SAM AV2 SAM_ChangeKeyPicc 0x6985

[Hugo]

Hello,

I’m trying change the keys of a clean DESFire EV2 using new AES-128 keys stored into a SAM AV2.
At this point I know how to store keys in KST of the SAM, however to do this type of operation I have some doubts related to SAM_ChangeKeyPicc command.

Is it possible generate the ChangeKey cryptogram using the SAM in offline mode (without card access) and send afterwards the cryptogram to the card?
If yes, which key class and settings (SET) must be used in KST keys? Picc keys or Offline keys?

Or, is it always necessary perform a SAM_AuthenticationPicc (0x0A) previously? If yes, the card key for authentication must be stored into KST as Picc Key class? Are there other key settings (SET) required to do such operation?

I have tried using the SAM_ChangeKeyPicc command but the SAM command is always returning the status 0x6985.


Best Regards,
Hugo Bicho

---

+ 0  |  - 0

[TapLinx Support]

Hi Hugo,

If you want to change a card key, you always have to authenticate with the key number you want to change first. Finally you can change the key. This procedure can be done using card commands in a secured environment (as part of a card personalization). If you want to do it via SAM commands, you have to call first SAM_Authenticate_PICC and then SAM_ChangeKeyPICC.

Error 0x6985 says, that either no valid PICC authentication is available or the key is disabled or cannot be used for DESFire key change.

The TapLinx team

---

+ 0  |  - 0

[Author]

Posts