Hi, is it possible to clearly distinguish a card with random ID (RID) from fixed UID card? According to AN10927, RID is identified by UID0 = 0x08, as well as RID is always 4bytes long. Mifare Plus SL3 cards we have, provides 4-bytes RID starting with 0x08 - that's correct. Problem is, that DESFire cards with enabled RID returns 4-byte RID starting with 0x80. So my question is - is it enough to identify RID as ID fulfilling following condition:
- 4-bytes long ID, first byte 0x08 OR
- 4-bytes long ID, first byte 0x80
or there are other possible first byte values for RID?
Is it possible to have 7-bytes long RID?
I understand that using card's UID is very insecure and we encourage our users to use encrypted data instead (classic sectors or desfire files), but some of them still have to use UID because of old infrastructure. In such case, we would like to distinguish between RID and UID, so we can block RID cards as there is no reason to accept it unless the reader is set to read smart data.
We would like also to prevent case when user ads RID card to access system by reading that card, but that card will be not working, as the RID will be different next time.
Thank you for any comments!