我一直在嘗試使用默認密鑰(00000000h)在上週的MIFARE DESFire EV1卡進行身份驗證無濟於事。我已按照this blog的指示致信。我實現Send mode CBC
和Receive mode CBC
這樣的:MIFARE DESFire EV1身份驗證問題
var
SendVector, ReceiveVector: UInt64;
procedure ResetVectors;
begin
SendVector := 0;
ReceiveVector := 0;
end;
procedure Encrypt(var Data: TBytes; Key: TBytes);
var
iData, iKey: UInt64;
i: Integer;
begin
if Length(Data) mod 8 > 0 then
SetLength(Data, Length(Data) + (8 - Length(Data) mod 8));
Move(Key[0], iKey, 8);
for i := 0 to (Length(Data) - 1) div 8 do
begin
Move(Data[i * 8], iData, 8);
EncryptInt64(iData, iKey);
Move(iData, Data[i * 8], 8);
end;
end;
procedure EncryptInt64(var Data, Key: Int64);
begin
Data := Data xor SendVector;
DESEncrypt(@Data, @Key);
SendVector := Data;
end;
procedure Decrypt(var Data: TBytes; Key: TBytes);
var
iData, iKey: UInt64;
i: Integer;
begin
Move(Key[0], iKey, 8);
for i := 0 to (Length(Data) - 1) div 8 do
begin
Move(Data[i * 8], iData, 8);
DecryptInt64(iData, iKey);
Move(iData, Data[i * 8], 8);
end;
end;
procedure DecryptInt64(var Data, Key: Int64);
var
Tmp: UInt64;
begin
Tmp := ReceiveVector;
ReceiveVector := Data;
DESDecrypt(@Data, @Key);
Data := Data xor Tmp;
end;
這是APDU的日誌命令我發送到卡,以及它們相應的對策:
-->90 6A 00 00 00 // List Applications
<--01 02 03
<--9100 (OK)
-->90 5A 00 00 03 00 00 00 00 // Select PICC
<--9100 (OK)
-->90 1A 00 00 01 00 00 // ISO Authenticate with master key (00000000h)
<--91AF
-->90 AF 00 00 00 // Retreive RndB
<--A4 4C 2B D1 EB 6F 64 0C
<--9100 (OK)
-->90 AF 00 00 10 0D 9F 27 9B A5 D8 72 60 25 DD 7A 19 63 0F 26 2D 00 // Send DES(RndA + RndB')
<--91AE (AUTHENTICATION_FAILURE)
這裏是我的Authenticate
方法的整個代碼:
procedure Authenticate;
var
Key, Data: TBytes;
s: string;
b: Byte;
RndA: UInt64;
i: Integer;
begin
ResetVectors;
Key := HexStringToBuffer('00 00 00 00 00 00 00 00');
s := '90 1A 00 00 01 00 00';
s := SendAPDU(s, False);
Data := HexStringToBuffer(s);
Decrypt(Data, Key);
b := Data[0];
for i := 0 to 6 do
Data[i] := Data[i + 1];
Data[7] := b;
RndA := 1; // not very wise
SetLength(Data, 16);
Move(Data[0], Data[8], 8);
Move(RndA, Data[0], 8);
Encrypt(Data, Key);
s := '90 AF 00 00 10 ' + BufferToHexString(Data) + ' 00';
SendAPDU(s, False);
end;
我失去了爲什麼卡正在拒絕我的認證嘗試。有什麼想法嗎?
下面是CBC的圖發送和接收CBC算法,每個的DESFire EV1製造商的說明:
您鏈接到的文章沒有這樣的代碼。你有任何工作代碼?例如一些C代碼的例子。長度(數據)mod 8看起來很奇怪。你確定?並且FillChar調用可以是:= –
@DavidHeffernan您對SetLength()和FillChar調用都是正確的。我修改了我的代碼來糾正它,但我仍然遇到問題。不幸的是,我無法在任何地方找到_working_代碼......只是在這裏和那裏代碼片段。這裏有一個鏈接:http://stackoverflow.com/questions/11385963/desfire-authentification-decipher –
也許[這篇文章](http://stackoverflow.com/a/14160507/800214)有幫助嗎? Iman,你正在使用什麼DES加密庫? – whosrdaddy