Topic: DESFire Create Application command

Hello folks

I'm currently working on a DESFire implementation based on libnfc.
Currently I have a working implementation where I'm able to authenticate, create and delete applications/files, etc...
Now I'm working on security. I want different applications that use different keys to authenticate.
I have access to the documentation of NXP but it's still not clear how to do this.
Currently I create an application with the following raw APDU command:
0xca,0x0,0x0,cid,0x01,0x01 where "cid" is the application ID. I believe the next bit says that I use application key nimber 1? is that correct? And the one thereafter says that I want to use Native TDES mode? but I'm unsure of that as well. Could somebody clarify the situation for me?

Re: DESFire Create Application command

Hi bino

Are you implementing a library to communicate with a real target or a library that emulates a Mifare DESFire ?  The former already exists through the libfreefare [1] and is nearly production-ready, the latter would be really interesting and any link to a FLOSS implementation would be cool :-)

The NXP documentation says CreateApplication (AID, KeySettings, NumOfKeys), so you seem to have inverted the two last arguments, and your AID is wrong (first AID nibble SHALL be 0xF).  DES can be tricky, I had to create a mifare_des() function to do DES à la NXP [2]…

  2. … cate.c#243

Re: DESFire Create Application command

Thanks for your reply.
When I started my project libfreefare there was no support for DESFire. I noticed that it is nearly ready yes but I would prefer to continue with what I have since I've seen that it would be quiet a bit of work to reprogram my application for libfreefare.
I'm trying to communicate with a real target.
Could you tell me what the different settings are for the key settings?
I just want two applications at minimum on my card with a different key. Untill now I can only create applications that all use the same key. Many thanks in advance for your reply.

Re: DESFire Create Application command

Well, section 4.3.2 of the documentation contains all the details of the file settings byte… It starts in top on page 33 and finish on page 35.  If some point is still a problem for you, please tell us exactly what it is, and we'll try to give you some pointers.


Re: DESFire Create Application command

Thanks for your reply.
Then I have just one silmple question. Is it possible to assign a specific key during application creation or can you only define different keys for different application afterwards via the ChangeKey command?

Re: DESFire Create Application command

No, CreateApplication only creates the application with the number of keys you require all NULL-initialized.  You have to ChangeKey all keys in turn after application creation to set personalized keys.

Re: DESFire Create Application command

DESFire I  can create application, read* write etc  but i can NOT ChangeKey
the "TDES worked example"
has  Key 1C94D15B507F8C2C6DD3C3BEF2C8FA75
data F1E3D1C7B1A3918F
output of 35E431B4BE541C0A

- this cannot be any possible TDES, so I guess there's an iv (which the worked exampe doesnt mention)
chained iv is typically the tail of the most recent crypto OR crc operation
Any hints ? I've tried a few

Change Key Same key and Changekey Different Auth key both fail

ChangeKey   911E INTEGRITY_ERROR CRC or MAC does not match dataPadding bytes not valid


    void changeKeySame(byte keyNum, byte[] newkey16, byte[] AID, byte[] amkdata)  // key to change = Authorisation key
    {   // not working...
        // keyNum = key to change  Must be 0 (if Keysettng b7 = 0)    key16 = new key data  amkdata = old data
        byte[] bHead = Uti.asHex("90C4 00 00 19");   
        byte[] bChangeKey = new byte[31];  //5 + 1 + 24 + 1
        bChangeKey[5] = keyNum;
        selectApplication(AID);   // OK
        mk24 = Uti.triple(amkdata);  // 24 from 16
        byte[] Sess = authenticateDES(mk24,keyNum);
        byte[] data24 = new byte[24];
        byte[] crc16a = Uti.CRC16(newkey16);  // tested against worked examples
        System.arraycopy(newkey16,    0,data24, 0,16);
        System.arraycopy(crc16a,      0,data24,16, 2);

        byte[] ivz = {0,0,0,0, 0,0,0,0 };
        byte[]  decData = Uti.decrypt(Sess,ivz, data24);    // ivz no good
        CommandAPDU aChangeKey = new CommandAPDU(bChangeKey);
        ResponseAPDU respa  =  null;
        try {
        respa  =  term.Cardch.transmit(aChangeKey); // -> Card
        catch (javax.smartcardio.CardException cex)
                print("\n ChangeKey  " + cex.getMessage());
        catch (java.lang.IllegalArgumentException dex)
                print("\n ChangeKey  " + dex.getMessage());
        print("\n ChangeKeySame  " +  Uti.erctrans(respa.getSW()) + "<<<" + Uti.asString(respa.getData()) + ">>>"); //▼▼▼▼▼▼▼▼