Retrieving the Serial Number on MiFARE and MiFARE DESFire RFID Badges
Subject
This section explains how to retrieve the serial number of an RFID badge from a specific memory block of the badge, in sector 1.
On MiFARE and MiFARE DESFire badges, a sector is a set of 4 blocks, each block containing 16 bytes. Reading serial number from sector 1 means reading serial number from block 4.
Description
To locate the serial number in the block of data, a given number of Most Significant Bytes or MSB (the left part of the block) and a given number of Least Significant Bytes or LSB (the right part of the block) are ignored. The remaining middle set of bytes is then written in ASCII to build the serial number. All leading 0 are removed.
Example
|
If... |
Then... |
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F MSB ---> <--- LSB AND
|
only 7 bytes are used to build the serial number. The serial number value is then 60708090A. |
|
no block number is set |
the default serial number (extracted from the UID of the badge) is used. |
|
a valid block number is set and an error occurs |
no serial number is returned: the badge is ignored. |
Before Starting
- Configuration parameters define how the serial number must be extracted from a MiFARE or DESFire RFID badge.
- All configuration parameters are stored in the Windows registry.
Parameters Description
Description
The parameters can be defined as a GPO. In this case, they are located in the following registry key:
HKEY_LOCAL_MACHINE\Software\Policies\Enatel\WiseGuard\
FrameWork\PCSC
If parameters are defined locally on the workstation, they are located in:
HKEY_LOCAL_MACHINE\Software\Enatel\WiseGuard\FrameWork\PCSC
|
|
IMPORTANT: A GPO-defined configuration parameter overrules a local parameter. |
The following registry values can be defined in the above GPO or local keys.
|
Badge Type |
Name |
Type |
Description |
|
MiFARE |
MiFAREBlockNumber |
REG_DWORD |
Mandatory. The block number to read. Values: 0 … 15 |
|
MiFAREBlockKey |
REG_SZ |
The encrypted value of the key used to read the data block. Once decrypted, the key must contain 12 hexadecimal digits. Default key value: FFFFFFFFFFFF | |
|
MiFAREBlockMask |
REG_SZ |
The mask applied to ignore invalid badges. Must contain 32 hexadecimal digits. Default value (no mask): FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF | |
|
MiFAREIgnoreMSB |
REG_DWORD |
The number of MSB (left) bytes to ignore when extracting the serial number from the block of data. Values: 0 … 15 Default value: 6 | |
|
MiFAREIgnoreLSB |
REG_DWORD |
The number of LSB (right) bytes to ignore when extracting the serial number from the block of data. Values: 0 … 15 Default value: 5 | |
|
DESFire |
DESFireATR |
REG_SZ |
Optional. The DESFire ATR used to detect badges. Default value: 3B8180018080. |
|
DESFireMask |
REG_SZ |
Optional. The ATR mask used to detect badges. Default value: FFFFFFFFFFFF. | |
|
DesFIREAID |
REG_SZ |
The application ID. | |
|
DesFIREAuthMode |
REG_DWORD |
Authentication mechanism. Set the value to 0 (for AES) as any other value is unsupported. | |
|
DesFIREKey |
REG_SZ |
Contains the filled-in key value, encrypted with an EAM hard coded key. | |
|
DesFIREKeyNo |
REG_DWORD |
The key number. | |
|
DesFIREKeyVer |
REG_DWORD |
The key version. | |
|
DesFIREFileMode |
REG_DWORD |
File communication mode. Set the value to 0 (for Encrypted) as any other value is unsupported. | |
|
DesFIREFileID |
REG_DWORD |
The File ID. | |
|
DesFIREOffset |
REG_DWORD |
The serial number file offset. | |
|
DesFIRELength |
REG_DWORD |
The serial number file length. | |
|
DesFIREReverse |
REG_DWORD |
Whether data presentation should be reversed (0x01) or not. | |
|
DesFIREASCII |
REG_DWORD |
Whether badge ID uses ASCII data presentation (0x01) instead of hexadecimal. |
Conditions
|
If... |
Then... |
|
the MiFAREBlockNumber registry value is not set or set to 0xFFFFFFFF |
the default serial number extracted from the UID of the badge is used. |
|
the MiFAREBlockNumber is set to a valid value between 0 and 15 inclusive and an error occurs, such as wrong key or configuration |
no serial number is returned: the badge is ignored. |
|
|
IMPORTANT: Set the MiFAREBlockNumber to a block number, not a sector number. |
Configuring the MiFARE and MiFARE DESFire RFID Parameters
Description
A specific tool is delivered to set all required MiFARE and DESFire RFID configuration parameters. The configuration tool also handles the encryption of the authentication key; which is encrypted using AES-256 and a hard-coded secret.
Procedure
- Start the configuration tool by executing the MiFAREConfig.exe file.
The following window appears:
- Connect the RFID reader and click the Refresh button to update the list of readers (if necessary).
- Place the badge on the reader and click the Refresh button: the detected badge ATR should appear.
- Provide the serial number retrieval parameters:
- Block Number. Do not provide a sector number.
- Authentication Key. Default value: FFFFFFFFFFFF.
- Block Mask. Use:
- FF to match all byte values.
- 00 to ignore a byte.
- Number of MSB (left) bytes to ignore.
- Number of LSB (right) bytes to ignore
If an RFID reader is already connected, go to step 5.
- Press the Test button to check parameters and retrieve the serial number of the detected badge.
|
If... |
Then... |
|
all parameters are correct |
the contents of the selected block and the extracted serial number are displayed. |
|
the authentication key does not grant access to the selected block |
an explicit error message is displayed under the Block contents field. |
|
the authentication key is correct and the contents of the selected block do not match the provided mask |
the serial number is shown but an error message indicates the mismatch:
|
|
the MiFARE badge is a DESFire badge |
the following window appears:
Fill-in both Authentication key and Application ID fields according to the MSB-LSB order. Click OK to validate the configuration settings. |
- Once all parameters are correct, click the Save and Exit button to save all parameters in the Windows Registry of the workstation.
- Deploy these values on other workstations using GPO.
The MiFARE or DESFire RFID parameters have been configured.
Resetting the MiFARE and DESFire RFID Parameters
Procedure
- Execute the MiFAREConfig.exe file.
- Set the Block Number to -1.
- Click the Save and Exit button.
The MiFARE or DESFire RFID parameters have been reset.