The NTAG 413 DNA Change Key

yangyouyong · ‎09-16-2018

About 413DNA change key section.

I have got the document AN410314.
In section 4.8.1 Table 10. I was wonder what was the key for CMAC.
As the sample `IV for CMACing` was zeros

I have tried to verify the Table 10.
But got different value on CMAC calculation.

I'm sure the CMAC algorithm was correct.

So , what was the CMAC key for Table10. Step CMAC?

Jonathan_Iglesias · ‎10-11-2018

I believe that the reason is because this table has some mistakes that will be fixed in the next release the CMAC as you can see is the CMAC is not truncated, they are using all the calculation for the CMAC instead of truncating it, as you can see in table 9 the CMAC is truncated in step 19 table 9.

BR

Jonathan

View solution in original post

Jonathan_Iglesias · ‎10-01-2018

Dear yang youyong,

There is a mistake in the application note, you are doing the correct procedure please use the KSesAuthMACKey for this procedure, the next version of the document will fix this issue, I explained in your internal case, please let me know if you have more questions.

Have a great day !

BR

Jonathan

yangyouyong · ‎10-10-2018

Hi Jonathan

As Table 10. In document AN410314.
After CMAC , the Cryptogram got 48 bit

When I use TagXplorer to change the key. from the log , just got 40 bit.
Actually , when I send the 48bit to 413DNA , just got 917e.

So, What was the content in Step Cryptogram?

Jonathan_Iglesias · ‎10-11-2018

I believe that the reason is because this table has some mistakes that will be fixed in the next release the CMAC as you can see is the CMAC is not truncated, they are using all the calculation for the CMAC instead of truncating it, as you can see in table 9 the CMAC is truncated in step 19 table 9.

BR

Jonathan

yangyouyong · ‎10-17-2018

Hi, Jonathan

I have tried to change the file settings use APDU , as described in Doc . AN410314, Section 4.7 Table9.

After I Changed the FileAR.Read = 0 , I still can read the NDEF file without any authorization.

As you mentioned before, Cmd.ISOReadBinary works if targeted file (NDEF) is configured with at least one of FileAR.Read, FileAR.ReadWrite, FileAR.SDMFileRead to 0xE

I have changed the FileAR.Read = 0, FileAR.ReadWrite = 0.

Then how can I change the FileAR.SDMFileRead access right?

Does FileAR.SDMFileRead means the same as Table9, step8:

SDM Access Rights (LSB first!) Bit 15-12=E(Plain mirroring)

Can I change the FileAR.SDMFileRead access right in 413 DNA?

yangyouyong · ‎10-17-2018

Hi, Jonathan

I have tried to change the file settings use APDU , as described in Doc . AN410314, Section 4.7 Table9.

After I Changed the FileAR.Read = 0

I still can read the NDEF file without any authorization.

As you mentioned before, Cmd.ISOReadBinary works if targeted file (NDEF) is configured with at least one of FileAR.Read, FileAR.ReadWrite, FileAR.SDMFileRead to 0xE

I have changed the FileAR.Read = 0, FileAR.ReadWrite = 0.

Then how can I change the FileAR.SDMFileRead access right?

Does FileAR.SDMFileRead means the same as Table9, step8:

|

SDM Access Rights (LSB first!) Bit 15-12=E(Plain mirroring)

|

Can I change the FileAR.SDMFileRead access right in 413 DNA?

yangyouyong · ‎10-12-2018

Jonathan,

I finished change key .

Thanks for your help .