424 DNA AuthenticateEV2First RndA not matching

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

424 DNA AuthenticateEV2First RndA not matching

1,264 Views
jbean
Contributor II

Hello!

Please bear with me, as I am very early into this wild journey of learning how to program these NFC tags.

Just recently, I purchased some NTAG 424 DNA NFC tags to play around with, and I've run into a problem that I just cannot seem to figure out. For reference, no keys have been changed since the purchase.

I'm following the authentication example on page 29 of the application note. While attempting to authenticate through the AuthenticateEV2First command, everything goes smoothly, until I get to step 24, where I need to compare my RndA with the RndA my tag sends back.

My output (after selecting application):

 

 

Tag found
>> response from part one: b0766120811175980f991df421d6996a91af

>> encoded random b: b0766120811175980f991df421d6996a
>> decoded random b: 674279214acdd6a200bf43834652a94c
>> random b rotated left: 4279214acdd6a200bf43834652a94c67

>> generated random a: 5fda3402593699c0317a3b0b564ecd2f
>> randa with randb rotated: 5fda3402593699c0317a3b0b564ecd2f4279214acdd6a200bf43834652a94c67
>> encrypted randa with randb rotated: 80f36dc666c232ef92a34c6f3be69455caa42d42ac1a082a611589035eb17b26

>> part 2 command: 90af00002080f36dc666c232ef92a34c6f3be69455caa42d42ac1a082a611589035eb17b2600
>> part two command response: b780a3690c43a3d61e418713ecd248d3e46cf86a0c222cffe01271f3aac2684a9100
>> part two command response without response code: b780a3690c43a3d61e418713ecd248d3e46cf86a0c222cffe01271f3aac2684a
>> decrypted part two command response: c89c58aeac5522d827ec583ee326ff77985445ef000000000000000000000000

>> card rnda: efac5522d827ec583ee326ff77985445

 

 

As you can see, my generated RndA (5fda3402593699c0317a3b0b564ecd2f) and the RndA that the card sends back (efac5522d827ec583ee326ff77985445) do not match. I have no idea why this might be happening. I thought maybe my encrypting/decrypting method might be flawed while figuring out RndB, but then I noticed that on page 48 of the data sheet, if my RndB was wrong, my Part 2 response would indicate that with response code 91AE, but my Part 2 response code is fine (9100), so my keys and everything appear to be fine.

Any help on this would be incredibly appreciated!

3 Replies

895 Views
shaghayeghnz
Contributor II

Hi, @jbean 

I have the same issue. Did you find any solution?

Best Regards, Shaghayegh.

0 Kudos
Reply

886 Views
jbean
Contributor II

Hey!

It's been a minute, but I think I remember. I was using NodeJS for this, and subsequently the built-in crypto package. Throughout the whole process I was using the same "Cipher" instance for my decrypting, which is wrong. I found out I was supposed to create a new Cipher instance per decryption I believe. I'm not sure if this helps, but that's what I can remember.

0 Kudos
Reply

859 Views
shaghayeghnz
Contributor II

Thank you, @jbean, for your response.

Could you clarify, 'Throughout the whole process, I was using the same "Cipher" instance for my decryption, which is wrong. I found out that I was supposed to create a new Cipher instance per decryption.'

Which ciphertext do you mean?

BR, Shaghayegh.

0 Kudos
Reply