MIFARE DESFire EV1 Authentication Issue

Question

I've been trying to authenticate with a MIFARE DESFire EV1 card with the default key (00000000h) for the last week to no avail. I have followed this blog 's instructions to the letter. I implemented Send mode CBC and Receive mode CBC like this:

var
  SendVector, ReceiveVector: UInt64;

procedure ResetVectors;
begin
  SendVector := 0;
  ReceiveVector := 0;
end;

procedure Encrypt(var Data: TBytes; Key: TBytes);
var
  iData, iKey: UInt64;
  i: Integer;
begin
  if Length(Data) mod 8 > 0 then
    SetLength(Data, Length(Data) + (8 - Length(Data) mod 8));

  Move(Key[0], iKey, 8);
  for i := 0 to (Length(Data) - 1) div 8 do
  begin
    Move(Data[i * 8], iData, 8);
    EncryptInt64(iData, iKey);
    Move(iData, Data[i * 8], 8);
  end;
end;

procedure EncryptInt64(var Data, Key: Int64);
begin
  Data := Data xor SendVector;
  DESEncrypt(@Data, @Key);
  SendVector := Data;
end;

procedure Decrypt(var Data: TBytes; Key: TBytes);
var
  iData, iKey: UInt64;
  i: Integer;
begin
  Move(Key[0], iKey, 8);
  for i := 0 to (Length(Data) - 1) div 8 do
  begin
    Move(Data[i * 8], iData, 8);
    DecryptInt64(iData, iKey);
    Move(iData, Data[i * 8], 8);
  end;
end;

procedure DecryptInt64(var Data, Key: Int64);
var
  Tmp: UInt64;
begin
  Tmp := ReceiveVector;
  ReceiveVector := Data;
  DESDecrypt(@Data, @Key);
  Data := Data xor Tmp;
end;

This is the log of APDU commands I sent to the card, and their corresponding responses:

-->90 6A 00 00 00 // List Applications
<--01 02 03 
<--9100 (OK)

-->90 5A 00 00 03 00 00 00 00 // Select PICC
<--9100 (OK)

-->90 1A 00 00 01 00 00 // ISO Authenticate with master key (00000000h)
<--91AF

-->90 AF 00 00 00 // Retreive RndB
<--A4 4C 2B D1 EB 6F 64 0C 
<--9100 (OK)

-->90 AF 00 00 10 0D 9F 27 9B A5 D8 72 60 25 DD 7A 19 63 0F 26 2D 00 // Send DES(RndA + RndB')
<--91AE (AUTHENTICATION_FAILURE)

Here is the whole code of my Authenticate method:

procedure Authenticate;
var
  Key, Data: TBytes;
  s: string;
  b: Byte;
  RndA: UInt64;
  i: Integer;
begin
  ResetVectors;
  Key := HexStringToBuffer('00 00 00 00 00 00 00 00');
  s := '90 1A 00 00 01 00 00';
  s := SendAPDU(s, False);
  Data := HexStringToBuffer(s);
  Decrypt(Data, Key);

  b := Data[0];
  for i := 0 to 6 do
    Data[i] := Data[i + 1];
  Data[7] := b;

  RndA := 1; // not very wise

  SetLength(Data, 16);
  Move(Data[0], Data[8], 8);
  Move(RndA, Data[0], 8);

  Encrypt(Data, Key);
  s := '90 AF 00 00 10 ' + BufferToHexString(Data) + ' 00';
  SendAPDU(s, False);
end;

I'm lost as to why the card is rejecting my authentication attempt flatly. Any thoughts?

---

Here's the diagram of CBC Send and CBC Receive algorithms as per DESFire EV1 manufacturer instructions:

Answer 1

Try replace encrypt to decrypt in DES cipher. Card ALWAYS uses DES ENCRYPT mode (both when recieving and sending data). And the host ALWAYS uses DECRYPT mode.

For more info: https://ridrix.wordpress.com/2009/09/19/mifare-desfire-communication-example/#comment-30

Answer 2

During an ISO or AES authentication the following scheme is used:

1. Random B is received from the card with RECEIVE + DECIPHER
2. Random AB is sent to the card with SEND + ENCIPHER
3. Random A is received with RECEIVE + DECIPHER

IMPORTANT : ALL encryption goes through CBC. The IV of the key used for CBC encryption/decryption is only reset ONCE at the beginning. Then it must be maintained up to date during ALL the following commands.

If you use ISO or AES mode, after a successfull authentication, you MUST also calulcate the CMAC over sent commands and received data, otherwise your IV will not be in sync with the card and you get an Integrity Error each time you use the Session key!

As I was struggeling with the same problems I posted some communication examples that will help you much in testing your code. You find them here on Stackoverflow: Desfire EV1 communication examples There you also find a link to my source code that I recommnd you to study.