i'm new to Mifare Desfire Cards. My goal is to create a file with data in this Mifare Card. First, i'm just having troubles with authentification process :
1. I sent the command 0x0A | 0x00 to the PICC and the PICC returned a frame with : 0xAF | 8 bytes word (probably random encyphered number B) but after this, I dont understand what I am supposed to do with encryption mecanisms..., what is the next step ? I mean what is the next command I have to send ?
MIFARE DESFire EV1 uses 3-pass mutual authentication protocol for the authentication.
You can refer this for reference.
If you don't wanna smash your head and don't want to get into low level implementation, NXP already provides an Open API TapLinx, which you can simply integrate in your project and make use of all the features just by invoking APIs
eg: desfireObject.authenticate(key);
Related
I'm trying to read data from a "MIFARE Classic 4K - emulated (6212 Classic), Nokia" card with an ACS ACR122U reader.
The sector I need to read is number 18, the Key A is A0A1A2A3A4A5 (I can read it with my smartphone).
Nonetheless, I cannot load the key to the reader nor authenticate.
I managed to get the UID, the reader and the ATR. But I'm mysing something when I try to read a sector.
Edit: I managed to read another card with the same code (but another key). With that card I receive 90 00 with the right key, and 63 00 with a wrong one. But with this card... nothing.
Edit 2:
As far as I have read, it may be a problem with automatic protocol activation. How can I set the layer to read MIFARE Classic memory area?
I'm new to DTLS and trying to implement a DTLS server application using a third party library.
The BIO_read() function which we are using attempts to read as many bytes as requested and doesn’t return one datagram message per read.
For example :
ret = BIO_read(ssl, buffer, 2048);
Here it tries to read the available data upto 2048 bytes and doesn't work per packet basis.
Currently the problem is we don't have any data/field in the application data to calculate the packet size received. So it will be difficult for us to split the messages at application layer if read() returns a DTLS record which contains multiple packets.
Do we have any option which can be set on BIO object/Connection handle which force BIO_read() to return only one message/packet at a time in any standard libraries like openssl, etc.. ?
So that We will ask our library team to provide same kind of support to us?
Thanks.
I am currently trying to write some test scripts to get a bluetooth device fcc certified. I have been following these two sites http://processors.wiki.ti.com/index.php/CC256x_VS_HCI_Commands,
http://processors.wiki.ti.com/index.php/WL18xx_Bluedroid_Bluetooth_RF_Testing. I've been using the later to convert commands from the former into tests that the bluedroid test tool will recognize. I have had success for the most part, but I need away to turn on BLE advertising mode and cannot find a way to do it. The bluetooth chip I am using is a Pan13xx from Panasonic. If anyone could point me in the right direction that would be amazing.
Thanks in advance.
I haven't tried this, but according to the Bluetooth 4.2 spec (Vol 2, Part E, 7.8.9 Page 1284):
HCI_LE_Set_Advertise_Enable is the command for starting/stopping advertising.
It takes an Advertising_Enable parameter which is defined as:
0x00: Advertising is disabled (default)
0x01: Advertising is enabled.
0x02 – 0xFF: Reserved for future use Value
and returns Status which is defined as:
0x00: LE_Set_Advertise_Enable command succeeded
0x01 – 0xFF: LE_Set_Advertise_Enable command failed
I've an embedded device (E) with limited code size. It communicates with host processor (H) using UART (USB, serial, ..). I need to implement an easy authentication of the host processor to unlock function is my embedded device.
The important issue is that USB/serial/UART can be sniffed, so the channel is not secure.
The usage should be the following:
during manufacturing we generate a pair of keys Ke and Kh.
E stores Ke
E generates N random bytes R, encrypts R into secret S with key Ke and sends to H
H should enrypt S using Kh to reveal R
H sends R to E and E unlocks some functionality
So,
S = u(R, Ke)
R = v(S, Kh)
Where u() and v() are some crypto function (it might be that u = v, but u MUST be easy to implement in embedded device taking samll code space).
It should be even better to find an alog that allows to have many Kh for same Ke to give them to different users. But this is optional.
As mentioned above, the channel is not secure, so we do not want an evil sitting on the USB (with an USB sniffer) to reveal Ke or Kh (or the way to generate R from S) just from R and S.
So, XOR will not work ;)
Please propose something
Can your device give the processor some nonce and verify answer as encrypted nonce using some lightweight encryption algorithm (e.g. RC5) ? This can also help you to establish a secure channel between your device and a processor. For example, answer can be RC5_CBC( CONCAT(key_for_secure_channel, nonce) ). Note: nonce must be written at the end, so new key integrity will be verified by them.
You could have a look at CHAP, one of the authentication protocols supported by PPP.
Check out Wikipedia's page about CHAP.
How many times do you need to do this and are K_h and K_e unique per pair? The simplest way to do this would be to generate a random, pre-shared secret on both the device and the host (during manufacturing) and then use this as a one-time pad.
The basic idea of a one-time pad is the you take your message and XOR is with a secret. As long as your secret is as long as your message and you only do this once, then you're fine. Someone sniffing on your channel shouldn't be able to figure out what the message is because they also don't know what the secret is. Of course, when you send the decrypted reply, someone sniffing on the channel will be able to decrypt everything.
I'd like to start coding against an ELM327 based automotive OBD-II Bluetooth adapter in iOS/Objective-C. Is there a guide/primer on how to get started?
I would imagine the ELM327 adapter is a serial device... I can probably figure out how to establish a Bluetooth connection with the phone, but I haven't any idea where to start with sending/receiving OBD-II messages to/from it.
Is there a pre-existing API for this device?
If you need some OBDKey specific commands let me know. As an example, to access the RPM data, issue the following commands
ATZ\r
ATSP0\r
0100\r
010C\r
These instructions will initialise the OBDKey interface, set the protocol search on to automatic, initialise communcations with the engine managment ECU and send the mode 1 PID 0C command to request engine speed (RPM) data. The value returned in response to the 010C command is actually four time the real engine speed value.
Using sockets and streams in iOS / Objective-C is the best way to set up communications to the OBDKey WLAN (the default IP address is 192.168.0.74, port 23).
The elm327 odb2 device uses AT and ODB commands.
The AT commands are the same as you use on modems, they always start with AT.
When the devices initializes it sends
ELM327 v2.1
>
If you send
ATZ
this will reset device and it will issue "ELM327 v2.1" and > prompt again.
AT commands are used to manage the elm327 device.
ODB commands are in asci hex such as the above example
01 0c
to get the rpm or
01 05
to get coolant temp
At http://www.elmelectronics.com/obdic.html there are data sheet pdf files with more details.
Also you can search ituns for "elm327" and get 2 free books on the subject.
I'm just starting the same project for my generic elm327 wifi device so I dont have any details yet.
I will add comments as soon as I learn anything useful.