Picking the right key for DESFire EV2 cards when UIDs are unreliable/unavailable

Forum / MIFARE general topics and applications / Picking the right key for DESFire EV2 cards when UIDs are unreliable/unavailable

  • 2. November 2020 at 11:44
    Hi, I'm building a software that runs on a PC that authenticates users with cards. I'm using DESFire EV2 for this. At the moment I'm stuck because, since there are multiple cards in the system (possibly dozens, each with a different key), I need to know what card is on the reader in order to pick the right key and to perform the authentication. I thought that UIDs were the way to go, but UIDs in the anti-collision phase could be random and the GetUID function is available only AFTER a successful authentication. Do you have any ideas on how can I achieve my goal? I feel like this is a bit of a rookie question, but I wasn't able to find an answer in the docs, nor in the forum. Thanks
    + 0  |  - 0

    Re: Picking the right key for DESFire EV2 cards when UIDs are unreliable/unavailable

    3. November 2020 at 14:30
    Hi Mario,

    This is a special configuration setting to set the UID to random in the anti-collision. In this case I would have a file with read permission 0x0E and communication mode “plain” (all other files should be protected with keys). This file can be read without authentication and give some hints about the key. In and of itself, knowing this data this is not a security problem, it is only a piece for subsequent method.

    Usually, it is no practicable to manage a lot of keys in the reader terminal. I would prefer using diversified keys. There is a root key for all cards, but with a “unique diversification value” the authentication key is generated. The unique diversification value could be the data from the readable file and the authentication key is different for all cards.

    The TapLinx team
    + 1  |  - 0

    Re: Picking the right key for DESFire EV2 cards when UIDs are unreliable/unavailable

    3. November 2020 at 20:30
    Thank you very much, your reply was very helpful. I think I will use these techniques.
    + 0  |  - 0

    Re: Picking the right key for DESFire EV2 cards when UIDs are unreliable/unavailable

    4. November 2020 at 9:03
    Hi Mario,

    An Addendum. What I called as “unique diversification value” is usually the UID of the card or some other constant which is unique for the card in the field. There exists an application note from NXP where the key diversification is explained:

    https://www.nxp.com/docs/en/application-note/AN10922.pdf

    The TapLinx team

    + 1  |  - 0

    Re: Picking the right key for DESFire EV2 cards when UIDs are unreliable/unavailable

    4. November 2020 at 13:38
    Thanks again. That application note is a very valuable resource.
    + 1  |  - 0
Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.