PN7150 67 00 (wrong length) apdu response on android-5.1.1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PN7150 67 00 (wrong length) apdu response on android-5.1.1

Jump to solution
4,230 Views
iwannugraha
Contributor III

I am using PN7150 on android-5.1.1

i tried to send extended APDU command into Desfire card.
i was select the application on the card and success.
but when i tried to authentication process and send this command, i got response 67 00 (wrong length)

i send data : 00820000288C9D8E3837E8E47514E9010801C1615E65E677A21DC40E07B32DF6DE24EED3D6CD950BA8CB5E738528
where:
CLA : 0x00
INS : 0x82
P1 : 0x00
P2 : 0x00
Lc : 0x28 //(40 bytes)
data :
0x8C, 0x9D, 0x8E, 0x38, 0x37, 0xE8, 0xE4, 0x75, 0x14, 0xE9, 0x01, 0x08, 0x01, 0xC1
, 0x61, 0x5E, 0x65, 0xE6, 0x77, 0xA2, 0x1D, 0xC4, 0x0E, 0x07, 0xB3, 0x2D, 0xF6, 0xDE
, 0x24, 0xEE, 0xD3, 0xD6, 0xCD, 0x95, 0x0B, 0xA8, 0xCB, 0x5E, 0x73, 0x85
Le : 0x28 (expected return length)

there is nothing wrong with the command structure, but why the response is 67 00

i am using isodep library.

please some one help me..

0 Kudos
1 Solution
4,081 Views
jimmychan
NXP TechSupport
NXP TechSupport

I asked our MIFARE expert for helping this issue.

Here is the reply:

====================

 

Still I believe that the ISOExternalAuthenticate command that the customer sends is wrong. He is sending length 0x28, whereas the length should only be 0x10 for 2K3DES keys or 0x20 for AES keys.

Unfortunately I don`t know what exactly the SAM reader is doing, as this doesn`t seem to be a MIFARE SAM. The commands are unknown to me (0xF0 and 0xF1 are no MIFARE SAM commands).

 

Also I am surprised that some data is returned as response to ISOExternalAuthenticate command.

MIFARE DESFire does not return any response data to the ISOExternalAuthenticate command. Only the ISOMutualAuthenticate command would return some data, but this is not implemented on MIFARE DESFire.

 

See also in one image extracted from the ISO/IEC 7816-4 standard.

pastedImage_31.png

Below are two examples where I executed ISOGetChallenge and ISOExternalAuthenticate with my DESFire card:

 

ISOExternalAuthentication using 2K3DES key on MIFARE DESFire

Name: 4 alMfdfEv2.Sw: IsoSelectFile (PICC Level)
Transmitted: 00A4040007D276000085010000
Response:     9000

 

Name: 6 alMfdfEv2.Sw: IsoGetChallenge
Transmitted: 0084000008
Response:   

82967D273F2FA80B9000

 

Name: 7 alMfdfEv2.Sw: IsoExternalAuthenticate
Transmitted: 0082000010CD72DFC6E6D040A48D616EB9527B5787
Response:     9000

 

ISOExternalAuthentication using AES key on MIFARE DESFire

Name: 8 alMfdfEv2.Sw: IsoSelectFile_1
Transmitted: 00A4040C10A00000039656434103F015400000000B00
Response:     9000

 

Name: 10 alMfdfEv2.Sw: IsoGetChallenge

Transmitted: 0084000010
Response:     48E5EEFD557AA3D2974F54229D06FD439000

Name: 11 alMfdfEv2.Sw: IsoExternalAuthenticate
Transmitted: 008200802042BB47ED88653753823C543E42A80C84613B394DB2132328CCCD6F2560E1B109
Response:     9000

====================

View solution in original post

5 Replies
4,081 Views
jimmychan
NXP TechSupport
NXP TechSupport

Which Desfire card are you using?

0 Kudos
4,081 Views
iwannugraha
Contributor III

Mifare Desfire EV1

0 Kudos
4,081 Views
jimmychan
NXP TechSupport
NXP TechSupport

You are sending the ISOExternalAuthenticate command. The length of the data parameter is pre-given in the DESFire datasheet, and should either be 16 byte (if targeting 2K3DES keys) or 32 bytes (if targeting 3K3DES or AES keys). So the data length of 40 bytes is incorrect.

Most likely your cryptogram was calculated incorrect.

So the Lc byte needs to be either 0x10 (16 bytes) or 0x20 (32 bytes), and the data field needs to be also set with the correct length.

pastedImage_1.png

0 Kudos
4,081 Views
iwannugraha
Contributor III


Hi Jimmy, tank you for your reply.


Actually i am running existing application to read eID card on our new device with PN7150 for Contactless reader
and a SAM reader, i used alcorlink usb contact reader.

I was tested this script on identive and acs reader and work properly.

This is the script for card authentication, i was select the application before run this script:
CL : --> 00 84 00 00 08
CL : <-- A8 47 0C 6E 29 1E 49 E8 90 00

SAM : --> 00 F1 00 00 2D FF FF FF FF FF FF FF FF 00 00 01 00 00 01 14 10 12 04 35 21 14 10 12 03 46 21 00 00 01 80 04 27 2B 82 D7 2A 80 A8 47 0C 6E 29 1E 49 E8
SAM : <-- 90 FE 99 C4 03 21 1C D5 FD 1C 71 7E B2 4E 1C 36 58 FA A9 05 AC 24 39 7F 68 CA E3 B1 E8 A9 BC ED FD 4E D5 A2 04 CC 84 8E 28 90 00

// This step that return 67 00 from PN7150
CL : --> 00 82 00 00 28 90 FE 99 C4 03 21 1C D5 FD 1C 71 7E B2 4E 1C 36 58 FA A9 05 AC 24 39 7F 68 CA E3 B1 E8 A9 BC ED FD 4E D5 A2 04 CC 84 8E 28
CL : <-- 79 67 ED 39 F2 56 B6 07 24 CF E7 18 2D 07 41 7E A0 D3 FA 4C 26 E1 2E B7 D7 3A 2B EF 3F D6 19 B6 74 60 DB 77 9B 43 94 D0 90 00

SAM : --> 00 F2 00 00 28 79 67 ED 39 F2 56 B6 07 24 CF E7 18 2D 07 41 7E A0 D3 FA 4C 26 E1 2E B7 D7 3A 2B EF 3F D6 19 B6 74 60 DB 77 9B 43 94 D0
SAM : <-- 90 00

0 Kudos
4,082 Views
jimmychan
NXP TechSupport
NXP TechSupport

I asked our MIFARE expert for helping this issue.

Here is the reply:

====================

 

Still I believe that the ISOExternalAuthenticate command that the customer sends is wrong. He is sending length 0x28, whereas the length should only be 0x10 for 2K3DES keys or 0x20 for AES keys.

Unfortunately I don`t know what exactly the SAM reader is doing, as this doesn`t seem to be a MIFARE SAM. The commands are unknown to me (0xF0 and 0xF1 are no MIFARE SAM commands).

 

Also I am surprised that some data is returned as response to ISOExternalAuthenticate command.

MIFARE DESFire does not return any response data to the ISOExternalAuthenticate command. Only the ISOMutualAuthenticate command would return some data, but this is not implemented on MIFARE DESFire.

 

See also in one image extracted from the ISO/IEC 7816-4 standard.

pastedImage_31.png

Below are two examples where I executed ISOGetChallenge and ISOExternalAuthenticate with my DESFire card:

 

ISOExternalAuthentication using 2K3DES key on MIFARE DESFire

Name: 4 alMfdfEv2.Sw: IsoSelectFile (PICC Level)
Transmitted: 00A4040007D276000085010000
Response:     9000

 

Name: 6 alMfdfEv2.Sw: IsoGetChallenge
Transmitted: 0084000008
Response:   

82967D273F2FA80B9000

 

Name: 7 alMfdfEv2.Sw: IsoExternalAuthenticate
Transmitted: 0082000010CD72DFC6E6D040A48D616EB9527B5787
Response:     9000

 

ISOExternalAuthentication using AES key on MIFARE DESFire

Name: 8 alMfdfEv2.Sw: IsoSelectFile_1
Transmitted: 00A4040C10A00000039656434103F015400000000B00
Response:     9000

 

Name: 10 alMfdfEv2.Sw: IsoGetChallenge

Transmitted: 0084000010
Response:     48E5EEFD557AA3D2974F54229D06FD439000

Name: 11 alMfdfEv2.Sw: IsoExternalAuthenticate
Transmitted: 008200802042BB47ED88653753823C543E42A80C84613B394DB2132328CCCD6F2560E1B109
Response:     9000

====================