Closed ah01 closed 3 years ago
Thanks for the report. Please note that desire is a work in progress and we are working though it atm. I note that you use the default key of all 00's and have authenticated with ISO 3Des.
While my response is not the long term answer, it may help isolate a little. Can you try to authenticate with standard des and see if you get the correct UID.
hf mfdes auth -m 1 -t 1 -a 000000 -n 0
Thanks
There is no difference:
[usb] pm3 --> hf mfdes auth -m 1 -t 1 -a 000000 -n 0
[+] Key : 00 00 00 00 00 00 00 00
[+] SESSION : 94 B3 9F 54 35 C4 B6 68
[=] -------------------------------------------------------------
[=] -------------------------------------------------------------
[usb] pm3 --> hf mfdes getuid
[+] UID: E3 6E A8 C2 0E E9 FC 60 AF 25 41 E4 16 2C D6 DB
Thanks for running the test. I have tracked down part of it and think its mostly working (in my test code) for native Single des. i.e. in my test code it gives the same UID as my omnikey reader. So will keep working on it.
This should now be working in the latest master.
Please test and confirm if its working as you expect.
It works perfectly. Tested with DESFire EV1 and EV2 with both defaults DES and 3DES keys.
Great work 👍
Description
I have Mifare DESFire EV1 and EV2 with enabled random UID (otherwise in default state including default keys). When I authenticate with default key (succesfully) and try to call
hf mfdes getuid
I will get 16 bytes of data as UID that are definitely not UID of the card (at least not in readable form).I do not posses datasheet for DESFire but at least I compare PM3 implementation and libfreefare (source) implementation. It looks like PM3 return direct response of PICC, but the data are actually enciphered.
Log
Example of info of EV1 (EV2 behaves same):
Authenticate with default key:
Get UID:
Expected result
UID of this card is
04 0F 46 5A D5 62 80
(read by Elatec TWN4 USB reader).