MIFARE Classic vs DESFire vs Ultralight: Security Comparison (2026)
> Key Takeaway: MIFARE Classic is widely deployed but insecure (its Crypto-1 encryption was cracked in 2008), MIFARE DESFire offers genuine AES security for high-value applications, and MIFARE Ultralight is a low-cost, minimal-security option best suited for disposable transit tickets and events.
MIFARE Classic vs DESFire vs Ultralight
The MIFARE family of NFC chips, manufactured by NXP Semiconductors, is the most widely deployed contactless smart card platform in the world. Billions of MIFARE chips are in use across transit systems, access control, event ticketing, and loyalty programs.
But not all MIFARE chips are created equal. In this guide we compare the three most common variants — Classic, DESFire, and Ultralight — across every dimension that matters: memory, security, price, use cases, and cloneability.
Master Comparison Table
| Feature | MIFARE Classic 1K | MIFARE Classic 4K | MIFARE DESFire EV2/EV3 | MIFARE Ultralight | MIFARE Ultralight C |
|---|---|---|---|---|---|
| Memory | 1,024 bytes | 4,096 bytes | 2-8 KB (configurable) | 64 bytes | 192 bytes |
| Sectors | 16 sectors | 40 sectors | Application-based | 16 pages | 48 pages |
| Encryption | Crypto-1 (broken) | Crypto-1 (broken) | AES-128 / 3DES | None | 3DES |
| Security Level | Low | Low | High | Very Low | Medium |
| Standard | ISO 14443A (partial) | ISO 14443A (partial) | ISO 14443A (full) | ISO 14443A | ISO 14443A |
| UID Length | 4 bytes (NUID) | 4 bytes (NUID) | 7 bytes | 7 bytes | 7 bytes |
| Price per unit | $0.30-$0.80 | $0.50-$1.20 | $1.50-$4.00 | $0.10-$0.30 | $0.40-$0.80 |
| Read speed | Fast | Fast | Fast | Very fast | Fast |
| Common uses | Access cards, transit | Access cards, transit | Banking, secure access, transit | Event tickets, transit | Secure ticketing |
| Clonable with NFC Clone | Partial (NDEF only) | Partial (NDEF only) | No (encrypted) | Yes (NDEF data) | Partial (unencrypted) |
MIFARE Classic: Widespread but Insecure
Overview
MIFARE Classic has been the workhorse of the contactless card industry since the late 1990s. It is found in building access systems, public transit networks, and legacy identification systems worldwide. Available in 1K and 4K memory variants, it organizes data into sectors protected by the proprietary Crypto-1 cipher.
The Crypto-1 Problem
In 2008, researchers at Radboud University in the Netherlands published a devastating attack against Crypto-1. They demonstrated that all 48-bit encryption keys protecting a MIFARE Classic card could be recovered in minutes using inexpensive hardware.
Since then, multiple tools have been developed to exploit this vulnerability:
- mfoc (MIFARE Classic Offline Cracker) recovers keys using nested authentication attacks
- mfcuk (MIFARE Classic Universal Key) performs dark-side attacks against cards with default keys
- Proxmark3 is a hardware device that can sniff, replay, and crack MIFARE Classic communications
What This Means in Practice
If your building still uses MIFARE Classic access cards, the security is essentially equivalent to no encryption at all for a motivated attacker with a $50 Proxmark3 device. The data can be read, cloned, and replicated.
Should You Still Use MIFARE Classic?
For low-security applications (gym memberships, library cards, non-critical access), MIFARE Classic is still acceptable because the cost of attack exceeds the value of what is being protected. For anything involving money, personal safety, or sensitive access, migrate to DESFire.
MIFARE DESFire: Real Security
Overview
MIFARE DESFire (the name stands for "DESFire = DES + FIRE, where FIRE = Fast, Innovative, Reliable, and Enhanced") was designed from the ground up to address the security shortcomings of Classic. It is available in three generations: EV1, EV2, and EV3.
Security Architecture
DESFire uses AES-128 encryption (or optionally 3DES/2K3DES), which is the same encryption standard used by governments and banks worldwide. The key differences from Classic:
- Mutual authentication — both the card and the reader prove their identity to each other
- Session encryption — all communication after authentication is encrypted with a unique session key
- Message authentication codes (MACs) — prevent data manipulation in transit
- Application-level security — different applications on the same card can have independent keys and access rights
- Transaction support — atomic read-modify-write operations prevent data corruption
EV2 and EV3 Improvements
- Proximity check — detects relay attacks where an attacker extends the NFC range using a hidden device
- Secure Dynamic Messaging (SDM) — allows NFC tags to generate a unique, verifiable URL every time they are tapped, enabling server-side authentication without mutual authentication overhead
- Transaction MAC — cryptographic proof that a transaction occurred, useful for audit trails
Can DESFire Be Cloned?
No, not with consumer devices. The AES encryption prevents reading the protected data without knowing the keys. Even with a Proxmark3, you cannot extract the keys from a properly configured DESFire card. This is why DESFire is the recommended choice for:- Banking and payment cards
- Government ID programs
- High-security building access
- Transit systems handling stored value
MIFARE Ultralight: Cheap and Minimal
Overview
MIFARE Ultralight is the simplest and cheapest member of the MIFARE family. With only 64 bytes of memory and no encryption, it is designed for disposable or low-value applications where cost is the primary concern.
Memory Structure
Ultralight organizes its 64 bytes into 16 pages of 4 bytes each. Pages 0-3 are reserved for manufacturer data and configuration (including the UID). Pages 4-15 are available for user data, giving you about 48 bytes of usable storage.
Security (or Lack Thereof)
Standard MIFARE Ultralight has no encryption and no authentication. Anyone with an NFC phone can read the entire contents of the tag. This makes it fully readable and clonable by apps like NFC Clone.
MIFARE Ultralight C
The "C" variant adds 3DES authentication, providing a moderate level of security. A reader must present the correct 3DES key before accessing protected pages. While 3DES is considered less secure than AES, it is sufficient for most ticketing and access control scenarios.
Common Uses
- Single-ride transit tickets — printed on paper with an embedded Ultralight chip
- Event wristbands — disposable bands for concerts and festivals
- Ski lift passes — day passes that are discarded after use
- Promotional tags — marketing stickers and product tags
Which MIFARE Type Can NFC Clone Work With?
| MIFARE Type | Readable by NFC Clone? | Writable by NFC Clone? | Fully Clonable? |
|---|---|---|---|
| Ultralight | Yes | Yes | Yes (NDEF data) |
| Ultralight C | Unencrypted pages only | Unencrypted pages only | Partial |
| Classic 1K/4K | NDEF sectors only | NDEF sectors only | Partial |
| DESFire | No (encrypted) | No (encrypted) | No |
For a complete list of all supported tag types, visit our Supported Tags page.
Choosing the Right MIFARE Type
Choose MIFARE Ultralight when:- You need the lowest possible cost per unit
- Security is not a concern (disposable tickets, promotional tags)
- You need minimal memory (under 48 bytes of user data)
- You have a legacy system already built on Classic
- The application is low-security (gym, library, basic access)
- Budget is moderate and you need more memory than Ultralight
- Security is critical (financial data, government ID, sensitive access)
- You need application-level access control with multiple keys
- Compliance standards require AES encryption
- You need protection against cloning and relay attacks
Conclusion
The MIFARE family spans the entire spectrum from disposable-and-cheap to bank-grade-secure. Understanding the differences is essential for choosing the right chip for your project and for understanding the limitations of what can be cloned.
For more on NFC security, read our NFC Security Guide. To start working with supported MIFARE tags, download NFC Clone free on Google Play.
Ready to Clone Your NFC Tags?
Download NFC Clone for free — the easiest NFC tag copier for Android.