Mifare authentication

authentication smartcard rfid mifare
user2568508 picture user2568508 · Sep 16, 2013 · Viewed 14k times · Source

Say I want to authenticate to Mifare Classic.

How do I know the exact kind of APDU to send to the card?

Example.

This code:

bcla = 0xFF;
bins = 0x86;
bp1 =  0x0;
bp2 =  0x0; // currentBlock
len =  0x5;

sendBuffer[0] = bcla;
sendBuffer[1] = bins;
sendBuffer[2] = bp1;
sendBuffer[3] = bp2;
sendBuffer[4] = len;
sendBuffer[5] = 0x1;                // Version
sendBuffer[6] = 0x0;                // Address MSB
sendBuffer[7] = currentBlock;
if(keyradioButton->Checked==true)   // Address LSB
     sendBuffer[8] = 0x60;              // Key Type A
else if(keynumberradioButton->Checked ==true)
    sendBuffer[8] = 0x61;               // Key Type B
sendBuffer[9] = keynumber;          // Key Number

sendbufferlen = 0xA;
receivebufferlen = 255;

//Invoke the Transmit command
retval = SCardTransmit(hCard,  // A reference value returned from the SCardConnect function.
                                 &sioreq, 
                              sendBuffer,  // Send buffer
                           sendbufferlen,  // Send buffer length
                                 &rioreq, 
                           receiveBuffer,  // Receive butter
                      &receivebufferlen);  // Length of received buffer

is a sample program which tries to authenticate to Mifare Classic. My question is basically, how do I know what kind of APDU to send to the card? e.g., how do I know what should be in the sendBuffer?

Answer

Md. Sajedul Karim picture Md. Sajedul Karim · Jan 31, 2015

In Mifare Classic 1K tags There are 16 Sectors and each Sectors contains 4 Blocks and each block contains 16 bytes.

  1. Sector 0 contains Block (0,1,2,3)
  2. Sector 1 contains Block (4,5,6,7)
  3. Sector 2 contains Block (8,9,10,11)
  4. Sector 3 contains Block (12,13,14,15)....

Before Reading or writing from a block You must have to Authenticate its corresponding Sector using Key A or Key B of that sector. When Authentication is complete then you can read or write. using this command you can authenticate sector 0 using KEY A(60)

byte[] authenticationByte = new byte[10];  

authenticationByte = new byte[] { (byte) 0xFF, (byte) 0x86, (byte) 0x00,
 (byte) 0x00, (byte) 0x05, (byte) 0x00,(byte) 0x00, (byte) 0x04, 
                                    (byte) 0x60,(byte) 0x00 };

When Authentication is succes then you will get 90 00. That is Success message. Else response is 63 00 , that means authentication failed. When Authentication complete then you can read block (0,1,2,3) cause sector 0 contains 4 block and those are block (0,1,2,3).

For more details you can read this Answer. Sorry for bad English

Related questions

Browser is not prompting for a client certificate

Background: I am updating an internal application to a two-step authentication process. I want to add a client certificate authentication process (via a smart card) on top of a traditional username/password form. The application is written in C#, hosted …

Read More
Client Certificates and FireFox

I need some help to understand what is happening with my web application. I have a simple web app (c# .Net 2.0) that uses a smartcard authentication. In my testing box (win 2k3 32 bits, iis6) everything works fine but in my …

Read More
Website PKSC #11 smart card authentication and SSL client certificates

We are creating a three-factor authentication for a website due to a legal requirements in one Scandinavian country. The customer is using NetID branded browser plug-ins to do a PKCS #11 certificate authentication in the browser. The smartcards are supplied centrally …

Read More