Product News
What Can We Do with MIFARE Ultralight Cards?
What Can We Do with MIFARE Ultralight Cards?
1. Simple Answer
In simple terms, MIFARE Ultralight cards are contactless RFID tags used for low-cost, limited-use applications. They operate at 13.56 MHz and comply with ISO/IEC 14443A, making them readable by standard NFC readers and most smartphones. Unlike higher-end smartcards (like MIFARE Classic or DESFire), Ultralight chips offer only a few dozen to a couple hundred bytes of user memory. This is enough to store small NDEF payloads (URLs, IDs, vouchers, etc.) or simple ticket counters, but not large databases or secure files. Their anti-cloning features are minimal – mainly one-time programmable (OTP) bits and lock bytes that can render pages read-only once set. In practice, we use Ultralight cards to digitally replace magnetic-stripe or paper tickets and coupons for transit tickets, event passes, loyalty cards, and similar disposable or semi-permanent credentials. They are especially popular where system upgrades to contactless can improve throughput and reduce maintenance costs. For example, cities deploy Ultralight cards for single-trip metro tickets or bus passes, and conferences or theme parks use them for one-day badges or wristbands. Businesses use them as low-cost customer loyalty tags or for short-term access control. In all these cases, the Ultralight card can hold a small amount of data (often in NFC/NDEF format) and simply be tapped on a reader to register an entry or consume a credit. Crucially, because they are inexpensive, they can be issued and disposed of cheaply, with fast read/write operations (~106 kbps) for quick scanning at gates. In summary, we can do most any short-duration identification or data-exchange task with Ultralight cards, as long as high security is not required – e.g. transit ticketing, event access, simple loyalty coupons, NFC-enabled posters, etc.

2. Explanation
MIFARE Ultralight cards are passive NFC (RFID) tags that power from the reader’s RF field (13.56 MHz) and use the ISO/IEC 14443A protocol. Each card contains a small EEPROM memory (from 48 bytes up to ~192 bytes user memory, depending on type) and a fixed 7-byte unique ID (UID) plus two check bytes. The basic Ultralight (MF0ICU1) has 512 bits (64 bytes total) of EEPROM: 48 bytes user area (pages 4–15) plus system bytes (UID on pages 0–2, and a 4‑byte OTP page 3). The memory is organized into 4-byte pages, which are the unit for read/write operations. After production, all bits are at “0” (erased) and read as zeros; writing changes bits to “1”. The UID (7 bytes) and check bytes (CRC) are factory-programmed on page 0–2. An 8-bit “lock” structure exists in pages 2–3: specific bits can be turned on to permanently freeze ranges of memory pages or the OTP page. Once a bit is set, the corresponding block or page becomes read-only. The one-time programmable (OTP) page (page 3) can only be written “0→1” (by OR-ing), providing a simple immutable bitmask feature (for example, burn once to mark a card used).
Most Ultralight chips implement the NFC Forum Type 2 Tag specification, which means the user memory can be formatted with an NDEF (NFC Data Exchange Format) message: typically the first few bytes of user memory hold a TLV block (Tag-Length-Value) starting with 0x03 (NDEF TLV), followed by a short NDEF record (URI, text, etc.). Many applications use Ultralight tags to store a URL or small NFC data payload that smartphones can read via NFC. NXP and community guides confirm that Ultralight tags are fully NFC-compatible; Android phones (and even iPhones with recent NFC support) can read/write them as standard NFC Type 2 tags.
Typical commands: Communication uses ISO14443A/ISO7816 framing, but commands are simple 8-bit instructions at the bitstream level. To interact, the reader first issues REQA/WUPA and anti-collision to select the tag. Then commands include:
●READ (0x30): reads 4 pages (16 bytes) starting at a given page number.
●WRITE (0xA2): writes 4 bytes to a single page (only pages 4 and above; pages 0–3 are read- ●only or special). On a success, the card responds with an ACK (0xA) or NAK (0x0A/0x0B).
●COMPATIBILITY WRITE (0xA0): a two-step write for legacy compatibility (some readers) that also writes 4 bytes to a page.
●PWD_AUTH (0x1B, EV1 only): UL EV1 uses a 32-bit password and this command for simple authentication on protected pages.
●READ_SIG (0x3C, EV1): reads an ECC-based signature stored in the IC for authenticity checking.
●INCR_CNT / READ_CNT (EV1): EV1 supports one-way counters via special commands.
For Ultralight C (MF0ICU2), a two-pass 3DES AUTHENTICATE (0x1A/0xAF) sequence is used to prove possession of the secret key.
After operations, HLTA (Halt) stops communication. These low-level commands are typically handled by NFC libraries or APIs; for example, Android’s MifareUltralight class allows readPages(page) and writePage(page, data) calls that correspond to these commands.
Memory details: As noted, the original Ultralight has 48 bytes user (pages 4–15). Newer variants expand this:
●Ultralight C: has 144 bytes user (pages 4–39). It includes a 16-bit one-way write counter at page 29, 32-bit OTP (page 3), and configurable lock bits (pages 42–43 for read-lock, pages 40–41 for general locks).
●Ultralight EV1:comes in two sizes: a 48-byte version (20 pages) and a larger 128-byte version (41 pages). It features advanced integrity: three independent 24-bit one-way counters stored in special non-volatile locations, accessed via new commands. Each counter can be incremented atomically with anti-tearing support (via INCR_CNT and checked with CHECK_TEARING_EVENT). EV1 also has a 32-bit password, its acknowledge (PACK), and multiple lock config pages.
●Ultralight AES (x series): provides 144 bytes of user memory (same structure as C) but replaces 3DES with full AES-128 authentication and message integrity (CMAC). It supports randomized UIDs for privacy and ECC signature pre-programmed for originality. It is certified to Common Criteria EAL3+ for high assurance use.
Performance: All MIFARE Ultralight variants use 106 kbps data rate (the standard ISO14443A 106 kbps mode). Typical read range is up to ~5–10 cm (depending on antenna design). An entire 4-page (16-byte) block read takes under 1 ms, so an Ultralight ticket transaction (a few reads and maybe one write/lock) typically completes in well under 50 ms. The EEPROM is rated for ~100,000 write cycles and ≥10 years data retention (far above typical disposable-use needs). Physically, Ultralight ICs are often bump-bonded dies used in thin paper tickets or glued onto PVC cards. They comply with ISO size (CR80 credit-card format for laminated cards; thin).
Security: Original Ultralight has very basic security: just page-lock bits and OTP bits. There is no encryption on data transfers, so data can be read by any compatible reader. Thus cloning is trivial once bits are written (a known drawback). Ultralight C adds an optional 3DES mutual authentication (Crypto1 algorithm) – pages can be protected so they only allow read/write after authentication. The C variant’s memory locks require a key that is never readable from the card. EV1 uses a simpler 32-bit password (with ACK response) for page protection; its counters have anti-tearing to prevent attacks via power interruption. Ultralight AES further upgrades to AES-128 and CMAC, providing strong encryption and integrity on selected memory regions. However, none of these are as strong as modern DESFire or smartcard solutions; Ultralight (even C/EV1) is suitable for “protected” tickets but not for banking or highly sensitive ID. Developers must ensure that lock bytes, authentication keys, and counters are correctly managed in software, since misconfiguration (e.g. leaving keys at default) can leave the card as vulnerable as an unprotected one.
For writing NDEF data, one would format a TLV header (0x03), write 4-byte chunks with writePage(pageNumber, bytes), then lock pages or write the 0xFE terminator TLV. On readers (e.g. ACS, Elatec), ISO7816 APDUs like FF B0 (read binary) and FF D6 (write binary) are often used to wrap the native commands.
3. Use Cases
Because of their low cost and NFC compatibility, MIFARE Ultralight cards are widely used in scenarios where large volumes of tickets or tags are needed without requiring high security. Typical use cases include:
●Public Transportation Tickets: Single-ride or day-pass metro/bus tickets. Many transit agencies use Ultralight or Ultralight C embedded in paper tickets or PVC cards for contactless fare. The cards can be sold for a few cents and then read by turnstiles. The cards’ UID or a stored counter can be used to validate the ride. The ultralight’s OTP or counters are often used to prevent reuse (a counter increments when ticket is used).
●Event Access Passes: Disposable event badges (concerts, conferences, exhibitions). Organizers print Ultralight tags on wristbands or badges to track entries and distribute digital content (Wi-Fi codes, maps). The NFC capability enables smartphones to scan wristbands for info or to verify authenticity.
●Parking & Toll Passes: Short-term parking permits or toll tags. An Ultralight tag can hold validity data; RFID readers at entry gates charge or log upon reading.
●Loyalty and Promotional Cards:Coupons and loyalty cards in retail. An Ultralight card can store points or coupon codes and be updated on each purchase. NFC posters embed Ultralight tags that point to promotional websites or discount vouchers. (Example: tap a poster to get a coupon URL.)
●Tourism & Venue Passes:Museum passes, theme park bracelets, pool/waterpark entry bands. These single-day or short-term uses fit well with Ultralight’s lifecycle. The card can even be inside paper tickets (cheap to print) as suggested by NXP.
●Simple Access Control: Temporary facility access badges. Visitors or short-term staff can be given an Ultralight card or sticker to enter non-sensitive areas. (For high security areas, use higher-grade MIFARE or DESFire.)
●Smart Packaging & Anti-Counterfeiting: Embedding Ultralight tags in packaging for authentication or supply-chain tracking. Consumers or inspectors can tap a bottle or product to verify an NFC code.
●Student/Library Cards: Low-cost school IDs or library cards (limited functionality). Cards store a student ID number or book checkout count.
●NFC Business Cards: Although limited memory (48 bytes), one can store a URL or vCard via NDEF. A user taps the card to get contact details.
●IoT and Asset Tagging:Tagging equipment or assets for inventory. The tag ID can be scanned with an NFC reader to fetch info from a database.
Many of these applications leverage mobile devices. For example, Android apps can read Ultralight tags to display data or integrate with mobile wallets. (Google Pay and Apple Wallet mainly store payment credentials, not generic NFC tags, but loyalty apps can integrate Ultralight scanning.) It’s worth noting that Android phones fully support MIFARE Ultralight via the standard NfcAdapter API. Apple iPhones (with newer iOS versions) can also scan Type 2 tags like Ultralight for NDEF content (e.g. reading a URL), though proprietary features (like password-auth for EV1) may not be accessible without special libraries. In summary, any environment that benefits from contactless ID with minimal security is a fit for Ultralight. The card’s broad smartphone and reader compatibility ensures easy integration in public transit gates, turnstiles, POS terminals, and NFC-enabled smartphones.

4. Comparison of Ultralight Variants
Below we compare the main MIFARE Ultralight variants along key attributes. This is not a vendor comparison, but a product-line comparison (all by NXP). Each variant targets different memory and security needs:
*NTAG is another NXP tag line (Type 2), included for context. Unlike MIFARE, NTAG supports large NDEF payloads and stronger anti-cloning (NTAG213–216 have unique NXP trust bits, NTAG424 has AES).
Key points from the comparison: Original Ultralight is the cheapest and simplest, ideal for single-use tickets with no special security. Ultralight C adds moderate security (3DES), making it suitable for transit or event tickets that need some protection against forgery. EV1 provides more memory (especially the 128-byte variant) and advanced features (counters, anti-tear), targeting industrial or multi-use applications like stored-value tickets. Ultralight AES is a new, premium option (Common Criteria certified) for when encryption and data integrity (AES) are required while staying in the low-cost “Ultralight form factor”. In general, choosing among them depends on security vs. cost vs. memory needs: Basic Ultralight is lowest-cost (no crypto), C is slightly higher cost for moderate security, EV1 is more cost for larger memory and reliability, and AES is highest security/cost for high-assurance use cases.
5. Cost, MOQ & Lead Time
MIFARE Ultralight cards are driven by component costs and volume. Key factors include:
●Chip variant and memory: Simpler chips (Ultralight 48B) cost less than complex ones (EV1-128B or AES). Adding crypto (3DES, AES) and counters increases die complexity. Thus Ultralight C/AES/EV1 typically cost more per unit than the original Ultr. The difference is modest, but significant at scale.
●Card type and personalization: Buying just inlays (bare chips on paper) is cheaper per chip than fully finished PVC cards. Printing, lamination, encoding, and packaging add cost. Custom branding, smart plating (metal cards), or special inks raise the price.
●Volume (MOQ): For custom cards (e.g. printed PVC cards), suppliers often require an MOQ. Standard trade shows or card printers might do small orders (e.g. 100–500 units), but bulk pricing often starts at thousands. For basic white cards or tags, many distributors sell in reels or batches (e.g. 1,000, 10,000 pieces) to hit low price breaks.
●Supply chain and lead times: MIFARE chips are widely produced, but lead times can vary. If stock is available, orders ship quickly. For large or custom orders (especially new IC types like AES), lead times might be several weeks. Working with authorized distributors (like Kaisere Technology) can reduce risks: they maintain inventories and can advise on alternatives. During high demand (e.g. new transit projects), it’s wise to plan ahead and lock in price. Rush production or high-grade materials could incur surcharges.
●Procurement strategies: To manage costs, buyers should compare blank vs. printed cards, negotiated pricing at volume, and long-term supply agreements. Evaluating card lifecycle cost (including reusability vs. disposable) is also important. Since Ultralight cards are reusable in some cases (EV1 variants), reloading the card in the field (instead of issuing new ones) can save money over time.
In summary, Ultralight cards are among the cheapest RFID tags, but prices vary with features. MOQ is typically in the hundreds for generic stock; custom jobs may require thousands. Lead time is generally 2–8 weeks. When pricing, focus on requirements like memory and security level, and work with suppliers early to optimize cost vs. performance.
6. Why Kaisere Technology
Kaisere Technology is a Shenzhen-based RFID card manufacturer specializing in MIFARE® Ultralight products, including PVC cards, paper tickets, stickers, wristbands, and other NFC solutions. With over 10 years of manufacturing experience, Kaisere provides genuine NXP MIFARE Ultralight cards for transportation, access control, events, and retail applications.
Kaisere’s advantages include:
●Complete Product Range: Supporting MIFARE Ultralight, Ultralight C, Ultralight EV1, Ultralight AES, and Ultralight Nano in various formats.
●Flexible Customization: Offering custom printing, UID printing, QR codes, encoding, and different material options to meet project needs.
●Reliable Quality: Using genuine NXP chips with strict quality control to ensure stable performance and compatibility.
●Professional Manufacturing: Providing flexible MOQ, efficient production, and global shipping support for customers worldwide.
By focusing on RFID card manufacturing expertise, Kaisere helps customers select the right MIFARE Ultralight product and deliver reliable customized NFC solutions for different applications.

7. FAQ
Q: Are Ultralight cards NFC-compatible?
A: Absolutely. They follow ISO 14443-A, the same as NFC. Most Android phones can read/write Ultralight tags using NFC APIs. (iPhones can scan the NDEF data on newer OS versions but cannot perform custom password commands on EV1, for example.)
Q: What are the memory sizes of Ultralight variants?
A: The basic Ultralight has 48 bytes user memory. Ultralight C has 144 bytes user. Ultralight EV1 comes in 48-byte or 128-byte versions (64/128 bytes user available). Ultralight AES offers 144 bytes user. Each also has 7-byte UID and some extra pages (OTP, config, keys) outside user space.
Q: How many times can I rewrite Ultralight cards?
A: The EEPROM is rated for about 100,000 write cycles, and typically retains data for 10+ years. For single-use tickets this is irrelevant, but for reusable passes (like stored-value cards) it means they can last many years under normal use.
Q: What is the typical read range?
A: In practice, you’ll see a read range of a few centimeters (2–10 cm depending on antenna and card orientation). Thin paper tags have shorter range than thick PVC cards. For best results, use a suitable antenna design in the reader and align the card properly.
Q: Can I store NDEF data on an Ultralight card?
A: Yes. Treat it as an NFC Forum Type 2 tag. Write an NDEF TLV (starting 0x03) into page 4 onward. Keep the message small (a URL or small text) to fit the limited memory. After writing, you should ideally lock the NDEF area to prevent accidental overwrites (e.g. setting lock bits on pages used by NDEF).
Q: How do I write data to a specific page?
A: Use the WRITE (0xA2) command with a 4-byte block. For example, to write bytes [D0, 03, 01, 0F] to page 5, send A2 05 D0 03 01 0F CRC. On Android, mifareUltralight.writePage(5, new byte[]{(byte)0xD0,...}) does this. Always check that pages are unlocked before writing.
Q: What power supply does an Ultralight card need?
A: They are passive and get power from the reader’s RF field. There's no battery; just bring a 13.56 MHz reader close enough. No separate voltage is needed.
Q: Are Ultralight cards waterproof or durable?
A: The chip itself is encapsulated in durable epoxy, so it is not damaged by moisture. The physical card material (PVC, PET, paper, silicone) determines environmental tolerance. PVC cards handle water and wear well; paper tickets are thin and need protection (lamination or coating) for moisture.
8. Conclusion
MIFARE Ultralight cards are a proven, cost-effective technology for contactless, short-duration applications. By understanding their technical traits (memory layout, commands, security limits) and how they fit different use cases, system designers can leverage them to replace legacy tickets and automate low-value transactions. While their simplicity imposes security trade-offs, careful design (using locking, counters, authentication, or moving to Ultralight C/EV1/AES) can mitigate risks. For large-scale deployment, factors like memory needs, expected card lifetime, and production volumes drive the choice of variant.
Kaisere Technology stands out as a supplier for these solutions, offering the full MIFARE Ultralight family and custom card manufacturing. They can guide customers to the right card type and provide encoding/printing services, ensuring smooth integration. Shenzhen Kaisere Technology is a trusted NFC and RFID solutions provider and manufacturer, specializing in hotel key cards, access control cards, RFID tags, NFC business cards, and customized RFID products for customers worldwide. Ultimately, when a project calls for NFC-enabled tickets or loyalty cards with minimal security, MIFARE Ultralight is one of the most practical options on the market.
