Otherwise, only the UID can be detected. The real mystery is why Apple refuses to open the low-level read commands. (To read NDEF, or determine that the data is _not_ NDEF, you need to read the card.)
MIFARE Classic uses a mandatory, proprietary (presumably still patented) encryption algorithm even for "world-readable" cards, on top of the ISO 14443-3 standard. I'm not even sure whether Apple could legally offer that capability without licensing it from NXP.
On Android, only devices with an NXP chip support these tags for the same reason.
You could argue that Apple could just provide even lower layer access to the contactless interface to allow apps to implement it in software, but I'm not sure if that's feasible (due to timing constraints).
(Note that the article doesn't specify which MIFARE tags it is about. If it's MIFARE Classic, something must have changed, and maybe Apple has licensed the required NXP patents? DESfire should work with iOS without jumping through any hoops, since that implementation is ISO 14443 compliant all the way up to -4.)
Back in 2015 I was tech lead for a modern (web based) SaaS library management system and getting it to work with RFID tags with a wrapper application was all sorts of fun and games.
We got RFID library tags working on Android, but with iOS locking down NFC access it turned out to be impossible and we had to get libraries to buy bluetooth connected RFID scanners.
This is one of those cases where I know I really should investigate further, but I'm taking this one step at a time. Perhaps digging in to the "why" will become a follow-up post
Actually, I have all the components, so I'll try this now and report back.
Probably some "magic key" ID.
But this is not my area of expertise. It's a cool story, though, and why I like hanging here. Considering getting a Proxmark and the NFC Tools app, just to play around.
For purchase, there are many form factors: https://store.gototags.com/nfc-tags
On Amazon, search NTAG215.
I actually have a hotel keycard taped to my washing machine to do some laundry-based automation with my phone. Maybe I should write about that sometime..
MIFARE Classic supports (completely broken and for this use case) useless encryption and doesn't work with some Android devices, as they're not really a part of the standardized NFC stack.
If you want to get really fancy, you can also get a Java Card based smartcard and install an NDEF application yourself. You could then also install a FIDO application and use the same card as a "homebrew Yubikey" :)
are the tags I have, and https://apps.apple.com/us/app/nfc-tools/id1252962749 is the app I used (which is the same as the one used in the post).
The number of obnoxious people/guerilla ad companies that printed and programmed NFC tags and stuck them in random places was way too high. In some cases, they would replace the businesses QR code with the NFC tag. In some cases that NFC notification would pop up instead of the business’s menu. Quite annoying.
Then there was a case where the person stuck the raw tags _under the table_, so putting your phone down in random places would spam this notification on your screen.
I'm personally not a huge fan of needing to use NFC tags in the real world (parking meters use them for payment around here), but I do like creating tags.
Card emulation is a thing now: https://developer.apple.com/documentation/corenfc/cardsessio... (edit: only in the EU)
And iOS as well as iPadOS now also support USB smart card readers. iPads can actually use them to access NFC FIDO tokens. (Why iPads don't have native NFC is completely beyond me, there are so many obvious use cases for it)
Oh, that's very cool!
Apple seems to silently be implementing more and more features to make iOS/macOS a full-fledged smart card OS; I've also noticed that FIDO over CCID is now available natively on macOS, and by extension in Firefox and Safari via WebAuthN (which finally lets me use my smartcard form factor FIDO authenticator).
If you can send/receive APDUs you're good to go.
Do you know if Apple requires any special permissions/entitlements to create VAT passes, or does a normal pass certificate suffice?
At least Suica train cards(based on FeliCa/NFC-F) on iOS can be read from third party Android apps, and Apple do advertise iPhone feature to store corporate IDs, so the idea of using iPhone for gate tap-in card should be completely fine.
It's not accessible to "regular" app developers in the way it is for Android.
ISO 14443 reader access has been available globally, so if you're fine with having to open an app before an interaction with a reader, you could have the reader perform card emulation, and the phone "read/write" it like a tag, i.e. send APDUs which the device behind it then interprets.
