How to Prevent Nfc Tag Cloning

Prevent copying nfc chip signal

I'm afraid with tags there is always the risk of evesdropping, man-in-the-middle or relay attacks. The best you could hope for would be encrypt the data using a pre-known secret on your device and the tag.

This still has the risk of the secret being found out and then copied.

NFC really isn't designed to be a highly secure platform.

For device to device you can implement protocols on TOP of the existing NFC stack (such as SSL) however this wouldn't work with pre-generated tags.

Serials on NFC Tags - truly unique? cloneable?

Are serial numbers of NFC tags truely unique?

That depends on the tag product and what you consider truely unique. E.g.:

ISO 14443 Type A tags with 4 byte serial numbers: There certainly exist duplicates (mainly because there is no clear scheme to divide the available range of serial numbers among the various manufacturers) and you can expect that within a batch of tags, there will be significant similarity between serial numbers (e.g. running sequences).
ISO 14443 Type A tags with 7 byte serial number (similarly for serial numbers of ISO 15693 tags): Each manufacturer is allocated a block of serial numbers (e.g. NXP serial numbers start with 0x04, Infineon with 0x05, etc). Within that block many manufacturers (I'm not sure about all of them) guarantee that they use each serial number only once. So these serial numbers are often unique (each manufacturer has a block of trillions of serial numbers). Still there will often be significant similarities between serial numbers of each batch (e.g. running sequences). Moreover, it seems that even within the serial number ranges that are supposedly guaranteed to be unique by manufacturers there appear counterfeit tag products that have duplicate serial numbers (see this question on duplicate serial numbers of counterfeit(?) NTAG203 chips).

Can serial numbers be cloned?

Yes, definitely. If you look for instance at MIFARE Classic, you can easily get cards with freely customizable serial number from a Chinese vendor of your choice. There is also devices like Proxmark with which you can emulate a card with a freely customizable serial number. And, moreover, it is relatively easy and cheap to build a device that emulates the protocol and consequently emulates a serial number of your choice. (Also see this question on emulating arbitrary serial numbers using Android NFC smartphones.)

As an attacker, the interesting part now is how you find a legit serial number for a specific system (i.e. a serial number that successfully authenticates to the system):

Read someone's card and clone the serial number.
Intercept communication between the legit card and the legit reader.
Make a guess based on other cards from the same batch (that's why similarity between serial numbers also matters).

Is it a good idea to design an access control system that's based solely on serial numbers?

No, definitely not. Still there exist lots of such systems. But more and more of these systems introduce additional security mechanisms.

How do I prevent Other apps to format my NFC cards

You could use secured tag as desfire cards.

This kind of card can be secured by keys.

So only app have keys could read/write/format tag.

How do NFC prevent from re-written when READONLY is set

Likely you've got NTAG215 and NTAG216 cards from NXP. You'll find the data-sheet online.

They implement their write protection using lock bits that can be written once but never erased. How they did that on the chip level is not documented. It could be a hardware feature where you have little silicon junctions working as fuses. If you set the lock-bit you blow the fuse and write access is gone forever. It could otoh be implemented on a firmware level. Your chances to make them writable again are zero though.

However, you may still be lucky. Write protection happens per page and the tags have multiple pages to work with. I'd start dumping all pages and see if you find unprotected pages. In practice that is often the case because whoever wrote the cards may want to keep the door open for future extensions.