Using an extracted key to clone a Mifare DESfire v1 card

Hi all,
My university uses Mifare DESfire v1 cards to access certain things, and I’d like to be able to clone my card so I can make spares etc (only personal use, nothing dodgy). From what I’ve gathered, it’s impossible to clone DESfire cards without knowing the key. However, my university also provides an Android app from which you can read the data on your card in plain text.

My question is: would it be possible to extract the encryption details from the decompiled APK, and use that to clone the card?

Thanks everyone

Desfire is secure… no cloning it unfortunately.

Will quantum computing change that? Maybe not be able to clone, but break it? I’ve heard of quantum computing breaking encryption, but I’m not sure what the limitations of that is

You really don’t want that to happen

If you have the keys, that is a different story. Big if though


What data? You sure you need correct keys to do that? If so, yes you can grab the keys from the apk, probably.

But this is what’s supposedly the case here?
@Catalufa I’d say just give it a try and see if you can find the key!

:slight_smile: I’m repeating myself, but:
There’s still other parts to attack even if the crypto is secure.

How are the keys generated?

JUST IN CASE something like this was done, knowing when your card was created may allow you to generate the key yourself with significantly fewer tries than normal. But it’s not a simple clone job…

You sure they actually do DESFire stuff? Maybe they just look at the ID of your card… who knows.

Don’t give up just yet :slight_smile:

Also, I’m still not convinced that every crypto setting on DF(2) is completely secure against all types of attacks.