MIFARE Card Guide 2026: Classic vs Plus vs DESFire vs Ultralight
NXP MIFARE chips ship by the billions every year — Classic 1K alone still sees 800M+ units annually despite Crypto-1 being broken in 2008. This guide covers Classic, Plus, DESFire and Ultralight, and which one fits which project.
Quick Answer
MIFARE is NXP’s family of HF 13.56 MHz contactless smart card chips, launched in 1994 with 10+ billion credentials in active use across 150+ countries. Four product lines under ISO/IEC 14443 Type A: MIFARE Classic (Crypto-1, publicly broken since 2008 — legacy only); MIFARE Plus (AES-128 upgrade path from Classic); MIFARE DESFire EV1/EV2/EV3 (AES-128 mutual auth, Common Criteria EAL5+, current default for new payment, transit, and access deployments); and MIFARE Ultralight (low-cost disposable for tickets and events).
What is Mifare?
Mifare is NXP Semiconductors' family of contactless smart card chips, launched in 1994 (originally under Philips Semiconductors). Over the next three decades it became the default chip behind public-transit ticketing, hotel locks, gym lockers, campus cards, cashless venue payment and event wristbands. Today, NXP estimates 10+ billion Mifare credentials are in active use across 150+ countries.
Mifare runs at 13.56 MHz HF and complies with ISO/IEC 14443. The product line covers four security tiers: Classic (legacy / Crypto-1, broken in 2008), Plus (drop-in upgrade with AES-128 ready), DESFire (full enterprise security), and Ultralight (low-cost disposable). Project teams pick a tier based on threat model, memory needs and reader compatibility — covered in the comparison sections below.
10 B+
Mifare cards sold worldwide
150+
Countries with Mifare deployments
1994
Year Mifare was introduced
Mifare Classic
Mifare Classic is the most widely deployed contactless smart card technology. It comes in two main variants:
Mifare Classic 1K (S50)
Features 1024 bytes of EEPROM memory organized in 16 sectors of 4 blocks each. The first block of each sector is a key block containing access keys and conditions. It supports Crypto-1 authentication and has a unique 4-byte serial number. Reading distance is typically 10 cm.
Mifare Classic 4K (S70)
Offers 4096 bytes of memory organized in 40 sectors (32 sectors of 4 blocks and 8 sectors of 16 blocks). It provides the same security features as the 1K version but with significantly more storage capacity for applications requiring more data.
Security note
Mifare Classic's Crypto-1 encryption was publicly broken in 2008. For new access control or payment projects requiring strong security, consider upgrading to Mifare Plus (AES-128) or DESFire EV3. Read our Mifare Classic vs DESFire comparison for a detailed breakdown.
Mifare Plus
Mifare Plus is the successor to Mifare Classic, offering enhanced security while maintaining backward compatibility. It comes in two variants: Mifare Plus S (simplified) and Mifare Plus X (extended).
Key features include AES-128 encryption (compared to Crypto-1 in Classic), multiple security levels (SL0-SL3), backward compatibility with Mifare Classic infrastructure, and available in 2K and 4K memory options.
Mifare DESFire
Mifare DESFire represents the highest security level in the Mifare product line. It features an open architecture with a flexible file structure supporting multiple applications on a single card.
DESFire EV2
Available in 2K, 4K, and 8K memory options, DESFire EV2 supports DES, 2K3DES, 3K3DES, and AES-128 encryption. It features multi-application support, transaction MAC for securing payment transactions, and MISmartApp for hosting web applications.
DESFire EV3
The latest generation offers improved security features, faster communication speeds, support for Secure Messaging (SDM) for NFC interaction, and enhanced privacy features with optional random UID.
| Feature | Classic 1K | Plus S/X | DESFire EV3 | Ultralight EV1 |
|---|---|---|---|---|
| Memory | 1 KB | 2 / 4 KB | 2 / 4 / 8 KB | 48 / 128 bytes |
| Encryption | Crypto-1 | AES-128 | AES-128 / 3DES | None / AES |
| Security Level | Low | Medium–High | High | Low |
| Multi-App | No | No | Yes | No |
| Best For | Basic access | Upgrades | Transit, payments | Tickets, events |
Mifare Ultralight
Mifare Ultralight is a cost-effective solution for limited-use applications. It features 64 bytes of memory with no encryption (Ultralight) or with AES authentication (Ultralight C/EV1). Common applications include event tickets, single-use transit tickets, and loyalty cards. RFIDAK offers RFID paper cards with Ultralight chips for disposable ticketing projects.
NTAG vs MIFARE: Where the Lines Cross
Buyers often confuse NTAG (NXP’s NFC tag family for smartphone tap interaction) with the MIFARE smart-card family. Both are NXP, both run on 13.56 MHz HF, and both are dispatched under ISO/IEC 14443 Type A — but they answer different commands and target different deployments.
| Family | Standard | Designed For | Smartphone Read? |
|---|---|---|---|
| MIFARE Classic / Plus / DESFire | ISO 14443-3/4 + NXP custom | Reader-side auth: payment, transit, access | Read UID only (most phones) |
| MIFARE Ultralight | ISO 14443-3 | Disposable tickets, event passes | Yes (NDEF readable) |
| NTAG 213/215/216 / 424 DNA | ISO 14443-3 + NFC Forum Type 2 | Tap-to-info, anti-counterfeit, marketing | Yes (full NDEF) |
If you need an iPhone or Android phone to read your tag without an app, you almost always want NTAG — not MIFARE Classic. If you’re building a closed-loop system with proprietary readers (transit gate, hotel lock, office door), MIFARE DESFire is the right family. Read the NTAG 424 DNA guide for the smartphone-secure use case.
The Crypto-1 Break (2008): What Actually Happened
MIFARE Classic uses a proprietary stream cipher called Crypto-1 with a 48-bit key — designed in the 1990s when 48 bits was considered hard to brute-force in real time. Two academic teams independently broke it in 2008:
- USENIX Security 2008 — Karsten Nohl, Henryk Plötz and Starbug reverse-engineered the Crypto-1 algorithm by reading the chip’s photographic die layer-by-layer, then published the cipher.
- CARDIS 2008 — Garcia, de Koning Gans, Muijrers et al. demonstrated a practical key-recovery attack: capture a single legitimate authentication exchange, then derive the 48-bit key in under 1 second on commodity hardware.
- 2010 onwards — "MIFARE Classic offline cracker" tools (mfoc, mfcuk) made the attack push-button. By 2012 Dutch transit operator OV-chipkaart had migrated away from Classic; London Oyster moved to DESFire by 2010.
The practical takeaway: any new project that needs cryptographic security must avoid Classic. Classic 1K is still produced because billions of legacy readers exist, and many low-risk applications (gym lockers, library cards, school IDs) tolerate the weakness. For payment, transit, hotel keys, or corporate access, DESFire EV2/EV3 is the only defensible default.
MIFARE Migration Path: Classic → Plus → DESFire
If you operate a Classic 1K install base and want to upgrade without forklifting all readers and cards in one go, MIFARE Plus is the explicit migration product. The migration runs through five practical steps:
- Inventory readers — confirm every reader supports ISO/IEC 14443-4 (T=CL) protocol; readers older than ~2010 may need firmware updates.
- Order MIFARE Plus X cards in Security Level 1 (SL1) — behaves like Classic 1K with Crypto-1 backwards compatibility. New cards work on existing readers without code changes.
- Upgrade reader firmware in batches to support AES-128 and Plus protocol. Most modern readers (HID, Identiv, Zebra, Feig) support the upgrade in software.
- Switch to Security Level 3 (SL3) on cards — cards now require AES-128 mutual authentication. Crypto-1 fallback disabled.
- (Optional) Move to DESFire EV3 for the next replacement cycle — multi-application support, 8 KB memory, EAL5+ certified, NXP’s flagship for new deployments.
For most operators, the SL1 → SL3 transition takes 6–18 months depending on cardholder turnover (cards naturally cycle out as employees leave / tenants move).
Real-World MIFARE Deployments
The biggest production volumes by chip family illustrate why DESFire dominates new transit projects while Classic and Ultralight still ship in disposable / low-risk applications:
- London Oyster (UK) — MIFARE DESFire EV1, then EV2. 50+ million cards in circulation; migrated off Classic 1K in 2010 after MiFare Classic broke. Operated by Cubic Transportation Systems.
- Octopus (Hong Kong) — FeliCa + MIFARE-compatible hybrid. 35+ million cards; one of the world’s densest transit + payment ecosystems on a contactless smart card.
- EZ-Link (Singapore) — MIFARE DESFire EV1. Replaced the original CEPAS Classic 1K cards in 2009 after the security disclosure.
- CharlieCard (Boston MBTA) — MIFARE Classic 1K. Notably still on Classic in 2024; MBTA’s “CharlieCard 2.0” account-based program will retire it.
- Disposable event tickets (concerts, festivals) — MIFARE Ultralight EV1 / NTAG 213. Sub-$0.10 per card; printed paper or PVC for 1-event use.
Choosing the Right Mifare Chip
The choice between Mifare variants depends on your security requirements, memory needs, and budget.
Quick decision guide
- Budget access control → Mifare Classic 1K — widely compatible, lowest cost
- Upgrading from Classic → Mifare Plus — AES security, same reader infrastructure
- Transit or multi-purpose → DESFire EV3 — highest security, multi-app support
- Disposable tickets → Ultralight EV1 — minimal memory, lowest per-unit cost
Key Takeaways
- MIFARE Classic 1K/4K: cheap ($0.10–$0.30/card) but Crypto-1 is publicly broken since 2008 — acceptable only for low-risk legacy ID.
- MIFARE DESFire EV2/EV3: AES-128 mutual auth, transaction MAC, multi-application — current default for cashless payment, transit, secure access.
- MIFARE Plus: drop-in upgrade path from Classic with same UID size and AES-128 capability.
- NTAG213/215/216: NDEF-focused, smartphone NFC tap, no Crypto-1, no Classic-style sectors — the tap-to-info workhorse.
- All MIFARE chips run on ISO 14443 Type A — reader vendor lock-in is rare with standards-compliant readers from HID, Zebra, Identiv, or generic OEMs.
⚠️ Common pitfall
Specifying “MIFARE” alone is ambiguous — Classic and DESFire are 30 years apart in security. Always specify the exact chip variant (e.g., DESFire EV2 4K) in the RFQ to avoid accidental Classic supply.
MIFARE Cards FAQ
Is MIFARE Classic still safe to use in 2026?
Only for low-risk closed-loop systems — gym lockers, school IDs, library cards, internal cafeteria payments. Crypto-1 has been publicly broken since 2008; commodity tools clone Classic UIDs in under 1 second. For payment, transit, hotel keys, or office access — use DESFire EV2 or EV3.
Can I read a MIFARE card with my smartphone?
Most phones can read the UID of any MIFARE card via NFC, but cannot decrypt or perform reader-side authentication on Classic / Plus / DESFire because those need the secret keys held by the legitimate reader. MIFARE Ultralight and NTAG21x are NDEF-compatible and can be read fully by any NFC phone.
What is the difference between MIFARE DESFire EV2 and EV3?
EV3 (released 2019) adds Secure Unique NFC (SUN) for tap-to-verify URLs (similar to NTAG 424 DNA), faster transactions (up to 8 ms vs 12 ms), and improved transaction MAC for offline payment. EV2 remains in production for cost-sensitive deployments. Both are AES-128 + Common Criteria EAL5+ certified.
How much does a MIFARE card cost in bulk?
At 1,000+ MOQ, typical 2026 prices are: Classic 1K $0.10–$0.30; Ultralight EV1 $0.08–$0.18; Plus 2K $0.30–$0.60; DESFire EV2 4K $0.80–$1.50; DESFire EV3 8K $1.20–$2.50. See the RFID pricing guide for volume curves.
Can a MIFARE card be cloned?
Classic 1K/4K can be cloned trivially (UID + sectors) using off-the-shelf tools after Crypto-1 break. Plus in SL3 mode, DESFire EV1/EV2/EV3, and Ultralight C/EV1 have AES-128 mutual authentication and are not cloneable in the cryptographic sense. Physical UID copying is still possible but the secure file structure / counters cannot be replicated without the AES key.
Sources
- ISO/IEC 14443-1..4:2018 — Identification cards / contactless integrated circuit cards / proximity cards (HF 13.56 MHz). iso.org/standard/73598.html
- Karsten Nohl, Henryk Plötz & Starbug — "Reverse-Engineering a Cryptographic RFID Tag." USENIX Security 2008. usenix.org
- Garcia, de Koning Gans, Muijrers et al. — "A Practical Attack on the MIFARE Classic." CARDIS 2008. cs.ru.nl
- NXP Semiconductors — MIFARE product family overview. nxp.com
- NXP Semiconductors — MIFARE DESFire EV3 product datasheet. nxp.com/MIFARE-DESFire-EV3
- Common Criteria — MIFARE DESFire EV3 EAL5+ certificate. commoncriteriaportal.org
- NIST Special Publication 800-38B — CMAC mode of operation (used by DESFire AES-128 transactions). csrc.nist.gov/sp/800-38b
RFIDAK manufactures RFID smart cards with all MIFARE chip variants and can help you select the solution for your application. We also offer MIFARE keyfobs and wristbands for alternative form factors. Contact us for samples and pricing.
Need help turning this guidance into a product shortlist?
Use this next step when the article has narrowed the direction and you now need help choosing chips, formats, samples or the closest product family.
Comparison Pages
Compare the closest alternatives before you request samples
Open one of these if the article clarified the topic but the team still needs a cleaner format, chip or frequency decision.
Quick FAQ
Questions buyers often ask after reading this guide
What are the main types of MIFARE cards?
The MIFARE family has five active tiers, all operating at 13.56 MHz under ISO/IEC 14443A. Ultralight and Ultralight C (64-144 bytes) serve disposable event and transit tickets; Classic 1K/4K (1-4 KB, broken Crypto-1) covers legacy access control; Plus SE and Plus X (AES-128 in Classic reader protocol) serve drop-in security upgrades; DESFire EV2 and EV3 (2-8 KB, AES-128, multi-app) cover transit, hotel locks, payments and government ID; SmartMX handles dual-interface EMV payment cards. Over 10 billion MIFARE cards have shipped since 1994 (NXP, 2024).
Is MIFARE the same as NFC?
Not exactly. MIFARE is a family of contactless smart card chips from NXP at 13.56 MHz under ISO/IEC 14443A. NFC (Near Field Communication, ISO/IEC 18092) is a separate protocol layer at the same frequency, optimized for peer-to-peer and card-emulation use cases at about 4 cm. NFC smartphones can read MIFARE cards (they share the air interface), but the application data still needs the right keys or reader app. For pure NFC tap workflows use NTAG213-216 or NTAG424 DNA; for access control and payment use MIFARE Classic, Plus or DESFire.
Why are MIFARE cards so popular?
MIFARE became the de facto standard for contactless smart cards because NXP shipped the chip in 1994 at a price point that enabled mass transit rollouts, reader hardware proliferated globally, ISO/IEC 14443A ratified the air interface, and the family expanded with AES-128 (Plus) and multi-application (DESFire) without breaking backward compatibility. 10 billion+ cards deployed across 150+ countries create strong network effects: hotel lock brands, transit agencies and access control vendors all support MIFARE by default.
Which MIFARE chip is most secure?
DESFire EV3 is currently the most secure MIFARE chip. It uses AES-128 with mutual authentication, supports up to 28 independent applications with per-application keys, holds Common Criteria EAL5+ certification, and offers Secure Messaging (SDM) for per-tap rotating URL tokens. DESFire EV2 is close behind but without the SDM feature. MIFARE Plus SE provides AES security with Classic reader compatibility as a migration bridge. Classic 1K/4K uses the broken Crypto-1 cipher and should not be specified for new secure projects.
How much do MIFARE cards cost in 2026?
At 10,000+ unit volume: MIFARE Ultralight $0.05 to $0.12, Ultralight C $0.10 to $0.20, Classic 1K $0.15 to $0.25, Classic 4K $0.25 to $0.40, Plus SE $0.40 to $0.70, DESFire EV2 4K $0.50 to $0.80, DESFire EV3 8K $0.70 to $1.50. Keyfob and silicone wristband form factors add 2-4x on top of the base card price. AES-128 key personalization for DESFire adds setup fees but minimal per-unit cost at volume. Material upgrades (wood, metal, transparent PET) typically add 30-100%.
Can MIFARE Classic and DESFire work with the same reader?
Physically yes, at the ISO/IEC 14443A air interface. Functionally it depends on the reader firmware. Most modern access control readers from HID, ASSA ABLOY, dormakaba and Salto support MIFARE Classic, Plus and DESFire with the right firmware. Legacy Classic-only readers can still talk to DESFire cards in Security Level 1 emulation mode, but the cryptographic benefits of DESFire AES are not active until the reader is upgraded. Plan for a firmware audit before ordering mixed-chip fleets.
Which MIFARE chip is best for a hotel key card project?
DESFire EV3 is the current default for hotel key card procurement at global chains because of AES-128 security, multi-application support (room access, gym, pool, spa on a single card), Common Criteria EAL5+ certification and SDM for mobile-key integration. MIFARE Plus SE is a valid alternative when the lock brand supports it and the budget is tight. MIFARE Classic 1K is still accepted at many economy and mid-scale hotels, but ASSA ABLOY, dormakaba and Salto increasingly recommend DESFire for new installations.
What is the minimum order quantity for MIFARE cards?
RFIDAK typical MOQ is 500 pieces for stock Classic 1K or 4K PVC cards, 1,000 pieces for Plus SE or Ultralight C, and 500 pieces for DESFire EV3 with factory-loaded AES keys (key custody is the lead-time driver, not the card). Custom printed cards or keyfob and wristband form factors start at 1,000-3,000 pieces. Sample quantities of 20-50 pieces are free for serious B2B evaluation. Lead time is 2-3 weeks for Classic and Ultralight; 4-6 weeks for DESFire EV3 with AES personalization and multi-application configuration.
Author
Wei Chen
RFID Applications Engineer at RFIDAK
Wei Chen is an RFID applications engineer at RFIDAK with 10+ years in RFID card and tag manufacturing in Shenzhen, focused on chip selection, laundry RFID durability testing and access-control compatibility.
