DESFire Protokoll

DESFire Protokoll === **[LibLogicalAccess](https://github.com/islog/liblogicalaccess)** > Müssen wir uns mal anschauen, da die das können, was wir wollen ## Links [KeySettings](https://developer.fidesmo.com/documentation/desfire-implementation) [MIFARE DESFire EV2 Datasheet](https://www.nxp.com/docs/en/data-sheet/MF3DX2_MF3DHX2_SDS.pdf) [MIFARE DESFire EV1 Datasheet](https://www.nxp.com/docs/en/data-sheet/MF3ICDX21_41_81_SDS.pdf) [Phillips DesFire Tool Manual](http://13.209.45.252/pdf/download.php?id=5dccfb20a6e931d4e5f6d4f397b7cba9e73567&type=P&term=DESFire) [DesFire for Python Docs](https://desfire.readthedocs.io/en/stable/readme.html) [DesFire for Python Code](https://github.com/miohtama/desfire) [MIFARE ISO/IEC 14443 Spec](https://www.nxp.com/docs/en/application-note/AN10834.pdf) [Ridrix DesFire Commands](https://ridrix.wordpress.com/tag/desfire-commands/) [DesFire Missing Native Commands Forum](https://www.mifare.net/support/forum/topic/native-commands-sending-to-mifare-desfire-ev1/) [ISO 7816-4](https://cardwerk.com/smart-card-standard-iso7816-4-section-9-application-independent-card-services/) [MIFARE DESFire as Type 4 Tag](https://www.nxp.com/docs/en/application-note/AN11004.pdf) [ISO/IEC7816-4](http://www.unsads.com/specs/ISO/7816/ISO7816-4.pdf) [MIFARE DESFire Short Spec](https://www.plastikkartenmonster.de/images/datenblaetter/datenblatt-nxp-mifare-desfire-d40.pdf) [libfreefare](https://github.com/nfc-tools/libfreefare) [DESFire Proof-of-Concept](https://icedev.pl/blog/over-the-air-nfc-services-mifare/) [DESFire Client](https://github.com/icedevml/ota-nfc-client) [DESFire Server](https://github.com/icedevml/ota-nfc-server) [DESFire Application Bytes](http://read.pudn.com/downloads134/ebook/572228/M306_Mifare_DESFire_Func_V1.pdf) [DESFire Java App](https://github.com/jekkos/android-hce-desfire/blob/master/hceappletdesfire/src/main/java/net/jpeelaer/hce/desfire/ValueRecord.java) [DESFire Arduino Project](https://www.codeproject.com/Articles/1096861/DIY-electronic-RFID-Door-Lock-with-Battery-Backup) [Kommunikationsbeispiele](https://stackoverflow.com/questions/38283998/desfire-ev1-communication-examples) **[DESFire Lib from JavaCardOS](https://github.com/JavaCardOS/pyResMan/blob/master/pyResMan/DESFireEx.py)** DESFire Commands sind nur unter NDA verfügbar. [DESFire EV2 Error Code Forum](https://www.mifare.net/support/forum/topic/mifare-desfire-ev2-authenticate-with-6a81-response/) [Response Codes](https://www.eftlab.com/knowledge-base/complete-list-of-apdu-responses/) [Mifaire DESFire Application](https://scancode.ru/upload/iblock/de4/mifare_application_programming_guide_for_desfire_rev.e.pdf) [DESFire Authentification](https://www.linkedin.com/pulse/mifare-desfire-introduction-david-coelho) [DESFire Light Authentification Mifare Spec](https://www.nxp.com/docs/en/data-sheet/MF2DLHX0.pdf) [Phillips DESFire Training](http://read.pudn.com/downloads134/ebook/572228/M306_Mifare_DESFire_Func_V1.pdf) [Mifare Application Dir](https://www.nxp.com/docs/en/application-note/AN10787.pdf) [DESFire Door Lock](https://www.codeproject.com/Articles/1096861/DIY-electronic-RFID-Door-Lock-with-Battery-Backup) [DESFire Auth 2K3DES](https://stackoverflow.com/questions/14117025/des-send-and-receive-modes-for-desfire-authentication) [Easypay DESFire Lib](https://github.com/nceruchalu/easypay/blob/master/mifare/mifare.c) - sehr brauchbar ## Bytes ### APDU Commands - SELECT = 00 a4 04 00 07 d2 76 00 00 85 01 00 00 - VERSION = 90 60 00 00 00 - CONTINUE = 90 AF 00 00 00 ### APDU Responses APDU responses will first contain the data followed by two status bytes. - FRAME_CONTINUE = 91 AF - OPERATION_OK = 91 00 - OK = 90 00 - INIT = ?? - VERSION 1 = 04 01 01 01 00 1a 05 - VERSION 2 = 04 01 01 01 03 1a 05 - VERSIOn 3 = 04 91 3a 29 93 26 80 00 00 00 00 00 39 08 ### Instructions DESFire (used inside ADPU) CLA = 0x90 APDU Sturuktur -> ISO/IEC 7816-4 Befehle -> DESFire - 0x0A = AUTHENTICATE - 0x1A = AUTHENTICATE_ISO - 0xAA = AUTHENTICATE_AES - 0x71 = AUTHENTICATE_EV2_FIRST (EV2 only) - 0x77 = AUTHENTICATE_EV2_NONFIRST (EV2 only) - 0x54 = CHANGE_KEY_SETTINGS - 0x5C = SET_CONFIGURATION - 0xC4 = CHANGE_KEY - 0x?? = CHANGE_KEY_EV2 (EV2 only) - 0x?? = INITIALIZE_KEY_SET (EV2 only) - 0x?? = FINALIZE_KEY_SET (EV2 only) - 0x?? = ROLL_KEY_SET (EV2 only) - 0x64 = GET_KEY_VERSION - 0xCA = CREATE_APPLICATION - 0x?? = CREATE_DELIGATE_APPLICATION (EV2 only) - 0xDA = DELETE_APPLICATION - 0x6A = GET_APPLICATION_IDS - 0x6E = FREE_MEMORY - 0x6D = GET_DF_NAMES - 0x?? = GET_DELIGATE_INFO (EV2 only) - 0x45 = GET_KEY_SETTINGS - 0x5A = SELECT_APPLICATION - 0xFC = FORMAT_PICC - 0x60 = GET_VERSION - 0x51 = GET_CARD_UID - 0x6F = GET_FILE_IDS - 0xF5 = GET_FILE_SETTINGS - 0x5F = CHANGE_FILE_SETTINGS - 0xCD = CREATE_STDDATAFILE - 0xCB = CREATE_BACKUPDATAFILE - 0xCC = CREATE_VALUE_FILE - 0xC1 = CREATE_LINEAR_RECORD_FILE - 0xC0 = CREATE_CYCLIC_RECORD_FILE - 0x?? = CREATE_TRANSACTION_MAC_FILE (EV2 only) - 0xDF = DELETE_FILE - 0x61 = GET_ISO_FILE_IDS - 0xBD = READ_DATA (manchmal auch als 0x8D beschrieben) - 0x3D = WRITE_DATA - 0x6C = GET_VALUE - 0x0C = CREDIT - 0xDC = DEBIT - 0x1C = LIMITED_CREDIT - 0x3B = WRITE_RECORD - 0xBB = READ_RECORDS - 0xEB = CLEAR_RECORD_FILE - 0x?? = UPDATE_RECORD_FILE - 0xC7 = COMMIT_TRANSACTION - 0xA7 = ABORT_TRANSACTION - 0xAF = CONTINUE - 0x?? = COMMIT_READER_ID (EV2 only) ### Instructions ISO/IEC 7816-4 (nativ, aber von DESFire unterstützt) CLA = 0x00 APDU Sturuktur -> ISO/IEC 7816-4 Befehle -> ISO/IEC 7816-4 - 0xA4 = SELECT FILE - 0xB0 = READ BINARY - 0xD6 = UPDATE BINARY - 0xB2 = READ RECORDS - 0xE2 = APPEND RECORD - 0x84 = GET CHALLENGE - 0x88 = INTERNAL AUTHENTICATE - 0x82 = EXTERNAL AUTHENTICATE ### Instruction ISO 14443-3 ### Status Codes from https://github.com/JavaCardOS/pyResMan/blob/master/pyResMan/DESFireEx.py#L54 which, has it from https://github.com/jekkos/android-hce-desfire/blob/master/hceappletdesfire/src/main/java/net/jpeelaer/hce/desfire/DesfireStatusWord.java - 0x00 = OPERATION_OK Successful operation - 0x0C = NO_CHANGES No changes done to backup files, CommitTransaction / AbortTransaction not necessary - 0x0E = OUT_OF_EEPROM_ERROR Insufficient NV-Memory to complete command - 0x1C = ILLEGAL_COMMAND_CODE Command code not supported - 0x1E = INTEGRITY_ERROR CRC or MAC does not match data Padding bytes not valid - 0x40 = NO_SUCH_KEY Invalid key number specified - 0x7E = LENGTH_ERROR Length of command string invalid - 0x9D = PERMISSION_DENIED Current configuration / status does not allow the requested command - 0x9E = PARAMETER_ERROR Value of the parameter(s) invalid - 0xA0 = APPLICATION_NOT_FOUND Requested AID not present on PICC - 0xA1 = APPL_INTEGRITY_ERROR Unrecoverable error within application, application will be disabled - 0xAE = AUTHENTICATION_ERROR Current authentication status does not allow the requested command - 0xAF = ADDITIONAL_FRAME Additional data frame is expected to be sent - 0xBE = BOUNDARY_ERROR Attempt to read/write data from/to beyond the file\'s/record\'s limits. Attempt to exceed the limits of a value file. - 0xC1 = PICC_INTEGRITY_ERROR Unrecoverable error within PICC, PICC will be disabled - 0xCA = COMMAND_ABORTED Previous Command was not fully completed Not all Frames were requested or provided by the PCD - 0xCD = PICC_DISABLED_ERROR PICC was disabled by an unrecoverable error - 0xCE = COUNT_ERROR Number of Applications limited to 28, no additional CreateApplication possible - 0xDE = DUPLICATE_ERROR Creation of file/application failed because file/application with same number already exists - 0xEE = EEPROM_ERROR Could not complete NV-write operation due to loss of power, internal backup/rollback mechanism activated - 0xF0 = FILE_NOT_FOUND Specified file number does not exist - 0xF1 = FILE_INTEGRITY_ERROR Unrecoverable error within file, file will be disabled ### Files Not shure yet what these constants do. crypto operations - TDES = 00 - TKTDES = 40 - AES = 80 File types - STANDARD_DATA_FILE = 00 - BACKUP_DATA_FILE = 01 - VALUE_FILE = 02 - LINEAR_RECORD_FILE = 03 - CYCLIC_RECORD_FILE = 04 Transmission modes - PLAIN_COMMUNICATION = 00 - PLAIN_COMMUNICATION_MAC = 01 - FULLY_ENCRYPTED = 02 # Getestet Reader und Treiber ACS ACR122U-A9 | Microsoft Usbccid-Smartcard-Leser (WUDF) | Windows 10