View Full Version : New Teensy Library released: Control RFID Desfire EV1 cards with Teensy 3.2

07-09-2016, 08:04 PM

I worked several weeks on my latest project:
My new Teensy library allows to communicate with RFID Desfire EV1 cards through an Adafruit PN532 board.

Desfire EV1 cards can store data in their EEPROM that is protected with a 2K3DES, 3K3DES or AES cryptographic key.
My Desfire library allows to authenticate with the card, change keys, store data, read data, and so on.

The difficult part is not the DES / AES encryption itself. The difficult thing is that NXP does not publish the documentation for these cards.
You have to make a Non Disclosure Agreement (NDA) with them and promise that you will not give their holy documentation to anybody else.
But this NDA is only made with companies.
And in internet you find only very very sparse information about Desfire EV1.

As I don't have that documentation I had to study the source code of some open source projects on Github, and in an endless try and error write my code for Teensy. My project is the first code that has ever been written for the Arduino family of boards!

The library supports all 3 cryptographic modes that the card supports.

Writing this library was really a challenge, especially due to the lack of documentation. The most difficult parts are the authentication with a cryptographic key and the key change. During authentication random values are encrypted and exchanged between the card and the host to prove that both sides share the same master key. From these random values a session key is generated. All encryption goes through Cipher Block Chaining, where NXP distinguishes between Enciphering/Deciphering and Send Mode/Receive Mode. The cryptographic initialization vector (IV) is reset only once when authenticating, then for all further commands it must be maintained up to date. If your IV vector comes out of sync with the one that the card has calculated internally you will get an Integrity Error. All the data sent to the card and all the data received from the card must go though a CMAC calculation (something like a hash). Some functions calculate a CMAC, others do not. When changing a key, two CRC32 values have to be calculated and the old key and the new key are XORed, padded and then encrypted with the session key. Each type of key has it's own peculiarities: AES encrypts blocks of 16 byte while DES uses 8 byte blocks and the length of the key itself may be 8, 16 or 24 byte. As a consquence also the length of the random values and the session key vary with the key type. All this stuff is HIGHLY complicated and you have thousands of pitfalls. And the worst of all is that in internet you find nearly no usefull information. I feel like a pioneer in Defire EV1 development.

The crypto code has about 1500 lines, but when compiled for Teensy 3.2 it only uses 9% of the flash memory.

You find the source code here:

Additionally I published communication examples with Desfire EV1 cards that you currently will not find in internet.
These examples are an indispensable time saver when you don't know what is wrong with your encryption: