Desfire Data Template

Description

Use the Desfire File Template to read data from a NXP Desfire PICC. The PICC could be either a Desfire EV0, Desfire EV1 or Desfire EV2 (including the Desfire EV3 that uses the same cryptography).

The Reader may either

  • Read arbitrary data; the data will be transmitted in hexadecimal format. To do so, select the RAW mode in TOF register.

  • Read a number (decimal output). To do so, select the decimal mode in TOF register.

  • Read a string (ASCII-encoded data). To do so, select either the Short String or the Long String mode in TOF register.

The target data is pointed to by an Application Identifier (AID) and a File Identifier. An offset within the file could be specified. The AID and the File Identifier are specified in the LOC register.

Access to the file could involve a Mutual Authentication with the card, and the data could be transmitted either in plain, MACed/CMACed or ciphered modes. The key number, key value and communication mode are specified in the AUT register.

Registers

This Template uses 5 configuration registers:

Alias Offset Name Description
LKL 0 Lookup List Set to 71 to use this Template
LOC 3 Location of Data Select the Desfire AID, the File ID, and the offset/length parameters to read the file
AUT 5 Authentication See details below
OPT 4 Options This register defines the transport protocol and the behaviour of the Reader during the handshaking.
PFX 2 Prefix Template-specific Prefix

LOC - Location of Data

Offset : 3

Size : 10

Bytes 0-2 : Desfire Application ID (AID)

Remark : Valid range depends on the memory size of the actual PICC.

Byte 3 : File ID and Type

Bit    Role Values
6-7 Read Command 0 : Read Data, BD (Standard Data File or Backup Data File, all card versions)
1 : Read Data, AD (Standard Data File or Backup Data File, Desfire EV2 and EV3)
2 : Read Record, BB (Linear Record File or Cyclic Record File, all card versions)
3 : Read Record, AB (Linear Record File or Cyclic Record File, Desfire EV2 and EV3)
5 RFU
4 RFU
0-3 File ID Valid range is 0 to F

Remarks

Bits 6-7: Read Command

Desfire EV2 commands are supported only after version 1.30.

Bytes 4-6 : Read Offset or Record Number

For a Standard Data File or a Backup Data File, this is the offset inside the file

For a Linear Record File or a Cyclic Record File, this is the record number

Byte 7 : Read Length or Record Size

For a Standard Data File or a Backup Data File, this is the Length parameter to be sent to the card. Set to 0 to read the while file at once.

For a Linear Record File or a Cyclic Record File, this is the record size

Remark : The Reader’s internal buffer is limited to 256 bytes. Do not set to 0 if the file in the card is likely to be greater than this limit.

Byte 8 : Shift Bytes

Leading bytes to suppress.

Byte 9 : Shift Bits

Leading bits to suppress; valid range is 0 to 7.

AUT - Authentication

Offset : 5

Size : 18

Byte 0 : Key and Communication Mode

Bit    Role Values
7-6 Communication Mode 0 : Plain
1 : MAC or CMAC
2 : RFU
3 : Encrypted
5-4 Key Diversification 0 : No diversification
1 : NXP AN10922 diversification
2 : RFU
3 : RFU
3-0 Key Index inside the Desfire Application Valid range is 0 to E

Byte 1 : Main Parameters

Bit    Role Values
7-5 Location of Secret Key 0 : Key is provided within the Template
1 : Internal SAM AV, select key slot and version automatically
2 : Internal SAM AV, key slot is specified
3 : Internal SAM AV, key slot and version are specified
5 : SAM AV in 1st slot, select key slot and version automatically
6 : SAM AV in 1st slot, key slot is specified
7 : SAM AV in 1st slot, key slot and version are specified
4 Use SAM for Session 0 : Get Session Key from the SAM
1 : Use the SAM as passthrough
3-0 Authentication Method 0 : No authentication
1 : Desfire EV0 DES/3DES authentication (Authenticate command)
2 : Desfire EV1 DES/3DES authentication (AuthenticateIso command)
3 : Desfire EV1 AES authentication (AuthenticateAes command)
4 : Desfire EV2 AES authentication (AuthenticateEV2 command)
15 : Ask the SAM AV

Byte 2 : Key slot in the SAM AV

Condition : When one of the two “SAM AV, key slot specified”is selected in Byte 0, Byte 1 specifies the Key slot.

Byte 3 : Key version

Condition : When one of the two “SAM AV, key slot and version specified” options is selected in Byte 0, Byte 2 specifies the Key version.

Bytes 2-17 : Value of DES/3DES or AES Secret Key

Condition : When “Key is provided in the Template” is selected in byte 0, Bytes 1-16 store the actual Key.

OPT - Options

Offset : 4

Size : 1

This register defines the transport protocol and the behaviour of the Reader during the handshaking.

It is also possible for the Reader to add a token to its output, to tell the receiver what kind of credential has been read.

Bit    Role Values
7 RFU
6 ECP2 Session closing 0 : Normal Desfire card
1 : Apple ECP2 Desfire emulation
5 Iso 7816 Wrapping 0 : Use native Desfire command format
1 : Use ISO 7816 Wrapping of Desfire commands
4 Select Application 0 : Do not send ISO 7816 SelectApplication(Desfire)
1 : Send ISO 7816 SelectApplication(Desfire) before processing
3-2 Position of the Card Type Token 0 : Before the Prefix
1 : After the Prefix, before the Data
2 : After the Data (before the Suffix)
3 : RFU
1-0 Add a Card Type Token to the output stream? 0 : Do not add a Card Type Token
1 : Add 71 hex value as Card Type Token
2 : Add D char as Card Type Token
3 : RFU

PFX - Prefix

Offset : 2

Size : 8

A Template-specific Prefix, that is added after the Reader’s global Prefix.

Remark : Use \t for a Tab, \n for Enter, \b for Back space, \v for Vertical space.