PCSC SDK DesfireTool

April 13, 2023 at 2:40 AM

DesfireTool

Name

DesfireTool.exe

Description

DesfireTool.exe is a command-line tool giving access to most features of the NXP Desfire card, through a PC/SC contactless reader.

Dependencies

License

See LICENSE.txt in the tool directory.

Usage

Synopsis

DesfireTool.exe ACTION [PARAMETERS] [[OPTIONS]]

Format of the project files

The project files are used with the format command.

Top-level structure

{
    "Applications": {
        "<AID>": APPLICATION-OBJECT,
        "<AID>": APPLICATION-OBJECT,
        ...
    }
}

APPLICATION-OBJECT definition

Every application in the card is defined by a APPLICATION-OBJECT and referenced by an AID.

The AID is a 3-byte number (expressed in hexadecimal) that uniquely identifies the application within the card.

"<AID>": {
    "KeyCount": INTEGER, // 0 to 14
    "KeyType": "aes|3des|3des3k",
    "Keys": {
        "<KeyId>": "<hexadecimal value>", // 16 or 24 bytes application key entries
        "<KeyId>": "<hexadecimal value>", // 16 or 24 bytes application key entries
        ...        
    }
    "FreeDirectory": true|false,
    "FreeCreateDelete": true|false,
    "LockConfiguration": true|false,
    "LockMasterKey": true|false,
    "ChangeKeyIdx": "<KeyIdx",
    "Files": {
        "<FileId>": FILE-OBJECT,
        "<FileId>": FILE-OBJECT,
        ...        
    }
}

Specification of the fields

Field name Type Status Description
"KeyCount" integer optional The number of keys stored within the application.
Default is 0
"KeyType" string optional The type of all the keys within the application; either "3des", "3des3k" or "aes".
Default is "aes"
"FreeDirectory" boolean optional If false, an authentication with the master key (00) is required to list the files and read their info. If true, this could be done without prior authentication.
Default is true
"FreeCreateDelete" boolean optional If false, an authentication with the master key (00) is required to create or delete files. If true, this could be done without prior authentication.
Default is true
"LockConfiguration" boolean optional If false, an authentication with the master key (00) allows to change the configuration of the application; if true, the configuration is frozen.
Default is false
"LockMasterKey" boolean optional If false, the master key (00) is changeable; if true, the master key is frozen.
Default is false
"ChangeKeyIdx" string optional Index of the authentication key that allows to change the other keys, in hex.
Default is "00" (change key = master key)

FILE-OBJECT definition

Every file in an application is defined by a FILE-OBJECT and referenced by a FileID.

The FileID is a 1-byte number (expressed in hexadecimal) that uniquely identifies the file within the application.

"<FileID>": {
    "Type": "standard|backup|linear|cyclic|value",
    "CommMode": "plain|maced|secure",
    "Size": INTEGER, // Standard and backup files only
    "RecordSize": INTEGER, // Linear and cyclic files only
    "RecordCount": INTEGER, // Linear and cyclic files only
    "ValueMin": INTEGER, // Value files only
    "ValueMax": INTEGER, // Value files only
    "Value": INTEGER, // Value files only
    "ReadKeyIdx": "<KeyIdx",
    "WriteKeyIdx": "<KeyIdx",
    "ReadWriteIdx": "<KeyIdx",
    "AdminKeyIdx": "<KeyIdx",
    "Offset": INTEGER, // Standard, backup, linear and cyclic files only
    "Data": "<hexadecimal value>" // Standard and backup files only
}

Specification of the fields

Field name Type Status Description
"Type" string optional File type.
Either "standard", "backup", "linear", "cyclic" or "value". Default is "standard"
"Size" integer depends Standard and backup files only: the size, in bytes, of the file
"RecordSize" integer depends Linear and cyclic files only: the size of every record
"RecordCount" integer depends Linear and cyclic files only: the number of records
"ValueMin" integer depends Value files only: the lower limit
"ValueMax" integer depends Value files only: the upper limit
"Value" integer depends Value files only: the initial value
"CommMode" string optional Communication mode to access the file.
Either "plain", "maced" or "secure". Default is "plain"
"ReadKeyIdx" string optional Index of the authentication key that gives Read access, in hex.
Default is "0E" (free access)
"WriteKeyIdx" string optional Index of the authentication key that gives Write access, in hex.
Default is "0E" (free access)
"ReadWriteKeyIdx" string optional Index of the authentication key that gives Read Write access, in hex.
Default is "0E" (free access)
"AdminKeyIdx" string optional Index of the authentication key that gives Change Access Rights access, in hex.
Default is "0E" (free access)
"Data" string optional Standard and backup files only: the initial data (in hex) to write into the file