I am using DESFIRE EV2 cards using the "EV1 BACKWARD COMPATIBLE" modes.
Since the card's transport key is of type "Single DES and 2 Key TDEA Keys" according to the GetKeySettings (0x45) command, it would seem that future messages should be encrypted according to the specifications for "D40 Secure messaging". Is that correct?
For authentication I use the weak key "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" and the authentication I manage to perform is in LEGACY mode (0x0A) and a 16-byte session key is generated (e.g. : A0 A1 A2 A3 B0 B1 B2 B3 A4 A5 A6 A7 B4 B5 B6 B7).
I was unable to change the PICC configuration using the SetConfiguration (0x5c 0x00) command. The error code received is always 1E. According to the secure message specifications for D40, I am calculating the CRC in CRC-A mode (16 bits) on CMDDATA (0x00), concatenating it to CMDDATA and padding 0x00 until forming a multiple block of 8 bytes and encrypting it in SEND mode.
Could it be that the session key is malformed?
EXAMPLE:
AUTHENTICATION (Legacy)
DEFAULT KEY : 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
RNDA: 0x87 0x55 0xc9 0xb0 0xe2 0x35 0xb7 0x6f
RNDB: 0xfd 0x8c 0x0e 0xa9 0x07 0x05 0x47 0x8a
SESSION KEY: 0x87 0x55 0xc9 0xb0 0xfd 0x8c 0x0e 0xa9 0xe2 0x35 0xb7 0x6f 0x07 0x05 0x47 0x8a
SETCONFIGURATION (PICC Level)
CMDDATA : 0x00
CRC-A: 0xfe 0x51
PLAIN TEXT: 0x00 0xfe 0x51 0x00 0x00 0x00 0x00 0x00
ENCRYPTION SEND MODE : 0xf3 0x54 0x41 0x20 0xbe 0xa7 0x3f 0xfd
COMMAND SENT: 0x5c 0x00 0xf3 0x54 0x41 0x20 0xbe 0xa7 0x3f 0xfd
RESPONSE RECEIVED: 0x1e
Tks in advance
Hi
MIFARE DESFire Family is under NDA (Non-Disclosure-Agreement), I would suggest you create a case and provide the NDA number for this question.
Regards
Daniel