Format or reset Desfire EV2?

Using NFC shell or the Proxmark 3, is there a way to format or reset a Desfire Ev2 tag? Or do you have to manually remove files and apps?

I’m trying to learn Desfire, but it looks like a lot of info is only available via NDA by NXP.

I’m dumb. Somehow I missed the Proxmark command

Hf mfdes formatpicc



Yeah, they are a really good, albeit equally obnoxiously obscured chip!

A lot of what I’ve learnt comes from reverse engineering…
Which reminds me of this useful note for everyone:

  • do NOT test stuff straight into your implant!

Get a card with the same chip. mess with the card first. then you can repeat only the successes onto your implant!

Once I sit down on my pc again (not anytime soon) I’ll finish cleaning up a project to throw here. It includes a c++ PN532 api with Desfire/Mifare plug in modules for access control (or whatever other module you plug into it) for Arduino Teensy.


Awesome, I would love to see that.

I’m using a card right now. I’m thinking hard about buying the FlexDF2.

That’s what I use to lock/unlock/admin my desktop, store some data and to trigger my custom door access system

But to fully leverage it you probably need to be able to build it all yourself. because you just won’t find small scale applications for it off the shelf… =(

If you get to the stage you just need to figure out commands let me know. I got a handy list somewhere

I’ve been using commands on the Proxmark to create apps, files, and records. I’ve also been playing with the authentication. I noticed there was a Python module for Desfire. I need to check that out since it’s the primary language I know.

I there a specific reader that you use for your desktop? I primarily use Linux.

I kind of want to use the Desfire to store GPG encrypted records in conjunction with my Yubikeys.

I only use Linux for personal stuff.

For insecure things, or to turn it on from hybernation, I use DT’s KBR1 reader.
It has the added benefit of also firing an “enter key” command after everything else and being passively powered by the connection even while my desktop is snoozing.
But it only serves me to read the UID and nothing more.

For secure everything else I use a PN532 hooked to a Teensy arduino.
Got one hooked to a no-break, a relay and a magnetic door latch (the part that goes into the wall, set to locked by default)…
and another hooked via sata as a keyboard (with a few more bits and bobs).

I kinda half assed the last one so it’s not as reliable as it should be… :sweat_smile:
Hence the lazy KBR option for non-admin stuff.

I don’t have much experience with PN3 and DF to be fair. Always went straight to code.

I found 3 so far. none which actually worked as expected.
Which is unfortunate since Python is my… “polyamoury primary” language…? yeah, that sounds like the right way to address a language! :sweat_smile:

That’s why I end up recurring to C++ for these. (Which is my second babe, so it’s cool) :stuck_out_tongue_winking_eye:

I have a KBR1 but haven’t really used it. I use a couple of PN532s for home assistant. I’ll try and get one working with the Desfire tag.

So I’m assuming you have a flexDF2? If so, where did you implant it at?

I’m trying to decide between the flexDF2 and flexSecure. I like the idea of the flexSecure over the Apex because I like to have complete control over it and have the master key. I checked out the Github and it looks like I could compile those applets myself. I’m big into things like OTP and encryption.

The problem is, I not really a fan of Java.

I mainly just want to securely store larger amounts of data on an implant.

I’m really liking how I can use the pm3 to easily create apps, files, specify encryption and create keys on the flexDF2. The read range is also nice.

1 Like

Just be aware that the full readers with PN532s tend to have an extra controller chip that makes them work seamlessly with windows but force you to add extra steps with on Linux.

Hence why I drive them through GPIO via arduinos.

Correct assumption.
It sits on top of my fifth metacarpal (the pinky one).

I tossed some more details in this thread:

Worth noting mine was a custom order. It’s a Flex DF2 with the old style antenna, with an added LED nail tossed on top of it and encapsulated together into a single implant.

From all my following experiments, it looks like my implant is over performatic by a mile.
To the point that there is one specific brand of card reader here that I need to use my left hand to present a bank card or they read the DF implant first! :sweat_smile:

Seriously happy with it!
encryption capabilities for secure access control.
large enough storage.
efficient and reliable.

There has been a little bit of discussion around DESFire recently.
So I thought I’d just throw this out there and see if it sticks.

As this tech is protected by NDAs? I wonder if that would fit within a closed group of the Forum.
Entry to group by Proof of NDA only.
So discussions could be had openly amongst people that have signed an NDA allowing knowledge gaps to be filled and assistance to be given amogst a closed community.

Im not sure if:

  • this falls outside the NDA?
  • how easily it could be managed?
  • If it would be used?
  • If something like this exists elsewhere
  • If people usung DESFire need help from others

for you to discuss or ignore as you choose.

If you want a group made, and Amal is happy with it I can create the group

1 Like

Awesome! I just ordered a FlexDF2.

1 Like

That might be cool. It also looks like the Proxmark does a damn good job of managing Desfire tags.

1 Like


I’m really happy with mine. hope you get as happy and satisfied!! :grin:

Btw, whomever knows me for a while must’ve noticed I don’t compliment a tech unless I really believe in it. and am quick to make sure all the concerns/pitfalls/warnings are put out clearly to everyone! Be that rude or not! =P

That’s a damn good question.

AFAIK, and please do correct me if I am wrong…

  • You are required to sign an NDA whenever you take a course about any of NXP/Mifare products

  • You are required to sign an NDA to gain access to these chips’s Datasheets

  • You are required to sign an NDA whenever you join a project that includes these products

  • You might be made to sign an NDA when buying products for a specific use…

  • You do NOT sign any NDA to use a p[roduct.

  • You do NOT sign any NDA if you teach yourself how to deal with those products

  • You do NOT sign an NDA to use open products/libraries that use NXP products, and there’s nothing wrong with learning by using.

All that to say…
NXP has no NDA signed by me.
Therefore… could I teach/share what I learned about their products?
Honest question. (not that any answer would necessarily stop me. but am curious)

Given my limited knowledge in international law… (emphasis on limited), I would assume that as long as I don’t charge, or don’t try to make it into an “NXP products course”, then I’m free to say/share whatever I want.

Now the bigger question.

I assume @amal holds an NDA with NXP.
Does his NDA extends itself to what other users are willing to share within the realms of the forum?

Other than that…
If such an NDA protected space is created, would that be offensive to NXP?

(Not that I even could use such space…)

But good points, though!

Generally speaking if the information is derived or available online and was not disclosed by someone operating under an NDA then it’s fair game. You’re not manufacturing or selling or competing with NXP in any way so there’s really no legal recourse they can take.

Biggest issue is sharing of data sheets that are NDA protected, as well as compile libraries for certain kinds of chips.

That is my line of thought!

That’s where I fear that if we have an “NDA-secured” area, and a breach occurs, then it might bring trouble to DT.

The direction this threat might be hinting at, I believe lies towards utilisation or ready made devices, not towards chip tampering.

So sharing commands we found ourselves or derived from online sources would just be a “helpful compilation”.

Although then we would need to keep an active eye in case someone comes here and pastes a datasheet or similar.

As in… if @amal has signed an NDA specifying “I will not disclose Datasheet 123-A”, and then his forum has a post from someone else disclosing “Datasheet 123-A”… would he be liable? I assume yes. but again, my law knowledge is limited.

Regardless, I wouldn’t be sharing datasheets. =P

This would have to be figured out in a court of law but I would rather not have to do that. Sharing of NDA protected data sheets is just not cool, so we will have to monitor for that.

I will not be sharing any information found in those data sheets but if other people have figured out information on their own and post it here then if NXP has an issue they can let me know or contact the poster to have it removed.

Exactly my point.

By making an official space for discussing NXP stuff we might end up with too much headache to manage.

1 Like

I think it’ll be okay honestly. We’ll just have a note at the start of the thread that says you can’t share NDA protected data sheets, libraries, files, anything from NXP.

If anyone does, the banhammer may need a polishing.

1 Like

Can we set a default messaging to be ammended to the start of every thread within a specific category in the forum?

This feels like would be good with regards to any “programming/diy” forum section anyway

hmm… dunno? prob not without making or finding a plugin