ChameleonMini
ChameleonMini copied to clipboard
emsec
DESFire: Unable to auth to apps unless authed to the PICC master app first
When running the DESFire config, I'm not able to authenticate to any app (except the PICC master app) unless I authenticate to the PICC master app first. Therefore, a card can be set up without any problems, but when the authentication state is reset, access to all apps (except the master one) is lost, even if the reader authenticates with the correct key for that particular app.
Example output from pm3 of what does not work (auth to a previously created application):
[usb] pm3 --> hf gallagher reader --apdu
[+] Setting ISODEP -> inactive
[+] Setting ISODEP -> inactive
[+] >>>> 90 5A 00 00 03 F4 81 2F 00
[+] Setting ISODEP -> inactive
[+] Setting ISODEP -> NFC-A
[+] <<<< 91 00
[+] >>>> 90 BD 00 00 07 00 00 00 00 24 00 00 00
[+] <<<< 02 03 F8 20 81 F4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 91 00
[+] Setting ISODEP -> inactive
[+] >>>> 90 5A 00 00 03 F4 81 20 00
[+] Setting ISODEP -> inactive
[+] Setting ISODEP -> NFC-A
[+] <<<< 91 00
[+] >>>> 90 AA 00 00 01 00 00
[+] <<<< 91 9D
[!!] 🚨 APDU(90aa) ERROR: [0x919D] Not allow the requested command
[!!] 🚨 Desfire authenticate error. Result: [1] Sending auth command failed
[!!] 🚨 Failed selecting/authenticating to AID 2081F4
[!!] 🚨 Failed reading card application credentials
This could potentially be fixed by removing the following lines from DESFire Instructions.c (around line 2014, in function DesfireCmdAuthenticateAES1 ):
if (!Authenticated && !AuthenticatedWithPICCMasterKey && SelectedApp.Slot != DESFIRE_PICC_APP_SLOT) {
Buffer[0] = STATUS_PERMISSION_DENIED;
return DESFIRE_STATUS_RESPONSE_SIZE;
}
Is this the correct approach? According to my testing, everything works as expected after commenting out these lines. Does anyone have an opinion on this? I can submit a PR if necessary.
