Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

DESFire EV1 card emulation

I need to emulate a DESFire EV1 card on an Android device. However, I'm confused on how to use the Mifare SDK (lite or advanced) with the HCE.

Is that even possible? I need to start the project and I had a lot of researches about how the data are stored and ciphered in the DESFire cards but I ended up with the fact that I need to use Mifare SDK on HCE.

like image 972
kharbechtein Avatar asked Apr 09 '15 07:04

kharbechtein


People also ask

How many applications can be on a DESFire EV1 card?

MIFARE DESFire EV1 can have multiple applications (28), and each application can have multiple files (32) of different types (4). The card itself has a PICC master key plus between 1 and 14 keys per application. The keys of each application are used to control access to its files.

What is MIFARE DESFire®/MIFARE DESFire ® EV1?

MIFARE DESFire® / MIFARE DESFire® EV1 remain the industry standard for ultra-high security badges. As of yet - the MIFARE DESFire® EV1 remains invulnerable to all channels of analysis. The inner workings of the MIFARE DESFire® cards remain under NDA lock and key, making it incredibly difficult to reverse engineer the protocols.

What is a MIFARE DESFire® compatible UID emulator card?

Lab401's MIFARE DESFire® Compatible UID Modifiable Emulator Card is a card that emulates a MIFARE DESFire® card, allowing you to set a custom UID. This card will allow for bypass on systems that authenticate based off the UID.

Do all DESFire cards support the common command set?

I have some DESFire + DESFire EV1 + DESFire EV2 cards. I think it would be handy to have at least the common command set, that all DESFire cards support.


2 Answers

First of all, you cannot use the MIFARE SDK to emulate cards. The MIFARE SDK provides reader-side functionality only.

Second, you cannot emulate the whole functionality of MIFARE DESFire (EV1) cards using Android HCE. However, you can emulate parts of the MIFARE DESFire protocols (more specifically, you can only emulate ISO/IEC 7816-4 framing (either ISO command set or wrapped native command set) and only if preceded by an ISO SELECT by AID command). If that's sufficient depends on the requirements of the reader side of your system.

  • If your reader only supports the DESFire native command set: You cannot emulate a corresponding card using Android HCE.
  • If your reader uses the wrapped native command set but does not start the communication with an ISO SELECT (by AID) command: You cannot emulate a corresponding card using Android HCE.
  • If your reader uses the wrapped native command set and starts the communication with an ISO SELECT (by AID) command (the AID of MIFARE DESFire is D2760000850100): You can register your HCE service for the DESFire AID and will be able to receive all wrapped native commands after this AID has been selected.
  • If your reader uses the ISO command set but the first command is not an ISO SELECT (by AID) command: You cannot emulate a corresponding card using Android HCE.
  • If your reader uses the ISO command set and starts the communication with an ISO SELECT (by AID) command (either for the MIFARE DESFire AID or (with DESFire EV1) for the ISO AID of one of the DESFire applications): You can register your HCE service for the DESFire AID (or the AID of the specific application) and will be able to receive all ISO commands after this AID has been selected.

Note that there may be licensing issues if you emulate MIFARE DESFire cards.

like image 122
Michael Roland Avatar answered Sep 18 '22 17:09

Michael Roland


MIFARE Classic cannot be emulated in HCE because it works directly on top of ISO 14443-3. HCE emulates the higher layer, ISO 14443-4. But that's the layer where MIFARE DESFire is implemented, so yes it can be done. I have not done it myself but I know at least one company that has made it work, and probably there are several.

like image 36
mictter Avatar answered Sep 19 '22 17:09

mictter