How MIFARE Uses Cookies

[Marco Mühlenstrodt]

It works!!!

In the NXP NFC Reader Libray in Function phStatus_t phalMfdf_Sw_Authenticate() i found an error. The rng loads another key into the pCryptoDataParamsEnc structure. After calling the RNG, the encryption used the wrong key. With an phCryptoSym_LoadKeyDirect after the RNG call it runs.

phStatus_t phalMfdf_Sw_Authenticate()
...
/* Generate RndA */
PH_CHECK_SUCCESS_FCT(statusTmp,phCryptoRng_Seed(pDataParams->pCryptoRngDataParams, bRndB, bRndLen));
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoRng_Rnd(pDataParams->pCryptoRngDataParams, bRndLen, bRndA));

/* Concat RndA and RndB' */
...

/* load key */
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_LoadKeyDirect( // pCryptoDataParamsEnc,
bKey,
wKeyType
));

/* Load Iv. All zeroes */
...

/* DF4 Decrypt */
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Encrypt(
...






I also have a problem with the workbuffer in the second decrypt:
PH_CHECK_SUCCESS_FCT(statusTmp, phCryptoSym_Decrypt(
pDataParams->pCryptoDataParamsEnc,
PH_CRYPTOSYM_CIPHER_MODE_CBC,
bWorkBuffer,
bRndLen,
&bWorkBuffer[1] // pCryptoDataParamsEnc,
PH_CRYPTOSYM_CIPHER_MODE_CBC,
bWorkBuffer,
bRndLen,
bWorkBuffer
));

for(i=bRndLen;0<i;i--){
bWorkBuffer = bWorkBuffer;
}
bWorkBuffer[0] = bWorkBuffer[bRndLen];



Regards
Marco

---

+ 0  |  - 0

[Marco Mühlenstrodt]

Oh, i see that the Mifare SDK in not the right place for my topic. Admin, please move this topic to "MIFARE general topics and applications" or "MIFARE and NFC Reader IC`s". (We use the Chip PN7462)

Best Regards
Marco

---

+ 0  |  - 0

[Author]

Posts