Topic: Change PICC Master Key from DES/2K3DES to AES

Hi all,

I have a problem changing the PICC Master Key from DES/2K3DES to AES.

In one of the Application Notes NXP says, that ich have to send:

Command + Key No + ENCRYPTED( KEY + KEYVERSION + CRC32( Command + Key No + Key + KeyVersion ) + Padding )

That's my log:

CMD
C4

CMD + KEYNO
C4 80

CMD + KEYNO + KEY
C4 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00

CMD + KEYNO + KEY + KEYVERSION
C4 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00

CMD + KEYNO + KEY + KEYVERSION + CRC32
C4 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 8B E9 ED B5

CMD + KEYNO + KEY + KEYVERSION + CRC32 + PADDING

C4 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 8B E9 ED B5 00 00 00

CMD + KEYNO + ENC( KEYNO + KEY + KEY VERSION )

C4 80 7B 82 0E BC 5F 4F F0 DC 7A 34 D4 AF 8F F1
82 9F 6B CD EF 52 71 CB FB 7E

####

The Authentication:

Auth Key = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

CMD + KEYNO
-> 0A 00

ENC PICC CHALLANGE
<- AF F8 71 39 BD 6A 5F CF 9B

ENC PCD + PICC CHALLANGE
-> AF E6 30 5E 7F EF A9 03 6A DD E7 E4 97 0A 47 89 A3

END PCD CHALLANGE
<- 00 19 D6 1D 32 14 9A 62 0E

Session Key Generated
23 47 C1 55 E2 34 D6 F7 7F 80 70 7A 0B 54 24 CA

####

When I try this, I always get 1E from the card, which meas Integrity Error. Can someone find my mistake?

Kind regards

2 (edited by mileaux 2014-09-10 07:53:16)

Re: Change PICC Master Key from DES/2K3DES to AES

Hi,

I found the solution.

Normally with a 16 Byte Key and 2K3DES auth you generate the SessionKey this way:

SessionKey = RNDA(0..3) + RNDB(0..3) + RNDA(4..7) + RNDB(4..7)

However, for changing the PICC Master Key you have to generate the SessionKey this way, even if you're authed with 2K3DES:

SessionKey = RNDA(0..3) + RNDB(0..3) + RNDA(0..3) + RNDB(0..3)

Kind regards