- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- Home
- :
- Identification and Security
- :
- NFC
- :
- Reading and decrypting files on MIFARE DESFire EV1 vs EV3
Reading and decrypting files on MIFARE DESFire EV1 vs EV3
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Reading and decrypting files on MIFARE DESFire EV1 vs EV3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a problem with reading and decrypting EV1 and EV3 version of MIFARE DESFire smart cards. I'm using Dot Net 8.0 and C#, both on Windows and Linux, and PCSC sharp.
If I read and decrypt EV3 card in one specific way, everything works, but only for EV3 cards. For EV1 card I get SW1 SW2 = 0x67, 0x00. This code is:
internal static byte[] ReadEV3(SCardReader reader, int filekey, Kriptografija? kripto) {
byte[] cmd = [0xBD, .. new byte[] { (byte)filekey }, .. new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }];
byte[] res = new byte[2048];
var sta = reader.Transmit(cmd, ref res);
// Error handling code omitted for brevity, but for EV1 cards SW1 SW2 = 0x67 0x00
byte[] data = new byte[2048];
if (res[0] == 0xAF) // If APDU cmd is set as in the beginning, first unfinished block will be prefixed with 0xAF. {
data = res.Skip(1).ToArray();
bool af = true;
byte[] cmdAF = [0x90, 0xAF, 0x00, 0x00, 0x00]; // "Give me more"
while (af) {
res = new byte[2048];
sta = reader.Transmit(cmdAF, ref res);
// Error handling code omitted for brevity.
data = [.. data, .. res.Take(res.Length - 2)];
if (sw2 == 0x00)
af = false;
} else
data = res;
if (kripto != null)
data = Decrypt(data, cmd, kripto); // Decrypt method is common for the two Read methods!!!
return NoTrailingZeros(data);
}
If I read cards in a slightly different way, supposedly with APDU command in ISO 7816 "wrapper", then I can read all cards but I can not decrypt a content of an encrypted file. Reading of unencrypted file is fine. This code is:
internal static byte[] Read(SCardReader reader, int filekey, Kriptografija? kripto) {
byte[] cmd =
[0x90, 0xBD, 0x00, 0x00, 0x07, .. new byte[] { (byte)filekey }, .. new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }];
byte[] res = new byte[2048];
var sta = reader.Transmit(cmd, ref res);
// Error handling code omitted for brevity.
byte[] data = res.Take(res.Length - 2).ToArray();
if (sw2 == 0xAF) { // If APDU cmd is set as in the beginning, no blocks are prefixed with AF, but suffixed with 91 AF.
bool af = true;
byte[] cmdAF = [0x90, 0xAF, 0x00, 0x00, 0x00]; // "Give me more"
while (af) {
res = new byte[2048];
sta = reader.Transmit(cmdAF, ref res);
// Error handling code omitted for brevity.
data = [.. data, .. res.Take(res.Length - 2)];
if (sw2 == 0x00)
af = false;
}
}
if (kripto != null)
data = Decrypt(data, cmd, kripto); // Decrypt method is common for the two Read methods!!!
return NoTrailingZeros(data);
}
Decrypt method is like this:
private static byte[] Decrypt(byte[] enc, byte[] cmd, Kriptografija kripto) {
// Error handling and validation code omitted for brevity.
kripto.SessionIV = kripto.CMAC(cmd); // The only thing different in calls to Decrypt is command content and size.
byte[] newIV = enc.Skip(enc.Length - 16).Take(16).ToArray();
byte[] data = Kriptografija.AesDecrypt(kripto.SessionKey, kripto.SessionIV.ToArray(), enc, CipherMode.CBC, PaddingMode.None);
kripto.SessionIV = newIV;
return data;
}
So, what's the catch?
What am I doing wrong?
I do not have a problem with similar code bases in Java (both for Android and desktop) but there I use appropriate NXP SDK. Alas, there's no such SDK for anything Dot Net.
I also tried to decrypt data block by block, after each Transmit, including "Give me more" command, although ReadEV3 does work OK without that, and although Logcat on Android indicates that this is not necessary.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
can you please tell me is your query solved or not because i am also facing the similar issue.
HP® Store
Best regards,
florence023
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, I did solve it, kinda, sorta, and were just preparing to post a "solution". Really, a workaround, but good one.
I discarded all those "ISO 7816 mode" things, and all those 0x90 prefixes. I saw what NXP's Android SDK says via Logcat, and rewrote APDUs like this:
internal static byte[] Read(SCardReader reader, int filekey, Kriptografija? kripto)
{
byte[] cmd = [0xBD, .. BitConverter.GetBytes(filekey).Take(3), .. new byte[] { 0x00, 0x00, 0x01, 0x00 }];
byte[] res = new byte[65536];
var sta = reader.Transmit(cmd, ref res);
// Error-handling code omitted for brevity.
byte[] data = new byte[res.Length - 1];
data = res.Skip(1).ToArray();
if (res[0] == 0xAF) {
bool af = true;
byte[] cmdAF = [0xAF];
while (af) {
res = new byte[65536];
sta = reader.Transmit(cmdAF, ref res);
// Error-handling code omitted for brevity.
data = [.. data, .. res.Skip(1)];
if (res[0] == 0x00) af = false;
}
}
if (kripto != null)
data = Decrypt(data, cmd, kripto);
return NoTrailingZeros(data);
}
The following might also be helpful.
1. For auth, command is:
byte[] cmd = new byte[] { 0xAA }.Concat(filekey).ToArray();
2. For getting (permanent) UID, command is:
byte[] cmd = [0xFF, 0xCA, 0x00, 0x00, 0x00];(Don't ask me why.)
After I got those things working, I was finally granted access to the official NXP docs about EV3 and all that, with hundreds of pages, including complete command reference manual. I suggest you try the same with them - NDAs and all that - and ask for docs about EV3 programming.
Best regards!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
