Integrity Error on ChangeKey desfire ev3

amrin-hexondata — Mon, 13 May 2024 15:39:36 GMT

Hi, I'm trying to change default aes key on keyNo = 0, to a different aes key. However, I keep getting

0x1E integrity error on sending the command, which i think indicates wrong crc.

I wrote in javascript. This is my crc32 calculation function

static crc32 = (input) => { const crcTable = new Array(256); for (let i = 0; i < 256; i++) { let c = i; for (let j = 0; j < 8; j++) { c = ((c & 1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1)); } crcTable[i] = c >>> 0; } let crc = 0 ^ (-1); for (let i = 0; i < input.length; i++) { crc = (crc >>> ^ crcTable[(crc ^ input.charCodeAt(i)) & 0xFF]; } crc = crc ^ (-1); // Convert the integer to an array of bytes const crcBytes = []; for (let i = 0; i < 4; i++) { crcBytes.push((crc >>> (i * 8)) & 0xFF); } return crcBytes.reverse(); }

From my understanding, CRC is calculated on Cmd + keyNo + (newKey xor oldkey) + keyversion. Something like this.

let data_to_crc = cmd.concat(_keyNo).concat(_newKey).concat(_keyVersion); let data_to_crc_string = DesfireUtils.getHexFromDecArray(data_to_crc); let crc_data = DesfireUtils.crc32(data_to_crc_string);

If I run my crc32 function on the data, i'd get the same result when using this online crc32 calculator

Then cryptogram = newkey + keyversion + crc_data + padding

Then i send over <C4 00 Cryptogram>
Sending over encrypted cryptogram yields same result as not encrypted, 0x1E. encryption key is session key, iv = 0

Re: Integrity Error on ChangeKey desfire ev3

amrin-hexondata — Tue, 14 May 2024 03:56:44 GMT

Fixed the issue. The problem lies in CRC32 algorithm.
I used this C code and transcribed / implement it in javascript
http://www.rfidiot.org/crc32.c

topic Integrity Error on ChangeKey desfire ev3 in Other NXP Products

Integrity Error on ChangeKey desfire ev3

Re: Integrity Error on ChangeKey desfire ev3