Use the command sequence below to read and write to DESFire cards. Also see the example attached here: DesFire Example.txt
- Enable Pass-Through Mode
- Poll For Token Command
- Sequential APDU Desfire Commands for Select AID, Read and Write with 2C-03 Command.
- Internal Card Authentication.
- On Card Authentication: Sequential APDU Desfire Commands for Select AID, Read and Write with 2C-03 Command .
Note that each card has a different RandB value returned from the Get RandA command. You will need to implement an algorithm to calculate a new session key based on the returned RandB data. It requires the correct session key to be able to read and write to the card. Furthermore, a new session key will be generated per each transaction. The algorithm has to be implemented in a host application to calculate session key. The transaction flow is shown on page 9 of the specification: M075031_desfire.pdf
The DES Calculator online tool (https://emvlab.org/descalc/) helps to calculate the key (using encrypt mode = DES-CBC). Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length.