How Do I Read DESFire Cards?

Owned by Tzuling Lin
Last updated: Feb 02, 2024 by Yan Mu

Use the command sequence below to read and write to DESFire cards. Also, see the example attached here: DESFire Example.txt

  1. Enable Pass-Through Mode

  2. Poll For Token Command

  3. Sequential APDU Desfire Commands for Select AID, Read, and Write with 2C-03 Command.

  4. Internal Card Authentication.

  5. On Card Authentication: Sequential APDU Desfire Commands for Select AID, Read and Write with 2C-03 Command.

Note that each card has a different RandB value returned from the Get RandA command. You will need to implement an algorithm to calculate a new session key based on the returned RandB data. It requires the correct session key to be able to read and write on the card. Furthermore, a new session key will be generated per each transaction. The algorithm has to be implemented in a host application to calculate the session key. The transaction flow is shown on page 9 of the specification: M075031_desfire.pdf

The DES Calculator online tool (https://emvlab.org/descalc/) helps to calculate the key (using encrypt mode = DES-CBC). Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length.