Forum / MIFARE and NFC Reader IC`s / MIFARE Changing Keys
Tagged: health
-
I am unable to change keys 1 and 2 in my application
I attach a copy of my log file
SN_Log SN1: NFC: CAN >> NFC Queue
SN_Log SN1: 00 04 12 34 56 AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: BB CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD 01 00 00
SN_Log SN1: --------------------------------------------
SN_Log SN1: Learning Card Command
SN_Log SN1: Create Application
SN_Log SN1: --------------------------------------------
SN_Log SN1: Card: Application ID 12 34 56
SN_Log SN1: Card: #1 Digital Key AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BB
SN_Log SN1: Card: #2 Digital Key CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD
SN_Log SN1: Card: Select Application Master
SN_Log SN1: Card: Select Application Command
SN_Log SN1: Command 90 5A 00 00 03 00 00 00 00
SN_Log SN1: Card: Select Application Response
SN_Log SN1: Response 91 00
SN_Log SN1: Card: Get Application ID's Command
SN_Log SN1: Command 90 6A 00 00 00
SN_Log SN1: Card: Get Application ID's Response
SN_Log SN1: Response 91 00
SN_Log SN1:
SN_Log SN1: Application(s) 0
SN_Log SN1: Status Code 91 00
SN_Log SN1: Card: Create Application
SN_Log SN1: Card: Create Application Command
SN_Log SN1: Command 90 CA 00 00 05 12 34 56 07 83 00
SN_Log SN1: Card: Create Application Response
SN_Log SN1: Response 91 00
SN_Log SN1: Card: Get Application ID's Command
SN_Log SN1: Command 90 6A 00 00 00
SN_Log SN1: Card: Get Application ID's Response
SN_Log SN1: Response 12 34 56 91 00
SN_Log SN1:
SN_Log SN1: Application(s) 1
SN_Log SN1: 12 34 56 [*]
SN_Log SN1: Status Code 91 00
SN_Log SN1: NFC: Create application OK
CAPL / .NET SN1 not responding
CAPL / .NET SN1 responding
SN_Log SN1: NFC: CAN >> NFC Queue
SN_Log SN1: 00 04 12 34 56 AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: BB CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD 03 00 00
SN_Log SN1: --------------------------------------------
SN_Log SN1: Learning Card Command
SN_Log SN1: Change #1 Key
SN_Log SN1: --------------------------------------------
SN_Log SN1: Card: Application ID 12 34 56
SN_Log SN1: Card: #1 Digital Key AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BB
SN_Log SN1: Card: #2 Digital Key CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD
SN_Log SN1: Card: Select Application Master
SN_Log SN1: Card: Select Application Command
SN_Log SN1: Command 90 5A 00 00 03 00 00 00 00
SN_Log SN1: Card: Select Application Response
SN_Log SN1: Response 91 00
SN_Log SN1: Card: Get Application ID's Command
SN_Log SN1: Command 90 6A 00 00 00
SN_Log SN1: Card: Get Application ID's Response
SN_Log SN1: Response 12 34 56 91 00
SN_Log SN1:
SN_Log SN1: Application(s) 1
SN_Log SN1: 12 34 56 [*]
SN_Log SN1: Status Code 91 00
SN_Log SN1: Card: Select Application
SN_Log SN1: Card: Select Application Command
SN_Log SN1: Command 90 5A 00 00 03 12 34 56 00
SN_Log SN1: Card: Select Application Response
SN_Log SN1: Response 91 00
SN_Log SN1: Card: Authenticate AES (#1)
SN_Log SN1: Card: Authenticate AES Part 1 Command
SN_Log SN1: Command 90 AA 00 00 01 01 00
SN_Log SN1: Card: Authenticate AES Part 1 Response
SN_Log SN1: Response 46 1A 41 EE 35 86 F7 B7 FA CD 70 C3 8F 26 1F A0
SN_Log SN1: 91 AF
SN_Log SN1: E(Kx,RndB) 46 1A 41 EE 35 86 F7 B7 FA CD 70 C3 8F 26 1F A0
SN_Log SN1: Card: Authenticate AES Part 1
SN_Log SN1: Generate RndB by decrypting E(Kx,RndB) with Key
SN_Log SN1: E(Kx,RndB) 46 1A 41 EE 35 86 F7 B7 FA CD 70 C3 8F 26 1F A0
SN_Log SN1: IV 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: RndB AA 0F 87 F8 F5 05 14 7F 47 CD D7 7A 20 05 92 0D
SN_Log SN1: Generate RndB' by rotating RndB left 1 byte
SN_Log SN1: RndB' 0F 87 F8 F5 05 14 7F 47 CD D7 7A 20 05 92 0D AA
SN_Log SN1: Generate RndA||RndB' by concatenating RndA and RndB
SN_Log SN1: RndA 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: RndB' 0F 87 F8 F5 05 14 7F 47 CD D7 7A 20 05 92 0D AA
SN_Log SN1: RndA||RndB' 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: 0F 87 F8 F5 05 14 7F 47 CD D7 7A 20 05 92 0D AA
SN_Log SN1: Generate E(Kx,RndA||RndB') by encrypting with Key
SN_Log SN1: IV 46 1A 41 EE 35 86 F7 B7 FA CD 70 C3 8F 26 1F A0
SN_Log SN1: Key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: E(Kx,RndA||RndB') 45 0E E4 20 96 BF C8 B5 81 EC CE 7B 6B 67 9F A3
SN_Log SN1: BA A7 55 5B FF B4 62 F3 8B 9F 5D F2 CD 6E A1 85
SN_Log SN1: IV BA A7 55 5B FF B4 62 F3 8B 9F 5D F2 CD 6E A1 85
SN_Log SN1: Card: Authenticate AES Part 2 Command
SN_Log SN1: Command 90 AF 00 00 20 45 0E E4 20 96 BF C8 B5 81 EC CE
SN_Log SN1: 7B 6B 67 9F A3 BA A7 55 5B FF B4 62 F3 8B 9F 5D
SN_Log SN1: F2 CD 6E A1 85 00
SN_Log SN1: Card: Authenticate AES Part 2 Response
SN_Log SN1: Response 07 56 85 2E E3 82 0A 18 5A 91 73 02 99 BC 3B 20
SN_Log SN1: 91 00
SN_Log SN1: E(Kx,RndA') 07 56 85 2E E3 82 0A 18 5A 91 73 02 99 BC 3B 20
SN_Log SN1: Card: Authenticate AES Part 2
SN_Log SN1: E(Kx,RndA') 07 56 85 2E E3 82 0A 18 5A 91 73 02 99 BC 3B 20
SN_Log SN1: Generate RndA' by decrypting E(Kx,RndA') with Key
SN_Log SN1: IV BA A7 55 5B FF B4 62 F3 8B 9F 5D F2 CD 6E A1 85
SN_Log SN1: Key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: RndA' 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00
SN_Log SN1: Generate RndA by rotating RndA' right 1 byte
SN_Log SN1: RndA 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: Card: Session Key Generation
SN_Log SN1: RndA 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: RndB AA 0F 87 F8 F5 05 14 7F 47 CD D7 7A 20 05 92 0D
SN_Log SN1: Plain session key 00 01 02 03 AA 0F 87 F8 0C 0D 0E 0F 20 05 92 0D
SN_Log SN1: Encrypted session key C2 EC 53 D6 6A 15 F0 50 9C 03 68 32 BA A4 21 24
SN_Log SN1: Card: Sub Key Generation
SN_Log SN1: L C2 EC 53 D6 6A 15 F0 50 9C 03 68 32 BA A4 21 24
SN_Log SN1: K1 85 D8 A7 AC D4 2B E0 A1 38 06 D0 65 75 48 42 CF
SN_Log SN1: K2 0B B1 4F 59 A8 57 C1 42 70 0D A0 CA EA 90 85 19
SN_Log SN1: Card: Get Key Version Command
SN_Log SN1: Command 90 64 00 00 01 00 00
SN_Log SN1: Card: Generate Message Authentication Code (MAC)
SN_Log SN1: Input 64 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Input XOR K2 6F B1 CF 59 A8 57 C1 42 70 0D A0 CA EA 90 85 19
SN_Log SN1: IV 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Key 00 01 02 03 AA 0F 87 F8 0C 0D 0E 0F 20 05 92 0D
SN_Log SN1: Output D6 33 54 A1 64 35 DD B8 6F AD 7D 76 46 BD 02 0B
SN_Log SN1: Card: Get Key Version Response
SN_Log SN1: Response 00 28 03 37 5C 0B 8E 20 12 91 00
SN_Log SN1: Card: Generate Message Authentication Code (MAC)
SN_Log SN1: Input 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Input XOR K2 0B B1 CF 59 A8 57 C1 42 70 0D A0 CA EA 90 85 19
SN_Log SN1: IV D6 33 54 A1 64 35 DD B8 6F AD 7D 76 46 BD 02 0B
SN_Log SN1: Key 00 01 02 03 AA 0F 87 F8 0C 0D 0E 0F 20 05 92 0D
SN_Log SN1: Output 28 03 37 5C 0B 8E 20 12 28 C6 BC 64 E6 75 10 72
SN_Log SN1: Message Authentication OK
SN_Log SN1: --------------------------------------------
SN_Log SN1: Card: Change #1 Digital Key
SN_Log SN1: Card: Change Key Command
SN_Log SN1: Plain Stream AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BB
SN_Log SN1: 00 D3 E8 E6 55 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: IV 28 03 37 5C 0B 8E 20 12 28 C6 BC 64 E6 75 10 72
SN_Log SN1: Key 00 01 02 03 AA 0F 87 F8 0C 0D 0E 0F 20 05 92 0D
SN_Log SN1: Encrypted Stream C8 1E BE 57 3C 15 AC 0E E6 13 D3 5D 4A D4 F5 96
SN_Log SN1: 15 16 CC 7A 3C 06 86 87 B5 EC 09 F1 DA 97 E6 89
SN_Log SN1: Command 90 C4 00 00 21 01 C8 1E BE 57 3C 15 AC 0E E6 13
SN_Log SN1: D3 5D 4A D4 F5 96 15 16 CC 7A 3C 06 86 87 B5 EC
SN_Log SN1: 09 F1 DA 97 E6 89 00
SN_Log SN1: --------------------------------------------
SN_Log SN1: Card: Change Key Response
SN_Log SN1:
SN_Log SN1: Response 91 AE
CAPL / .NET SN1 not responding
CAPL / .NET SN1 responding
SN_Log SN1: NFC: CAN >> NFC Queue
SN_Log SN1: 00 04 12 34 56 AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: BB CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD 04 00 00
SN_Log SN1: --------------------------------------------
SN_Log SN1: Learning Card Command
SN_Log SN1: Change #2 Key
SN_Log SN1: --------------------------------------------
SN_Log SN1: Card: Application ID 12 34 56
SN_Log SN1: Card: #1 Digital Key AA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 BB
SN_Log SN1: Card: #2 Digital Key CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD
SN_Log SN1: Card: Select Application Master
SN_Log SN1: Card: Select Application Command
SN_Log SN1: Command 90 5A 00 00 03 00 00 00 00
SN_Log SN1: Card: Select Application Response
SN_Log SN1: Response 91 00
SN_Log SN1: Card: Get Application ID's Command
SN_Log SN1: Command 90 6A 00 00 00
SN_Log SN1: Card: Get Application ID's Response
SN_Log SN1: Response 12 34 56 91 00
SN_Log SN1:
SN_Log SN1: Application(s) 1
SN_Log SN1: 12 34 56 [*]
SN_Log SN1: Status Code 91 00
SN_Log SN1: Card: Select Application
SN_Log SN1: Card: Select Application Command
SN_Log SN1: Command 90 5A 00 00 03 12 34 56 00
SN_Log SN1: Card: Select Application Response
SN_Log SN1: Response 91 00
SN_Log SN1: Card: Authenticate AES (#2)
SN_Log SN1: Card: Authenticate AES Part 1 Command
SN_Log SN1: Command 90 AA 00 00 01 02 00
SN_Log SN1: Card: Authenticate AES Part 1 Response
SN_Log SN1: Response 63 FD 41 37 35 E2 A9 46 70 90 F4 E1 1C 4E 35 32
SN_Log SN1: 91 AF
SN_Log SN1: E(Kx,RndB) 63 FD 41 37 35 E2 A9 46 70 90 F4 E1 1C 4E 35 32
SN_Log SN1: Card: Authenticate AES Part 1
SN_Log SN1: Generate RndB by decrypting E(Kx,RndB) with Key
SN_Log SN1: E(Kx,RndB) 63 FD 41 37 35 E2 A9 46 70 90 F4 E1 1C 4E 35 32
SN_Log SN1: IV 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: RndB 3A B3 8D 4F BE 34 BD B7 02 CD A7 E4 02 1A 94 CE
SN_Log SN1: Generate RndB' by rotating RndB left 1 byte
SN_Log SN1: RndB' B3 8D 4F BE 34 BD B7 02 CD A7 E4 02 1A 94 CE 3A
SN_Log SN1: Generate RndA||RndB' by concatenating RndA and RndB
SN_Log SN1: RndA 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: RndB' B3 8D 4F BE 34 BD B7 02 CD A7 E4 02 1A 94 CE 3A
SN_Log SN1: RndA||RndB' 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: B3 8D 4F BE 34 BD B7 02 CD A7 E4 02 1A 94 CE 3A
SN_Log SN1: Generate E(Kx,RndA||RndB') by encrypting with Key
SN_Log SN1: IV 63 FD 41 37 35 E2 A9 46 70 90 F4 E1 1C 4E 35 32
SN_Log SN1: Key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: E(Kx,RndA||RndB') 94 1C C1 87 09 FC 37 4D 91 3E 1F 66 BA D1 E0 E7
SN_Log SN1: 31 6B 55 2B 97 A8 49 FD ED 00 0F 23 03 4F 66 E0
SN_Log SN1: IV 31 6B 55 2B 97 A8 49 FD ED 00 0F 23 03 4F 66 E0
SN_Log SN1: Card: Authenticate AES Part 2 Command
SN_Log SN1: Command 90 AF 00 00 20 94 1C C1 87 09 FC 37 4D 91 3E 1F
SN_Log SN1: 66 BA D1 E0 E7 31 6B 55 2B 97 A8 49 FD ED 00 0F
SN_Log SN1: 23 03 4F 66 E0 00
SN_Log SN1: Card: Authenticate AES Part 2 Response
SN_Log SN1: Response 5C 4B 50 10 A2 7C 5A 9C 33 72 21 B2 93 3D C9 00
SN_Log SN1: 91 00
SN_Log SN1: E(Kx,RndA') 5C 4B 50 10 A2 7C 5A 9C 33 72 21 B2 93 3D C9 00
SN_Log SN1: Card: Authenticate AES Part 2
SN_Log SN1: E(Kx,RndA') 5C 4B 50 10 A2 7C 5A 9C 33 72 21 B2 93 3D C9 00
SN_Log SN1: Generate RndA' by decrypting E(Kx,RndA') with Key
SN_Log SN1: IV 31 6B 55 2B 97 A8 49 FD ED 00 0F 23 03 4F 66 E0
SN_Log SN1: Key 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: RndA' 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00
SN_Log SN1: Generate RndA by rotating RndA' right 1 byte
SN_Log SN1: RndA 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: Card: Session Key Generation
SN_Log SN1: RndA 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
SN_Log SN1: RndB 3A B3 8D 4F BE 34 BD B7 02 CD A7 E4 02 1A 94 CE
SN_Log SN1: Plain session key 00 01 02 03 3A B3 8D 4F 0C 0D 0E 0F 02 1A 94 CE
SN_Log SN1: Encrypted session key 9E 57 82 12 71 CA C4 04 02 35 EF BD 3B 18 82 26
SN_Log SN1: Card: Sub Key Generation
SN_Log SN1: L 9E 57 82 12 71 CA C4 04 02 35 EF BD 3B 18 82 26
SN_Log SN1: K1 3C AF 04 24 E3 95 88 08 04 6B DF 7A 76 31 04 CB
SN_Log SN1: K2 79 5E 08 49 C7 2B 10 10 08 D7 BE F4 EC 62 09 96
SN_Log SN1: Card: Get Key Version Command
SN_Log SN1: Command 90 64 00 00 01 00 00
SN_Log SN1: Card: Generate Message Authentication Code (MAC)
SN_Log SN1: Input 64 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Input XOR K2 1D 5E 88 49 C7 2B 10 10 08 D7 BE F4 EC 62 09 96
SN_Log SN1: IV 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Key 00 01 02 03 3A B3 8D 4F 0C 0D 0E 0F 02 1A 94 CE
SN_Log SN1: Output 97 0B A8 96 0A CF 11 10 53 1A 9B E9 0E 8D 3F 04
SN_Log SN1: Card: Get Key Version Response
SN_Log SN1: Response 00 09 AE 92 F6 6C A3 79 E4 91 00
SN_Log SN1: Card: Generate Message Authentication Code (MAC)
SN_Log SN1: Input 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: Input XOR K2 79 5E 88 49 C7 2B 10 10 08 D7 BE F4 EC 62 09 96
SN_Log SN1: IV 97 0B A8 96 0A CF 11 10 53 1A 9B E9 0E 8D 3F 04
SN_Log SN1: Key 00 01 02 03 3A B3 8D 4F 0C 0D 0E 0F 02 1A 94 CE
SN_Log SN1: Output 09 AE 92 F6 6C A3 79 E4 C8 61 33 30 A6 E3 3D 50
SN_Log SN1: Message Authentication OK
SN_Log SN1: --------------------------------------------
SN_Log SN1: Card: Change #2 Digital Key
SN_Log SN1: Card: Change Key Command
SN_Log SN1: Plain Stream CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DD
SN_Log SN1: 00 F4 C4 90 B2 00 00 00 00 00 00 00 00 00 00 00
SN_Log SN1: IV 09 AE 92 F6 6C A3 79 E4 C8 61 33 30 A6 E3 3D 50
SN_Log SN1: Key 00 01 02 03 3A B3 8D 4F 0C 0D 0E 0F 02 1A 94 CE
SN_Log SN1: Encrypted Stream FA 62 50 57 B9 BE C0 0F 8C 3F 4E 64 94 73 21 71
SN_Log SN1: 4D A4 35 88 91 0C 59 1E 1C C4 FF B7 40 9C 83 86
SN_Log SN1: Command 90 C4 00 00 21 01 FA 62 50 57 B9 BE C0 0F 8C 3F
SN_Log SN1: 4E 64 94 73 21 71 4D A4 35 88 91 0C 59 1E 1C C4
SN_Log SN1: FF B7 40 9C 83 86 00
SN_Log SN1: --------------------------------------------
SN_Log SN1: Card: Change Key Response
SN_Log SN1:
SN_Log SN1: Response 91 AE
CAPL / .NET SN1 not responding
+ 0 | - 0
Hi Nigel,
Sorry, but submitting a large log file without any other information is not constructive. What product do you use? What is your setup?
At the end I see “Response 91 AE”. I assume it is an “authentication error”.
The TapLinx team
+ 0 | - 0
Dear TapLinx Team
Could I ask a very simple question
Please could you provide me with an example of using the MIFARE change key command for an application key other than 0
It should include the process of
(1) Authentication
(2) Get Version
(3) Change Key
It should show calculation of session key and use of MAC
Many Thanks
Nigel
+ 0 | - 0
Hi Nigel,
The general procedure of changing a key on a MIFARE DESFire EV1 is:
- Get the key version
If you use several key versions you must know which key version is used with the current card. GetKeyVersion can be executed without authentication. In case you use always version 0, you can skip this. - Authenticate to the key number you want to change.
The authentication uses encrypted blocks. It is not easy to implement this “by hand”. I recommend to read the AN:
AN0945 MIFARE DESFire EV1 - Features and Hints - Change the key value.
You can only change the value of the key but not the cipher. There is one exception: for the PICC Master Key you can also change the cipher. Same recommendation as above, the encrypted data blocks uses CRC and CMAC which requires the datasheet and the AN0945.
If it is an option for you, the implementation with TapLinx SDK is quite easier. All the encrypted communication is handled inside of TapLinx. This makes the communication straight forward for you. TapLinx SDK is available for Android and as Java SDK for desktop systems.
If TapLinx is not an option, you must implement the cipher by yourself. You should use urgently the datasheet and the mentioned AN.
The TapLinx team
+ 0 | - 0
- Get the key version
-
AuthorPosts
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic.