MIFARE Ultralight EV1 vs MIFARE Classic 4K
MIFARE Ultralight EV1 offers 128 bytes memory with 32-bit password security, making it ideal for limited-use transit tickets, loyalty tokens. MIFARE Classic 4K provides 4096 bytes with Crypto-1 (broken) security, suited for legacy transit with stored value, multi-application cards.
MIFARE Ultralight EV1
MIFARE Classic 4K
MIFARE Ultralight EV1 vs MIFARE Classic 4K
MIFARE Ultralight EV1 and MIFARE Classic 4K represent different ends of the Classic-era NXP card spectrum. Classic 4K's larger memory might seem superior, but the broken Crypto-1Crypto-1Broken proprietary cipher in MIFARE Classic (reverse-engineered 2008)View full → cipher undermines any security advantage — leaving Ultralight EV1's simpler model with a comparable real-world security posture despite its smaller capacity.
Overview
MIFARE Ultralight EV1: 48–128 bytes, 32-bit password, 24-bit monotonic counter, OTP area, NFC ForumNFC ForumIndustry body developing NFC standards, specifications, and certifications since 2004View full → Type 2 compliant. Designed for limited-use transit tickets in controlled environments where the counter is the primary anti-reuse mechanism and cost per tag is the dominant design constraint.
MIFARE Classic 4K: 4096 bytes across 40 sectors (32 standard 3-block sectors plus 8 large 15-block sectors for the upper 2 KB), Crypto-1 cipher broken since 2008. The upper 2 KB added to Classic 1K's architecture enables more complex multi-application legacy card layouts. Security is identical to Classic 1K — the cipher does not improve with memory size, and all Darkside, Nested AuthenticationAuthenticationIdentity verification of NFC tags/readers via passwords or cryptographyView full →, and Hardnested attacks apply equally to both variants.
Key Differences
- Security: Both are weak for new deployments. Classic 4K's Crypto-1 is actively attacked and produces cloneable cards with commodity hardware. Ultralight EV1's 32-bit password is brutable with targeted NFC hardware but requires physical proximity and does not expose the kind of cipher attack surface that Crypto-1 does.
- Memory: Classic 4K's 4 KB dwarfs Ultralight EV1's 48–128 bytes — relevant for complex multi-application legacy card layouts in transit systems where transit balance, loyalty balance, and access permissions share one card.
- Counter: Ultralight EV1's monotonic 24-bit counter is useful for ticket use enforcement without needing value decrement cryptography. Classic 4K has no hardware counter — counter logic must be implemented via Crypto-1 value files, which are attackable.
- NFC Forum compliance: Ultralight EV1 is Type 2 NFC Forum compliant with native NDEF support. Classic 4K is not NFC Forum compliant — it uses a proprietary command set that smartphones cannot natively interact with.
- Multi-application: Classic 4K's 40 sectors allow multiple sector-key-isolated applications (transit + loyalty + access). Ultralight EV1 is a single-application NDEF tag.
Technical Comparison
| Parameter | MIFARE Ultralight EV1 | MIFARE Classic 4K |
|---|---|---|
| ISO standard | ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-3A (NFC Type 2) | ISO 14443-3A (proprietary commands) |
| User memoryUser memoryTag memory portion available for user data storageView full → | 48 or 128 bytes | ~3440 usable bytes |
| Security | 32-bit password | Crypto-1 (broken) |
| Monotonic counter | Yes (24-bit) | No |
| OTP area | Yes | No |
| Multi-application sectors | No | Yes (40 sectors) |
| NFC Forum Type 2 | Yes | No |
| Clone resistance | Low | Very low |
| Data retention | 10 years | 10 years |
| Write endurance | 100,000 writes | 100,000 writes |
| Unit cost (volume) | $0.05–$0.12 | $0.15–$0.40 |
| New deployment | Limited-use tokens only | Legacy maintenance only |
Use Cases
MIFARE Ultralight EV1 is appropriate for single-use and limited-use transit tickets, event wristbands, and low-value promotional tokens where the monotonic counter provides use-limit enforcement and cost per unit is the primary constraint.
MIFARE Classic 4K remains in transit systems where its additional memory sectors enable multi-application legacy card layouts (transit + loyalty + access on one card) and where the cost of replacing all Crypto-1 readers represents a capital expenditure that outweighs the security risk in the operator's analysis. This is exclusively a legacy maintenance use case.
Verdict
Classic 4K's additional memory matters only in legacy systems where sector-isolated multi-application layouts are already in production and reader replacement is not economically viable. For any new deployment, neither chip is recommended for security-sensitive applications. For simple limited-use token deployments where cost drives all decisions, Ultralight EV1's counter mechanism is more purpose-built and its simpler architecture is easier to reason about than Classic 4K's broken-cipher sector management. Classic 4K's larger memory under Crypto-1 is not a security advantage over Ultralight EV1's smaller password-protected memory.
Öneri
Choose MIFARE Ultralight EV1 when you need improved Ultralight with password protection; choose MIFARE Classic 4K when you need largest Classic with 4 KB memory.