Forum / MIFARE SmartCard IC`s / Sam Av2 ChangeKey
Tagged: changeKey 6Ah 84h
-
Hi, I was trying do changekey 80 C1 to key 0x01 type Host. When my key by to insert in updated A is a array of 16 bytes of 0's {byte 0x00} the change is Ok, but the key is different the problem is 6A 84 the response of SAM. I am read de documentation and say: "Sam Av2 Lock/Unlock command problem", but I don't understand that mean off.
I was trying tha same process in RFIDDiscover and I could change key.
My data is
Key: 13 FD B0 FF 10 47 24 70 39 91 4C CD 55 66 73 1D
+ 0 | - 0
Sorry for the writing I could not edit the question.
I was trying do changekey command 80 C1 to key 0x01 type Host. When my key by to insert in updated A is a array of 16 bytes of 0's {byte 0x00} the change is Ok, but the key is different and the response is 6A 84 the response of SAM.
The documentation say: SAM Host protection error, only valid in AV2 mode
Key: 13 FD B0 FF 10 47 24 70 39 91 4C CD 55 66 73 1D
APDU: 80 C1 01 9F 48 EF 74 7A 7E F1 8A D2 76 18 0E 79 8C 23 D8 C6 C1 C5 83 CE 13 4A 6E F4 C8 0A 21 B4 66 FF 91 B3 FE 91 8B 21 23 0A 47 ED 1B B6 3A 33 B4 04 5F 6B 44 4B 8F CF 4E 43 2B 41 49 70 94 2A 63 29 5C 04 AF 21 FE 84 05 F8 6E B9 68
+ 0 | - 0
Hi Marcelo,
If you have RFIDdiscover and the key change works, you can study how does it RFIDdiscover right. Did you consider all preconditions, e.g.: if you want to change a host key you must have a valid host authentication before etc.
SAM_ChangeKeyEntry is a complex command. The new key entry must be encrypted and a MAC must be calculated. If something went wrong, the SAM will reject the command. I recommend reading:
AN1823 – MIFARE SAM AV2 – Key Management and Personalization
You will find examples of SAM_ChangeKeyEntry there. This AN is available via our DocStore delivery.
Kind regards,
The TapLinx team
+ 0 | - 0
Hi, I'm sorry by no to check your response. I could get more evidence.
I need to do changeKey with full encrypt host. But the response is 6Ah 84h. In P5DF081 the message of this error is: SAM Host protection error, only valid in AV2 mode, but I can do changeKey with the RFIDDiscover without problem.
The evidence is:
Content removed from TapLinx team
+ 0 | - 0
Hi Marcelo,
It is not allowed for me to publish NDA classified material on a public forum. Therefore, I have removed the content from your post. In cases you want to share it with us, please write to us via email to: taplinx@nxp.com
I will check what you have uploaded and give an answer later.
Sorry,
The TapLinx team
+ 0 | - 0
Hi Marcelo,
If you have a log from RFIDdiscover, then you only need to verify and re-calculate the log values. At the end, you must have the same result as RFIDdiscover.
Some annotations:
The protection mode depends on the protection mode used in the preceding host authentication. If the authentication uses “plain” you can also use plain in change key (I always would recommend using “full protection”). Of course, the preceding host authentication must be successful too. If the authentication fails, no key change will be successful. You use “plain”; therefore, the plain authentication must be successful.
With the programming mask you can define which piece of key credential you want to change. You set bits to change key A, DESFire AID and key number, key reference numbers etc. I would only change the key value with one command and let all other key parameters untouched. Next, I would only change the key version in a separate command. If you try to change everything, also the key configuration in a single command, a little mistake can invalidate the key entry! This is the case if you set inconsistent configuration parameters.
I wonder a little bit, because “6Ah 84h” is not an expected error code for SAM_ChangeKeyEntry() command.
The TapLinx team
+ 0 | - 0
-
AuthorPosts
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic.