NFC communication - Mifare DESFire EV1 - AES - Read Data

Asked Jun 07 '19 at 10:02

Active Jun 07 '19 at 15:39

Viewed 383 times

I'm trying to read data with a Mifare DESFire EV1 - AES. The authentication went well and I got a 0x00 + RNDAR that is matching the one on my side.

Now I need to read data with the 0xBD instruction but I keep having 16 random bytes as a response.

Questions :

What is supposed to be the IV at this point ? I mean, is it suppose to change after authentication ? and if yes, how should i calculate it?
How am I supposed to decrypt the bytes I receive ? with static keys I used for auth or with sessionKey ? I'm supposed to recover 8 bits that should be always the same. Any clue ?

edited Jun 07 '19 at 15:39

Ralf

asked Jun 07 '19 at 10:02

Sebastien Pautet

Hello. I am about to do the same thing. Just a side question, do you know what is the difference between `0xBD` versus `0x8D` ? The `0x8D` is described as `READ_DATA` in Desfirecard.java examples floating around. I tried to to use `8D`, but am getting `0x917E`. – daparic Feb 17 '20 at 19:52
Looks like you have a length error so data you sent are not the one expected. I don't know about the 0x8D command, I never tried, but maybe it involved more parameters to get a result. – Sebastien Pautet Feb 19 '20 at 08:32

0 Answers0