AnsweredAssumed Answered

Desfire Ev1 questions

Question asked by Ibrahim KAMAL on Aug 16, 2018
Latest reply on Aug 21, 2018 by IvanRuiz



First thing first: I have allready created an account on the NXP docstore, and waiting for my account to be validated (via NDAs probably). I have also notified my local sales rep here in france (which happens to be AVNET).


So, here is the situation. I am working on a project with a kinetis (cortex M0) MCU, and a PN7150 chip. The final aim of this configuration is to read a dozen bytes, encrypted in an DESFIRE EV1 card. I have successfully implemented big parts of the communication protocol. For example, I am able to read NDEF records from a blank MIFARE DESFIRE EV1 card, on which i have written a "Hello World" text record.


So far, so good.

Now, I am trying to get the authentication part working, and to say the least, it's painful without any descent documentation. I know, i should probably wait until I get the NDA and more documents from NXP, but I need to get that project up and running ASAP, so i would really appreciate if you bare with me and give any hints that would fall out of the scope of the NDA to get me moving.

As you may probably know, the code in NXP's SDK (the one available without NDA) does not provide any DESFIRE authentication examples. So, I have built my own code for that, which is inspired from the LibFreeFare.

As very simple test to begin with, I am trying to authenticate key 0 (master key), with the key {00,00,00,00,00,00,00,00} on a blank mifare DesFire card. 

Here is the full authentication tractions, which leads at the end to an "AE" response, which i've come to understand it means "Authentication Error":


MCU -- 00 00 02 1a 00
TAG -- 60 06 03 01 00 01
TAG -- 00 00 09 af 57 d2 fc d6 a2 5f 4f 73
MCU -- 00 00 11 af 8c a6 4d e9 c1 b1 23 a7 fe bf 9c 9d 25 a3 f6 4b
TAG -- 60 06 03 01 00 01
TAG -- 00 00 01 ae


1- Is it right to try and authenticate a blank card, and is it supposed to work? I am wondering if the authentication error is normal since no authentication is needed?
2- How can I know if i should use the command 0x0A, 0x1A or 0xAA to request RNDB ? They seem to represent different encryption algorithms, right? Is there a default command that should be safely used on a blank card?
3- Is there a tool to which I can feed the number (RNDB) that can calculate the correct "RNDA+RNDB" that need to be sent back to device? I would like to at least know if it's just a cypher error or a protocol error?
4- Does it seem crazy to anyone here to run such a project on a cortex M0 MCU? Just curious about your point of view. 



Thank you very much for any hints that can get me moving forward!


ps: the same post exists in the mifare forum, but since mifare forum doesn't allow me to edit or even delete and repost my question, i couldn't correct some mitakes in my initial question, that why i am posting again here. I wouldn't do that otherwize..!