I'm having troubles creating new IV after authenticating. I'm not sure if my understanding of the concept is right, even with MIFARE documentation. Data on the card is fully enciphered.
These are the steps I'm taking:
- AuthenticateISO with zero IV (0x1A with 3K3DES key)
- Response from card (encrypted RandA'):
08 48 CD A3 43 C5 00 FE 1D 78 D1 E5 A9 24 26 5A 91 00 - First 8 bytes should be CMAC and updated IV(?):
08 48 CD A3 43 C5 00 FE - Create 3K3DES session key:
74 EF 23 87 10 E4 3B E6 BE C8 4C 41 74 03 08 A9 7F F3 FA 59 15 E4 C5 06 - Call getValue:
90 6C 00 00 01 [FileID] 00 - Response from card:
A2 3C CB 70 BE 4D D5 22 91 00 - Decrypt first 8 bytes from response with session key and updated IV
- Decrypted result:
7F 7D 80 F5 [CRC32]
After the last step, the first four bytes should be the value and the last four CRC32. But for sure I'm not doing something right with IV, because result isn't correct. It should be 0F A0 00 00 [CRC32].
Could anyone have any pointers to what I'm doing wrong? I've been trying to solve this for at least 2 weeks and have come nowhere.
You put Android Tag in your Question. I would suggest you to use TapLinx SDK which is free of charge and offer Java Level APIs for MIFARE and some other NXP Cards. It makes communication to card a lot easier and Documentation is good.