Reply To: MifareDesfire EV1 ChangeKey always returns 0x1E

Forum MIFARE and NFC Reader IC`s MifareDesfire EV1 ChangeKey always returns 0x1E Reply To: MifareDesfire EV1 ChangeKey always returns 0x1E

Re: MifareDesfire EV1 ChangeKey always returns 0x1E

19. September 2016 at 12:28
Dear Mifare,

I'm struggeling with changing a key on a MifareDesfire EV1 tag.
If anybody has a clue what i'm doing wrong, please let me know.


Send: 0xAA+KeyNo

RndA: 2347C1557F80707ABDFF86BF9D965CA7
RndB: 966AED41B73F42349D5A9A7256C52015

Send: 0xAF+ekNo(RndA+RndB)

Authentication done! And successful due to the status byte of the 0xAF command

Change Key
(Case II in the desfire functional specification, since the Key access condition on the application is 0x0E and the KeyNo is the same with the one used in the authentication)

KeyNo: 01
Key: 01010101010101010101010101010101
KeyVersion: 00

CRC32 is generated over following data:
CMD + KeyNo + Key + KeyVersion
C4 01 01010101010101010101010101010101 00
CRC32 Result: BA89C28A

For the CRC32 calculation:
Polynomial: 0x04C11DB7
Initial Value: 0xFFFFFFFF
Final XOR: 0x00000000
In Reflection: false
Out Reflection: false

Send Change Key Command:
CMD + KeyNo + Ciphered(Key + KeyVersion + CRC32 + Padding)

Does anybody have an idea for this? i always get 0x1E from the MifareDesfire tag, also with different CRC32 settings

Best Regards,

+ 0  |  - 0