DESFire EV1 AES. CMAC is missing from the PICC response?

Forum / MIFARE and NFC Reader IC`s / DESFire EV1 AES. CMAC is missing from the PICC response?

Tagged: , ,

  • 24. January 2017 at 13:48

    Alex Oleon
    Hello,

    I'm writing a driver for microcontroller to read/write Mifare Desfire EV1 and I'm facing a problem.

    Starting point-
    I have a card on which:
    Application 0 Using AES key (16 bytes at 0) PICC key version 0x42.
    Application called 0xAAAAAA with 80 bytes of data in a Standard file. File number: 0xF. Access rights 0xEFFF.


    Now, a short code that demonstrates the problem I'm facing:

    Connect to the Card,
    SelectApplication 0,
    GetVersion,
    AuthenticateAES key 0, R-APDU: status
    GetKeyVersion R-APDU: 0x42 + CMAC + status
    SelectApplication 0x00AAAAAA R-APDU: status
    GetFileSettings of file number 0xF R-APDU: FileSettings + status NO CMAC
    ReadData 50 bytes length, offset 0, R-APDU: 50 bytes of data + status NO CMAC


    When calling the GetKeyVersion function I receive a CMAC from the PICC that I check and validate.
    However, GetFileSettings and ReadData both return correct data and "0x00" status but no CMAC. Therefore the function that checks for the CMAC validity returns a FAIL.

    I appreciate that finding an issue in my code, since you don't have access to the source, is not possible.
    So my question is: What can cause the DESfire EV1 to stop sending the CMAC as part of the R-APDU? Can the order of the functions called make the card stop sending the CMAC?

    Thanks,
    Alex

    + 0  |  - 0

    Re: DESFire EV1 AES. CMAC is missing from the PICC response?

    24. January 2017 at 16:24

    Alex Oleon
    Reason for my problem:

    It turns out that the application 0xAAAAAA has been created with "0" keys.

    Therefore the snippet that I wrote above where the CMAC is missing could have been caused by the application being in its original state (DES) so no CMAC.


    Start from a formatted DESFire EV1 Card but with application 0 PICC key as AES key version 0x42.

    SelectApplication 0
    AuthenticateAes key 0
    GetKeyVersion R-APDU: 0x42 + CMAC + status
    GetFreeMem R-APDU: 0xF80 + CMAC + status
    CreateApplication 0x00AAAAAA, settings 0xFF, number of keys 0 R-APDU: CMAC + status
    GetApplicationIds R-APDU: 0xAAAAAA + CMAC + status
    SelectApplication 0x00AAAAAA R-APDU: status
    CreateStdDataFile file 0xf, MDCM_PLAIN, access rights 0xEEEE, file size 64 R-APDU: status + NO CMAC
    CreateBackupDataFile file 5, MDCM_PLAIN, access rights 0xEEEE, file size 64 R-APDU: status + NO CMAC
    CreateValueFile file 4, MDCM_PLAIN, access rights 0xEEEE R-APDU: status + NO CMAC
    CreateLinearRecordFile file 0, MDCM_PLAIN, access rights 0xEEEE R-APDU: status + NO CMAC
    GetFileSettings of file number 0xF R-APDU: FileSettings + status NO CMAC
    ReadData 50 bytes length, offset 0, R-APDU: 50 bytes of data + status NO CMAC

    I can see that I lost the CMAC as soon as I selected the application 0xAAAAAA that has "no key".


    + 0  |  - 0
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.