Topic: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

Hi @all.

I want to use a DESFire card to encrypt 16B data with an internal stored key.
(No mutual auth, only the Card should be authenticated)

IMHO the ISO7816-4 INTERNAL AUTHENTICATE command  http://www.cardwerk.com/smartcards/smar … x#chap6_13
can be used for that purpose.

As stated in http://ridrix.wordpress.com/2009/09/19/ … n-example/
and http://www.nxp.com/acrobat_download2/ex … DS_N_1.pdf (page 8)
the DESFire EV1 does support that command

I did not found that command used in the libnfc-source (I think you only use native and native-wrapped commands)
but it seems to be used in http://www.springcard.com/support/apido … ml#robo114


I tried to dispatch some ISO7816-4 Commands to the PICC and got responses, but no success with INTERNAL AUTHENTICATE.

CMD-Bytes:

                    byte[] internalAuth = new byte[]{ 
                            0x00,    //CLA    As defined in 5.4.1
                            (byte)0x88,    //INS    '88'  INTERNAL AUTHENTICATE
                            0x00,              //P1    Reference of the algorithm in the card
                            0x00,              //P2    Reference of the secret, see table 65
                            0x10,               //Lc    Length of the subsequent data field
                            
                            0x00,          //Payload, Authentication related data (e.g. challenge)
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,          
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            
                            0x10        //Le field     Maximum number of bytes expected in response 
                            
                    };

Response

6d 00

according to http://javacard.vetilles.com/2006/09/26 … n-iso7816/
6d means "The instruction code is not supported (usually with XX=00)"

That is nothing I expected,  http://www.cardwerk.com/smartcards/smar … chap6_13_5
lists the response codes for INTERNAL AUTHENTICATE as:

The following specific error conditions may occur. 
SW1='69' with SW2='84': Referenced data invalidated
                  '85': Conditions of use not setisfied
SW1='6A' with SW2='86': Incorrect parameters P1-P2
                  '88': Referenced data not found

Each of that would be fine, but what should I think about 6d, "instruction not supported"?


OK, here are my Questions:
1. What is your opinion about using INTERNAL AUTHENTICATION to challenge/response-sign (arbitrary) 16b data?
2. How can I use ISO-7816-4 APDU's with DESFire (in general)?
3. How to use ISO-7816-4's INTERNAL AUTHENTICATE?

Thanks in advance,
Max

Re: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

Has anyone had success with INTERNAL AUTHENTICATE? I've tried dozens of permutations of the above, and also get 6d "instruction not supported" in response.

The MF3ICD data sheet says it's supported?

Re: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

Hi Guys,
I met the same problem, does anybody know how to resolve?
thank you very much

Re: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

Hi,

Please note there is DESFire-related commands as card-specific instructions are handled by libfreefare. libnfc is "just" an HAL (Hardware Abstraction Layer) for NFC devices.

I highly recommend you to use libfreefare to drive cards, please check supported cards:
https://code.google.com/p/libfreefare/

I hope it helps.

Romuald Conty

Re: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

thank you
I changed a card, no error responsed.
but every time, the data in the response message is changing.
is it normally?
thank you very much

6 (edited by thae 2014-04-25 04:09:56)

Re: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

Hello!
             I want to know about the card's expiry date. When I read about of Mifare DESFire EV1 ,I have known card's expiry is about 2 years .
So,when over expiry date, the data from card is disappear or not?Please reply me.
                         thank you very much

Re: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

the card details do not go away.

The reader will do a check date and will not work.