Forum › MIFARE and NFC Reader IC`s › MifareDesfire EV1 ChangeKey always returns 0x1E › Reply To: MifareDesfire EV1 ChangeKey always returns 0x1E
Dear Mifare,
I'm struggeling with changing a key on a MifareDesfire EV1 tag.
If anybody has a clue what i'm doing wrong, please let me know.
Authentication
Send: 0xAA+KeyNo
AA01
F0EB0D0CFC2813E1A27DF59AD8CC14FE
RndA: 2347C1557F80707ABDFF86BF9D965CA7
RndB: 966AED41B73F42349D5A9A7256C52015
Send: 0xAF+ekNo(RndA+RndB)
AF7DCB12232A7D1F871A5821209926B51D693B9D14CE20AFF27704483BE82640A5
007EE6CE4467AF6EF95842195DA2874DFA
Authentication done! And successful due to the status byte of the 0xAF command
Change Key
(Case II in the desfire functional specification, since the Key access condition on the application is 0x0E and the KeyNo is the same with the one used in the authentication)
KeyNo: 01
Key: 01010101010101010101010101010101
KeyVersion: 00
CRC32 is generated over following data:
CMD + KeyNo + Key + KeyVersion
C4 01 01010101010101010101010101010101 00
CRC32 Result: BA89C28A
For the CRC32 calculation:
Polynomial: 0x04C11DB7
Initial Value: 0xFFFFFFFF
Final XOR: 0x00000000
In Reflection: false
Out Reflection: false
Send Change Key Command:
CMD + KeyNo + Ciphered(Key + KeyVersion + CRC32 + Padding)
C401472EC6BB5B5472910C01CC3B2ED8CEC56725491508E1408CCF03110FBB31733A
1E
Does anybody have an idea for this? i always get 0x1E from the MifareDesfire tag, also with different CRC32 settings
Best Regards,
Chris
I'm struggeling with changing a key on a MifareDesfire EV1 tag.
If anybody has a clue what i'm doing wrong, please let me know.
Authentication
Send: 0xAA+KeyNo
AA01
F0EB0D0CFC2813E1A27DF59AD8CC14FE
RndA: 2347C1557F80707ABDFF86BF9D965CA7
RndB: 966AED41B73F42349D5A9A7256C52015
Send: 0xAF+ekNo(RndA+RndB)
AF7DCB12232A7D1F871A5821209926B51D693B9D14CE20AFF27704483BE82640A5
007EE6CE4467AF6EF95842195DA2874DFA
Authentication done! And successful due to the status byte of the 0xAF command
Change Key
(Case II in the desfire functional specification, since the Key access condition on the application is 0x0E and the KeyNo is the same with the one used in the authentication)
KeyNo: 01
Key: 01010101010101010101010101010101
KeyVersion: 00
CRC32 is generated over following data:
CMD + KeyNo + Key + KeyVersion
C4 01 01010101010101010101010101010101 00
CRC32 Result: BA89C28A
For the CRC32 calculation:
Polynomial: 0x04C11DB7
Initial Value: 0xFFFFFFFF
Final XOR: 0x00000000
In Reflection: false
Out Reflection: false
Send Change Key Command:
CMD + KeyNo + Ciphered(Key + KeyVersion + CRC32 + Padding)
C401472EC6BB5B5472910C01CC3B2ED8CEC56725491508E1408CCF03110FBB31733A
1E
Does anybody have an idea for this? i always get 0x1E from the MifareDesfire tag, also with different CRC32 settings
Best Regards,
Chris
+ 0
|
- 0