Forum / MIFARE general topics and applications / Mifare Plus S change sector AES keys
Tagged: mifare plus aes
-
Hello,
What is the procedure to change the sector keys once the personalization from SL0 is done and the card is either in SL1 or SL3? I've tried to write the new key from SL3 to a wanted block (for example 0x4002), the card returns 0x90 (ok), but the key is not persistent, at authentication time I still need to authenticate with the original key.
+ 0 | - 0
Hi Daniel,
In SL1 (MIFARE Classic emulation mode) you can only use the keys A and B in the sector trailers. The AES sector keys (in 0x4000, …) can be used only in SL3. In SL3 you must be authenticated with key 0x4000 to read and write sector 0 for example. You can change key 0x4000 if you want after authentication.
For the switch to SL3 you must prepare the “switch keys” in 0x9000, …
The TapLinx team
+ 0 | - 0
Thanks for the answer.
I am able to do personalization in SL0 and switch from SL1 to SL3 and also to read/write in SL3, but only with the keys that I personalized in the first step on a blank SL0 card.
How can I change an AES sector key after authentication? In SL3 if I authenticate to sector 0x4000 and then write the new key to 0x4000 with write plain maced it doesn't seem to stay persistent, after poweroff/poweron of the card I still need to authenticate with the original key, the new key that I write in 0x4000 seems to be ignored.
To be more exact, the problem is that we are in the process of requesting our Mifare Plus S cards to come personalized in SL1 instead of blank and in SL0, but we want to change the factory provided sector keys for security purposes and I'm not sure what the procedure is to change an AES key.
+ 0 | - 0
Actually it seems the error code is "Current command code is not available at the current card state".
+ 0 | - 0
Ok, I solved it, the keys can't be updated with write plain maced, they need to be written encrypted.
I have another problem though, I can only use first authentication, afterwards I can't complete the challenge for the following authentication command. I'm probably missing a step or two. At the moment I'm working around it with resetting auth, but I'm not sure this is the correct way. How can I correctly use the challenge from following authentication, 0x76?
+ 0 | - 0
Hi Daniel,
Yes, you cannot use Write() with plain data to write a key. The Plus has a FirstAuthenticate() and a FollowingAuthenticate(). The latter command allows to use a different block without resetting the whole session. Both commands have a first and a second part in its command! Did you forget this second part?
Please remember, for an authentication you must proof to the card that you are authorized, and the card must proof to you it also! Therefore, this is always a two-step-procedure.
The TapLinx team
Addendum:
The datasheet “MF1PLUSx0y1 - Mainstream contactless smart card IC for fast and easy solution development” contains a calculated example for an authentication in “9.8 Example transaction in security level 3”, page 86. I hope, this helps to understand how to implement it.
+ 0 | - 0
Thanks for the answer.
No, I didn't forget the second part, but if I feed in the auth second part the same 32 bytes that I compute for first authentication it's not ok, the card returns authentication error, that's why I think I must return something else and also not derive kenc/kmac again as this would go against the idea of a lighter form of authentication. However, I'm not sure what the second part looks like for following authentication.
Unfortunately, all the datasheets that I can find with the name you mentioned have about 20 pages, they seem to be vastly shortened.
+ 0 | - 0
Hi Daniel,
The security of the MIFARE Plus is NDA classified. You will not find all details in public. You can get the detailed datasheet if you sign a NDA. We need the legal business address from you or your company. You can write to me at: taplinx@nxp.com. I will hand it over your request to one of my colleagues.
You need this detailed datasheet to implement the authentication and encrypted communication.
The TapLinx team
+ 0 | - 0
awesome thuis post. i like this post
free gift cards codes generator and free gift cards codes generator and free gift cards codes generator and online video downloader
+ 0 | - 0
Kronospoker <a href="https://kronospoker.com/">Situs Judi Online</a>, <a href="https://kronospoker.com/register.php">IDN Poker</a>, <a href="https://kronospoker.com/mobile.php">IDN Poker Mobile</a>, <a href="https://kronospoker.com/game_news.php?menu=game">Agen Poker Terpercaya</a> Indonesia untuk permainan <a href="https://kronospoker.com/index.php">Poker Online</a>, Domino Qiu Qiu, <a href="https://kronospoker.com/contact.php">Cemeqq</a>, Capsa Susun dan <a href="https://kronospoker.com/referral.php">Super10</a>
+ 0 | - 0
Kronospoker Situs Judi Online, IDN Poker, IDN Poker Mobile, Agen Poker Terpercaya Indonesia untuk permainan Poker Online, Domino Qiu Qiu, Cemeqq, Capsa Susun dan Super 10
+ 0 | - 0
-
AuthorPosts
Viewing 11 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic.