Reading/Writing the raw data of the MIFARE DESFire EV2 cards connected from ACR1252U

656 views Asked by At

I am trying to read and write the raw binary to the MIFARE DESFire EV2 card but I am having a hard time understanding the correct APDU commands. I have some small binary data that I want to move physically through NFC cards, for this I want to be able to read and write to it. I tired to follow the ACR1252U API doc and I followed these commands in sequence as described in the pdf.

'Start Transparent Session': "FF C2 00 00 02 81 00",
'Turn Antenna Field On': "FF C2 00 00 02 84 00",
'ISO 14443-4A Active': "FF C2 00 02 04 8F 02 00 04",
'Set the PCB to 0Ah and enable the CRC, parity and protocol prologue in the transmit data': "FF C2 00 01 0A 90 02 00 00 FF 6E 03 07 01 0A"

These ran fine with ok stauts (90 00) and after that I tried to authenticate and read the binary block with these commands in sequence.

'Load auth key into the reader': "FF 82 00 00 06 FF FF FF FF FF FF",
'Authentication for MIFARE Classic': "FF 86 00 00 05 01 00 04 60 00",
'Read 16 bytes starting from the binary block 80h':"FF B0 00 04 10"

But these commands fail with error 63 00 and sometimes after this error, the reader stops detecting the card until I replug the reader which seems very weird to me.

What am I doing wrong? I am completely new to NFCs and smart cards stuff. I have come to know that I can communicate with the card using APDU commands and have figured out a way to send those commands using pcsc (python pyscard) but I have very little knowledge of them and documentation are also hard to find. Can you please help with a step by step way to get a data from the card explaining what each APDU is doing or maybe some article or documentation which I can follow.

Also, I have seen docs talking about selecting file/application and AID in MIFARE DESFire EV2 and the ACR1252U API doc (mentioned above) does't talk about this. I don't know what it is, can you please explain about that? MIFARE DESFire EV2 docs shows the commands available but how to send that command to the card using ACR1252U?

Thank you

1

There are 1 answers

3
Michael Fehr On

This is not a real "answer" to your question but tries to help you. As the documentation about Mifare DESFire EVx tag are available under a "Non Disclosure Agreement" (NDA) there is indeed not much documentation about these tags.

Fortunately there is "subtype" available - the Mifare DESFire light tag and the documentation is public available.

I recommend to read these documents:

datasheet: https://www.nxp.com/docs/en/data-sheet/MF2DLHX0.pdf

A fine "features and hints" document with "step by step" examples: https://www.nxp.com/docs/en/application-note/AN12343.pdf

Additionally another tag has a very similar command system - the NTAG 424 DNA tag, for this tag the datasheet and "features and hints" application note is available as well - good luck.

B.t.w.: your question is off-topic here on Stackoverfl