This content has been marked as final. Show 4 replies
From the small amount of research I have heard about, the short answer is:
Mifare classic: I don't think so
DESFire EV1: Maybe (if the reader supports DESFire in the optional ISO7816-4 command mode)
The longer answer:
There is little information out there as a lot of this is proprietary to NXP. There are some brief descriptions in things like the Gemalto guide below. Most T=CL readers that can support Mifare commands take driver specific APDU's that the reader driver converts into Mifare commands. These would then be received by the Mifare card. If these are sent to a regular Java Card they would not match the ISO7816-4 commands it expects and would fail.
This is all from my understanding and I may be a little off with the details though.
First of all thanks for your answer.
Both authentication and cryptography of Mifare Classic were broken by now, so the problem would rather be if it is possible to make the reader select the right application. As far as I see it, when talking to a javacard, the read first must authenticate himself to the card and then sends a select apdu to select the applet inside the card. I currently have no idea how it could be acchieved that the reader selects the applet without ever sending the select apdu. That alone seems to pose a problem for me. Once the initial stuff was done it would actually be no problem to emulate another card, as far as I understand it.
You might be right there, too. Thats another problematic factor.
As far as I see it, when talking to a javacard, the read first must authenticate himself to the card and then sends a select apdu to select the applet inside the cardapplet can be selected by default and authentication is not mandatory
for mifare classic there is problem that it works on another protocol. Mifare classic supports ISO 14443-3, while contactless java cards ISO 14443-4.
for desfire there is no such problem because desfire works on 14443-4, so i think it is more or less possible. Though, to fully emulate it is needed to change ATQA and SAK, described in 14443-3. I doubt it is possible.