Mifare DESFire EV1 UID Uniqueness?

Question

I'm currently investigating the Mifare DESFire EV1 card and would like to know if there are the same issues with the UID as there were with the classic?

Are the DESFire UID truely unique or have so many been made that UIDs are being duplicated?

Thanks.

score 2 · Answer 1 · answered Apr 20 '17 at 13:38

Just a note, when Random UID is enabled on an EV1 it switches from 7-byte UID to 4-byte UID, with the first byte always being 0x80.

This means that you have only 24 bits of entropy. This should not matter however as by selecting Random UID, you should no longer care about the uniqueness or integrity of the UID that is received during anti-collision because it will always change.

Instead, you can retrieve the original 7-byte UID by calling the GetCardUID command.

score 1 · Accepted Answer · answered Jul 17 '13 at 06:21

The DESFire EV1 has a 7-byte "Unique Serial Number", which presumably is the UID you're referring to. If not that, then look up the bit length of the ID you're referring to.

A 7-byte number means 2⁵⁶ possible IDs, or 7.2×10¹⁶. It is unlikely that more than that have been made. For random IDs, the probability of your next random ID being already spoken for is somewhere around the number of devices already in use divided by the number of possible IDs allowed. That ballpark, at least.

The device ID reading without any cryptographic proof function however can easily be cloned. — eckes, Apr 20 '17 at 23:24

Mifare DESFire EV1 UID Uniqueness?

2 Answers2