Thank you for your response.
What I'm doing is:
1. Select one application
2. Authenticate using AES (key=0)
3. Get the files' IDs of that application (first command after authentication)
Response: 02 01 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 bb 52 08 c7 a8 9a a0 65
Where data is (16 bytes): 02 01 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10
and CMAC is (8 bytes): bb 52 08 c7 a8 9a a0 65
AES key is all zeros (didn't change it).
RandA:
b8 62 94 00 10 26 cf c4 d8 71 a3 e1 81 be 62 9c
RandB:
11 26 c5 ea 17 9b 86 a5 6c bc 82 65 81 74 83 8e
Session Key:
b8 62 94 00 11 26 c5 ea 81 be 62 9c 81 74 83 8e
Since it's my first CMAC computation I use a 16-byte IV all zeros, the session key, and that 16-byte data.
My CMAC output (16-byte), which is wrong, is:
a8 8f 18 13 b5 2c 83 94 47 16 e0 47 fc dc 0d 4c
I'm using a library for the CMAC calculation and I tested it against some values including the ones from "test/test_mifare_desfire_aes.c" and all works fine.