I have problem in AUTHENTICATION

Forum / MIFARE SmartCard IC`s / MIFARE DESFire / I have problem in AUTHENTICATION

  • 23. April 2015 at 18:15
    I want to make a board to read and write Desfire card.
    my controller is stm32 and rfid chip is Pn532.
    I can create Application and read AID and read serial .
    but I cant understand how to AUTHENTICATION.
    I read "Contactless Multi-Application IC with DES and 3DES Security MF3 IC D40" page 31 datasheet.
    but I don't understand .
    I have Des and 3Des and Aes in my software.
    please help me.
    thanks a lot
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    23. April 2015 at 21:28
    Hey
    what dont you understand with Authentication?
    Those things you listed (DES..3DES) are encryption types. How are you comunicating with mifare SDK or with APDUS?
    BR
    David
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    24. April 2015 at 8:02
    Hello . thanks for your answer.
    I don't use SDK.
    I writing C app in keil with stm32 microcontroller.
    I send ( 0x0a 0x00) to Desfire card and card replay a 8 byte random number .
    then I don't no what to do.
    please help me .
    I attach my code here:




    bool DesFire_Authenticate(const uint8_t *key)
    {
    uint8_t des_buffer_1[16];
    uint8_t des_buffer_2[16];

    desInit(&des,key,8);

    send_buffer[0] = 0x0A; // cmd
    send_buffer[1] = MDAR_KEY0; // key number
    if(PN532_transfer(send_buffer,2,get_buffer,&get_len)== true)
    {

    }
    else
    {
    printf("can not send n");
    return false;
    }
    if(get_buffer[0] != 0xAF)
    return false;

    //=====================================

    send_buffer[0] = 0xAF;

    for(int i=9 ; i< 17 ; i++)
    {
    des_buffer_1 = get_buffer;
    }

    desDecryptBlock(&des,des_buffer_1,des_buffer_2);

    for(int i=9 ; i< 17 ; i++)
    {
    send_buffer = des_buffer_2;

    }
    for(int i=0 ; i< 8 ; i++)
    des_buffer_1 = key;

    desEncryptBlock(&des,des_buffer_1,des_buffer_2);

    for(int i=1 ; i< 9 ; i++)
    send_buffer = des_buffer_2;
    printf("send : ");
    for(int i =0 ; i< 17 ; i++)
    printf("%02X,",send_buffer);
    printf("n");
    if(PN532_transfer(send_buffer,17,get_buffer,&get_len)== true)
    {
    for(int i=0 ; i<get_len ; i++)
    {
    printf("%02X ",get_buffer);
    }
    printf("n");
    }
    else
    {
    printf("can not send n");
    return false;
    }
    return true;
    }
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    24. April 2015 at 11:15
    hey nimaltd,

    I have to admit, I'm more of a Java (Mifare SDK user), but I tried to find a solution on the web for your case.

    Check this link:
    http://stackoverflow.com/questions/14117025/des-send-and-receive-modes-for-desfire-authentication

    A guy solved how to authenticate DESFire and the steps he does are explained in Comments inside the Code, which to my knowledge, are correct steps on how to authenticate a DESFire.

    STEPS:

    1.send initial authentication request
    2.get encrypted (randB) from response
    3.16 bytes default key (yours)
    4. Keys for 3DES
    5. decrypt encoded randB
    6. generate randA
    7. decrypt randA
    8. shift randB 1 byte left and get randB'
    9. XOR randB' with randA and decrypt
    10. concat (randB' + randA)


    For fully details do check the link please and let me know if it was any help in your case.

    BR;
    David
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    24. April 2015 at 21:20
    Thank you for answer
    My problem solved
    I convert that code to c and it works
    But i dont no why i change one byte of my key to 1 ,it works. All my keys is 0. When change one byte to 2 ore above it dose't work
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    25. April 2015 at 0:39
    Hey nimaltd!

    I am not sure if I understood you correctly. If you are trying to authenticate with different keys, it might not work - because there's only one key that is valid for authentication => If I understood you right, if that's what you are confused about. Perhaps that 1 Byte change that you are mentioning provides the correct key to Authenticate with your DESFire and others ofc don't.

    BR,
    David
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    25. April 2015 at 8:16
    hi again
    Sorry for my English.

    My current key is uint8_t key = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
    when i change uint8_t key = {0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0};
    AUTHENTICATION worked with no error.
    when uint8_t key = {0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0};
    AUTHENTICATION not worked


    I have one other question .
    How can I change key :-)

    1 : first AUTHENTICATION with old key
    2 : xor Old key and new key. [16 byte with 16 byte]
    3 : calc crc16 . [ 2 byte ]
    4 : set to zero next 6 byte buffer.
    5 : Decrypt 24 byte with old key.
    6 : add 0xc4 and 0x00 to first of block and send data

    but not work.


    my crc16 function is


    uint16_t crc16(uint8_t * data_p, uint8_t length)
    {
    uint8_t x;
    uint16_t crc = 0xFFFF;

    while (length--){
    x = crc >> 8 ^ *data_p++;
    x ^= x>>4;
    crc = (crc << 8) ^ ((unsigned short)(x << 12)) ^ ((unsigned short)(x <<5)) ^ ((unsigned short)x);
    }
    return crc;
    }


    thanks for your answer
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    25. April 2015 at 9:42
    Which decrypt method you are using ? 3DES, DES AES?

    Try using DES to decrypt.
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    25. April 2015 at 10:20
    I'm using 3Des .
    i try it to des.
    your answer for my first question or 2nd ?
    my crc is correct ?

    and my next problem . why cant create file .
    always return 0x0E.

    1 :AUTHENTICATION
    2: I create App
    3 : Select APP
    4: create STD file but return 0x0e
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    25. April 2015 at 10:54
    About crc I am not sure about it, maybe try to google it.

    About Creating file. This is how it's done in Java:

    createFile(int fileNo, DESFireFile.FileSettings file)

    -> fileNo - File to be created with this file number.
    -> file - File to be created with these file settings which are present in FileSettings Object.

    DESFireFile.StdDataFileSettings(DESFire.CommunicationType comSettings,
    int readAccess,
    int writeAccess,
    int readWriteAccess,
    int changeAccess,
    int fileSize)

    comSettings - Communication settings used while access the file. Supported data communication types.
    Plain
    MACed.
    Enciphered.
    readAccess -
    Take values from 0x00 to 0xF.
    0xE : free access.
    0xF : read access denied.
    0x00 to 0x0d --> authentication required with the key number for read access.
    writeAccess -
    Take values from 0x00 to 0xF.
    0xE : free access.
    0xF : read access denied.
    0x00 to 0x0d --> authentication required with the key number for read access.
    readWriteAccess -
    Take values from 0x00 to 0xF.
    0xE : free access.
    0xF : read access denied.
    0x00 to 0x0d --> authentication required with the key number for read access.
    changeAccess -
    Take values from 0x00 to 0xF.
    0xE : free access.
    0xF : read access denied.
    0x00 to 0x0d --> authentication required with the key number for read access.
    fileSize - required file size of the data files.



    As said, this is using MIFARE SDK, but I think it should be similar using C language. Not sure, but maybe you can try it out.

    My Example to create a STD File in Java:

    desFire.createFile(11,
    new DESFireFile.StdDataFileSettings(DESFire.CommunicationType.Plain, 0, 0, 0, 0, 1024));


    Not sure if any of these will help your case. But this is what I got.
    Good luck nimaltd!

    David
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    25. April 2015 at 12:07
    My c function is like this,
    But return 0x0e
    Please send me your crc methode
    I search in google and find alot of algorithm
    I dont no wich methode is true,
    Please send me step by step what do i do
    For create file and change password

    Thanks a lot
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    27. April 2015 at 14:54
    Hi,

    to authenticate to a smart card means in general to solve the follow problem: “I am the right user, I know the embedded secret key, I prove it to the card operation system without to send the key directly”. How would you solve it to prove you know something but not say it what you know?

    This problem is solved under the name “Mutual Three Pass Authentication”. You will find in the net a lot of material about this. The DESFire EV1 supports three different encryption standards:

    - 56 bit DES (single DES)
    - 168 bit DES (TrippleDES)
    - AES

    The Mutual Three Pass Authentication uses the follow sequence:

    1. The reader (PCD) device is always the entity which starts an authentication procedure. This is done by sending the command “Authenticate”. As parameter the key number is passed to the card (PICC) in order to select a certain key.

    2. After the specific key is selected, the PICC generates a random number RndB. The size of the random number depends on the selected cipher standard (DES, AES, etc.). The random number is encrypted with the selected key and transmit to the PCD.

    3. The PCD decrypt the received encrypted random number. The PCD generate a random number RndA and concatenate both numbers (RndA + RndB) and encrypt it with the selected key and pass it to the PICC.

    4. The PICC decrypt the token RndA + RndB and verify RndB its random number send previously. The PICC encrypt the random number RndA and pass it back to the PCD.

    5. The PCD decrypt the token to RndA and verify the random number send previously. Now the PCD is authenticated by the PICC.

    The details of the authentication varies depending of the selected cipher standard.

    Here an example for DES mode:
    1. The PCD send: 0x0A,0xkn (where 0xkn is the key number)

    2. The PICC send an error code or 0xAF[8 bytes RndB]

    3. The PCD send 0xAF[16 bytes RndA+RndB]

    4. The PICC send an error code or 0x00[8byte RndA]

    I hope the procedure of authentication is a little bit clearer than before.

    Best regards,
    The MIFARE Team
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    27. April 2015 at 15:57
    Thanks for your answer.
    but I work with 64 bit key for DES or 192 bit for Des3 , and AUTHENTICATION is ok with key 00 00 00 00 00 00 00 00 or 00 .... [16 byte]
    .
    and now i have another problem.
    I cant change password . always return AUTHENTICATION_ERROR 0xAE . maybe for 64 bit key ?
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    27. April 2015 at 17:00
    Please tell me how to create session key . my problem may be session key.
    I can't underestand when I must get RandA and RandB to create session key.
    after create session key , i must create CMAC. if is true , how to make cmac ?
    thanks a lot




    void Create_session_key(const uint8_t rnda[], const uint8_t rndb[])
    {
    memcpy (session_key, rnda, 4);
    memcpy (session_key+4, rndb, 4);
    memcpy (session_key+8, rnda+4, 4);
    memcpy (session_key+12, rndb+4, 4);

    }


    bool DesFire_Authenticate(uint8_t KeyNo,const uint8_t *key)
    {
    uint8_t randA[8],randB[8];
    desInit(&des,key,8);

    send_buffer[0] = 0x0A; // cmd
    send_buffer[1] = KeyNo; // key number
    if(PN532_transfer(send_buffer,2,get_buffer,&get_len)== true)
    {
    }
    else
    {
    return false;
    }
    if(get_buffer[0] != 0xAF)
    return false;

    /////////////////////////////////////////////////////////////////////////////

    // get encrypted(randB) from the response
    uint8_t b0[8] ;
    for(int i = 0; i < 8; i++)
    {
    b0 = get_buffer;
    //randB = b0;
    }

    // decrypt encoded(randB)
    uint8_t r0[8];
    desDecryptBlock(&des,b0, r0);
    for(int i = 0; i < 8; i++)
    {
    randB = r0;
    }

    // generate randA (integer 0-7 for trying, should randomize for real-life use)
    uint8_t nr[8];
    for(int i = 0; i < 8; i++)
    {
    nr = rand()/0x808080;
    randA = nr;
    }

    Create_session_key(randA,randB);

    // decrypt randA, should XOR with IV, but IV is all 0's, not necessary
    uint8_t b1[8];
    desDecryptBlock(&des,nr,b1);

    // shift randB one byte left and get randB'
    uint8_t r1[8];
    for(int i = 0; i < 7; i++) {
    r1 = r0;
    }
    r1[7]=r0[0];

    // xor randB' with randA and decrypt
    uint8_t b2[8];
    for(int i = 0; i < 8; i++) {
    b2 = (uint8_t) (b1 ^ r1);
    }
    desDecryptBlock(&des,b2,b2);

    // concat (randA + randB')
    uint8_t b1b2[16];

    for (int i = 0; i < sizeof(b1b2); i++) {
    if(i <= 7) {
    b1b2 = b1;
    } else {
    b1b2=b2;
    }
    }
    /////////////////////////////////////////////////////////////////////////////
    send_buffer[0] = 0xAF;
    for(int i=1 ; i<17 ; i++)
    send_buffer = b1b2;

    if(PN532_transfer(send_buffer,17,get_buffer,&get_len)== true)
    {
    if(get_buffer[0] == 0)
    {
    return true;
    }
    else
    {
    return false;
    }
    }
    else
    {
    return false;
    }

    return false;
    }
    + 0  |  - 0

    Re: I have problem in AUTHENTICATION

    28. April 2015 at 20:45
    Please answer me, i am waiting
    + 0  |  - 0
Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.