Would it be worth it to get both the Apex Flex AND the flexDF2? I've heard amazing things about the DESFire chip but don't know if it'd be redundant

Title pretty much says it all - I’m all in on getting the Apex Flex the millisecond it’s released, but have also been considering a flexDF2/xDF2. The difference between the flexDF2/xDF2 (other than the obvious) is enhanced range in the flexDF2, as far as I know.

It depends entirely on how you plan to use the xDF2. If you just want to format all 8 kB as an NFC NDEF container, then it’s really not worth it because the apex will allow you to deploy an NDEF applet up to 16k in size.

If you are interested in making software to leverage the features of the xDF2, then it would stand to reason you could use those same skills to develop applications for the Apex. There are specific types of “files” you can define on the desfire that make them conducive for specific applications… But again you could easily develop your own Java card applet that is actually perfect for your application and deploy that to the Apex.

The only thing the desfire chip has that the Apex chip will not have is privacy mode, where the UID is randomized for each ISO14443A session. The Apex cannot do that (as far as I know anyway).

2 Likes

Waiting for the apex flex now I need an apex ship. Dagnabbit. Running out of flesh

1 Like

This is super helpful, thanks @amal! I’ll probably just get the Apex then since it does seem like it’d be redundant for me. Love that the Apex will have so much more storage!

1 Like

Maybe I missed something but can anyone help me with the random UIDs per session with any use case examples?

Do you mean like what is the point of randomized UIDs? Basically it’s a privacy feature. Because the desfire chip can essentially lock all content behind standards based encryption keys, the UID is the only thing left that could uniquely identify one chip from another. By enabling privacy mode, you would not have any way to know what chip you were talking to, until you attempted to authenticate that is. So basically it just means that certain applications which have extreme privacy concerns can utilize this mode. I’m thinking something like government or, who knows really. NXP just enabled it as an option and I think it’s kind of cool, even if it’s not used all that often.

Be warned though, once enabled it cannot be turned off.

One potential example comes to mind actually. There was all this talk about NFC passports being used to target specific citizens… like some sort of bomb in a public space is triggered only when a US passport is detected in the vicinity. Similar targeted attacks against specific individuals who carry an ID badge with a specific UID could be possible, for example. I mean maybe not a bomb but something similar or some type of similar targeted attack. Let’s say a building has 20 agents that go through a specific door and you wanted to be able to target a specific one. You couldn’t really use the UID to do that if it’s random for each agent every time they use the door.