Error E1 when changekey from TDES to AES on Desfire Card

[Christian Pennaforte]

Hello,

I'm trying to change a default CMK key (00 x 16 times) to an AES key.
I implemented this in a sand box which reproduces exactly the results of p. 73 of AN945.

When I run this code on a real card, if fails.

Here's the trace :

```
session: 619fe10487358dc942911b309954d6e3
keyNumber: 80 (I want an AES key)
keyVersion: 00
newKeyValue: 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10
CRC32(cmd + keyNumber + newKeyValue + keyVersion): B1 79 B3 64
ek0 = encryptTDES(source:01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 00 B1 79 B3 64 00 00 00, key: 61 9F E1 04 87 35 8D C9 42 91 1B 30 99 54 D6 E3, iv: 00 00 00 00 00 00 00 00)
ek0: 456c900fba087f349c561c46f15d5422189546852434b3a9
>>> 90 C4 00 00 19 80 45 6C 90 0F BA 08 7F 34 9C 56 1C 46 F1 5D 54 22 18 95 46 85 24 34 B3 A9 00
<<< 91 1E
ERR: CRC or MAC does not match data
```

Can some one give me a hint of what I'm doing wrong ?

Thansk

---

+ 0  |  - 0

[Christian Pennaforte]

Sorry, mistake writing the title : the error is 1E as you can read down the post, not E1 (but the question is still the same).

---

+ 0  |  - 0

[Christian Pennaforte]

Answer to myself, with the very good help from NXP support team: my card was initialized in single DES, and I computed the session as if it was not.

The good computation is explained at the bottom of 6.2 p. 45 or the doc AN0945:
- session key = RndA(byte0-byte3) + RndB(byte0-byte3)
and, in my case, not RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7)

That's all, and simple.

---

+ 0  |  - 0

[Author]

Posts