0

I want to Load Authentication Key into my ACR1252 reader (probably similar to ACR122 reader), but it fails with response code 63 00.

I'm trying to do this for ISO/IEC 14443 cards (specifically Dutch ePassports). First I send the commands:

  1. Select Application: 00 04 04 0C 07 A0 00 00 02 47 10 01 with response 90 00
  2. Get Challenge: 00 84 00 00 08 with response [ramdom 8 bytes] 90 00
  3. Load Key: FF 82 00 00 06 FF FF FF FF FF FF with response 63 00 (Operation Failed)

Eventually the length of the key will be 40 bytes in stead of 6, but this is just for testing purposes (the 40 byte key also gives 63 00).

I also tried:

FF 82 00 00 06 A0 A1 A2 A3 A4 A5
FF 82 20 00 06 FF FF FF FF FF FF
FF 82 20 01 06 FF FF FF FF FF FF

No success, does anyone has any idea? I also stumbled upon this Stackoverflow thread: ACR1222L FF 82 Load Authentication Keys fails with 63 00 Operation Failed which could be similar to my case. Anyone has any experience/success with changing the Security Level?

If there are other ideas on how to fix this, maybe I'm missing some crucial steps or something, please let me know! Thanks!

Martin Zeitler
  • 1
  • 19
  • 155
  • 216
user3050534
  • 227
  • 4
  • 17

1 Answers1

1

I think in this post there is a mix of multiple topics; I do not know if I'll be able to give you the right solution, but at least I'll give you some clues.

  • Security Level: This topic concerns only MIFARE Plus Cards which is a NXP propietary card technology (based on ISO14443 protocol) and is not related with your problem.

  • Regarding the commands you send:

    1. "Select Application": you are selecting the application with AID: A0 00 00 02 47 10 01 and you get OK "90 00". After this command all the commands you send will be sent to the targeted application. (Read File, Write File... ) Depending on the application file rights you'll be able to write/read them or you'll need a previous authentication to do so.

    2. "Get Challenge": This command is sent when you start the authentication with the targeted application using the 3-Pass muthual Authentication, after this command you should continue with the authentication as described in ISO7816 protocol (if you know the application keys), but instead of continue with the authentication you send a "Load Key" which seems to be the command to store MIFARE keys on the reader.

    3. "Load Key" This command format seems to be a command which is normally sent to the ISO14443 readers (normally PC/SC readers) in order to store Mifare Classic keys in the reader memory. I do not think this command has nothing to do with your expectations. You'll only need it if there is a MIFARE Card in "Dutch ePassports" and you need to read it.

I hope it helps.

RogerR
  • 301
  • 1
  • 5
  • Thank you so much RogerR. You are right about the Load Key, actually the `82` command should be EXTERNAL_AUTHENTICATE, but then I get `67 00 (WRONG LENGHT)` as response. Will try a bit further. – user3050534 May 03 '17 at 14:56
  • Now I send the command `00 82 00 00 28 [40 bytes] 28` and it returns `[8 bytes] 90 00`.. I think it's a step closer in the right direction, but I specifically say that I expect 40 bytes as response (due to the last `28`, but it gives me only 8... any idea? Edit: When I remove the last `28` it gives me `67 00 (Wrong Length)`, which I find also weird. I'm sure that there are 40 bytes. – user3050534 May 04 '17 at 08:27
  • I haven't got a deep knowledge regarding the ePassport specification but I can explain in general what is defined in 7816-4 protocol which defines at the end the ISO compliant contactless smartcard procedures. 1. 7816-4 authentication uses the 3-Pass Mutual Authentication,. 2. The length of the authentication commands depends on the encryption algoritms. (e.g) If the key is a DES/3DES key, then: * Get Challenge--> * <--8 byte * Ext. Auth (16 byte)--> * <--8 byte data The length of the commands for 3 pass Muthual authentication is directly related with the encryption algorithm. – RogerR May 04 '17 at 11:44
  • Thank you very much. It appeared that my function to return the response had a small error so it wouldn't return more than 10 bytes... fixed now and I get 42 byte response. Thanks for helping me understand what was going on! I accept your answer. – user3050534 May 04 '17 at 12:03