undefined

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

undefined

跳至解决方案
5,837 次查看
undefined
Contributor II

undefined

0 项奖励
回复
1 解答
5,703 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

No, the actual value of the CmdCtr is never transmitted. The CmdCtr is reset to 0000h at PCD and
PICC after a successful AuthenticateEV2First authentication and it is maintained as long as the PICC remains authenticated. Please kindly refer to "9.1.2 Command Counter" of the data sheet for more details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

10 回复数
5,764 次查看
Jonathan_Iglesias
NXP TechSupport
NXP TechSupport

Hi @undefined , 

Hope you are doing great,

Please accept our apologies for the delay there is an important holiday in my colleague country and that is why there is a little delay in our response, regarding your issue, that error means that the key used to authenticate is not the correct one to modify the file settings, basically whatever you have in your change key settings for the file is the one, I would recommend to double check the process I see you have the settings as E0EE which should require an authentication with key 00 to modify the file settings, also please first select the application then authenticate.  you can check the IV values in your process, that you are using the correct key, and confirm the file settings, check the following log I created for you doing the  Select command>Authenticate with key 01 ( since my card had the settings: Read 00 write 01 Read/Write 03 and change 01) > get file settings > change file settings

 

SELECT command

Send to card: 00A4040C07D276000085010100
Recv from card: 9000



Authenticate EV2 first

Send to card: 9071000002010000

Recv from card: 739CC6604B45430E602EC5283139F1FE91AF

PICC-to->PCD E(Kx, RndB): 739CC6604B45430E602EC5283139F1FE
Plain RNDB = 65EAF88FAF5290623DDCE478ADBE0BC4
Plain RNDA = 25E559236536A90860A28C6571F9F913
Plain RndB'= 60A28C6571F9F913EAF88FAF5290623DDCE478ADBE0BC465
Plain (RndA || RndB')= 25E559236536A90860A28C6571F9F913EAF88FAF5290623DDCE478ADBE0BC465
Encrypted (RndA || RndB'): 1EAC3CCD71A607FA2D474B4845721ADA12F20F9B63C92E1603D630EBA4B9B830



Send to card: 90AF0000201EAC3CCD71A607FA2D474B4845721ADA12F20F9B63C92E1603D630EBA4B9B83000

Recv from card: 4E4F4614CA94263B65E18D31FA6F34C15BFC7C4C499B3FDA90EA8B50A373BFEC9100



PICC-to->PCD E(Kx, TI||RndA'||PDcap2||PCDcap2): 4E4F4614CA94263B65E18D31FA6F34C15BFC7C4C499B3FDA90EA8B50A373BFEC
Plain (TI || RndA' || PDcap2 || PCDcap2)= FB72B311E559236536A90860A28C6571F9F91325000000000000000000000000
Plain RNDA' =


SV1 = 0xA5||0x5A||0x00||0x01||0x00||0x80||RndA[15..14]||(RndA[13..8] ⊕ RndB[15..10])||RndB[9..0]||RndA[7..0] 
SV1 = A55A0001008025E53CC99DB9065A90623DDCE478ADBE0BC460A28C6571F9F913
Encrypted SessionEncKey = AF479E5DFD0B91E1E0B364CB41746088

SV2 = 0x5A||0xA5||0x00||0x01||0x00||0x80||RndA[15..14]||(RndA[13..8] ⊕ RndB[15..10])||RndB[9..0]||RndA[7..0] 
SV2 = 5AA50001008025E53CC99DB9065A90623DDCE478ADBE0BC460A28C6571F9F913
Encrypted SessionMacKey = 795A1CF5300943E758AF53BD5FE5E769

CmdCtr = 0000


Get file settings



IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = F50000FB72B31102
MAC = E2D5F311756E933104D85618A1EE7207

Send to card: 90F500000902D5116E31D818EE0700

Recv from card: 00003102000100BCC4DE8C5817369D9100


IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = 000100FB72B31100003102000100
MAC = 2CBC83C49ADEAC8CA25838175036719D
phalMfNtag42XDna_GetFileSettings--------LEAVE-------- pFSBuffer=00003102000100 bBufferLen=07 [STATUS = SUCCESS]


phalMfNtag42XDna_ChangeFileSettings--------ENTRY-------- bCommMode=30 bFileNo=02 bFileOption=00 bAdditionalInfoLen=00 pAccessRights=3102



Change file settings:


plain stream(in): plain= A55AFB72B31101000000000000000000
Encrypted stream(out): enc= 596A58A577257242F81A425E74FB5F9D
IV = 596A58A577257242F81A425E74FB5F9D
plain stream(in): plain= 00310280000000000000000000000000
Encrypted stream(out): enc= C559F8442B9FD87636A54D09397553F3
IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = 5F0100FB72B31102C559F8442B9FD87636A54D09397553F3
MAC = 74E5F7EA2FF190BD1102D2EA55434D0B

 

Send to card: 905F00001902C559F8442B9FD87636A54D09397553F3E5EAF1BD02EA430B00

Recv from card: 1EE98E904AE6AACD9100
IV = 00000000000000000000000000000000

MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData) 
MAC Input Data = 000200FB72B311
MAC = 751E34E99C8EC490E24A82E683AA91CD


 

BR

 

Jonathan 

5,826 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

We provide an example in the following link:

https://www.nxp.com/docs/en/application-note/AN12196.pdf

Please refer to section 6 for details.

 

Hope that helps,

Have a great day,


Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,799 次查看
undefined
Contributor II

undefined

0 项奖励
回复
5,747 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @Jonathan_Iglesias , 

 

Thanks for the following up!

 

Hello @undefined ,

 

Is there any progress on your side? I have checked with the expert, and he recommended not using  “80” at the end of ChangeFileSettings Data: 4000E0C1F12120000043000043000080

and he can get APDU with your settings:

905F0000190295DA3AAB53AABA618E20BFC140208CD7238DC0733225B78B00

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,736 次查看
undefined
Contributor II

undefined

0 项奖励
回复
5,727 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

Yes it is AES-128 cipher. 80h is indeed used for padding, but it is not part of Change File Settings, that’s why it is mentioned.

- Maybe problem is with CmdCtr, can you print out command counters at each command after authentication?
- Is it possible to share exact order? Because --SELECT APPLICATION-- cannot be done after --AUTHENTICATE EV2 FIRST--.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,712 次查看
undefined
Contributor II

undefined

0 项奖励
回复
5,704 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hello @undefined ,

 

No, the actual value of the CmdCtr is never transmitted. The CmdCtr is reset to 0000h at PCD and
PICC after a successful AuthenticateEV2First authentication and it is maintained as long as the PICC remains authenticated. Please kindly refer to "9.1.2 Command Counter" of the data sheet for more details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

5,681 次查看
undefined
Contributor II

undefined

0 项奖励
回复
4,621 次查看
curdin
Contributor I

Hi @undefined ,

I'm running into the same issue, using the same node setup.

Can you share more information on how you computed the SV1 and SV2 values please? Did you set the CmdCtr to 0000 when computing them? 

Any help appreciated!

0 项奖励
回复