DESFire EV1 SelectApplication Command

Forum / MIFARE general topics and applications / DESFire EV1 SelectApplication Command

  • 2. March 2016 at 13:52
    HI
    I'm have a questions about use SelectApplication(0x5a) Command
    When I first used it, it can correct response the DESFrie EV1 card status.
    But will I use this command again, or execute other commands,The card look like stop response.
    have any idea why it would be so
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    2. March 2016 at 14:46
    Hi Jan,

    Generally you can use SelectApplication() always without authentication. With SelectApplication() you go into the “application level” and all file operations are direct to file inside your application. But some commands or errors may move you back to the “card level” (AID = 0). If you continually operate to a file in your application and which does not exists for AID = 0, you will get an error.

    If an errors occurs or you change the context e.g. change a access key, you should start the beginning sequence again:
    SelectApplication(xx)
    Authenticate() – if required for accessing a file
    WriteData() etc.

    The MIFARE Team

    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    3. March 2016 at 4:13
    Sorry, I think the problem is I do not write clearly
    My problem is that when I first send the "SelectApplication" command to DESFireEV1, it can correct response
    But when I once again send the "SelectApplication" command to DESFireEV1, it has no response.

    In other words, when I send "SelectApplication" command, it responds the state,
    after that DESFireEV1 no respond to any commands. until I will it take away from the reader
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    3. March 2016 at 11:10
    Hi Jan,

    I can select the same application AID again and again. It makes no sense to do that, but you can do it without to get an error. But if the AID does not exists, then an error occurs and you can get into an error state and have to come out only if you start a new selection sequence again. But this depends on your underlying interface/driver system.

    Do you have checked that the AID really exists? You can check the existence with the command GetApplicationIDs() .

    The MIFARE Team

    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    7. March 2016 at 12:03
    Hi
    I have DESFireEV1 RFID CARD,and i set master key to use 3DES/3KDES,then i create a application(ID 0x000001) and set the crypto type is DES ,and set this applicationID use KEY1

    masetr key :00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
    key1 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

    1.authenticate use master key(keyNum=0),the authenticate OK
    2.use selectApplication 0x000001 is OK
    3.run step 1 again,this time is response 0xAE (authenticate error)
    4.authenticate again but use key1 key(keyNum=0),the authenticate OK

    This the action is correct?


    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    8. March 2016 at 14:09
    Hi Jan,

    It depends on how you did create the application. If you create an application on a DESFire EV1, you also define the number of keys you want to use within your application.

    After your card is selected, you are in the so called “PICC level”. An authentication is not required, unless you want to make commands at PICC level like change keys etc. In your case you can immediately select your application. An authentication is only required now if the permission of the file you want to read requires it. You do the authenticate with the key #1 (not with the master key). If you want to split the permissions very fine (key #1 for file 1, key #2 for file 2 etc.) you have to set the appropriate key number in the create application command.

    Regards,
    The MIFARE Team
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    9. March 2016 at 4:39
    Thank you for your answer.
    I have some question need you help me to clarify.
    I create a application in the DESFire EV1 and set this application have 3 keys and changeKey access is use Key2.
    1.When i use Key0(AMK) to authentication, then i changeKey Key1,i can't change it,the card response 0xAE but i can change Key0 and Key2
    2.When i use Key2(APK) to authentication, then i changeKey Key0 and Key2,i can't change them,the card response 0xAE but i can change Key1
    3.When i use Key1(APK) to authentication, then i changeKey Key0 and Key2,the both can't to change and card response 0xAE
    So,I think when i use AMK to authentication, i can change AMK and changeKey access select Key,other Key can't to be change.
    if i use changeKey access select key to authentication,then i can change other key, except itself and AMK. that is right?

    other one question
    I create a application in the DESFire EV1 and set it crypto type is DES,May i change crypto type to other type?

    Thank you for you help.
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    9. March 2016 at 11:00
    Hi Jan,

    First of all: you should reserve the master key (initially it is key #0) only for “card administration tasks” and create new keys for access permissions of your files. It is a serious use-case that you have to delegate the application management to a third party and you want to limit the activities of the third party to the application management only and not allow them to reformat the entire card! Therefore you as card issuer will never give the master key out of your hands.

    The changeKey() command initialize a key with a new value. Before you can change the new key destination you have to prove that you have the rights to do this. Therefore you have to authenticate before with the previous key value with is for a blank MIFARE DESFire EV1 the value 00…00. This approach protect the key in the case if it is in use from another application. So, you cannot unauthorized write-over keys!

    After creating the application, you select this application AID to redirect all file actions. Then you authenticate to key #1 with 00…00 if it was never used before and then you change the default key value with the new key value.

    The MIFARE DESFire EV1 supports the following ciphers:
    Single DES (56 bit), 2key triple DES (2K3DES, 112 bit), 3key triple DES (3K3DES, 168 bit) and AES (128 bit). Which cipher you select depend on the infrastructure of your reader station and of course of your preferences. You can mix the cipher on the card, e.g.: 2K3DES for one file and AES for another.

    The MIFARE Team
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    10. March 2016 at 8:57
    Sorry, maybe I did not clearly describe the problem
    I use "CreateApplication" command to create a Application, and "Key Settings 2" is set to "0x03".
    then when I do Authentication operations, default I need use 0x0a or 0x1a to do Authentication operations for 3 keys.
    My question is this Application have 3Keys, May I can change it into different ways to do Authentication operations? For example Key0 use "0x0a" and Key1 use "0x1a", Key2 use "0xaa".
    reference document "ds134036_MF3ICD81 MIFARE DESFire EV1_3.6.pdf" P47
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    11. March 2016 at 15:06
    Hi Jan,

    I have to refine my previous statement: mixing of cipher methods in one single application is not possible, sorry. This is what the parameter “key settings 2”, bits 6 and 7 of the command CreateApplication() defines. Here you define the cipher method which is used within all files of this application. The selected cipher method also defines the authenticate command, either Authenticate (DES or 3DES), AuthenticateISO (DES, 2K3DES and 3K3DES) or AuthenticateAES (AES128).

    However, I do not see the requirement to mix different ciphers. AES128 is the strongest cipher and I recommend to use it for all your encryptions. It makes no sense from my point of view to implement also a DES encryption for another file! The only reason for mixing the cipher methods is: you have to be compatible with an established application! In this case either you create a new file in the previous application with the defined cipher method or you create a new application with, for instance, AES128 cipher method and redirect all new files in this application.

    The MIFARE Team
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    12. March 2016 at 11:11
    thank you for your reply

    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    21. March 2017 at 13:52
    Hello,

    I have the same problem with DESFire EV1 as Jan Jan has and mentioned in first post.

    Actually I have designed a reader based on NXP PN512 chip by myself.

    And I have implemented ISO 14443-3 and ISO 14443-4 and I can send APDU Commands base on ISO 7816-4.

    After selection and get ATS from card, When I send any command to DesFire Card for example 90 60 00 00 00 ( get version ), Card will answer me without any problem ( 0101010018050591AF ) but If I try to send any other command or this command again, Card does not reply me any more until I take it away from reader antenna.

    Please let me know, if there is any point or note with this kind of Card.

    In addition I have to say that I have Java card too, and Java card can reply to all APDUs without any problem and also I do not have any problem MIFARE classic and Ultralight.

    Thank you
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    22. March 2017 at 9:35
    Hi Hadi,

    This has nothing to do with the DESFire, but with the transport layer or driver in between. For the DESFire it is a single byte command and all other single bytes commands should also work. If you use a multi byte command it could be, to put the first byte as INS byte, P1 = P2 = 0, and all other bytes as data packet.

    Single byte command:
    90 CC 00 00 00 (CC = command code)
    Multi byte command (here four bytes):
    90 CC 00 00 LL D1 D2 D3 00
    where CC first byte of command, LL length of Dx bytes, D1 second byte of command,…

    If this really works depends on the driver architecture.

    Regards,
    The TapLinx team
    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    22. March 2017 at 10:07
    Hello

    Thank you for your reply.

    After 4 days working hard, Finally I've found the problem.

    In According to ISO 14443-4, The LSB bit of PCB in I-Block is called Block Number and for each exchanging of I-Block it should be changed.

    For example the PCB of first I-Block should be like: 02 XX XX XX .. EDC(CRC16) and second PCB should be like 03 XX XX XX ... EDC and again for next packet, PCB should be 02.

    The interesting thing was Java card has replied without changing the block number but DESFire card do not.

    For more information please take a look at ISO 14443-4[2001-02-01], 7.5.3 Block numbering rules.

    Thank you.





    + 0  |  - 0

    Re: DESFire EV1 SelectApplication Command

    9. October 2017 at 22:14
    Hello.

    Newbie in Mifare.
    How u peoples works with APDU ISO7816 commands wrapping?
    My tag can works just with commads like
    02 60 (GetVersion) (Native commands?)
    Don't
    90 60 00 00 00 00

    My log
    -> 010F113D2D302C002A8D2B3E148326701540 [Init]
    -> 0952010C0D87 [Send REQA]
    -> 8989 [Read REQA]
    09930920010C0D80 [Anticol]
    -> 8989898989 [Read UID]
    0993097009880904095E096F09BD01030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    0993097009880904095E096F09BD090E0960010C0D80 [Select]
    -> 898989 [Read SAK]
    09950920010C0D80 [Anticol]
    -> 8989898989 [Read UID]
    0995097009DA094909340980092701030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    0995097009DA094909340980092709A409E1010C0D80 [Select]
    -> 898989 [Read SAK]
    0A80 [Clear FIFO]
    -> 09E0092001030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    09E00920093B09D6010C0D80 [Send RATS]
    -> 8989898989898989 [ATS]
    0902096001030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    090209600916094E010C0D80 [Send]
    -> 8989898989898989898989898989 [Read]
    09AF01030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    09AF0903090C010C0D80 [Send]
    -> 8989898989898989898989898989 [Read]
    php c:\app\serial.php
    -> 010F113D2D302C002A8D2B3E148326701540 [Init]
    -> 0952010C0D87 [Send REQA]
    -> 8989 [Read REQA]
    09930920010C0D80 [Anticol]
    -> 8989898989 [Read UID]
    0993097009880904095E096F09BD01030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    0993097009880904095E096F09BD090E0960010C0D80 [Select]
    -> 898989 [Read SAK]
    09950920010C0D80 [Anticol]
    -> 8989898989 [Read UID]
    0995097009DA094909340980092701030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    0995097009DA094909340980092709A409E1010C0D80 [Select]
    -> 898989 [Read SAK]
    0A80 [Clear FIFO]
    -> 09E0092001030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    09E00920093B09D6010C0D80 [Send RATS]
    -> 8989898989898989 [ATS]
    0902096001030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    090209600916094E010C0D80 [Send]
    -> 8989898989898989898989898989 [Read]
    09AF01030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    09AF0903090C010C0D80 [Send]
    -> 8989898989898989898989898989 [Read]
    php c:\app\serial.php
    -> 010F113D2D302C002A8D2B3E148326701540 [Init]
    -> 0952010C0D87 [Send REQA]
    -> 8989 [Read REQA]
    09930920010C0D80 [Anticol]
    -> 8989898989 [Read UID]
    0993097009880904095E096F09BD01030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    0993097009880904095E096F09BD090E0960010C0D80 [Select]
    -> 898989 [Read SAK]
    09950920010C0D80 [Anticol]
    -> 8989898989 [Read UID]
    0995097009DA094909340980092701030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    0995097009DA094909340980092709A409E1010C0D80 [Select]
    -> 898989 [Read SAK]
    0A80 [Clear FIFO]
    -> 09E0092001030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    09E00920093B09D6010C0D80 [Send RATS]
    -> 8989898989898989 [ATS]
    0902096001030100 [Calculate CRC]
    -> A2A1 [GET CRC]
    090209600916094E010C0D80 [Send]
    -> 8989898989898989898989898989 [Read]
    <- 02AF0401010100180588B9DADADA

    MFRC522 / Desfire EV1 4k
    + 0  |  - 0
Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic.