NFC communication - Mifare DESFire EV1 - AES

2
votes

I'm using a HID Omnikey 5321 reader to communicate with a Mifare DESFire EV1 tag. I want to write 16 bytes in a standard data file. I'm using the WinSCard DLL (C++) to wrap Native DESFire command in ISO 7816 APDU message structure. The application selection and authentication are successfully done but I have problem with the Write Data command. The file's communication settings are set to AES, fully enciphered.

File Nb         : 00
Offset          : 00 00 00
Length          : 10 00 00 (LSB first)
Data (16 bytes) : 23 00 00 00 00 00 00 08 12 34 56 78 00 00 00 00

I calculate the CRC from the Native command :

Native command : 3D (File Nb) (Offset) (Length) (Data)
CRC = 7B 8A 60 0F

Then I encipher with the session key and an IV set to 00 :

32 bytes data to encipher : (Data) (CRC) 80 00 00 00 00 00 00 00 00 00 00 00

APDU sended :

90 3D 00 00 27 00 00 00 00 10 00 00 (32 bytes enciphered data) 00

In response I get a " 1E " status code which means CRC or padding error. I don't know where is the problem, the AES encryption algorithm seems to be good because I manage to read data.

It may be the CRC or the IV. Do I have to XOR data with CMAC ?

1
encryptionaesnfcmifarecontactless-smartcard
Just a thought, could it be that the CRC has a different byte order?Maarten Bodewes
The libfreefare CRC calculation gave me 30 D2 07 00 for that command+header+data. Also at least the data sheet says, that commands with known data length should use only 0x00 for padding (though I have to admit that the different sections of the data sheet are ambiguous here, but it's explicitly state for the write command).Michael Roland
Thanks for your help, I manage to write data : I change the way I calculate CRC and it gave me '30 D2 07 00', I also pad with '0x00'.VTerrien
@VTerrien This edit does not really seem to be related to your initial question/problem so you might want to create a new question instead of adding new questions to your initial question. Otherwise you risk this question to be closed for getting too broad.Michael Roland

1 Answers

2
votes

The CRC you are using is wrong. For the command you show in your question, the CRC over command + header + data should be 30 D2 07 00.

Moreover, be careful about the way you have to do the padding. The DESFire EV1 datasheet is ambiguous on that. While the section on AES encryption suggests that CMAC padding should always be used together with AES, the section on padding states that commands with known data length should be padded with all zeros, while commands with unknown data length should be padded with 0x80 followed by zeros. Finally the documentation on the write command explicitly states that the write command should be padded with all zeros for encryption (and that's what you are supposed to do).