Mifare

Processor and storage cards

AID of PICC is 00 00 00. And then key#0 is the masterkey. There is a masterkey for PICC and another masterkey for an application.

In Wikipedia, the DES keying options are termed as:

  • keying option 1 or 3TDEA when k1 != k2 != k3 this is the strongest

  • keying option 2 or 2TDEA when k1 != k2 but k3 = k1

  • keying option 3 where k1 = k2 = k3

In Mifare, wither DES or 3DES, these keys is 16 bytes in length. The difference is that in DES the first half is mirror copy of 2nd half. These are Keying options in DES terminology.

DESFire Commands

Security Related Commands:

  • Authenticate

  • Change KeySettings

  • Get KeySettings

  • Change Key

  • Get KeyVersion

PICC Level Commands:

  • Create Application

  • Delete Application

  • Get Applications

  • Select Application

  • FormatPICC

  • Get Version

Application Level Commands:

  • Get FileIDs

  • Get FileSettings

  • Change FileSettings

  • Create StdDataFile

  • Create BackupDataFile

  • Create ValueFile

  • Create LinearRecordFile

  • Create CyclicRecordFile

  • Delete File

Data Manipulation Commands:

  • Read Data

  • Write Data

  • Get Value

  • Credit

  • Debit

  • Limited Credit

  • Write Record

  • Read Records

  • Clear RecordFile

  • Commit Transaction

  • Abort Transaction

---------------------------------------------------------------------------------------------------------------

Access to data is granted at an application level.

Access Rights:

  • Read Access

  • Write Access

  • Read&Write Access

  • ChangeAccessRights

The 4 bits index into the KEY table!

File Types: (data, value, record)

  • Standard Data Files

  • Backup Data Files

  • Value Files With Backup

  • Linear Record Files With Backup

  • Cyclic Record Files With Backup

Cryptographic Keys Places:

  • PICC master key

  • Application master key per application

  • 1-14 keys per application

11 bytes + 2 bytes CRC is 13 must %8 becomes 16 bytes then encrypted

---------------------------------------------------------------------------------------------------------------

NV-memory is allocated in blocks of 32 bytes. Record File with 2 Records and a size of 10 Bytes/Record internally always uses 64 bytes

The 3rd byte in each command

Take note of the FileID range 0x00 ~ 0x07 range can be backed up.

FileID = 0x00 ~ 0x0F
FileID = 0x00 ~ 0x07
FileID = 0x00 ~ 0x07
FileID = 0x00 ~ 0x07

Last updated

Was this helpful?