AnsweredAssumed Answered

How to verify the CMAC myself?

Question asked by Manuel Mertl on Jun 15, 2020
Latest reply on Jul 23, 2020 by Jonathan Iglesias


Hi, my name is Manuel and  I am software engineer. Recently I bought some of your NTAG 424 DNA, that I want to use for a product authenticity solution.



I read through some documents but mainly the following two: 



I bought a Identiv u Trust 3700 F CL reader that is connected to my MacBook Pro and i am running the NXP TagXplorer.



Using this as an example URL, where I have 3 custom params at the end, "n", "t", "p":


I activated "ADD TAG UID", "ADD INTERACTION COUNTER" and "ENABLE SUN MESSAGE". I also set the calculated offset Index at 33 which is right after the questionmark in the URL (i hope this is correct?!)



after writing this information to the tag i am going to NTAG 424 DNA Secruity settings where i hit "Authenticate First"


(for this first try i dont want to change any of the default keys on the chip, that would be my next step once i get this simple example working)



After being successfully authenticated


I am going to the "File Management" options and set the following data:





When i go now to NDEF Operations and click on READ NDEF button, it will give me for example this URI here:

if i click the Read from Tag button again it gives me:


which gives me the same uid, but an incremented counter and a new cmac which i guess is correct.


This data is now being sent to the backend, but how can i now recalculate the cmac(3E12626CBBFB3FB9) given in the URI from the two params uid(044B6A4A4E6880) and ctr(000021) in my backend?


I guess I also need to know the key that was used to encrypt it also on the backend, correct?

I guess in this default case the key is just 16bits of zero like this 0000000000000000, correct?


But how exactly would this calculation now work? I cant figure it out with the two documents above.

Can you please give me a step by step example for this cmac calculation on my backend with my values given here?


Thanks for your help in advance.