Mutual authentication error (ICODE DNA)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Mutual authentication error (ICODE DNA)

5,237 Views
slou26
Contributor II

Hello,

 

We have a problem when we try to send a mutual authentication with Inlays ICODE DNA.

 

We did the key initialization as mentioned in the doc  :  -

  • Inventory Request (works well)
  • Check that Byte1 == 0x81 in Global Crypto Header (works well)
  • Check that Key Header is not active  and is writable (works well)
  • Write Key0 (works well)
  • Verify good writing (works well)
  • Write KEY0 privileges (0x00)
  • Active & locked Key header (works well:  read 0xE7)
  • Update Global Crypto Header : active & locked (works well:  read 0xE7)
  • We try to send MAM1 command and we have the following reply ( Error detected and Unknown error ) :  01h 0Fh and 2 bytes of the CRC

What is the problem in the process ? Is there a missing step ?

Could you help us ?

 

Thanks

Regards,

S.L

13 Replies

4,215 Views
ukcas
NXP Employee
NXP Employee

Hello Rasool,

There shall be no dependency on response time. Please provide command exchange payloads so we can take more deeper look.

Thank you,

Uros

0 Kudos
Reply

4,215 Views
ukcas
NXP Employee
NXP Employee

Hello Gireesh,

There is no timing "limitation" for responses on MAM1 or MAM2. You can allow min time as per my previous post.

Best regards,

Uros 

0 Kudos
Reply

4,215 Views
rasool_shaik
Contributor I

I am at the same situation right now. After valid MAM1 response from the tag, I have used the website provided in the AN11808 document to compute the MAM2 message and sent to the tag. I can see the data sent on the scope which is correct. But there is no response from the tag. Anything to do with the delay in sending the MAM2 message after valid MAM1 response from tag?

0 Kudos
Reply

4,215 Views
ukcas
NXP Employee
NXP Employee

Hello Gireesh,

Your numericals are ok. Authenticate command takes approx. 8,5ms, AES calculation on the Tag takes 4ms, length of the Tag´s response shall be 7ms, then you can expect a valid answer.

Do you have any chance to capture the RF on oscilloscope?

Best regards,

Uros

0 Kudos
Reply

4,215 Views
gshankarappa
Contributor II

I am only interested to know if there is any timeout applied to the authentication commands like, after MAM1 is sent out and responded by the tag, if MAM2 is not received within xx seconds, or if MAM2 is received after xx seconds, the authentication is aborted. Otherwise, I am just polling for the tag response and I allowing plenty of time for tag to respond.

We don't have facility to capture RF signal, I am working on that to see if we can get one shortly.

0 Kudos
Reply

4,215 Views
ukcas
NXP Employee
NXP Employee

Dear Sebastien,

Yes like you stated, you have to do a decrypt before.

DECRYPT (the tag can only do ENCRYPT): 59 F3 B5 DC C2 1F 77 FA 31 8E 67 E7 19 67 DD 99 

Please note (important):

ISO15693 as air interface, is defined as LSB first, but crypto suite is defined as MSB first in our case.

Hopefully it works now for you.

br,

Uros

0 Kudos
Reply

4,215 Views
gshankarappa
Contributor II

I tried decryption as well, but still got unknown error response...

Here is what I am doing 

Key: 1A 31 06 F0 D9 BA 90 E3 4F 29 E3 3B C0 FF 77 DB

Challenge: 00 00 00 00 00 00 00 00 00 00

Response from tag:

 A7 55 07 B3 45 F4 89 5D 08 19 F8 CB DF 5B BD E5 1C 2D 5F 7A A5 FB 98

Swapped response: (excluding baker filed)
98 FB A5 7A 5F 2D 1C E5 BD 5B DF CB F8 19 08 5D       89 F4 45 B3 07 55


Decrypted firts 16 bytes of swapped response
DA 83  F0 74 FF 87   00 00 00 00 00 00 00 00 00 00


MAM2
DA 80  00 00 00 00  89 F4 45 B3 07 55     F0 74 FF 87

Decrypted MAM2 
70 50 FC D4 6C 6A F3 09 56 11 65 3B 91 96 21 6A

Swapped response 

00 06 6A 21 96 91 3B 65 11 56 09 F3 6A 6C D4 FC 50 70

Response from tag:

0F

Is there are any prerequisite to mutual authentication that Ia m missing here ?

I have 

Config header = 81

Global crypto header = C1

Crypto configuration header = 81

Key header = C3

Key privileges = 00

is there any timing restriction like the tag is expecting response with in certain time window ?

0 Kudos
Reply

4,215 Views
ukcas
NXP Employee
NXP Employee

Dear Sebastien,

Please kindly excuse for the delay. I accidentially replied to wrong topic. Hopefully you solved the issue.

I would suggest you to use some of our available SW tools. I would highly suggest NxpReaderLib available on DocStore under MIFARE SW directory, to be used with CM1 reader or Pegoda 701 (if you have it). It has a very nice Mutual Authentication example. It does all calculation for you.

Also we offer in NFC reader library - which is applicable for our reader development boards - an example to perform mutual authentication on ISO15693 protocol.

 

Recommendations:

  1. Did you try with ISO15693 selected mode? Just to minimize the command payload to be sent and faults it may have
  2. Try in the step: “Concatenate TChallenge_MAM1[79:32] and TChallenge_MAM1[31:0]  : 8D 43 72 9A C3 0F 5A B0 BC AB“ to concatenate - IChallenge_MAM1[31:0] and TChallenge_MAM1[79:0] before encryption and sending back to the Tag

Best regards,

Uros

0 Kudos
Reply

4,215 Views
slou26
Contributor II

I think I found the problem 

When you send the MAM1 message , you have to decrypt the message before to send MAM2. That's ok 

But before sending the MAM2 message , instead of encrypt the message , you have to decrypt it again ... logical :smileysad:

0 Kudos
Reply

4,215 Views
gshankarappa
Contributor II

I am also at same point as you, I tried many things but no success. Trying to contact NXP support in all possible ways, but never heard back from anybody.

0 Kudos
Reply

4,215 Views
slou26
Contributor II

Hello,

Thanks for your reply.

After posting the first message , I refer to the example in AN11808 and it’s better for MAM1

In fact , it was the order bit of the MAM1 message , more precisely an inversion between AuthMethod , Step, and MAM1_RFU

Now I have a valid response for MAM1 Response , so I tried to send the second parts of mutual authentication , and  I have an error , always the same message 0x01 0x0F L

 

I will explain more :

 

My key : FFEEDDCCBBAA99887766554433221100

My IChallenge_MAM1 : 00000000000000000000

 

 

I receive the following MAM1 response from the tag : 04 47 0F C3 9A 72 43 8D EC 40 08 18 95 65 27 DA F2 75 F8 08 48 6B 0A 59

 

  • remove the TChallenge_MAM1 [79:32] and swap it ( MSByte first) : 8D 43 72 9A C3 0F

 

  • swap the AES encrypted Message  : 59 0A 6B 48 08 F8 75 F2 DA 27 65 95 18 08 40 EC

 

 

 

  • TChallenge_MAM1[31:0]  = 5A B0 BC AB
  • Concatenate TChallenge_MAM1[79:32] and TChallenge_MAM1[31:0]  : 8D 43 72 9A C3 0F 5A B0 BC AB
  • Build MAM2 Message :
    • DA 80 00 00 00 00 8D 43 72 9A C3 0F 5A B0 BC AB
    • Encrypt this part, result : 34 7E 7A BD 7B 9F 45 ED 3C 5A 16 24 76 AF 69 4B (same result with  AES Calculator: http://extranet.cryptomathic.com/aescalc/index )
    • Swap it : 4B 69 AF 76 24 16 5A 3C ED 45 9F 7B BD 7A 7E 34

 

    • Finally , I send the following Message  :  22 35  UID 00 06 4B 69 AF 76 24 16 5A 3C ED 45 9F 7B BD 7A 7E 34 and CRC

 

    • But I have an error message 0x01 0x0F

 

 What did  I do wrong ?

 

Thanks

0 Kudos
Reply

4,215 Views
gshankarappa
Contributor II

may be check the Key0 byte order, it expects MSByte first. Other fields to look for is

Authentication method, step number and Key ID, again byte order of all these fields. Refer to the example in AN11808.

4,215 Views
IvanRuiz
NXP Employee
NXP Employee

Hello,

Which document did you refer to?

Regards,

Ivan.

0 Kudos
Reply