SAM_LockUnlock error switching a virgin MIFARE SAM AV2 from AV1 to AV2 Mode

Forum / MIFARE general topics and applications / SAM_LockUnlock error switching a virgin MIFARE SAM AV2 from AV1 to AV2 Mode

Tagged: , , , , , , ,

  • 10. July 2017 at 16:41

    Christopher Lamprecht
    Hello,

    I'm trying to activate the AV2 mode using a SAM_LockUnlock APDU.

    In the SAM_LockUnlock Part 1 APDU following parameters are used:
    P1: 0x03
    KeyNo: 0x00
    KeyVer: 0x00
    MaxChainBlocks: 0x00 0x00 0xFF

    The SAM_LockUnlock Part 1 APDU is sent and Rnd2 with status 0x90AF is received.

    In the SAM_LockUnlock Part 2 i generate the CMAC over the Rnd2, the P1 of part 1, and the MaxChainBlocks (12+1+3 = 16 Bytes no padding needed)
    Next the generated CMAC with the Rnd1 appended is sent and i always get following error code: 0x901E (mismatching CMACs)

    The CMAC is calculated according to "NIST Special Publication 800-38B, May 2005" as referenced in the "P5DF081 - MIFARE secure access module SAM AV2" - Documentation.
    All test vectors of the "NIST Special Publication 800-38B" are calculated correct with my current implementation.

    For the SAM_LockUnlock Part 2 a "truncated CMAC = MACt" is used (8 Bytes). For the MACt i use the first 8 bytes of the calculated 16 byte CMAC.

    I have following questions regarding the error code 0x901E:
    Do i use the wrong CMAC standard?
    Is the MACt calculated wrong by using the first 8 bytes only?
    Did i use the wrong parameters? (KeyNo, KeyVer, MaxChainBlocks)

    Note: AES-128 is used on the SAM

    Best regards,
    Chris
    + 0  |  - 0

    Re: SAM_LockUnlock error switching a virgin MIFARE SAM AV2 from AV1 to AV2 Mode

    11. July 2017 at 9:39

    Christopher Lamprecht
    I solved this issue of calculating the right CMACt.

    The calculation of the CMACt is described in the "AN1823 - Key Management and Personalization" documentation.

    Best regards,
    Chris
    + 0  |  - 0

    Re: SAM_LockUnlock error switching a virgin MIFARE SAM AV2 from AV1 to AV2 Mode

    11. July 2017 at 13:06

    TapLinx Support
    Hi Christopher,

    Good to hear. Your CMAC calculation was wrong?

    I would like recommend you to “AN 1823 – MIFARE SAM AV2 – Key Management and Personalization”. There is a calculated example of Switch to AV2 Mode on page 17.

    The TapLinx team
    + 1  |  - 0

    Re: SAM_LockUnlock error switching a virgin MIFARE SAM AV2 from AV1 to AV2 Mode

    2. August 2017 at 14:12

    Claudio Curcio
    Hi Christ,
    Please, could you give me the specific page in AN1823 on which the calculation procedure is indicated?
    Thank you and best regards.
    Claudio
    + 0  |  - 0
  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.