Forum / MIFARE SDK / New Application Default Key
-
Please help me comprehend the expected behavior in this scenario
First, I have taking a Blank Desfire card and formats it.
2. I change the default key from DESFIRE_DEFAULT_KEY to COMP_DEFAULT_KEY
objDESFireEV1.changeKey( 0, DESFIRE_DEFAULT_KEY, (byte)0x00, COMP_DEFAULT_KEY, (byte)0, DESFireEV1.KeyType.TWOK3DES,
IKeyConstants.DIV_OPTION_NODIVERSIFICATION,IKeyConstants.DIV_OPTION_NODIVERSIFICATION, null );
3. I authenticate the new Master Key(COMP_DEFAULT_KEY) and it was successful
4. I create a new Application with a new AppID(NewAppID) as shown below
objDESFireEV1.createApplication(NewAppId, getKeySettings(objDESFireEV1), 2, DESFireEV1.KeyType.TWOK3DES);
Question
To authenticate the new Application ID should one use the default Desfire Key as shown below
objDESFireEV1.selectApplication(newAppId);
objDESFireEV1.authenticate(AuthType.Native, DESFIRE_DEFAULT_KEY , (byte) 0, 0, (byte) 0, null);
or the COMP_DEFAULT_KEY as shown below
objDESFireEV1.selectApplication(newAppId);
objDESFireEV1.authenticate(AuthType.Native, COMP_DEFAULT_KEY , (byte) 0, 0, (byte) 0, null);
I thought the later with COMP_DEFAULT_KEY sice its now the cards new default master key, but its falling
+ 0 | - 0
Hi Onyekachi,
Changing the master key #0 is independent of the pre-loaded values for the other keys. If you want to change key #1 you have to authenticate with the default key (00…000) before changing key #1 to another value.
Kind regards,
The MIFARE Team
+ 0 | - 0
Thank you very much for the prompt response,
With the information you provided in-mind, is it possible to prevent one from adding an application to a Desfire card, if they know its a Desfire card and has knowledge of adding application to a card, How does changing the Masterkey prevent one from adding application to the card in anyway?
+ 0 | - 0
Hi Onyekachi,
Yes you can prevent users from creating new applications. This is part of the PICC Master Key setting. Please keep in mind, if you select AID=000000 and authenticate with key #0 it is the PICC Master Key and if AID!=000000 it is the Application Master Key.
This is coded as part of the ChangeKeySettings() command. You can set options for “configuration is changeable yes/no”, “CreateApplication/DeleteApplication is permitted only with PICC Master Key authentication”, “Successful PICC Master Key authentication is required for GatApplications() and GetKeySettings()” etc.
The MIFARE Team
+ 0 | - 0
-
AuthorPosts
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic.