Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Enterprise Access Management Installation Guide

Retrieving the Serial Number on MiFARE and MiFARE DESFire RFID Badges

Subject

This section explains how to retrieve the serial number of an RFID badge from a specific memory block of the badge, in sector 1.

On MiFARE and MiFARE DESFire badges, a sector is a set of 4 blocks, each block containing 16 bytes. Reading serial number from sector 1 means reading serial number from block 4.

Description

To locate the serial number in the block of data, a given number of Most Significant Bytes or MSB (the left part of the block) and a given number of Least Significant Bytes or LSB (the right part of the block) are ignored. The remaining middle set of bytes is then written in ASCII to build the serial number. All leading 0 are removed.

Example

 

If...

Then...

  • the block of data contains:

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

MSB ---> <--- LSB

AND

  • the MSB is 6

    AND

  • the LSB is 5

only 7 bytes are used to build the serial number. The serial number value is then 60708090A.

no block number is set

the default serial number (extracted from the UID of the badge) is used.

a valid block number is set and an error occurs

no serial number is returned: the badge is ignored.

Before Starting
  • Configuration parameters define how the serial number must be extracted from a MiFARE or DESFire RFID badge.
  • All configuration parameters are stored in the Windows registry.

Parameters Description

Description

The parameters can be defined as a GPO. In this case, they are located in the following registry key:
HKEY_LOCAL_MACHINE\Software\Policies\Enatel\WiseGuard\
FrameWork\PCSC

If parameters are defined locally on the workstation, they are located in:
HKEY_LOCAL_MACHINE\Software\Enatel\WiseGuard\FrameWork\PCSC

IMPORTANT: A GPO-defined configuration parameter overrules a local parameter.

The following registry values can be defined in the above GPO or local keys.

 

Badge Type

Name

Type

Description

MiFARE

MiFAREBlockNumber

REG_DWORD

Mandatory.

The block number to read.

Values: 0 … 15

MiFAREBlockKey

REG_SZ

The encrypted value of the key used to read the data block. Once decrypted, the key must contain 12 hexadecimal digits.

Default key value: FFFFFFFFFFFF

MiFAREBlockMask

REG_SZ

The mask applied to ignore invalid badges. Must contain 32 hexadecimal digits.

Default value (no mask): FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

MiFAREIgnoreMSB

REG_DWORD

The number of MSB (left) bytes to ignore when extracting the serial number from the block of data.

Values: 0 … 15

Default value: 6

MiFAREIgnoreLSB

REG_DWORD

The number of LSB (right) bytes to ignore when extracting the serial number from the block of data.

Values: 0 … 15

Default value: 5

DESFire

DESFireATR

REG_SZ

Optional.

The DESFire ATR used to detect badges.

Default value: 3B8180018080.

DESFireMask

REG_SZ

Optional.

The ATR mask used to detect badges.

Default value: FFFFFFFFFFFF.

DesFIREAID

REG_SZ

The application ID.

DesFIREAuthMode

REG_DWORD

Authentication mechanism.

Set the value to 0 (for AES) as any other value is unsupported.

DesFIREKey

REG_SZ

Contains the filled-in key value, encrypted with an EAM hard coded key.

DesFIREKeyNo

REG_DWORD

The key number.

DesFIREKeyVer

REG_DWORD

The key version.

DesFIREFileMode

REG_DWORD

File communication mode.

Set the value to 0 (for Encrypted) as any other value is unsupported.

DesFIREFileID

REG_DWORD

The File ID.

DesFIREOffset

REG_DWORD

The serial number file offset.

DesFIRELength

REG_DWORD

The serial number file length.

DesFIREReverse

REG_DWORD

Whether data presentation should be reversed (0x01) or not.

DesFIREASCII

REG_DWORD

Whether badge ID uses ASCII data presentation (0x01) instead of hexadecimal.

Conditions

 

If...

Then...

the MiFAREBlockNumber registry value is not set or set to 0xFFFFFFFF

the default serial number extracted from the UID of the badge is used.

the MiFAREBlockNumber is set to a valid value between 0 and 15 inclusive and an error occurs, such as wrong key or configuration

no serial number is returned: the badge is ignored.

IMPORTANT: Set the MiFAREBlockNumber to a block number, not a sector number.

 

Configuring the MiFARE and MiFARE DESFire RFID Parameters

Description

A specific tool is delivered to set all required MiFARE and DESFire RFID configuration parameters. The configuration tool also handles the encryption of the authentication key; which is encrypted using AES-256 and a hard-coded secret.

Procedure
  1. Start the configuration tool by executing the MiFAREConfig.exe file.

    The following window appears:

  2. Connect the RFID reader and click the Refresh button to update the list of readers (if necessary).
  3. Place the badge on the reader and click the Refresh button: the detected badge ATR should appear.
  4. Provide the serial number retrieval parameters:
    • Block Number. Do not provide a sector number.
    • Authentication Key. Default value: FFFFFFFFFFFF.
      • Block Mask. Use:
        • FF to match all byte values.
        • 00 to ignore a byte.
    • Number of MSB (left) bytes to ignore.
    • Number of LSB (right) bytes to ignore

    If an RFID reader is already connected, go to step 5.

  5. Press the Test button to check parameters and retrieve the serial number of the detected badge.

 

If...

Then...

all parameters are correct

the contents of the selected block and the extracted serial number are displayed.

the authentication key does not grant access to the selected block

an explicit error message is displayed under the Block contents field.

the authentication key is correct and the contents of the selected block do not match the provided mask

the serial number is shown but an error message indicates the mismatch:

the MiFARE badge is a DESFire badge

the following window appears:

Fill-in both Authentication key and Application ID fields according to the MSB-LSB order.

Click OK to validate the configuration settings.

  1. Once all parameters are correct, click the Save and Exit button to save all parameters in the Windows Registry of the workstation.
  2. Deploy these values on other workstations using GPO.

    The MiFARE or DESFire RFID parameters have been configured.

 

Resetting the MiFARE and DESFire RFID Parameters

Procedure
  1. Execute the MiFAREConfig.exe file.
  2. Set the Block Number to -1.
  3. Click the Save and Exit button.

    The MiFARE or DESFire RFID parameters have been reset.

 

Related Documents