Desfire EV1 Authentication via SAM AV2 in AV1 mode problem

[Hermann Zheboldov]

Hello,

I tried to authenticate to Desfire card using SAM AV2 module in SAM AV1 compatibility mode.
Starting data:
Key AES128, KeyNo = 0x14, KeyData = 00000000000000000000000000000000, IV = 00000000000000000000000000000000.

1. I send AA 14 command to the card and received the following:

(AF) 9F 6E DD 56 86 6E C4 EA A6 38 9C D1 70 31 39 E1

After decryption we can see RndB key:

C6 35 29 DF FC 4A 93 FD BB 91 9A F3 FD 65 BD C3

2. I send received data to the SAM module:

80 0A 00 00 12 14 00 9F 6E DD 56 86 6E C4 EA A6 38 9C D1 70 31 39 E1 00

and receive the answer which I send to the card:

9C 5F 7F 4E FB 77 75 4F BB BC EC 97 4F B8 FD 29 80 E8 4B BA B6 8C 36 AF 5D 77 46 A2 CD 31 D9 D9 90 AF

If dechiper this data using IV = 9F6EDD56866EC4EAA6389CD1703139E1, we can get RndA key

RndA = 00905A88DBBCD5CAD5577B8C6854F446

and shifted 1 byte left RndB:

3529DFFC4A93FDBB919AF3FD65BDC3C6

The card sends me the following string:

00 03 7C A0 C1 17 CD CF 83 F9 28 EC 92 AB 9C 7F 1A

After its decryption we can see shifted one byte left RndA key:

905A88DBBCD5CAD5577B8C6854F44600

It seems that all is Ok, but when I send the cryptogram to the SAM module

80 0A 00 00 10 03 7C A0 C1 17 CD CF 83 F9 28 EC 92 AB 9C 7F 1A

The answer from the module always the same:

90 1E

That means "CRC or MAC does not match data" and I don't understand what error I made during authentication process. Maybe I need made some additional settings of the SAM key or application key? Or something else?

---

+ 0  |  - 0

[Hermann Zheboldov]

Sorry, I mistyped. The authenticate command looks like AA 00 of course, not AA 14

---

+ 1  |  - 0

[Author]

Posts