13.10.2020 // DESFire Protokoll
Müssen wir uns mal anschauen, da die das können, was wir wollen
Links
-
DESFire Commands sind nur unter NDA verfügbar.
-
Easypay DESFire Lib - sehr brauchbar
Bytes
APDU Commands
- SELECT = 00 a4 04 00 07 d2 76 00 00 85 01 00 00
- VERSION = 90 60 00 00 00
- CONTINUE = 90 AF 00 00 00
APDU Responses
APDU responses will first contain the data followed by two status bytes.
- FRAME_CONTINUE = 91 AF
- OPERATION_OK = 91 00
- OK = 90 00
- INIT = ??
- VERSION 1 = 04 01 01 01 00 1a 05
- VERSION 2 = 04 01 01 01 03 1a 05
- VERSIOn 3 = 04 91 3a 29 93 26 80 00 00 00 00 00 39 08
Instructions DESFire (used inside ADPU)
CLA = 0x90 APDU Sturuktur -> ISO/IEC 7816-4 Befehle -> DESFire
- 0x0A = AUTHENTICATE
- 0x1A = AUTHENTICATE_ISO
- 0xAA = AUTHENTICATE_AES
- 0x71 = AUTHENTICATE_EV2_FIRST (EV2 only)
- 0x77 = AUTHENTICATE_EV2_NONFIRST (EV2 only)
- 0x54 = CHANGE_KEY_SETTINGS
- 0x5C = SET_CONFIGURATION
- 0xC4 = CHANGE_KEY
- 0x?? = CHANGE_KEY_EV2 (EV2 only)
- 0x?? = INITIALIZE_KEY_SET (EV2 only)
- 0x?? = FINALIZE_KEY_SET (EV2 only)
- 0x?? = ROLL_KEY_SET (EV2 only)
- 0x64 = GET_KEY_VERSION
- 0xCA = CREATE_APPLICATION
- 0x?? = CREATE_DELIGATE_APPLICATION (EV2 only)
- 0xDA = DELETE_APPLICATION
- 0x6A = GET_APPLICATION_IDS
- 0x6E = FREE_MEMORY
- 0x6D = GET_DF_NAMES
- 0x?? = GET_DELIGATE_INFO (EV2 only)
- 0x45 = GET_KEY_SETTINGS
- 0x5A = SELECT_APPLICATION
- 0xFC = FORMAT_PICC
- 0x60 = GET_VERSION
- 0x51 = GET_CARD_UID
- 0x6F = GET_FILE_IDS
- 0xF5 = GET_FILE_SETTINGS
- 0x5F = CHANGE_FILE_SETTINGS
- 0xCD = CREATE_STDDATAFILE
- 0xCB = CREATE_BACKUPDATAFILE
- 0xCC = CREATE_VALUE_FILE
- 0xC1 = CREATE_LINEAR_RECORD_FILE
- 0xC0 = CREATE_CYCLIC_RECORD_FILE
- 0x?? = CREATE_TRANSACTION_MAC_FILE (EV2 only)
- 0xDF = DELETE_FILE
- 0x61 = GET_ISO_FILE_IDS
- 0xBD = READ_DATA (manchmal auch als 0x8D beschrieben)
- 0x3D = WRITE_DATA
- 0x6C = GET_VALUE
- 0x0C = CREDIT
- 0xDC = DEBIT
- 0x1C = LIMITED_CREDIT
- 0x3B = WRITE_RECORD
- 0xBB = READ_RECORDS
- 0xEB = CLEAR_RECORD_FILE
- 0x?? = UPDATE_RECORD_FILE
- 0xC7 = COMMIT_TRANSACTION
- 0xA7 = ABORT_TRANSACTION
- 0xAF = CONTINUE
- 0x?? = COMMIT_READER_ID (EV2 only)
Instructions ISO/IEC 7816-4 (nativ, aber von DESFire unterstützt)
CLA = 0x00 APDU Sturuktur -> ISO/IEC 7816-4 Befehle -> ISO/IEC 7816-4
- 0xA4 = SELECT FILE
- 0xB0 = READ BINARY
- 0xD6 = UPDATE BINARY
- 0xB2 = READ RECORDS
- 0xE2 = APPEND RECORD
- 0x84 = GET CHALLENGE
- 0x88 = INTERNAL AUTHENTICATE
- 0x82 = EXTERNAL AUTHENTICATE
Instruction ISO 14443-3
Status Codes
from https://github.com/JavaCardOS/pyResMan/blob/master/pyResMan/DESFireEx.py#L54 which, has it from https://github.com/jekkos/android-hce-desfire/blob/master/hceappletdesfire/src/main/java/net/jpeelaer/hce/desfire/DesfireStatusWord.java
- 0x00 = OPERATION_OK Successful operation
- 0x0C = NO_CHANGES No changes done to backup files, CommitTransaction / AbortTransaction not necessary
- 0x0E = OUT_OF_EEPROM_ERROR Insufficient NV-Memory to complete command
- 0x1C = ILLEGAL_COMMAND_CODE Command code not supported
- 0x1E = INTEGRITY_ERROR CRC or MAC does not match data Padding bytes not valid
- 0x40 = NO_SUCH_KEY Invalid key number specified
- 0x7E = LENGTH_ERROR Length of command string invalid
- 0x9D = PERMISSION_DENIED Current configuration / status does not allow the requested command
- 0x9E = PARAMETER_ERROR Value of the parameter(s) invalid
- 0xA0 = APPLICATION_NOT_FOUND Requested AID not present on PICC
- 0xA1 = APPL_INTEGRITY_ERROR Unrecoverable error within application, application will be disabled
- 0xAE = AUTHENTICATION_ERROR Current authentication status does not allow the requested command
- 0xAF = ADDITIONAL_FRAME Additional data frame is expected to be sent
- 0xBE = BOUNDARY_ERROR Attempt to read/write data from/to beyond the file's/record's limits. Attempt to exceed the limits of a value file.
- 0xC1 = PICC_INTEGRITY_ERROR Unrecoverable error within PICC, PICC will be disabled
- 0xCA = COMMAND_ABORTED Previous Command was not fully completed Not all Frames were requested or provided by the PCD
- 0xCD = PICC_DISABLED_ERROR PICC was disabled by an unrecoverable error
- 0xCE = COUNT_ERROR Number of Applications limited to 28, no additional CreateApplication possible
- 0xDE = DUPLICATE_ERROR Creation of file/application failed because file/application with same number already exists
- 0xEE = EEPROM_ERROR Could not complete NV-write operation due to loss of power, internal backup/rollback mechanism activated
- 0xF0 = FILE_NOT_FOUND Specified file number does not exist
- 0xF1 = FILE_INTEGRITY_ERROR Unrecoverable error within file, file will be disabled
Files
Not shure yet what these constants do.
crypto operations
- TDES = 00
- TKTDES = 40
- AES = 80
File types
- STANDARD_DATA_FILE = 00
- BACKUP_DATA_FILE = 01
- VALUE_FILE = 02
- LINEAR_RECORD_FILE = 03
- CYCLIC_RECORD_FILE = 04
Transmission modes
- PLAIN_COMMUNICATION = 00
- PLAIN_COMMUNICATION_MAC = 01
- FULLY_ENCRYPTED = 02
Getestet Reader und Treiber
ACS ACR122U-A9 | Microsoft Usbccid-Smartcard-Leser (WUDF) | Windows 10
1 Comment
Quelle: https://hackmd.io/cZ85bdehQfq0kyvJKb73jA