Reading and decrypting files on MIFARE DESFire EV1 vs EV3

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Reading and decrypting files on MIFARE DESFire EV1 vs EV3

842 次查看
IkarovoPero
Contributor II

I have a problem with reading and decrypting EV1 and EV3 version of MIFARE DESFire smart cards. I'm using Dot Net 8.0 and C#, both on Windows and Linux, and PCSC sharp.

If I read and decrypt EV3 card in one specific way, everything works, but only for EV3 cards. For EV1 card I get SW1 SW2 = 0x67, 0x00. This code is:

 

internal static byte[] ReadEV3(SCardReader reader, int filekey, Kriptografija? kripto) {
	byte[] cmd = [0xBD, .. new byte[] { (byte)filekey }, .. new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }];
	byte[] res = new byte[2048];
	var sta = reader.Transmit(cmd, ref res);
	// Error handling code omitted for brevity, but for EV1 cards SW1 SW2 = 0x67 0x00
	byte[] data = new byte[2048];
	if (res[0] == 0xAF) // If APDU cmd is set as in the beginning, first unfinished block will be prefixed with 0xAF. {
		data = res.Skip(1).ToArray();
		bool af = true;
		byte[] cmdAF = [0x90, 0xAF, 0x00, 0x00, 0x00]; // "Give me more"
		while (af) {
			res = new byte[2048];
			sta = reader.Transmit(cmdAF, ref res);
			// Error handling code omitted for brevity.
			data = [.. data, .. res.Take(res.Length - 2)];
			if (sw2 == 0x00)
				af = false;
	} else
		data = res;
	if (kripto != null)
		data = Decrypt(data, cmd, kripto); // Decrypt method is common for the two Read methods!!!
	return NoTrailingZeros(data);
}

 

If I read cards in a slightly different way, supposedly with APDU command in ISO 7816 "wrapper", then I can read all cards but I can not decrypt a content of an encrypted file. Reading of unencrypted file is fine. This code is:

 

internal static byte[] Read(SCardReader reader, int filekey, Kriptografija? kripto) {
	byte[] cmd = 
		[0x90, 0xBD, 0x00, 0x00, 0x07, .. new byte[] { (byte)filekey }, .. new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }];
	byte[] res = new byte[2048];
	var sta = reader.Transmit(cmd, ref res);
	// Error handling code omitted for brevity.
	byte[] data = res.Take(res.Length - 2).ToArray();
	if (sw2 == 0xAF) { // If APDU cmd is set as in the beginning, no blocks are prefixed with AF, but suffixed with 91 AF.
		bool af = true;
		byte[] cmdAF = [0x90, 0xAF, 0x00, 0x00, 0x00]; // "Give me more"
		while (af) {
			res = new byte[2048];
			sta = reader.Transmit(cmdAF, ref res);
			// Error handling code omitted for brevity.
			data = [.. data, .. res.Take(res.Length - 2)];
			if (sw2 == 0x00) 
				af = false;
		}
	}
	if (kripto != null)
		data = Decrypt(data, cmd, kripto); // Decrypt method is common for the two Read methods!!!
	return NoTrailingZeros(data);
}

 

Decrypt method is like this:

 

private static byte[] Decrypt(byte[] enc, byte[] cmd, Kriptografija kripto) {
	// Error handling and validation code omitted for brevity.
	kripto.SessionIV = kripto.CMAC(cmd); // The only thing different in calls to Decrypt is command content and size.
	byte[] newIV = enc.Skip(enc.Length - 16).Take(16).ToArray();
	byte[] data = Kriptografija.AesDecrypt(kripto.SessionKey, kripto.SessionIV.ToArray(), enc, CipherMode.CBC, PaddingMode.None);
	kripto.SessionIV = newIV;
	return data;
}

 

So, what's the catch?
What am I doing wrong?

I do not have a problem with similar code bases in Java (both for Android and desktop) but there I use appropriate NXP SDK. Alas, there's no such SDK for anything Dot Net.

I also tried to decrypt data block by block, after each Transmit, including "Give me more" command, although ReadEV3 does work OK without that, and although Logcat on Android indicates that this is not necessary.

标签 (2)
0 项奖励
回复
0 回复数