AnsweredAssumed Answered

Moving a Mifare Plus S 2K into SL3

Question asked by Daniel Ionita on Apr 8, 2019
Latest reply on Apr 9, 2019 by IvanRuiz



I'm having issues moving a mifare plus s 2K card into sl3. The personalization was done and the card is now in SL1, all the keys have been written in blocks 0x4000-0x403f, 0x9000-0x9003.


I'm issuing a RATS command to enter t=cl protocol and then a firstauth to 0x9003. I'm correctly getting a challenge from the card, a 16 byte rndB, which I decrypt and rotate.


However, after I issue a following auth with rndA and rndB' the card returns:

00 00 0b 01 06 90 00 instead of rndA' and the rest of needed information.

(using an omnikey, so the first 4 bytes are two zeroes, a PCB and CID and then return code 6).


From what I can see, this error means that the block does not exist or the access conditions are not fulfilled. Might this be an error in how I compose rndA|rndB'? Or is there something else I must do first?