FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

DESFire authentification with a SAM AV2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DESFire authentification with a SAM AV2

‎06-23-2017 12:07 AM
2,201 Views
christophelalle
Contributor II

Hello,
I try to authenticate a DESFire EV1 card with a SAM AV2 with command SAM_AuthenticatePICC, but that do not run correctly.

First of all, I want to say the card authentication run correctly when I read the session key in the SAM with the command SAM_DumpSecretKey. But it is not the goal of the developement.

Now, my problem is the SAM does not send the status word (SW) after it sent the first part of the command (it shall sent ekNo(RndA+RndB') + 0x90AF) but it sends only the 32 bytes of data.
If I send those bytes to the card, the DESFire card sends corrects data but when I send them to the SAM, it answers 0x00 0x92 0x00 0x92 and not 0x9000 as describs in the documentation.

All commands are conforms with the SAM AV2 datasheet.

Is it normal that the SAM does not sends the SW after the first command ?
Why isn't SAM send a status word at the end of the exchange ?

Thank for help
Christophe

0 Kudos
Reply
3 Replies

‎07-11-2017 07:49 AM
1,277 Views
sandrafuchs
NXP Employee
NXP Employee

Hi Christophe,

glad to hear that you got it working already.

Thanks for this valuable remark. I will have a look at it and will trigger the update of the datasheet accordingly. Thanks a lot for the input!!

Best regards,

Sandra

0 Kudos
Reply

‎07-11-2017 02:45 AM
1,277 Views
sandrafuchs
NXP Employee
NXP Employee

Hi Christophe,

can you provide us a log of the full command exchange so that we can try to figure out where the error is coming from?

Also, which response code do you receive from the DESFire card, after you sent AF + ekNo(RndA+RndB') to the card? Does it respond with a success code?

If yes, how exactly are you forwarding the 16 bytes response to the SAM AV2? Please specify the APDUs.

Thank you,

Sandra

0 Kudos
Reply

‎07-11-2017 03:00 AM
1,277 Views
christophelalle
Contributor II

Hi Sandra,

We solved this problem with a T=1 S-block to set exchange data block size to 128 bytes in the low level of firmware.

Now all exchange with SAM are OK.

I take advantage of this mail to tell you that I found errors in the datasheet of the SAM AV2 and in the application notes concerning the cryptography of the data during the exchanges between the SAM and the host.

These errors are in the construction of the SV blocks. Right constructions are in the application notes and not in the SAM AV2 datasheet. For information we are working with version 3.5 of the datasheet.

Thank you

Best regards

Christophe

De : sandrafuchs

Envoyé : mardi 11 juillet 2017 11:47

À : Lallement, Christophe <Christophe.Lallement@Gunnebo.com>

Objet : Re: - Re: DESFire authentification with a SAM AV2

NXP Community <https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg>

Re: DESFire authentification with a SAM AV2

reply from Sandra Fuchs<https://community.nxp.com/people/sandrafuchs?et=watches.email.thread> in NFC - View the full discussion<https://community.nxp.com/message/922577?commentID=922577&et=watches.email.thread#comment-922577>

0 Kudos
Reply