Topic: Change key AES to AES

Good morning everyone!

I have an issue trying to change AES default master key in Mifare desfire, my authentication procedure is successfull but I always get an error from the card trying to effectively change the aes key. Here are the different steps I do. It would be great if somebody could help me as I am stuck with it since 5 days trying to do this using a ACR122U PCSC reader plugged on my Windows laptop.

AES key : 00 … 00

Authentication with the PICC master key (00) and 0xAA command :

Ciphered RndB (received from the PICC) :

76 A4 40 10 FE A9 DE F6 42 CE CB 0B C7 9F 1C 5C

Deciphered RndB :

17 26 6E C6 18 03 EE D1 23 45 FE E6 02 31 E6 FB

RndB’:

26 6E C6 18 03 EE D1 23 45 FE E6 02 31 E6 FB 17

RndA (generated by the PCD):

82 F6 C3 29 C0 00 50 07 B1 A7 5F 0B D8 37 5B CD

RndA and RndB’ concatenation :

82 F6 C3 29 C0 00 50 07 B1 A7 5F 0B D8 37 5B CD 26 6E C6 18 03 EE D1 23 45 FE E6 02 31 E6 FB 17

Ciphered datas to send:

C3 95 0F 45 1D 25 84 D8 FB 3A 52 79 E7 D2 36 D3 F5 A6 65 79 7F D6 D2 57 24 03 97 F9 CE 26 BF 1D

Datas received from PICC with successful code :

4B 98 54 6C BC 27 99 7E B2 E0 58 AD 3A A8 5D EE

Session key : 82 F6 C3 29 17 26 6E C6 D8 37 5B CD 02 31 E6 FB

Authentication OK!

Change key :

New AES key = 01 … 01

CRC calculate over:

C4 80 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00

CRC value:

BC 71 57 FB

Datas to ciphered:

01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 BC 71 57 FB 00 00 00 00 00 00 00 00 00 00 00

Ciphered datas:

8A 6B 2D 2C 58 33 40 64 BC 8C 95 7C 5A 90 E4 B6 C1 E9 64 E9 22 AF 60 8D E4 20 A1 E6 6C 8C 1E 9C

Datas to send (without command byte):

80 8A 6B 2D 2C 58 33 40 64 BC 8C 95 7C 5A 90 E4 B6 C1 E9 64 E9 22 AF 60 8D E4 20 A1 E6 6C 8C 1E 9C

Complete sent APDU buffer as input of the ScardTransmit method:

0 C4 00 00 21 80 8A 6B 2D 2C 58 33 40 64 BC 8C 95 7C 5A 90 E4 B6 C1 E9 64 E9 22 AF 60 8D E4 20 A1 E6 6C 8C 1E 9C 00

PICC always return 0x911E

Thanks for help...