undefined

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

undefined

Jump to solution
5,836 Views
undefined
Contributor II

undefined

0 Kudos
Reply
1 Solution
5,702 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

No, the actual value of the CmdCtr is never transmitted. The CmdCtr is reset to 0000h at PCD and
PICC after a successful AuthenticateEV2First authentication and it is maintained as long as the PICC remains authenticated. Please kindly refer to "9.1.2 Command Counter" of the data sheet for more details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

10 Replies
5,763 Views
Jonathan_Iglesias
NXP TechSupport
NXP TechSupport

Hi @undefined , 

Hope you are doing great,

Please accept our apologies for the delay there is an important holiday in my colleague country and that is why there is a little delay in our response, regarding your issue, that error means that the key used to authenticate is not the correct one to modify the file settings, basically whatever you have in your change key settings for the file is the one, I would recommend to double check the process I see you have the settings as E0EE which should require an authentication with key 00 to modify the file settings, also please first select the application then authenticate.  you can check the IV values in your process, that you are using the correct key, and confirm the file settings, check the following log I created for you doing the  Select command>Authenticate with key 01 ( since my card had the settings: Read 00 write 01 Read/Write 03 and change 01) > get file settings > change file settings

 

SELECT command

Send to card: 00A4040C07D276000085010100
Recv from card: 9000



Authenticate EV2 first

Send to card: 9071000002010000

Recv from card: 739CC6604B45430E602EC5283139F1FE91AF

PICC-to->PCD E(Kx, RndB): 739CC6604B45430E602EC5283139F1FE
Plain RNDB = 65EAF88FAF5290623DDCE478ADBE0BC4
Plain RNDA = 25E559236536A90860A28C6571F9F913
Plain RndB'= 60A28C6571F9F913EAF88FAF5290623DDCE478ADBE0BC465
Plain (RndA || RndB')= 25E559236536A90860A28C6571F9F913EAF88FAF5290623DDCE478ADBE0BC465
Encrypted (RndA || RndB'): 1EAC3CCD71A607FA2D474B4845721ADA12F20F9B63C92E1603D630EBA4B9B830



Send to card: 90AF0000201EAC3CCD71A607FA2D474B4845721ADA12F20F9B63C92E1603D630EBA4B9B83000

Recv from card: 4E4F4614CA94263B65E18D31FA6F34C15BFC7C4C499B3FDA90EA8B50A373BFEC9100



PICC-to->PCD E(Kx, TI||RndA'||PDcap2||PCDcap2): 4E4F4614CA94263B65E18D31FA6F34C15BFC7C4C499B3FDA90EA8B50A373BFEC
Plain (TI || RndA' || PDcap2 || PCDcap2)= FB72B311E559236536A90860A28C6571F9F91325000000000000000000000000
Plain RNDA' =


SV1 = 0xA5||0x5A||0x00||0x01||0x00||0x80||RndA[15..14]||(RndA[13..8] ⊕ RndB[15..10])||RndB[9..0]||RndA[7..0] 
SV1 = A55A0001008025E53CC99DB9065A90623DDCE478ADBE0BC460A28C6571F9F913
Encrypted SessionEncKey = AF479E5DFD0B91E1E0B364CB41746088

SV2 = 0x5A||0xA5||0x00||0x01||0x00||0x80||RndA[15..14]||(RndA[13..8] ⊕ RndB[15..10])||RndB[9..0]||RndA[7..0] 
SV2 = 5AA50001008025E53CC99DB9065A90623DDCE478ADBE0BC460A28C6571F9F913
Encrypted SessionMacKey = 795A1CF5300943E758AF53BD5FE5E769

CmdCtr = 0000


Get file settings



IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = F50000FB72B31102
MAC = E2D5F311756E933104D85618A1EE7207

Send to card: 90F500000902D5116E31D818EE0700

Recv from card: 00003102000100BCC4DE8C5817369D9100


IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = 000100FB72B31100003102000100
MAC = 2CBC83C49ADEAC8CA25838175036719D
phalMfNtag42XDna_GetFileSettings--------LEAVE-------- pFSBuffer=00003102000100 bBufferLen=07 [STATUS = SUCCESS]


phalMfNtag42XDna_ChangeFileSettings--------ENTRY-------- bCommMode=30 bFileNo=02 bFileOption=00 bAdditionalInfoLen=00 pAccessRights=3102



Change file settings:


plain stream(in): plain= A55AFB72B31101000000000000000000
Encrypted stream(out): enc= 596A58A577257242F81A425E74FB5F9D
IV = 596A58A577257242F81A425E74FB5F9D
plain stream(in): plain= 00310280000000000000000000000000
Encrypted stream(out): enc= C559F8442B9FD87636A54D09397553F3
IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = 5F0100FB72B31102C559F8442B9FD87636A54D09397553F3
MAC = 74E5F7EA2FF190BD1102D2EA55434D0B

 

Send to card: 905F00001902C559F8442B9FD87636A54D09397553F3E5EAF1BD02EA430B00

Recv from card: 1EE98E904AE6AACD9100
IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = 000200FB72B311
MAC = 751E34E99C8EC490E24A82E683AA91CD


 

BR

 

Jonathan 

5,825 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

We provide an example in the following link:

https://www.nxp.com/docs/en/application-note/AN12196.pdf

Please refer to section 6 for details.

 

Hope that helps,

Have a great day,


Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,798 Views
undefined
Contributor II

undefined

0 Kudos
Reply
5,746 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @Jonathan_Iglesias , 

 

Thanks for the following up!

 

Hello @undefined ,

 

Is there any progress on your side? I have checked with the expert, and he recommended not using  “80” at the end of ChangeFileSettings Data: 4000E0C1F12120000043000043000080

and he can get APDU with your settings:

905F0000190295DA3AAB53AABA618E20BFC140208CD7238DC0733225B78B00

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,735 Views
undefined
Contributor II

undefined

0 Kudos
Reply
5,726 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

Yes it is AES-128 cipher. 80h is indeed used for padding, but it is not part of Change File Settings, that’s why it is mentioned.

- Maybe problem is with CmdCtr, can you print out command counters at each command after authentication?
- Is it possible to share exact order? Because --SELECT APPLICATION-- cannot be done after --AUTHENTICATE EV2 FIRST--.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,711 Views
undefined
Contributor II

undefined

0 Kudos
Reply
5,703 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

No, the actual value of the CmdCtr is never transmitted. The CmdCtr is reset to 0000h at PCD and
PICC after a successful AuthenticateEV2First authentication and it is maintained as long as the PICC remains authenticated. Please kindly refer to "9.1.2 Command Counter" of the data sheet for more details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,680 Views
undefined
Contributor II

undefined

0 Kudos
Reply
4,620 Views
curdin
Contributor I

Hi @undefined ,

I'm running into the same issue, using the same node setup.

Can you share more information on how you computed the SV1 and SV2 values please? Did you set the CmdCtr to 0000 when computing them? 

Any help appreciated!

0 Kudos
Reply