← Payment Reference GuidesContactless Reference

MIFARE: Product Family, Security & Use Cases

MIFARE is NXP's family of contactless smart card ICs built on ISO/IEC 14443 Type A — the technology behind most transit cards, building badges, and event tickets in the world. It is not EMV: MIFARE powers closed-loop credentials and stored value, while EMV handles open-loop bank card payments. This guide covers the product family, what broke and when, and where each product actually fits.

Where MIFARE sits in the contactless stack

All MIFARE products communicate over ISO/IEC 14443 Type A at 13.56 MHz — the same RF layer as contactless EMV cards. The difference is what runs on top:

  • MIFARE Classic and Ultralight stop at ISO 14443-3 and speak a proprietary memory-access protocol — there is no APDU layer, no SELECT, no AID.
  • MIFARE DESFire, Plus (SL3) and DUOX are full ISO 14443-4 cards with a file system and command set, selectable via ISO 7816-4 APDUs (DESFire's NDEF application even has a registered AID, D2760000850100 — look it up in the RID & AID Catalog).
  • EMV cards use the same ISO 14443-4 transport but run the EMV application layer (PPSE selection, GPO, GENERATE AC) — see the contactless payment flow.

Rule of thumb: EMV is open-loop — any card, any terminal, settled through the card networks. MIFARE is closed-loop — the scheme operator owns the cards, the readers, and the keys.

The product family

ProductCryptoProtocolStatus & role
MIFARE Classic
1K / 4K / EV1
Crypto1 (proprietary, 48-bit)ISO 14443-3 + proprietaryBroken The 1994 original. Sector/block memory with per-sector keys. Crypto1 has been fully broken since 2008 — legacy deployments only, never for new designs.
MIFARE Ultralight
EV1 / C / AES
None (base) · 3DES (C) · AES-128 (AES)ISO 14443-3Active Cheapest of the family, designed for disposable and limited-use media: paper event tickets, single-trip transit, hotel keys. Pick the AES variant when the ticket must resist cloning.
MIFARE Plus
EV1 / EV2
AES-128 (plus Crypto1 compatibility mode)ISO 14443-3/-4 depending on levelActive The Classic migration path: security levels let a fleet run in Classic-compatible mode (SL1) while readers are upgraded, then switch the same cards to AES-only (SL3).
MIFARE DESFire
EV1 / EV2 / EV3 / Light
DES / 2K3DES / 3K3DES / AES-128ISO 14443-4, ISO 7816-4 APDUsFlagship Multi-application file system — one card can carry transit, access, and payment purse as separately-keyed applications. Common Criteria EAL5+ certified. EV3 is the current generation; DESFire Light is the single-application budget cut.
MIFARE DUOXAES + ECC asymmetric authenticationISO 14443-4Newest Adds public-key authentication to a DESFire-style file system, removing the shared-symmetric-key problem entirely. Aimed at EV charging, car access, and infrastructure where readers can't be trusted with fleet keys.
MIFARE 2GOCloud serviceService NXP's cloud platform that digitizes DESFire-based credentials into Apple Wallet and Google Wallet — how a closed-loop transit card or student ID ends up on a phone.

Security history: why "MIFARE" needs a qualifier

MIFARE Classic's Crypto1 cipher was proprietary and unpublished. That lasted until researchers reverse-engineered the silicon:

  • 2007 — Nohl & Plötz present a partial reverse-engineering of Crypto1 at the Chaos Communication Congress, recovered by slicing and photographing the chip.
  • 2008 — Radboud University Nijmegen publishes Dismantling MIFARE Classic: full cipher recovery and practical key-recovery attacks. Card-only attacks (nested, darkside, later hardnested) soon recover all keys of a card in minutes with a hobbyist reader.
  • 2008–2010s — "Magic" UID-changeable clone cards make Classic duplication trivial. Major schemes (including London's Oyster) migrate to DESFire. Hardened Classic-compatible clones with static encrypted nonces appear from third-party fabs.
  • 2024 — Quarkslab (Philippe Teuwen) breaks the hardened static-encrypted-nonce variant and, in the process, uncovers a hardware backdoor key in Fudan FM11RF08S / FM11RF08 chips (with related backdoors in some older NXP- and Infineon-branded parts) that allows compromising all user keys in minutes of card access.

Practical guidance: treat MIFARE Classic — and any reader that authenticates by UID alone — as cloneable. New designs should use DESFire EV3 or Plus SL3 with per-card diversified AES keys; DUOX where offline readers can't be trusted with symmetric fleet keys. Ultralight AES covers the disposable end.

Use cases

01

Closed-Loop Transit

The defining MIFARE use case: stored-value fare cards with period passes and concession products. London's Oyster (migrated Classic → DESFire after the 2008 break), the Dutch OV-chipkaart, Moscow's Troika, and dozens of metro systems worldwide. Offline gate decisions in <100 ms, value and pass products stored in separately-keyed card applications. Open-loop EMV is displacing it for pay-as-you-go, but concessions, period passes, and unbanked riders keep closed-loop MIFARE running alongside.

Metro gates, buses, fare capping, concession & season passes
DESFire EV2/EV3Ultralight (single-trip)
02

Access Control & Corporate Badges

Office badges, data-center access, universities, gyms. Modern systems use DESFire EV3 with diversified keys and mutual authentication; a huge legacy installed base still runs Classic or reads bare UIDs — which is why badge cloning demos are a penetration-testing staple. Hotels sit in the same bucket: key cards are typically Ultralight C or Classic, re-keyed per stay.

Building & room access, hotel keys, gyms, lockers
DESFire EV3Plus SL3 (Classic migration)
03

Event Ticketing & Stadiums

Disposable smart tickets: a paper ticket with an embedded Ultralight inlay costs cents, validates offline at the turnstile, and can't be photocopied like a barcode. Used for single-match tickets, festivals wristbands, and ski passes. Season tickets move up to Classic/DESFire cards that carry entitlements for the whole season and double as loyalty media.

Match tickets, festival wristbands, ski passes, season cards
Ultralight EV1/AESDESFire (season)
04

Campus Cards & Closed-Loop Payment

One student or employee card, many applications: door access, library, print quota, and a stored-value purse for the cafeteria and vending machines. DESFire's multi-application file system is built for exactly this — each service gets its own application with its own keys, so the canteen operator never holds the door-access keys. City citizen cards (transit + pools + libraries) follow the same pattern.

Student IDs, corporate canteens, vending, city citizen cards
DESFire EV3MIFARE 2GO (wallet IDs)
05

EV Charging & Mobility

RFID charge cards are still the dominant authentication method at European charging points — and a notorious weak spot, because many networks authenticate by card UID alone, which any magic card can clone. Car sharing, fleet fuel cards, and bike-share docks use the same pattern. This is the segment MIFARE DUOX targets: ECC public-key authentication means an offline charger never stores a symmetric fleet key worth stealing.

Charge point auth, car sharing, fleet cards, bike share
DUOXDESFire EV3
06

Loyalty, Membership & Mobile

Coffee-shop stored-value cards, casino player cards, museum memberships. Increasingly these skip plastic entirely: MIFARE 2GO provisions a DESFire-equivalent credential into Apple Wallet or Google Wallet, so a transit pass or student ID works from the phone's secure element with Express Mode-style taps — closed-loop MIFARE and mobile wallets are complements, not competitors.

Loyalty & gift cards, memberships, wallet-based transit passes
MIFARE 2GODESFire Light

Which product for which job

RequirementPickWhy
Disposable ticket, cost-criticalUltralight EV1 / AESCents per inlay; AES variant when cloning matters
Migrating an installed Classic fleetPlus EV2Runs as Classic (SL1) until readers upgrade, then AES-only (SL3)
Multi-application card (transit + access + purse)DESFire EV3Per-application keys, EAL5+, transaction MAC for backend audit
Single app, budget, still AESDESFire LightFixed file layout, DESFire security at lower cost
Offline readers that can't hold fleet keysDUOXECC public-key authentication — nothing secret in the reader
Credential in Apple/Google WalletMIFARE 2GOCloud provisioning of DESFire-based credentials to the phone SE
Anything new on ClassicDon't. Crypto1 is broken and hardened clones are backdoored

Related reading & tools

NFC in Payments · NFC Payment Use Cases · RID & AID Catalog · Contactless Features (RRP, DS, MSD) · EMV Contactless Kernels