I am trying to change the keyno1 of my application but I am having some problems.
The keySettings are defined to 0f 02. I am able to authenticate to key0 and get the session key.

The old key is 00..00 since I have not changed it. And the new key I want to set is 0x00112233445566778899AABBCCDDEEFF. When I send the command to the PICC always returns a 911E (apparently it doesn´t like the CRC or the padding).

Assuming that my key is 00.00 the XOR does not affect the key, so the first parameter I guess should be the new key itself. Then I calculate the CRC and I get 69CC (Is that correct???), so I have to append it twice (once for the XORed key and once for the new key), and then I append 4 0x00s as padding.

Here are the values I am receiving right now:

Session Key: D8 15 60 CE 33 55 7D BC 3E F4 34 EA 1D FF F9 28
Old Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
New Key: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF

Key Data: 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF 69 CC 69 CC 00 00 00 00
Transmitted data: 71 66 0B 4C C6 EB A6 F9 D6 36 86 2F 6A ED 33 E5 D9 84 50 B0 04 6B A9 85

Can anyone complete the key changing using this values and pass mw the values I should receive in all the steps?? I must be doing something bad bat I have read the documentation and I don´t know where.

Thanks, Gorka

How to test?

If you would like to give libfreefare's Mifare DESFire support a try:

svn co https://nfc-tools.googlecode.com/svn/branches/libfreefare-desfire
cd libfreefare-desfire
autoreconf -is
./configure --prefix="/usr"
make
make install

Then you can read the mifare_desfire(3) man page, and have a look to the examples and the unit test suite to get started.

What to test ?

Well, actually I only ported a regression test suite (supposed to be inspired by some code from NXP) to cutter [2] to check my implementation, and since I only own a single Mifare DESFire 4K card, I only have tested with it.

I would be interested in feedback about building the software on other platforms (I run FreeBSD-8 amd64), running the regression test suite, using Mifare DESFire 2K / 8K, your experiments results, etc…

I have to mention that I had some trouble when using a Snapper Feeder and the problem has been reported to Snapper, but the problem might be tied to this reader or at the chip the device uses since I could not reproduce it on a touchatag device, so if the communication with the tag stops unexpectedly at random locations, please try with another device and report the issue.

Due credits:
This work was sponsored by IL4P [3] the Mifare DESFire tag was donated by SpringCard [4].

Thank you for your feedback!

Romain

References:
  1. http://code.google.com/p/nfc-tools/wiki/libfreefare
  2. http://cutter.sourceforge.net/
  3. http://www.il4p.fr/
  4. http://www.springcard.com/

I'm currently working on a DESFire implementation based on libnfc.
Currently I have a working implementation where I'm able to authenticate, create and delete applications/files, etc...
Now I'm working on security. I want different applications that use different keys to authenticate.
I have access to the documentation of NXP but it's still not clear how to do this.
Currently I create an application with the following raw APDU command:
0xca,0x0,0x0,cid,0x01,0x01 where "cid" is the application ID. I believe the next bit says that I use application key nimber 1? is that correct? And the one thereafter says that I want to use Native TDES mode? but I'm unsure of that as well. Could somebody clarify the situation for me?

I was wondering if the MiFare SmartMx is similar to the Mifare DES.

Is there anyway to crack the keys on the MX? or sniff them out, this could work?

I want to use a DESFire card to encrypt 16B data with an internal stored key.
(No mutual auth, only the Card should be authenticated)

IMHO the ISO7816-4 INTERNAL AUTHENTICATE command  http://www.cardwerk.com/smartcards/smar … x#chap6_13
can be used for that purpose.

As stated in http://ridrix.wordpress.com/2009/09/19/ … n-example/
and http://www.nxp.com/acrobat_download2/ex … DS_N_1.pdf (page 8)
the DESFire EV1 does support that command

I did not found that command used in the libnfc-source (I think you only use native and native-wrapped commands)
but it seems to be used in http://www.springcard.com/support/apido … ml#robo114

I tried to dispatch some ISO7816-4 Commands to the PICC and got responses, but no success with INTERNAL AUTHENTICATE.

CMD-Bytes:

                    byte[] internalAuth = new byte[]{ 
                            0x00,    //CLA    As defined in 5.4.1
                            (byte)0x88,    //INS    '88'  INTERNAL AUTHENTICATE
                            0x00,              //P1    Reference of the algorithm in the card
                            0x00,              //P2    Reference of the secret, see table 65
                            0x10,               //Lc    Length of the subsequent data field
                            
                            0x00,          //Payload, Authentication related data (e.g. challenge)
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,          
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            
                            0x10        //Le field     Maximum number of bytes expected in response 
                            
                    };

Response

6d 00

according to http://javacard.vetilles.com/2006/09/26 … n-iso7816/
6d means "The instruction code is not supported (usually with XX=00)"

That is nothing I expected,  http://www.cardwerk.com/smartcards/smar … chap6_13_5
lists the response codes for INTERNAL AUTHENTICATE as:

The following specific error conditions may occur. 
SW1='69' with SW2='84': Referenced data invalidated
                  '85': Conditions of use not setisfied
SW1='6A' with SW2='86': Incorrect parameters P1-P2
                  '88': Referenced data not found

Each of that would be fine, but what should I think about 6d, "instruction not supported"?

OK, here are my Questions:
1. What is your opinion about using INTERNAL AUTHENTICATION to challenge/response-sign (arbitrary) 16b data?
2. How can I use ISO-7816-4 APDU's with DESFire (in general)?
3. How to use ISO-7816-4's INTERNAL AUTHENTICATE?

Thanks in advance,
Max

Partha

I am trying to migrate the AES part of the DESFire Ev1 to the application I use in my mobile to read DESFire tags. I completed the authentication properly and now I have a problem trying to get the CMAC values and the IV vectors.

I know I have to implement the SP 800-38B specification to get the CMAC values. Actually, I can diversificate an AES Master Key, so the SubKey generation and the CMAC calculation shoul be ok. So, I guess it must bt a problem of concept. I tried to compare my code in JAVA with the one available in libnfc in C++ and I cannot get the wrong step.

Assume that I want to make a read and that I already have the sessionKey and a IV that is different from 0x00..000. When I start the subKey phase I think I have to use the 0x00..000 IV (not the new I got) and the sessionKey (not the application key) in order to get the k0 key , is that correct?

Well, once the SubKeys are correctly generated I have k1 and k2. The command I use to read is : BD010000000F0000. Then I guess I have to apply the padding to 32 bytes:     (byte) 0xBD, (byte) 0x02, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x0F, (byte) 0x00, (byte) 0x00, (byte) 0x80, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00. So now since I have applied padding I use k2 to xor the second half of my input and then I encrypt the result and encrypt it using the sessionKey and the IV (that is 0x93..32). The CMAC is 32 bytes long.

Can someone tell my what I am doing wrong or at least guide me, because I don´t know how to solve the problem.

Thanks a lot.

Gorka.

I'm working with DESFire EV1 cards that have their key type set to 3DES. I'd really like to change to 3 key 3DES or AES.  I have two questions I haven't been able to figure out.

1. Is it possible to change the key type on existing cards?
2. How do I set the key type for new cards?

Thanks,

Tony

I want to make a program that accesses a DESFire and I have a doubt function mifare_desfire_authenticate(MifareTag tag, uint8_t key_no, MifareDESFireKey key). This function must be given as an argument MifareDESFireKey structure, this structure is the variable data, which I think is the encryption key, but the function don't use  this variable.

My question is, is this function can be started any card or only those that have an 0s encryption key?

Thanks

Standar AES 128
AIDs: 0x4f5931
file ids:
00 file type: standard data
comm.settings: file fully enciphered communication
acces rights r:3 w:15 r/w:15  c.a.r:15
file size 16
01  file type: standard data
comm.settings: file fully enciphered communication
acces rights r:3 w:15 r/w:15  c.a.r:15
file size 16
02  file type: standard data
comm.settings: file fully enciphered communication
acces rights r:2 w:3 r/w:3  c.a.r:1
file size 224
03 file type: standard data
comm.settings: file fully enciphered communication
acces rights r:2 w:5 r/w:5  c.a.r:1
file size 64
04 file type: standard data
comm.settings: file fully enciphered communication
acces rights r:2 w:4 r/w:4  c.a.r:1
file size 48
05 file type: standard data
comm.settings: file fully enciphered communication
acces rights r:2 w:3 r/w:3  c.a.r:1
file size 96
06 file type: standard data
comm.settings: file fully enciphered communication
acces rights r:2 w:3 r/w:3  c.a.r:1
file size 160
07 file type: standard data
comm.settings: file fully enciphered communication
acces rights r:2 w:6 r/w:6  c.a.r:1
file size 16

i have another card from other transpot city of EU, but yet i´m not going to publish the information ( sorry)

we are working in a little proyect to break mifare desfire security
ass soon as we get it we will publish it

Has anybody succeeded in authenticating to a DESfire card, then reading/writing data?

I don't know/understand the specifics of DES enough to implement it, from reading publicly available info (i.e http://ridrix.wordpress.com/2009/09/19/ … n-example/ ), my attempts to implement it using the OpenSSL libs haven't gotten far (get 0xAE response) Its probably due to the wrong DES mode or XORing the wrong data.

I don't want to sign an NDA with NXP to get hold of the potentially valuable DESfire Hints doc either.

If someone can post/contribute a working authentication function I'd be willing to return the favour.. i.e write desfire functions for libfreefare