帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

TapLinx DesfireEV2.format() fails with exception Length Error SW2 = 126

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

TapLinx DesfireEV2.format() fails with exception Length Error SW2 = 126

‎01-09-2025 05:54 PM
1,370 次查看
eddy1231
Contributor I

I'm trying to modify the TapLinx for Android sample app to add the facility to format an EV2 card,.

My app is registered to use the TapLinx (3.1.0) library, built and the vanilla read/write functions of the sample app work as expected.

I understand that prior to using desFireEV2.format() method that you must authenticate with the PICC master key and selected application has to be 0.

My EV2 cards have a non-default AES PICC master key, therefore my code is similar to this:

// Select Application 0
desFireEV2.selectApplication(0);

// Authenticate with the AES PICC MASTER KEY
KeyData aesKeyData = new KeyData();
Key keyDefault = new SecretKeySpec(MY_AES128_KEY, "AES");
aesKeyData.setKey(keyDefault);
desFireEV2.authenticateEV2First(0, aesKeyData, null);

// Format
desFireEV2.format();

The selection of application 0 and AES authentication works, but the format method always fails with the Exception message "Length Error SW2 = 126".

Please can someone enlighten me as to where I'm going wrong.

Thanks.

标签 (3)
标记 (3)
0 项奖励
回复
4 回复数

‎01-10-2025 08:10 AM
1,348 次查看
Florian_Mikulik
NXP Employee
NXP Employee

Hello!

Thanks for reaching out! From what you describe, i can not see any issue, as this is how it should normally work. However, it is possible that the Format command is disabled for. Do you know or can influence the exact configuration of this card? 

A length error however usually does point into the direction of a failing authentication. The Format command requires to be sent in MACed communication mode, and if the authentication is for some reason not successful, the MAC cant be calculated. 

As a next step i would test the same code but with an intentional wrong key, to check if the Authentication would then properly fail. Another thing to try is to give instead of "null" as third parameter a proper byte array with six bytes of "00" ( 00 00 00 00 00 00 )

 

Please let us know the outcomes!

 

regards,

Florian

Customer Application Support Engineer - Gratkorn - Austria
0 项奖励
回复

‎01-10-2025 09:56 AM
1,334 次查看
eddy1231
Contributor I

Hi Florian,

Thank you for your suggestions.

I know the exact configuration of the EV2 card and can influence it.

TagInfo says:
Application ID 0x000000 (PICC)
Key configuration: (0x0B81)
AES Key
1 AES Key
Key type of active keyset: AES
Master key changeable
Master key required for
- directory list access: no
- create/delete files: yes
Configuration changeable
Master key version: 174

When I test the same code with an intentional wrong key (KEY_AES128-ZEROS), I instead get the exception "Authentication Failed".

When I change the third authenticate parameter, it makes no difference, as format still fails with exception Length Error SW2 = 126

byte[] pCDcap2 = {(byte) 0x00, (byte) 0x00,
        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00};
desFireEV2.authenticateEV2First(0, aesKeyData, pCDcap2);


I'm also pretty sure that PICC authentication is successful, because when I replace the format method with the original WriteActivity code, this works correctly adding a new application (ID:120000) to the card.

Any other suggestions?

0 项奖励
回复

‎01-14-2025 01:36 AM
1,282 次查看
Florian_Mikulik
NXP Employee
NXP Employee

Hello Eddy!

Thanks for following the proposed steps! Indeed, there seems to be something wrong possibly inside TapLinx. I have reported this internally to our R&D and will come back as soon as i get some news! 

Thanks for staying patient!

 

regards,

Florian

Customer Application Support Engineer - Gratkorn - Austria
0 项奖励
回复

‎02-04-2025 03:25 AM
1,109 次查看
Florian_Mikulik
NXP Employee
NXP Employee

Hello Eddy,

we have checked your issue, but are unable to reproduce on a fresh card. What we did: 

mIDESFireEV2.selectApplication(0);

mIDESFireEV2.authenticateEV2First(0, DESFireKeys.aesKeyDataDefault, null);

mIDESFireEV2.format();

 

basically, this is using a fresh card and runs the format command, no issue can be observed.

As the error reported is 126, this indicates a length error, it seems that the phone is transmitting the command wrongly. Do you have the possibility to provide an APDU log, meaning what data is sent between the card and the phone via NFC?

 

And: Do you have a possibility to verify with a fresh card without any settings made? It is possible to deactivate the format command on MIFARE DESFire EV2, in which case the card would reply with only one byte error code, and not with the expected 1 byte success code + 8 byte CMAC. So pleas verify that Format is allowed on the card you are using.

 

Br,

Florian

 

Customer Application Support Engineer - Gratkorn - Austria
0 项奖励
回复