- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
Hello @undefined ,
No, the actual value of the CmdCtr is never transmitted. The CmdCtr is reset to 0000h at PCD and
PICC after a successful AuthenticateEV2First authentication and it is maintained as long as the PICC remains authenticated. Please kindly refer to "9.1.2 Command Counter" of the data sheet for more details.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Jonathan_IglesiHi @undefined ,
Hope you are doing great,
Please accept our apologies for the delay there is an important holiday in my colleague country and that is why there is a little delay in our response, regarding your issue, that error means that the key used to authenticate is not the correct one to modify the file settings, basically whatever you have in your change key settings for the file is the one, I would recommend to double check the process I see you have the settings as E0EE which should require an authentication with key 00 to modify the file settings, also please first select the application then authenticate. you can check the IV values in your process, that you are using the correct key, and confirm the file settings, check the following log I created for you doing the Select command>Authenticate with key 01 ( since my card had the settings: Read 00 write 01 Read/Write 03 and change 01) > get file settings > change file settings
SELECT command
Send to card: 00A4040C07D276000085010100
Recv from card: 9000
Authenticate EV2 first
Send to card: 9071000002010000
Recv from card: 739CC6604B45430E602EC5283139F1FE91AF
PICC-to->PCD E(Kx, RndB): 739CC6604B45430E602EC5283139F1FE
Plain RNDB = 65EAF88FAF5290623DDCE478ADBE0BC4
Plain RNDA = 25E559236536A90860A28C6571F9F913
Plain RndB'= 60A28C6571F9F913EAF88FAF5290623DDCE478ADBE0BC465
Plain (RndA || RndB')= 25E559236536A90860A28C6571F9F913EAF88FAF5290623DDCE478ADBE0BC465
Encrypted (RndA || RndB'): 1EAC3CCD71A607FA2D474B4845721ADA12F20F9B63C92E1603D630EBA4B9B830
Send to card: 90AF0000201EAC3CCD71A607FA2D474B4845721ADA12F20F9B63C92E1603D630EBA4B9B83000
Recv from card: 4E4F4614CA94263B65E18D31FA6F34C15BFC7C4C499B3FDA90EA8B50A373BFEC9100
PICC-to->PCD E(Kx, TI||RndA'||PDcap2||PCDcap2): 4E4F4614CA94263B65E18D31FA6F34C15BFC7C4C499B3FDA90EA8B50A373BFEC
Plain (TI || RndA' || PDcap2 || PCDcap2)= FB72B311E559236536A90860A28C6571F9F91325000000000000000000000000
Plain RNDA' =
SV1 = 0xA5||0x5A||0x00||0x01||0x00||0x80||RndA[15..14]||(RndA[13..8] ⊕ RndB[15..10])||RndB[9..0]||RndA[7..0]
SV1 = A55A0001008025E53CC99DB9065A90623DDCE478ADBE0BC460A28C6571F9F913
Encrypted SessionEncKey = AF479E5DFD0B91E1E0B364CB41746088
SV2 = 0x5A||0xA5||0x00||0x01||0x00||0x80||RndA[15..14]||(RndA[13..8] ⊕ RndB[15..10])||RndB[9..0]||RndA[7..0]
SV2 = 5AA50001008025E53CC99DB9065A90623DDCE478ADBE0BC460A28C6571F9F913
Encrypted SessionMacKey = 795A1CF5300943E758AF53BD5FE5E769
CmdCtr = 0000
Get file settings
IV = 00000000000000000000000000000000
MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData)
MAC Input Data = F50000FB72B31102
MAC = E2D5F311756E933104D85618A1EE7207
Send to card: 90F500000902D5116E31D818EE0700
Recv from card: 00003102000100BCC4DE8C5817369D9100
IV = 00000000000000000000000000000000
MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData)
MAC Input Data = 000100FB72B31100003102000100
MAC = 2CBC83C49ADEAC8CA25838175036719D
phalMfNtag42XDna_GetFileSettings--------LEAVE-------- pFSBuffer=00003102000100 bBufferLen=07 [STATUS = SUCCESS]
phalMfNtag42XDna_ChangeFileSettings--------ENTRY-------- bCommMode=30 bFileNo=02 bFileOption=00 bAdditionalInfoLen=00 pAccessRights=3102
Change file settings:
plain stream(in): plain= A55AFB72B31101000000000000000000
Encrypted stream(out): enc= 596A58A577257242F81A425E74FB5F9D
IV = 596A58A577257242F81A425E74FB5F9D
plain stream(in): plain= 00310280000000000000000000000000
Encrypted stream(out): enc= C559F8442B9FD87636A54D09397553F3
IV = 00000000000000000000000000000000
MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData)
MAC Input Data = 5F0100FB72B31102C559F8442B9FD87636A54D09397553F3
MAC = 74E5F7EA2FF190BD1102D2EA55434D0B
Send to card: 905F00001902C559F8442B9FD87636A54D09397553F3E5EAF1BD02EA430B00
Recv from card: 1EE98E904AE6AACD9100
IV = 00000000000000000000000000000000
MAC Input Data = Cmd || CmdCtr || TI || CmdHeader || E(CmdData)
MAC Input Data = 000200FB72B311
MAC = 751E34E99C8EC490E24A82E683AA91CD
BR
Jonathan
Hello @undefined ,
We provide an example in the following link:
https://www.nxp.com/docs/en/application-note/AN12196.pdf
Please refer to section 6 for details.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello @Jonathan_Iglesias ,
Thanks for the following up!
Hello @undefined ,
Is there any progress on your side? I have checked with the expert, and he recommended not using “80” at the end of ChangeFileSettings Data: 4000E0C1F12120000043000043000080
and he can get APDU with your settings:
905F0000190295DA3AAB53AABA618E20BFC140208CD7238DC0733225B78B00
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello @undefined ,
Yes it is AES-128 cipher. 80h is indeed used for padding, but it is not part of Change File Settings, that’s why it is mentioned.
- Maybe problem is with CmdCtr, can you print out command counters at each command after authentication?
- Is it possible to share exact order? Because --SELECT APPLICATION-- cannot be done after --AUTHENTICATE EV2 FIRST--.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hello @undefined ,
No, the actual value of the CmdCtr is never transmitted. The CmdCtr is reset to 0000h at PCD and
PICC after a successful AuthenticateEV2First authentication and it is maintained as long as the PICC remains authenticated. Please kindly refer to "9.1.2 Command Counter" of the data sheet for more details.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @undefined ,
I'm running into the same issue, using the same node setup.
Can you share more information on how you computed the SV1 and SV2 values please? Did you set the CmdCtr to 0000 when computing them?
Any help appreciated!
