FlexDF Getting Started Tutorial

briefchase · October 31, 2018, 2:59am

NOTE: This is for the FlexDF and not the FlexNT or any other implant

If you have stumbled across this forum post and know nothing or next to nothing about the FlexDF that you have just installed or whether or not it even works, then great! You are in the same situation that I was in a few days ago. Thanks to Amal and a bunch of hours worth of research, I was able to figure out a few things that should help you get started with your new appendage.

Some things it took me a minute to figure out:

MIFARE is a company that produces multiple kinds of chips. They produce the “Classic”, the “Ultralight” and the “DESfire” (That one is yours!) among others. Don’t mix these up.
The DESfire chip is fundamentally different than your typical NFC tag. It comes (at least the BETA version) without a folder to put NDEF (NFC Data Exchange Format) thingies in (THIS IS EASY DONT FREAK OUT). these are things like links and phone numbers on it for when something like a phone reads and interprets it.
While your chip is different, you might immediately think that your chip blows because it can’t do all the things that you saw the cool kid’s flex/x NT do at recess. Well, you’d be wrong. to do all that stuff you just have to format a chunk of your data for regular NDEF stuff.
You can’t “Lock” this chip the same way you can the FlexNT. This chip essentially has a PICC key that if you change and then proceed to forget then your boned so just don’t do that ok?

How to format your chip to work like a 'Typical' NFC tag:

Basically, your chip has a file system on it (Explained later on). This might sound weird but by doing this you’re essentially adding an application with files that can emulate a ‘typical’ NFC tag. You can do this because your chip uses the same ISO14443A international standard for transmission protocol that your ‘typical’ chippy uses.

Install 2 apps. These apps are TagInfo & TagWriter by NXP. This is written the same company that manufactured that thing inside of you so they probably won’t screw it up. You also don’t need TagInfo but it gives you a way to look at everything you have on your chip and all the config settings and raw data for each application as well as the ev1 itself and gives you all the info you could ever want about your chip specifically and all the info about all your keys. So you don’t NEED it per se but its definitely useful. you also might want to do a full read beforehand with it so you can see how its changed after its been formatted.
https://play.google.com/store/apps/details?id=com.nxp.taginfolite
https://play.google.com/store/apps/details?id=com.nxp.nfc.tagwriter
Open up TagWriter and read through the tutorial. you probably won’t understand any of it. click erase and you’ll see 2 options. if you’ve been f***ing with it, you might want to “erase to factory default” before you “erase and then format it as NDEF”. follow the instructions until you are prompted to enter a size in bytes. It doesn’t really do a good job at explaining what this is but you CAN’T leave it blank. It’s essentially asking you how many bytes you would like to dedicate to this NDEF application. you have around 8000 to work with because you have the 8k so depending on what you’re doing, you can make it whatever you want. If you don’t know what your doing, 1000 should be fine.

And that’s it! Perform a full read with the TagInfo app and click the last tab and look at all the data you’ve allocated! Now try adding a dataset to it so you can make a link or something appear on your screen. Or even do a hello world. What fun.

Understanding the anatomy of the DESfire EV1

This is a post from the man himself that explains it pretty well.

FlexDF not working?

Unlike typical NFC chips, like say an NTAG216, the DESFire EV1 chip does not have a memory structure exactly. It has memory, but you do not access it in that way… you define “applications” with unique AIDs (application IDs) and those are, more or less, files on the chip. The chip is 8k, so you could define eight individual 1k files, or two 4k files or whatever until you run out of space. Each file can have its own keys and the file “types” have certain commands that can be issued which can manipulate the data. One example would be a “stored value” file type. This will let you issue commands like increment, decrement, balance, etc. and assign permissions to each of those commands to specific keys. This allows, say, a laundry machine to decrement a value for using washing clothes, without giving access to the increment or even balance functions. If the application does not have available stored value for a transaction, the decrement command fails.

If you want to dive into it, definitely check out the data sheet for the DESFire EV1.

This was a bit low level (I mean it in the stack way, not in the like dumb way) especially for me but the datasheet Amal is referring to here is this one:

If you still don’t understand, Basically, watch this Indian dudes video:

He explains it pretty well and then in later tutorials he uses this software he created to interface with the chip. He probably wrote it in Java (It low key looks like swing) and he probably used this open source library by MIFARE:
https://www.mifare.net/en/products/tools/taplinx/.
Anyways if you want it I guess you can buy it but I’m not affiliated with this man. Anyways I digress.

This portion of this random documentation I found was also pretty useful in learning the file structure of the ‘NDEF emulation application’:

https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v14.0.0%2Fnfc_type4tag_dox.html