Hello!
Please bear with me, as I am very early into this wild journey of learning how to program these NFC tags.
Just recently, I purchased some NTAG 424 DNA NFC tags to play around with, and I've run into a problem that I just cannot seem to figure out. For reference, no keys have been changed since the purchase.
I'm following the authentication example on page 29 of the application note. While attempting to authenticate through the AuthenticateEV2First command, everything goes smoothly, until I get to step 24, where I need to compare my RndA with the RndA my tag sends back.
My output (after selecting application):
Tag found
>> response from part one: b0766120811175980f991df421d6996a91af
>> encoded random b: b0766120811175980f991df421d6996a
>> decoded random b: 674279214acdd6a200bf43834652a94c
>> random b rotated left: 4279214acdd6a200bf43834652a94c67
>> generated random a: 5fda3402593699c0317a3b0b564ecd2f
>> randa with randb rotated: 5fda3402593699c0317a3b0b564ecd2f4279214acdd6a200bf43834652a94c67
>> encrypted randa with randb rotated: 80f36dc666c232ef92a34c6f3be69455caa42d42ac1a082a611589035eb17b26
>> part 2 command: 90af00002080f36dc666c232ef92a34c6f3be69455caa42d42ac1a082a611589035eb17b2600
>> part two command response: b780a3690c43a3d61e418713ecd248d3e46cf86a0c222cffe01271f3aac2684a9100
>> part two command response without response code: b780a3690c43a3d61e418713ecd248d3e46cf86a0c222cffe01271f3aac2684a
>> decrypted part two command response: c89c58aeac5522d827ec583ee326ff77985445ef000000000000000000000000
>> card rnda: efac5522d827ec583ee326ff77985445
As you can see, my generated RndA (5fda3402593699c0317a3b0b564ecd2f) and the RndA that the card sends back (efac5522d827ec583ee326ff77985445) do not match. I have no idea why this might be happening. I thought maybe my encrypting/decrypting method might be flawed while figuring out RndB, but then I noticed that on page 48 of the data sheet, if my RndB was wrong, my Part 2 response would indicate that with response code 91AE, but my Part 2 response code is fine (9100), so my keys and everything appear to be fine.
Any help on this would be incredibly appreciated!
Hey!
It's been a minute, but I think I remember. I was using NodeJS for this, and subsequently the built-in crypto package. Throughout the whole process I was using the same "Cipher" instance for my decrypting, which is wrong. I found out I was supposed to create a new Cipher instance per decryption I believe. I'm not sure if this helps, but that's what I can remember.
Thank you, @jbean, for your response.
Could you clarify, 'Throughout the whole process, I was using the same "Cipher" instance for my decryption, which is wrong. I found out that I was supposed to create a new Cipher instance per decryption.'
Which ciphertext do you mean?
BR, Shaghayegh.