Hi,

I'm verifying DESFire EV3 Transaction MAC (TMV/TMC) values on a backend. The card
produces the Transaction MAC via TapLinx (CommitTransaction). I have the Transaction
MAC key, the card UID, the TMC (pre and post), and the returned TMV, and I've
implemented the EV2 session-key derivation from public references — but I cannot
reproduce the TMV because I do not have the exact Transaction MAC Input (TMI) byte
construction for EV3.

Could you please help with:
1. The exact TMI accumulation for DESFire EV3 (which command bytes/fields are
included, their order, and padding).
2. Whether Backup Data File writes committed in the same transaction are covered
by the TMI.
3. Whether a known-key Transaction MAC reference vector is available
(key + TMI + TMC + TMV) to validate an implementation.
4. If this is NDA-only, the correct way to obtain DS4870 / AN12757 as a small company.

Thank you!

Hello sir,

Thank you so much for your interest in our products.

Unfortunately, it is required to sign an NDA to gain access to the Secured Documentation of MIFARE DESFire EV3. Please check our FAQ and fill out the NDA Form. You will need to create a new ticket from our site.

I hope this information may be helpful.