Tag Archives: mifare desfire

t:kort public transportation card explorations

In a follow up to my DESFire communication example post, here is a brief explanation of what you can find on the “t:kort“.

The “t:kort” is a public transportation card used in the county of “Sør-Trøndelag” in Norway. The card is a Mifare DESFire contactless smartcard, and the data stored on the card follows the NORTIC Specification for Mifare DESFire (NSD) (Statens Vegvesen – Håndbok 206 Elektronisk billettering (2004/05) page 218 )

Some commands do not require authentication, but read/write access to the files in the Transport directory requires the use of key #7, which is not public.

Note: DESFire uses LSBF (Least Significant Byte First).

Here I’ll show the data that is public (does not require auth), and briefly explain what they mean.

General DESFire stuff:

File types:
0x00 = Standard Data Files
0x01 = Backup Data Files
0x02 = Value Files with Backup
0x03 = Linear Record Files with Backup
0x04 = Cyclic Record Files with Backup
Communication mode:
0x00 = Plain communication
0x01 = Plain communication secured by DES/3DES MACing
0x03 = Fully DES/3DES enciphered communication
Communication flow:
--> To card
<-- From card

Communication with a virgin t:kort:

Get Version:
--> 60
<-- af 04 01 01 00 02 18 05
--> af
<-- af 04 01 01 00 06 18 05
--> af
<-- 00 XX XX XX XX XX XX XX ZZ ZZ ZZ ZZ ZZ 29 08

The GetVersion command returns manufacturing data about the PICC (chip).
04 = Vendor id (Philips)
Hardware version is 0.2 (00 02), and storage size is 18 (4096 bytes).
Software version is 0.6 (00 06), and storage size is 18 (4096 bytes)
The X’s are the 7-byte UID
The Z’s are the 5-byte batch number
29 = Calendar week of production
08 = Production year

Get Application IDs:
--> 6a
<-- 00 00 80 57 01 80 57

2 Applications available: 00 80 57 and 01 80 57
57 80 00 is the NORTIC Card Issuer DF (Directory File)
57 80 01 is the NORTIC Transport DF

Select Application 00 80 57:
--> 5a 00 80 57
<-- 00

OK

Get Key Settings for application master key (AID 00 80 57):
--> 45
<-- 00 12 04

12 = configuration not changeable, no free create/delete file, free directory list, master key not changeable, other key changeable using key # 1
04 = number of 3DES keys : 4 (Master key (M, #0), card Issuer key (I, #1), Card retailer key (C,#2), and Read key (R, #3).

Iterating the Get Key Version command shows that keys 00-03 are available.
All other key IDs return 0x40 (No Such Key)

Get Key Version key 00 (AID 00 80 57):
--> 64 00
<-- 00 1d
Get Key Version key 01 (AID 00 80 57):
--> 64 01
<-- 00 1d
Get Key Version key 02 (AID 00 80 57):
--> 64 02
<-- 00 1d
Get Key Version key 03 (AID 00 80 57):
--> 64 03
<-- 00 fb
Get File IDs (AID 00 80 57):
--> 6f
<-- 00 0c

File ID 0c = CI_Header (Card Issuer Header)
This file is created during the personalization process and is never written to during normal process.

Get File Settings for file 0c (AID 00 80 57):
--> f5 0c
<-- 00 00 00 f1 ef 10 00 00

00 = Standard Data file
00 = Plain Communication
f1 ef = read is free, write disabled, r/w disabled, Change Config with key #1
10 00 00 = length 0x10 (16 bytes)

Read Data in file 0c (AID 00 80 57):
--> bd 0c 00 00 00 10 00 00
<-- 00 90 80 00 02 XX XX XX XX 6c 68 00 28 00 02 80 40

First 10 bits = 578 (ISO country code Norway)
Next 20 bits = Format (0)
Next 2 bits = 2 (choice bitmap = cardIDNumber32bits)
Next 32 bits = Application wide unique serial number, set up at prepersonalization (denoted as ‘X’ here). This number can be found on the surface of the card printed in decimal form.
Next 14 bits = cardValidityEndDate. Card is valid until Dec 31st 2015 (Number of days since 1997-01-01 = 6938)
Next 20 bits = 160 (Application Owner Company ID)
Next 20 bits = 160 (Retailer Organisation ID)
Next 4 bits = cardKeyVersion = 1 (Used to identify which keys are in use. Initial = 1)
Last 6 bits = Not used

Select Application 01 80 57:
--> 5a 01 80 57
<-- 00

OK

Get Key Settings application master key (AID 01 80 57):
--> 45
<-- 00 12 08

12 = configuration not changeable, no free create/delete file, free directory list, master key not changeable, other key changeable using key # 1
08 = number of 3DES keys : 8 (Master key (M, #0), application Owner/issuer key (O, #1), Application retailer key (A, #2), Card retailer key (C, #3), Product retailers key (P, #4), add-Value key (V,#5), Service providers key (S, #6) and Read key (R, #7)).

Iterating the Get Key Version command shows that keys 00-07 are available.
All other key IDs return 0x40 (No Such Key)

Get Key Version key 00 (AID 01 80 57):
--> 64 00
<-- 00 1d
Get Key Version key 01 (AID 01 80 57):
--> 64 01
<-- 00 1d
Get Key Version key 02 (AID 01 80 57):
--> 64 02
<-- 00 1d
Get Key Version key 03 (AID 01 80 57):
--> 64 03
<-- 00 1d
Get Key Version key 04 (AID 01 80 57):
--> 64 04
<-- 00 76
Get Key Version key 05 (AID 01 80 57):
--> 64 05
<-- 00 94
Get Key Version key 06 (AID 01 80 57):
--> 64 06
<-- 00 25
Get Key Version key 07 (AID 01 80 57):
--> 64 07
<-- 00 fb
Get File IDs (AID 01 80 57):
--> 6f
<-- 00 01 02 03 04 05 06 0a 0c

8 files available
01 = T_ProductRetailer file
02 = T_ServiceProvider file
03 = T_SpecialEvent File
04 = T_StoredValue file
05 = T_GeneralEventLog file
06 = T_SVReloadLog file
0a = T_Environment file
0c = T_cardHolder file

Get File Settings for file 01 (AID 01 80 57):
--> f5 01
<-- 00 01 01 41 7f 80 01 00

01 = Backup data file
01 = Plain communication with MAC
41 7f = Access bits (Read with key #7, Write disabled, R/W with key#4, Change settings with Key #1)
80 01 00 = File size (0x180 = 384 bytes)

Get File Settings for file 02 (AID 01 80 57):
--> f5 02
<-- 00 01 01 41 76 80 00 00

01 = Backup data file
01 = Plain communication with MAC
41 76 = Access bits (Read with key #7, Write with key #6, R/W with key#4, Change settings with Key #1)
80 00 00 = File size (0x80 = 128 bytes)

Get File Settings for file 03 (AID 01 80 57):
--> f5 03
<-- 00 01 01 41 76 20 01 00

01 = Backup data file
01 = Plain communication with MAC
41 76 = Access bits (Read with key #7, Write with key #6, R/W with key#4, Change settings with Key #1)
20 01 00 = File size (0x120 = 288 bytes)

Get File Settings for file 04 (AID 01 80 57):
--> f5 04
<-- 00 02 01 51 7f 00 00 00 00 ff ff ff 7f 00 00 00 00 00

02 = Value File with Backup
01 = Plain communication with MAC
51 7f = Access bits (Read with key #7, Write disabled, R/W with key #5, Change settings with key #1)
00 00 00 00 = Lower limit
ff ff ff 7f = Upper limit (7fffffff)
00 00 00 00 = Limited credit value
00 = limited credit disabled

Get File Settings for file 05 (AID 01 80 57):
--> f5 05
<-- 00 04 00 f1 76 24 00 00 09 00 00 08 00 00

04 = Cyclic Record File with Backup
00 = Plain communication
f1 76 = Access bits (Read with key #7, Write with key #6, R/W disabled, Change settings with key #1)
24 00 00 = Record size (0x24 = 36 bytes)
09 00 00 = Max number of record (9)
08 00 00 = Current number of records (8)

Get File Settings for file 06 (AID 01 80 57):
--> f5 06
<-- 00 04 00 f1 75 20 00 00 03 00 00 02 00 00

04 = Cyclic Record File with Backup
00 = Plain communication
f1 75 = Access bits (Read with key #7, Write with key #5, R/W disabled, Change settings with key #1)
20 00 00 = Record size (0x20 = 32 bytes)
03 00 00 = Max number of record (3)
02 00 00 = Current number of records (2)

Get File Settings for file 0a (AID 01 80 57):
--> f5 0a
<-- 00 00 00 21 7f 20 00 00

00 = Standard Data File
00 = Plain communication
21 7f = Access bits (Read with key #7, Write disabled, R/W with key#2, Change settings with Key #1)
20 00 00 = File size (0x20 = 32 bytes)

Get File Settings for file 0c (AID 01 80 57):
--> f5 0c
<-- 00 00 00 31 7f 20 00 00

00 = Standard Data File
00 = Plain communication
31 7f = Access bits (Read with key #7, Write disabled, R/W with key#3, Change settings with Key #1)
20 00 00 = File size (0x20 = 32 bytes)

Select PICC Application:
--> 5a 00 00 00
<-- 00

OK

Get Key Settings (for PICC Application):
--> 45
<-- 00 0b 01

0b = configuration changeable, no free create/delete file, free directory list, master key changeable
01 = Only 1 key can exist for this application (the PICC application)

Get Key Version for key 00 (for PICC Application):
--> 64 00
<-- 00 1d

The PICC master key version is 0x1d

That’s all we can read from the card without knowing the read key for the Transport DF (Key #7).

Advertisements

Mifare Desfire communication example

MiFare DESFire are iso14443A compliant contactless smartcards, and support all layers including iso14443-4. These cards are so-called “stored value” cards, so you cannot install and execute your own program code on DESFire cards. DESFire is like a memory card with access control.

Typical usage is within public transportation and access control.

DESFire cards are considered secure. Even though there are some theoretical security flaws, no public working hack has been published like there has been for Mifare classic (standard) cards. (The new DESFire EV1 cards are supposed to address the flaws found in v0.6).

Depending on the version of the card, a DESFire card might support commands in native, native-wrapped or iso7816-4 command set styles.

  • Software version v0.4 does not support APDU (only native commands)
  • v0.5 adds support for wrapping native commands inside ISO 7816 style APDUs
  • v0.6 adds ISO/IEC 7816 command set compatibility. 

 New versions of DESFire cards (EV1) (v1.3) support extended APDU commands.

“Application” in DESFire terms is more like a DF (Directory File) in iso7816. DESFire AIDs (Application IDs) are 3 bytes long.

The command style of the first command determines the mode for the rest of the session. You cannot mix different command modes in the same session.

First, lets look at Native command mode.

Native Command mode:

Most of these commands are one byte long, and the card responds with “statusbyte + [optional data]”

Statusbyte examples:
00 : Command successful
af : More data (send command 'af' to fetch remaining data)
9d : Permission Denied
Communication flow:
--> To card
<-- From card

Example using a blank DESFire v0.6 card:

Get Version:
--> 60
<-- af 04 01 01 00 02 18 05
--> af
<-- af 04 01 01 00 06 18 05
--> af
<-- 00 XX XX XX XX XX XX XX ZZ ZZ ZZ ZZ ZZ 05 06

The first response denotes the hardware releated data: version is 0.2 (00 02), and storage size is 18 (4096 bytes)
The second response denotes the software releated data: version is 0.6 (00 06), and storage size is 18 (4096 bytes)
The X’s are the 7-byte UID
The Z’s are the 5-byte batch number
05 = Calendar week of production
06 = Production year

Get Application IDs:
--> 6a
<-- 00

No applications available (blank card)

Select PICC Application:
--> 5a 00 00 00
<-- 00

OK

Get File IDs (for PICC Application):
--> 6f
<-- 9d

Permission denied.

Get Key Settings (for PICC Application):
--> 45
<-- 00 0f 01

0f = All bits in the lower nibble are set, meaning configuration can be changed, CreateApplication/GetApplicationIDs/GetKeySettings can be performed without master key, and master key is changeable
01 = Only 1 key can exist for this application (the PICC application)

Get Key Version for key 00 (for PICC Application):
--> 64 00
<-- 00 00

The PICC master key version is 0x00

Authentication with key 00 (for PICC Application):
--> 0a 00
<-- af a2 be cd 03 d8 46 cb 33
--> af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c
<-- 00 76 73 d9 49 71 3f f2 d1

This example only showed authentication with the PICC application. In a real world transaction, you would typicall select a specific AID (!= 00 00 00), authenticate, and then read/write to files within that application.

After a successful authentication, further communication with the card is done in plain/plain+MAC/encrypted+MAC, depending on the access bits for the particular file.
Authentication is done using DES or Triple-DES, depending on keysize. If key is 8 bytes: Single DES. If key is 16 bytes, and the first 8 bytes of the key are different from the last 8 bytes: Triple-DES. The card terminal (PCD) always use DECRYPT_MODE (both when recieving and sending encrypted data), and the card always uses ENCRYPT_MODE. However, the DESFire crypto is a bit different from the normal DES/CBC scheme: The PCD uses DES “send mode” when sending data (xor before DES), and the card uses DES “recieve mode” when recieving data (xor after DES). But when the PCD recieves data, it uses normal DES/CBC mode (xor after DES), and the card uses normal DES send mode when sending data (xor before DES).

DESFire encryption:
Send encrypted data Recieve encrypted data
PCD (DECRYPT) DES/CBC “send mode” Normal DES/CBC “recieve mode”
Card (ENCRYPT) Normal DES/CBC “send mode” DES/CBC “recieve mode”

The last 2 modes are useful if you need to communicate with a DESFire card through PC/SC, or you need to emulate DESFire on Java Cards.

Native Wrapped command style:

In this mode, native commands are wrapped inside iso7816 style APDUs.

The mapping is done as follows:
cls ins          p1 p2 lc [data] le
90  [native ins] 00 00 lc [data] 00

SW1 SW2
91  [native status code]
Wrapped version of the commands shown above:
--> 90 60 00 00 00 00
<-- 04 01 01 00 02 18 05 91 af
--> 90 af 00 00 00 00
<-- 04 01 01 00 06 18 05 91 af
--> 90 af 00 00 00 00
<-- 04 28 3b 61 5b 1b 80 8e 64 55 61 10 05 06 91 00
--> 90 6a 00 00 00 00
<-- 91 00
--> 90 5a 00 00 03 00 00 00 00
<-- 91 00
--> 90 6f 00 00 00 00
<-- 91 9d
--> 90 45 00 00 00 00
<-- 0f 01 91 00
--> 90 64 00 00 01 00 00
<-- 00 91 00
--> 90 0a 00 00 01 00 00
<-- a2 be cd 03 d8 46 cb 33 91 af
--> 90 af 00 00 10 b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c 00
<-- 76 73 d9 49 71 3f f2 d1 91 00

The last mode is the iso7816 command set mode:

Full support for these commands require DESFire v1.3 (EV1)
ISO SELECT (A4)
ISO GET CHALLENGE (84)
ISO EXTERNAL AUTHENTICATE (82)
ISO INTERNAL AUTHENTICATE (88)
ISO READ BINARY (B0)
ISO UPDATE BINARY (D6)
INS READ RECORDS (B2)
ISO APPEND RECORD (E2)

As you can see, not all functions are available using the iso7816 command set. If you need more functions, you must use native or native-wrapped mode.