- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- RFID / NFC
- :
- NFC
- :
- DESFire GetCardUID random result
DESFire GetCardUID random result
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am authenticating with the default key (0,0,0...) to a DESFire EV1 card.
Then, I am calling GetCardUID, and getting 16 bytes back.
These I then decrypt, and expect to get this result:
0 = 0x4
1 = 0x8A
2 = 0x71
3 = 0x72
4 = 0x66
5 = 0x61
6 = 0x80
7 = 0x98
8 = 0x67
9 = 0x46
10 = 0x1D
I can see my serial in the first 7 bytes.
Unfortunately, most of the times I get different results, like this one:
0 = 0x84
1 = 0x7F
2 = 0xEE
3 = 0xCF
4 = 0x4C
5 = 0x6
6 = 0x22
7 = 0xF9
8 = 0x67
9 = 0x46
10 = 0x1D
The padding remains 0 (cut out here), and the last three bytes are always the same, which indicate a successful decryption to me.
Now my question: Why do I get different, seemingly random results most of the times?
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Goddammit, figured it out.
I already solved this once and completely wiped it off my mind, apparently.
I was right with the 25% change. The decryption worked properly if the leftmost two bits for subkey calculation were 00, hence the 25% change.
I was always using 0x87 as XOR when one of the bits was 1.
Turns out I have to use 0x1B for xor with a blocksize of 8.
In any case, thanks for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I never called GetCardUID, because I have the UID number in the identification :). I'll do a test this weekend. I'll let you know.
THanks,
Vincent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Heyo,
any success?
Regards,
Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Daniel,
I just did a test like this
-Identification
-Authenticate EV2 with software SAM
-ReadFile
-GetCARDuid
the uid card number is correct.
I use ComMode:FULL
which reader and software do you use?
Thanks
Vincent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, it is weird that it also works for me, but only every seventh time or so.
Are you using some library to call GetCardUID?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Daniel,
I use the ODALID library and readers
which library and reader do you use?
Which a DESFire Cartd you use? (EV1/EV2/EV3)
Is authentication EV2 or EV1?
Thanks,
Vincent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey, thanks for your time.
I am using a DESFire EV1, and writing my own library.
It is weird that the encryption works only some of the time...
Kind regards,
Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Daniel,
you can send me the card's encrypted response to the GetCardUID command when you have the wrong UID number; when you authenticate with the default key.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Goddammit, figured it out.
I already solved this once and completely wiped it off my mind, apparently.
I was right with the 25% change. The decryption worked properly if the leftmost two bits for subkey calculation were 00, hence the 25% change.
I was always using 0x87 as XOR when one of the bits was 1.
Turns out I have to use 0x1B for xor with a blocksize of 8.
In any case, thanks for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
happy for you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Again, thanks for taking a look at this.
Here is the log for a successfull attempt:
request: 5A 00 00 00 , response: 00
request: 1A 00 , response: AF F3 73 EE A4 5C E6 DB AE
Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
remote random encrypted: AF F3 73 EE A4 5C E6 DB AE , decrypted: AF 15 3B 83 ED DD 7D 33
own random encrypted: 3B 97 0F 73 8A 60 73 20
random numbers concatenated and shifted: 3B 97 0F 73 8A 60 73 20 15 3B 83 ED DD 7D 33 AF , encrypted: 9A 2A 57 89 66 A6 6A 02 B3 3B 24 2F 63 4C A7 A4
request: AF 9A 2A 57 89 66 A6 6A 02 B3 3B 24 2F 63 4C A7 A4 , response: 00 52 A7 34 BB B4 9B 8E 8C
random response: 00 52 A7 34 BB B4 9B 8E 8C , decrypted: 97 0F 73 8A 60 73 20 3B
session key: 3A 96 0E 72 AE 14 3A 82 3A 96 0E 72 AE 14 3A 82 3A 96 0E 72 AE 14 3A 82
subkeys: 1: 59 EC 47 70 68 E3 6F 72 2: B3 D8 8E E0 D1 C6 DE E4
old CMAC: 00 00 00 00 00 00 00 00
new CMAC for data E2 58 8E E0 D1 C6 DE E4 : B6 AB AD F6 E2 16 14 52
request: 51 , response: 00 81 6A 2E C8 7F 8D AC 8E A6 32 2A 95 D9 53 CA 18
decrypting using key 3A 96 0E 72 AE 14 3A 82 3A 96 0E 72 AE 14 3A 82 3A 96 0E 72 AE 14 3A 82 and IV B6 AB AD F6 E2 16 14 52 : 81 6A 2E C8 7F 8D AC 8E A6 32 2A 95 D9 53 CA 18 -> 04 8A 71 72 66 61 80 98 67 46 1D 00 00 00 00 00
And here for an unsuccessfull:
request: 5A 00 00 00 , response: 00
request: 1A 00 , response: AF 30 8C E3 EE 34 83 E3 0C
Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
remote random encrypted: AF 30 8C E3 EE 34 83 E3 0C , decrypted: 44 C2 21 D1 0F F3 63 5B
own random encrypted: D6 30 6F 85 BC DC 2D BA
random numbers concatenated and shifted: D6 30 6F 85 BC DC 2D BA C2 21 D1 0F F3 63 5B 44 , encrypted: 53 BC 03 55 33 2E 4A 88 9D 86 70 30 4D B8 64 11
request: AF 53 BC 03 55 33 2E 4A 88 9D 86 70 30 4D B8 64 11 , response: 00 65 60 4E 12 05 BD 68 D7
random response: 00 65 60 4E 12 05 BD 68 D7 , decrypted: 30 6F 85 BC DC 2D BA D6
session key: D6 30 6E 84 44 C2 20 D0 D6 30 6E 84 44 C2 20 D0 D6 30 6E 84 44 C2 20 D0
subkeys: 1: 78 6F 68 2C 2F CB 34 0D 2: F0 DE D0 58 5F 96 68 1A
old CMAC: 00 00 00 00 00 00 00 00
new CMAC for data A1 5E D0 58 5F 96 68 1A : 20 11 91 00 F3 A0 5B 1B
request: 51 , response: 00 0D C7 E7 8B 2D C4 03 6F 0C D7 C9 70 56 10 DA 5F
decrypting using key D6 30 6E 84 44 C2 20 D0 D6 30 6E 84 44 C2 20 D0 D6 30 6E 84 44 C2 20 D0 and IV 20 11 91 00 F3 A0 5B 1B : 0D C7 E7 8B 2D C4 03 6F 0C D7 C9 70 56 10 DA 5F -> D9 EF 56 79 ED E4 71 03 67 46 1D 00 00 00 00 00
In fact, I am pretty sure that stastically, I get the right result in 25% of all attempts.
This seems like there are 2 bits from some random number that I am not processing properly...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
why do you authenticate to the DESFire card?
the UID is given before authentication.
Vincent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to make the GetCardUID call work.
GetCardUID returns an encrypted result, so it needs the authentication.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
ok I understand, if you want to use the GetCardUID command, you have to check that the authenticate command is valid.
What I mean is that before any authentication, the system must perform the identification phase as follows
1 Identification
2 Authentificate
3 GetCarduid
Identification gives the uid number
Vincent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, thanks for the hint.
I did do all the steps. Obviously I did anticollision, getting the UID. Then I authenticated, and then attempted to read the real UID.
And reading the readl UID sometimtes works, but most of the time not, very weird.
Are you able to successfully call GetCardUID 100% of the time?
