Smart Reader Operation NFC Templates Desfire Data
September 3, 2024 at 2:25 AMDesfire Data Template
Description
Use the Desfire File Template to read data from a NXP Desfire PICC. The PICC could be either a Desfire EV0, Desfire EV1 or Desfire EV2 (including the Desfire EV3 that uses the same cryptography).
The Reader may either
-
Read arbitrary data; the data will be transmitted in hexadecimal format. To do so, select the RAW mode in TOF register.
-
Read a number (decimal output). To do so, select the decimal mode in TOF register.
-
Read a string (ASCII-encoded data). To do so, select either the Short String or the Long String mode in TOF register.
The target data is pointed to by an Application Identifier (AID) and a File Identifier. An offset within the file could be specified. The AID and the File Identifier are specified in the LOC register.
Access to the file could involve a Mutual Authentication with the card, and the data could be transmitted either in plain, MACed/CMACed or ciphered modes. The key number, key value and communication mode are specified in the AUT register.
Registers
This Template uses 5 configuration registers:
| Alias | Offset | Name | Description |
|---|---|---|---|
| LKL | 0 |
Lookup List | Set to 71 to use this Template |
| LOC | 3 |
Location of Data | Select the Desfire AID, the File ID, and the offset/length parameters to read the file |
| AUT | 5 |
Authentication | See details below |
| OPT | 4 |
Options | This register defines the transport protocol and the behaviour of the Reader during the handshaking. |
| PFX | 2 |
Prefix | Template-specific Prefix |
LOC - Location of Data
Offset : 3
Size : 10
Bytes 0-2 : Desfire Application ID (AID)
Remark : Valid range depends on the memory size of the actual PICC.
Byte 3 : File ID and Type
| Bit | Role | Values |
|---|---|---|
| 6-7 | Read Command | 0 : Read Data, BD (Standard Data File or Backup Data File, all card versions)1 : Read Data, AD (Standard Data File or Backup Data File, Desfire EV2 and EV3)2 : Read Record, BB (Linear Record File or Cyclic Record File, all card versions)3 : Read Record, AB (Linear Record File or Cyclic Record File, Desfire EV2 and EV3) |
| 5 | RFU | |
| 4 | RFU | |
| 0-3 | File ID | Valid range is 0 to F |
Remarks
Bits 6-7: Read Command
Desfire EV2 commands are supported only after version 1.30.
Bytes 4-6 : Read Offset or Record Number
For a Standard Data File or a Backup Data File, this is the offset inside the file
For a Linear Record File or a Cyclic Record File, this is the record number
Byte 7 : Read Length or Record Size
For a Standard Data File or a Backup Data File, this is the Length parameter to be sent to the card. Set to 0 to read the while file at once.
For a Linear Record File or a Cyclic Record File, this is the record size
Remark : The Reader’s internal buffer is limited to 256 bytes. Do not set to 0 if the file in the card is likely to be greater than this limit.
Byte 8 : Shift Bytes
Leading bytes to suppress.
Byte 9 : Shift Bits
Leading bits to suppress; valid range is 0 to 7.
AUT - Authentication
Offset : 5
Size : 18
Byte 0 : Key and Communication Mode
| Bit | Role | Values |
|---|---|---|
| 7-6 | Communication Mode | 0 : Plain1 : MAC or CMAC2 : RFU3 : Encrypted |
| 5-4 | Key Diversification | 0 : No diversification1 : NXP AN10922 diversification2 : RFU3 : RFU |
| 3-0 | Key Index inside the Desfire Application | Valid range is 0 to E |
Byte 1 : Main Parameters
| Bit | Role | Values |
|---|---|---|
| 7-5 | Location of Secret Key | 0 : Key is provided within the Template1 : Internal SAM AV, select key slot and version automatically2 : Internal SAM AV, key slot is specified3 : Internal SAM AV, key slot and version are specified5 : SAM AV in 1st slot, select key slot and version automatically6 : SAM AV in 1st slot, key slot is specified7 : SAM AV in 1st slot, key slot and version are specified |
| 4 | Use SAM for Session | 0 : Get Session Key from the SAM1 : Use the SAM as passthrough |
| 3-0 | Authentication Method | 0 : No authentication1 : Desfire EV0 DES/3DES authentication (Authenticate command)2 : Desfire EV1 DES/3DES authentication (AuthenticateIso command)3 : Desfire EV1 AES authentication (AuthenticateAes command)4 : Desfire EV2 AES authentication (AuthenticateEV2 command)15 : Ask the SAM AV |
Byte 2 : Key slot in the SAM AV
Condition : When one of the two “SAM AV, key slot specified”is selected in Byte 0, Byte 1 specifies the Key slot.
Byte 3 : Key version
Condition : When one of the two “SAM AV, key slot and version specified” options is selected in Byte 0, Byte 2 specifies the Key version.
Bytes 2-17 : Value of DES/3DES or AES Secret Key
Condition : When “Key is provided in the Template” is selected in byte 0, Bytes 1-16 store the actual Key.
OPT - Options
Offset : 4
Size : 1
This register defines the transport protocol and the behaviour of the Reader during the handshaking.
It is also possible for the Reader to add a token to its output, to tell the receiver what kind of credential has been read.
| Bit | Role | Values |
|---|---|---|
| 7 | RFU | |
| 6 | ECP2 Session closing | 0 : Normal Desfire card1 : Apple ECP2 Desfire emulation |
| 5 | Iso 7816 Wrapping | 0 : Use native Desfire command format1 : Use ISO 7816 Wrapping of Desfire commands |
| 4 | Select Application | 0 : Do not send ISO 7816 SelectApplication(Desfire)1 : Send ISO 7816 SelectApplication(Desfire) before processing |
| 3-2 | Position of the Card Type Token | 0 : Before the Prefix1 : After the Prefix, before the Data2 : After the Data (before the Suffix)3 : RFU |
| 1-0 | Add a Card Type Token to the output stream? | 0 : Do not add a Card Type Token1 : Add 71 hex value as Card Type Token2 : Add D char as Card Type Token3 : RFU |
PFX - Prefix
Offset : 2
Size : 8
A Template-specific Prefix, that is added after the Reader’s global Prefix.
Remark : Use \t for a Tab, \n for Enter, \b for Back space, \v for Vertical space.