Mifare DESFire EV1 4k Manufacturer Block

1
votes

I was recently using a Mifare Classic 1k smartcard. I used the manufacturer block (sector 0, block 0) to identify the card, since the UID of Mifare Classic cards is not really unique.

My application scenario is that I want to read an identifier from the smartcard and compare it to a database, in which every user has a smartcard assigned to them. So a user can log in with their card.

Now I have to use new Mifare DESFire EV1 4k cards. Do these cards also have something like the manufacturer block or just the 7-byte UID? Is it safe to use this UID to identify the card?

1
uniqueidentifierrfidmifarecontactless-smartcardserial-number
Depends on what you mean by "identify"... Do you intend to identify that your card is one specific card out of a batch of MIFARE Classic or MIFARE DESFire cards? Or do you intend to identify if the card is MIFARE Classic or MIFARE DESFire?Michael Roland
It also not clear, what degree of safeness you are trying to achieve. There are cards allowing to write this information too...guidot
I am trying to write a software that reads an identifier from the smartcard and compares to a database, in which every user has a smartcard assigned to him. So a user can log in with his card. When I was using Mifare Classic Cards I used the manufacturer block as the identifier, but my company switched now to Mifare DESFire cards. I am searching for something like a serial number of the card so I can assign the card to the users.Chrisser
@MichaelRoland (I don't need it but I am interested) What is the best way to identify if its a Mifare Classic or Mifare DESFire Card?Chrisser

1 Answers

2
votes

You can expect the 7-byte UID of genuine MIFARE DESFire EV1 cards to be unique. Be aware, though, that DESFire EV1 cards can be configured to use a random 4-byte UID. In that case, the UID is randomly generated for each RF activation. The 7-byte UID of such cards can only be obtained using the GetCardUID command (command code 0x51) after authentication.

However, you should be aware (in particular considering your use case) that the UID can easily be cloned and is not suitable to authenticate cards (or their users). See also

If you want something that is compareable to the manufacturer block of MIFARE Classic (i.e. something that reveals information about the product type and the production batch), MIFARE DESFire cards have a GetVersion command (command code 0x60).

Finally, note that the manufacturer block of a MIFARE Classic card does not really provide more uniqueness than the UID on its own. The reason for this is that the first 4 bytes of the manufacturer block are the UID itself. The next byte is the checksum over the UID (so its value is the same for cards with the same UID). The next 3 bytes are the SAK and ATQA values, which are typically '88' and '0400' for all (most?) MIFARE Classic 1K cards. The remaining bytes identify the chip type (hence identical for all cards of same type) and the production batch (hence identical for at least each batch).