The MIFARE DESfire card is the latest MIFARE version supported by the Gallagher system. When a site has been configured with a non-default MIFARE Site Key, the use of such cards is considered secure by Gallagher (and by this research!)
These cards hold data in a different structure than the MIFARE Classic and MIFARE Plus cards; instead of a sector/block-based memory layout, they hold individual files and keys in application (i.e. card use-case) specific structures.
The keys used in the applications are either fixed or generated by diversifying the MIFARE Site Key using application- and key-specific data, as outlined below.
The algorithm appears to have meant to be the NXP-defined AN10922 algorithm, but it has a slight difference: the last output block of diversification input is re-ciphered before XORing with K2 (using the notation in the document linked above). Whether this is intentional or a mistake is hard to tell.
For most keys, the input to the diversification algorithm can take one of two forms:
-
Card serial number (CSN) included: in which case, the input is the 4 byte CSN, followed by the 1 byte key number, followed by the 3 byte AID.
-
Card serial number excluded: in which case, the input is the 1 byte key number, followed by the 3 byte AID.
Finally, the default application key is the result of diversifiying the bytes 0x03 0x00 0x00 0x00
.
A Gallagher-encoded DESFire card will have at least two applications, and potentially more if more than one site is supported by the card.
The card-wide card application has the NXP-defined AID of 0x000000
. It has one key:
- Key 0x0: Card Master Key (CMK): diversified without the CSN.
These applications have an application ID (AID) between 0xF48120
and 0xF4812B
, inclusive. Note that these use an NXP-defined mapping of Gallagher's 2 byte AIDs used in the MIFARE Classic and MIFARE Plus MIFARE Application Directory (MAD) into the 3 byte AIDs used in DESFire.
The application has a configuration byte of 0x0B
.
There are three keys defined for the application:
- Key 0x0: Application Master Key (AMK): diversified with the CSN.
- Key 0x1: "UID Discovery": diversified without the CSN.
- Key 0x2: Cardax read: diversified with the CSN.
There are two files:
- File 0x0: "Cardax standard". This contains an 8 byte cardholder credential data block, followed by its bitwise inverse (like block 0 of a MIFARE Classic card). It has permissions
0x2000
. - File 0x1: "Cardax enhanced". This contains a 16 byte MIFARE Enhanced Security block, if enabled for the site (otherwise the file is not present). It also has permissions
0x2000
.
The card application directory application (!) has AID 0xF4812F
(again, this is a mapped 2 byte ID). The application holds data similarly to (but not the same format as) the MIFARE Classic and MIFARE Plus card application directories.
The application has a configuration byte of 0x0B
.
There is one key defined for the application:
- Key 0x0: Application Master Key (AMK).
There is at least one and up to three files:
- Files 0x0 - 0x2: CAD. This contains up to six entries, each of which contain:
- 1 byte RC
- 2 byte FC
- 3 byte AID, written in reverse byte order.
It has permissions 0xE000
.
This application, defined by NXP in AN10787, contains general informtion on the holder and uses of the card. It has AID 0xFFFFFF
.
There is one key defined for the application:
- Key 0x0: Application Master Key (AMK): diversified with the CSN.
There are two files defined:
- File 0x0: MAD version. Contains the bytes
0x00 0x00 0x03
and has permissions0xE000
. - File 0x2: card publisher. Contains the string www.cardax.com followed by a
0x00
byte (note the two spaces, and has permissions0xE000
.
Here is the contents of an example MIFARE DESFire card:
Contains A3 B4 B0 C1 51 B0 A3 34 5C 4B 4F 3E AE 4F 5C CB
.
We can see the cardholder credential block 0xA3B4B0C151B0A334
(followed by its bitwise inverse), which decodes to (RC 12 (M), FC 0x1337 = 4919, CN 0xF00D = 61453, IL = 3).
Contains 1A D0 8D D6 2F B3 E4 38 BE 7A 05 E7 CB 0B 1B C7
.
This is a MES block.
Contains A3 B4 B0 C8 51 B0 A3 A2 5C 4B 4F 37 AE 4F 5C 5D
.
We can see the cardholder credential block 0xA3B4B0C851B0A3A2
(followed by its bitwise inverse), which decodes to (RC 13 (N), FC 0x1338 = 4920, CN 0xF00E = 61454, IL = 1).
Contains 1A D0 8D D6 2F B3 E4 38 BE 7A 05 E7 CB 0B 1B C7
.
This is a MES block.
Contains:
0C 13 37 20 81 F4 0D 13 38 21 81 F4 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00
We can see 2 6-byte entries: 0x0C13372081F4
and 0x0D13382181F4
, which decode to:
RC | FC | AID |
---|---|---|
C |
0x1337 |
0x2081F4 |
D |
0x1338 |
0x2181F4 |
This corresponds with what we read in the previous application files.
This file contains the general user info:
Contains 00 00 03
, as expected.
Contains 77 77 77 2e 63 61 72 64 61 78 2e 63 6f 6d 20 20 00
, as expected.