SAM_LockUnlock command

[Ahmad]

Hi,
SAM_LockUnlock command is required before sending any command to sam
i am sending command to SAM directly
SAM Command:80 0A 00 00 12 33 00 D2 1A CB C7 BB 88 D6 31 10 72 0B E9 E4 46 94 45 00
SAM response:69 85
why it is giving 69 85 response

---

+ 0  |  - 0

[TapLinx Support]

Hi Ahmad,

Please let me correct it: SAM_LockUnlock is only required if you want to change or update one of the saved credentials. This command start a mutual authentication between the SAM and the host system.

The return value 6985 means the key is already locked/unlocked or a mismatch between unlock key number and version occurs.

The TapLinx team

---

+ 0  |  - 0

[Ahmad]

Hi,
Thanks for your response
we can authenticate the Desfire EV1 card with SAM AV2 directly no need to LockUnclock the SAM ? or it is required.
How i know that SAM is in x-mode or non x-mode?

---

+ 0  |  - 0

[TapLinx Support]

Hi Ahmad,

You need the host mode only to prepare the MIFARE SAM AV2 with card keys. Later, the SAM will do the authentication autonomously in X mode. Or it is handled by your micro controller software (non-X mode). Which mode do you use depends from your application.

The TapLinx team

---

+ 0  |  - 0

[Tithi Patel]

Dear NXP Team,

We have scenario in which we have customer's SAM so we only know Host Key which was used to lock SAM card and using same SAM we need to personalize MiFare Plus card in that case do we need to "Authenticate Host" or "Unlock" card? Or we could directly start personalizing card without authenticating SAM?

Because while trying to unlock SAM via NXP RFIDDiscover tool with key provided by customer we receive 6985 error but customer is sure that key and position is correct.

Could you please guide us to unlock SAM please?

Regards,
Tithi Patel

---

+ 0  |  - 0

[TapLinx Support]

Hi Tithi,

You need the host key only, if you want to personalize the SAM. Usually you change key values and key versions in the personalization. In my SAM AV2 (see the picture), the host key is the key with number 0. The host key must be an AES key (either 128 bit or 192 bits).

The other keys are PICC keys. This keys are used for the authentication of MIFARE cards and can be 2K3DES, 3K3DES or AES keys. This keys are set with a changeKey command in a “host session”. Later, if all PICC are defined, you can use the keys e.g. for an authentication to a MIFARE Plus (with SAM_AuthenticateMFP) or for reading (SAM_CombinedReadMFP) writing (SAM_CombinedWriteMFP) in encrypted communication. This is usually part of a microcontroller software.

When your customer hand-over a SAM to you, then the customer personalized the SAM before and you does not need to know the host keys. All you need to know is where are the PICC keys you have to use and which key versions you have to use. Please note: you cannot readout key values directly.

The TapLinx team

---

+ 1  |  - 0

[Tithi Patel]

Hi,

Thank you for your reply.

The process we follow is:

We pass Key Number and Key Version to the SAM_DumpSecretKey function with Diversification Input as UID. P1=02 and P2=00. This returns me 6985.

If SAM_DumpSecretKey is not allowed, how to personalize the MF Plus? Customer is already using this SAM for personalization of MF Plus cards since last couple of years.

Thank you!

---

+ 0  |  - 0

[Tithi Patel]

Hello, We have tried without Authentication and following above mentioned process but receiving 6985.

We really need help as soon as possible. may i kindly request you to assist us with remote session please?

---

+ 0  |  - 0

[Author]

Posts