authentication error in mifare plus card using nxp sdk advanced

1.2k views Asked by At

for authentication of the plus card, I am using the following method signature as provided in nxp javadoc

public void authenticateSL3(boolean firstAuth,
               int blockNo,
               int keyNo,
               byte keyVersion,
               byte[] divInput,
               byte[] pcdCap2In) 

Parameters:

firstAuth - false: Following Authentication; true: First Authentication
blockNo - address of the AES authentication key. please check the MIFARE Plus datasheet for the sector AES key addresses.
keyNo - Key Storage number
keyVersion - Key Version number
divInput - Diversification Input used to diversify the key
pcdCap2In - Capabilities of PCD, which define what PCD is capable to do.(00H to 06H)

javadoc link

https://www.mifare.net/files/advanced_javadoc/

for example

byte[] divInput = null;

byte[] pcdCap2In = new byte[0];

objMfPlusNfcCard.authenticateSL3(true, block_no, 3, (byte) 0, divInput,
                pcdCap2In); 

In the above method third parameter value (3) and 4th parameter value ((byte) 0) are the index of the AES_key and version of AES_key consequently, as added in the keystore object as follows

private IKeyStore ks= KeyStoreFactory.getInstance().getSoftwareKeyStore(); 

ks.formatKeyEntry(3, IKeyConstants.KeyType.KEYSTORE_KEY_TYPE_AES128); 

ks.setKey(3, (byte) 0,IKeyConstants.KeyType.KEYSTORE_KEY_TYPE_AES128, MIFARE_PLUS_KEY_AES128); 

I am facing the problem in figuring out the what could be the block_no parameter value in objMfPlusNfcCard.authenticateSL3 method

I also did a search for AES key addresses in the MIFARE Plus datasheet for the sector, but did not find any such information.

MIFARE Plus datasheet link provided below

http://www.nxp.com/documents/short_data_sheet/MF1SPLUSX0Y1_SDS.pdf

1

There are 1 answers

0
vellotis On

I ran to the same question while trying to activate Security Level 3 with First Authenticate command. I knew that the end result for the command that needed to be sent to the MF Plus card was "70 03 90 00"(hex). So trial and error led me to the solution:

byte[] divInput = null;
byte[] pcdCap2In = new byte[0];

objMfPlusNfcCard.authenticateSL3(true, 0x9003, 3, (byte) 0, divInput, pcdCap2In);

So for me the block number is actually the sector number for the "Security Level 3 Switch Key". Otherwise it would be following the method above:

AES Sector Keys for sector 0 to 39 (40 00h to 40 4Fh)
  Key A = sector number multiplied by 2
  Key B = sector number multiplied by 2 +1
  E.g. Key A for sector 2 has number: 40 04