Authentication Problem Desfire EV1 with AES

Forum / MIFARE SDK / Authentication Problem Desfire EV1 with AES

  • 11. January 2017 at 17:44
    Hello,

    I'm getting following error at trying to authenticate:

    error:0606508A:digital envelope routines:EVP_DecryptFinal_ex:data not multiple of block length

    My Android project is very close to the sample application mifare provides.
    I try to authenticate in the following way:

    desFireEV1.selectApplication(1);
    Key key = new SecretKeySpec(KEY_AES,"AES");
    KeyData keyData = new KeyData();
    keyData.setKey(key);
    desFireEV1.authenticate(0,IDESFireEV1.AuthType.AES,KeyType.AES128,keyData);

    any Ideas

    Greetings

    Ingo
    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    13. January 2017 at 16:59
    Hi Ingo,

    Do you use the TapLinx SDK? The function EVP_DecryptFinal_ex() is no part of TapLinx.

    The TapLinx Team

    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    14. January 2017 at 9:21
    Hello,

    yes I'm using the TapLinx SDK. I'm providing a little bit more of my code. Just changed the key value for this post.
    The error (error:0606508A:digital envelope routines:EVP_DecryptFinal_ex:data not multiple of block length)
    occurs at the all of the authenticate method.

    I'm testing on a Samsung Galaxy s5 mini(SM-G800F) with android 5.1.1

    mCardType = CardType.DESFireEV1;
    desFireEV1 = DESFireFactory.getInstance().getDESFire(m_libInstance.getCustomModules());

    try {

    desFireEV1.getReader().connect();
    desFireEV1.getReader().setTimeout(2000);
    desFireEV1.selectApplication(1);

    byte[] KEY_AES = {
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,
    (byte) 0x00,

    };


    Key key = new SecretKeySpec(KEY_AES, "AES");
    KeyData keyData = new KeyData();
    keyData.setKey(key);
    desFireEV1.authenticate(0, IDESFireEV1.AuthType.AES, KeyType.AES128, keyData);
    showMessage("authenticated", 't');


    } catch (NxpNfcLibException ex ){
    showMessage(ex.getMessage(),'t');
    }
    break;
    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    16. January 2017 at 9:46
    Hi Ingo,

    I recommend to use TapLinx version 1.1. We had some issues in 1.0.

    The TapLinx Team

    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    16. January 2017 at 11:20
    Hi,

    thanks for the hint with the sdk version.
    But after changing the version I'm getting the following error:

    com.nxp.nfclib.exceptions.InvalidResponseLengthException: Incomplete response

    with the same code at desFireEV1.selectApplication(1) or desFireEV1.getApplicationIDs();




    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    19. January 2017 at 13:25
    Dear Support.

    I use Pegoda with RFIDDiscover version 4.2.
    I try to change the CMK from TDEA-DESFire to AES128.
    I can Change the CMK. But when I do authentication with new key. It gave Error:AUTH_ERROR.

    Please help

    Best regards
    Rob.
    Attachments:
    You must be logged in to view attached files.

    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    19. January 2017 at 15:36
    Hello,

    having still a problem with authentication.
    When calling method authenticate following error occures:

    com.nxp.nfclib.exceptions.InvalidResponseLengthException: Authentication Error



    desFireEV1.selectApplication(0);

    byte[] KEY_AES = new byte[] {
    (byte) 0xAA,(byte) 0xAA,(byte) 0xAA,(byte) 0xAA,(byte) 0xAA, (byte) 0xAA,(byte) 0xAA,(byte) 0xAA,
    (byte) 0xFF,(byte) 0xFF, (byte) 0xFF,(byte) 0xFF,(byte) 0xFF,(byte) 0x5F, (byte) 0xFF,(byte) 0xFF,

    };

    Key key = new SecretKeySpec(KEY_AES,"AES");
    KeyData keyData = new KeyData();
    keyData.setKey(key);
    desFireEV1.authenticate(0, IDESFireEV1.AuthType.AES, KeyType.AES128, keyData);


    Need help!!!
    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    23. January 2017 at 9:54
    Hi Ingo,

    If you get an authentication error, the key you used is not the PICC Master Key. This is what you do: select application 0 and using key number 0 means the PICC Master Key.

    Please have a look to the end of this post:
    https://www.mifare.net/support/forum/topic/ev1-authentication/#post-19366

    Changing the PICC Master Key requires a successful authentication to the default key, in the case of a blank card, and a successful change of the default key afterwards.

    Regards,
    The TapLinx Team
    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    23. January 2017 at 10:14
    Hi,

    found out by myself on the weekend.
    thanks.

    So in the moment I'm stuck with reading the data,I thought it should straight forward but getting different values each time I try to read a card.
    Isn't the result of readData() decrypted after the Authentication was successful?
    And I'm getting an com.nxp.nfclib.exceptions.InvalidResponseLengthException: Authentication Error when I'm using the Method getFileIDs() after succeccful authentication.

    Ingo

    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    23. January 2017 at 16:43
    Aditional infos:

    I try do read data from an application which is not the application 0 with an reading key.
    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    23. January 2017 at 17:16
    Here my code:

    desFireEV1.selectApplication(4726016);
    desFireEV1.authenticate(1,IDESFireEV1.AuthType.AES,KeyType.AES128,objKEY_AES128);
    String auth = desFireEV1.getAuthStatus();
    IDESFireEV1.CardDetails details = desFireEV1.getCardDetails();
    rd = desFireEV1.readData(1, 0, 16, IDESFireEV1.CommunicationType.Enciphered,1024);


    AppId: 4726016
    Key: id 1 , type: reading key


    like i wrote before I'm stuck with reading the data,I thought it should straight forward but I'm getting different values each time I try to read the same card.
    Isn't the result of readData() decrypted after the Authentication was successful?
    And I'm getting an com.nxp.nfclib.exceptions.InvalidResponseLengthException: Authentication Error when I'm using the Method getFileIDs() after succeccful authentication (auth = AES).
    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    26. January 2017 at 11:41
    Hi Ingo,

    To understand your issue, I prepared a DESFire EV1 with an encrypted file and wrote a small app to read that data with TapLinx. In my approach I do not get the encrypted data back as expected!

    This is what I do: I prepare a DESFire EV1 with an AID = 0x000001 (be careful, the tool uses little endian and TapLinx big endian!) and a file ID = 0x01 with a size of 16 bytes. I make this with a NXP tool called RFIDdiscover . I write the data “00112233445566778899AABBCCDDEEFF” to the file. This is the data I expect to read back.



    Next I write an app to read that file:



    I expect that I get the plain data back from TapLinx. But I get “scrambled” data and do I read again, I get other scrambled data. This is not what I expect:



    I will check it with the development team. When I have an answer I come back to you and present a solution.

    Regards,
    The TapLinx Team
    Attachments:
    You must be logged in to view attached files.

    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    27. January 2017 at 11:25
    Hi,

    do you have any idea how long its last to solve(approximately). Would be an useful info for me. So i can adapt the time line for our project with our customer.

    Greetings&Thanks

    Ingo
    + 0  |  - 0

    Re: Authentication Problem Desfire EV1 with AES

    31. January 2017 at 8:55
    Hi Ingo,

    This is a serious issue. So the development team is currently working for a fix. I expect a bug fix very soon.

    Regards,
    The TapLinx team

    + 0  |  - 0
Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.