FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

DESFire EV3 Transaction MAC Input (TMI) construction — backend verification with TapLinx

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DESFire EV3 Transaction MAC Input (TMI) construction — backend verification with TapLinx

Monday
68 Views
Nicolas1995
Contributor I

Hi,

I'm verifying DESFire EV3 Transaction MAC (TMV/TMC) values on a backend. The card
produces the Transaction MAC via TapLinx (CommitTransaction). I have the Transaction
MAC key, the card UID, the TMC (pre and post), and the returned TMV, and I've
implemented the EV2 session-key derivation from public references — but I cannot
reproduce the TMV because I do not have the exact Transaction MAC Input (TMI) byte
construction for EV3.

Could you please help with:
1. The exact TMI accumulation for DESFire EV3 (which command bytes/fields are
included, their order, and padding).
2. Whether Backup Data File writes committed in the same transaction are covered
by the TMI.
3. Whether a known-key Transaction MAC reference vector is available
(key + TMI + TMC + TMV) to validate an implementation.
4. If this is NDA-only, the correct way to obtain DS4870 / AN12757 as a small company.

Thank you!

0 Kudos
Reply
1 Reply

Monday
43 Views
Fabian_R
NXP TechSupport
NXP TechSupport

Hello sir,

Thank you so much for your interest in our products.

Unfortunately, it is required to sign an NDA to gain access to the Secured Documentation of MIFARE DESFire EV3. Please check our FAQ and fill out the NDA Form. You will need to create a new ticket from our site.

I hope this information may be helpful.

Best Regards,
Fabian
0 Kudos
Reply