Reverse Engineering of Authentication Protocol in DesFire

Nowadays contactless smart cards are extensively used in applications that need strong authentication and security feature protection. Among different cards from different companies, MIFARE DESFire cards are one of the most used cases. The hardware and software design in addition to implementation details of MIFARE DESFire cards are kept secret by their manufacturer. One of the important functions is authentication which usually its procedure is secret in cards.MIFARE DESFire EV3 is the fourth generation of the MIFARE DESFire products which supports integrity and confidential protected communication. DESFire EV3 is the latest addition of MIFARE DESFire family of smart card chipsets from NXP. This type of card is compatible with MIFARE DESFire D40, EV1, and EV2. The details of the authentication protocols in MIFARE DESFire EV3 card with three different secure messaging protocols are introduced in this paper. We use ProxMarak4 to obtain the details of authentication protocol of the DESFire cards as readers and a Custom special purpose board as a card.