Desfire EV2 with Node.js - authentication failure

Somedev · ‎06-15-2022

Hi all.
I am still a novice in the NFC, so please be ligniant with any silly things I say.

So I have a Desfire EV2 card from a client and they need to read the cardID using a node.js library called nfc-pcsc.

I installed it and used it to read another card of "Mifare Classic" type, which worked fine, but when I used the "mifare-desfire" example I get an error "error occurred during processing steps Error: error in step 2 - authenticate".

I don't know much about the authentication flow from Desfire, so can you detail it a bit, please. Is it true that you need to know the original encryption key in order to get the data from the card?

But most importantly, does anyone have experience with this Node library and especially with that error.

As a thought, I used the "NFC Tool" Android app and that read the card fine and displayed the cardID, so obviously it could get to the data without the need for an initial key...

Thank you very much for any input!

Somedev · ‎06-20-2022

Thanks a lot for that. I already created a private case and I'm hoping I will get a reply asap, as this issue is quite critical.

As another thought, the DOC page you sent is for the DESFire EV3.

The question is does EV2 data is the same for the EV2 version?
Could you actually specify or send a link to the main differences between the two versions?
Thanks a lot!

Somedev · ‎06-17-2022

Hi. Thanks. I'll do that, but just want to clarify one aspect.
I read in some places that the cardID can be accessed without authentication. Is that correct or there needs to be an authentication for any data to be read?

Kan_Li · ‎06-19-2022

Hi @Somedev ,

No, it needn't . Please kindly refer to sec 7.4 of https://www.nxp.com.cn/docs/en/data-sheet/MF3DHx3_SDS.pdf and https://www.nxp.com.cn/docs/en/application-note/AN10834.pdf for more details.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Kan_Li · ‎06-16-2022

Hi @Somedev ,

Actually such security topic as authentication flow is not allowed to discuss here in a public community, but such info is available in the full version data sheet for Desfire EV2 , which can be requested from NXP doc store with a valid NDA , so normally you have to submit a private ticket for NDA according to the following video ,

https://www.nxp.com/video/tutorial-for-nxp-support-case-portal:NCP-VIDEO

and then request the data sheet from the doc store as the attached guide.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------