Reputation: 43
NFC communication - Mifare Desfire AES - change key command
I'm using a HID Omnikey 5321 reader to communicate with Mifare DESFire EV1 tag. I'using WinSCard DLL (in C++) to wrap Native DESFire Command in ISO 7816 APDU message structure. On the tag, I have an application with 3 keys. As the Key Settings are set to 0x0B, I authenticate with application master key to change keys values.
I manage to change application master key but not key 1 and 2.
After AES authentication with application master key, I try to change key 2 :
Old Key 2 = 00...00
New Key 2 = 22...22
I calculate CRC over (Old Key 2) XOR (New Key 2)
CRCxor = F1 4A D1 C0
I calculate CRC over Native Command
Native Command = C4 02 (New Key 2)
CRCnc = C9 1F 03 80
Then I encipher with the session key and IV set to 00
32 bytes data to encipher : (New Key 2 XOR Old Key 2) (CRCxor) (CRCnc) 00...00
APDU sended
90 C4 00 00 21 02 (enciphered data) 00
In response I get "1E" status code which mean CRC or padding error.
I also try without XORing data. I just append CRC calculated over Native Command, like I did to successfully change Master key, but I still have the same error.
I don't know where the problem is.
Upvotes: 2
Views: 2309
Answers (1)
Reputation: 1
Just a thought, but if your application code is written in Python, make sure you are using lists and bytearrays consistently. You might not be passing the data you think you are to your PCD.
Upvotes: 0
Related Questions
- Communication with MIFARE Plus SL3 (commands)
- DESFire authentication with AES
- Command compatibility between Mifare Desfire & Desfire EV1
- MIFARE DESFire Keys issue
- NFC communication - Mifare DESFire EV1 - AES
- How send NfcA command to the MIFARE card?
- Changing key in Mifare 4K Card
- Access MIFARE DESFire Card
- Communication with Mifare DESFire in Delphi
- Android NFC communication with Mifare DESFire EV1