0

I have purchased a number of DesFire EV1 from a HK based Company for a project i'm working on . some of the cards that are supposed to be factory empty had a number of applications on. reading the card properties seemed to identify them as :

"Reiner LoginCard" (or "OWOK", how they name it, https://cardlogin.reiner-sct.com/) - they have been distributed by a german computer magazine ("Computer BILD")" ...

the problem is the following : the command and applications return weired results such as : Max Nb Keys = 0 no settings some applications have a max number of keys = 133 ...

here is a screen capture of the card content. any idea on what causes this ? does this mean that the DesFire EV1 security and anti tampering mecanism kicked in and returns false data ?

enter image description here

user300435
  • 95
  • 5

1 Answers1

1

The result you show above for the GetKeySettings command (FF 00 91 00) looks like a valid response (assuming that you selected an application other than the PICC level). This gives you

  • Key settings = 0xFF:
    • all keys are frozen
    • configuration can be changed
    • free create/delete without master key
    • free directory list without master key
    • application master key is changeable
  • Max # of keys = 0x00:
    • application has no keys

Regarding your results:

  • An application may have zero keys, so receibving 0x00 for the number of keys is possible.
  • 133 is not a vaild value for the maximum number of keys. An application may have at most 14 keys. However, this seems to be a decoding issue in your software. 133 (0x85 in hexadecimal) seems to be the value received from the GetKeySettings command. However, the two most significant bits in that value encode the crypto operation for new keys. So in your case, 0x85 (133) would actually be 5 keys + AES operation.
Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • Thank you Roland for your response. that explains quiet few things ... there is one thing however i am not sure about and will have to verify "assuming that you selected an application other than the PICC level". i'll get back to you on this. in case MaxNbKeys == 00 , how to athenticate the application then , should i skip the authentication on these apps to send application and file level commands ? tia. – user300435 Sep 25 '14 at 16:11
  • @user300435 There is no authentication for that app. Typically, such an app will allow at least free read access to files & possibly also free directory list. – Michael Roland Sep 25 '14 at 16:33
  • that is true Michael. bt since they were supposed to be carsd coming out of manufacturing and they are not ... i was looking for a way to Piccformat them ... and that's when i hit a wall. :) – user300435 Sep 26 '14 at 17:52