Problem authenticating against a new application to create a file (EV2 tag)

[Diego Palomar]

Hi guys, I'm working with a Mifare Desfire EV2 chip I want to create an application protected by password which has to contain 1 file. What I'm doing first is to authenticate at the PICC level using the default Master key and then I try to create the file. I want to encrypt the data saved in the chip using AES. Below the code I'm using. The PICC authentication works but the sdk shows me the error message 'com.nxp.nfclib.exceptions.InvalidResponseLengthException: Authentication Error` after I create the new application then I select it and then I try to authenticate. So far as I understand a new application uses the default master key. Can you please provide some information about what I'm doing it wrong. After I create the file I would like to change the default app password but I'm struggling to create the file. Thanks in advance! :)

private void createAppAndFile() {

    final byte[] APP_ID1 = {(byte) 0x00, (byte) 0x00, (byte) 0x01};

    final int fileNo = 5;

    final byte[] fileData = new byte[]{(byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE};



    EV2ApplicationKeySettings appsettings = new EV2ApplicationKeySettings.Builder()

        .setAppKeySettingsChangeable(true)

        .setAppMasterKeyChangeable(true)

        .setAuthenticationRequiredForFileManagement(false)

        .setAuthenticationRequiredForDirectoryConfigurationData(false)

        .setKeyTypeOfApplicationKeys(KeyType.AES128)

        .build();



    KeyData aesKeydata = new KeyData();

    aesKeydata.setKey(new SecretKeySpec(SampleAppKeys.KEY_AES128_PICC_MASTER, "AES"));



    KeyData desKeyData = new KeyData();

    desKeyData.setKey(new SecretKeySpec(SampleAppKeys.KEY_2KTDES, "DES"));



    try {

      piccAuthentication();



      desFireEV2.createApplication(APP_ID1, appsettings);

      desFireEV2.selectApplication(APP_ID1);



      // The authentication fail in at this point

      desFireEV2.authenticate(0, AuthType.AES, KeyType.AES128, aesKeydata); 

      

      // This doesn't work either

      // desFireEV2.authenticate(0, AuthType.Native, KeyType.TWO_KEY_THREEDES, desKeyData); 



      StdDataFileSettings fileSettings = new StdDataFileSettings(CommunicationType.Enciphered,

          (byte) 0xE, (byte) 0xE, (byte) 0xE, (byte) 0xE,fileData.length);

      desFireEV2.createFile(fileNo, fileSettings);



      desFireEV2.writeData(fileNo, 0, fileData);

    } catch (Exception e) {

      e.printStackTrace();

    }

}



private void piccAuthentication() {

  try {

    desFireEV2.selectApplication(0);



    SecretKey originalKey = new SecretKeySpec(SampleAppKeys.KEY_AES128_PICC_MASTER, "AES");

    KeyData keyData = new KeyData();

    keyData.setKey(originalKey);



    desFireEV2.authenticateEV2First(0, keyData, new byte[]{0, 0, 0, 0, 0, 0});



  } catch (Exception e) {

    e.printStackTrace();

  }

}

---

+ 0  |  - 0

[TapLinx Support]

Hello Diego,

You have to select or create an application first before you can create a file. Skipping this is the attempt to create a file in the “root directory” which is not possible. Please have a look into the DESFire EV2 data sheet.

Regards,
The TapLinx team

---

+ 0  |  - 0

[Diego Palomar]

That's exactly what I'm doing, didn't I? The problem here is that even before I try to create the file the authentication at the application level fails. As you can see what I'm doing first is to authenticate at the PICC level then I create the new application then I select the new application and then I try to authenticate at the application level but that authentication fails (as you can see I'm using the default application key). Before I create the new file I want to change the application password but the default authentication fails. I would appreciate any help to solve the application authentication problem. Thanks!

---

+ 0  |  - 0

[TapLinx Support]

Hello Diego,

Your approach looks good. The selection of AID=0 is only required, if you create a new application. After creation you select this application and authenticate with the default key (00…00) to card key #0. Now you create the file. If you set key permissions, e.g.: write key is key #1, you have to authenticate with key #1 before you can write.

The 2K3DES key is the default Master PICC key for a new card. I recommend to change it to an AES128 key and use always AES128 keys for files. So create an application always with the AES128 key type.

Here is a similar code snippet of what you want to do:

https://www.mifare.net/support/forum/topic/desfire-ev1-cannot-create-files-other-than-value-file/

Please scroll down for the example code.

The TapLinx team

---

+ 0  |  - 0

[Diego Palomar]

Hi TapLinx Support,

Thanks for your reply. Finally I was able to fix my problem reseting the app default key with this code:

EV2PICCConfigurationSettings settings = new EV2PICCConfigurationSettings();

settings.setAppDefaultKey(SampleAppKeys.KEY_AES128_ZEROS, (byte) 0x1);

desFireEV2.setConfigurationByte(settings);

Regards,
Diego

---

+ 0  |  - 0

[TapLinx Support]

Hello Diego,

Fine! After the personalizing of card you should change all keys. Please take in mind: before you can change a key you have to authenticate with the old key value to proof that you have the permission. Then you call the change key command where you write the new key value.

Regards,
The TapLinx team

---

+ 0  |  - 0

[Author]

Posts