1

I have just recently jumped into smartcard programming.

I am using Gemalto Prox-SU reader and have several blank MIFARE Classic 1k cards available, on a Ubuntu 16.04 machine. I have installed the Gemalto Prox-SU reader and got the reader to detect a card through a script in python using Ludovic Russeau's pyscard.

I have managed to write a script which sends APDUs to the reader/card connection. I can read ATR, send GetData command to read card's serial number and have been trying to send several APDUs to the card to try and read the card memory blocks. Aside from LoadKey commands, however, everything else is returning "0x6982: security status not satisfied"

I know I am supposed to send a General Authentication command before every read and write, as stated in the manual, but even General Authenticate command is returning "security status not satisfied". From what I have been reading this should be really simple. What am I missing? How to set up my script so that authentication succeeds and I can read data from the memory blocks?

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Guga Figueiredo
  • 292
  • 4
  • 18

1 Answers1

1

The typical flow for reading MIFARE Classic 1K cards with the Prox-SU reader (see the manual) is:

  1. Load an authentication key. For instance, if your card is readable using key A with the default value ("transport key") FF FF FF FF FF FF, you would use the following LOAD KEY command:

    FF 82 00 50 06 FFFFFFFFFFFF
      ^^ ^^    ^^^^^^^^^^^^
       |  |               \-- Key
       |  |
       |  \------------------ Key slot 80 (0x50)
       |
       \--------------------- Key in RAM (0x00)

    This stores the key FF FF FF FF FF FF into the first key slot (0x50) in volatile memory (RAM) of the reader.

  2. Authenticate to a sector using the GENERAL AUTHENTICATE command. Eventhough you authenticate to the whole sector you need to address the sector by a block number (typically the first block of the sector):

    FF 86 00 00 05 01 0004 60 50
                  ^^^^ ^^ ^^
                     |  |  \-- Key slot 80 (0x50)
                     |  |
                     |  \----- Key type (0x60 = Key A, 0x61 = Key B)
                     |
                     \-------- Block number (block 4)

  3. Finally, you can read a block using the READ BINARY command:

    FF B0 0004 10
      ^^^^
         \-------- Block number (block 4)

If you receive a status code 69 82 during GENERAL AUTHENTICATE, this most likely indicates that you try to authenticate with an incorrect key.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • You said "if your card is readable using key A with the default value ("transport key") FF FF FF FF FF FF, you would use the following LOAD KEY command". This has worked and, as far as my original question is concearned, this has solved mt troubles. However, that If there is a new trouble. How would I know if the card is readable with keyA alone? Is this something I can set later on? – Guga Figueiredo Sep 13 '16 at 18:58
  • @GugaFigueiredo Each sector has two keys (key A and key B). The blocks within each sector can be configured to be readable and/or writable by either key A or key B. The keys and the bits that configure the access conditions are stored in the last block of each sector (the "sector trailer"). The sector trailer is accessible just like any other block (with the exception that the value of the keys is masked out from the data returned during a read command). – Michael Roland Sep 13 '16 at 21:06