There are lots of questions about Desfire EV1 cards here on Stackoverflow. But if you search for some example data the only place where you will find a few bytes is in Ridrix Blog. But this is quite incomplete.
A lot of people wrote their problems there while developing code for Desfire cards. But mostly when they solved their problem they were too lazy to post the solution. So you find many questions but very few answers with data examples.
Even if you have the Desfire EV1 documentation (I dont have it, I studied easypay code), you will need more than that. A documentation is only theory. But what is the reason that your card returns an Authentication Error or an Integrity Error or an unexpected CMAC?
- Is the Session key OK ?
- Is CBC working in the correct mode ?
- Is the CMAC calculated correctly ?
- Is the CRC32 correct ?
- Is the IV of the session key correct before / after a function call ?
Without examples you are completely lost.
After spending several weeks with Desfire EV1 development I decided to post some examples for all those who need input data to feed their complex cryprographic functions and compare the output with the expected data. I know that this is EXTREMELY helpfull.
Here you find some Debug output from the most important Desfire EV1 operations. Currently you cannot find this information in internet. If I would have had these examples I would have saved a LOT of time developing my code.
Pitfalls for ISO and AES authenticated sessions
In ISO and AES mode EVERY encryption/decryption goes through CBC. The IV of the session key is reset to zero only ONCE when the key is created after authentication. The IV of the authentication key is reset only ONCE when authentication starts.
During authentication:
The CMAC is a copy of the IV of the session key. The CMAC must mostly be calculated for data sent to the card and for data returned from the card. But all commands that do a CBC encryption (e.g. ChangeKeySettings) differ from that scheme. Commands that send/receive multiple frames (e.g. GetApplicationIDs) must calculate the CMAC over the data of all frames that have been sent/received (not including the 0xAF status byte). For TX data the CMAC is calculated over the command byte + all parameter bytes. For RX data the CMAC is calculated over all response bytes + the last status byte (always 00 = Success) that must be appended at the end!
The authentication is invalidated:
In these cases the session key is no longer valid and so a CMAC must not be calculated.
The CRC32 of the new key is calculated only over the key data itself. The CRC32 of the cryptogram is calculated over command, key number and the not yet encrypted cryptogram.
The following debug output has been generated by my code running in a Teensy 3.2 with a PN532 board from Adafruit. For further details see my source code. The source code has been written for Arduino/Teensy, but it has been designed multiplatform so that it requires only changing a few lines to compile it on Visual Studio, Linux or other platforms.
In the following examples all keys have key version 0x10.
ISO Authentication with 2K3DES default key #0
Change 2K3DES default key #0
Change 2K3DES default key #1
ISO Authentication with 3K3DES default key #0
Change 3K3DES default key #0
Change 3K3DES default key #1
AES Authentication with AES default key #0
Change AES default key #0
Change AES default key #1
CMAC Calculation for AES 128
From: NIST
If you need more examples (also for CreateApplication, SelectApplication, DeleteApplication, GetApplicationIDs, GetKeyVersion, GetKeySettings, ChangeKeySettings, GetCardVersion, FormatCard, CreateStdDataFile, GetFileIDs, GetFileSettings, WriteFileData, ReadFileData, DeleteFile) download the ZIP file on Codeproject where you find a HTML file with the entire selftest that tests all these commands.