How Do I Read DESFire Cards?
- Tzuling Lin (Unlicensed)
- Yan Mu
- Chris Barton
Use the command sequence below to read and write to DESFire cards. Also, see the example attached here: DESFire Example.txt
Enable Pass-Through Mode
Poll For Token Command
Sequential APDU Desfire Commands for Select AID, Read, and Write with 2C-03 Command.
Internal Card Authentication.
On Card Authentication: Sequential APDU Desfire Commands for Select AID, Read and Write with 2C-03 Command.
Note that each card has a different RandB value returned from the Get RandA command. You will need to implement an algorithm to calculate a new session key based on the returned RandB data. It requires the correct session key to be able to read and write on the card. Furthermore, a new session key will be generated per each transaction. The algorithm has to be implemented in a host application to calculate the session key. The transaction flow is shown on page 9 of the specification: M075031_desfire.pdf
The DES Calculator online tool (https://emvlab.org/descalc/) helps to calculate the key (using encrypt mode = DES-CBC). Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector (IV) of a certain length.