An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.
6.1k
Stars
1k
Forks
34
Open issues
30
Contributors
AI Analysis
MIFARE Classic Tool is an Android NFC application for reading, writing, analyzing, and cloning MIFARE Classic RFID tags through dictionary-based key attacks and low-level hex manipulation. It serves specialized security researchers, penetration testers, and RFID enthusiasts who need direct hardware-level access to MIFARE Classic tags; it is not a general-purpose NFC app and requires deep familiarity with hexadecimal data and MIFARE Classic technology.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Android NFC tool for reading and writing MIFARE Classic RFID tags, serving security researchers and hobbyists since 2013
MIFARE Classic Tool (MCT) is a free, open-source Android application that lets users read, write, clone, and analyze MIFARE Classic RFID tags using their phone's NFC hardware. It targets security researchers, hobbyists, access-control system administrators, and technically literate users who understand hexadecimal data and MIFARE Classic internals. Available on Google Play, F-Droid, and direct APK, it has accumulated over 6,000 GitHub stars and maintained active development for 13+ years, making it one of the most established mobile RFID tools in its niche.
Created in February 2013, MCT predates most mobile NFC tooling. It emerged as Android NFC APIs matured and MIFARE Classic security weaknesses became widely known, filling a gap between desktop Proxmark3 tooling and zero mobile-friendly alternatives.
Growth has been slow and organic over 13 years, driven by persistent demand from security researchers, CTF participants, physical access control administrators, and hobbyists. The project benefits from being one of very few maintained free tools in this niche. A donate version on Google Play suggests a small but loyal user base willing to pay. Growth is not viral — it accumulates through word-of-mouth in security communities and forum threads like the Proxmark forum.
Available on Google Play and F-Droid with a separate donate version, suggesting measurable real-world install base. The Proxmark forum thread and multi-language README (English, Simplified Chinese, Traditional Chinese) indicate international usage. Exact install numbers are not available from repository metadata, but multi-platform distribution and 6,000+ stars for a highly specialized tool suggest meaningful adoption within its target niche.
Appears to be a single Android application written in Java, likely structured around NFC tag interaction activities and utility classes for encoding/decoding MIFARE Classic data structures. The feature set (block-wise read/write, value block decode, access condition decode) suggests a modular utility design rather than a complex multi-component architecture.
Not documented in README
Last push was June 21, 2026 — five days before the evaluation date — indicating the project is actively maintained. Thirteen years of continuous development with no apparent abandonment periods is a strong signal of sustained commitment. A donate version and external documentation site (icaria.de) suggest ongoing investment by the maintainer.
ADOPT IF: you need a free, mobile-friendly tool to read, write, clone, or analyze MIFARE Classic tags and already have the relevant sector keys; especially useful for field work, CTF challenges, or access control administration on a compatible Android device. AVOID IF: you need key recovery/cracking capabilities, require NFC standards beyond MIFARE Classic (NTAG, DESFire, etc.), or your Android device's NFC controller lacks MIFARE Classic hardware support — a known and documented limitation. MONITOR IF: you rely on it for professional security assessments and want to track whether newer Android NFC API restrictions or hardware changes begin to erode compatibility over time.
Independent dimensions
Mainstream potential
2/10
Technical importance
7/10
Adoption evidence
6/10
- Android NFC hardware fragmentation: a documented list of incompatible devices exists, and future Android versions or chipset changes could further restrict MIFARE Classic hardware-level access without app-level workarounds.
- Single-maintainer dependency: 13 years of active development by what appears to be a single primary maintainer; succession or burnout risk is real even if currently low.
- MIFARE Classic is a legacy, cryptographically weak technology; long-term relevance depends on how slowly organizations migrate away from it — this is a real but slow-moving risk.
- No key recovery capability means MCT is dependent on users having prior knowledge of tag keys, limiting utility in scenarios where tags use unknown keys.
- Special 'gen1/gen1a' magic tags cannot be cloned due to Android NFC API limitations, a fundamental constraint that cannot be resolved in software.
MCT will likely continue slow, steady maintenance as long as MIFARE Classic infrastructure remains deployed globally — which appears likely for at least another decade given its widespread use in transit and access control systems. Mainstream growth is unlikely; niche stability is probable.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Website
- http://www.icaria.de/mct/
- Language
- Java
- License
- GPL-3.0
- Last updated
- 3w ago
- Created
- 163mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
Can not read/write tag [Pixel 8 Pro]
Plans for modern/MD3 UI?
Performance improvement suggestion
Improve "is writable" check for blocks
Detection of anti-copy in MIFARE Classic badges
Similar repos
RfidResearchGroup/proxmark3
Proxmark3 is a specialized RFID reader/writer and analysis tool designed for...
HiddenRamblings/TagMo
TagMo is an Android NFC tag manager for reading, writing, and emulating amiibo...
revtel/react-native-nfc-manager
react-native-nfc-manager brings Near Field Communication capabilities to React...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
6.1k | +21 | Java | 7/10 | 3w ago |
|
|
2.3k | — | Java | 7/10 | 1mo ago |
|
|
5.8k | — | C | 8/10 | 2w ago |
|
|
3.2k | — | JavaScript | 7/10 | 7d ago |
|
|
1.6k | — | Java | 7/10 | 11h ago |
|
|
1.3k | — | Kotlin | 7/10 | 3w ago |
Far more powerful for key recovery, advanced attacks, and protocol analysis, but requires dedicated hardware ($100-300+) and technical expertise. MCT uses the phone's built-in NFC, making it more accessible for basic read/write/clone tasks when keys are already known.
More polished UI and broader NFC standard support (NDEF, NFC-A/B/F/V), but does not offer MIFARE Classic-specific features like sector key management, access condition decoding, or block-level dump/clone operations that MCT specializes in.
Excellent for tag inspection and standard identification, but read-only and not designed for writing, cloning, or key dictionary attacks. Complementary rather than competing for most MCT use cases.
Dedicated hardware device with MIFARE Classic read/write/clone capability and built-in key dictionary. More portable and hardware-independent than a phone, but costs ~$200 and MCT is free for users who already have compatible Android devices.
Provide key recovery capabilities that MCT explicitly does not support. Used upstream of MCT: researchers recover keys with mfoc/mfcuk on desktop, then use MCT on Android for field operations once keys are known.



