We've tried to change the default DES key in the DesFire Key (00..00) to another one more secure... however we were not able to do it at this point in time. we tried with the desfire datasheet manual and we are not using any kind SDK provided by NXP only APDU commands.
Hope you are doing well. It would depend on the keyset you want to change. If you want to change the PICCMasterKey, you need to authenticate with the PICCMasterKey and then use the ChangeKey command .
If you want to change the MasterKey of an application, you need to know if it can be changed with PICCMasterKey or if you need the APPMasterKey. In case you need the application key, you need to authenticate with APPMasterKey.
If you have any further question, please create an internal case.
Given that newly created applications defaults to a maximum of DES/2KTDES keys, is it possible to change one of these applications keys later on to AES? Thus, the application will have a mixed of DES2/2KTEDS and AES keys.