Auth desfire ev3 AES key return different RandA'

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Auth desfire ev3 AES key return different RandA'

340 Views
amrin-hexondata
Contributor II

I'm trying to authenticate desfire ev3 with default AES (16 bytes 0) via apdu.

However I'm getting non identical RandA' after sending RandA || RandB'. You can check to see if the problem lies in my encryption. I clipped my encryption code in the photo attached.

I use key and iv of zeros for encrypt and decrypt. When auth with des/2ktdes, I follow this following step.
 
Send -> [0x0A, 0x00]
Respond -> [0xAF, RandB_Encrypted]
 
Then I decrypt RandB_Encrypted -> RandB
Rotate left by 1 byte -> RandB_rotate
Generate RandA_Encrypted
Decrypt RandA_Encrypted -> RandA
XOR RandA, RandB_rotate -> RandAB
Encrypt XOR -> RandAB_Encrypted
Concat RandA + RandAB_Encrypted -> dataToSend
 
Send  -> [0xAF, dataToSend]
Respond -> [0x00, RandA'_Encrypted]
 
Then I decrypt RandA'_Encrypted -> newRandA
Rotate right by 1 byte -> newRandA_rotate
 
compare newRandA_rotate and RandA_Encrypted
success
 
 
However after creating application with keytype AES. I couldn't finish the authentication process. I follow the exact same steps as above, and I'm getting different RandA' at authentication part 2. Is the step for auth with AES different from des/2ktdes?
Command used for auth AES -> [0xAA, 0x00]



Thank you for your time.

0 Kudos
Reply
3 Replies

284 Views
Fabian_R
NXP TechSupport
NXP TechSupport

Hello sir,

My apologies, there are some differences between the procedure and the one explained in our files. Unfortunately, these are secured files and, cannot be disclosed openly. It is required to sign an NDA and, request the files by yourself following this User Manual and FAQ.

Best Regards,
Fabian
0 Kudos
Reply

269 Views
amrin-hexondata
Contributor II
Hi Fabian, thank you for the reply. I do have access to the secured files. I tried to follow the steps in the document, but im still not able to auth using aes.
0 Kudos
Reply

259 Views
Fabian_R
NXP TechSupport
NXP TechSupport

Hello sir,

As I mentioned, the implementation of the encryption isn't correct. Our NFC Reader Library has great examples explaining these procedures with our API. I highly recommend using one of our readers to perform a correct authentication.

Best Regards,
Fabian
0 Kudos
Reply