MiFare DESFire are iso14443A compliant contactless smartcards, and support all layers including iso14443-4. These cards are so-called “stored value” cards, so you cannot install and execute your own program code on DESFire cards. DESFire is like a memory card with access control.
Typical usage is within public transportation and access control.
DESFire cards are considered secure. Even though there are some theoretical security flaws, no public working hack has been published like there has been for Mifare classic (standard) cards. (The new DESFire EV1 cards are supposed to address the flaws found in v0.6).
Depending on the version of the card, a DESFire card might support commands in native, native-wrapped or iso7816-4 command set styles.
- Software version v0.4 does not support APDU (only native commands)
- v0.5 adds support for wrapping native commands inside ISO 7816 style APDUs
- v0.6 adds ISO/IEC 7816 command set compatibility.
New versions of DESFire cards (EV1) (v1.3) support extended APDU commands.
“Application” in DESFire terms is more like a DF (Directory File) in iso7816. DESFire AIDs (Application IDs) are 3 bytes long.
The command style of the first command determines the mode for the rest of the session. You cannot mix different command modes in the same session.
First, lets look at Native command mode.
Native Command mode:
Most of these commands are one byte long, and the card responds with “statusbyte + [optional data]“
00 : Command successful
af : More data (send command 'af' to fetch remaining data)
9d : Permission Denied
--> To card
<-- From card
Example using a blank DESFire v0.6 card:
--> 60
<-- af 04 01 01 00 02 18 05
--> af
<-- af 04 01 01 00 06 18 05
--> af
<-- 00 XX XX XX XX XX XX XX ZZ ZZ ZZ ZZ ZZ 05 06The first response denotes the hardware releated data: version is 0.2 (00 02), and storage size is 18 (4096 bytes)
The second response denotes the software releated data: version is 0.6 (00 06), and storage size is 18 (4096 bytes)
The X’s are the 7-byte UID
The Z’s are the 5-byte batch number
05 = Calendar week of production
06 = Production year
--> 6a
<-- 00No applications available (blank card)
--> 5a 00 00 00
<-- 00OK
--> 6f
<-- 9dPermission denied.
--> 45
<-- 00 0f 010f = All bits in the lower nibble are set, meaning configuration can be changed, CreateApplication/GetApplicationIDs/GetKeySettings can be performed without master key, and master key is changeable
01 = Only 1 key can exist for this application (the PICC application)
--> 64 00
<-- 00 00The PICC master key version is 0×00
--> 0a 00
<-- af a2 be cd 03 d8 46 cb 33
--> af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c
<-- 00 76 73 d9 49 71 3f f2 d1This example only showed authentication with the PICC application. In a real world transaction, you would typicall select a specific AID (!= 00 00 00), authenticate, and then read/write to files within that application.
After a successful authentication, further communication with the card is done in plain/plain+MAC/encrypted+MAC, depending on the access bits for the particular file.
Authentication is done using DES or Triple-DES, depending on keysize. If key is 8 bytes: Single DES. If key is 16 bytes, and the first 8 bytes of the key are different from the last 8 bytes: Triple-DES. The card terminal (PCD) always use DECRYPT_MODE (both when recieving and sending encrypted data), and the card always uses ENCRYPT_MODE. However, the DESFire crypto is a bit different from the normal DES/CBC scheme: The PCD uses DES “send mode” when sending data (xor before DES), and the card uses DES “recieve mode” when recieving data (xor after DES). But when the PCD recieves data, it uses normal DES/CBC mode (xor after DES), and the card uses normal DES send mode when sending data (xor before DES).
| Send encrypted data | Recieve encrypted data | |
| PCD (DECRYPT) | DES/CBC “send mode” | Normal DES/CBC “recieve mode” |
| Card (ENCRYPT) | Normal DES/CBC “send mode” | DES/CBC “recieve mode” |
The last 2 modes are useful if you need to communicate with a DESFire card through PC/SC, or you need to emulate DESFire on Java Cards.
Native Wrapped command style:
In this mode, native commands are wrapped inside iso7816 style APDUs.
cls ins p1 p2 lc [data] le
90 [native ins] 00 00 lc [data] 00
SW1 SW2
91 [native status code]--> 90 60 00 00 00 00
<-- 04 01 01 00 02 18 05 91 af
--> 90 af 00 00 00 00
<-- 04 01 01 00 06 18 05 91 af
--> 90 af 00 00 00 00
<-- 04 28 3b 61 5b 1b 80 8e 64 55 61 10 05 06 91 00
--> 90 6a 00 00 00 00
<-- 91 00
--> 90 5a 00 00 03 00 00 00 00
<-- 91 00
--> 90 6f 00 00 00 00
<-- 91 9d
--> 90 45 00 00 00 00
<-- 0f 01 91 00
--> 90 64 00 00 01 00 00
<-- 00 91 00
--> 90 0a 00 00 01 00 00
<-- a2 be cd 03 d8 46 cb 33 91 af
--> 90 af 00 00 10 b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c 00
<-- 76 73 d9 49 71 3f f2 d1 91 00The last mode is the iso7816 command set mode:
Full support for these commands require DESFire v1.3 (EV1)
ISO SELECT (A4)
ISO GET CHALLENGE (84)
ISO EXTERNAL AUTHENTICATE (82)
ISO INTERNAL AUTHENTICATE (88)
ISO READ BINARY (B0)
ISO UPDATE BINARY (D6)
INS READ RECORDS (B2)
ISO APPEND RECORD (E2)
As you can see, not all functions are available using the iso7816 command set. If you need more functions, you must use native or native-wrapped mode.
September 29th, 2009 at 11:38
Hello.
and I assumed card responded on command “authenticate” ( 0x0A ) like in Your example “af a2 be cd 03 d8 46 cb 33″. So utilizing only autentication procedure and mentioned key value I should get APDU frame to card like in Your example again:
Nice example but I’m not able to do any autentication with Desfire card.
I was trying to authenticate accordingly to nxp documentation but still get 0xAE error ( authentication failed ).
Looking at Your example above ( I guesss You utilized master PICC transport key which value as I know is equal 0 or better all bytes are 0′es )
I was trying to forget about the card
af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c
Unfortunately , I’m not able to achieve the same result. Could You describe me step by step operations that led You to above APDU frame ?
Regards
Jacek
September 29th, 2009 at 12:48
Hi,
Yes I used default DESFire key with all ’0′s.
The auth starts with host sending 0x0A + keyNumber to card.
Card responds with 0xAF + encrypted RANDOM_B (8 bytes)
Host DECRYPTS RANDOM_B using normal DES CBC recieve mode.
Host then creates new array ARRAY2 (length 16), and copies its own random data (RANDOM_A) to bytes 0-7.
Bytes 8-15 are the decrypted RANDOM_B, but with a 1 byte left shift. So ARRAY2[15] = RANDOM_B[0]
ARRAY2 is then DECRYPTED using CBC SEND mode (not a normal CBC mode, and you will probably not find a standard library that does this for you. You may have to implement this CBC mode yourself using Single DES + xor).
Host then sends the decypted ARRAY2 to card: 0xAF + decrypted ARRAY2.
Card ENCRYPTS ARRAY2, and if RANDOM_B is correct (after a 1 byte right shift), it then does a 1 byte left shift of RANDOM_A, and ENCRYPTS the result using normal CBC Send mode.
Card then responds with 0×00 (auth ok) + encrypted RANDOM_A (after 1 byte left shift).
Host then DECRYPTS the response using normal CBC recieve mode, and checks RANDOM_A (remember 1 byte right shift).
Auth finished.
Let me know if it works
Ridrix
September 29th, 2009 at 14:11
Thanks for fast response.
What exactly means xor operation here ? Xor given buffer with what ?
1) Itself – byte after byte ( ARRAY2[0] = ARRAY2[0]^ARRAY2[0], ARRAY2[1] = ARRAY2[1] ^ ARRAY2[1] and so on) .
2) With given number ? – All bytes xor’ed with 0xFF for example , so ARRAY2[0] = ARRAY2[0] ^ 0xFF, ARRAY2[1] = ARRAY2[1]^0xFF and so on.
Regards
Jacek
September 29th, 2009 at 15:53
Sorry, a little typo there, I meant you have to implement CBC mode yourself using _Triple_DES + xor.
XOR is a part of the CBC mode. See here how CBC works:
http://upload.wikimedia.org/wikipedia/commons/d/d3/Cbc_encryption.png
(The XOR operation is of course the circle with the cross inside.)
The CBC mode in this picture is the normal CBC send mode (as done by the card when sending data to host).
When receiving data, the card does the xor operation AFTER the “Block Cipher Encryption” step (but still using DES ENCRYPT).
Note that the card ALWAYS uses DES ENCRYPT mode (both when recieving and sending data). And the host ALWAYS uses DECRYPT mode.
September 30th, 2009 at 11:44
So , as I understood this modified 3DES CBC decryption it is 3DES CBC decryption but with schema as for encryption. In other words, in first step
I xor iv with first 8 bytes of cryptogram ( for encryption schema it is first 8 bytes of text ) and do 3DES decryption. In next step, previously 8 decrypted bytes I xor ( it is new iv ) with next 8 bytes of cryptogram and do next 3DES decryption.
September 30th, 2009 at 12:13
Uffff… Now it works for 0x0A for Your sample above. Now real card….
January 27th, 2010 at 14:45
Still fighting with CBC mode using _Triple_DES + xor.
…
RNDA and RNDB is combined. -> 16 bytes
What should be XOR and with what?
In java
byte keyBits[] = new byte[]{ (byte)0×00, (byte)0×00, (byte)0×00, (byte)0×00, (byte)0×00, (byte)0×00, (byte)0×00, (byte)0×00 };
Cipher c = null;
IvParameterSpec iv= new IvParameterSpec( new byte[]{ (byte)0×00, (byte)0×00, (byte)0×00, (byte)0×00,(byte)0×00, (byte)0×00, (byte)0×00, (byte)0×00 }, 0, 8 );
SecretKeySpec sks = new SecretKeySpec( keyBits, 0, keyBits.length, “DES” );
c.init( Cipher.DECRYPT_MODE, sks, iv);
c.doFinal(combinedArray, 0, tempSource.length, result, 0 );
January 28th, 2010 at 09:32
Also cipher algorithm is
c = Cipher.getInstance( “DES/CBC/NoPadding” );
December 24th, 2009 at 10:46
Hi Ridix,
Could you please send me the “3des source code in C” if possible.
I have an algo. which gives decrypted output {0×39,0×34,0×51,0x2a,0xb2,0x3d,0×55,0×05}for input{0xa2,0xbe,0xcd,0×03,0xd8,0×46,0xcb,0×33}.
Please check.
Thanks,
Bala.
September 29th, 2009 at 13:28
Oh, and I forgot, the Initialization Vector to the CBC is all ’0′s. (Which, by the way, is a possible security flaw).
September 30th, 2009 at 06:30
Hi can you please help me on How can I communicate with DESFire using the other type of commands. I have successfully done it using this type of commands. But I am having a hard time using the commands with the
cls ins p1 p2 lc [data] le
90 [native ins] 00 00 lc [data] 00
SW1 SW2
91 [native status code]
I dont know what to put in the instruction code and the p1 p2 area.
I have two different readers Omnikey 5121 and Omnikey 5321. The 5121 doesn’t accept Native commands.
Help will be appreciated.
Thanks
September 30th, 2009 at 12:40
Hello Baron.
I utilize Omnikey CardMan 5121.
It works without problems in ISO7816-4 mode. What problems You have with it ? As mentioned in documentation P1 and P2 are always 0.
LE = 0 must be at the end of APDU frame.
Jacek
September 30th, 2009 at 11:49
To avoid further misunderstandings, all DES oparations in 0x0A autentications are 3DES operations ?
September 30th, 2009 at 12:25
Weither the operation is 3DES or singleDES depends on the size and format of the key. But it’s better to always use the 3DES algorithm, because that will work both as 3DES and SingleDES, and a 3DES operation is usually pretty fast anyway. For example: If your key is 16 bytes, and the first 8 bytes are equal to the last 8 bytes, then the effecive encryption will be single DES, even if you are using 3DES. 3DES is Single DES done 3 times: ENCRYPTION (using key bytes 1-8), DECRYPTION (using key bytes 9-16), and ENCRYPTION (using key bytes 17-24). So use 3DES and create code to “expand” the key. Let’s say your 3DES algorithm wants 24 byte keys: if the key is 8 bytes, then repeat these 8 bytes 2 times (SingleDES). If the keys is 16 bytes, then copy the first 8 bytes into bytes 17-24.
October 7th, 2009 at 18:32
Hello,
I’m working on a project and i have to use mifare desfire but i don’t know anything and i couldn’t find any information about communication.
Can you give me document about how can i communication it.
thanks
October 8th, 2009 at 13:39
Hi,
To obtain the desfire documentation you will have to contact NXP. You will most likely have to sign NDAs (None Disclosure Agreements). I don’t have any documentation I can give away unfortunately. I haven’t signed any NDAs with NXP. All the information you can find in this blog is collected from other blogs and forums on the internet. What do you mean by “how can i communicate with it”? Do you have a card reader and know how to program against PC/SC? Make sure you have a contactless smartcard reader, like the Omnikey Cardman 5321 or similar which supports the PC/SC standard. Then write an application in C/Java (or other preferred language that has PC/SC bindings), and use the “native wrapped mode” or “ISO command set mode” to communicate with your Desfire card.
October 9th, 2009 at 13:54
Hello again.
A lot of work I have done with Desfire card so far but now but in front of me many serious problems concerned with secure messaging as always
First task – key changing
I created application with 5 3DES key on “good day”. Accordingly to documentation they should have 0′es values. Chnage mode to the keys I set in that way , key changing is possible if old key with the same number will be authenticated.
After application selection, I was trying to change key 1. Before operation I authenticated succesfully with old key 1 and in further step I issued “Change key” APDU sequence. Unfortunately , error 0x1E appeared.
What could went wrong ?
1) Autentication was succesfull so I assume session 3DES key I calculated ok
2) Myabe CRC16 ? I found different ways of calculating it even with the same generator. Could anybody confirm that CRC16 for 16 bytes, each of 0 value ( default value of old 3DES key ) , is equal 0xAFA9 ?
I put it 0xA9 0xAF in APDU buffer LSB MSB. Correct ?
3) 3DES calculation of data. It is normal 3DES encryption in CBC mode with IV = 0 ? ( data to be encrypted is “new key” || CRC16 || 0′s padding until 24 bytes )
Any suggestions ?
Regards
Jacek
October 19th, 2009 at 16:43
Hi, This has been a very useful article, thanks for publishing it.
I am looking at DESFire EV1, but cannot get a list of the command codes to use for the following functions.
Authenticate
Change KeySettings
Set Configuration
Change Key
Get KeyVersion
Create Application
Delete Application
Get Applications IDs
Free Memory
GetDFNames
Get KeySettings
Select Application
FormatPICC
Get Version
GetCardUID
Get FileIDs
Get FileSettings
Change FileSettings
Create StdDataFile
Create
BackupDataFile
Create ValueFile
Create
LinearRecordFile
Create
CyclicRecordFile
DeleteFile
Read Data
Write Data
Get Value
Credit
Debit
Limited Credit
Write Record
Read Records
Clear RecordFile
Commit Transaction
Abort Transaction
Do you have any links or other documentation I can read to help with this. I have tried NXP several times but they don’t respond!
Many thanks in anticipation
October 29th, 2009 at 17:29
I don’t have any document that describes all the commands unfortunately. I think such documents are only available under NDA’s. However, you can find many of the DESFire commands in the Nokia proprietary extension classes in the 6212 Java SDK. This SDK is free, but you need to register to download. Registration is of course also free.
http://www.forum.nokia.com/info/sw.nokia.com/id/5bcaee40-d2b2-4595-b5b5-4833d6a4cda1/S40_Nokia_6212_NFC_SDK.html
Install SDK and add to for example Netbeans.
Look in the package “com.nokia.nfc.nxp.desfire”.
These classes contain utility methods that help you construct native DESFire commands. I think most of the commands are described there.
June 8th, 2010 at 08:50
Hello,
I’m developing an application for a mifare DESFIRE card and a portable terminal from Ingenico (EFT930G Contactless).
I have done tests with SAM communications without problems (activating, selecting app, presenting the PIN…), I have also sent different commands to the card with good results: GetVersion (in order to get the card UID), GetApplicationIDs, SelectApplication…
My problem has appear when I’m trying to carry out the authentication process in order to get the session key.
I follow the first steps, but when I send the Authenticate Command to the card (with KeyID 0×01): 0×90, 0x0A, 0×00, 0×00, 0×01, 0×11, 0×00 the cards returns only 3 bytes, instead of 8.
I have tried many different things, as sending Additional Frame command (0×90, 0xAF, 0×00, 0×00, 0×00) in order to get the rest of the of the bytes, but the card always returns me the Command Aborted message: 91 CA
Please, can you help me with this issue?
Thank you very much in advance.
June 21st, 2010 at 14:50
This is beacause the length of card response is set to 3 bytes instead of 8. check this parameter.
June 21st, 2010 at 15:24
Thank you freeds,
It was exactly this issue…it wasn’t set to 3 bytes (null value) but it must be 8
June 20th, 2010 at 12:17
hi ridrix
i develope an application for Desfire card. the authentication with card is successfull and I can generate the session key.
bt I have a problem. How we can specify a key (rather than application master key) in the selected AID. osuppose that I want to set the value of key 1 to 0×00 0×11 0×22 0×33 0×44 0×55 0×66 0×77 0×00 0×11 0×22 0×33 0×44 0×55 0×66 0×77. and then set the access right of a data file to authenticated with this key. my question is general . how and when we can specify the application user file?
thanks in advance
Jafer
November 19th, 2012 at 10:42
hi ridix,
I have created a application with 2 keys. with crypto mode Desfire Native. I need to change key for key entry 1 in the application. Since I have created application with change key access rights with 0x0E I need to authenticate with same key. The authentication is success and session key is generated, but later change key gives me an error 0x1E. I have calculated a CRC16 and appended to data frame and appended 00′s to make it multiple of 8. can anyone help me on this?
July 8th, 2010 at 05:00
Hi, I am a newbie and I am trying to communicate with a DESFire card using an OMNIKey 5321 reader on VB6. I am able to follow all the communication samples and I am also able to do authentication. I request assistance on how to create an application on a new card and subsequently write and read standard files into the application created. Any assistance will be greatly appreciated. Thanks.
July 9th, 2010 at 08:20
Hi guys.
I’ve a problem with desfire EV1 cards. I can send basic commands in ISO7816 wrapping mode such as GetVersion, Select Card Level and Authenticate by default TDES card level key (all ’0′). After that I’ve correctly generated the session key, I would to set an UID random by the setConfiguration command. Now, I don’t know on which data the CRC32 is evalued. In fac, following commands give me 811E error:
90 5c 00 00 09 00 Ek(02 CRC32(90 5c 00 00 02) 00 00 00) 00.
The result doesn’t change if I use CRC32(5c 00 02) or CRC32(all command). Help me, please!!
July 19th, 2010 at 13:13
Hi Ridrix,
Excellent examples
I am new one in the card development. and start working on desfire native mode using omnikey reader. Need some guides in change key command.
Here is my log
->CA 20 20 20 0F 0E( CREATE APPLICATION HAVING ID=202020 )
5A 20 20 20
0A 02
AF F8 07 5D C3 EA F3 CD 7C 68 2D F6 46 44 FF 34 6D
>0101020203030404
RANDOM B>>6B4B5908F93AA1E4
SESSION KEY>>010102026B4B590803030404F93AA1E4
String oldKey = “00000000000000000000000000000000″;
String newKey = “00112233445566778899aabbccddeeff”;
-> C4 02 DF 90 2F 3D 84 89 2D B9 13 20 EC 9D 98 F3 A6 47 B2 0E 71 B9 09 F0 29 69
<- AE
Need your guides in change key command
Hope this finds you all in the best of Good days and good luck.
Thank you
cheers
July 20th, 2010 at 10:18
Try authenticating using master key ->0A 00 before the change key.
Please let me know if it works.
Also could you kindly share the CRC for your new key. I am having difficulty myself generating the CRC for the change key command.
Goodluck, and hope to hear from you!
June 2nd, 2011 at 04:40
http://ctskinner.blogspot.com/2011/03/desfire-sam-crc16.html
June 2nd, 2011 at 04:42
Java crc32
http://ctskinner.blogspot.com/2011/03/crc32.html?showComment=1303100723901#c44434266748248545
July 22nd, 2010 at 11:45
Hi,
Looks like the CRC calculation is a problem. I have tried several versions with no success. I am fairly confident that the rest of the ChangeKey code is correct.
Can anyone with a known to be working CRC16 routine for DESFire supply a CRC16 value for the following example: AABBCCDDEE001122
Many thanks.
August 23rd, 2010 at 15:41
desfire uses iso14443a crc16 – here’s the python implementation i use:
August 31st, 2010 at 04:49
Hi Adam Laurie?
Do you have the CRC16 implementation in Java and C++?
I have already tested the implementation in Java, but why the result is different?..
Could you help me regarding this?
Thx
August 31st, 2010 at 13:45
I don’t have a Java implementation, but here’s one in C:
and BTW, the correct answer for the original example (AABBCCDDEE001122) is 7B09, so you need to be careful to use the correct byte order when passing on the short returned by this version.
August 31st, 2010 at 13:49
Hmmm… Something went horribly wring with cut & paste there!
August 31st, 2010 at 13:53
OK, so it;s not cut & paste but something in wordpress that’s screwing it up…
Function is here:
http://www.rfidiot.org/crc16.c
September 1st, 2010 at 03:41
Hi Adam Laurie
Thanks for the CRC16 in C implementation..
It works great!!..
But unfortunately, i’m still looking for CRC16 in Java implementation, and i’m still facing problem when convert it to Java..
Anyway, thanks for the example..
August 7th, 2010 at 10:39
hi Ridrix,
i have a Desfire MF3ICD41 card and wrote a C# program for authenticate with it; the default key is 0000000000000000
but i can’t authenticate with this card
may you give some test vector for my authenticate module (i sure that’s work correctly but i can’t authenticate yet)
please help me
regards
August 9th, 2010 at 08:58
hi ridrix
my desfire card is MF3ICD41 (Desfire EV1)
if authentication algorithm is different from that you describe??
regards
August 11th, 2010 at 12:57
Hi Ridrix
I am trying to create files and read and write those files.
I succeed with the Data files, but with the record file I am receiving error “0xBE”.
I’m creating record file and can write the record file. On the Read Record command I’m receiving this error.
Command I send:”bb 07 01 00 00 03 00 00″ – as I understand it’s file 7 from read 3 ercords starting from record 1. This file have 3 records.
What is wrong here?
regards
August 11th, 2010 at 13:58
I have one more question.
I can’t create value file. I receive error code 9E (parameter error).
command that I send:cc 01 00 42 f0 00 00 00 00 99 99 99 99 00 00 00 01 01
Thanks you
August 31st, 2010 at 04:17
Has anyone read and decrypted a key from ANY Mifare DESFire cards?
Specifically public transit systems?
August 31st, 2010 at 17:06
Hi, guys.
I’ve a question for you. I’m using nokia 6212 in order to read a DESFire EV1 card personalized in ISO7816 wrapping mode; but I’ve some problem because the phone doesn’t detect the card. I use this code in targetDetected method:
if (classes[i].equals(Class.forName(“com.nokia.nfc.nxp.desfire.DESFireConnection”))) {
String url = target.getUrl(classes[i]);
conn = (ISO14443Connection)Connector.open(url);
The method Connector.open(url) is not capable to establish a connection. In case of APDU commands native, I thing the connection work. In other words, I think that is not possible to use the specific features of Ev1 chip, that is AES authentication, UID random and ATS configurable. Is it so? If not, how can I connect my 6212 phone to the chip Ev1 card in order to use the EV1 features?
Thank you in advance.
September 2nd, 2010 at 08:49
Hi!
I’ve found that the nokia 6212 cannot open connection only if the uid of desfire ev1 card is set to “uid random”; when I use a desfire ev1 card with uid in plain, the connection is ok. Now, I think the problem is of phone because the uid random not change after the RF-reset but then I don’t know why connection fails. Have you some idea?
November 12th, 2010 at 06:27
Hi all
Iam new into card development.
I have dis Mifare 1K card.
iam able to get the UID but cannot get the authentication done.
I am trying read and write from the sectors but without authentication
it gives me 69 82 as response.
please help me
regards
November 14th, 2010 at 07:44
Hi Vaishali, This error means security status not satisfied.
You should first select application on the SAM and on the PICC, then authenticate this application, and only when applications will be authenticated you will be able to read and write records.
Try to authenticate with master key 0.
November 19th, 2010 at 10:47
Hi Ridix and another one!!
Thanks for your web!!
I have a question about the authentication. In the cbc encryption the Plaintext is the random numbers, the key is the codification key (0s in your example), but what is the initialization vector??
Thanks!
December 15th, 2010 at 17:24
Hi,
I am trying to change the keyno 1 of my application but I get a 911E error, what means that CRC or padding must be wrong. I can authenticate to the master key and get the session key. Here I post the output of my program.
Session Key: D8 15 60 CE 33 55 7D BC 3E F4 34 EA 1D FF F9 28
Old Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
New Key: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
Key Data: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF 69 CC 69 CC 00 00 00 00
Transmitted data: 71 66 0B 4C C6 EB A6 F9 D6 36 86 2F 6A ED 33 E5 D9 84 50 B0 04 6B A9 85
I Hope someone can help me.
December 23rd, 2010 at 10:56
The session key is wrong.You have to authenticate with the old key.The first eight bytes are equal to the second half , therefore you have to build
the session key in the same way.The first half of the session key must be
equal to the second half.
December 30th, 2010 at 11:28
Hi,
Thanks for your response.
So, what you mean is that if the random numbers are: D8 15 60 CE 3E F4 34 EA – 33 55 7D BC 1D FF F9 28, the key I have to use is: D8 15 60 CE 33 55 7D BC D8 15 60 CE 33 55 7D BC ???
Bye.
December 30th, 2010 at 12:02
Hi again,
I have a similar problem trying to send encrypted data, so I think that maybe the problem is not in the key, but in the way I encrypt the data when the data is more than 8 bytes.
For example if I try to write 00 01 02 03 04 05 I send the next command and everything is fine:
90 3D 0000 0F 06 000000 060000 + Encrypt(00 01 02 03 04 05 28 da) + 00 –> OK
But if I try to write more bytes it doesn´t work.
90 3D 0000 17 06 000000 0c0000 + Encrypt(00 01 02 03 00 01 02 03 00 01 02 03 62 20 00 00) + 00 –> FAIL
Here is a log:
Data: 00 01 02 03 00 01 02 03 00 01 02 03 62 20 00 00
Session Key: 43 D8 9D 37 3F 0F E1 BC
APDU: 90 3D 00 00 17 06 00 00 00 0C 00 00 3F 40 08 FC 1D 60 5D C8 B4 30 71 1D 03 E1 57 11 00
Does anyone know why fails when I try to write more than 8 bytes??
Thanks again.
January 23rd, 2013 at 07:36
Hi Gorka,
Would you mind tell me how attain CC 69 for your data please?
it is so imprtant for me too find how crc 00 11 22 33 44 55 66 77 88 99 AA bb cc dd ee ff == cc 69
December 20th, 2010 at 12:55
Hi,
Can any one have the CRC32 implementation in Java or C++?
Thank you,
December 23rd, 2010 at 22:23
Here is a C version:
http://www.rfidiot.org/crc32.c
December 23rd, 2010 at 09:38
Hello:
How to know the version of a DESFire card? (any Command?)
Thanks~
December 23rd, 2010 at 15:43
Hey,
I implemented almost the whole DESFire-spec in java and everything works fine (i.e. authentication with aes/des, create/delete aid, create/delete fids, write standard files) but I’m not able to change a key on application level. I’m creating an aid, a fid, standard file and write some bytes into it. Everything with standard key (i.e. 0×00…). Reading out the file does work also.
Now I implemented a changeKey-method which should work but always gives me 0x1E, i.e. “INTEGRITY_ERROR”. I’m using the standard java crc32 implementation. Authentication ist 0xAA, i.e. aes. But I also get 0x1E if I “corrupt” bytes of the ciphered key data block, so I’m not sure if my crc32 is not correct or the parameters are in the wrong order. According to the spec, its encrypt(aesKey(16), keyVersion(1), CRC32(4), padding(11)), right? Does java.util.zip.crc32 produce the correct crc? The exponents etc. should be correct, I even tried to XOR the bytes with 0xFF…
Any hints on this one? Thanks a lot!
May 3rd, 2011 at 09:47
Hello,
i’m developing a java application and i want to read files from a desfire ev1 card with AES protection. I began to reconstruct the way of authetification from the nxp application notes. i succesfuly can generate the reply from pcd (to picc’s) to the command 0×90 0xAA. Only problem is after i send (0×90 0xAF 0×00 0×00 0×32….) i get a IllegalArgumentException with “invalid apdu: length=38, b1=50″. In NXP documentation i read that length of command could be up to 64byte, so i think thats enough.
Thanks a lot for any help. And sorry for my english. If someone prefers german answer on my question thats no problem;)
May 4th, 2011 at 08:51
OK, i think i need a brake. only problem was 0×32 is not the same as 32 (int).0×20 in stead of 0×32 works perfectly;)
October 19th, 2012 at 14:18
Dear selzeda,
If you would kindly share or send me the desfire library you created in JAVA, that would be a greatly appreciated help. szgeri@gmail.com
Thank you, George
April 25th, 2013 at 09:15
Hello,
I’m also trying to use java to write and read desfire ev1 cards, is it possible for you to share library with me?
email:insaniae@gmail.com
April 25th, 2013 at 15:49
I would be interested in this libary too. Could somebody of you share it to me. Would be very nice. meph88@gmail.com
January 19th, 2011 at 08:11
Hi,
Can any one have the CRC32 implementation in Java according to Mifare Desfire specification
Thank you,
February 2nd, 2011 at 10:35
Hi,
You just have to copy the crc32_table and then create a new method where the crc is calculated:
public byte[] crc32(byte[] d) {
long temp;
long oldcrc=0xffffffff;
for(int i = 0; i > 8) & 0x00FFFFFF) ^ crc32_table[(int) temp];
}
byte [] b = new byte[4];
for(int i= 0; i >> (i * 8));
return b;
}
February 2nd, 2011 at 10:39
Arggg,
It seems there is a problem when trying to copy the code. Here is the code again. If it does not appear correctly please post your email and I will send you.
long len = data.length;
for(int i = 0; i > 8) & 0x00FFFFFF) ^ crc32_table[(int) temp];
}
byte [] b = new byte[4];
for(int i= 0; i >> (i * 8));
}
February 2nd, 2011 at 13:18
Hi,
I have been reading the Ev1 specification but I cannot undestand how the IV management works.
In the beginning we have Iv=0×00 … 0×00. Then we send something and the CMAC value gets a value, for example IV=0011223344556677. So how can I get the second part of the IV and get the new value IV=11223344556677XXXXXXXXXXXXXX ??????????
Thanks
October 20th, 2012 at 18:54
Hi Gorka,
having the same issue… Did you find a solution of how to calculate the second part of the IV?
I’m also having trouble calculation the AES CMAC, but that’s a different story…
Thanks!
February 2nd, 2011 at 15:03
Hi,
i am facing problem in changing card master key to AES.
Raw Text >>
000000000000000000000000000000000075450000000000
after native enciphering>>
91EC5552B50A73630000000000000000E97E894656A9F0F4(incorrect)
Can any explain desfire native TDES MODE enciphering for change master key case2?
My session key =b954afcbcf8c4e95b954afcbcf8c4e95b954afcbcf8c4e95
Thanks.
February 24th, 2011 at 04:27
with an omnikey 5321 I get
DESFire ATR 3B8180018080
UID 04 52 2E AA 47 23 80 90 00 [from apdu FFCA000000]
All other apdu give 917E unknown error
February 24th, 2011 at 17:50
Hi,
I don´t know what you are sending to your DESFire card, but the 917E means that:
0x7E LENGTH_ERROR Length of command string invalid
So, take a look at the length you are indicating in your commands because it mus be wrong.
Hope this helps.
Bye.
June 2nd, 2011 at 04:31
most apdu now working
but NOT ChangeKey <<<<<<<<<<<<<
which differs according to Native|Standard
may have iv pre-decrypt?
may require version ?
for key0 all zeros Session key 1sthalf=2ndhalf?
Standard uses crc32?
tried all, no changekey
working: MakeAID, read,write, even format works!
(I have a lot of test cards to play with!)
March 4th, 2011 at 02:11
Hi to all,
I’m new to the smartcard Desfire programming.
Following the samples in the forum I was able to get the UID of the desfire card, but no success in the nex steps. Basically I wanna do:
1) Create application (other than 000000)
2) Set a new Key to the application( use application level keys, not the master PICC)
3) Create a new file within the application
4) Being able to read the app/file created in the 1~3.
Can some body provide a source code in c/c++, so I can see how it is done?
Thank you in advance and any help is very welcome.
March 5th, 2011 at 03:21
Gorka
I am facing exactly same error mentioned in one of yours previous message (msg at the end).
I can successfully authenticate and create the session key. But I am not able to change PICC MASTER KEY.
Already tried Mustafa suggestion to use sessionkey with first 8 bytes equals to last 8 bytes. Same result (91 1E).
No idea what is the correct process to be able to debug/resolve this issue.
Have you been able to figure this out? If so, what was the problem?
Thank you ver very much!
I will post a new msg with the complete APDU log for my communication.
Thanks
Bruno
Slightly difference from your code is regarding the CRC16. I am appending only 2 bytes after the new key. And you are appending twice. Any problem with this? What is the correct way?
“##BEGIN##”
Gorka Says:
December 15, 2010 at 17:24
Hi,
I am trying to change the keyno 1 of my application but I get a 911E error, what means that CRC or padding must be wrong. I can authenticate to the master key and get the session key. Here I post the output of my program.
Session Key: D8 15 60 CE 33 55 7D BC 3E F4 34 EA 1D FF F9 28
Old Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
New Key: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
Key Data: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF 69 CC 69 CC 00 00 00 00
Transmitted data: 71 66 0B 4C C6 EB A6 F9 D6 36 86 2F 6A ED 33 E5 D9 84 50 B0 04 6B A9 85
I Hope someone can help me.
“” END “”
March 5th, 2011 at 04:08
Following my previous post, here is the complete communication with desfire ev1 8k card:
1. Select PICC App
APDUCommmand: [9 bytes, LC=3, LE=256]
–> 90 5A 00 00 03 00 00 00 00
90 0A 00 00 01 00 00 (Authentication with Key 00 – Request Random Number)
90 AF 00 00 10 22 95 75 18 68 13 46 31 44 8A 64 35 3F 15 06 BC 00
90 C4 00 00 19 00 AA 6D E2 CF 80 01 63 53 C0 94 8B 88 8C A7 44 51 51 93 04 1A F5 21 C1 9E 00
<– 91 1E [ERROR]
INTEGRITY_ERROR – CRC or MAC does not match data – Padding bytes not valid
The Error is the same as Gorka. No idea what to do to fix it. Can anybody help me with that?
Thanks
Bruno Bertechini
March 5th, 2011 at 04:10
Sorry , it seems like wordpress does not like copy & paste for big texts…
Will split in few posts.
March 5th, 2011 at 04:11
### POST 1 ###
1. Select PICC App
APDUCommmand: [9 bytes, LC=3, LE=256]
–> 90 5A 00 00 03 00 00 00 00
90 0A 00 00 01 00 00
90 AF 00 00 10 22 95 75 18 68 13 46 31 44 8A 64 35 3F 15 06 BC 00
<– 39 B4 6B 2B 05 45 3B 72 91 00
At this point, the Card decipher RndB, execute a left shit and compare with its own RndB.
If its okay, it decipher RndA, execute a left shit and cipher with same key (0×00).
So, the response is RndA (left-shifted) ciphered by the card:
RndA (left-shifted and ciphered) = 39 B4 6B 2B 05 45 3B 72
2.6 The program (my program) decipher RndA using key 0×00 and execute a right shift
RndA (deciphered) = 7B B7 CB F4 14 9F 01 07
RndA (deciphered and right-shifted) = B7 CB F4 14 9F 01 07 7B
March 5th, 2011 at 22:38
1.When you build the session key you must take care that the first eight
bytes are equal to the second byte.The reson is that the default key
all zeroes also has the first eight bytes equal with the last eight
bytes.
2.When you send the new key you have to use CBC with single DES
decryption.That Means: You have to exor the fisrt eight bytes of the
new key with IV=00 00 00 00 00 00 00 00,than single DES decrypt the
result(using the session key built like mentioned under point 1) and
send it to PICC ,than exor this result with the second eight bytes of
the new key and single DES decrypt it and send it to PICC, the
result you have to exor with two bytes CRC with padding zeroes (six
bytes) and single DES it and send it to the PICC.
March 6th, 2011 at 00:00
Hi Mustafa, Thanks for your response.
For Point #1 thats okay. already changed the code to make 16 bytes key with 8 first bytes (RndA 1st half + RndB 2nd half) equals to last 8 bytes.
For Point #2: What does that mean the exor? I am using a simple DES operation (decryption) on the new key. What do I need to do with the IV ?
Bruno
March 7th, 2011 at 06:51
Hi Bruno,
the reason is that DES decryption you can use on eight byte blocks only.When you change the key it is 16 bytes long plus you have to build CRC16 (two byts long) and you have to pad it to eight bytes with six zeroes.That means you have to send three blocks each eight bytes long to the PICC.To send three blocks you have to chain them (this method is called CBC chaining).
For this operation you need to logical XOR the result of the
plain data with the result of the foregoing decryption and then decrypt it (DES or 3 DES according key type).And at the first block you use the initial vector 00 00 00 00 00 00 00 00.
March 7th, 2011 at 09:39
Hi Bruno,
First of all, the key I had to change was the key #1 of my application. I tell you that because the CRC16 depends on the change you want to change. As you can read in the DESFire specification, it is not the same if the key you want to change is the one used in the authentication (that is your case since you are working with the master key) or it is another key from the keyset. In the first key you have to add only two CRC bytes and in the second one 4 bytes (I think it was that way, take a look at this point)
The problem I used to have was on the encryption. I was not encrypting the data in the correct way (you know, all the xor before DES thing). Once I corrected that, it worked. If you don´t know what I mean try to send more than 8 bytes of data over an encrypted channel. If you can´t do that, you probable are not doing that ok.
Good luck
Gorka.
March 7th, 2011 at 15:50
Thank you guys.
So, what exactly do I need to do now in order to change the master key from default (all 0s) to another key with 16bytes length to use 3DES.
1. Build Session Key using only 8 bytes? or Build session key using 16 bytes with last 8 equals first 8 bytes?
2. If it is 16 bytes DES key (with 1st half = 2nd half) do I need to do it in 3 steps right?
Mustafa, sorry for my newbie questions, but can you pls show me in a step-by-step examples with real bytes to help me understand? Im real stucked on this issue.
Gorka, I got what you said. My 1st goal here is to change the master key (to 3DES and later to AES). I have read on specs taht EV1 1.06 uses CMAC instead of CRC16. Is that correct?
Also, when you say ” I tell you that because the CRC16 depends on the change you want to change”. What does that mean?
Thanks for all your help guys!
Bruno
June 2nd, 2011 at 04:49
3 seperate sends of 90C4 with 8 bytes in each?
I’ve been trying 1 send of 24 bytes…
June 2nd, 2011 at 05:44
na, the card doesnt like it, it wants 24 bytes of data in 1 go.
I use key 0, keyvalue 0…0 version 0 so the order
doesnt matter, tried w * w/out version
keep getting that 911E
required:
[90C4 0000 19 data 00] where data is 24 decrypted bytes
since the card knows not the new key it MUST be a crc problem ( i dont believe a MAC is required)
March 7th, 2011 at 16:56
OK Bruno,
let mexplain more detailed.First of all the main thing is if the first half of the key you use is equal to the second half you use single DES for decryption.If the first half different from the second half you use triple DES for decryption.The first half of the default key all zeroes is practically equal to second half so you use single DES for decryption.Now assume your session key after successfully authentication is A4 24 63 B7 1C EC 85 0F (these are sample data and not real )and the key you want to use is : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F .
The CRC16 for this key is 77 F5 .Now you have to send following blocks to the PICC :
1. Block 00 01 02 03 04 05 06 07
2. Block 08 09 0A 0B 0C 0D 0E 0F
3. Block 77 F5 00 00 00 00 00 00
When sending you have to chain them together using CBC rules.You have to build logical XOR byte for byte with 00 00 00 00 00 00 00 00.The
result is the first block itself.This you have DES decrypt (single DES ,
decrypt only once).Build the XOR with the result of it and second block
(08 09 0A 0B 0C 0D 0E 0F).Then DES decrypt it (only once again).Build
the XOR with the rsult and last block (77 F5 00 00 00 00 00 00) and
Des decrypt it.Now you have to send thes data in the same sequence you
build them to the PICC.
March 7th, 2011 at 16:58
Thanks Mustafa. Just one question. The session key must be single DES right? Should it be 8 bytes long or 16 bytes with first half equals second half?
March 7th, 2011 at 17:33
Mustafa, I just authenticated to the card to get a “real” session key and provide mor information to validate my code for Decrypt using CBC.
After Authentication, I have the RandomA and RandomB (already validated with mutual auth).
Here they are:
RandomA = 9F CA 40 0F 3F AA 65 AC
RandomB = 21 82 A9 52 D0 C9 64 02
In order to change the master key from all 0s. What session key should be generated?
1. DES Key (RndA 1st half + RndB 1st half)
9F CA 40 0F D0 C9 64 02
Is that correct?
Need to figure this out first before go forward. I am also having problem to achieve the same CRC16 as you for the new key in your example (code is in C#). But I am forcing the CRC16 now and later on I will go through this.
Can you pls confirm if this is the session key I need to use?
Thanks!
Bruno
March 7th, 2011 at 18:24
Bruno,
you have written right thing (RndA 1st half + RndB 1st half) but
you made wrong thing , the session key for single des decryption
is : 9F CA 40 0F 21 82 A9 52.For building CRC don’t worry.There
are many codes on internet.
March 7th, 2011 at 18:36
Thanks Mustafa. Realy typo in there.
Okay, now I have the correct SessionKey. I will use for now the CRC16 as you mentioned and later on gather something from internet.
Moving forward:
Here I will get a new session key from the card and ask if you can help me to validate my single DES operations. I.E. I will send unenvrypted and encrypted data to check if you can get same results (to be able to validate my code).
1. Session Key = 93 C1 93 5B 60 5A AE E2
2. New Key Blocks =
1. Block 00 01 02 03 04 05 06 07
2. Block 08 09 0A 0B 0C 0D 0E 0F
3. Block 77 F5 00 00 00 00 00 00
3. Block1 XOR defaultKey (All 0s)
xorB1 = 00 01 02 03 04 05 06 07
4. Single DES Decrypt Operation using previous Session Key and IV = 0×00
xorB1Decrypted = B1 D0 01 AC 14 A6 BF 0F
Mustafa: Could you please validate this data? To make sure my “decrypt” process is okay?
5. Result#4 XOR Block2
xorB2 = B9 D9 0B A7 18 AB B1 00
6. Single DES Decrypt Operation using previous Session Key and IV (here is another question — Should I use the IV generated in previous step #4 ? Or should I use the result data (xorB1Decrypted) as IV?)
Here I am using the xorB1Decrypted as IV =
xorB2Decrypted = 7D 51 A6 D2 A3 56 40 D7
Same process for the 3rd block.
I would like to confirm these steps to make sure I am doing it in the right way…
Regards
Bruno
March 7th, 2011 at 19:03
Sorry Bruno,
I’am not in my office.Please write down the results of each step.Ican check them tomorrow and tell wether they are correct.
March 7th, 2011 at 19:05
This is what I have done for the ciphering process for block1 and block2
Will try to send you a complete process using my own keys…
Do you have an email/gtalk/msn or anything I cant get you in touch?
Bruno
P.S.: Many thanks in advance!
March 7th, 2011 at 19:07
If you could just validate what i’ve sent in previous post that will be great. There you have my session key and the operations results (which I need to match yours using my session key).
Thanks a lot!
Bruno
March 8th, 2011 at 07:14
Hi Bruno,
I think there is something wrong with your DES code.Here the results with
your data:
Session Key : 93 C1 93 5B 60 5A AE E2
New Key : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
1.Block XOR IV : 00 01 02 03 04 05 06 07
DES decrypted 1. Block : 9C 5F D6 AF 54 5B F3 CF
Decr.1.Block XOR 2.Block : 94 56 DC A4 58 56 FD C0
DES decrypted 2.Block : B4 75 3E 05 AA DD BF 14
Decr.2.Block XOR 3.Block : C3 80 3E 05 AA DD BF 14
Decr. 3.Block : F4 66 84 8B 21 0F CD C2
March 8th, 2011 at 19:05
Okay.
That’s what I was afraid of. I am using C# standard DES Provider using CreateEncryptor to get the result.
Will need to do some sort of research to achieve same results.
Mustafa, thanks for your results…
Regards
Bruno
P.S.: You are being able to change PICC master key for some card right?
Again, This CRC16 code is only for ID 40 (not EV1). I will try to fix the DES part and later move to EV1 ID41 (Desfire EV1 4K) and ID81 (Desfire EV1 8k).
Thank you very much!
Bruno
March 8th, 2011 at 19:36
Mustafa, did you implement the DES code yourself or are you using some library?
What language are you using?
Bruno
March 9th, 2011 at 05:45
Mustafa thanks again.
Previously you said: “Now you have to send thes data in the same sequence you
build them to the PICC.”
Based on the decrypted example (the last one) do I need to send one apdu to the card with 24bytes (the 3 blocks xor/decrypted) together ?
Thanks
Bruno
March 9th, 2011 at 06:22
Got it working and I am being able to achieve same results as yours. little more happy now
But, still having problems to change the PICC master Key. Pls have a look:
SessionKey
[5E 9D 67 5D E3 9F DA 4D]
Block1 : 00 01 02 03 04 05 06 07
Block2 : 08 09 0A 0B 0C 0D 0E 0F
Block3 : 77 F5 00 00 00 00 00 00
R1 = Block1 XOR DefaultKey
R2 = R1 Decrypted
R3 = R2 XOR Block2
R4 = R3 Decrypted
R5 = R4 XOR Block3
R6 = R5 Decrypted
R1: 00 01 02 03 04 05 06 07
R2: EA 69 9B 0F 14 10 F1 1E
R3: E2 60 91 04 18 1D FF 11
R4: A1 70 60 B2 D5 69 1A 52
R5: D6 85 60 B2 D5 69 1A 52
R6: BD 08 71 4B B4 05 D4 C0
–> 90 CA 00 00 19 00 EA 69 9B 0F 14 10 F1 1E A1 70 60 B2 D5 69 1A 52 BD 08 71 4B B4 05 D4 C0 00
<– 91 7E
With the wrong DES operation I was getting 911E and now i am having 917E (Length Error).
Do you have any idea on whats going on ?
Are my DES/XOR operations above correct now?
Thanks Again!
Bruno
May 17th, 2012 at 14:07
Bruno,
Hi, i am also working on a desfire cards in C# and am stuck on changing the keys, i have got the encryption stuff working so if i plug in this data i get the correct data out, however i still get a data integrity error. I am pretty sure i have generated the session key correctly, i took the first 4 bytes of the RND-A and appended the first 4 bytes of RND-B to them. However when i substitute in the ACTUAL session key i generated from authentication, it doesn’t work. The only difference i can think of is possibly the fact that i authenticated with the application using triple des instead of single des, while still attempting to use single des in the change key command. So i was wondering if when you got this working you authenticated with the application using triple des or single des.
I tried authenticating using single des to rule out this possibility but i get an authentication failed error.
Any help would be great, thanks
Zack
May 17th, 2012 at 16:52
Zack, I need to look over my code to get you this answer. Will try to reply that when I get back to the office…
Regards
Bruno
P.S: What do you think about start writing an API in C# to handle DESFire cards?
May 18th, 2012 at 09:28
I would really like to, but unfortunatly i really don’t have time for any extra projects, and the code i will be merging this into is very “specialized” (read: old and horrible). maybe later on down the line though.
May 21st, 2012 at 14:30
Zack, are you using DESFire or DESFire EV1 cards? Are you trying to authenticate or send/write some data to the card?
I will send you a piece of code (working) from my demo solution.
Bruno
May 23rd, 2012 at 11:02
Hi, sorry took so long to reply, send the notification to the wrong bloody address. I have got authentication working, and i have been trying to do stuff like change the key settings and changing the actual key. To fit with the comments you were posting previously i am now testing with the changekey function. I have actually got the code to the point where if i plug in the data you were using i get the data you guys were saying was correct, and am still get an integrity error. If you want to send me that code you can send it to spudsmcghee@yahoo.co.uk and also i am using EV1 cards.
P.S Thanks a lot, really
August 24th, 2012 at 11:14
Hi Bruno,
Thanks for clear explaination of PICC master key change process. How did you overcome the 1E problem which I am also having when I send the key change command.
KEY= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Random_A = 45 8D F3 A0 0D D3 9F B1
PCD command = 0A00
Random_B = 5C 21 59 09 DB AD A7 4B
PCD command = AF1918A4FCFA6AE74FA0B89D4BDDE0497A
PICC Reply = 004D85BF875ADDB9BC
Session key = 458DF3A05C215909
Block1 = 00 01 02 03 04 05 06 07
Block2 = 08 09 0A 0B 0C 0D 0E 0F
Block3 = 77 F5 00 00 00 00 00 00
R1 0001020304050607
R2 B774837B32146E1D
R3 BF7D89703E196012
R4 7B8662789CEEA0A3
R5 0C7362789CEEA0A3
R6 F0425DE79B1E00BB
PICC command = C400B774837B32146E1D7B8662789CEEA0A3F0425DE79B1E0BB
Thanks for the attention.
Gabriel
March 9th, 2011 at 06:25
Hi Bruno,
I have written DES for myself and I used standard C and GNU compiler.
Following link may be useful (http://www.aci.net/kalliste/homepage.html).
I didn’t used APDU but I have sent native changekey command and the
three blocks.
Good luck
March 9th, 2011 at 06:32
Bruno your command code is wrong.CA is for create application.Change Key
command code is C4.
March 11th, 2011 at 04:27
Mustafa, typo and copy paste problem. Problem fixed! Key Changed and Card authenticated. Now I will move on to AES.
Note: I am using all desfire versions for tests Mifare Desfire 4K (ID40) Desfire EV1 4K (ID41) and Desfire EV1 8K (ID81)…and also (just for tests desfire ev1 2k).
Thank you very much for your help. Very soon i will post here some info on how I did it in C# to get it working with all credits for DES/CBC going to you
Thanks!
Bruno
March 9th, 2011 at 06:43
Hello,
I’m having some problems with the use of the session key.
What I am doing is reading a standard data file that has zeros for data, and trying to reproduce the generated MAC.
Here is a sample log of the commands I am sending
>905A00000301000300 //Select Application with AID:010003
900A0000010000 //Authenticate with key 0
B = BBBCF23D82B7AA2B
>90AF00001067CB1064A90A0BC5B705DB03C0EA7A4B00
//With A = 0011223344556677
906F000000
//Get File IDs
90F50000010200
//Get FIle Settings for file 02
90BD0000070200000008000000
//Read 8 bytes from file 2 starting at index 0
90BD0000070200000010000000
//Read 16 bytes from file 2 starting at index 0
<00000000000000000000000000000000D6ACE0D19100 //data:00000000000000000000000000000000 MAC: D6ACE0D1
Now, encrypting 0000000000000000 with DES Session Key gives: FA2B513202BD660A
And with the DES3 key gives: 3FA964A8211CDFA1
neither of these matches the given MAC 7CEC960D. what key should I use?
March 9th, 2011 at 06:48
The formatting didn’t show up right.
here is the log again:
PCD: 905A00000301000300
//Select Application with AID:010003
PICC: 9100
PCD: 900A0000010000
//Authenticate with key 0
PICC: 630A702C444BE34A91AF
//-> B = BBBCF23D82B7AA2B
PCD: 90AF00001067CB1064A90A0BC5B705DB03C0EA7A4B00
//With A = 0011223344556677
PICC: BA6EB2C23193EE8A9100
//Authentication Successful
Session key should be
DES: 00112233BBBCF23D
DES3: 00112233BBBCF23D4455667782B7AA2B
PCD: 906F000000
//Get File IDs
PICC: 03029100
//Files 03 and 02 present
PCD: 90F50000010200
//Get FIle Settings for file 02
PICC: 000100002000009100
//standard data file, MAC, all access only with master key, size 32 bytes
PCD: 90BD0000070200000008000000
//Read 8 bytes from file 2 starting at index 0
PICC: 00000000000000007CEC960D9100
//data: 0000000000000000 MAC: 7CEC960D
PCD: 90BD0000070200000010000000
//Read 16 bytes from file 2 starting at index 0
PICC: 00000000000000000000000000000000D6ACE0D19100
//data:00000000000000000000000000000000 MAC: D6ACE0D1
Now, encrypting 0000000000000000 with DES Session Key gives: FA2B513202BD660A
And with the DES3 key gives: 3FA964A8211CDFA1
neither of these matches the given MAC. what key should I use?
March 9th, 2011 at 11:36
Hi Felippe,
1.What is your key 0, is it the default key all zeroes.The general rule is
if the first half of the key is equal to the second half you use single DES.
If the fist half is different from the second half you have to use 3 DES.
2.When you send data to PICC you use DES or 3DES decryption because
PICC always make encryption.When you build MAC you have to use
DES or 3DES encryption.
3.When you want to build the MAC you have to chain eight byte long
blocks of data.You have to build the logical XOR of the first eight byte
with IV(00 00 00 00 00 00 00 00) then DES or 3DES encrypt it.Then
you have to build the logical XOR of the result with the the second eight
byte and DES or 3DES encrypt it.The first four bytes of the result is
your MAC.
March 9th, 2011 at 11:38
The key 0 is the default all zeroes. Could you look at my example and tell me what the session key is supposed to be?
March 9th, 2011 at 20:21
According the data you have given the session key should be
00112233BBBCF23D.To build MAC you should use single DES encrypt not
decrypt and you should chain the two blocks using CBC as mentioned before.
March 9th, 2011 at 21:20
When I send the PICC the command
PCD: 90BD0000070200000008000000
I am asking for 8 bytes, meaning that I should only receive 1 block. The response from the PICC is
PICC: 00000000000000007CEC960D9100
This, as I understand it, means that the data is 8 bytes of zeroes (1 block) followed by the 4 byte MAC which would be 7CEC960D.
This would mean that if I XOR the first and only block of data with the IV I would still get 0000000000000000. If I encrypt that with the session key, I receive 0xFA2B513202BD66A0, which does not match the received MAC. Could you please point to where I am making a mistake?
March 10th, 2011 at 04:59
I am new for desfire card.
Can someone explain how host DECRYPTS RANDOM_B when i first run the authentication. Use which IVector and Key to decrypt.
If there is a sample code in c#, it will be prefect.
Thanks a lot.
March 10th, 2011 at 21:11
Unfortunately there are few C# resources when it comes to DESFire.
Here is a short explanation of the authentication process.
The PICC will send the application an 8 byte random number encrypted with the master key. The default master key is 0000000000000000 0000000000000000. Because both halves are the same, it is a single DES key and the session key produced will also be a single DES key. The IV is 0000000000000000.
The tricky part with the authentication is to make sure the application decrpyts when sending the response. And make sure you use CBC-Send mode.
You will receive e(B). Then you will send a 2 block message containing A followed by B’.
Decrypted, the first block will be D1 = d(A xor B) followed by D2 = d(D1 xor B’).
The response from the PICC will be e(A’^B’).
March 15th, 2011 at 03:22
William,
Apparently I gave you the wrong answer and might have led you down a path of much frustration. So in hopes that you do read this, when you reply to the PICC’s first response to the 0A command, reset the IV to 0000000000000000.
So your transactions should look like this.
PCD: 0A00
PICC: AF e(B)
PCD: AF (e(A)) (e(e(A) xor B’))
PICC: 00 e(A’)
your session key will then be the first 4 bytes of A followed by the first four bytes of B.
March 16th, 2011 at 03:08
Dear Felipe,
Thanks for your reply and following up. Finally, i succeed to authentication step.
By the way, do you know the cmd/Auth/others difference between the desfire (D40) and desfire ev1 (D41). As i only can find the Specification of D40. Can i develop the program according this specification? Thanks.
March 16th, 2011 at 03:12
I haven’t been able to get the D41 functional spec either. You have to sign a NDA with NXP if you want those documents, and they can at times not be very helpful. However, you can find a lot of the details in the libfreefare source. http://code.google.com/p/nfc-tools/wiki/libfreefare
March 10th, 2011 at 14:12
Hi Felipe,
are you sure that the session key and MAC are belonging together.
Because with your data I’m getting the same result.
March 10th, 2011 at 23:48
Mustafa,
Have you been able to perform a change of key or any operation that uses the session key?
Could you please post a log of such a transaction starting with the authorization using master key zeroes?
Thank you
March 11th, 2011 at 04:25
Felipe, I am not at the office right now, but I will post something tomorrow regarding desfire/auth/change key etc..
I had a hard time but with Mustafa’s help now I am being able to change key and authenticate with the new one.
Will let you know tomorrow ok?
By the way, I presume you are also from Brazil
Bruno
March 11th, 2011 at 22:29
Bruno,
That would be a great help. Thanks in advance.
March 14th, 2011 at 10:56
There is an open source project that includes DESFire authentication and keychange examples written in C:
http://code.google.com/p/nfc-tools/wiki/libfreefare
March 14th, 2011 at 16:12
Can someone please help me. I have read every comment on this blog and other forums and still can’t seem to get anything that uses the session key working. I even looked through the libfreefare source and I could swear I am doing the exact same thing, but mine just doesn’t work.
Here is a log of an authentication process?
out: 5A 00 00 01
in 00
out 0A 00
in AF B2 F1 D2 8A D5 55 3C 35
out AF 86 71 3A E7 7C B7 C5 51 AF AF 66 4C 59 F4 8E 9A
in 00 6F A0 F0 1F 9B EB B5 C6
I think i might be interpreting my values of A and B wrong and therefore generating the wrong session key, so could someone please look over this and tell me what the session key from this authentication would be?
March 14th, 2011 at 16:43
Also, the key 00 is the original master key 0000000000000000
March 14th, 2011 at 19:17
Hi Felipe,
what do yo want to do with sessionkey?
I think your decryption algorithm is O.K.
Otherwise you wouldn’t be able to authenticate and
you wouldn’t get the answer: 00 6FA0F01F9BEBB5C6.
To build the session key you get first 4 bytes of
random A put first 4 bytes of random B then last 4
bytes of random A and last 4 bytes of random B.
If you wish send the complete data,I mean not only
data coming from the PICC also the single DES
decrypted data,so I can check them.
of
March 14th, 2011 at 19:30
Hi Mustafa,
I am still having the same problems from last week. No operation that uses the session key seems to work correctly. reading/writing encrypted or MACed data, changing keys, etc…
I am using the session key generated by combining the first halves of randA an randB. Here is another full trace where I create and then read 2 bytes from an encrypted file.
The card is a brand new Mifare DESFire EV1 with one application FFFFFF, max 5 keys, access rights EF in it.
The master key of application FF FF FF is the default, all zeroes.
PCD: 5A FF FF FF
PICC: 00
PCD: 0A 00
PICC: AF EA 18 DE FF 52 0E CD 90 //B = A42F3E842C5A2968 Please verify these numbers are correct
PCD: AF 04 30 D7 63 E8 0E 43 1A 3D 09 69 AF 44 A2 70 D2 //A = 0123456789ABCDEF Please verify.
PICC: 00 33 00 70 A7 4A DF 17 00
PCD: CD 01 03 00 00 20 00 00
PICC: 00
PCD: BD 01 00 00 00 02 00 00
PICC: 00 EC 3B 5D E6 C6 1F 88 21
As you can see, decrypting EC3B5DE6C61F8821 with key 01234567A42F3E84, gives 41C415038EFE212B. This is clearly wrong since the block should be bytes of data, followed by 2 bytes of CRC and then padded with zeros.
just in case it might be relevant, here is what I receive when I perform a getVersion command.
AF 04 01 01 01 00 1A 05
AF 04 01 01 01 03 1A 05
00 04 50 3B 81 33 26 80 CF B6 D4 66 90 53 08
March 14th, 2011 at 20:54
Felipe,
your B is correct,but there is something wrong with your decryption of A.Are you sure that you get:
0430D763E80E431A when you decrypt: 0123456789ABCDEF,
because I’m getting different data.
Another thing is that you have chain both blocks of
byte using CBC before sending them to thePICC.But
first try to fix the problem with decrypting of A.
For this I’m getting : 3B 73 A1 53 75 7B 1A D8
March 14th, 2011 at 20:58
Sorry Felipe,the correct data
I’m getting is : 80 B1 7A B4 00 B2 B9 37
March 15th, 2011 at 03:19
wow,
thank you so much mustafa.
Here is what I was doing wrong in case anyone out there is having the same issue.
The IV never carries over from previous messages sent, it is always reset to 00000000000000.
So after the first decryption of e(B), what I did was keep B as the IV, then sending D1 = d(A xor B) to the PICC followed by D2 = d(D1 xor B’). What is truly curious is that the PICC’s response, in my line of thinking was valid. What the PICC was actually responding was e(A’), but I thought the PICC was responding A’ ^ B’, since B’ was, i thought, the IV.
Now, A’ xor B’ = (A xor B)’.
March 15th, 2011 at 02:34
Authenticated “Standard” DESFire OK
Read & Write Standard & Backup files Plain Mode OK
So I decide to create a DES encrypted Linear File
File Created OK
Write Data NOT OK
CRC32 must be inverted and bytes reversed from usual OK
Padding: The Card complained so I tried 28 Bytes (+4 bytes = 32, OK for DES)
Sent the data, card replied AF (More please)
Sent the More block, wrapped in iso7816
Sent: 90AF00002700000000200000491E890DE9ACE9320AA0DF24E9FE9CECF5B9424D66190FFD9C0695F2AB5DD7BC00
got …917E LENGTH_ERROR Length of command string invalid…
the apdu is OK what can they mean by “command String”??
Previous 90AF sends to PLAIN files went OK
Whatever I put in the data I get 917E, ie its not a decryption problem…
March 22nd, 2011 at 14:33
c t skinner,
The CRC is CRC16, the implementation is a bit odd, you can find it in the ISO 14443-3 specification. That is probably what is giving you the error. Also, try first sending a small message so that you don’t have to send additional frames.
March 22nd, 2011 at 14:36
CRC16 is discussed earlier in this thread and sample code has been posted.
March 22nd, 2011 at 11:26
Hi,
After some time I am now back to DESFire and I want to do some tests with SAM modules, where the keys of the reader will be hosted. I already have some SAMv2 modules and readers ready to work with them.
I have completed many times DESFire authentications, so I know the procedure. I also have read the SAM specification and communicate with it sending for instance the GetVersion command and getting the correct answer. I also know how the DESFire_Authenticate command works.
So now, my problem is that I don´t know how to make the DESFire tag and the SAM module work together. What I want is that when the reader detects a new tag to try to authenticate it using the keys that are stores in the SAM module.
Just for you to know, I am using Gemalto´s GemProx PU reader, which has 2 SAM slots
Thanks,
Bye
March 22nd, 2011 at 14:43
Gorka,
Unfortunately, I can’t really help you. But I would like to know how you obtained the SAM functional specification. Did you sign an NDA with NXP? If not, could you please tell me where I can find it? I’ve been trying to get a copy of the spec from NXP but they have been less than helpful.
March 22nd, 2011 at 16:15
Hi Felipe,
Yes, I obtained the SAM specification from NXP and I had to sign and NDA with them before. So, I cannot send you the spec, sorry.
March 22nd, 2011 at 15:07
Hi Gorka,
it is similar like communicating with Desfire directly.
The only difference is that you don’t need to make all
the decryption work for yourself but let it make the SAM module.You send the authentication command to the Desfire card,the answer which is encrypted RndB you
forward to the SAM module.From the SAM module you
will get decrypted RndA+RndB’ which you forward to the
Desfire card.This goes on until you get from the
Desfire card that the authentication is complete.Now
if you want to communicate encrypted with the Desfire
card you have first to send the plain data to the SAM
module and get the encrypted data which you forward to
the Desfire card.And send the encrypted data to the
SAM module to let it decrypt by the SAM module.
March 22nd, 2011 at 16:20
Hi Mustafa,
Thanks for your response. Yes, I supposed it should be that way, the problem I have is that I don´t know how to forward the challenge I get from the tag to the SAM directly without having to type it by myself. I guess somehow I have to install a script or something in the reader.
Anyway, I guess that what I have to read about is the reader, and not the specs of the DESFire and the SAM, because the problem is not in the commands I have to send to them, but in the way to communicate with both at the same time.
Thanks again.
Bye.
March 22nd, 2011 at 17:01
Hi again,
I forgot something. I don´t know what reader have you used, but I guess the way to work should be similar. Right now I am using the GUI application they gave me. So what I do is to initialize the 14443-A and the SAM module and complete all the Select procedure. Next I send an authentication request command to the tag, I get the challenge and then I copy it and paste it inside the command I send to the SAM. I get the response, copy it and paste it to the 14443-A management page, etc.
What I want to do obviously is to make all this procedure automatic, so that I don´t have to copy the responses by myself. How can I do that, with some kind of script, or application in C++ using the API they gave me?? In that case, I guess I should have to connect to the COM port where the reader is and then start sending Request commands until I detect a tag and send all the commands from the tag to the SAM and viceversa. Is that correct?
Thanks a lot for your time.
Bye.
March 22nd, 2011 at 20:15
Hi Gorka ,
I have used my own reader and programmed the
microcontroller by myself.For you are using the Gemalto
reader you can communicate with it via com port.You
must have got a protocol containing the command with
which you can program the reader.
Good luck.
March 24th, 2011 at 03:58
hi,
I have some trouble while Read/Write data to a standard file on the Desfire Ev1 card. When i using the DES key (default key) to Read/Write a file with communication setting (0×03), it seems good. I can Read/Write though the DES encryption. But while i change the key to 3DES. There is a problem. Here is my log.
Session key: 689739801798A3C7F51474E391161AD0
-> F501
BD01000000080000
3D010000000800002d21b790a3206306d607b4601f751bb8
(Send 8 byte data “0102030405060708″)
<- 917E(?)
Thanks.
March 24th, 2011 at 04:25
William,
The message you are sending is correct. Which means that the session key you are using is not right. Could you post a log of the authentication, and the session key you believe you generate. Also, be aware that the formatting in these comments has some quirks, so try not to use less than and greater than signs.
March 24th, 2011 at 07:23
hi Felipe,
Here is log of my session key general procedure. It is the same way but not same session key.
Key: 00112233445566778899AABBCCDDEEFF
RndA: 73F84DA38F00C5F8
PCD: 0A00
PICC: AFC29197BF294F8D1E ( RndB = A9D9A650ED69BD05)
PCD: AF3FB4E85D80A263BA51CF1AEF94B9F325
PICC: 00FD755A5AF48B9032
Session Key: 73F84DA3A9D9A6508F00C5F8ED69BD05
PCD: F501
PICC: 000003EEEE000400
PCD: BD00000000080000
PICC: 0000000000000000 (Why not encrypted?)
PCD: 3D000000000800009452d9941cbded3a75629ac35d80e3a1
PICC: 7E (Lenght_Error?)
March 24th, 2011 at 17:41
William,
The reason you receive the data in plain mode when you read the file is because the access rights of the file are set to EEEE. This means that there is free access for to every operation on the file. Try setting the access rights to a specific key and you shouldn’t have a problem.
March 25th, 2011 at 02:33
Felips
It works. Thanks.
By the way, do you know how to use AES on the card?
March 25th, 2011 at 03:02
William,
I haven’t dealt with the new EV1 features in depth. I do know that when using AES, CRC32 is used instead of CRC16, and I believe CMAC is used instead of MAC.
If you do not have access to the documentation, your best resource is the libfreefare source code.
http://code.google.com/p/nfc-tools/source/browse/trunk/libfreefare/libfreefare/mifare_desfire.c
March 28th, 2011 at 13:27
Hi
My project is creating a mobile payment application with NFC.We bought a reader (Obid Classic-pro(HF) ID Cpr40.30-usb) and Mifare tags. I am using Mifare DESFire because i think it is the most adequate transponder for payment. My problem is i am not able to run the DESFire commands because of the crypto processing errors. According to my reader’s manual, the reason of error is transponder. Desfire error codes which i am getting is usually 0x9D, 0xA0, 0x1C. I am using AES keys for authentication. I will send a video to you (The link is below). I am doing the same things exactly with the man in the video but he can run read and write processes successfully, i can’t because of the errors that i mentioned before.
http://www.trikker.fi/downloads/Desfire EV1_Tutorial_640x480.mp4
If you have any idea about my problem and its solution, please contact and help me.
April 14th, 2011 at 13:40
how can i define a key for an application or file?
For example i am creating application with this APDU
CA 563412 0F 8D
I found it from somewhere i can’t remember. The explanation is
Create Application – ID=0×123456 – ApplikationMasterKey Settings=0x0F – AES encryption with 14 keys
I understand that 563412 is application id, i didn’t understand the meaning of 0f and 8d. i am using AES keys for reader.
And i am creating file with this APDU
CD 01 03 3412 FF0000
CreateStdDataFile : FileID = 1 – Communication Settings = 0×03 (AES Enryption) – AcessRights 0×34 0×12 [Read(Key)=1 Write(Key)=2 R/W=3 Acess=4] – Length = 255
Here 01 is file ID, 03 again i am not sure what is it, and i have no idea about access rights. I am using them for reading or writing the card as desfire key number. For reading 01, writing 02…
After all i am getting 1C error-illegal command code.
I don’t know where is the error but i guess it is about defining keys for the cards.
Are these APDU’s true? If it is true what should i do as an extra for defining keys to card.
I need your answer.
If anyone understand my problem, you can contact me from serayozdemir@hotmail.com or serayozdemir@gmail.com
April 14th, 2011 at 20:00
1. 8D means number of keys (it defines how many keys can
be stored within this application).
2. Meaning of application masterkey (0X0F) :
Bit7-Bit4 :
0X00 :Application masterkey
authentication is necessary to
change any key (default)
0X01-0X0D :Authentication with the specified
key is neccassary to change the key
0X0E :Authentication with the key to be
change is necessary to change the key
0X0F :All keys within this applications are
frozen
Bit 3 :
0 : configuration not changeable
anymore
1 : configuration changeable
Bit 2 :
0 : Create file and delete file
is permitted only with
authentification with appl.master
key
1 : Create and delete file without
authentification
Bit 1 :
0 : Application master key authentification
is necessary for GetFileID,
GetFileSettings and GetKeySettings
1 : Authentication not necassary to execute
the above commands
Bit 0 :
0 : Application master key nomore
changeable
1 : Application masterkey changeable
3. The meaning of communication settings :
0 : Plain communication
1 : Plain communication with DES/3DES
MACing
3 : Fully DES/3DES encrypted communication
June 3rd, 2011 at 06:58
Hello,
does anybody have some hints how to calculate a CMAC with AES Cipher in Java. I tried to follow an example from NXP with the SDK from bouncycastle but i wasn’t able to get the right values. I would be very grateful.
Stefan
June 21st, 2011 at 16:19
Hello
This blog is very interesting. I have found no more information on APDU commands on internet, thanks for your work.
I’m working on this kind of project. I need help. I hope you could read this.
Here are two file settings.
Get file setting for file 0C
– CLA=90, INS=F5, P1=00, P2=00, LC=01, LE=00
– DATA=0C
Response APDU:
– SW1=91, SW2=00
– DATA=0000317F200000
Get file setting for file 01
– CLA=90, INS=F5, P1=00, P2=00, LC=01, LE=00
– DATA=01
Response APDU:
– SW1=91, SW2=00
– DATA=0101417F800100
I am in the 108057 application (Transport NF).
I know that I have to authentificate with key 07 of this application.
So I do :
– CLA=90, INS=0A, P1=00, P2=00, LC=01, LE=00
– DATA=07
Response APDU:
– SW1=91, SW2=AF
– DATA=F7 9A BB 80 7C E4 85 BA
The problem is that I don’t understand what I must do after this. On your page, we writted this :
Authentication with key 00 (for PICC Application):
–> 0a 00
af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c
f5 0c
bd 0c 00 00 00 10 00 00
<– 00 90 80 00 02 XX XX XX XX 6c 68 00 28 00 02 80 40
Could you tell me why there is " 00 00 00 10 00 00 " after0C, please ?
Thanks.
Marc
June 22nd, 2011 at 04:26
I don’t think you read the blog post correctly.
The authentication goes like this
Reader: 0a 00
Card: af a2 be cd 03 d8 46 cb 33
Reader: af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c
Card: 00 76 73 d9 49 71 3f f2 d1
June 22nd, 2011 at 05:54
Oh sorry. My message isn’t clear.
There are two questions :
– concerning Authentification :
I don’t understand why it goes like
Reader: 0a 00
Card: af a2 be cd 03 d8 46 cb 33
->Reader: af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c
can you tell me why this parameter ?
Card: 00 76 73 d9 49 71 3f f2 d1
- Moreover, when we want to read data in a file. I don’t understand the parameters.
bd 0c 00 00 00 10 00 00
<– 00 90 80 00 02 XX XX XX XX 6c 68 00 28 00 02 80 40
Thanks
June 22nd, 2011 at 06:29
lets say both the reader and the card have a shared DES3 key.
Remember that the card can only perform encryption.
Reader: 0a 00 (Authenticate with key 0)
Card: af a2 be cd 03 d8 46 cb 33 (sends e(B), where B is a random 8 byte number)
Reader: af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c (reader generates random A and sends d(A) = b0 cc bc ed 8f c8 38 c9, followed by d(B’) using CBC = d(d(A) xor B’) = 08 dc e2 4d 86 ca ec 3c)
Card: 00 76 73 d9 49 71 3f f2 d1 (This is e(A’))
the reason why the card has to send e(A’) is to assure the reader that the card has the appropriate key. If someone were to be monitoring the communication between card and reader, they could use the same B (generated by the card) every time. And without knowing the key, complete a successful authentication. If the Card has to send e(B’) then knowledge of the key is necessary.
When reading data from a file
bd 0c 00 00 00 10 00 00 (0c specifies the file number, 00 00 00 specifies the starting index, 10 00 00 specifies the number of bytes to read. So this command reads 16 bytes from file 0x0C starting at index 0.)
<– 00 90 80 00 02 XX XX XX XX 6c 68 00 28 00 02 80 40
June 22nd, 2011 at 06:40
Thanks a lot.
So I have not the key #7 for this application.
I can’t read more concerning the file of this application.
What a pity.
June 23rd, 2011 at 09:08
hey
Just a little question more.
Do you think there is a error counter for the authentification ? I mean if I try wrong key for the authentification. There is no documentation about that.
I don’t want to block my card ^^
Thank.Bye.
June 23rd, 2011 at 11:34
No, it’s not documented and testing would appear to confirm that it’s OK to fail auth as often as you like. I just ran the following script:
$ while [ 42 ] ; do desfiretool.py 1 select 000000 auth 00 1122334455667788 ; done
which (repeatedly) gave the result:
Using reader: OMNIKEY CardMan 5×21 (OKCM0022602100142172731750393654) 00 01
Card UID: 80D9EB58
Selecting AID: 000000 (OK)
Authenticating against Key 00 with key: 1122334455667788 Failed: Authentication error
I then did:
$ desfiretool.py 1 select 000000 auth 00 0000000000000000
which gave:
Using reader: OMNIKEY CardMan 5×21 (OKCM0022602100142172731750393654) 00 01
Card UID: 80D9EB58
Selecting AID: 000000 (OK)
Authenticating against Key 00 with key: 0000000000000000 (OK)
So i guess you’re OK!
July 9th, 2011 at 17:02
Hi guys,
From beginning i would like to thank you all, especially Ridrix for all the information above. And of course I need help
. It’s about documentation, I have ISO 7816-1,4,6,7,8,9, I have access to the NXP documentation. About NXP documentation, I don’t know which documents are relevant for me. I’m working with DESFire EV1, and so far I consider being important on NXP just these documents:
from
http://www.nxp.com/#/homepage/cb=%5Bt=p,p=/53420/71108/53422/53450%5D|pp=[t=pfp,i=53450]
just document MF3ICD4101DUD
and from
http://www.nxp.com/#/pip/pip=%5Bpip=MF3ICDX21_41_81_SDS,pfp=53450%5D|pp=[t=pip,i=MF3ICDX21_41_81_SDS]
protected archives (at the bottom of the page)
- DESFire & DESFire SAM, Reader Software Library, Programmer’s Reference Manual
- DESFire ev1 Reader API
I suppose, there is much more, I just don’t know which ones. Could you guys post url’s of other relevant NXP documents(about authentication, creating application, …)
About ISO/IEC 14443, I suppose, I’m gonna need parts:
3 – here supposed to be information about cryptography and
4 – here supposed to be commands description
Is that right?
Other sources I could use are:
http://code.google.com/p/nfc-tools/wiki/libfreefare
http://www.developer.nokia.com/Resources/Learning/
http://www.nfc-forum.org/home/
http://www.cryptopp.com/
http://msdn.microsoft.com/en-us/library/aa924246.aspx
do you have any other useful sources?
Thanks
Jan
July 10th, 2011 at 17:26
Those links are not working, this hopefully is gonna:
http://www.nxp.com/#/ps/ps=%5Bi=53450%5D|pp=[t=pfp,i=53450]
for second link you click on MF3ICD4101DUD document
or here is the path:
Identification and security / Smart card ICs / MIFARE smart card ICs / MIFARE DESFire
September 23rd, 2011 at 19:44
[...] Desfire cards to be used with PCSC readers. It is based on Desfire Functional Specification and this post has been very helpful. More news coming soon. Share this:TwitterFacebookLike this:LikeBe the [...]
September 26th, 2011 at 17:10
Hi.
First of all thanks for that blog that definitely helped me a lot.
Yet I still have an issue…
I’ve successfully performed an authentication (after PICC selection) with key-00, retrieved the key settings (0x0f) and I now would like to change it to 0x0e with the ChangeKeySettings command and I constantly get the INTEGRITY_ERROR (0x1e)… whatever I try.
Here is what I do:
* new key settings = 0e
* CRC16 = 80 b8 (0xb880)
* data buffer = 0e 80 b8 00 00 00 00 00
* decrypted data buffer (key-00) = 3c 5b 1b 80 4a 1d a0 1b
* data sent to card = 54 3c 5b 1b 80 4a 1d a0 1b
* card answer = 1e
I’ve been looking for days and can’t figure out what’s wrong with that.
Could you give me a hint?
Thanks,
Alex
September 27th, 2011 at 15:31
Hi Alex
it seems to be O.K. what you have done.Let me see your key and session key.Possibley they are not O.K.
Mustafa Moripek
September 27th, 2011 at 16:02
Oh… should I DES decrypt with the session key and not the key I’ve done the authentication with (key-00) ?
key-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sess. key: 88 ee b3 a9 4b 31 a3 20 64 3d 3e d0 ce e6 ca 6d
If I use the first half of the session key to DES decrypt the data buffer I get the following: b3 47 98 a6 35 63 21 99
Anyway… still get the integrity_error…
Thanks,
Alex
September 28th, 2011 at 15:59
Hi
Yes you should single DES encrypt with the session key.But your session key is wrong.
If the first half of the key you are authenticating with is equal to the second half of the key,you have to build your session key eight byte long.For you are using the default key all zeroes the first half is equal to the second half.For building the session key you have to put the first half of RndA and RndB together and use this session key for single DES
encrypting.
Good Lock.
Mustafa Moripek
September 29th, 2011 at 15:48
Problem fixed, thanks a lot for your information
October 12th, 2011 at 14:19
Hello everyone,
The information here is very helpful. And I really appreciate your great effort to aggregae useful information here. (many important notes, test vectors and links.)
BTW, I am writing a Desfire_lib in Java. And thanks to this blog, I am almost done except for two thing. KINDLY HELP ME!!!
I succeeded in Authentication, ChangeKeys, etc. in both DES and T-DES using NFC reader (ACR122U) in ADPU wrapping mode. (on Windows XP+PC/SC)
Issue-1
Read/Write to MACed file is OK.
But problem is, I need to send MAC data (4 bytes) in separate ADPU Write packet. (orginal msg and MAC) Why can’t I send it in ONE flame???
Issue-2
I cannot Read/Write DES file.
(Always result in “INTEGRITY_ERROR (CRC or MAC does not match.)”)
1) plaindata ={0×00 11 22 33 44 55 66 77 88 99}
2) CRC_16(plaindata)={0x 84 EB)
3) msg_w_pad = {0x 00 11 22 33 44 55 66 77 88 99 84 EB 00 00 00 00}
4) Decrypt_CBCSendMode(msg_w_pad, key {0x 01 23 45 67 89 AB CD EF}) /* Single DES in this case, key should be session key */
5) DES_msg ={0x 8C 77 40 7E 02 4F 66 AD 43 1F F2 01 FA C5 1F 5C}
Then send WriteData(DES_msg) ADUP paket.
BUT PICC still response “AF” for further data.
So I added zero_packet (0x 80 00 00 00 00 00 00 00), but it doesn’t work.
What is expected for the last packet??
Thank you very much for your kind guidance in advance!!!
November 3rd, 2011 at 09:54
Hi @all
this blog helped me a lot with my desfire implementation, but have some problems with desfire ev1 – AES Authentication. (des works fine, creating apps, file, etc). I always got AE – Authentication Error. I guess my encrypted Randoms are wrong but don’t see the problem. Maybe you can help: (Got a empty Card with Standardkeys.)
Select Application
=> 5A 00 00 01
AA 00
92 af 3c 21 9a 30 7d 66 74 ca 27 a2 c6 4d 9b 73
Then Leftshift by 8 Bit
=> af 3c 21 9a 30 7d 66 74 ca 27 a2 c6 4d 9b 73 92
Now “generate” RndA
=> 00010203040506070001020304050607
Now Encrypt RndA and RndB’
XOR after encryption with 16 x 0×00
crypto_1 => 26 16 77 8a db a8 4f 38 ee 32 87 9a 29 98 13 55
XOR after encryption with RndA
crypto_2 => 3f 0c c4 14 20 e1 9f 6f 1c b2 1c 5d 24 21 fd d6
Send enc(RndA || RndB’)
=> AF 26 16 77 8A DB A8 4F 38 EE 32 87 9A 29 98 13
55 3F 0C C4 14 20 E1 9F 6F 1C B2 1C 5D 24 21 FD
D6
<= AE
Any ideas?
November 10th, 2011 at 12:00
For your interest. I’ve found the problem: The not (or bad) document IV-handling. In DES Authentication you reset the IV always to 0×00. In AES your IV for your encryption is the Enc(RndB) and for Decryption of RndA’ u use crypto_2.
With the right session key generation my ChangeKey Command worked, too
November 22nd, 2011 at 14:07
Hi!
I’m playing with Desfire EV1. DES/3DES authentication and data handling is working perfect. I manage to change MasterKey to AES (for MasterKey it will be key no $80), but now I’m not able to login into my card anymore.
Please find attached my session with Desfire Ev1:
MasterKey: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
>> AA 00
<< AF 70 3A C2 8A 14 25 27 07 5F BA 0E 9B D7 C9 87 E0
——–
Enc(RndB) = 70 3A C2 8A 14 25 27 07 5F BA 0E 9B D7 C9 87 E0
After DECRIPTION with AES 128 (IV=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00) – is IV correct?
RndB = 94 C8 15 B4 E9 D3 19 EF D0 4F 8A 33 CF 8D C3 93
Now I rotate left by 8 bits
RndB' = C8 15 B4 E9 D3 19 EF D0 4F 8A 33 CF 8D C3 93 94
My 'random' RndA will be:
RndA = 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
Now I have to send to PICC following command:
AF enc(RndA) enc(RndB') – Is this correct?
enc(RndA) will be ENCRYPTED RndA with MasterKey, but what IV vector schould I use?
enc(RndB') will be ENCRYPTED RndB with MasterKey, and IV vector schould be enc(RndA). Is this correct?
Maybe someone can post full authentication session with AES key, so I can check my application.
Regards!
November 21st, 2011 at 13:46
Hi,
can anyone tell me how can i calculate the CMAC to be sent after a changekey command ?
thxs
November 26th, 2011 at 01:10
Hello there!
After a while without working on smartcards, here im back again with one (and night-skipping) doubt.
I am trying very hard to make a C# polling mechanism work together with the GetVersion APDU wrapped desfire command without success.
My scenario:
I am using C# and P/Invoke to access the reader and smartcard (Mifare DESFire EV1 2/4/8K).
I am using the APDU to wrap the GetVersion Command (90 60).
I can successfully execute the getversion againts the card. Even several times (I have tried a for loop with 500 requests). Everything is working fine.
My problem is: I need to implement a polling mechanism to monitor for card presented/removed events from reader.
I am running this “polling” on another thread (have tried new Thread, background worker, etc).
The problem is: When I run the GetVersion APDU command against the card while I am inside the polling mechanism, I receive a “91 1C” response from the card.
91 1C means: ILLEGAL_COMMAND_CODE (Command not supported).
This usually happens while sending the second frame of 0xAF (to retrieve more data).
Im getting tired of this error and have tried several tricks (lock, AutoResetEvent and many others on C# and .net) to avoid this problem without success.
I sincerely hope someone can help me on this!
Cheers budys!
Bruno
November 26th, 2011 at 16:43
Just to add one more heads up:
If I insert a Thread.Sleep of 400ms between the connecting to card (with SCardConnect) command and the DESFire GetVersion command it works like a charm!
Weird. Is that a expected behavior?
Bruno
May 17th, 2012 at 14:51
Bruno,
you can use the SCardGetStatusChange function to check the status of the reader, and check if a card is present or not. by doing this you can keep track of the state of lots of readers at the same time really easily.
Zack
November 30th, 2011 at 20:45
Hello: I’ve written a Python implementation (an example) of AES-128 simmetric key diversification as described in document AN10922. In case you think it might be useful, here’s the link: https://gist.github.com/1409585
December 31st, 2011 at 04:12
Hi all,
If you are working on Desfire EV1 AES authentication (i.e. 0XAA), you can follow the following algo and it works
http://books.google.com.hk/books?id=RptQEcaQtJ4C&lpg=PA196&dq=desfire%20aes&hl=zh-TW&pg=PA197#v=onepage&q=desfire%20aes&f=false
February 21st, 2012 at 09:05
Hi ridrix,
I have stucked with the Desfire Authentication Command.
I have shown below the APDUs
->0A 00
AF C5 34 FC 90 76 C6 4C 62 65 7A D2 9E 4D 4D CF 58
<- AE
Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
IV : 00 00 00 00 00 00 00 00
Can you tell me whats the wrong with this ?
Thanks
Amila
March 3rd, 2012 at 13:18
High Amila,
many steps are missing,therefore itis not possible to determine
the error.Please write all steps from the beginning.The
authentication procedure is describe at the start of this site.
March 5th, 2012 at 06:35
Hi Mustafa,
I am really sorry, I have done a mistake when sending the question. Anyway I could overcome the issue with authentication. Thanks for your response, I’ll need your help in future.
March 2nd, 2012 at 12:28
Hi all,
I am new in smartcard programming and I ve got some trouble on Mifare DESFire ISO wrapping. The point is that I seems to have additionnal bytes on my response APDU. Namely on an application linked to 3 AES keys for a Get key settings command :
cmd > 9045000000
resp 9045000000
resp< 0F83E524DE703EA850BD9100
While I am expecting to have
1byte for key settings || 1 byte for max No of key || MAC data
I am missing something however the status codes are OK.
Can you help me with this?
Thanks in advance.
Regards !
March 2nd, 2012 at 13:40
Correct sequence
cmd > 9045000000
resp 9045000000
resp< 0F83E524DE703EA850BD9100
March 3rd, 2012 at 07:48
Hi Amanda,
your command is not complete, the Le is missing.The iso APDU wrapping is as follows :
cmd:
cls ins p1 p2 lc(length of wrapped data) data Le
90 native instruction 00 00 XX XX 00
response:
data length SW1 SW2
XX XX native status code
So the correct command string is :
–> 90 45 00 00 00 00
<– 0F 01 91 00
March 5th, 2012 at 08:32
Hi Mustafa
I could successfully performed the Authentication command and I have a issue with ChangeKey, Please look at my situation mentioned below
RANDOM_B : 75 fc 01 86 9d 90 96 09
RANDOM_A : 01 23 45 67 89 ab cd ef
Session Key : 75 fc 01 86 01 23 45 67 9d 90 96 09 89 ab cd ef
OLD_KEY : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NEW_KEY : 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
ChangeKey Commandis = C4(1 Byte) + KEYNO(1 Byte) + Deciphered Key Data (24 Bytes)
Can you please explain me how can i create Deciphered Key data (24 Bytes)
I really appreciate your help on this.
Amila
March 5th, 2012 at 08:53
Hi Amilla,
I think ,in your case,the key number you are authenticating with is the same as the key you want to change .So you have to proceed as follows:
A two byte CRC is calculated over the new key data(16 bytes) and appended at the end.For the DES/3DES encryption is made using with frames of 8 bytes you must pad your data with 6 zeroes.Your
plain data should look like this:
[16 Bytes new key][2 Bytes CRC 00 00 00 00 00 00]
Now you should DES encrypt this data with the session key.
Good Luck
Mustafa
March 5th, 2012 at 10:42
Hi Mustafa,
Thank you so much for the quick response. I followed the things you advice and I am getting 1E response. I have lay down my data below.
SESSION_KEY : 17 4e 28 39 01 23 45 67 22 f4 25 3d 89 ab cd ef
NEW_KEY : 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
CRC16 for NEW_KEY : ce bd
NEW_KEY + CRC16 + 6 bytes PAD : 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ce bd 00 00 00 00 00 00
ENCRYPTED WITH SESSION KEY : aa 5c 99 58 d9 cd 9e 8d fc ab e8 2f 32 bc 92 3a 90 5c 41 c5 73 ab f8 e6
FINAL COMMAND : c4 00 aa 5c 99 58 d9 cd 9e 8d fc ab e8 2f 32 bc 92 3a 90 5c 41 c5 73 ab f8 e6
Please advice me to find the issue on this.
Is there any problem with how i create the SESSION_KEY ?
RANDOM_B : 17 4e 28 39 22 f4 25 3d
RANDOM_A : 01 23 45 67 89 ab cd ef
SESSION_KEY : 17 4e 28 39 01 23 45 67 22 f4 25 3d 89 ab cd ef
Thanks
Amila
March 5th, 2012 at 11:36
Hi Amilla,
1E means either your CRC is wrong or your MAC is not correct.To calculate MAC you have to proceed as follows:
1.You have to exor the first byte (01 01 01 01 01 01 01 01) with
IV all zeroes,and 3DES encrypt it with session key.
2.You have to exor the second byte (01 01 01 01 01 01 01 01) with
the result of the first step, and 3DES encrypt it with session key.
3.You have to exor the third byte (CRC1 CRC2 00 00 00 00 00 00) with
the result of the second step, and 3DES encrypt it with session key.
4.You append all of them to your command c4 00.
March 5th, 2012 at 17:55
Hi Mustapha,
Thanks for your answer.
I am wondering if it is not implementation choice of the tools I am using (since Lc and data fields are optional). I’ve got a correct status code and trying :
cmd > 904500000000
resp< 917E
7E means length error
Extra data was a CMAC value from my settings that doesn't appear all the time. I've fixed this.Thanks.
March 6th, 2012 at 06:58
Hi Amanda,
iso command APDU looks like :
CLA INS P1 P2 Lc Data Le
90 45 00 00 00 00 00
Data field is optional but Lc is not.Lc is the length of data field.
If you don’t have any data the Lc=00.Therfore your command
APDU 90 45 00 00 00 00 is correct and you should get the
answer 0F 01 91 00.
March 6th, 2012 at 08:54
Hi Mustafa,
Thank you so much for your support and I really appreciate . I got successful change key functionality.
Amila
March 7th, 2012 at 11:57
Hi Mustapha,
I am using PC/SC Diag from http://www.springcard.com/solutions/pcsc.html
which is as they say a “quick’n'dirty software to exchange APDU”…
Please can you help me on this.
I’ve also got issue on ChangeKey. I am using AuthenticateIso cmd and key number used for authentication is the same as the key number to be changed
3DES session key is F6C87AD0F4AD5CA52FBE35F612B442C6
New key + CRC32 + Pad = 1111111111111111111111111111111168C9375800000000 => enciphered = E50E3E54226C67EE1CBE3881542E59A7AAAB6E5810306806
The overall (wrapped) command is
90C400001900E50E3E54226C67EE1CBE3881542E59A7AAAB6E581030680600
I got AE(authentication error)response status.
I’ve successfully authenticate before performing ChangeKey so I don’t get it. Any idea ?
Thanks in advance for your answer.
March 7th, 2012 at 12:48
Hi Amanda,
As far as I can see, there are two mistakes.
1.The first half of your key is equal to the second half,so you
have to use DES encryption and not 3DES.
2.You should use CRC16 and not CRC32.
Try to fix the issues.If there are still problems write down all the communication between reader and the card.
Godd luck.
Mustafa
April 4th, 2012 at 07:33
Hi Mustafa,
I have two applications and each application has one standard file. For doing a specific function I have to update the both files in both application. How can we grantee the Atomic transaction of this function. It may be failed to update the second file once first has done successfully, due to RF signal issue or some other reason. How can we handle such situations, is there any native support from Desfire or we have to use some tricky things to handle this. If you have any idea please share.
Thanks
Amila
April 4th, 2012 at 14:23
High Amila,
the only way to be sure that the transaction has been executed successfully is to read the files after write operation.But the Desfire has a property which enables you that the file doesn’t get destroyed during any write operation because of RF failure.During value operations, add or subtract operations, you have to send commit transaction command.Until that time the original data remains in their original values.The same thing you can make with plain data if you use backup data file instead of standard data file.For all changes are made in a mirror place you have to open your backup data file with double the length of your normal file.
I hope this information helps you.
Good luck
Mustafa Moripek
April 6th, 2012 at 07:57
Hi Mustafa,
Thanks, I’ll try this.
Regards
Amila
April 17th, 2012 at 07:03
Hi Mustafa,
Is there any crc16 implementation that can use inside the javacard applet. Since most of the crc implementation use int variables and cannot use them inside the javacard applet, Do you have any idea to overcome this ?
Thanks & Regards
Amila
April 18th, 2012 at 06:29
Hi Amila,sorry but I don’t have such a CRC implementation.
Mustafa
April 26th, 2012 at 07:54
Hi Mustafa Moripek
Is there any way to maintain cents in value file.
April 27th, 2012 at 06:01
High Amila,
No there isn’t.Value Block data is four byte signed integer.You have to handle the exchange to cents in
the firmware of your hostcontroller.
Mustafa
April 27th, 2012 at 09:06
Hi Mustafa,
Yes. I understand. Thank you very much.
May 1st, 2012 at 11:35
hi,
my name is Jan Lazar
i’m not able to use MFDESFire8 library with AES encription,
my reader is OMNIKEY CardMan 5321 USB Reader,
with brand new card just CRM_3DES_ISO, CRM_3DES_DF4 are working for following bit of code.
i’m not able use CRM_AES, CRM_3K3DES
could you give me any hint, what i’m doing wrong, thank you very much
jan lazar
janolazar@gmail.com
code:
BYTE klucAplikacieAES_K0[16] = {0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00,0×00};
BYTE klucKarty_KO[24]; memset(klucKarty_KO,0,24);
retsReturnCode = poCardObject->SelectApplication(0×00000000);
funkcie->PopisChyby(“SelectApplication 0×00000000″, retsReturnCode, textBox);
if(retsReturnCode!=0) return -2;
retsReturnCode = poCardObject->Authenticate( 0,
klucAplikacieAES_K0,
CRM_AES ); // CRM_3DES_ISO // CRM_AES // CRM_3DES_DF4 // CRM_3K3DES
funkcie->PopisChyby(“Authenticate CRM_3DES_ISO 0,24″, retsReturnCode, textBox);
if(retsReturnCode!=0) return -2;
retsReturnCode = poCardObject->FormatPICC(); funkcie->PopisChyby(“FormatPICC”, retsReturnCode, textBox);
if(retsReturnCode!=0) return -2;
May 9th, 2012 at 11:54
Dear All,
i need help for desfire. We want to create,read & write in the Desfire card. We have Omnikey 5321 reader. Please provide me all set of APDU commands.
Your help will be more appreciated.
Thank
Narendra
May 9th, 2012 at 14:00
Do you have some further information about the Card? Which encription, application, filenumber…
May 9th, 2012 at 14:05
Actually i hv NXP desfire blank card, we have to create complete structure for card, so we don’t have any commands to start.
May 16th, 2012 at 07:46
Hi Mustafa,
I am working on to change my all the logic to AES. When I send the first authentication command it gives AE. I know default cryptography is TDES. But I need to know how to change it to AES both PICC keys and Application keys. Can you please advice me to start authentication work with AES.
this is the commands and responces.
->aa00
<-ae
Regards
Amila
May 16th, 2012 at 11:40
Hi Mustafa,
I could overcome this issue. working on to fully complete the AES authentication.
May 18th, 2012 at 10:45
Hi
I have problem with the AES authentication. I have listed below output.
PICC Challenge : c5 53 7c 8e ff fc c7 e1 52 c2 78 31 af d3 83 ba
RND_A : 23 47 c1 55 7f 80 70 7a bd ef 86 bf 9d 96 5c a7
RND_B’ : a0 35 3a 7d 29 47 d8 bb c6 ad 6f b5 2f ca 84 1e
RND_A + RND_B’ : 23 47 c1 55 7f 80 70 7a bd ef 86 bf 9d 96 5c a7 a0 35 3a 7d 29 47 d8 bb c6 ad 6f b5 2f ca 84 1e
Enciphered(RND_A + RND_B’) : 4f 32 f6 d2 ff af d9 f1 41 fd 33 b0 cb ab 70 50 9d 63 e8 a8 a1 b6 87 b7 4e 2e 11 71 fc 38 e4 ef
I know problem is in the last enciphering (RND_A + RND_B’). Can someone advice me to overcome this issue.
Regards
Amila
May 18th, 2012 at 15:41
Hi Amila,
How did you build EK(RND_A+RND_B’) ,did you use CBC?
May 21st, 2012 at 07:39
Hi Mustafa
Yes. I am using CBC. If you need entire code block I can send it.
May 21st, 2012 at 14:18
Take a closer look ant RND_A. I think it must be 23 47 c1 55 7f 80 70 7a bd Ff 86 bf 9d 96 5c a7 (it’s double f not ef)
May 22nd, 2012 at 05:50
Hi Meph,
Yes. Its FF not EF, I don’t how it happened, I copy and pasted it.
May 22nd, 2012 at 10:59
Hi Meph/Mustafa
AES authentication is succeeded. Now I am working on writing data to standard file with ciphered. In that case I couldn’t find a crc32 implementation yet. Can you please advice me to overcome this issue ?
Thanks & Regards
Amila
May 22nd, 2012 at 11:43
I used the Java crc32 method. But you have to prepare the result to get the result the Card expects. If you use Java i could Show you my Code which works. (und wenn du (besser) deutsch sprichst kann ich auch gerne auf deutsch Antworten;) )
May 22nd, 2012 at 11:47
Hi Meph,
Thank you very much for the quick response.
Yes, I am using java for my application, If you can show the method it’ll be a great help.
Regards
Amila
May 22nd, 2012 at 11:53
I used this method. Don’t know if there is a better way but it works:)
public byte[] crc32(byte[] input) {
byte[] ret = new byte[4];
CRC32 checksum = new CRC32();
checksum.update(input);
checksum.getValue();
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
try {
dos.writeLong(checksum.getValue());
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
byte[] crc32 = bos.toByteArray();
for(int i=0;i3;i–){
ret[j]=crc32[i];
j++;
}
return ret;
}
May 22nd, 2012 at 12:01
function _CRC32(Buffer : array of byte; Offset,Length : word) : cardinal;
var crc,poly,bit: cardinal;
i,j : word;
begin
crc:=$ffffffff;
poly:=$EDB88320;
for i:=Offset to (Offset+Length-1) do
begin
crc:=crc xor cardinal(Buffer[i]);
for j:=1 to 8 do
begin
bit:=crc and $00000001;
crc:=crc shr 1;
if (bit=1) then crc:=crc xor poly;
end;
end;
_CRC32:=crc;
end;
This is CRC32 function from my DesFireAES API in Delphi. Works perfectly.
May 22nd, 2012 at 12:17
Hi Meph,
In the given source code, I think something is wrong on the following line
for(int i=0;i3;i–)
Thanks
Amila
May 22nd, 2012 at 12:48
hmmm, dont know why because i made copy&paste but it should be: for(int i=7;i>3;i–)
May 22nd, 2012 at 12:49
for(int i=7;i>3;i – -)
this editor seems to change double – into one long
May 22nd, 2012 at 13:02
Hi Meph,
I tried to calculate following sample data, But it seems i am getting wrong result.
Message : 3D020000000F0000112233445566778899aabbccddeeff
Getting : d7 f5 32 5a
Expected : 28 0A CD A5
Can you see something wrong here ?
Regards
Amila
May 22nd, 2012 at 15:04
Its working fine in my program with the method code i posted before.
I get the same result After using the Java crc32 method. You have to prepare this result (the two for-Blocks in my code). First you have to invert it so you get (FF FF FF FF) A5 CD 0A 28 and then you have to read it from right to left (but always two numbers together). Then you get the crc32 value like in your example from the nxp document.
I Hope you understand my Description. I’m Sorry for my english;)
May 23rd, 2012 at 06:29
Hi Meph,
Again thank you very much for the support….
I think something has gone wrong when copying the code in the text area, I am getting result as d7 f5 32 5a(Before invert). Can you please email the code snippet to me.. my email is godwinamila@gmail.com
Regards
Amila
June 4th, 2012 at 11:23
Hi I have an AID 818181 with FID 01,
the create command as CA2020200F01.
Create File ID CD0100EEEE100000
i have problem using Delete Application Command :
DA202020 , it give me 7E (length Error) after master key authentication successful.
Please advice.
June 5th, 2012 at 09:57
Can anyone share with me what is the default Key 01 if i have create the application ID of having two authentication key 0F 02 where the access right is 1111.
I Always face 1E (Integrity Error)
Thx in advance.
June 5th, 2012 at 10:38
Hi ADAM TSL,
its 0×00,0×00…… (24 0s)
Regards
Amila
June 6th, 2012 at 17:41
Hi Amila,
Thx for your feed back, i still struggling on the change key with all zero for Desfire Ev1 8K. Can you give some pointer.
9A BF 4D 6C EA 77 5E D4 – RndB
87 0C CB EE 0B CC 77 97 – RndA
session key after 0a00 =
87 0C CB EE 9A BF 4D 6C 0B CC 77 97 EA 77 5E D4
session key 8 bytes (Des)
-> 87 0C CB EE 9A BF 4D 6C
new key = 0C CD C6 5D D5 D8 7D 11 11 11 11 11 11 11 11 11
new key CRC16 = 00 7A
b1 – 0C CD C6 5D D5 D8 7D 11
b2 – 11 11 11 11 11 11 11 11
b3 – 00 7A 00 00 00 00 00 00
R1 (b1 Xor Iv) – 0C CD C6 5D D5 D8 7D 11
R2 – des dec(r1) – AC FC 24 47 70 4A 62 FC *
R3 – r2 xor b2 – BD ED 35 56 61 5B 73 ED
r4 – des dec(r3) – 9E E1 17 EE 75 97 1F 10 *
r5 – r4 xor b3 – 9E 9B 17 EE 75 97 1F 10
r6 – des dec(r5) – 83 2D 6F 03 F8 38 00 DC *
c401ACFC2447704A62FC9EE117EE75971F10832D6F03 F83800DC
error 1E
June 7th, 2012 at 08:03
Hi ADAM TSL,
Can you confirm the last command, because it should be
c4 00 ac fc 24 47 70 4a 62 fc 9e e1 17 ee 75 97 1f 10 83 2d 6f 03 f8 38 00 dc
Regards
Amila
June 7th, 2012 at 08:41
HI Amila,
The crypto data
ac fc 24 47 70 4a 62 fc 9e e1 17 ee 75 97 1f 10 83 2d 6f 03 f8 38 00 dc
is correct but i want to change key no 1, the session key is from authenticating with key 0A00.
I’m referring to ChangeKey Command Example in Native TDES.
case 1 : key number to b change key number for current authenticated session.
regards,
June 7th, 2012 at 12:59
Hi ADAM TSL,
in case the key number you use for authentication is different from the key number to be changed and change key key is set to a value not equal to 0X0E you have to generate the deciphered key data like follows:
The new key and the current key are bitwise Xored (16 byte).CRC (2 byte) is calculated over the Xored data and appended at the end.Additionally a CRC (2 byte) of the new key is appended and after padding of zeroes (4 byte) DES/3DES deciphering operation is performed on the whole data.The three cryptogram blocks are chained using CBC send mode.
Good luck
Mustafa Moripek
July 4th, 2012 at 07:16
Hi Mustafa,
I have a problem with Desfire Diversification, I don’t have NXP SAM AV2, I am trying to implement all the cryptographic operations including diversification in software level. The Desfire Card I am communicating with is working with real hardware SAM but not with my software SAM. Can u verify my following output,
Key Diversification
————————————–
Diversification Input : 00 00 00 02 00 90 00 00
Key : B8 FB 8F 51 A3 EF C8 8F 41 2C 23 96 DD 59 45 A4
Diversified Key : B8 FA F9 86 E5 C2 3F A7 C3 C5 4C 3E A2 B7 7D F4
DESFIRE Authentication
————————————–
Application Key : B8 FA F9 86 E5 C2 3F A7 C3 C5 4C 3E A2 B7 7D F4
-> 5A 00 00 01
0A 00
AF C9 1F CB 60 DE 47 71 70 CE DE EC E4 D9 6A 95 D3
<- AE
Thanks & Regards
Amila
July 4th, 2012 at 07:17
RANDOM_B : DC EF B2 52 48 6A 15 A4
RANDOM_A : 01 01 02 03 04 05 06 07
July 4th, 2012 at 09:02
Look for NXP document AN10922 in google. This document is public and describe in details proper diversification process (compatible with SAM) for various cards. You will find there also some examples so you can test your code.
July 4th, 2012 at 09:11
Hi Mark,
Thanks for the response. I actually followed that document, I have a doubt that I am doing something wrong,
Please see input and output of my diversification algorithm.
Key : B8 FB 8F 51 A3 EF C8 8F 41 2C 23 96 DD 59 45 A4
INPUT : 00 00 00 02 00 90 00 00
Diversified Key :B8 FA F9 86 E5 C2 3F A7 C3 C5 4C 3E A2 B7 7D F4
Thanks & Regards
Amila
July 4th, 2012 at 09:29
That my results:
Master Key: B8 FB 8F 51 A3 EF C8 8F 41 2C 23 96 DD 59 45 A4
DivInput: 00 00 00 02 00 90 00 00
———-
Div Key: 1D 24 26 45 4A CF 8E 9F D3 73 CE 15 E3 73 20 38
Did you try to test your program with the example from AN10922??
July 4th, 2012 at 09:54
Hi Marek,
I tried your output, its not working….
Regards
Amila
July 4th, 2012 at 11:08
Hi Marek,
Sorry for about my first post on this topic, it should be SAM AV1 not SAM AV2
Regards
Amila
July 5th, 2012 at 11:48
Hello ridrix,
I found your forum very interesting and helpful.
Unfortunately we are working with Elatecs TWN3 Mifare NFC transponder that offers DESFire cards support.
The support we got from Elatecs developers they stated that the communication with DESFire cards is done using this syntax:
t0F
data is created using ISO14443-4 protocol frame and that we have to place the DESFire protocol data into the INF-field using I-Blocks.
Could you please provide us with an example of how we could authenticate? We would greatly appreciate it.
July 5th, 2012 at 11:49
corrected: syntax: t[data.length]0F[data]
July 7th, 2012 at 09:19
Hello everyone.
Does anyone have a java function to ENCIPHER/DECIPHER?
I have done this:
byte[] input = is the PICC reply after A0 00
byte[] masterKeyBytes = “00000000″.getBytes();
byte[] ivBytes = “00000000″.getBytes();
Cipher cipher = Cipher.getInstance(“DES/CBC/NoPadding”);
Key encryptionKey = new SecretKeySpec(masterKeyBytes, “DES”);
cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new IvParameterSpec(ivBytes));
bytes[] plainText = cipher.doFinal(input);
But i always get strange results… and i cant figure out why. I would love some points how to fix it.
Exemple how my decryption looks like:
i get the input:
AF EA 18 DE FF 52 0E CD
And after deciphering its: 43 DA 7C 69 DE 5F D0 6F
Is that correct?
Thank you very much
July 17th, 2012 at 09:16
Hello i am new here, Please tell me How to load an application on desfire card?now i am using SCM Microsystem’s Card Reader to communicate with the desifre card.
i want to load a small C code on the card for encryption.
and also provide the link for desfire memory organization..
thanks in Advance..
July 18th, 2012 at 05:24
How to Load an application on DESfire card. Now I am using SCM Microsystem’s Card Reader to communicate with DESFire Card..
July 18th, 2012 at 05:29
Hi shiv,
In Desfire, you can’t load application like in smart card, Its sort of a stored value card, you only can create application in the card it self by sending a command. Read the specs carefully.
Regards
Amila
July 24th, 2012 at 07:32
Hi.
Does anyone familiar with the NXP SAM AV1. I have few issues with SAM_AuthenticateHost
Regards
Amila
July 24th, 2012 at 09:32
Hi Amila ,
what is the issue?
Mustafa
July 24th, 2012 at 09:46
Hi Mustafa,
I am trying to do the SAM_AuthenticateHost. In that case second command is getting failed with 90 1E (Correct Execution. Authentication failed)
this is command and responses
-> 80 A4 00 00 02 00 00 00
80 A4 00 00 10 04 24 4E 95 C5 A5 F3 0A 1B A9 00 74 26 19 0E F7 00
<- 90 1E
SAM KEY : 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00
Regards
Amila
July 24th, 2012 at 09:49
Hi Mustafa.
Data is getting missed in this editor. Please use this
-> 80 A4 00 00 02 00 00 00
80 A4 00 00 10 04 24 4E 95 C5 A5 F3 0A 1B A9 00 74 26 19 0E F7 00
<- 90 1E
SAM KEY : 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00
Regards
Amila
July 24th, 2012 at 09:51
Hi Mustafa.
Again
Enk(RANDOM_B) : 4e 74 06 d5 c5 92 af f7
RANDOM_B : d3 1d 1f 84 5b 22 96 2c
RANDOM_B’ : 1d 1f 84 5b 22 96 2c d3
Enciphhered Data1 : 04 24 4e 95 c5 a5 f3 0a
enkno(RANDOMA + RANDOMB’) : 04 24 4e 95 c5 a5 f3 0a 1b a9 00 74 26 19 0e f7
July 24th, 2012 at 10:24
Hi Amila,
can you please write the communication in the following format:
-> 80 A4 00 00 02 00 00 00
80 A4 00 00 10 ekNo(RndA+RndB’) 00
<- 90 1E
Mustafa
July 24th, 2012 at 10:25
Hi Amila,
can you please write the communication in the following format:
-> 80 A4 00 00 02 00 00 00
-> 80 A4 00 00 10 ekNo(RndA+RndB’) 00
<- 90 1E
Mustafa
July 24th, 2012 at 10:30
Hi Mustafa,
See below the communication as you requested.
-> 80 A4 00 00 02 00 00 00
80 A4 00 00 10 04 24 4E 95 C5 A5 F3 0A 3A D5 01 BF CB 0B 2A 8F 00
<- 90 1E
RANDOM_A : 05 3F 41 DA 27 26 E4 29
SAM KEY : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
July 24th, 2012 at 10:27
Hi Amila,
can you please write the communication in the following format:
-> 80 A4 00 00 02 00 00 00
80 A4 00 00 10 ekNo(RndA+RndB’) 00
<- 90 1E
Mustafa
July 24th, 2012 at 10:31
Hi Mustafa
-> 80 A4 00 00 02 00 00 00
80 A4 00 00 10 04 24 4E 95 C5 A5 F3 0A 3A D5 01 BF CB 0B 2A 8F 00
<- 90 1E
RANDOM_A : 05 3F 41 DA 27 26 E4 29
SAM KEY : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
July 24th, 2012 at 10:33
Hi Mustafa,
Something wrong with the wordpress. Can you give your email I can send the output
Regards
Amila
July 24th, 2012 at 10:40
Hi Amila ,
evrything seems to be O.K.Are sure you are using single DES
for decryption,for the key is all zero.
Mustafa
July 24th, 2012 at 10:47
Hi Mustafa.
Yes. Probably the key I am using wrong. I got the key from the card provider. Let me check that.
Thank you very much for the quick response.
Regards
Amila
July 24th, 2012 at 10:48
Good Luck
Mustafa
August 18th, 2012 at 11:52
Hi,
I am newbie for smart card but I’ve successfully authenticated using DES. Now I am trying for AES, and when I request Random B(16 bytes) from PICC, it gives me AE. The card is a new blank card with default keys and settings.
->aa00
0a00
1a00
<-AF871081A8BDB379E1
Even thou I don't know the 1a00 command, I just used 0a00 for requesting Random B.
Thanks,
August 18th, 2012 at 12:59
Hi,
Now I have idea of commands referred from page 9 of ftp://ftp.rf-id.it/Support/Documentazione/Feig/Readers/ID%20CPR%2040.XX/H01111-0e-ID-B.pdf
But still having problem of Random B (16 bytes) request from PICC.
Thanks
Gabriel
August 21st, 2012 at 20:38
This blog already had my answers. Thank you so much for QnAs posted. I should have read thoroughly before I ask.
August 29th, 2012 at 07:32
Hi all,
I am having a problem with PICC master key changing, could anyone check and point out what my problem is?
https://www.dropbox.com/s/wfvpy795tsbyjtz/change%20key%20log.txt
Thanks for the attention.
September 3rd, 2012 at 06:59
Hi Gabriel,
all the data you have sent are correct.What kind of response
do you get from the picc?
September 5th, 2012 at 05:55
Hi Mustafa,
Thank you for your reply. I receive 001E from PICC. I used native commands for communication.
Thanks,
Gabriel
September 1st, 2012 at 07:06
hi
this is jorge .
i am able to do authentication .
but while creating file it is returning 0x0e
i created only one aid
September 5th, 2012 at 06:11
Hi Gabriel,
Error code 1E means CRC error.I have checked your CRC, it is
correct.I have checked your data with the session key you have
given,your calculating of CBC parts are all correct.The only issue
can be tahat your session key is not correct and the PICC calculates
wrong CRC.
Check your code part which builds the session key.
Good luck.
Mustafa
September 5th, 2012 at 06:44
Hi Mustafa,
Thank you for the prompt help and verification of my result. I will check my code per suggested and keep you informed.
Thanks,
Gabriel
September 6th, 2012 at 10:10
Hi All,
I have a problem about change key.
Old Key is “00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00″
New Key is “00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00″
Following is my flow chart
PCD: 0A 00 // Authenticate
PICC: AF 73 F4 D5 28 26 F3 38 31
RndA is “00 01 02 03 04 05 06 07″
RndB is “D1 A5 6D 00 6D B7 DF 5E”
PCD: AF 49 1E 89 0D E9 AC E9 32 5F 96 79 AF 60 54 F4 8C
PICC:00 B7 D1 DA 7C E0 DD 98 6B
The DES_SessionKey is “00 01 02 03 D1 A5 6D 00″
The 3DES_SessionKey is “00 01 02 03 D1 A5 6D 00 04 05 06 07 6D B7 DF 5E”
I calculated CRC16 then change key key data is
C4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 49 00 00 00 00 00 00
Then do decipher use DES_SessionKey
C4 00 98 37 36 08 51 1D 96 4C 98 37 36 08 51 1D 96 4C 3A D7 5E 3E 34 EB E3 2E
But I got the 0x1E,I don’t know where is wrong?
Can help me please?
September 10th, 2012 at 05:30
Hi ChrisKing,
Search keyword “March 7th, 2012 at 11:57″ in this blog, this might help you out.
Good luck,
Gabriel
January 23rd, 2013 at 08:01
Hi ChrisKing ,
If you don not get your answer yet tell me.
May be i can help you.
Ali
September 7th, 2012 at 06:06
Hi Mustafa,
Thanks a lot for your suggestion that saved a lot of my time and I got it right now. As you mentioned its my code block that build wrong session key.
Thanks,
Gabriel
September 7th, 2012 at 11:38
after authentication i am creating aid ..i have problem in creating data file it is giving 0x0e ..can any one help me
September 7th, 2012 at 12:07
Hi Jorge,
your file length must be to high.The 0X0E means out of eeprom.
You get this error message when the file length (the last three
bytes ) in your command is to high.
Good luck…
Mustafa
September 7th, 2012 at 12:45
Hi Mustafa,
I now have successfully changed default DES key to TDES keys and AES keys. Although DES and TDES authentication is alright, I have problem in AES authentication. I did refer to previous QnA posted about AES authentication but still in vain. Could you please point out what I did wrong for this authentication.
https://www.dropbox.com/s/mrnpc1mol44q8tm/AES%20change%20key%20log.txt
September 7th, 2012 at 13:18
Hi Mustafa,
Its ok now. I could authenticate with AES key. I mistakenly used decryption instead of encryption.
Thanks,
Gabriel
September 7th, 2012 at 16:52
Hi
Does some one implemented NXP Desfire TDES Key Diversification(SAM AV1) using java or any other language ?
Thanks
Amila
September 10th, 2012 at 07:34
Hi All,
I have listed below the Input and output of my programme, can someone please validate this ?
Key : 30 9F 44 6D 01 2F D8 EC 3C 93 78 57 BB 1F 7B AC
INPUT : 00 00 90 00 02 00 00 00
Key version : 01
After Diversification : e1 90 2b 6f 7a 31 c6 9d a8 f7 79 90 78 7a fe 28
Replace Key version : e0 90 2a 6e 7a 30 c6 9d a8 f7 79 90 78 7a fe 28
Regards
Amila
September 9th, 2012 at 10:18
Hi,
Could anyone please guide me to calculate MAC and CMAC?? I tried with some test vectors but ended up with unexpected results…
https://www.dropbox.com/s/t04ahd2hg1iiqsu/mac_calc.txt
Thanks,
Gabriel
September 10th, 2012 at 08:57
Hi Mustafa
I have stucked in Desfire Diversification can you give me some help to sort out the issue ?
Regards
Amila
September 10th, 2012 at 09:27
Hi Amila,
the following document is explaining key diversification really
good :
(http://www.nxp.com/documents/application_note/AN10922.pdf)
Good luck
September 11th, 2012 at 03:14
anyone know is there any method can do XOR before DES ?
I tried following code:
byte[] iv = new byte[] { 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00,
0×00 };
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
SecretKey s = new SecretKeySpec(key, Algorithm.TEDE.toString());
Cipher cipher = Cipher.getInstance(“DESede/CBC/NoPadding”, “BC”);
cipher.init(Cipher.DECRYPT_MODE, s, ivParameterSpec);
byte[] deciphered_data = cipher.doFinal(enciphered_data);
It seems to do XOR after DES
September 11th, 2012 at 12:10
Just do the XOR yourself and call the DES routine with a NULL IV every time. Use the crypted output of each block as the source data for the XOR of the next block (i.e. you are effectively maintaining your own IV).
cheers, Adam
September 12th, 2012 at 15:00
Hi All,
Sorry Mustafa,
can you help me?
I try to write an autentication/change key program in java for DesFire 8k
EV1
I successfull change my PICC key from
oldKey = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
to
newKey =0A 0B 0C 0D 0E 0F 0A 0B 2F CB F6 1B DF A7 F5 9C
so now i want to go back to old key
to do this now i have to use 3Des enc/decription for autenticate key 0×00 is it right??
so i select AID 0×00
APDU >>>: 90 5A 00 00 03 00 00 00 00
APDU <<>>: 90 0A 00 00 01 00 00
APDU <<>>: 90 AF 00 00 10 45 25 1E 20 33 BD 31 60 F5 89 85 42 3B 98 30 5E 00
APDU <<<: 91 AE
Autentication Error
is my 3DES right?
September 12th, 2012 at 16:50
Copy and paste problem
i try to write again
just an information i try autentication on a brand new picc
using key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
all ok
but i achive the same results using key
01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
is it normal?
September 12th, 2012 at 17:50
I made another try
select picc
autenticate picc 0×00 … 0×00
format picc (so i can repeat my test without so much work)
i create an app 01
selecte 01 app
autenticate with key 0×00
change key to 0xff .. 0xff
autenticate again with key 0xff
changed back to 0×00
enc/dec used allways des
i repeat the above test using 0×02 …0×02 key insted of 0xff .. 0xff
but when i try to autenticate again with key 0×02 i cant autenticate
the dump of my test is here
https://dl.dropbox.com/u/58962371/picc.txt
i also try to copy/paste it
commandSELECT_PICC —————-
APDU >>>: 90 5A 00 00 03 00 00 00 00
APDU <<>>: 90 0A 00 00 01 00 00
APDU <<>>: 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 A6 57 37 A3 8B 5F E8 56 00
APDU <<>>: 90 FC 00 00 00
APDU <<>>: 90 CA 00 00 05 01 00 00 0F 01 00
APDU <<>>: 90 5A 00 00 03 01 00 00 00
APDU <<>>: 90 0A 00 00 01 00 00
APDU <<>>: 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 57 56 3F 77 4C FE E7 60 00
APDU <<>>: 90 C4 00 00 19 00 48 2A C1 3C 95 84 59 61 1D B8 92 5C F7 93 AC 07 98 ED 39 11 3D DF FD 56 00
APDU <<>>: 90 0A 00 00 01 00 00
APDU <<>>: 90 AF 00 00 10 CA AA AF 4D EA F1 DB AE E5 02 E8 DF 32 65 44 71 00
APDU <<>>: 90 C4 00 00 19 00 3C 37 A5 45 D4 CE 35 0C DD B5 15 91 54 4F C9 11 5D E8 6E 74 AA 64 E8 38 00
APDU <<>>: 90 5A 00 00 03 00 00 00 00
APDU <<>>: 90 0A 00 00 01 00 00
APDU <<>>: 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 AA 39 C4 87 D0 7E 90 B5 00
APDU <<>>: 90 FC 00 00 00
APDU <<>>: 90 CA 00 00 05 01 00 00 0F 01 00
APDU <<>>: 90 5A 00 00 03 01 00 00 00
APDU <<>>: 90 0A 00 00 01 00 00
APDU <<>>: 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 48 28 19 77 C0 D9 C6 E8 00
APDU <<>>: 90 C4 00 00 19 00 20 EE B7 40 D8 DB D2 FB 0E E0 B0 41 AB 1E 43 CB 70 B5 DC DE 61 2A 41 86 00
APDU <<>>: 90 0A 00 00 01 00 00
APDU <<>>: 90 AF 00 00 10 C4 AF 51 BD 0A 0F 8A DD 03 EA 58 A9 C5 BD E9 77 00
APDU <<<: 91 AE
September 12th, 2012 at 17:53
commandSELECT_PICC —————-
APDU -> 90 5A 00 00 03 00 00 00 00
APDU 90 0A 00 00 01 00 00
APDU 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 A6 57 37 A3 8B 5F E8 56 00
APDU 90 FC 00 00 00
APDU 90 CA 00 00 05 01 00 00 0F 01 00
APDU 90 5A 00 00 03 01 00 00 00
APDU 90 0A 00 00 01 00 00
APDU 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 57 56 3F 77 4C FE E7 60 00
APDU 90 C4 00 00 19 00 48 2A C1 3C 95 84 59 61 1D B8 92 5C F7 93 AC 07 98 ED 39 11 3D DF FD 56 00
APDU 90 0A 00 00 01 00 00
APDU 90 AF 00 00 10 CA AA AF 4D EA F1 DB AE E5 02 E8 DF 32 65 44 71 00
APDU 90 C4 00 00 19 00 3C 37 A5 45 D4 CE 35 0C DD B5 15 91 54 4F C9 11 5D E8 6E 74 AA 64 E8 38 00
APDU 90 5A 00 00 03 00 00 00 00
APDU 90 0A 00 00 01 00 00
APDU 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 AA 39 C4 87 D0 7E 90 B5 00
APDU 90 FC 00 00 00
APDU 90 CA 00 00 05 01 00 00 0F 01 00
APDU 90 5A 00 00 03 01 00 00 00
APDU 90 0A 00 00 01 00 00
APDU 90 AF 00 00 10 8C A6 4D E9 C1 B1 23 A7 48 28 19 77 C0 D9 C6 E8 00
APDU 90 C4 00 00 19 00 20 EE B7 40 D8 DB D2 FB 0E E0 B0 41 AB 1E 43 CB 70 B5 DC DE 61 2A 41 86 00
APDU 90 0A 00 00 01 00 00
APDU 90 AF 00 00 10 C4 AF 51 BD 0A 0F 8A DD 03 EA 58 A9 C5 BD E9 77 00
APDU <- 91 AE
September 18th, 2012 at 09:39
Hi Andrea,
there is something wrong with encrypting RndA(all zeroes).
I have checked your data:
When encrypting RndA with the keys all FF or all 00 I get
exact the same numbers like you.But when I decrypt
RndA with the key all 02 I get following numbers:
3D 8A 71 E3 25 CE C2 96.
I hope this will help you to find the issue,good luck.
Mustafa
September 18th, 2012 at 12:41
So my problem can bee my des/3des encryption i have to check my code.
can some one suggest me a java implementation for des/3des so i can check ?
September 14th, 2012 at 12:13
Does anyone know what statuscode ’0x3f’ means?
Could not find it in the specifications (http://read.pudn.com/downloads165/ebook/753406/M075031_desfire.pdf).
September 18th, 2012 at 14:03
Hi Again Mustafa
I tried again using key twoKey16 (0×02 .. 0×02)
encrypting eightZero = (0×00..0×00)
encry = C4 AF 51 BD 0A 0F 8A DD
if i use the same key and the same input but the decrypt algo
it get me
decry = 8A 71 E3 25 CE C2 96
is it right?
September 18th, 2012 at 16:08
Hi Andrea,
only the first number (3D) is missing.
The encryption during communication between PCD and PICC
works as follows : PCD always decrypts the data and the PICC
always encrypts.
Mustafa
September 18th, 2012 at 17:11
sorry copy and paste error
decry = 3D 8A 71 E3 25 CE C2 96
so my des algo works fine?
September 20th, 2012 at 21:41
Yes, 3D8A71E325CEC296 is the correct output of 0000000000000000 decrypted with 0202020202020202.
September 24th, 2012 at 08:25
Hi Mustafa,
Could you guide me to get session key when the randomA and randomB has 16 bytes each for AES authentication/operation.
Regards,
Gabriel
September 25th, 2012 at 10:28
Hi Gabriel,
the authentication with AES keys are similar to authentication
with DES/3DES.You have to use command code 0XAA instead of
0X0A.For encryption you have to use AES algorithm.
You must use a tag with chip MF 3 IC D 41 ,tags with chip
MF 3 IC D 40 don’t support AES keys.
Good Luck
Mustafa
September 27th, 2012 at 16:49
Hi Mustafa,
Sorry for my late reply (seems notification is not working properly).
The tag is with MF3ICD41, I can send the command 0xaa and get response(16 bytes rndB). What I am not clear is building session key. For DES, the session key is build with first nibble of rndA and first nibble of randB; for TDES, its first nibble of rndA+ first nibble of randB+second nibble of rndA+ second nibble of rndB. For AES, its randA and rndB is 16 bytes each, and do not know which nibble to manipulate.
Thanks and best regards,
Gabriel
September 28th, 2012 at 13:43
Hi Gabriel,
You build the session key as follows:
Session Key = RndA byte 0..3 + RndB byte 0..3 +
RndA byte 12..15 + RndB byte 12..15
Good luck
Mustafa
September 28th, 2012 at 17:46
Hi Mustafa,
Thank you so much for your kind info and guidance. I got it working now.
Best Regards,
Gabriel
September 30th, 2012 at 13:15
Hi Mustafa,
Is it possible to get the key from Desfire SAM AV1 using some other authentication ?.
October 1st, 2012 at 05:53
Hi Amila,
no I don’t think so.
October 1st, 2012 at 06:44
Hi Mustafa,
Thnx. I wanted to clear my doubts.
October 5th, 2012 at 08:28
Hi Mustafa,
I have succesfully authenticate the card using 0×00….. default key using DES/CBC/NoPadding mode.. and its ok.. here i needs to generate MAC for command data 00112233445566778899AABBCCDD0000(with padding) using 16byte key A908E976D518D0B9AE1D7F7A04CB0154 with 3DES standard encryption.. For check the validity i use example NXP Desfire EV1 features and Hints spec…
My java code :
Cipher cipher = Cipher.getInstance(“DES/CBC/NoPadding”);
DESKeySpec kspec = new DESKeySpec(key);
SecretKeyFactory kfact = SecretKeyFactory.getInstance(“DES”);
SecretKey key1 = kfact.generateSecret(kspec);
IvParameterSpec IvSpec = new IvParameterSpec(ivzeros);
cipher.init(Cipher.ENCRYPT_MODE, key1,IvSpec);
res = cipher.doFinal(data);
Bu the result i got is D78070B8294E6045DD3AB3C11E01769A
According to the example it should be 8CF67F76B9CCD298874801630C759151 AND mac IS 87480163
October 5th, 2012 at 09:01
Hi Mustafa,
Sorry, i have solved the problem…. The answer is use
Cipher cipher = Cipher.getInstance(“DESede/CBC/NoPadding”);
and the key should be K1K2K3 where K1=K3
I have learn lot of desfire implementation related details from your comments.. Thank you very much…..
Cheers,
Tom
October 9th, 2012 at 06:23
Hi Mustafa,
Can you help me in this matter….
I have successfully authenticate card with key version 0×00(master key all zeros)
Then i try simple commands including get Versions and settings.
Now I need to create applications and files… For that i am trying to use key version 00 as application key(AMK).
1 – Can i use CMK(Card Master Key) as Application master key..?
2 – How can i add more than one key versions to cards for used with applications and files..?(eg. Key 1 for app1 file1 write and read…..)
Please help me in this matter…..
October 9th, 2012 at 07:07
Hi Tom,
these are defined within the key settings.Depending
on the configuration of the application key settings
and PICC master key settings you determin the
behaviour of the desfire card.Let me explain you both
the PICC master key settinds and application key
settings.
PICC Key settings:
bit7(MSB)-bit4 RFU
bit3 1 PICC master key allowed if authenticated
with PICC master key
0 configuration no more changeable
bit2 1 Create appl. is permitted without authentication,
delete application requires authentication
with PICC master key
0 Create and delete application is permitted
only with PICC master key authentication
bit1 1 GetApplicationID and GetKeySettings command
without authentication
0 GetApplicationID and GetKeySettings command
after succesfully authentication with PICC
master key
bit0 1 PICC Master key changeable
0 PICC master key nomore changeable
Application Master Key settings:
bit7(MSB) -bit4 Accessrights for changing the application keys
0X0 Application master key authentication is
neccessary for changing any key
0X1..0XD Authentication with the given key is neccessary
0XE Authentication with key to be changed is neccessary
0XF All keys except application master key within tis
application are not changeable
bit2 1 Create/delete file without authentication
0 Create/delete file only with application master key
authentication.
bit1 1 GetFileID,GetFileSettings and GetKeySettings
without authentication
0 The above mentioned commands after
authentication with application master key
bit0 1 Application master key changeable
0 Application master key not changeable
I hope these information will help you.
Mustafa
October 9th, 2012 at 07:43
Hi Mustafa,
Thanks for you quick reply for me…
I understand about key settings that you mentioned above post..
Actually i need to know , suppose a card have 3 key versions
0×00 – master key
0×01 – some app key
0×02 – another app key
0×03 – key for some file inside above app
What i need to know is….
1 – How can i define key version 0×01(1) with its value… any command….??
2 – When i change AMK(version 00) to version 0×01(another key) can i use above oxo1 for another application or file.. Are both key versions exists in the card(After key change) to use for another purpose.. ???
Please help me…..
October 9th, 2012 at 09:49
Hi Tom,
I think key versioning is not the right thing you are looking for.
Please download the application manual AN10922 of NXP
to read the details of key versioning.
You can create different keys for each application but you access
all the files in the same application with the same application
master key.
Mustafa
October 9th, 2012 at 09:55
Hi Mustafa,
I think i have found the answer for my question…. I can continue my development.. Thanks.. I have another small question.
Suppose we use
–> 6a
<– 00 00 80 57 01 80 57
So the application ID's are 578000 and 578001.. So why Desfire always send the results like that..? (LSB first and MSB last)..
Thank you very much for the instructions…
Tom
October 9th, 2012 at 10:34
Hi Tom,
this how the producers have made it .You cannot change it.
Mustafa
October 10th, 2012 at 14:06
any one can pls explain how to calculate crc32 in c
October 12th, 2012 at 05:45
Hi justin,
You can understand the procedure in Java language…
Data – byte[] which include data to calculate crc32
Checksum checksum = new CRC32();
checksum.update(Data, 0, Data.length);
long _chv = checksum.getValue();
long crc32 = ~_chv & 0x00000000FFFFFFFF;
ByteBuffer crc32Buf = ByteBuffer.allocate(8);
crc32Buf.order(ByteOrder.LITTLE_ENDIAN);
return crc32Buf.putLong(crc32).array();
You can convert this code structure to C.. I am not expert in C..
Cheers,
Tom
October 12th, 2012 at 08:37
We have a task to send APDU command 90 60 00 00 00 and we get the answer 04 01 01 01 00 18 05 91 AF. This answer gives each Desfire card that is not personalized.
We have Multi iso RF Reader, with RS232 interface.
Dll functions in RFID READER DLL have features that communicate with the card in order to send commands and accepting responses (reader.RDR_DESFire command and reader.RDR_SendCommandGetData command). But when I send the required command, response card is its UID number, no what is expected. Do you have any examples about ways to communicate with Desfire EV1 card (initializacion, native APDU commands, extends native APDU commands…)and MULTI ISO READER?
Or, maybe, you help mi directly, in java code..
October 18th, 2012 at 13:45
Hi Mustafa,
I got two serious(for me) questions to get clarify.. Not from elementary desfire card level but from implementation level.
1 – (Easy question) can we maintain file interconnection within same application inside desfire card…?(eg. one file used or update another file data inside same application)
2- Can we introduce a PIN(in card side), to restrict card access(or to restrict file access) by validating user input pin(eg. from terminal side) with original PIN inside the card….? And How..? Are any predefined structure(like OwnerPIN() in Java Card) for PIN management inside Desfire Card..?
Can you give me some ideas …
Thank you
Tom
October 19th, 2012 at 13:01
Hi Tom,
I try to answer your questions.
1.You can interconnect different files in the same application.
In such a case I would configure the file settings in a way
that you need not to authenticate each time you want to access
any file.You only authenticate during selecting of the application.
2.You can create an aplication and in it a file where you can store
a PIN.The reader can read this number and compares it
with a keyed in number.Only on match of both numbers it
allows to proceed.
I hope this information helps you
Mustafa
October 22nd, 2012 at 05:31
Hi Mustafa..
Thank you very much for your answers and can you clarify me the following situation…
According to your provided procedure for implement PIN inside card do we need to provide restrictions in terminal level code or can we introduce some mechanism(inside card) to get access to the desired property of the card(eg.file access) when once we validate PIN with terminal input.
Can you help me in this matter…
Thank You
Tom
October 22nd, 2012 at 06:05
Hi Tom,
there is no mechanism inside the card.You have to handle
it on the terminal side.
Mustafa
October 22nd, 2012 at 08:00
Thanks Maustafa…
I got clear idea about the process. Thanks again….
Tom.
October 24th, 2012 at 11:17
Hi Mustafa…
I have 2 questions for you.. Can you help me on them…
1 – I use Desfire EV1 card and i successfully authenticate the card using Desfire Native DES mode.
Master Key : 0000000000000000(8-byte)
Random A : 4112011A11120C22
Random B : B60E3A8DB96343DA
Session Key : 4112011AB60E3A8D
I use single DES algorithm. In Java “DES/CBC/NoPadding” format. What i need to know is when i change master key can i use 16byte long new key?(i have existing 8byte long mater key inside card)
2 – When i use Triple DES for one session inside a card with a particular key, can i use same key and different algorithm to authenticate card in next session…?
Please help me in above questions…
Thanks.
October 25th, 2012 at 15:53
Hi Andy,
1-When authenticating with a Desfire card you have to use
the key which is inside the card.If you want to use another
key you have to change the key of the card with the
change key command.
If you want use 16 byte key you must pay attention which
algorithm you want to use.If you want to use single DES
then you have to make the first eight byte of the key
equal to the second eight byte.Otherwise you have to
use triple DES for encryption.
2-If you mean the card master key or application key,yes
you can use them each time you authenticate until you
change the key.But if you mean the session key ,it is
used only for one session.During authentication process
a session key is calculated and used for each encrypted
communication. In the next session a new session key will
be calculated.
Mustafa
November 5th, 2012 at 12:52
Hi Mustafa,
So far i did lot of things in Desfire Cards with the help of this blog.. It seems again i need some help from you mustafa…
My Problem,
I Have succesfully create an application with key settings 0x0F0E and change its original key succesfully.
Basic Key = 0×0000000000000000
New Key = 0x000102030405060708090A0B0C0D0E0F
Existing Key VERSION of Application = 0×00
Then i need add new keys to application.(key number 0×01, 0×02.. etc)
Existing Key = 0x000102030405060708090A0B0C0D0E0F
New Key = 0x001122334455667708090A0B0C0D0E0F
New Key Version = 0×01
>>900A0000010000
<>success
Triple DES Session Key : 4112011A3EE15CAC11120C2277B0A15F
Then i Xor existing key with new key
(0x000102030405060708090A0B0C0D0E0F^0x001122334455667708090A0B0C0D0E0F)=0×00102030405060700000000000000000
Generate CRC’s and add then. Finally padding
001020304050607000000000000000003C597CE500000000
Encrypt them in Native triple des send mode with session key
E2DD1C36C12901149BFC12F0A4DB211D1455F4840C1FCF55
>>90C400001901E2DD1C36C12901149BFC12F0A4DB211D1455F4840C1FCF5500
<<911E
It is said the application can handle 14 keys.. so i am going to add new key to used for application.. Simply i am trying to do that.. But fails… Can you help me…
Thanks
Tom
November 9th, 2012 at 08:00
Hi Tom ,
i think the issue is you try to change a new key in the way of changing an existing key.The key number 0X01 is a new key
and is 0X0000000000000000.So you have act accordingly.like you have changed the key number 0X00.
Mustafa
November 16th, 2012 at 11:11
Hi Mustafa,
I solved the problem.. Thank you very much.. The point i miss is, when i create application with 14 keys, default all zero keys are filled to all new positions… Then i can solve the problem…
Thanks again..
Tom
November 8th, 2012 at 17:00
Hi Mustafa,
I tried to change AES key of PICC master key and I receive 001E Error. Could you please help guide me which part has the problem. I inverted the CRC32 but still getting the same error.
https://dl.dropbox.com/u/98005924/Change_AES_Key.txt
Thanks and best regards,
Gabriel
November 9th, 2012 at 03:03
Hi….
I did the change key command successfully yesterday. Thank to this ridrix and you all. But, now i’m having big problem. All authentication steps were OK before i changed the key yesterday.
I changed the default key (0×00 16bytes) of key 0 to 0×11 11 11 11 22 22 22 22 33 33 33 33 44 44 44 44 after I selected AID 00 00 00. Then, my authentication got error which is 0xAE. Last time i used default key (0×00 8bytes) (using single DES) in every authentication and everything was fine. But now I can’t delete AID or format the card because I can’t authenticate with AID 00 00 00. Here is how i did.
First, i chose the AID 00 00 00. Then, I authenticate with key0. Then, the following shows how I make the change key command.
“key data”=11 11 11 11 22 22 22 22 33 33 33 33 44 44 44 44 1C BC 00 00 00 00 00 00 (24 bytes) (16 bytes key+ 2 bytes CRC16+ zero padding)
>Decrypt first 8 bytes of key data with 1st half of session key using CBC
>>>decrypted value1 is the FIRST BLOCK
>decrypted value1 (XOR) second 8 bytes of the key data
>the result 8 bytes is decrypted with 1st half of session key using CBC
>>>decrypted value2 is the SECOND BLOCK
>decrypted value2 (XOR) third 8 bytes of the key data
>the result 8 bytes is decrypted with 1st half of session key using CBC
>>>decrypted value3 is the THIRD BLOCK
Then, i sent the change key command like this
>C4 00 + FIRST BLOCK + SECOND BLOCK + THIRD BLOCK
Then, the cad replied 0×00 which mean successful.
So, can someone tell me is change key command wrong? what is needed in authentication after change key?
November 9th, 2012 at 17:16
Hi Fernando,
If PICC Default DES key(8 bytes) is changed to TDES (16 bytes key) or AES (16 bytes key), you may try request RandomB with command AA00 (for AES) and 0A00 or 1A00 (for TDES) for the new authentication process.
Hope this help,
Gabriel
November 12th, 2012 at 03:34
Hi Gabriel,
((
I can’t send “AA 00″ and “1A 00″ to request RndB, i got error code 1C which is illegal command code. “0A 00″ is the one i’m using now and it can request RndB and when i send 16 bytes of RndA and RndB, i got AE (authentication error)
January 23rd, 2013 at 08:09
Hi Fernando ,
Would you mind tell how get 1c bc for crc 16 (11 11 11 11 22 22 22 22 33 33 33 33 44 44 44 44 ) please?
November 9th, 2012 at 08:12
Hi Gabriel,
I think the issue is the second byte 0X80.The command format for
changing the key is:
Command Code (0XC4),Key number(0X00…0X0D),decrypted key data.
For you are trying to change the PICC master key the second byte
has to be 0X00.
Mustafa
November 12th, 2012 at 17:23
Hi Mustafa,
Thanks for your suggestion. It still gives me same error(1E).Last time I changed PICC default master key(DES) to AES using command C4+80+deciphered key data. It is successful and I can authenticate. But cannot change existing AES to a new AES key.
There I found one more problem. I created an application CA 12 34 56 0F 0E and tried to change its default key(DES) to AES using C4+00+deciphered key data, it changed to TDES key rather than AES. I think I am missing some points for this change. Could you please help?
Thanks and Best Regards,
Gabriel
November 19th, 2012 at 09:09
Hi Gabriel,
I don’t know whether you have solved the problem allready but I want to give you some suggestions.
1.I think you don’t need to exor the old key with the
new one.This you do if the number of the key you
change is different then the number you authenticate.
In your case you are trying to change the master key,
and therefore you authenticate with master key.
2.You have to add one byte key version and CRC32
calculated over the new key and padding.
3.You have to chain the blocks using CBC send mode.
Try these suggestions,I think you will be able to change
the key.
Good luck
Mustafa
November 12th, 2012 at 07:37
Hi Fernando,
Since PICC’s default DES has been changed to TDES, I think, you may need to use TDES encryption method with your current key TDES 16 bytes for authentication.
TDES and DES authentication process is the same. Only encryption method differ.
Good Luck,
Gabriel
November 20th, 2012 at 04:45
Hi, Gabriel. Thank for your explanation. I got my authentication working already. My authentication steps were wrong in the first place even though i authenticated successfully with my default key (0×00 16 bytes) last time. Now my authentication is OK even after i do change key.
But now, i got a problem in changekey again. I could change the key if the KeyNo used for authentication s the SAME as the keyNo to be changed. But i could not change a key if the KeyNo used for authentication is DIFFERENT from the KeyNo to be changed (or) the ChangeKey key setting is set not equal to 0xE. The error code is 0x1E. It is mentioned in Desfire datasheet that two sets of CRC16 are supposed to append behind 16 bytes data. I don’t know how to do change key command if the KeyNo are different. You can look at my first comment (Nov 9th) if you wanna know about how i do change key.
December 19th, 2012 at 15:09
Hi Fernando,
I have the same problem that after I changed the PICC master key, the authentication process failed. And I found that only when the former 8 bytes and the latter 8 bytes of the new key are different, the authentication process fails. Could you provide some information on how you solved this problem? I guess it should be the 3des decryption’s problem. Thanks very much!
November 20th, 2012 at 06:01
Hi Fernando,
As I understand, the default key 16 zeros whose first 8 bytes zeros and last 8 bytes zeros are identical, you may use DES auth process(not TDES) to change to new key with 16 bytes whose first 8 bytes and second 8 bytes are different.
Good luck,
Gabriel
November 20th, 2012 at 06:25
Hi Mustafa,
Thank you for your kind suggestions and attention. I haven’t yet solved that. I am confused with key versions. I checked the default key version it says 00, after I changed DES to TDES it says 55 and after I changed DES to AES it says 77. Should the command be C4+New AES Key+new AES key version+CRC32 of new AES key+ padding? And what should be the new AES key version in this case.
Thanks and Best Regards,
Gabriel
November 20th, 2012 at 06:58
Hi Mustafa,
The log for change key process is
https://dl.dropbox.com/u/98005924/aestoaeschangekey.txt
Thanks
November 20th, 2012 at 11:04
Hi Gabriel,
The change key command should look like:
C4 + 00 (key number) + Encrypted data
The data to encrypt should look like:
0f0e0d0c0b0a09080706050403020100 (New Key)
77 (Key Version) + 4Bytes CRC32 calculated over new key +
Padding
I hpoe this time you will succed.
Mustafa
November 20th, 2012 at 11:59
Hi Mustafa,
I am sorry to bother you again and again. I am still receiving the same 1E error. The log is https://dl.dropbox.com/u/98005924/aestoaeschangekey.txt
Thanks and Best Regards,
Gabriel
November 20th, 2012 at 13:54
Hi Gabriel,
your session keys are not correct.You build the session key
as follows:
RndA byte0..3 + RndB byte 0..3 + RndA byte 12..15 +
RndB byte 12..15
Numbers in your session key are different from RndB.
Mustafa
November 20th, 2012 at 14:31
Hi Mustafa,
Actually I already tried the session key with RndB part with or without decryption, it’d give the same error.
https://dl.dropbox.com/u/98005924/aestoaeschangekey.txt
Thanks,
Gabriel
November 20th, 2012 at 18:23
Hi Mustafa,
i have some questions about usage of Desfire 4K and SAM AV1 or SAM AV2. Can you comment to them please? i tried to select an application on SAM card. it responded with “6985″ status words. it means “Conditions of use not satisfied”. i think i have to unlock it with Sam_AuthenticateHost . is it correct? What is the apdu command to do it? Actually i don’t know flow between SAM and Desfire Card to read/write data from DesfireCard. Could you explain it please? What does host mean exactly? does it refer to the contactless reader? i searched all of these issues but i couldn’t read data from desfire card yet.
thanks in advance
November 30th, 2012 at 12:11
Hi Mustafa,
I have new Desfire cards which have default key.. I can authenticate card using Native DES and success..
But when i try to authenticate PICC using AES, it gives filloeing error.. Can u advice me in this matter..
>>AA00
<<91AE
Thanks
Tom
December 5th, 2012 at 09:34
Hi Tom,
if the card, you are trying to authenticate,is a virgin
card the default key is a DES/TDES key.First you have to
change the key to an AES key then you can authenticate
using AES.For this you have proceed as follows:
Send following command to PICC: 0XC4 + 0X80 + DES/TDES decrypted key data.
The decrypted DES/TDES key data you build as follows:
IV= all zeroes
Result1 = IV exor of first half of DES/TDES dec( new key)
Result2 = Result1 exor second half of DES/TDES dec( new key)
Result3 = Result2 exor DES/TDES dec( CRC16 of new key +
padding)
After changing the key you cannot authenticate with command
0A,you will get error 1C (illegal command code).
I hopethis will help you to change your key.
Good luck.
Mustafa
December 5th, 2012 at 10:02
Hi mustrafa,
I have successfully overcome the issue. Thank you very much.Now what i need to now is i tried to change AES key(PICC Master) inside the card. According to specs came from NXP they required to calculate crc32 over
ex crc32(C4 00 01020304050607080102030405060708 01)
My question is when i use ISO wrapped command style(CLA+INS+PI+P2…..) should i calculate crc32 over all components or just CLA and Key NO + data.. can you help me in this matter…..
Thanks
December 5th, 2012 at 10:35
Hi Tom,
you have to build the CRC32 only over the new key data,nothing else.
Mustafa
December 5th, 2012 at 11:23
Hi mustafa…
I successfully change the AES key into DES key… Most important thing is to change this keys i have to calculate crc32 over all command..
Such that..
crc = crc32(C4+’00′+’New Key(16bytes)’)
then,
encipheredData = encBySessionKey(newKey+crc+pad)
Then i send
>>90C40000[Len][KeyNo][encipheredData]00
<<9100
So is it strange to calculate crc32 over command(C4)+keydata when we using AES change key function..Not like DES or TDES.. Pls check it out…!
Thanks for your kind help.
Cheers..
Tom
December 19th, 2012 at 07:09
Hello
Sorry for my inconvenience
in many documents wrote the APDU of creating value file in desfire Ev1 Native mode.
but i want the APDU of it in Iso mode Would you mind help me please?
December 23rd, 2012 at 20:14
Hi,
i have allready successful change the default main key 00 00 … 00 to
to 00 11 22 … FF with return code 9100. But now i’m not able to
authenticate with the new key. Can somebody help me please.
Card: Desfire
ATR: 3B8180018080
key: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
rndA_D: 14 D3 8F DB 8D C5 0F F8
COMMAND SEND: 90 0A 00 00 01 00 00
COMMAND RETURN: EE C7 E4 16 C1 1C E0 0D 91 AF
rndB_E: EE C7 E4 16 C1 1C E0 0D
rndB_D: A8 A2 37 95 9C 86 76 FD
rndB_R: A2 37 95 9C 86 76 FD A8
dkNo_D: 14 D3 8F DB 8D C5 0F F8 A2 37 95 9C 86 76 FD A8
dkNo_E: 3F 31 A8 A1 5A 9F D8 C6 9D F7 63 4C 41 6B 5A B1
COMMAND SEND: 90 AF 00 00 10 3F 31 A8 A1 5A 9F D8 C6 9D F7 63 4C 41 6B 5A B1 00
COMMAND RETURN: 91 AE
_E means ENCRYPTED
_D means DECRYPTED
Decryption and Encrypting was done by the followinf methods (JAVA)
public static byte[] encrypt3DES(byte[] key,byte[] data) throws Exception {
Cipher cipher = Cipher.getInstance(“DESede/CBC/NoPadding”,”BC”);
cipher.init(Cipher.ENCRYPT_MODE,new SecretKeySpec(key,”DESede”),new IvParameterSpec(new byte[8]));
return cipher.doFinal(data);
}
public static byte[] decrypt3DES(byte[] key,byte[] data) throws Exception {
Cipher cipher = Cipher.getInstance(“DESede/CBC/NoPadding”,”BC”);
cipher.init(Cipher.DECRYPT_MODE,new SecretKeySpec(key,”DESede”),new IvParameterSpec(new byte[8]));
return cipher.doFinal(data);
}
Franz
December 24th, 2012 at 09:26
Hi Franz,
There are some points which are not clear to me.You
mention RndA_D but you don’t mention RndA.When
communicating with PICC, PCD always
DES/3DES decrypts and PICC always DES/3DES
encrypts.If the data RndA_D is really decrypted data
then you are decrypting it twice befor sending it to
PICC.
Anaother issue is that your TDES decrypting
algorithm is not working properly.When
decrypting your command return (rndB_E:
EE C7 E4 16 C1 1C E0 0D) I get
following result: RndB_E=51 E4 89 15 80 05 47 AD
Mustafa
December 24th, 2012 at 12:36
Hi Mustafa,
RndA_D is not allready decrypted. RndA_D is a random generated key (by myself). I have rename it now to RndA. The TDES decryption algorithm works fine now (now i have the same result as you). the problem
was that i have encrypted rndB_E (i simply forgot it to change it back after
playing a little bit around). but now i am still not able to authenticate:
ATR3B8180018080
key: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
rndA: B7 1F AA B7 2D 3C 4F 50
COMMAND SEND: 90 0A 00 00 01 00 00
COMMAND RETURN: 8A 8E E9 C5 99 B6 4A 5C 91 AF
rndB_E: 8A 8E E9 C5 99 B6 4A 5C
rndB_D: 52 63 DA C1 FF 2C EA 14 (TDES decrypted rndB_E)
rndB_R: 63 DA C1 FF 2C EA 14 52 (Rotated rndB_D)
dkNo_D: B7 1F AA B7 2D 3C 4F 50 63 DA C1 FF 2C EA 14 52 (rndA+rBR
dkNo_E: 2A 6E 50 C5 0A B3 8F BB F1 B8 C1 08 33 D7 12 D0
COMMAND SEND: 90 AF 00 00 10 2A 6E 50 C5 0A B3 8F BB F1 B8 C1 08 33 D7 12 D0 00
COMMAND RETURN: 91 AE
I am not sure if the step dkNo_D to dkNp_E is correct. TDES encrypt dkNo_D with the key 00 11 22 … FF to dkNo_E
Thank you for the help.
franz
December 24th, 2012 at 13:28
Hi Franz,
when sending data to PICC you use CBC format.With your data
it looks like follows:
RndA = B7 1F AA B7 2D 3C 4F 50
3DES_decrypted RndA = 31 C3 51 43 66 3E 7A 00
Encrypted RndB = 8A 8E E9 C5 99 B6 4A 5C
3DES_decrypted RndB=52 63 DA C1 FF 2C EA 14
RndB ‘= 63 DA C1 FF 2C EA 14 52
(3DES_decrypted RndA) exor (RndB ‘) = 52 19 90 BC 4A D4 6E 52
3DES_decrypt above result = D7 08 FE E9 F2 3B 66 9E
Data to PICC = AF 31 C3 51 43 66 3E 7A 00
D7 08 FE E9 F2 3B 66 9E
I hope this will help you to authenticate.
Mustafa
December 24th, 2012 at 15:31
Hi Mustafa,
thank you very, very much. Everything is working fine now.
Franz
January 5th, 2013 at 19:58
Hi Mustafa,
DES/TDES is working fine now. But now i want to try AES encryption. I allready change the key to a AES key (key# 0×80). Also I am able now to get RandomB with command 90 AA. Command 90 0A fails now, which is
also ok. (the old and new key is 00 00 … 00)
But the authenticate fails:
key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rndA: 86 86 17 31 16 42 3F 67 0C E8 4B 9C 03 BD 32 93
rndA_D: F1 FE 8E AF 24 77 04 E7 A6 CB EA 4E BB E5 48 1D
COMMAND SEND: 90 AA 00 00 01 00 00
COMMAND RETURN: 8F 27 30 30 EF A8 DE 12 63 14 F5 18 24 3C 1F 42 91 AF
rndB: 8F 27 30 30 EF A8 DE 12 63 14 F5 18 24 3C 1F 42
rndB_D: 82 BB 21 0B A1 8E 36 22 59 03 5F 1E B6 1C B2 28
rndB_R: BB 21 0B A1 8E 36 22 59 03 5F 1E B6 1C B2 28 82
rndB_X: 4A DF 85 0E AA 41 26 BE A5 94 F4 F8 A7 57 60 9F
rndB_XD: 49 27 4A 5E 59 04 5D 76 D9 AA CA 65 3A D0 37 71
COMMAND SEND: 90 AF 00 00 20 F1 FE 8E AF 24 77 04 E7 A6 CB EA 4E BB E5 48 1D 49 27 4A 5E 59 04 5D 76 D9 AA CA 65 3A D0 37 71 00
COMMAND RETURN: 91 AE
I think that my AES decryption method is not working correct. Can you
please take a look on it?
Thank you.
Franz
January 6th, 2013 at 12:08
Hi,
i have fixed it. With AES you have to encrypt and not to decrypt the
Randoms.
Franz
January 6th, 2013 at 14:47
Hi,
I need the APDU of change key in ISO mode.
Can any buddy help me .
January 14th, 2013 at 12:39
Hi @all
i want to Athenticate with desfire in native mode .
Here is my code .
i selected master (AID = 0×00 0×00 0×00) .
and my key to encryption and decryption is :
key = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
in Step 2 when i concated 8 bytes rand A with 8 bytes rand B and Encrypt it to send to PICC.i receive 91 ae and i dont khow why .can any one help me.
best regards
AID = 0×00 0×00 0×00)
key = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
KeyNumber = 0×00
==>> 90 0A 00 00 01 00 00
<> 90 AF 00 00 10 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17 00
<<== 91 AE
please help me
January 14th, 2013 at 12:56
Hi @all
Here is my complete post
i want to Athenticate with desfire in native mode .
Here is my code .
i selected master (AID = 0×00 0×00 0×00) .
and my key to encryption and decryption is :
key = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
in Step 2 when i concated 8 bytes rand A with 8 bytes rand B and Encrypt it to send to PICC.i receive 91 ae and i dont khow why .can any one help me.
best regards
AID = 0×00 0×00 0×00)
key(for enciphering and deciphering) = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
KeyNumber = 0×00
==>> 90 0A 00 00 01 00 00
<> 90 AF 00 00 10 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17 00
<<== 91 AE
please help me
January 14th, 2013 at 12:58
Hi @all
i want to Athenticate with desfire in native mode .
Here is my code .
i selected master (AID = 0×00 0×00 0×00) .
and my key to encryption and decryption is :
key = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
in Step 2 when i concated 8 bytes rand A with 8 bytes rand B and Encrypt it to send to PICC.i receive 91 ae and i dont khow why .can any one help me.
best regards
AID = 0×00 0×00 0×00)
key(for enciphering and deciphering) = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
KeyNumber = 0×00
>> 90 0A 00 00 01 00 00
<> 90 AF 00 00 10 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17 00
<<91 AE
please help me
January 14th, 2013 at 13:17
Hi Ali,
write your complete communication with the desfire
card in following order so I can see what is the issue:
Authentication key
Challenge to PICC (0A , Key No.)
Response of PICC (AF , Ek(RndB))
Challenge to PICC (AF , Dek(RndA+RndB’))
Response of PICC
Mustafa
January 14th, 2013 at 13:02
Sorry for my inconvenience
I dont kwon what some of my code not be copied
Hi @all
i want to Athenticate with desfire in native mode .
Here is my code .
i selected master (AID = 0×00 0×00 0×00) .
and my key to encryption and decryption is :
key = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
in Step 2 when i concated 8 bytes rand A with 8 bytes rand B and Encrypt it to send to PICC.i receive 91 ae and i dont khow why .can any one help me.
best regards
AID = 0×00 0×00 0×00)
key(for enciphering and deciphering) = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
KeyNumber = 0×00
send to card >> 90 0A 00 00 01 00 00
receive from card <> 90 AF 00 00 10 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17 00
receive from card << 91 AE
please help me
January 14th, 2013 at 13:06
Hi @all
i want to Athenticate with desfire in native mode .
in Step 2 when i concated 8 bytes rand A with 8 bytes rand B and Encrypt it to send to PICC.i receive 91 ae and i dont khow why .can any one help me.
best regards
AID = 0×00 0×00 0×00)
key(for enciphering and deciphering) = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
KeyNumber = 0×00
Here is my code .
90 0A 00 00 01 00 00
5B 57 69 C7 CE 4B 16 7B 91 AF
enciphered RandB = 5B 57 69 C7 CE 4B 16 7B
deciphered RandB` = 17 8D 23 57 10 C9 32 D5
one byte lshitf RandB`.
RandB“ = 8D 23 57 10 C9 32 D5 17
Generate Rand A = 43 9D 17 8E 9A 5F BA 70
concatenate Rand A With Rand B“ = 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17
enciphered Rand A = Rand B“ = 9E ED DC 4F BC E7 BE BD 09 02 CF 99 F7 40 34 7B
90 AF 00 00 10 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17 00
91 AE
please help me
January 14th, 2013 at 13:08
Hi @all
i want to Athenticate with desfire in native mode .
in Step 2 when i concated 8 bytes rand A with 8 bytes rand B and Encrypt it to send to PICC.i receive 91 ae and i dont khow why .can any one help me.
best regards
AID = 0×00 0×00 0×00)
key(for enciphering and deciphering) = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
KeyNumber = 0×00
Here is my code .
> 90 0A 00 00 01 00 00
90 AF 00 00 10 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17 00
< 91 AE
please help me
January 14th, 2013 at 13:10
Hi @all
i want to Athenticate with desfire in native mode .
in Step 2 when i concated 8 bytes rand A with 8 bytes rand B and Encrypt it to send to PICC.i receive 91 ae and i dont khow why .can any one help me.
best regards
AID = 0×00 0×00 0×00)
key(for enciphering and deciphering) = A0 0B 7A CA BE EC 26 5A 96 9D F9 46 50 48 F5 5F
KeyNumber = 0×00
Here is my code .
i send 90 0A 00 00 01 00 00
And receive 5B 57 69 C7 CE 4B 16 7B 91 AF
enciphered RandB = 5B 57 69 C7 CE 4B 16 7B
deciphered RandB` = 17 8D 23 57 10 C9 32 D5
one byte lshitf RandB`.
RandB“ = 8D 23 57 10 C9 32 D5 17
Generate Rand A = 43 9D 17 8E 9A 5F BA 70
concatenate Rand A With Rand B“ = 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17
enciphered Rand A = Rand B“ = 9E ED DC 4F BC E7 BE BD 09 02 CF 99 F7 40 34 7B
i send 90 AF 00 00 10 43 9D 17 8E 9A 5F BA 70 8D 23 57 10 C9 32 D5 17 00
And receive 91 AE
please help me
January 14th, 2013 at 14:20
Hi Ali,
Before sending data to PICC you have to decrypt it,
because PCD always decrypts and PICC always
encrypts.When decrypting you have to use Triple
DES algorythm for the first half (the first 8 bytes)
are not equal to the second half.When you send
data longer than 8 bytes you have use CBC send
mode.That means you have to exor the result
of the decryption of the first eight byte with the
second half and decrypt it.Your last challenge
should look like as follows :
90 AF 00 00 10 (Dec(RndA) + Dec(Dec(RndA)^RndB’)) 00
Good luck.
Mustafa
February 9th, 2013 at 21:58
Hi Mustafa,
I created an application with
Key-settings: 0xEF
Num-keys: 0×81 (only master key, AES).
I’m having problems changing that application key. Would you be able to help me?
1. I select the application (OK)
2. Then authenticate using AES default key which is all zeros (OK)
2.a) Resulting session key is:
randA: 67 32 c4 29 06 c5 0f 1f af d9 ef 61 2b d3 3b ab
randB: 0b 18 5a 3e 6c 08 50 a6 bc 93 2f f9 52 fd 4d 52
sessionKey is: 67 32 c4 29 0b 18 5a 3e 2b d3 3b ab 52 fd 4d 52
3. Finally I try chaning the AES key and I get an Integrity Error.
I’m doing the following:
New AES key= 01020300000000000000000000000000
Key version= 00
CRC32 of new AES key= 69 cb b1 71 (I hope it is correct)
IV= 00000000000000000000000000000000
payload=AES_Encrypt(newAESkey||00||69cbb171||padding=all_zeros)
payload=d4 93 d8 b9 5f 97 f2 72 aa b1 c4 ca de b8 74 1a b1 1f c3 2c a1 39 c3 a8 3c 3f 2e 68 40 f8 fd d2
I used the session key and IV for the encryption.
COMMUNICATION:
>> 90 c4 00 00 21 00 d4 93 d8 b9 5f 97 f2 72 aa b1 c4 ca de b8 74 1a b1 1f c3 2c a1 39 c3 a8 3c 3f 2e 68 40 f8 fd d2 00
<< 91 1e
February 11th, 2013 at 08:57
Hi Wen,
your CRC32 algorithm is O.K. but there is another
issue you have to correct.You have to build CRC32
over Command + KeyVersion + New Key (C4 00 01
02 03 00 00 00 00 00 00 00 00 00 00 00 00 00).
Good luck.
Mustafa
February 11th, 2013 at 18:02
Thank you for you help. Unfortunately it is still not working.
After selecting the application and authenticating using AES, I did:
CRC32(c4 + 00 + 01 02 03 00 00 00 00 00 00 00 00 00 00 00 00 00)
CRC32 is: fd 25 74 8e
Then encrypted (with session key):
sessionKey is: 0c 3a 4e f2 83 0e ae ff 81 d8 5d e1 fe cd ed a9
AES_Encrypt(01 02 03 00 00 00 00 00 00 00 00 00 00 00 00 00 + 00 + fd 25 74 8e + 00 00 00 00 00 00 00 00 00 00 00)
Cipher text is: b0 87 dc 14 69 f8 cd ff eb 4b 70 37 13 b9 a7 8d dc 76 49 f1 83 74 40 d9 8a 18 cd 13 73 71 bf 07
>> 90 c4 00 00 21 00 b0 87 dc 14 69 f8 cd ff eb 4b 70 37 13 b9 a7 8d dc 76 49 f1 83 74 40 d9 8a 18 cd 13 73 71 bf 07 00
<< 91 1e
Any idea of what I could be doing wrong?
February 12th, 2013 at 10:15
Hi Wen,
I made a mistake.The correct proceeding is as follows:
CRC32 over : Cmd(C4) + Key No. +New Key +
New Key Version
AES over : New Key + New Key Version + CRC32 +
Padding
Payload : Cmd (C4) + Key No. + AES cipher data
Try this you will succed in changing the key.
Mustafa
February 12th, 2013 at 10:41
It’s working, thank you Mustafa!
April 26th, 2013 at 16:19
Thanks for posting this. I’m having the same problem and must be very close to resolving it thanks to the information here. I was wondering what the correct payload was above? I figure to get the cipher data we do AES_Encrypt(01 02 03 00 00 00 00 00 00 00 00 00 00 00 00 00 + 00 + 0a fd 8b 53 + 00 00 00 00 00 00 00 00 00 00 00)
which gives payload:
Cmd (C4) + Key No.(0) + cipher data (b0 87 dc 14 69 f8 cd ff eb 4b 70 37 13 b9 a7 8d cd 27 24 a3 71 83 88 28 f3 62 10 a9 62 84 b3 96)
Is that correct?
Thanks,
Chris
January 15th, 2013 at 08:55
Hi Mustafa
Thank you so mach for helping me. i got successful authentication .But there is another problem :
I want to change key Master (Aid = 0×00).
my key is 0×00.
I do every thing that you tell amila in ((March 5th, 2012 at 11:36))
here is my data after xor and enc : 98 39 23 79 C8 6E AD 0F A6 45 F1 9F B4 40 A6 E1 43 FE 2B 21 0A 2A 7B A1
And i send :
90 c4 00 98 39 23 79 C8 6E AD 0F A6 45 F1 9F B4 40 A6 E1 43 FE 2B 21 0A 2A 7B A1 00
i receive : 91 7e ( LENGTH_ERROR )
And if i send:
c4 00 98 39 23 79 C8 6E AD 0F A6 45 F1 9F B4 40 A6 E1 43 FE 2B 21 0A 2A 7B A1 00
i receive : 67 00 ( wrong length )
And if i send:
90 c4 00 00 19 00 98 39 23 79 C8 6E AD 0F A6 45 F1 9F B4 40 A6 E1 43 FE 2B 21 0A 2A 7B A1 00
i receive : 91 1e ( INTEGRITY_ERROR )
can you help me please ?
January 16th, 2013 at 20:53
Hi Ali,
I cannot check your data for I don’t have the
complete communication,but I think I know where the issue is.
The correct format is:
90 cmd 00 00 Length Parameter Le
cmd = C4
Length = 18 ( 24 bytes)
Parameter = 98 39 23 79 C8 6E AD 0F A6 45 F1 9F B4 40
A6 E1 43 FE 2B 21 0A 2A 7B A1
Le=00
The challenge should look like :
90 C4 00 00 18 98 39 23 79 C8 6E AD 0F A6 45 F1 9F B4 40
A6 E1 43 FE 2B 21 0A 2A 7B A1 00
The 00 between Length(19) and 98 shouldn’t be there.
For you have written 19 as length you don’t get length
error,you get 1E (integrity error) which means the CRC
doesn’t match with the correct one.If you fix this I think
you wil get the key changed.
Mustafa
January 16th, 2013 at 07:46
Hi @All,
I create an application with one file.(file_id = 0×09)
I want to write 13(=0x0d ) bytes Data in that file .I used this command :
90 cd 00 00 14 09 00 00 00 0d 00 00 13 byte data 00
I receive 91 f0
91 f0 means FILE_NOT_FOUND While the if i create another file with file_id = 0×09
I receive 91 de (douplication eror )
Can anybody help me please ?
January 16th, 2013 at 21:13
Hi Ali,
Command format for creating standard data file
is as follows:
90 Cmd(CD) 00 00 Length File No. Com.Set
Access Rights(2 bytes) File Size (3 bytes) Le(00)
Command format for writing data into a file
is as follows:
90 Cmd(3D) 00 00 Length File No. Offset(3bytes)
Length(3 bytes) Data ( up to 52 bytes)
Mustafa
January 17th, 2013 at 18:43
Hi Mustafa ,
Thank you for reply me and supporting me.
I am in holiday at now.
I back to my work at Saturday and tell you the result of of my challenge .
January 18th, 2013 at 02:17
hi mustafa,
ı am trying to authenticate PICC level of Desfire EV1 with AES.I can authenticate created applications with AES but PICC level authentication returns me AE.
crc operations must be done but which steps ı must follow can you help me?
thanks
January 18th, 2013 at 12:30
Hi Cem,
write the complete comunication with the PICC
so that I can see where the issue is.
Mustafa
January 18th, 2013 at 23:20
Hi Mustafa,and the other whole helpful follwer of the ridrix.
I am workimg on desfire ev1 cards with android.I have same problem as Cem.I can authneticate with both AES AND DES/3DES and can create applications with AES authenticaiton mode.But I have some problem to change keys especially picc key to communucate with AES.I am writing the steps I tried below:
1)resulult1=XOR(first key with new key)
2) reslut2=reslult1 || crc16(result)
3)result3=result2 || crc16(new key)
4)result4=result3 || 4 byte with zero
5)result5=dec with session key(result4)
then I trancive result5 which appended 0×80 to head with the command 0xC4. But I couldnt achieve to change key and got some error code especially NO such key. I will be glad if you help Thank you.
January 19th, 2013 at 08:44
Hi Mustafa,
Finally i Can create a file and write in it.
Thank you.
But i have my problem about change key yet.
I have a question in change key :
Should i do this steps :
1.Exor the first byte (01 01 01 01 01 01 01 01) with
IV all zeroes,and 3DES encrypt it with session key.
2.Exor the second byte (01 01 01 01 01 01 01 01) with
the result of the first step, and 3DES encrypt it with session key.
3.Exor the third byte (CRC1 CRC2 00 00 00 00 00 00) with
the result of the second step, and 3DES encrypt it with session key.
4.Append all of them to your command c4 00.
And if your answer is yes , would you mind tell me an example please.?
January 19th, 2013 at 09:27
Hi Ali,
yes you have to proceed like you have discribed.With
following difference,you have to use 3DES decrypt.
PCD always decrypts and PICC always encrypts.
If you cannot change the key , write the complete
communication and I can verify your result.
Mustafa
January 20th, 2013 at 13:57
Hi Mustafa;
I created an application With AID = { 0×05, 0×00 ,0×00} and Key setting {0x1f } And the number of Key = {0×08}:
90 CA 00 00 05 05 00 00 1F 08 00
I want to use change key command :
NEW_KEY : 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
CRC16 for NEW_KEY : CC 69
NEW_KEY + CRC16 + 6 bytes PAD :00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF CC 69 00 00 00 00 00 00 = My Data
1) Select the Master Application.
2)Authenticate with keyNumber =0×01.
Rand A = C1 C9 C0 7E 19 71 30 C8
Rand B = 07 D1 DC 5E 51 2E 84 24
Session key = C1 C9 C0 7E 7 D1 DC 5E 19 71 30 C8 51 2E 84 24
3)Select My Application ( AID = {0×05, 0×00, 0×00} )
4)Xor First Byte of My Data with vector (= 00 00 00 00 00 00 00 00 )
for (int i = 0; i < 8; i++)
{
step1[i] = (byte)((MYData[i]) ^ (0×00));
}
5) Decrypt step1 with session key .
Decstep1 = 6D CE 52 30 74 EB 81 A9
6) Xor the second byte of My Data with Decstep1
for (int i = 0; i < 8; i++)
{
step2[i] = (byte)((MyData[i + 8]) ^ (Decstep1[i]));
}
7)Decrypt step2 with session key
Decstep2 = BA 4F D9 58 E6 86 8B 32
8)Xor the third byte of MyData with Decstep2
9) Xor the second byte of My Data with Decstep1
for (int i = 0; i < 8; i++)
{
step2[i] = (byte) ((MyData[i +16]) ^ (Decstep2[i]));
}
10) Decrypt step3 with session key .
Decstep3 = EB AD 2A 13 49 8E 01 03
FINAL COMMAND : 90 c4 00 00 18 6D CE 52 30 74 EB 81 A9 BA 4F D9 58 E6 86 8B 32 EB AD 2A 13 49 8E 01 03 00
I receive 91 7e
And if :
FINAL COMMAND : 90 c4 00 00 19 03 (= the key number i want to change ) 6D CE 52 30 74 EB 81 A9 BA 4F D9 58 E6 86 8B 32 EB AD 2A 13 49 8E 01 03 00
I receive 91 1e
January 19th, 2013 at 10:52
Hi Mustafa,
Could you please guide me the use of CRC32 for AES in Desfire?
I explored two versions of CRC32 scheme.
When calculated to hex string 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
first one gives 84 07 75 9B and second one gives 7B F8 8A 64.
Best Regards,
Gabriel
January 21st, 2013 at 07:26
Hi Gabriel,
7B F8 8A 64 is the correct one.
Mustafa
January 19th, 2013 at 11:05
Hi Mustafa;
I created an application With AID = { 0×05, 0×05 ,0×05} and Key setting {0x0f } And the number of Key = {0×08}:
90 CA 00 00 05 05 5 05 0F 08 00
And create a standard data file with File_Id = { 0×09 } :
90 CD 00 00 07 09 00(ComSet) 71 27 (Access Rights) 40 00 00 (Size) 00
And writing in that file :
90 3D 00 00 14 09 00 00 00 (offset) 0D 00 00 (length) 13 byte data 00
I can do Correctly all of them .
But i can’t change key.
For change key i do :
1)Select Master
2)Authenticate with master
3)Select AID = 05 05 05 .
4)Authenticate with AID.
And use this code :
90 C4 00 00 00 19 00 24 byte Data 00
I Receive 91 1e = Mac error
I Have Some questions :
1)In the step 4 i should authenticate with which Key ( i use 00 And give a correct Authenticate)
2)You tell me that i shouldn’t put 00 after 18.(The 00 between Length(19) and 98 shouldn’t be there.) Now my question is : How can i specified the key that i want to changed.
3)How can i attain the 24 bytes data.
Thanks a lot.
Ali
January 20th, 2013 at 08:34
Hi Mustafa;
I created an application With AID = { 0×05, 0×00 ,0×00} and Key setting {0x1f } And the number of Key = {0×08}:
90 CA 00 00 05 05 00 00 1F 08 00
I want to use change key command :
NEW_KEY : 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
CRC16 for NEW_KEY : CC 69
NEW_KEY + CRC16 + 6 bytes PAD :00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF CC 69 00 00 00 00 00 00 = My Data
1) Select the Master Application.
2)Authenticate with keyNumber =0×01.
Rand A = C1 C9 C0 7E 19 71 30 C8
Rand B = 07 D1 DC 5E 51 2E 84 24
Session key = C1 C9 C0 7E 7 D1 DC 5E 19 71 30 C8 51 2E 84 24
3)Select My Application ( AID = {0×05, 0×00, 0×00} )
4)Xor First Byte of My Data with vector (= 00 00 00 00 00 00 00 00 )
for (int i = 0; i < 8; i++)
{
step1[i] = (byte)((MYData[i]) ^ (0×00));
}
5) Decrypt step1 with session key .
Decstep1 = 6D CE 52 30 74 EB 81 A9
6) Xor the second byte of My Data with Decstep1
for (int i = 0; i < 8; i++)
{
step2[i] = (byte)((MyData[i + 8]) ^ (Decstep1[i]));
}
7)Decrypt step2 with session key
Decstep2 = BA 4F D9 58 E6 86 8B 32
8)Xor the third byte of MyData with Decstep2
9) Xor the second byte of My Data with Decstep1
for (int i = 0; i < 8; i++)
{
step2[i] = (byte) ((MyData[i +16]) ^ (Decstep2[i]));
}
10) Decrypt step3 with session key .
Decstep3 = EB AD 2A 13 49 8E 01 03
FINAL COMMAND : 90 c4 00 00 18 6D CE 52 30 74 EB 81 A9 BA 4F D9 58 E6 86 8B 32 EB AD 2A 13 49 8E 01 03 00
I receive 91 7e
And if :
FINAL COMMAND : 90 c4 00 00 19 03 (= the key number i want to change ) 6D CE 52 30 74 EB 81 A9 BA 4F D9 58 E6 86 8B 32 EB AD 2A 13 49 8E 01 03 00
I receive 91 1e
January 21st, 2013 at 08:40
Hi Mustafa;
I need your help strongly.
January 21st, 2013 at 16:32
Hi Ali,
I made a mistake when writing the APDU format.
The correct format is as follows :
90 Ins 00 00 Lc(Length of data=19) File No.(03)
24 Bytes of Data Le=00
But there are other mistakes.First I have checked
your data and realized that you didn’t use 3DES
decryption.Second issue is you are changing
key No.3 but you are authenticating with key No.1.
If the key number you are authenticating is
different then the key number you want to change
than you have to proceede as follows:
The new key and the current key are exored.
And CRC (2bytes) of the exored data is appened.
Additionaly CRC (2bytes) of the new key is
appended after padding with zeroes (4 bytes).After
this you proceede as you have done but use
3DES decryption for the first half of the session
key is not equal of the second half.
Good Luck
Mustafa
January 22nd, 2013 at 13:57
Hi Mustafa,
I am sorry for my inconvenience.
Thank you so much for your assist and guide .
Finally i can changed a key in native mode after many attempt and ask many question from you.
Without your help i can not success.
There is one problem that i have yet :
How can i calculate crc 16 and crc 32 of some data.
for example i have one function that i do not know its implementation.That Function calculate the crc 16 of data for me and i do not know how it work.For example that function give me
37 49
for : 00 00 00 00 00 00 00 00
I want to know how it work.
I try many online calculate for 00 00 00 00 00 00 00 00
But i can reach 37 49 from all of them.
Or How can i calculate the crc 32 of some data (I need That code or one comprehensive site that calculate it for me)
Please help me.
January 23rd, 2013 at 05:15
Hi mustafa ,
I do a mistake .
That function give me 37 49 for 24 bytes 00
And give me 32 07 for 24 bytes 11
January 23rd, 2013 at 08:08
Hi Ali,
with the code I have given the link of you can calculate it.
If you want to read more about the crc try following
link : http://www.repairfaq.org/filipg/LINK/F_crc_v3.html
Mustafa
January 23rd, 2013 at 07:46
Hi Ali,
there are many algorithm on web you can use for
calculating CRC 16.Try the code on site:
http://www8.cs.umu.se/~isak/snippets/crc-16.c
Mustafa
January 23rd, 2013 at 07:49
Hi Mustafa ,
I have one question and it is so important for me to find answer of this:
In March 7th, 2011 at 16:56 T you tell Bruno :
(( to use is : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F .
The CRC16 for this key is 77 F5 ))
I want to know how do you calculate it . That is the answer of my first question in January 22nd, 2013 at 13:57 .
Please help me.
Best Regards.
Ali
January 23rd, 2013 at 08:10
Hi Ali,
with the code I have given the link of you can calculate it.
If you want to read more about the crc try following
link : http://www.repairfaq.org/filipg/LINK/F_crc_v3.html
Mustafa
January 23rd, 2013 at 09:18
Hi mustafa,
Thank you very much.
I have another question .
In that code should i set POLY with 0×1021 ?
Ali
January 23rd, 2013 at 09:42
Hi Ali,
No the POLY should be 8408 and start CRC not FFFF
but 6363.
Mustafa
January 23rd, 2013 at 10:44
Hi Mustafa,
i used your code in C ,and C# compilers .
in both of them i received ( ffafa9af ) for (0×00, 0×11, 0×22, 0×33, 0×44, 0×55, 0×66, 0×77, 0×88, 0×99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF )
While the i should received CC 69.
Here is my code :
Can you tell me what is my mistake?
byte[] Data = new byte[16]{0×00, 0×11, 0×22, 0×33, 0×44, 0×55, 0×66, 0×77, 0×88, 0×99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
crc16(Data,16);
public UInt64 crc16(byte[] data_p, int length)
{
int i;
uint data;
uint Polynome = 0×8408;
uint crc = 0xffff;
if (length == 0)
return (~crc);
do
{
for (i = 0, data = ((uint)0xff & data_p[i]); i >= 1)
{
if (((crc & 0×0001) ^ (data & 0×0001))!=0)
crc = (crc >> 1) ^ Polynome;
else crc >>= 1;
}
length–;
} while (length>0);
crc = ~crc;
data = crc;
crc = ((crc <> 8) & 0xff));
return (crc);
}
If you send me a code that give cc 69 for 00 11 22 33 … ff
you oblige me
a.program.ali@gmail.com
Best Regards
Ali .
January 27th, 2013 at 09:48
Hi Mustafa,
Thank you for all of your helps.
Without you i do not think i can change keys in desfire.
But here is some problems :
I create an application with this setting 1f 08
( I explain the the following lines to another readers and i know you know all of them)
((( 1f 08 in setting : means in that application i have 8 keys that when
i want to change one of them (( except 0×01 =(the firs 4 bit in the 1f) and 0×00(=master key in application ) )) i should to authenticate with the key 0×01 and if i want to change 0×01 and 0×00 i should authenticate with master. )))
I can change key PICCMaster key and every keys in that application except 0×01 and 0×00.
for example when i want to change 0×01 i do this steps :
1) Select master
2 ) Authenticate PICCMaster and receive SesssionKey
3) Select that application
4) Used the decrypted ( NEW_KEY + CRC16 + 6 bytes PAD ) = 24 bytes with SesssionKey
5 ) I send this and i give 91 ae
And if i try this :
1) Select master
2 ) Authenticate PICCMaster and receive SesssionKey
3) Select that application
4) Authenticate Application and receive SessionKey2
5) Used the decrypted ( NEW_KEY + CRC16 + 6 bytes PAD ) = 24 bytes with SessionKey2
6 ) I send this and i receive 91 1e
And another problem that i have is :
How can i do iso Change Key (with crc32).?
I replace Crc16 with Crc32 and can not change a key .
January 27th, 2013 at 14:39
Hi Mustafa ,
Sorry for my inconvenience.
Finally i can change the Application Master Key and Changekey key.
But here is some problems :
I create an application with this setting 0f 08.
I can change every key, even 0×00 and 0×01.
But if I change 0×00 , when i want to change another key i receive 91 1e .
While the i can change the key before i changed 0×00.
I create an application with this setting : 1f 08.
And i can not change the key after changing ChangeKey key either.
January 27th, 2013 at 15:32
Hi Ali,
bit 0 of PICC and bit 0 of application masterkey settingsbyte
defines wether the changing of the key is allowed or not.If it is
zero like in your case the key is frozen and you cannot change
it any more.You should use f9 if you want that the key is
changeable.
Mustafa
January 28th, 2013 at 05:26
Hi Mustafa ,
Thanks.
I do a mistake in explain my problems.
I set it (the bit 0 ) to 1 for allowing change.
I set 0f in create application , for change a key i need to ayuthenticate with key 0×00 .
I can change any key with default MasterKey or default ChangeKey key , that means the bit 0 is not 0.
But if i Change the ChangeKey key or MasterKey and use it (the MasterKey or ChangeKEy key after changing ) for authenticate and create SessionKey , i did not change any key again .While the i can change it before change the MasteKey or ChangeKey key.
January 28th, 2013 at 07:23
Hi Mustafa ,
for example 0×03)
I explain correctly what i do :
I create an application with this setting 1f 08.
For change key
1)I select that Application.
2)Authenticate with keyNumber 0x01and attain the Sessionkey (16 bytes).
3)Xor the OldKey and NewKey of 0×03( the Key i want to change). = XoredData
4)Append the CRC16 of XoredData to XoredData.
5)Append Crc16 of NewKwey to XoredData .
MyData = XoredData + crc16 Xored data + crc16 NewKey.
6)Decryption MyData with the first byte of SessionKey.
I received 91 00 that means the key changed correctly.
But if I change the ChangeKey Key and if i want change a key (the Oldkey and Newkey are same the OldKey and NewKey of 0×03 ) i can not change it and i receive 91 1e .While the if i do this before change ChangeKey key , i can change it.
And it is my problem
Best Regards
Ali
January 28th, 2013 at 12:16
Hi Ali,
I don’t know wether I have understand you correctly,
but I give you the rules for key setting,you may be able
to find the issue than.
The bits 7(MSB) to 4 are holding access right for changing
application keys.If those bytes are 0 it means you have
to authenticate with application master key.If it is between
0X01 to 0X0D authentication with this specified key is
neccessary to change any key.If it is 0X0E you have to
authenticate with same key you want to change.
I hope this info will help you to find the issue.
Mustafa
January 28th, 2013 at 13:05
Hi Mustafa ,
Thanks.
I know it and i can change any key in native mode.
But if i change application master key or change key key , i can not change any key again.
I receive 91 1e.
I want to know if i change the application master or change key key is that effect in other keys or not?
And if it is not effect in other keys why give me 91 1e?
Can i send you my code?
Best regards
Ali
January 28th, 2013 at 14:01
Hi Mustafa ,
I indebted you all of my knowledge about desfire functions .
Let me put it in other words :
Certainly you can change the application masterkey or changekey key.
Here is my question :
Can you change the other keys after change application masterkey or changekey key ?
Or you first change the other keys and then change the application MasterKey or ChnageKey key?( The job that i do it)
And if your answer be yes that mean you can change the other key after changing application MasterKey or ChangeKey key ,
Would you mind give me a real data that with that data you can correctly change keys after changing application MasterKey or ChangeKey key please?
Best Regards
Ali
January 31st, 2013 at 15:20
Hi Ali,
sorry for delayed answer.You must be able to change any
key after changing application master key or change key key.
I will test it and let you know the result.
Mustafa
January 30th, 2013 at 06:14
Hi All,
I am getting problem to authenticate DesFire ev1 card with Master keys in Adroid (using TDES), I followed these steps
1. >> 905a00000300000000 (sending PICC selection Command )
<>900A0000010000
<< getting RndB
3. Then I deciphered RndB and Prepare RndB as per doc right shift
4. After that i generate RndA
5. then add RndA+RndB
6. Then Enciphered RndA+RndB and send to card
I am getting 901C Response from card, which is Illegal command .
I m using Iv(initial vector as 00000000) and masterkey for encipher and decipher, please help to solve this issue. I also tried with (default key(like 0000….). I dueled checked that enciphered and deciphered is giving the right value
Thanks,
Arvind
January 30th, 2013 at 06:47
Hi All,
For further understand this issue, i m sending here these command and response
Select PICC
Send Command >>905a00000300000000
Response <> 900A0000010000
Response <> 0BBF991C55119BB141C3E90F6DC9E1C8
Response << 911C
Thanks,
January 31st, 2013 at 15:40
Hi Arvind,
there are many issue in your data above.First thing is you
have to decrypt data before sending to PICC.PCD always
decrypts and PICC always encrypts.To your authenticate
command you have received 16 bytes response.If the
Desfire card is configured for DES/3DES algorithm you
get 8 byte response.If it is configured for AES algorithm
you get 16 bytes.To find out how it is configured make
following test: Send ‘Get key settings’ command to the
PICC:As response you will get two bytes.First byte is
key settings and second byte is Number of Keys.The two
MSB (bit7 and bit6) give the operation art.If they are 00
then the PICC is configured for DES/3DES if they are 01
then PICC is configured for 3K3DES and if they are 10
then the PICC is configured for AES.For AES you
authenticate with command 0XAA and for 3K3DES
you authenticate with command 0X1A.
Good Luck
Mustafa
February 1st, 2013 at 06:49
Thanks Mustafa,
Its a copy and paste problem , I am pasting again that response. I checked key settings it shows 01, and I authenticate with 0x1A and following the response 1C (illegal command)
//Seletion of AID 010000
Command send 905a00000301000000
Response << 9100
//Authentication with masterkey
Command send 901A0000010000
Response << DFA7AB8C704978DF91AF
// Generating RandomB and RandomA
After removing 91AF ————-: DFA7AB8C704978DF
initial IV : 0000000000000000
deci RndB ———: 448AB5CD132D787A
RndB' shift———: 8AB5CD132D787A44
changed IV : DFA7AB8C704978DF
RndA ———: 1122334455667788,
Before enciphered RndA_RndB ———: 11223344556677888AB5CD132D787A44
enciphered RndA RndB ———: D91049E51A2AF57C1BA42C1FE8FC538C
changed IV : 1BA42C1FE8FC538C
// Sending RandomA and RanmdomB
Command send : 90AF000010D91049E51A2AF57C1BA42C1FE8FC538C00
Response : 911C
could you please provide me your mail id, so that i can send you this log to u.
Thanks,
Arvind
February 4th, 2013 at 08:04
Hi Arvind,
1C means illegal command code and you get
this answer when command code is not
suppoerted.For example if you send the
commnad 90 AF … before sending 90 1A you
get the answer 1C.Therefore I assume you
send something else between command 1A
and the AF.My mailaddress is
mustafa.moripek@gmail.com .Send me the whole conversation between PCD and PICC so I can
try to find the issue.
Mustafa
January 31st, 2013 at 19:46
Hi,
I authenticate using an application master key (AES) and then ask for the list of file ids (there is none). I get this back: f6 c0 04 cd 00 a5 9e 7b.
I’m assuming this is a CMAC? How should I proceed to verify if the CMAC is correct going from my session key?
Thanks you
February 1st, 2013 at 14:22
I have a working implementation of CMAC but I can never get my values to match what is returned by the card. Which key should I use when calculating the CMAC?
If I receive something like (02 03 XX XX XX XX)h where X is the CMAC, should I use only (02 03)h as input without modification?
February 12th, 2013 at 14:54
Hi, i have exactly the same problem, also trying the GetFileIDs command.
I think that the session key is used for CMAC generation.
After session key generation, you also have to reset your IV to zero, but don’t do it after each cbc crypto operation, as it stays as it is between the new EV1 crypto methods.
I try to figure out whether you have to cmac the command byte you send to the PICC (for example getFileIDs, 0x6F). I think you have to do that, but the resulting cmac is not sent, only the command byte.
When i’m trying to verify the received mac, i dont know if only the data is cmaced, or also the status byte. If someone knows that, please answer
I’m not using APDU wrapping yet.
My AES session key is: 01 02 03 04 B8 9E F7 1D 0D 0E 0F 00 24 B4 2D BE
cmac subkeys:
sk1: 9C 5B CB 80 ED 7D B5 36 C6 8D ED A1 08 04 CB E0
sk2: 38 B7 97 01 DA FB 6A 6D 8D 1B DB 42 10 09 97 47
I’m sending the 0x6F command for (getFileIDs) just after the authentication is done, so IV is all zero, and calculate the cmac on the command byte:
IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Padded data before cmac: 6F 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CMAC: 9D 11 D0 DD 09 F0 0B FA 89 02 E7 0F ED 7F 75 B8
I’m receiving the answer then:
00 02 84 73 95 39 3B 95 60 55 53
00 is the status code, 02 is a file i created, rest is CMAC to be verified
after that, i’m calculating the CMAC for 00 02 (don’t know if the status bit is CMACed, too, both gives me the wrong result.)
IV: 9D 11 D0 DD 09 F0 0B FA 89 02 E7 0F ED 7F 75 B8
Padded data before cmac: 00 02 80 00 00 00 00 00 00 00 00 00 00 00 00 00
CMAC: 4F A0 A2 E1 E2 A0 46 72 70 73 39 88 A8 EF 94 2E
could someone verify this? i tested the cmac algorithm itself, it works, so i’ve forgotten something else…
thanks for any help ^^
February 13th, 2013 at 17:55
Hi mk,
I still haven’t figured out how to properly verify the CMAC.
I did try calculating it with your values and the first CMAC you calculate is equal to mine but on the second CMAC calculation (received) I’m getting a different value:
CMAC sent:
9d 11 d0 dd 09 f0 0b fa 89 02 e7 0f ed 7f 75 b8
CMAC received (using session key and using CMAC sent as IV, calculated on 00 02 …):
a1 90 a9 88 93 19 eb 3b e5 2e 6e 85 14 06 c6 73
I thought my CMAC algorithm was correct but I may be doing something wrong. If you get yours to work please let me know.
February 14th, 2013 at 11:28
I’m using libfreefare as reference for cmac calculation. if padding is neccesary you xor the padded data with the second subkey, if no padding is performed the data is xored with the first subkey. after that the result is encrypted, using cbc send mode.
the cmac function is here:
https://code.google.com/p/libfreefare/source/browse/libfreefare/mifare_desfire_crypto.c
here are CMAC examples to check against
http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
so i’m pretty sure that cmac calculation isn’t the problem, stilly trying to figure out which data has to be CMACed
February 14th, 2013 at 13:16
ok, it works now for me!
forgot rotating randomA right after checking if auth went ok.
sorry, my session key was wrong, i changed my authentication code and got distracted by cmac stuff
session key: 00 01 02 03 E3 27 64 0C 0C 0D 0E 0F 5C 5D B9 D5
Session sub-keys:
sk1: 7A 11 44 93 B2 E2 B1 D4 EA E6 31 E5 F4 D4 4F 58
sk2: F4 22 89 27 65 C5 63 A9 D5 CC 63 CB E9 A8 9E B0
CMACing the command byte 0x6F is right.
Padded data before cmac: 6F 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CMAC: CD C0 52 62 6D F6 60 CA 9B C1 09 FF EF 64 1A E3
my reader gives me the following answer:
00 02 07 A0 39 1B 25 3D 12 57
where 00 is the status code, and 02 is a file id, rest is CMAC.
i tried CMACing 00 02 and got wrong results.
then i swapped data and status byte, which turned out to be right, i don’t know why. maybe my reader does APDU framing in the background so that actually the status byte is at the end? i don’t know… i’m using this one http://www.stronglink-rfid.com/en/rfid-modules/sl032.html
this is the result…
Padded data before cmac: 02 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
CMAC: 07 A0 39 1B 25 3D 12 57 89 CF AE E3 6F 26 9F 58
February 14th, 2013 at 14:34
I’m glad it is working for you! I also got it working and have been checking libfreefare.
I was using the CMAC from a crypto library which wasn’t handling well the external IV for the second CMAC calculation.
March 10th, 2013 at 13:56
Hi
I want to Read a record .
i Create a record with FileID 0×04 Successfully.
I do this Steps:
1)select the Application
2)authenticate with that application
3)From offset = 0×00 0×00 0×00
4)Number Of recors = 0×00 0×00 0×01
5)APDU = 90 bb 00 00 07 (=LC) 04 (=fileID) 00 00 00 00 00 01 00
i send this and receivr 91 be
Can anybody help me ?
March 11th, 2013 at 11:07
Hi Ali,
be means boundary error.In the file you try to read
are not as much records as you want to read.The
one you have written as number of records is MSB.
That means you want to read more then one million
records.
Mustafa
March 12th, 2013 at 06:04
Hi Mustafa ,
Thank you for all of your helps.
I can read record.
Best Regards.
Ali
March 12th, 2013 at 06:11
Hello Mustafa,
This is regarding Desfire SAM AV2. The Problem i unable to connect to SAM using normal PC/SC contact reader. can you please help me to solve this issue.
1 – Is there any specific hardware to connect Desfire SAM?
2 – Please share your view about SAM and their communication with PC/SC readers..
3 – Are there any source which describes the SAM Communication..
Thanks
March 12th, 2013 at 12:03
Hi Smith,
for I have built my own reader I don’t have any idea how
a PC/SC contact reader can read a SAM card.I used
information (user manual,datasheets) of the producer.
Try to get information from the producer of SAM.If you
have any specific problem later on I can try to help.
Good luck
Mustafa
March 13th, 2013 at 07:09
Hi Mustafa.
Another question.
I want to change the file setting to 11 11 (change the access rights).
If my FileID be 0×03 and my ComSetting be 0×00.
I used this command:
90 5F 00 00 04 03 00 11 11 00
I send this and receive 91 7e(Length Error)
I do not know what is my mistake.
Please help me.
March 13th, 2013 at 08:03
Hi Mustafa.
I solved this .
Thank you for all of your help.
March 18th, 2013 at 14:26
Hi Mustafa,
In ChangeFileSetting i have a problem.
when i set the change key access right to e ( free access) in create the file , i can change the file setting .
But if i set it to another byte 9for example 0×03) < and i want to change access rights afthe authenticate with the changeAccessrightKey (0×03 in here) i receive 91 7e Can you heipme
May 16th, 2013 at 09:15
What was the solution?
March 18th, 2013 at 18:38
Dear Mustafa,
I’m writing you in the hope that you might tell me where my mistake is in the changekey-process for a 0xAA authentication. I read all the above comments (and learned a lot of them…thanks for that !) on this topic but I am not able to find my mistake.
I created an application (application 01) with several AES keys which all have the standard value 00…00. The application was created with the “CA 01 00 00 0E 85″ command. Changekey should change one of them, but it does not. I authenticate with the application master key and get a 0x1E error.
The following data is used:
Authentication process:
- – - – - – - – - – - -
send> 0x0A
rec af 56 e0 f0 9e 9e df 1d 72 62 ca af c8 56 97 0c 62 6d 87 02 40 57 b7 a7 11 64 2f 74 88 12 62 36 01
rec “C401″ + AESCBC(C401 + newkeyXORoldkey + newykeyversion + crc32[c401 + newkeyXORoldkey + newykeyversion] + crc32(newkey) + “00000000000000″)
= C401 + AESCBC(C401+11…11+00+2AB7E18A+A7C83697+00000000000000)
= C401 + “3c 22 90 33 44 c5 36 82 33 65 90 2e fc 0c be db f1 77 80 a1 fb 93 37 a8 64 e2 b8 c3 cc 6f 73 42″
The AESCBC calculation was performed as follows:
1st unencrypted CBC-plainblock w/o IV: 11111111111111111111111111111111
1st unencrypted CBC-plainblock w/ IV: 0x7b6fffd7d20a5130e0ad40084e494c90L
1st encrypted CBC-plainblock (w/ IV): 3c22903344c536823365902efc0cbedb
2nd unencrypted plainblock (i.e. w/o XOR): 002AB7E18AA7C8369700000000000000
2nd unencrypted CBC-plainblock (i.e. with XOR): 0x3c0827d2ce62feb4a465902efc0cbedbL
2nd encrypted CBC-plainblock: f17780a1fb9337a864e2b8c3cc6f7342
The overall result is an 0x1E error. As I spent several days finding the error, I came to a point where I hope you might help – of course only if you find the time to do so.
Thank you,
Morris.
March 18th, 2013 at 18:40
I should explicitly remark that the authentication procedure works perfectly. My initial remark from above “I authenticate with the application master key and get a 0x1E error” might be misleading:
Not the authentication but the changekey spawns that 0x1E error.
March 18th, 2013 at 18:44
And I found a typo. The authentication takes place via 0xAA (and not 0x0A). I use the AES method.
Do I have to submit the CRC values in LittleEndian format or in BigEndian ? I tried both variants and still got the 0x1E error.
March 18th, 2013 at 18:47
Apparently this website’s editor filters the “greater than” and “less than” symbols, therefore a part of my posting is missing. Here the version with all information:
Authentication process:
- – - – - – - – - – - -
send: 0xAA
rec: af e5 62 d8 7b 8b c4 5e 74 19 02 0c f1 1e 54 29 82
send: af 56 e0 f0 9e 9e df 1d 72 62 ca af c8 56 97 0c 62 6d 87 02 40 57 b7 a7 11 64 2f 74 88 12 62 36 01
rec: 6a 7e ee c6 c3 1b 40 21 f1 bc 51 19 5f 58 5d 81
AES-sessionkey: 00112233e2aa7694445566774e7095ae
RndA: 00112233445566770011223344556677
RndA2: 11223344556677001122334455667700
RndB: e2aa7694704bf7a7c49a2e064e7095ae
RndB2: aa7694704bf7a7c49a2e064e7095aee2
From the preceding authentication process (AES authenticate with application master key, which is also 00…00):
IV: 6a7eeec6c31b4021f1bc51195f585d81 (=AESCBC(RndA’))
The AUTH process works properly, even a manual decryption of the last data chunk sent by the PICC (i.e. AESCBC(RndA’)) yields the correct result.
March 18th, 2013 at 18:48
Changekey:
- – - – -
Key to be changed is key01, which has the default value 00…00.
Newkey should be 11…11.
CRC32:
1) crc32[c401 + newkeyXORoldkey + newykeyversion]
= crc32(c401+11…11+00) = 2AB7E18A
2) crc32(newkey)
= crc32(11…11) = A7C83697
With these information the following command is sent:
send> “C401″ + AESCBC(C401 + newkeyXORoldkey + newykeyversion + crc32[c401 + newkeyXORoldkey + newykeyversion] + crc32(newkey) + “00000000000000″)
= C401 + AESCBC(C401+11…11+00+2AB7E18A+A7C83697+00000000000000)
= C401 + “3c 22 90 33 44 c5 36 82 33 65 90 2e fc 0c be db f1 77 80 a1 fb 93 37 a8 64 e2 b8 c3 cc 6f 73 42″
The AESCBC calculation was performed as follows:
1st unencrypted CBC-plainblock w/o IV: 11111111111111111111111111111111
1st unencrypted CBC-plainblock w/ IV: 0x7b6fffd7d20a5130e0ad40084e494c90L
1st encrypted CBC-plainblock (w/ IV): 3c22903344c536823365902efc0cbedb
2nd unencrypted plainblock (i.e. w/o XOR): 002AB7E18AA7C8369700000000000000
2nd unencrypted CBC-plainblock (i.e. with XOR): 0x3c0827d2ce62feb4a465902efc0cbedbL
2nd encrypted CBC-plainblock: f17780a1fb9337a864e2b8c3cc6f7342
March 21st, 2013 at 06:49
Hi Morris,
İf the card is a virgin card you use the default key
all zeroes and you have to authenticate with the
command code 0X0A and use DES-3DES algorithm
for decryption.If you want use AES encryption
with the new key you must make the 2MS bits of
key number 10.In your case the command string
after authentication with 0X0A should be:
C4 + 81 + 3DESdecr with session key(newkey+
CRC16+padding).
Goog luck
Mustafa
March 19th, 2013 at 07:46
Hi Ali,
when you change file settings with keysettings 0X0E,
the command format is: 5f File No. Com.Setting
Access Rights (2 bytes) totally 5 bytes
when you change file settings with a special key
(in your case 0X03),the command format is :
5F File No. New de or enciphered settings
(8/16 bytes depending on which encryption
you use – 3DES/AES)
Mustafa
April 1st, 2013 at 19:54
Hi Mustafa,
I’m newbie in Desfire EV1 card.
In my project, i used the reader PN512.
I’ve done following: REQA, CL1, CL2, RATS, PPS. Everything’s ok.
But there is no answer from PICC when I implement to select the application:
5A 00 00 00
or
90 5A 00 00 03 00 00 00 00
Here is my code:
void AID_Select(void)
{
PN512_Write(0x0A,0×80); // Flush FIFO
PN512_Write(0×09,0x5A); // Native command select PICC
PN512_Write(0×09,0×00);
PN512_Write(0×09,0×00);
PN512_Write(0×09,0×00);
//
PN512_Write(0×12,0×00); // Disable TX,RX CRC
PN512_Write(0×13,0×00);
PN512_Write(0x0D,0×80); // Transmit
//
PN512_Read(0×06); // No Error Status
PN512_Read(0x0A); // 0×00 -> 0 byte in buffer -> there is no response? I don’t know why.
PN512_Read(0×09); // Data is not correct?
}
void RFID_Desfire(void)
{
PN512_Config();
Mifare_REQA();
Mifare_ATQ();
Mifare_Anticoll_1();
Respond_SNR_1();
Mifare_Select_1();
Respond_SAK();
Mifare_Anticoll_2();
Respond_SNR_2();
Mifare_Select_2();
Respond_SAK();
RATS();
PPS(); // Everything is ok until the below function
AID_Select();
}
Please give me the suggestions.
Best regards,
Trong Quyen
April 2nd, 2013 at 15:53
Hi Trong,
are you sure your other coomands are working
properly?
The code after writing to fifo should be as follows :
PN512_Write(0×12,0×00); // Enable TX,CRC
PN512_Write(0×13,0×00); // Enable RX,CRC
PN512_Write(0×1D,0×00); // Enable parity
PN512_Write(0×01,0×0C); // Transceive command
PN512_Write(0×1D,0×80); // Transmit 8 bit length
Good luck
Mustafa
April 2nd, 2013 at 18:00
Hi Mustafa,
Thank for your feedback.
I’m sure 100% that other commands are working.
With this PN512 config, I’ve used to communicate with mifare UL successfully.
My code is:
void PN512_Config(void)
{
PN512_Write(0×01,0x0F); // Soft reset
PN512_Write(0x0C,0×10); // Initiator
PN512_Write(0×15,0×40); // 100% ASK
PN512_Write(0×18,0×55); //
PN512_Write(0×19,0x4D); //
PN512_Write(0×26,0×59); //
PN512_Write(0×27,0xF4); //
PN512_Write(0×14,0×83); //
PN512_Write(0×01,0x0C); // Transceive
}
void Mifare_REQA(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0×26);
PN512_Read(0x0A);
PN512_Write(0x0D,0×87);
}
void Mifare_ATQ(void)
{
PN512_Read(0×06);
PN512_Read(0x0A);
PN512_Read(0×09);
PN512_Read(0×09);
}
//
void Mifare_Anticoll_1(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0×93);
PN512_Write(0×09,0×20);
PN512_Write(0×12,0×00);
PN512_Write(0×13,0×00);
PN512_Write(0x0D,0×80);
}
void Respond_SNR_1(void)
{
PN512_Read(0×06);
PN512_Read(0x0A);
MifareCard_UID[0] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[1] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[2] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[3] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[4] = UART0_Putc(PN512_Read(0×09));
}
void Mifare_Select_1(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0×93);
PN512_Write(0×09,0×70);
PN512_Write(0×12,0×80);
PN512_Write(0×13,0×80);
PN512_Write(0×09,MifareCard_UID[0]);
PN512_Write(0×09,MifareCard_UID[1]);
PN512_Write(0×09,MifareCard_UID[2]);
PN512_Write(0×09,MifareCard_UID[3]);
PN512_Write(0×09,MifareCard_UID[4]);
PN512_Write(0x0D,0×80);
}
void Mifare_Anticoll_2(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0×95);
PN512_Write(0×09,0×20);
PN512_Write(0×12,0×00);
PN512_Write(0×13,0×00);
PN512_Write(0x0D,0×80);
}
void Respond_SNR_2(void)
{
PN512_Read(0×06);
PN512_Read(0x0A);
MifareCard_UID[0] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[1] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[2] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[3] = UART0_Putc(PN512_Read(0×09));
MifareCard_UID[4] = UART0_Putc(PN512_Read(0×09));
}
void Mifare_Select_2(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0×95);
PN512_Write(0×09,0×70);
PN512_Write(0×12,0×80);
PN512_Write(0×13,0×80);
PN512_Write(0×09,MifareCard_UID[0]); // Data from Respond SNR
PN512_Write(0×09,MifareCard_UID[1]);
PN512_Write(0×09,MifareCard_UID[2]);
PN512_Write(0×09,MifareCard_UID[3]);
PN512_Write(0×09,MifareCard_UID[4]);
PN512_Write(0x0D,0×80);
}
void Respond_SAK(void)
{
PN512_Read(0×06);
PN512_Read(0x0A);
PN512_Read(0×09);
}
//
void RFID_Process(void)
{
PN512_Config();
Mifare_REQA();
Mifare_ATQ();
Mifare_Anticoll_1();
Respond_SNR_1();
Mifare_Select_1();
Respond_SAK();
ReadData_PN512();
LCD_cls();
// STS Process /
STS_Process();
}
void RATS(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0xE0);
PN512_Write(0×09,0×00);
PN512_Write(0×12,0×80);
PN512_Write(0×13,0×80);
PN512_Write(0x0D,0×80);
//
PN512_Read(0×06);
PN512_Read(0x0A);
UART0_Putc(PN512_Read(0×09));
UART0_Putc(PN512_Read(0×09));
UART0_Putc(PN512_Read(0×09));
UART0_Putc(PN512_Read(0×09));
UART0_Putc(PN512_Read(0×09));
UART0_Putc(PN512_Read(0×09));
}
void PPS(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0xD0);
PN512_Write(0×09,0×11);
PN512_Write(0×09,0×00);
PN512_Write(0×12,0×80);
PN512_Write(0×13,0×80);
PN512_Write(0x0D,0×80);
//
PN512_Read(0×06);
PN512_Read(0x0A);
PN512_Read(0×09);
}
void AID_Select(void)
{
PN512_Write(0x0A,0×80);
PN512_Write(0×09,0x5A); // Native select PICC
PN512_Write(0×09,0×00);
PN512_Write(0×09,0×00);
PN512_Write(0×09,0×00);
//
PN512_Write(0×12,0×00); // Disable TX,RX CRC
PN512_Write(0×13,0×00); // (Enable CRC: 0×80)
PN512_Write(0x1D,0×00); // Enable parity
PN512_Write(0×01,0x0C); // Transceive
PN512_Write(0x0D,0×80); // Transmit
//
PN512_Read(0×06); // 0×00: No Error Status
UART0_Putc(PN512_Read(0x0A)); // 0×00 -> 0 byte in buffer -> there is no response? It should be 1
UART0_Putc(PN512_Read(0×09)); // It should be 0×00
}
void RFID_Desfire(void)
{
PN512_Config();
Mifare_REQA();
Mifare_ATQ();
Mifare_Anticoll_1();
Respond_SNR_1();
Mifare_Select_1();
Respond_SAK();
Mifare_Anticoll_2();
Respond_SNR_2();
Mifare_Select_2();
Respond_SAK();
RATS();
PPS();
AID_Select();
}
As you see, I’ve put some data bytes to the terminal:
- The first 16 bytes:
88 04 6A 54 B2 21 80 1D 80 3C 06 75 77 81 02 80
-> CT- UID[3] – BCC1 – UID[4] – BCC2 – ATS[6]
- The last 2 bytes:
00 77 -> FIFO Level after read command – The response of SelectApplication 5A 00 00 00
-> They should be: 01 00
It means that there is no answer from PICC after SelectApplication command
I’ve tried follow your guide in AID_Select() function.
Please give me your comments and suggestions.
Thank you very much.
Best regards,
Trong Quyen
April 2nd, 2013 at 18:40
HI Mustafa,
Now, I’m trying to communicate with Mifare Desfire EV1, but using the commands of MF3ICD40 Desfire.
Perhaps, the commands of Desfire EV1 are different from Desfire.
Do you think so?
Best regards,
Trong Quyen
April 3rd, 2013 at 05:50
Hi Trong,
I see that you enable CRC for TX and RX within
commands RATS and SELECT.Why do you disable
CRC in Select Application command.With the
instructions I have mentioned previously I always
can select application.
Mustafa
April 3rd, 2013 at 16:10
Hi Mustafa,
Follow the datasheet of MF3ICD40, some commands need CRC and some commands don’t need.
Example:
- REQA, CL1, CL2: Don’t need CRC
- Select_CL1, Select_CL2, RATS, PPS: Need CRC
And also follow datasheet of MF3ICD40, i don’t see CRC was appended follow the native command frames.
However, I’ve also tried with CRC, but the results are same, there is no answer from PICC.
Do you think the commands of Desfire EV1 and Desfire are same?
Now I’m working with Desfire EV1 (MF3ICD41) but using the commands of Desfire (MF3ICD40).
Because I don’t find any datasheet about MF3ICD41 on Internet.
Follow the datasheet, it seems too easy to implement some commands as GetVersion, SelectApplication…
I see the native commands are not too different from other commands like REQA, RATS, PPS…But in fact…
Please see the code again and help me to find if i’ve missed any step.
Thank you very much.
Best regards,
Trong Quyen
April 3rd, 2013 at 19:21
Hi Trong,
my code looks like :
PN512_Write(0x0A,0×80);
PN512_Write(0×12,0×80);
PN512_Write(0×13,0×80);
PN512_Write(0x1D,0×00);
PN512_Write(0×09,0×5A);
PN512_Write(0x0A,0×00);
PN512_Write(0x0A,0×00);
PN512_Write(0x0A,0×00);
PN512_Write(0×01,0×0C);
PN512_Write(0x1D,0×80);
PN512_Read(0x0A);
and is functioning well.I am not at office now.
Tomorrow I will check with different card types
and let you know the result.
Mustafa
April 4th, 2013 at 17:53
Hi Mustafa,
I think, you mean:
void AID_Select(void)
{
PN512_Write(0x0A,0×80); // Flush FIFO
PN512_Write(0×12,0×80); // Enable TX, RX CRC
PN512_Write(0×13,0×80);
PN512_Write(0x1D,0×00); // Enable parity
PN512_Write(0×09,0x5A); // Native select PICC
PN512_Write(0×09,0×00); // (Not 0x0A)
PN512_Write(0×09,0×00);
PN512_Write(0×09,0×00);
//
PN512_Write(0×01,0x0C); // Transceive
PN512_Write(0x0D,0×80); // Transmit 8 bit, (not 0x1D)
//
PN512_Read(0x0A);
}
Maybe, you’re missing in typing (0×09 instead of 0x0A, and 0x0D instead of 0x1D)
Note:
0×09: FIFO
0x0A: FIFOLevel
0x0D: BitFramingReg
Follow datasheet, I think the section of code above is correct.
But in fact, there is still no answer from PICC.
And, what do you think about the steps:
void RFID_Desfire(void)
{
PN512_Config();
Mifare_REQA();
Mifare_ATQ();
Mifare_Anticoll_1();
Respond_SNR_1();
Mifare_Select_1();
Respond_SAK();
Mifare_Anticoll_2();
Respond_SNR_2();
Mifare_Select_2();
Respond_SAK();
RATS(); // E0 80
PPS(); // D0 11 00
// Fail from here
AID_Select();
}
I think, after RATS and PSS, I have to do some config else follow ISO 14443-3, ISO 14443-4.
But I don’t know what it is.
I also ask for help to the guy from Mifare Team, but I don’t understand his answer, perhaps you do.
http://www.mifare.net/micommunity/forum/mifare-smartcard-ics/mifare-desfire/using-pn512-communicate-mifare-desfire-ev1-card/#msg2333
And, could you try this code in your side (if you have the hardware PN512)?
Thank for your ardor.
Best regards,
Trong Quyen
April 5th, 2013 at 16:53
Hi Trong,
yes you are right the 0A’s schould be 09,but
1D is correct (ManualRCVReg 0x1D).Without this it
doesn’t work properly.I have seen your conversation
at the above link.In my code I have also a
routine for exchange data with picc usin T=CL protocol.
But I am not sure whether it is neccessary ,I
have to test it.But it takes some times because
I have to make some changes on my test pcb.
I let you know when I have the result.
Mustafa
April 6th, 2013 at 06:31
Hi Trong,
I have checked the select application command.
Yes you should use PCB.And the command should
look like:
void AID_Select(void)
{
PN512_Write(0x0A,0×80); // Flush FIFO
PN512_Write(0×12,0×80); // Enable TX, RX CRC
PN512_Write(0×13,0×80);
PN512_Write(0x1D,0×00); // Enable parity
PN512_Write(0×09,0×0A); // PCB
PN512_Write(0×09,0×00); // CID
PN512_Write(0×09,0x5A); // Native select PICC
PN512_Write(0×09,0×00);
PN512_Write(0×09,0×00);
PN512_Write(0×09,0×00);
//
PN512_Write(0×01,0x0C); // Transceive
PN512_Write(0x0D,0×80); // Transmit 8 bit, (not 0x1D)
//
PN512_Read(0x0A);
}
For I used CID and no NAD PCB is 0A.
If you don’t use CID nor NAD the PCB should 02.
And “transmit 8 bit” should be writen to register
0D not to 1D (as you recognized correctly).
Good luck
Mustafa
April 6th, 2013 at 06:47
Hi Mustafa,
Thank for your help.
Now, I can implement the SelectApplication function.
I’ll need your more help about RFID, SAM AV1,2 on next time.
Thank you once more time.
Best regards,
Trong Quyen
April 9th, 2013 at 06:19
Hi all ,
I need help in implementing ISO-7816 command set supported by MIFARE DESFire. I am able to implement basic native commands but implementing iso commands is seeming difficult.Can someone give an example for implementing APPEND RECORD Command(INS-’E2′).
Regards
SN
April 9th, 2013 at 09:37
Hi Mustafa,
I got a problem about ATS.. Here i am trying to use configured ATS with my Desfire EV1 card… But i need to get my Old ATS(ATS already in the card) and Append before newly configured ATS data such as
[Old ATS] + [My New Data] = Newly configured ATS.
What i need to know is how i get the ATS from the card.. In specs they provide that command begins with E0 will give ATS… But i unabl eto do that.. Please note that i use a ACS PC/SC reader to retrieve ATS.. Please help me ..
Thanks.
April 9th, 2013 at 12:20
Hi Tom,
the format for request answer to select command is :
E0 Parameter CRC0 CRC1
The high nibble of the parameter byte is maximum
frame size and the low nibble is CID (logical
number of addressed PICC).
Mustafa
April 11th, 2013 at 18:37
Hello all! First of all i would like to thank all the people that have shared here their information
I have successfully done some basic operations of desfire card like authentication, file creation/read/write. I have been faced a really strange problem. I have created i std DataFile with the appropriate command :
Command: 91 CD 00 00 07 00 00 0E 0E A0 00 00 00
Response: 91 0E
I know the error means “Insufficient NV-Memory to complete command” , the weird thing is that i have successfully created one std data file at first. Then i deleted it and tried to create a different one (with the same FileNo), every time i was trying to create the file i was able to use less file size until now that i can’t use any file size! I tried even to remove the application and create it from scratch and now i am getting the same error at the create Application command! Is that the normal behavior of the card, should i try to format it?
Any help will be really appreciated!
Thanks for your time anyway!
April 12th, 2013 at 08:31
Hi Giwrgos,
allocated memory blocks associated with the delete files
are not set free.To release memory blocks for reuse,the
whole NV-memory needs to be erased using the
Format command.
Mustafa
April 12th, 2013 at 22:56
Thanks really much for another time Mustafa
April 13th, 2013 at 12:15
Hi
I want to get the list of all of Applet in java card.
I Select MasterAplet and do pin verify with it.
My question is how
can i get the list of all of AID in java card?
April 13th, 2013 at 12:21
Hello ali! The command you are looking for is the GetApplicationIDs(). The command code (without wrapping) is 0x6A. If you send this byte to the card you will get a response with the application aids! The first response will have untill 19 Aids, if your card has more than 19 applications the response will start with byte 0xAF which means that you have to send the byte 0xAF to the card to get the rest of the aids.
April 15th, 2013 at 05:12
Hello Giwrgos .
Thank you.
I think 90 6a get the AID of a Desfire card. I send this APDU and receive all of AID of a Desfire card.My problem is what can i get the AID of the all of applets on a SAM card.If your answer is 6a would you mind specify me the calss and instruction of this command.
April 17th, 2013 at 16:19
I am having a problem with Authentication of AES. Really I am trying to decrypt the message after authentication. My authentication is a success and I am trying to decrypt the return message and verify it against RANDA and I can’t seem to decrypt it properly. I have managed to do this successfully with DES. I am pretty sure that it has something to do with my IV for AES. I start with 16 byte 0×00 array to encrypt the message after that I am not sure what to use as my IV. Any help would be greatly appreciated
May 7th, 2013 at 22:29
A bit advertising but could be helpful for some people. Just started a new open source sdk project (LGPL license) for RFID development with various chips and readers supported.
Developed in C++, can be called in C# through a COM layer: http://liblogicalaccess.islog.com
DESFire en DESFire EV1 support, but key diversification and SAM still need to be implemented.
May 14th, 2013 at 07:55
Hi All,
Can someone propose a good Plastic Card Printer we can use for printing Desfire platic cards.
May 16th, 2013 at 09:19
I’m trying to create standard file after the authentication (1A). Authentication works, I have right crc algorithm, but when I send the command i get 917E response: length error. I’m using DES encryption
Session key:
0BE19314EA2A362E0BE19314EA2A362E
Command before crc, padding and encryption:
90CD0000090200000311110F000000
data with crc32 and padding:
0200000311110F000045812F87800000
APDU Encr: 90 CD 00 00 10 C2 5F 1C B0 79 D7 12 84 DF 8F EE CC F5 25 DD 5F 00
Receiving data
Does anyone know what’s my problem?