Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

DESFire EV1 card emulation

Tags:

android

nfc

hce

mifare

contactless-smartcard

I need to emulate a DESFire EV1 card on an Android device. However, I'm confused on how to use the Mifare SDK (lite or advanced) with the HCE.

Is that even possible? I need to start the project and I had a lot of researches about how the data are stored and ciphered in the DESFire cards but I ended up with the fact that I need to use Mifare SDK on HCE.

like image 972
kharbechtein Avatar asked Apr 09 '15 07:04

kharbechtein

People also ask

How many applications can be on a DESFire EV1 card?

MIFARE DESFire EV1 can have multiple applications (28), and each application can have multiple files (32) of different types (4). The card itself has a PICC master key plus between 1 and 14 keys per application. The keys of each application are used to control access to its files.

What is MIFARE DESFire®/MIFARE DESFire ® EV1?

MIFARE DESFire® / MIFARE DESFire® EV1 remain the industry standard for ultra-high security badges. As of yet - the MIFARE DESFire® EV1 remains invulnerable to all channels of analysis. The inner workings of the MIFARE DESFire® cards remain under NDA lock and key, making it incredibly difficult to reverse engineer the protocols.

What is a MIFARE DESFire® compatible UID emulator card?

Lab401's MIFARE DESFire® Compatible UID Modifiable Emulator Card is a card that emulates a MIFARE DESFire® card, allowing you to set a custom UID. This card will allow for bypass on systems that authenticate based off the UID.

Do all DESFire cards support the common command set?

I have some DESFire + DESFire EV1 + DESFire EV2 cards. I think it would be handy to have at least the common command set, that all DESFire cards support.

2 Answers

First of all, you cannot use the MIFARE SDK to emulate cards. The MIFARE SDK provides reader-side functionality only.

Second, you cannot emulate the whole functionality of MIFARE DESFire (EV1) cards using Android HCE. However, you can emulate parts of the MIFARE DESFire protocols (more specifically, you can only emulate ISO/IEC 7816-4 framing (either ISO command set or wrapped native command set) and only if preceded by an ISO SELECT by AID command). If that's sufficient depends on the requirements of the reader side of your system.

  • If your reader only supports the DESFire native command set: You cannot emulate a corresponding card using Android HCE.
  • If your reader uses the wrapped native command set but does not start the communication with an ISO SELECT (by AID) command: You cannot emulate a corresponding card using Android HCE.
  • If your reader uses the wrapped native command set and starts the communication with an ISO SELECT (by AID) command (the AID of MIFARE DESFire is D2760000850100): You can register your HCE service for the DESFire AID and will be able to receive all wrapped native commands after this AID has been selected.
  • If your reader uses the ISO command set but the first command is not an ISO SELECT (by AID) command: You cannot emulate a corresponding card using Android HCE.
  • If your reader uses the ISO command set and starts the communication with an ISO SELECT (by AID) command (either for the MIFARE DESFire AID or (with DESFire EV1) for the ISO AID of one of the DESFire applications): You can register your HCE service for the DESFire AID (or the AID of the specific application) and will be able to receive all ISO commands after this AID has been selected.

Note that there may be licensing issues if you emulate MIFARE DESFire cards.

like image 122
Michael Roland Avatar answered Sep 18 '22 17:09

Michael Roland

MIFARE Classic cannot be emulated in HCE because it works directly on top of ISO 14443-3. HCE emulates the higher layer, ISO 14443-4. But that's the layer where MIFARE DESFire is implemented, so yes it can be done. I have not done it myself but I know at least one company that has made it work, and probably there are several.

like image 36
mictter Avatar answered Sep 19 '22 17:09

mictter
Sign in to Comment

Related questions

getActionBar() returns null after SDK update to 5.0
Cordova vibrate is not working
Android ActionBar custom action view tool-tip
Debug Android Wear Device over USB
How to know a process of an app is 32-bit or 64-bit programmatically in Android lollipop?
Android Studio changes my keyboard keys around
Change colour indicator in SlidingTabLayout
Cannot cast View to <fragment>
Getting Android Google Map v2 working in release version by generating SHA1 fingerprint for API key
App is crashing on back pressed when use map inside fragment in android?
Store ArrayList<CustomClass> into SharedPreferences
Espresso 2.0 - Method annotated with @Test inside class extending junit3 testcase
What is the difference between RTC and RTC_WAKEUP of AlarmManager
How does one remove default Toolbar menu items and replace with different icons?
How to use Gson to serialize objects in android?
Manifest and setup issues getting Robolectric working with Android Studio 1.1.0
IPackageStatsObserver cannot be resolved to a type (Android)
Cannot resolve symbol 'LocationClient' in Android Studio
IllegalArgumentException: Unknown URL content:// CONTENT
Android Studio Change Occurrence Color

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!