> For the complete documentation index, see [llms.txt](https://developer.magtek.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/dynaflex-ii-go/documents/developers-manuals/programmers-manual-commands/commands/nfc-mifare-pass-through/pass-through-for-mifare-classic-mini-plus-sl1.md). # Pass Through for MIFARE Classic/MINI/Plus SL1 ### Command 0x1101 – Pass Through Command for MIFARE Classic/MINI®/Plus SL1 (Security Level 1), Type 2 After a MIFARE Tag is activated, the host uses this command to send commands and receive responses to and from a MIFARE tag. For MIFARE Plus EV1/EV2/SE/X at SL1 (Security Level 1), the tag is discovered as MIFARE Classic, and can use the same functionality as MIFARE Classic 1K/4K commands in **Table 96 – MIFARE Classic/MINI® Commands**. Furthermore, an additional optional AES authentication is available in this level without affecting the MIFARE Classic 1K/4K functionality. The authenticity of the card can be proven using strong cryptographic means with this additional functionality. In addition to the backwards compatibility mode, MIFARE Plus card can be switched to higher security levels. After MIFARE Plus is authenticated with AES Security Level 1 Key, the Device doesn’t auto detect an error from the MIFARE Tag has been removed to end the pass-through session. To end the pass-through session, the Host application can send the last command, the CANCEL command (0xFF), or receive an error response from the MIFARE Tag. ## Table - Request Data for Command 0x1101 - Pass Through Command for MIFARE Classic/MINI®/Plus SL1 (Security Level 1)
TagLenValue / DescriptionTypReqDefault
Beginning of any wrappers, at minimum including Request Message
1101 = Command 0x1101 – Pass Through Command for MIFARE Classic/MINI®/Plus SL1 (Security Level 1), Type 2
81varCommand to Send. See Table 96 – MIFARE Classic/MINI® Commands See Table 97 – MIFARE Plus EV1/EV2/SE/X SL1 (Security Level 1) CommandsBR
820100 – No Encrypt 01 - Encrypt
830100 – Expect More Commands 01 – FF (Last Command). If last command, Device will provide a single beep after receiving a successful response from tag, otherwise, device will provide a double beep.BR
End of any wrappers, at minimum including Request Message
## Table – MIFARE Classic/MINI® Commands
CommandLengthField Value
MIFARE ReadByte 0 – 0x30 – Read Command
Byte 1 – Sector Number to Read
Byte 2 – Start Block Number
Byte 3 – End Block Number
Byte 4 – Key Type, 0 = A, 1 = B
Byte 5 to 10 = 6 Byte Key
MIFARE WriteByte 0 – 0xA0 – Write Command
Byte 1 – Sector Number to Write
Byte 2 – Start Block Number
Byte 3 – End Block Number
Byte 4 – Key Type 0 = A, 1 = B
Byte 5 to 10 = 6 Byte Key
Byte 11 to x = Variable length Byte Data (16 bytes per block)
MIFARE IncrementByte 0 – 0xC1 – Increment Command
Byte 1 – Source Sector Number
Byte 2 – Source Block Number
Byte 3 – Key Type 0 = A, 1 = B
Byte 4 to 9 = 6 Byte Key
Byte 10 to 13 = 4 Byte Operand
MIFARE DecrementByte 0 – 0xC0 – Decrement Command
Byte 1 – Source Sector Number
Byte 2 – Source Block Number
Byte 3 – Key Type 0 = A, 1 = B
Byte 4 to 9 = 6 Byte Key
Byte 10 to 13 = 4 Byte Operand
MIFARE RestoreByte 0 – 0xC2 – Restore Command
Byte 1 – Source Sector Number
Byte 2 – Source Block Number
Byte 3 – Key Type 0 = A, 1 = B
Byte 4 to 9 = 6 Byte Key
MIFARE TransferByte 0 – 0xB0 – Write the value from the Transfer Buffer into destination block number
Byte 1 – Destination Sector Number
Byte 2 – Destination Block Number
Byte 3 – Key Type 0 = A, 1 = B
Byte 4 to 9 = 6 Byte Key
## Table – MIFARE Plus EV1/EV2/SE/X SL1 (Security Level 1) Commands
CommandLengthField ValueEV1EV2SEX
First Authenticate (part1 and part2)3

First Authenticate. Use this command to switch to higher security levels. This command is behaved as the last command. Device will provide a single beep after receiving a successful response from a card, otherwise, device will provide a double beep.


Byte 0 = 0x70
Byte 1-2 = Level 2 Switch Key (MIFARE Plus X only), or Level 3 Switch Key. See NXP doc ds206234, table 113.
Byte 3 = MIFARE Plus AES_Key#
- 0x01 = AES_Key1 = 16 bytes value stored in Property 1.2.1.1.4.5 MIFARE Plus AES_Key1.
- 0x02 = AES_Key2 = 16 bytes value stored in Property 1.2.1.1.4.6 MIFARE Plus AES_Key2.
- 0x03 = AES_Key3 = 16 bytes value stored in Property 1.2.1.1.4.7 MIFARE Plus AES_Key3.
- 0x04 = AES_Key4 = 16 bytes values stored in Property 1.2.1.1.4.8 MIFARE Plus AES_Key4.
- 0x05 = AES_Key5 = 16 bytes values stored in Property 1.2.1.1.4.9 MIFARE Plus AES_Key5.
- 0x06 = AES_Key6 = 16 bytes values stored in Property 1.2.1.1.4.A MIFARE Plus AES_Key6.

YYYY
Following Authenticate (part 1 and part 2)3Following Authenticate. Use this command for an option to put the NFC tag in Security Level 1 AES Authenticated before sending MIFARE Classic commands.
Byte 0 = 0x76
Byte 1-2 = Security Level 1 Card Authentication Key. See NXP doc ds206234, table 113.
Byte 3 = MIFARE Plus AES_Key# (same key numbering as First Authenticate)		YYYY
READ_SIG2The READ_SIG command returns an IC-specific, 48-byte ECC originality check signature.
Byte 0 = 0x3C
Byte 1 = 0x00, RF		YYNN
Personalize UID2

Set anti-collision, selection and authentication behavior. The execution of this command requires an authentication to MF Classic sector 0 (use MIFARE Read command sector 0 from Table 96 – MIFARE Classic/MINI® Commands).

Once this command has been issued and accepted by the PICC, the configuration is automatically locked. A subsequently issued ‘Personalize UID Usage’ command is not executed and fails.

Byte 0 = 0x40
Byte 1 = Encoded type of UID usage:
- 0x00 = UIDF0 = anti-collision and selection with the double size UID (7-byte) according to ISO/IEC14443-3
- 0x40 = UIDF1 = anti-collision and selection with the double size UID (7-byte) according to ISO/IEC14443-3 and optional usage of a selection process shortcut
- 0x20 = UIDF2 = anti-collision and selection with a single size random ID (4-byte) according to ISO/IEC14443-3. After the card is configured with random ID, it won’t be able to perform any MF Classic authentication since MF Classic authentication requires UID.
- 0x60 = UIDF3 = anti-collision and selection with a single size NUID (4-byte) according to ISO/IEC14443-3 where the NUID is calculated out of the 7-byte UID

YYNN
CANCEL1

This command is used to terminate the pass-through command session.


Byte 0 = 0xFF

YYYY
## Table - Response Data for Command 0x1101 – Pass Through Command for MIFARE Classic/MINI®/Plus SL1 (Security Level 1), Type 2
TagLenValue / DescriptionTypReqDefault
Beginning of any wrappers, at minimum including Response Message
1101 = Command 0x1101 – Pass Through Command for MIFARE Classic/MINI®/Plus SL1 (Security Level 1), Type 2
81var

Tag Response Code


Byte 0 = 0x00 = Success


Byte 0 = 0x01 = I/O Failed
Byte 0 = 0x02 = Authentication Failed
Byte 1 = 0x01 = Block that Failed (optional)

BRN/A
82varEncryption Control. If encrypted, see Table 93 - Payload for Encrypted NFC/MIFARE Data. If unencrypted see Table 94 – Unencrypted NFC/MIFARE Data.BON/A
End of any wrappers, at minimum including Response Message
{% hint style="info" %} If the request started successfully, the Request Status in the message wrapper is: OK, Started / Running, All good / requested operation was successful. {% endhint %} ## Table - Request Example (Read Sector 0, Block Number Start 0 - End 0, KeyType A, Key = FFFFFFFFFFFF) {% code title="Example (Hex)" %} ``` AA 00 81 04 01 19 11 01 84 15 11 01 81 0B 30 00 00 00 00 FF FF FF FF FF FF 82 01 00 83 01 00 ``` {% endcode %} ## Table - Response Example (Read Sector 0, Block Number Start 0 - End 0, KeyType A, Key = FFFFFFFFFFFF) {% code title="Example (Hex)" %} ``` AA 00 81 04 82 19 11 01 82 04 01 00 00 00 84 1C 11 01 81 01 00 82 15 FC 13 DF 7A 10 A4 FB 0D 3E 6C 08 04 00 03 0D C0 90 EE BF BB 1D ``` {% endcode %} ## Table - Payload for Encrypted NFC/MIFARE Data
TagLenValue / DescriptionTypReqDefault
/DFDF59varEncrypted Data Primitive. Decrypt the value of this TLV data object using the algorithm and variant specified in the Encrypted Data KSN parameter and the Encrypted Data Encryption Type parameter to read its contents. The format of the decrypted data is shown in Table 360.BR
/DFDF50varEncrypted Data KSNBR
/DFDF5101Encrypted Data Encryption Type. See section 4.4 Encryption Type for a list of valid values.BR
End of any wrappers, at minimum including Response Message
## Table – Unencrypted NFC/MIFARE Data | Tag | Len | Value / Description | Typ | Req | Default | | ----- | --- | ------------------------- | --- | --- | ------- | | FC | var | NFC/MIFARE Data Container | T | R | | | /DF7A | var | NFC/MIFARE Data | B | O | | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/dynaflex-ii-go/documents/developers-manuals/programmers-manual-commands/commands/nfc-mifare-pass-through/pass-through-for-mifare-classic-mini-plus-sl1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.