APDU for getting UID from MIFARE DESFire?

Question

I am new to APDUs. I read the datasheet for DESFire. According to it we have:

CLA  = 0x90     
INS  = DESFire CMD Code                                            
P1   = 0x00        
P2   = 0x00
LC   = Length of wrapped Data    
data = DESFire command parameter(s) 
LE   = 0x00

I want get the DESFire UID, but I can't create the command APDU for this. Can anybody lead me into the right direction? I created this APDU but I am not sure if it's correct:

byte[8] cmd_apdu_getUID_part1= {0x90 , 0x93 , 0x20 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00};

And I don't understand the concept of parameters like LC and I don't find INS for get UID. Is it 0x93 ox20 for part 1 of UID and 0x95 0x20 for part 2 of UID?

Answer 1

The commands 9x 20 are part of the lower ISO 14443-3 protocol and used during anticollision and activation of a card. APDUs, on the other hand, are exchanged on a higher protocol layer and only after activation of the card. Hence, you can't use these command codes in APDUs.

How to get the UID from a DESFire (EV1) card depends on what type of ID you actually want to get:

• Get the UID that was actually used during the anti-collision phase: This depends on what reader (and possibly device platform) you use. For instance, PC/SC compliant contactless smartcard readers typically allow to read the anti-collision identifier of the currently selected card using the PC/SC specific APDU

  FF CA 00 00 xx
  

  (where xx is either 00 or the expected length of the UID, for DESFire typically 04 or 07).

• (DESFire EV1 only) Get the UID of the card if the card's random-UID feature is not activated: You would need to use the GetVersion command. You would need to use the CLA byte 0x90 to indicate a wrapped native command, set INS to the command code 0x60, Lc and DATA would not be present:

  90 60 00 00 00
  

  The answer would look something like

  <7 response data bytes> 91 AF
  

  where the status code 91 AF indicates that more data can be obtained with the command code set to 0xAF. So you have to send another command:

  90 AF 00 00 00
  

  The answer would (again) look something like

  <7 response data bytes> 91 AF
  

  so you have to send another 0xAF command. Then you'll get an answer of the form:

  <14 response data bytes> 91 00
  

  where the last 7 bytes of the response data contain the UID. See parseGetVersion() on how to parse the received data.

• (DESFire EV1 only) Get the UID of the card if the card's random-UID feature is activated: This is by far more complex. You would first need to authenticate to the card. Only then you can use the GetCardUID command to retrieve the actual card UID. This command would look like

  90 51 00 00 00
  

  The answer would look something like

  <UID (encrypted)> 91 00