Forum / MIFARE SDK / Desfire EV1, format, writedata, changekey all failed with Authentication Error
-
Hi ,
I am stuck and unable to proceed, I see the PICC master key Authentication is failing.
Appreciate if I Can get some info ASAP. Thanks in advance
My code snippet,
keyDefault = new SecretKeySpec(DEFAULT_KEY_2K3DES, "DESede");
keyDataDefault = new KeyData();
keyDataDefault.setKey(keyDefault);
Log.i(TAG, "authenticate called");
desFireEV1.authenticate(0, IDESFireEV1.AuthType.Native, KeyType.TWO_KEY_THREEDES,
keyDataDefault);
Log.i(TAG, "Format called");
desFireEV1.format();
keyDefault = new SecretKeySpec(DEFAULT_KEY_2K3DES, "DESede");
keyDataDefault = new KeyData();
keyDataDefault.setKey(keyDefault);
Log.i(TAG, "authenticate called");
desFireEV1.authenticate(0, IDESFireEV1.AuthType.Native, KeyType.THREEDES,
keyDataDefault);
desFireEV1.changeKey(0,KeyType.AES128, DEFAULT_KEY_2K3DES, KEY_AES128, (byte)0);
Also same for writedata(..)
For all these apis, the authentication of PICC master key is failing.
+ 0 | - 0
Hi Anitha,
There is no way to change the PICC Master key? Could it be that you changed the key in one of your sessions before (by accident)?
The shown TapLinx links in a different thread works by sure. Please use a blank card where the PICC Master key is a 2K3DES key with all zeros. Try to authenticate and then change the key which was used in the previous authentication. If you take one of the examples if will work.
One recommendation: I would be very carefully when I am changing the key. Any mistake might set an unintended key value. Take in mind: the is no “read key” command available! Therefore, I would do this as last step of my card personalization.
Kind reagrds,
The TapLinx team
+ 0 | - 0
Thanks for the reply,
ChangeKey never executed, since very first authentication of PICC is failing.
Just one quick question
Keeping master key as default 2k3des, I can create applications under it with AES128 key?
Also will it be tamper proof for application data? External world should not be able to access our application data, even if PICC is 2k3des key.
Can you please throw some insights on the same.
Want to try this in new card, hoping we don't face the earlier problem.
+ 0 | - 0
This was already answered in a direct email from our team.
For the community:
The data in files in an application is always protected. We recommend to change the PICC Master key to AES cipher and to a random value before the card is released. Letting it the PICC Master key to default settings allows a third party to change the key and block any further change of the card.
The TapLinx team
+ 0 | - 0
Thanks for the reply. Yes totally agree, however, one of my card authentication is failing with basic code changes of default values itself.
Where it worked for the first time, later its consistently failing..
However, I shall try again on a new card. But still unable to understand, why authentication of PICC is failing on this card, since I have not yet changed the key, Also used the sample code of TapLinux v1.7 only with 2k3des default.
+ 0 | - 0
Hi Anitha,
You need more than one card at your desk in the development phase of your project. In particular, changing the keys is a sensitive operation. If anything goes wrong, you write wrong bytes into the key. Please take in mind, there exist no “read key” command! You understand why: it would be a massive security flaw! You can use the key and change the key if you have shown with an authentication that you know the key.
The TapLinx team
+ 0 | - 0
-
AuthorPosts
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic.