search

dev-zzo / ChameleonMini

The ChameleonMini is a versatile contactless smartcard emulator compliant to NFC. For further information see the Getting Started Page or the GitHub-Wiki-Tab above.
https://rawgit.com/emsec/ChameleonMini/master/Doc/Doxygen/html/Page_GettingStarted.html
Other
14 stars 1 forks source link

PICC master key changing to AES #26

Open dev-zzo opened 6 years ago

dev-zzo commented 6 years ago

If I understand correctly, EV1/EV2 PICCs ship with the master key being all zeros and 2KTDEA used. The exact mechanism to switch to AES is not publicly documented, it seems, only in an NDA-ridden app note. Without that, our emulation will be confined to 2KTDEA master keys only.

Maxhy commented 6 years ago

Not much time as expected sorry. But still following the project with interest and wanna help. Let me help with information instead of code for now :smile:.

I believe you're just missing the key version here, you should add key version (as it is not part of the key value with AES and it is with DES) at the end of your key buffer before encryption.

dev-zzo commented 6 years ago

@Maxhy Information is what actually needed right now, with all the NDAs and whatnot.

Regarding your description, I am not sure I understand how the key version helps and how it should be handled by the card. Are there any examples of e.g. PDU exchange you could provide that would shine some more light?

Maxhy commented 6 years ago

Sorry I write too quickly. Key version has to be added to any AES key. For PICC Master key, the key type is xored on the keyno byte.

lvandenb commented 4 years ago

For Picc change keyno 0x80, and aeskey is 16+1 (key version) bytes