Forum › MIFARE general topics and applications › Switch from DES to AES authentication › Reply To: Switch from DES to AES authentication
Hello Samuel
I made tests with your data and found why it does not work.
Your session key is wrong.
You wrote: "Authentication OK!"
But your authentication is NOT successfull.
When you send Random A+B to the card you get Random A back encrypted.
You must check that it equals to the random A that you have generated.
I suppose you were too lazy to write that code and the result is that you do not notice that your authentication was NOT successfull.
The reason for the wrong encryption is that you reset the IV vector before doing the CBC encryption.
This is correct for legacy authentication but not for ISO and not for AES.
You must set the IV to zeroes ONLY ONCE at the beginning of the authentication function, and then leave it alone.
I made tests with your data and found why it does not work.
Your session key is wrong.
You wrote: "Authentication OK!"
But your authentication is NOT successfull.
When you send Random A+B to the card you get Random A back encrypted.
You must check that it equals to the random A that you have generated.
I suppose you were too lazy to write that code and the result is that you do not notice that your authentication was NOT successfull.
The reason for the wrong encryption is that you reset the IV vector before doing the CBC encryption.
This is correct for legacy authentication but not for ISO and not for AES.
You must set the IV to zeroes ONLY ONCE at the beginning of the authentication function, and then leave it alone.
+ 0
|
- 0