2

I'm sending an UPDATE BINARY command to write to the memory of a card and after that I want to check if the block was correctly written. So, I'm sending a READ BINARY command and comparing the values.

(C - Command, R - Response)

C : FF820060067B296F123456
R : 9000
C : FFD600010401000080
R : 9000
C : FF820060067B296F123456
R : 9000
C : FFB0000104
R : 6C10

I was expecting to get 01000080. Can you help me please?

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Deimos Studios
  • 21
  • 2

2 Answers2

1

The response that you get for the READ BINRARY APDU is quite clear. The status word 6Cxx indicates that you shoud reissue the last command APDU using xx as the Le value. Hence you should reissue the APDU as

FFB0000110

Since you did not reveal what type of contact or contactless storage card you are accessing through these commands, I can only guess that you are accessing a NFC Forum Type 2 tag (MIFARE Ultralight, NTAG, or similar). With these tags, each page has 4 bytes and you can write each page separately. Hence, the write command accepts exactly 4 bytes. However, the read command for that technology always reads a group of 4 pages which means that you always read 16 bytes.

Also note that the LOAD KEYS command that you send before every other command does not really make much sense. First of all, the LOAD KEYS command only loads the keys into the reader memory for later use in an AUTHENTICATE (or rater GENERAL AUTHENTICATE) command, which you obviously never use after loading the keys. Second, you are always loading the same key again, which is completely unnecessary. And third, if the tag is actually a MIFARE Ultralight or NTAG, there is no such tag with a 6 byte key value.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • Thanks for your explanations Michael. So, how should I proceed to verify if the data was written correctly? In my case, I'm sending FFD600010401000080 and after that I want to read that data back from the smartcard and compare with the data defined in the previous read command. – Deimos Studios Jan 26 '16 at 17:28
  • @DeimosStudios I'm not sure I understand what you problem is. Since you can only read 4 blocks at a time, you could either read after every write command and drop those additional 3 blocks that you receive (i.e. compare only the first 4 bytes of the received data) or you could perform a read operation only after writing every 4th block and compare the 16 received bytes with those written with the last 4 write operations. – Michael Roland Jan 26 '16 at 19:28
  • The response to the **UPDATE BINARY** command (`FF D6...`) is `90 00`, which means the command executed successfully. So does this not guarantee that all the data was successfully updated? – ban-geoengineering Aug 25 '18 at 07:49
0

Try to send FFB000010104

CLA = FF INS = B0 P1 = 00 P2 = 01 LC = 01 DATA = 04

Pedro Durek
  • 303
  • 4
  • 18
  • Yes. I wanna write and then read and compare. That works in the other commands but in that one. For example: FF82006106615889081234 9000 FFD6001410120000000000000000F029A9300000C0 9000 FF82006106615889081234 9000 FFB0001410 120000000000000000F029A9300000C09000 – Deimos Studios Jan 21 '16 at 17:45
  • Well there's something wrong with your command, more specifically in 'FFB0000104' command, when the card return 6C10 it means you passed wrong length. – Pedro Durek Jan 21 '16 at 17:53
  • You're right Pedro and that's my point! I'm writing FFD6 0001 04 [01 00 00 80] and I wanna check if that was written correctly, so, I'm reading FFB0 0001 [04] and expecting to get [01 00 00 80]. I don't get it. – Deimos Studios Jan 21 '16 at 18:03
  • CLA = D6 - Update binary command, INS = 00, P1 = 01, P2 = 04, LC = 01, DATA = 0000, LE = 80, so you are trying to write 0000, right? – Pedro Durek Jan 21 '16 at 18:22
  • Actually CLA = FF, INS = D6, P1 = 00, P2 = 01, LC = 04 and data 01000080. – Deimos Studios Jan 21 '16 at 18:31
  • Try to send FFB000010104 – Pedro Durek Jan 21 '16 at 18:37
  • FFB000010104 6C10 :( Actually that command is built dinamically based on the previous write command, since I wanna check if the bytes were written correctly. A just don't undertand why I can't read the bytes I've just written. – Deimos Studios Jan 21 '16 at 19:12
  • Well, didn't work. I get those command from another system, I can't just change them. Thanks anyway for your help Pedro! – Deimos Studios Jan 22 '16 at 11:21
  • A few years ago I worked with cards like Intelcav, Morpho... And I can tell you that each card has a specific behaviour, some cards you have to send different parameters of others, I never needed to send read and white binary command, but I had to create a structure to generate signature, PIN validation, change PIN, unlock PIN, etc. If you need some other help, just ask =) – Pedro Durek Jan 22 '16 at 13:13