xDF2 on Stanley Security Management System (Mifare Desfire 4k)


I got the xDF2 as my second implant installed last Wednesday. The main purpose is to use it at work where a Security Management System (SMS) from Stanley is used. The specs on my current access card is Mifare Desfire EV1 4k.

Talked with the guy responsible for access management, and he willingly tried to “add” my xDF2 the same way he would issue a new card. However, the reader did not read the xDF2 at all. I have used the field kit to see where the reads are strongest, but the reader does not blink (not even red) when I have the xDF2 near.

I believed the process of adding the chip to the SMS would work out of the box, but I guess I need to initialise the xDF2 to enable it to be enrolled in the SMS?

Please advise if I need a writer and add some stuff to be able to enroll the card.

I have some programming skills, and might be able to program the xDF2 and prepare it if it is needed.

As a final question; the NFC reader on iPhone 8 (iOS 12) is not reading the xDF2 at all? NFC reader on MacOS returns “Unknown tech”.


1 Like


  1. the xDF2 is a DESFire EV2 chip not a DESFire EV1 chip. The EV2 is backward compatible, but I believe there are commands that are needed to set up EV1 style AIDs (applications) that are not the same as commands for the EV1… so the system would need to understand the proper commands to init AIDs on the EV2 chip.

  2. if there is no reaction from the reader, are you sure it is able to read the xDF2? if you purchased a blank DESFire EV2 card from somewhere and tried it, would the reader blink and beep or remain silent? Some readers are configured to do absolutely nothing if the chip being read is invalid… this is a security choice, so it may be configurable in the SMS… but my hunch is that the problem has to do with the antenna in the reader being too shit to read the xDF2.

  3. do they purchase the EV1 cards from the SMS vendor or do they just buy blanks off Amazon or something? it may be that the EV1 cards they purchase are pre-initialized with the proper AIDs. if you can get a “new” EV1 card that has not been touched yet and scan it with TagInfo, perhaps there are AIDs on it already?

  4. iPhone will not react at all unless A) you have iOS 13 and an NFC app that reads raw NFC tags, or B) the tag has an ndef record on it. The xDF2 does not come with the standard Type 4 NDEF AID so there is no NDEF record, so most all NFC apps for iPhone will just stare at you blankly when you try to read it. The apps are not even told there is a tag in the field if there is no NDEF record on the chip.

1 Like

I think about to take the xDF2 as well as 2nd implant. Main reason is more storage to store data. What I want to ask, is it possible to protect some data with a password and others could be read by readers like a phone.
My idea is, store medical data an protect them with a password or make sure if a phone or reader read the Implant that this data will not be transferred and shared. But on the other side a vCard or what ever will be.

Any recommendation?

1 Like

The short answer to your question is yes, that is very possible with the DESFire EV2 (DF2 from now on).

Now for the longer answer:
Writing to / configuring DF2 chips aren’t really supported by many apps - especially not on iPhone (though NXP TagWriter might). Each section will have different possibility for setting them up:

The easy part of is making a vCard which can be read by phones - you just need to create an application with a specific AID (look it up) which represents NDEF storage (like the xNT / xSIID has) in the size you want. NXP TagWriter in addition to the tools listed below for the other part of this problem can likely be used to this purpose.

As for the password protected part: its not easy, unless / even if you’re the only one who wants access to the password protected data.
Afaik there is no app for Android or Apple phones which supports the more advanced features of the DF2, including its ability to create key secured applications with various types of files. You have one master key for the whole chip, and then up to 14 keys per application, each one potentially with different access (read / write / create / delete, just read, etc.). If you’re willing to either do it all manually (using NFC shell / PM3) or write an app to do what you want, then its pretty much a perfect match for the DF2!

Long story short, it is definitely the best chip to do what you want it do (at least until the Apex comes out), but separate password protected info is hard rn. However, someone else may know of apps which can do what you want with the DF2 or may be developing their own app, so hopefully more people will give their input.

If you’re not wanting to code an app / used low level commands, you may be better off waiting for the apex, though currently there is no applet available which does password protected info (again, someone might write one or you could give it a shot)


That’s a lot a very good explanation.