. And if thats the case you have
to ask yourself why.

Most microcontrollers have had settings which once written prevent you
ever reading out or changing the microcode again.

Some of those were non resettable, even if, before the fuses were
blown, the microcontroller was reprogrammable.

(The modern flash PICs which I've been playing with recently all seem
to have the ability to do a complete reset even after the code
protection bits have been set - IIRC on some of them this reset can
wipe some of the factory calibration data so you have to make sure
you've recorded these values for the individual devices somewhere
before you start down this path - I think mostly this calibration data
is related to the internal oscillator so it's not needed if you're
using external timing)

I can easily believe that the mifare card could have a setting to flag
some of the memory as read only - IIRC sector 0 (which contains the
ID[1]) is read only - It's perfectly possible that there is an address
somewhere that says what memory is read only and what is read write
and that address can only be incremented, never decremented.

Initially the card is created with this address as 0. Sector 0 is
written and then the address incremented to 1. A card can be totally
disabled by incrementing this address to its maximum value.

Tim.

[1] Someone posted a link to a presentation about hacking the mifare
chip - according to that, even though sector 0 is non-reprogrammable,
you can change the key used to encrypt the traffic in such a way that
the card looks like it has a different ID. Only if the reader
explicitly requests sector 0 and verifies the ID will it be able to
detect this spoofing.