Tagged: DESFIRE AES CRC32
After authenticating with an AES PICC master key, I have an AES session key.
I use A PC/SC reader under Windows so I send APDU wrapping the native DESFire EV1 protocol.
To change key settings ( cmd 0x54 ) to 0x0B I must send an APDU looking like this :
CLA INS P1 P2 LEN Ciphered Key Settings RLEN
0x90 0x54 0x00 0x00 0x10 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0x00
Ciphered Key Settings is obtained by cyphering Data with the session key
The Data are, the key settings value (0x0B) a CRC32 and 11 null (0x00) bytes of padding.
The MF3ICD81 documentation gives little information about which data the CRC32 should be caclulated on.
It says to use the same security mechanism as for the ChangeKey command.
I suppose I'm in the case of "AuthenticationAES 0xAA", CASE II :
- Should I add the Key version (0x00) ?
I tried this :
CRC32( 0x0B ) => BA 2F C9 FA
CRC32( 0x0B 0x00 ) => 5D D2 34 CB
CRC32( 0x54 0x0B ) => F7 23 AC D8
CRC32( 0x54 0x0B 0x00 ) => 88 FF 79 4A
All I get is 0x1E : Integrity error !
What do I miss ?
+ 0 | - 0
Ok I found my problem.
The CRC32 is calculated on CMD + KeySettings
My CRC32 algorithm was correct, but it has to be sent LSB first.
In my example :
CRC32( 0x54 0x0B ) => D8 AC 23 F7 (not F7 23 AC D8 !)
+ 0 | - 0
Hello, I'm facing the same issue in PICC Change key settings, when PICC master key is of AES type.
My cryptogram logic works fine in Change PICC/Application keys.
Can you guide me, where I'm doing wrong?
A preceding AES authentication got success with PICC Master Key.
AESEncryption AES = new AESEncryption();
IV = "00000000000000000000000000000000";
string CRC32_For_Data = Crc32.Compute("540B"); //CRC calculation for data
CRC32_For_Data = CRC32_For_Data .Substring(6,2) + CRC32_For_Data .Substring(4,2) + CRC32_For_Data .Substring(2,2) + CRC32_For_Data .Substring(0,2); //To send LSB first
string DataWithCRC = PaddingDesFire(CRC32_For_Data, 32, "00"); //to make data of 16 bytes
string EncipheredData = AES.AESEncipher(DataWithCRC, LastSessionKeyAES, IV);
APDUCommand = “54” + EncipheredData; // ChangeKeyCommand + EncipheredData, which contains New KeySettings (0x0B)
CardResponse = Transmit(ReaderName, APDUCommand, “T1”); // it gives 0x1E response, either I send MSB or LSB first
Thank you in advance
+ 0 | - 0
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic.