NFC communication - Mifare DESFire EV1 - AES

Question

I'm using a HID Omnikey 5321 reader to communicate with a Mifare DESFire EV1 tag. I want to write 16 bytes in a standard data file. I'm using the WinSCard DLL (C++) to wrap Native DESFire command in ISO 7816 APDU message structure. The application selection and authentication are successfully done but I have problem with the Write Data command. The file's communication settings are set to AES, fully enciphered.

File Nb         : 00
Offset          : 00 00 00
Length          : 10 00 00 (LSB first)
Data (16 bytes) : 23 00 00 00 00 00 00 08 12 34 56 78 00 00 00 00

I calculate the CRC from the Native command :

Native command : 3D (File Nb) (Offset) (Length) (Data)
CRC = 7B 8A 60 0F 

Then I encipher with the session key and an IV set to 00 :

32 bytes data to encipher : (Data) (CRC) 80 00 00 00 00 00 00 00 00 00 00 00

APDU sended :

90 3D 00 00 27 00 00 00 00 10 00 00 (32 bytes enciphered data) 00

In response I get a " 1E " status code which means CRC or padding error. I don't know where is the problem, the AES encryption algorithm seems to be good because I manage to read data.

It may be the CRC or the IV. Do I have to XOR data with CMAC ?

Answer 1

The CRC you are using is wrong. For the command you show in your question, the CRC over command + header + data should be 30 D2 07 00.

Moreover, be careful about the way you have to do the padding. The DESFire EV1 datasheet is ambiguous on that. While the section on AES encryption suggests that CMAC padding should always be used together with AES, the section on padding states that commands with known data length should be padded with all zeros, while commands with unknown data length should be padded with 0x80 followed by zeros. Finally the documentation on the write command explicitly states that the write command should be padded with all zeros for encryption (and that's what you are supposed to do).