Closed osysltd closed 7 years ago
Hey there. The authentication scheme in use is basically like this:
Currently, trying to crack this scheme only by the known plain text attack is equivalent to brute force search for the AES-128 key given the correct plaintext-ciphertext pair and as such is not feasible, even without CBC. Depending on the reader, you will have a better chance attacking the reader device itself. Let me know if you'd like to discuss that option off the list. :-)
Sorry if I didn't get you or DesFire authentication mechanism correctly, but aren't we able to get the key by which reader is trying to authenticate?
Explain your idea! :-)
No, to my knowledge keys are never sent during normal usage. Only when creating / changing card and applications
From: Osys [mailto:notifications@github.com] Sent: woensdag 26 april 2017 15:14 To: dev-zzo/ChameleonMini Cc: Subscribed Subject: Re: [dev-zzo/ChameleonMini] Get DesFire keys (#17)
Sorry if I didn't get you or DesFire authentication mechanism correctly, but aren't we able to get the key by which reader is trying to authenticate?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/dev-zzo/ChameleonMini/issues/17#issuecomment-297403464, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AC8E_gb3KE3EuP-DuxAe22K0TRhi5paJks5rz0MmgaJpZM4NIv54.
SCK•CEN Disclaimer: http://www.sckcen.be/en/e-mail_disclaimer
Please could you can share some specific document describing this? All I can find is a statement that reader tries to authenticate with key for PICC Application:
--> 0a 00
<-- af a2 be cd 03 d8 46 cb 33
--> af b0 cc bc ed 8f c8 38 c9 08 dc e2 4d 86 ca ec 3c
<-- 00 76 73 d9 49 71 3f f2 d1
"Philips Semiconductors. Product Specification Rev. 3.1 April 2004" I am sure you will figure it out. ;-)
Hi Dima!
Thank you very much for the development and efforts. What do you think, would it be possible to extract desfire authentication key from the reader authentication attempt (reader attack) emulating desfire card by the device?