Normalize UID casing in testPAndC PICC comparison#2
Open
Amperstrand wants to merge 1 commit into
Open
Conversation
CryptoJS.enc.Hex.stringify() returns lowercase hex, while tag.id is uppercase on Android. Lowercase the UID before the startsWith check so valid PICC decryptions don't show a false failure. Fixes boltcard#1 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Amperstrand
pushed a commit
to Amperstrand/bolt-card-programmer
that referenced
this pull request
Apr 19, 2026
AGENTS.md: - Add lesson boltcard#2: partial reset cards can have any combination of keys at original values or all-zeros (0000...0000). - Clarify that getKeyVersion is a plain APDU — no auth, no side effects, does NOT trigger 91ad AUTHENTICATION_DELAY. Only failed authentication attempts cause card delays. - Document the automatic recovery flow (probe, adapt, skip). read.tsx: - Key version display now explains what version 00 means: "key is all-zeros (factory default)" vs "key has been changed". reset.tsx + ResetBoltcard.tsx: - Probe output explicitly states "key is 0000...0000, skipping" when a key is already at factory defaults.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Normalize the NFC UID to lowercase before comparing it with decrypted PICC data in
testPAndC. Fixes false "Test PICC: decrypt with key failed" results on Android when the UID contains A-F characters.Root cause
In
SetupBoltcard.tsx, the app passestag?.idfrom Android NFC intoNtag424.testPAndC(...).On Android,
tag?.idis uppercase (e.g.049F70FA967380).In
NTag424.tsx, the decrypted PICC data is converted to hex withCryptoJS.enc.Hex.stringify(decPiccData), which returns lowercase hex. The comparison:fails because:
c7049f70fa967380...c7049F70FA967380The decryption succeeds — only the string comparison fails due to case.
Fix
This aligns with the CMAC comparison in the same function, which already normalizes case with
cVal.toLowerCase().Verification
Confirmed the full source flow:
SetupBoltcard.tsxpassestag?.id(uppercase on Android) intoNtag424.testPAndC(...)NTag424.tsxcompares that UID againstCryptoJS.enc.Hex.stringify(decPiccData)(lowercase)Fixes #1