DesFireEv1 Authentication – RndA received is wrong

[Riyaz Ahamed]

So I am trying to authenticate with PICC with the default key (EV1). The steps are like this

PCD PICC
0x1A 00 -->

<-- ek(RndA')

Here when the response is decrypted, it doesn't give the correct RndA. But response byte was a success byte 0x00

---

+ 0  |  - 0

[Riyaz Ahamed]

Some weird formatting happened and the entire sequence is missing from the above question. In three-step authentication, the first two steps are successful and the last one has the response as 0x00 and ek(RndA'). But when i am deciphering the received value, i am getting wrong RndA'.

---

+ 0  |  - 0

[TapLinx Support]

Hi Riyaz,

You should first select the application to want to work with it. Select application AID = 000000 if you want to authenticate with PICC Master Key.

If the card responds successfully in the last stage, you know the RndB was correct encrypted on cards side. If you do not get the correct RndA, it is highly possible that you make a mistake in the last calculation stage. Please check if you update the IV in the last step correctly and do not forget to rotate the random value.

The TapLinx team

---

+ 0  |  - 0

[Author]

Posts