UM - NXP Semiconductors
Contents
1. apes ret l5 x E fle DESFire Commands A ra remon AD70x use Serial Port dec i 7 E F Security Commands Opad Baudrate dec 115200 v T Authenticate O IDA T Get Key Version F Get Key Settings T Change Key Settings J Change Key RF Reset Duration ms dec 200 hd T Format PICC E FR PICC Commands P Get Application IDs TR Select Application Of Create Application TR Delete Application Of Get Version E f Application Commands RF Reset Interface Close O Show Micore Register Control O Automatically retrieve command times Enable high baudrates fi Get File IDs i Get File Settings fig Change File Settings fi Create Data File fig Create Value File fi Create Record File fil Delete File E m File Commands fl Data File Access fH Value File Access Record File Access 3AM DESFireSAM Commands Opening Interface OK Setting PCD Configuration OK Reader SNR Ox 22 c2 96 44 RIC Version Ox 30 ff tt OF 04 i 0 1900 ms Firmware Version Philips Semiconductors Gratkom mj 0AE VA Total Time 0 9450 ms Reset Total Time O Use 1507816 framing for this CID DesfireU Version 2 1 Fig 2 DESFire Commands PCD Commands DESFireUI only supports the RD700 and RD701 reader By default DESFire uses the USB interface It also supports the version with an RS232 interface Selecting the RS232 button enables the setting of the RS232 interfa2. 0x00 Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 27 of 36 UM DESFireUI Demo software for DESFire and DESFireSAM Philips Semiconductors 5 4 Key change in DESFireSAM Step Action 1 Put DESFireSAM card in smartcard reader with PC SC interface 2 Start DESFireUI program 3 Unfold DESFireSAM Commands 4 Select SAM Activation and Click lt Activate SAM gt box Select DESFire SAM window will indicate that SAM has been selected Click lt OK gt box to continue 5 Unfold Security Related Commands 6 Select Authenticate Host Enter or select 00h for KeyNo and 00h for KeyV Check Generate Session Key Enter or select all zeroes for Secret Key Click lt Authenticate Host gt box 7 Unfold Key Handling Commands Select Change Key Entry Enter 11111111111111111111111111111111h for Key A Enter 22222222222222222222222222222220 h for Key B Check Update Key Version A Check Update Key Version B Enter or select 01h for Nr of Key to change Click lt Change Key Entry gt box 8 Select Get Key Entry Select Key Nr 01h and Click lt Get Key Entry gt box 9 Select Authenticate Host Enter or select 01h for KeyNo and FFh for KeyV Check Generate Session Key Enter 11111111111111111111111111111111h for Secret Key Click lt Authenticate Host gt box and watch the transaction log windows for OK result Enter or select 01h for KeyNo and 00h for KeyV Enter 2222222222222222222
3. Unfold Security Commands Select Authenticate Select Key Number zero Enter all zeroes for Key value Click lt Authenticate gt box Select Format PICC Click lt Format Picc gt box to empty DESFire PICC Unfold PICC commands Select Create Application Enter 111111h for Application ID Enter 14 for Number of Keys Check Configuration Changeable Check Free create delete without masterkey Check Free directory list access without masterkey Check Allow masterkey change Enter 10 for Change Key access rights Click lt Create App gt box Select Select Application Enter or Select 111111h for Application Id Click lt Select App gt box Select Authenticate Select Key Number zero Enter all zeroes for Key value 10 If the DESFire PICC is not in virgin state please enter the Key value of the masterkey Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 21 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM Step Action Click lt Authenticate gt box 13 Select Change Key Select Key Number zero Enter FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFh for Key value Empty Prev Key field make sure to remove all the spaces Click lt Change Key gt box 14 Select Authenticate Select Key Number zero Enter or select FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFh for Key value Click lt Authenticate gt box and watch the transaction log windows for OK resul
4. box to deselect the DESFire Exit DESFireUI program Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 23 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 5 2 Command execution times for DESFire 5 2 1 Using standard baud rates Step Action 1 Put DESFire card on RD700 or RD701 reader 2 Start DESFireUI program 3 Unfold DESFire Commands 4 Select PCD Commands Click lt Interface Open gt box Check Automatically retrieve command times 5 Select T CL Commands Click lt Activate Idle gt box Click lt RATS gt box 6 Unfold Security Commands Select Authenticate Select Key Number zero Enter all zeroes for Key value Click lt Authenticate gt box 7 Select Format PICC Click lt Format Picc gt box to empty DESFire PICC 8 Unfold PICC commands 9 Select Create Application Enter 123456h for Application Id Enter 01 for Number of Keys Check Configuration Changeable Check Free create delete without masterkey Check Free directory list access without masterkey Check Allow masterkey change Enter 14 for Change Key access rights Click lt Create App gt box 10 Select Select Application Enter or Select 123456h for Application Id Click lt Select App gt box 11 Unfold Application Commands 12 Select Create Data File Enter 11 for File Id Check Plain communication 11 If the DESFire PICC is not in virgin state please enter
5. currently NOT a function supported by the SAM It is reserved for future versions Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 17 of 36 Philips Semiconductors UM 4 4 3 4 4 4 4 4 5 4 4 6 DESFireUI Demo software for DESFire and DESFireSAM Clicking the lt Get Key Entry gt box will only return the key version of key a b andc packed in one byte for each key Remark This command can be issued without valid host authentication Change KUC Entry This command allows updating any Key Usage Counter KUC entry stored in the DESFireSAM The Limit Key No of the Change Key Usage Counter CKUC and the version number of the CKUC can be changed selectively by checking the appropriate box and entering the new values Clicking the lt Change KUC Entry gt box will change the entry in the KUC Remark Successful host authentication with the key specified in KeyNoCKUC of current KUC entry is required Get KUC Entry The Get KUC Entry command allows retrieving the key usage counter entry specified in the Reference Number KUC box Clicking the lt Get KUC Entry gt box will return the Key No of the Change Key Usage Counter its version the Current Value and the Limit Remark This command can be issued without valid host authentication Prepare For Change PICC This command prepares the DESFireUI to be able to change the keys using the SAM Both the cur
6. for Answer To Select also called RATS needs to be sent to the PICC RATS could convey the Card IDentifier or CID which uniquely identifies the PICC according to 15014443 part 4 The CID can be set in the CID field to the right of the lt RATS gt box Possible values range from 0 to 14 where the zero has the special meaning of No CID Activating the PICC with CID zero prevents the activation of more cards using different CIDs After a successful reception of the Answer to Select or ATS the card is enabled for T CL communication If more than one CID is assigned this means more than one card is active in the RF field and able to communicate with the PCD In that case the value of the CID box is used to address an APDU for a specific PICC This allows communication with more than one DESFire at the same time Clicking the lt Deselect gt box deactivates a card and put it to sleep To reactivate a deselected card it is necessary to click both the lt Activate Wakeup gt and also the lt RATS gt box again Protocol and Parameter Selection ISO14443 specifies PPS as a special APDU to change communication parameters like the baud rate to values different from the default The default Send and Receive Dividers are zero referring to 106 kbit s If both the PCD and the PICC are supporting higher communication speeds the PPS command can be used to select different dividers and thus different baud rates The dividers can be selected in
7. for RD70x Opening the RD7Ox interface successfully enables boxes for additional commands Show Micore Register Control Checking the Show Mifare Register Control box causes the Micore Register Control window to pop up enabling the user to view and modify the values of the internal registers of the Micore reader IC in the RD70x reader Warning The unwanted change of registers can cause damage of the RD70x O Micore Register Control a Oj xi Page 0 address 0x00 0 Page Register Gi 0 address 0x01 1 Command Register Show bit names J 7 6 5 4 3 2 1 0 Hex Dec Autch Autc EEPROM Access ofofofojofofjofo foo fo write Read Loz a 0 address 0x02 a FIFOData Register Show bit names I Hex Dec Autch Autc EEPROM Access ojojojajojojojo fer T5 wie nes 1 r 0 address 0x03 2 a tatus Register Show bit names I 33 O0 Hex Dec Autcl Aute EEPROM Access fofofofofafolo or TE mae ae so on 0 address 0x04 as Fl res Register Show bit names J O Hex Dec utc Aute EEPROM Access ojojojojojojojo for gt in Be ioe see p 0 address 0x05 SecondaryStatus Register Show bit names 1 0 Hex Dec Autcl Autc EEPROM Access ojojojojojojojo foro ae Bea ioe ove sige 0 address 0x06 ie ae Register Show bit names QO Hex Dec Autch Autc EEPROM Access ojojojojojojojo far E wae Be 1 pee 0 address 0407 ea ie Register Show bit names I Hex Dec Autc Aute EE
8. the Key value of the masterkey Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 24 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM Step 13 14 15 16 17 18 19 Action Enter 14 for Read Access Enter 14 for Write Access Enter 14 for Read Write Access Enter 14 for Change Access Rights Enter 3872 for File Size Click lt Create Data File gt box Unfold File Commands Select Data File Access Enter or select 11 for File Id Enter zero for Length to read the entire file In lower left corner of window click lt Reset Total Time gt box In Data File Access click lt Read Data gt box Read Total Execution Time in Total Time Window Remark Repeat steps 15 and 17 a few times for consistent timings In T CL Commands click lt Deselect gt box to deselect the DESFire Exit DESFireUI program Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 25 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 5 2 2 Using baud rates up to 424 kbit s Remark This example assumes using the card that has been configured in Section 5 2 1 Step Action 1 Start DESFireUI program 2 Put card on RD701 reader 3 Unfold DESFire Commands 4 Select PCD Commands Click lt Interface Open gt box Check Automatically retrieve command times Cli
9. the text fields to the right of the lt PPS gt box DSI is the divider for communication from the PICC to the PCD DRI refers to the communication from the PCD to the PICC Possible values can be 0 1 2 or 3 reflecting the baud rates 106 212 424 and 848 kbit s Clicking the lt PPS gt will set the communication settings for the RF communication The PPS command can only be sent immediately after a RATS command Remark The RD700 only supports 106 kbit s and the execution of a PPS command with a higher baud rate will result in an error The RD701 supports higher baud rates but after opening the interface they need to be enabled with the lt EnableHighBaud rates gt box Please see Section 3 2 4 2 for more information 4 When a card is removed from the field before it is formally deactivated the DESFireUI will not allow execution of the RATS command again and will show an error message in the transaction log window A Deselect command needs to be send before the PICC can be activated again Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 8 of 36 Philips Semiconductors UM 3 4 3 4 1 3 4 2 3 4 3 3 4 4 3 4 5 3 4 6 DESFireUI Demo software for DESFire and DESFireSAM Security Commands The Security Commands group contains the security related commands of the DESFire Authenticate Performs the Authentication with the selected Application ID us
10. 005 33 of 36 Philips Semiconductors UM 7 References DESFireUI Demo software for DESFire and DESFireSAM 1 2 3 4 Data sheet MF3 IC D40 mifare DESFire Contactless Multi Application IC with DES and 3DES Security Application Note MF3 IC D40 mifare DESFire Features and Hints Functional specification DESFire SAM Reader Module for MF3 IC D40 Functional specification DESFire SAM MAC MACing Reader Module for MF3 IC D40 Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 34 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 8 Disclaimers Life support These products are not designed for use in life support appliances devices or systems where malfunction of these products can reasonably be expected to result in personal injury Philips Semiconductors customers using or selling these products for use in such applications do so at their own risk and agree to fully indemnify Philips Semiconductors for any damages resulting from such application Right to make changes Philips Semiconductors reserves the right to make changes in the products including circuits standard cells and or software described or contained herein in order to improve design and or performance When the product is in full production status Production relevant changes will be communicated via a Customer Prod
11. 10 3 5 5 Get Version cccccccccessceceseeseeeeeeneeeessneeessseees 11 3 6 Application Commands ccceeeeeeeeeeeeeeees 11 3 6 1 Get File IDS cccccceceeseceeeeeeeeseneeeessneeeesseees 11 3 6 2 Get File Settings eceeeeeeeeseeeeseeeeneeteeeeeaes 11 3 6 3 Change File SettingS ccceeceeseeeseeeeneeees 11 3 6 4 Create Data File cccccccccscceeessteeeessteeeeseeees 11 3 6 5 Create Value File ii ci cccccsccesscceseiescectsasicdeesstees 12 3 6 6 Create Record File ccccscccesesseeesssteeeesseees 12 3 6 7 Delete Filerna enpi 12 3 7 File COMMANAS 2 ccceeeceeeeeeeeeessneeeesseeeeess 12 3 7 1 Data File ACCESS 0 cceeccecceeceeeeeeeeteneeeeetetees 13 3 7 2 Value File ACCESS cccccccseeeeeceeeeeteeseeneetes 13 3 7 3 Record File ACCESS 22 ccceeeeeeeeteeeeeeeeetees 13 4 DESFireSAM COMMANGCG cccseeccesseeteeeeees 14 4 1 DESFireSAM command dialog window 14 4 2 SAM ActivatiOn ccccsccceceeseeeeesneeeessseeeeseees 14 PHILIPS 4 3 Configuration Commands cceeeeeeteeeeeees 15 4 3 1 Disable Crypt0 c ceeccesseeeeeeeeseeeeeeeeeneeeeeeeeeae 15 4 4 Key Handling Command6 cceceeeeeeeeee 15 4 4 1 Change Key Entry ecceescesesteseeeeeeeeeeneeeeres 16 4 4 1 1 Configuration Setting for Key Entry 16 4 4 1 2 Update Setting for Key Entry ee eeeeee 17 4 4 2 Get Key Entry eeceeeeeeee
12. 1111111h for Key A Check Update DF key number and DF AID Check Update Key Version A Enter or select 01h for Nr of Key to change Click lt Change Key Entry gt box Enter aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaah for Key A Enter or select 02h for Nr of Key to change Click lt Change Key Entry gt box 15 Select Prepare for Authenticate PICC Enter or select 00h for KeyNo and 00h for KeyV Make sure that Non Diversified Authentication and Select by Key Entry number are checked Click lt Prepare for Authenticate PICC gt box 16 Select Authenticate in DESFire Security Commands Enter or select 10 for Key Number note that no key can be entered since the authentication will be performed through the SAM Click lt Authenticate gt box 17 Select Prepare for Change Key PICC Enter or select 01h for KeyNo Old and FFh for KeyV Old Enter or select 02h for KeyNo New and 00h for KeyV New Make sure that Don t Change Master Key Don t Diversify New Key and Current key is Not Diversified are checked 18 Click lt Prepare for Change Key PICC gt box 19 Select Change Key in DESFire Security Commands Enter or select 01 for Key Number Click lt Change Key gt box 20 In SAM Activation click lt Deactivate SAM gt box 21 Select Authenticate in DESFire Commands Select Key Number 01 remember this was defined as the Change Key Enter aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaah for Key value Click lt Authenticate gt box 22 In T CL Commands click lt D
13. 2222222222222h for Secret Key Click lt Authenticate Host gt box and watch the transaction log window for OK result 10 Select SAM Activation and Click lt Deactivate SAM gt box 11 Exit DESFireUI program 16 In some systems it may be necessary to physically remove the SAM card and re insert it before this the SAM can be recognized in the reader 17 If the DESFireSAM is not in virgin state please enter the Key value of KeyNo 0x00 Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 28 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 5 5 DESFire authentication using DESFireSAM Remark This example assumes using the DESFire card that has been configured in Section 5 1 1 and Section 5 1 2 and the DESFire SAM that has been configured in Section 5 4 Step Action 1 Put DESFireSAM card in smartcard reader with PC SC interface 2 Put DESFire card on RD700 or RD701 reader 3 Start DESFireUI program 4 Unfold DESFire Commands 5 Select PCD Commands and Click lt Interface Open gt box 6 Select T CL Commands Click lt Activate Idle gt box Click lt RATS gt box 7 Unfold PICC commands 8 Select Select Application Enter or Select 111111h for Application Id Click lt Select App gt box 9 Unfold DESFireSAM Commands 10 Select SAM Activation Click lt Activate SAM gt box Select DESFire SAM window will indicate that SAM has bee
14. C i e for the Select Application command Select Application Clicking the lt Select App gt box selects the indicated Application ID The requested AID can manually be entered or selected from the Application ID field To automatically fill the drop down box with available AlDs issue a Get Application IDs command see Section 3 5 1 first Create Application This command allows creating a new application on the DESFire The new AID must be unique to the DESFire Every AID needs at least one key and can have maximum 14 keys The access conditions for the application need to be specified in the selection boxes It also requires a key number to change the access conditions and values of the other keys in the application Clicking the lt Create App gt box creates the Application ID on the PICC Delete Application Clicking the lt Delete App gt box deletes the application indicated by the Application ID field Remark The memory space that becomes free because of this deletion cannot be used again for another file Only the Format DESFire command can empty the PICC and make all memory available again 6 Entering the value 1 to 9 will result in the AlDs 10h to 90h To enter AID 1 you need to enter the value 01h Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 10 of 36 Philips Semiconductors UM 3 5 5 3 6 3 6 1 3 6 2 3 6 3 3 6 4 DESFireUI De
15. D later Get File Settings Clicking the lt Get File Settings gt box retrieves the settings for the selected File Id The information is shown in the controls for the encryption mode and various access rights and in the transaction log window Some more information like the file type and size is shown in the log window Change File Settings This command uses the same interface as the Get File Settings command Section 3 6 2 but now the encryption mode and access rights for the specified FID can also be changed Clicking the lt Change File Settings gt box changes the settings for the selected File Id Create Data File This command can be used to create a custom data file and provides options to select the encryption mode for data communication with the PCD and the access rights Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 11 of 36 Philips Semiconductors UM 3 6 5 3 6 6 3 6 7 3 7 DESFireUI Demo software for DESFire and DESFireSAM The required size of the file in bytes can be entered in the File Size field Checking the Backup File option enables the on chip backup mechanism for the file but that also doubles the required memory space for this file The file size and the backup option determine the EEPROM space that will be occupied These values cannot be modified after the file has been created Clicking the lt Create Data File gt creates the
16. PROM Access sjaja afe ila rr om Wite Read Load Sine Fig 3 Micore Register Control 2 For more information about the registers please see the datasheets of the Micore reader ICs Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 6 of 36 Philips Semiconductors UM 3 2 4 2 3 2 4 3 3 2 5 3 3 3 3 1 3 3 2 DESFireUI Demo software for DESFire and DESFireSAM Enable High Baud rates The RD701 contains the RC632 Micore reader IC that can support baud rates up to 424 kbit s from the PCD to the PICC and up to 848 kbit s from the PICC to the PCD By default the RD701 behaves only supports 106 kbit s However the firmware is prepared to also support the IS014443 higher baud rates Clicking the lt Enable high baud rates gt box enables communication with higher Baud rates The baud rates between the PCD and PICC can be set with the lt PPS box gt in the T CL commands see Section 3 3 4 Remark This allows the user to perform time measurements on the DESFire commands also with different baud rates Automatic retrieval of command execution times The RD70x contains two distinct timers that can measure the communication time of the most recent RF communication and also monitor the incremental time of all RF communication since the last timer reset Clicking the lt Automatically retrieve command times gt box enables DESFireUI to au
17. UM DESFireUI Demo software for DESFire and DESFireSAM Semiconductors Rev 01 27 May 2005 User manual Document information Info Content Keywords DESFire DESFireUI DESFireSAM SAM AID 3DES demo software Abstract This document describes how to use the DESFireUI demo program to experience the functionality of the DESFire the DESFireSAM and both products combined DESFireUI communicates with the DESFire through an RD700 or RD701 reader and with the DESFireSAM through a contact smartcard reader with a PC SC interface BL ID Doc Number M111010 PHILIPS UM Philips Semiconductors DESFireUI Demo software for DESFire and DESFireSAM Revision history Rev Date Description 01 20050527 Initial version of the DESFireU User Manual Contact information For additional information please visit http Awww semiconductors philips com For sales office addresses please send an email to sales addresses www semiconductors philips com Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 2 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 1 Introduction 1 1 DESFireUl is a demonstration program that can show the functionality of the DESFire smartcard see Ref 1 and both versions of the DESFireSAM the full version see Ref 3 and the DESFireSAM MAC the restricted version that has the feature to encrypt d
18. ata disabled see Ref 4 The core of the program consists of two parts one part for the DESFire and a second part for the DESFireSAM Both parts can be used independently of each other but the DESFireSAM part can be used to load keys used by the DESFire part For example new keys can be downloaded manually to the DESFire but with an activated DESFireSAM the manual key loading is disabled and DESFireUI only allows downloading the keys through the DESFireSAM The first part of the demo program allows the user to execute all DESFire commands and learn more about the functionality of the DESFire It communicates with a DESFire through the contactless interface of an RD700 or RD701 reader some times also called Pegoda reader The second part of the demo program allows the user to execute the majority of the DESFireSAM commands and learn more about the functionality of the DESFireSAM This part communicates with DESFireSAM through a contact smartcard reader with a PC SC interface Since the main purpose of the demo program is to assist the user in gaining practical experience it also allows malfunctions in the logical flow of commands to happen Therefore it is possible to completely destroy the content of a DESFire E g keys could be exchanged by accident and if the user does not know the value of the new key the card might be destroyed DESFireUI runs on Windows ME Windows 2000 and Windows XP On Windows NT 4 0 the reader devices atta
19. ce parameters Serial Port and Baudrate Interface Open Before any command can be send the interface with the reader needs to be opened by clicking the lt Interface Open gt box Correct execution of the command is shown in the transaction log window where also some additional information about the reader will be presented Interface Close Clicking the lt Interface Close gt box closes the interface that was previously opened with the lt Interface Open gt box 1 The IrDA checkbox is only supported for internal Philips test purposes Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 5 of 36 Philips Semiconductors UM 3 2 3 RF Reset 3 2 4 3 2 4 1 DESFireUI Demo software for DESFire and DESFireSAM An RF Reset can be used to reset any card in the RF field of the reader equal to power cycling the cards or more simply stated equal to removing the cards from the field The duration of the reset time can be entered in the RF Reset Duration field Clicking the lt RF Reset gt box causes a reset of the RF field of the reader turns it off or on The result is shown in the transaction log window Possible reset values range from 0 up to 255 milliseconds The value zero has a special function and turns off the RF field permanently To turn the RF field on again another RF Reset command is required with a value different than zero Options available
20. ched to the USB port are not supported Remark DESFire SAM functionality is only supported Windows 2000 Professional and by Windows XP Summary of the document content Section 2 provides a general explanation of the DESFireUI user interface Section 3 provides the description on how to use all commands to interact with the DESFire Smart Card Section 4 provides the description on how to use commands to interact with the DESFireSAM Section 7 contains a reference to the datasheets of the products and an application not with features and hints that contains detailed information how the DESFire can and should be used Their content is essential to understand the examples in the back of the document Section 5 provides some samples of command sequences on how to execute some basic functions of the DESFire the DESFireSAM and how they can work together Remark This document assumes that the user is familiar with the 15014443 specification for contactless communication Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 3 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 2 Operating instructions The DESFireUI software can be downloaded in a ZIP file from Philips Semiconductor s Identification website After extracting all files the program can be started by double clicking the file DesfireUl exe A dialog window appears that is divided
21. ck lt Enable High Baud rates gt box 5 Select T CL Commands Click lt Activate Idle gt box Click lt RATS gt box Select 2 for DSI 424 kbit s Select 2 for DRI 424 kbit s Click lt PPS gt box 6 Unfold PICC commands 7 Select Select Application Enter or Select 123456h for Application Id Click lt Select App gt box 8 Unfold File Commands 9 Select Data File Access Enter or select 11 for File Id Enter zero for Length to read entire file 10 In lower left corner of window click lt Reset Total Time gt box 11 In Data File Access click lt Read Data gt box 12 Read Total Execution Time with higher baud rates in Total Time Window Remark Repeat steps 10 and 12 a few times for consistent timings 13 In T CL Commands click lt Deselect gt box to deselect the DESFire 14 Exit DESFireUI program 12 This DESFire data rate example can only be executed with the RD701 reader because that is able to support higher baud rates 13 Coding for DSI amp DRI 0 106 kbit s 1 212 kbit s 2 424 kbit s 3 848 kbit s Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 26 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 5 3 Use of Key Usage Counters of DESFireSAM Step Action 1 Put DESFireSAM card in smartcard reader with PC SC interface 2 Start DESFireUI program 3 Unfold DESFireSAM Commands 4 Select SAM Activation and Click
22. d a Change Entry Key version The command provides a field to enter the data The last entry field is for the Key Usage Counter KUC that counts the number of times this key has been used The default value FFh for the KUC indicates that no KUC will be used 4 4 1 1 Configuration Setting for Key Entry The Change Key Entry command also allows changing the configuration settings of a key entry and provides check boxes for e Allow Dumping Session Key e Allow Crypto With Secret Key e Keep DES InitVector e Disable Change Key PICC Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 16 of 36 Philips Semiconductors UM 4 4 1 2 4 4 2 DESFireUI Demo software for DESFire and DESFireSAM e Disable Decryption e Disable Encryption e Disable Verify MAC e Disable Generate MAC e Enable Host Authentication after Reset only valid for KeyNo 00h In the default configuration all DES 3DES operations will be completed as defined in the DESFire MF3ICD40 datasheet Ref 1 However by selecting the corresponding checkbox the DES 3DES can also be performed as defined in ISO IEC 10116 1997 chapter 6 In the future a key entry can also be used to generate diversified mifare standard keys Host and PICC authentication with this DES 3DES key will NO longer be possible if configured for mifare key diversification Update Setting for Key Entry The Change Key E
23. e DESFire using the SAM The actual authentication can be done with the Authenticate command in the DESFire Commands see Section 3 4 1 There are two ways to specify the key number that will be used e f a Select Application command has been completed successfully preceding Authenticate_PICC the same key number as used on DESFire can be send in the KeyNo parameter Valid range for the number is 00h to ODh e If no Select Application command has been completed the reference number of the key entry must be entered as parameter KeyNo Diversified Authentication requires the UID of the DESFire If that box is checked the UID can be entered in the UID text input field Clicking the lt Prepare for Authenticate PICC gt box will prepare the DESFireUI to perform the authentication with the DESFire using the SAM Load Init Vector This command can be used to load an Init Vector to the 3DES coprocessor of the DESFire SAM This is necessary if the Keep DES IV setting of the key entry is enabled and a special value for the Init Vector must be entered Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 19 of 36 Philips Semiconductors UM 4 6 4 6 1 4 7 4 7 1 4 7 2 DESFireUI Demo software for DESFire and DESFireSAM The Init Vector can be entered in the Init Vector text input field Clicking the lt Load Init Vector gt box will load the Init Vector in the 3DES coproces
24. e session key generated by the SAM and displays it in the transaction log window Remark As this feature can be seen as a potential security risk if not used in the correct way it can be en disabled using the configuration settings of every key entry Security Related Commands This group contains the security related commands of the DESFire Authenticate Host This command is used to run a mutual 3 pass authentication between the SAM and host system Remark For details on the method used for session key generation please refer to Functional Specification of DESFire PICC Select Application This command is the equivalent of the SelectApplication command of the DESFire The DESFire AID can be entered in the SAM AID field Clicking the lt Select Application gt box will generate a list with a maximum of two keys per DESFire key number in the RAM of the DESFire SAM from the key storage table This allows the user to quickly address a key for this DF AID For every DESFire key number up to 6 keys can be stored in this list only the keys from two key entries in the key storage table will be stored with 3 key versions each The key storage table is searched starting with key entry zero If more than 6 key versions per DESFire AID and DESFIRE key number are found in key entries only the first 6 versions will be stored in the RAM of the DESFireSAM Prepare For Authenticate PICC This command prepares the DESFireUI to authenticate th
25. eeeeeeeeenees 33 7 ROTGIONCE uw cescciccccccsccssssssnceccscesessccdeceescasncsiteccnsses 34 8 Disclaimers 20ccccccceeeeeeeeeeeeeeeeseeeeeeeeeeneneeeeeeeeees 35 9 WraAG MarkS scecccicctccsscssszecetesccesscaaceecetcvtswssteccesees 35 10 CONTCIUS issicssscccivcsieisietssvissceccscsavedssseccetevasteeesaces 36 Koninklijke Philips Electronics N V 2005 All rights are reserved Reproduction in whole or in part is prohibited without the prior written consent of the copyright owner The information presented in this document does not form part of any quotation or contract is believed to be accurate and reliable and may be changed without notice No liability will be accepted by the publisher for any consequence of its use Publication thereof does not convey nor imply any license under patent or other industrial or intellectual property rights Date of release 27 May 2005 BLID Document number M111010 Published in Austria
26. eeseneeeeeeeeeneeseneeeeaes 17 4 4 3 Change KUC Enttry ceeeeeseeeeseeeeseeeeneeeeneees 18 4 4 4 Get KUC Entry o0 eee eeeeeeeteeeeeeeeeeeteeeeeaes 18 4 4 5 Prepare For Change PICC eceeeceeeeeeeeeeees 18 4 4 6 Dump Session Key cccceeseeseeeeeeeeteneeteeeeee 18 4 5 Security Related Command6 0seeee 19 4 5 1 Authenticate Host 19 4 5 2 Select Application cccceeeeeeteeeeeteteeeeteers 19 4 5 3 Prepare For Authenticate PICC 0 19 4 5 4 Load Init VOCtor eeeeceeeeeeeeeeeeeeeeeeseneeseneeees 19 4 6 General Commands ccceeceeeeeeeeeteeteteeenees 20 4 6 1 Get Version ooo eecceeeceseseeeeeeseeeteaeetsneeteaeetsaes 20 4 7 Setter and Getter methods cceeeeeeeeees 20 4 7 1 Set Init Vector 4 7 2 Get Init Vector 5 Use Examples EXxerciSes 0 cccsssssseeeeeeees 21 5 1 Change keys in DESFire ssseeeeeeeeeeeeeeee 21 5 1 1 Change Master Key or Change Key 21 5 1 2 Change ordinary key ccescceeseeeeeeeeteeeeneees 23 5 2 Command execution times for DESFire 24 5 2 1 Using standard baud rates ccceeeees 24 5 2 2 Using baud rates up to 424 kbit s ee 26 5 3 Use of Key Usage Counters of DESFireSAM 27 5 4 Key change in DESFireSAM 28 5 5 DESFire authentication using DESFireSAM 29 5 6 DESFire key change using DESFireSAM 31 6 Abbreviations ccccccssseeeeeeeeeeeeseeeee
27. eselect gt box to deselect the DESFire 23 Exit DESFireUI program 21 Since the program does not allow you to enter 16 capital As you need to enter them in lower case Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 32 of 36 Philips Semiconductors UM 6 Abbreviations DESFireUI Demo software for DESFire and DESFireSAM Table 2 Abbreviations Acronym Description AID Application ID APDU Application Protocol Data Unit ATS Answer To Select CID Card Dentifier CBC Cipher Block Chain CEK Change Entry Key DES Data Encryption Standard DF DESFire DRI Divisor Receive Integer PCD to PICC DSI Divisor Send Integer PICC to PCD FID File ID FSCI Frame Size for proximity Card Integer FSDI Frame Size for proximity coupling Device Integer FWI Frame Waiting time Integer FWT Frame Waiting Time INF INformation Field KUC Key Usage Counter MAC Message Authentication Code NAD Node ADdress PCB Protocol Control Byte PCD Proximity Coupling Device reader writer unit PICC Proximity Integrated Circuit Card PPS Protocol and Parameter Selection RATS Request for Answer To Select REQA REQuest Command Type A RFU Reserved for Future Use SAK Select AcKnowledge SAM Secure Application Module UID Unique IDentification number WTX Waiting Time eXtension Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2
28. file within the selected AID Create Value File This command can be used to create a value file and provides options to select the encryption mode for data communication with the PCD and the access rights A value file requires a setting for the Upper Limit the Lower Limit and for the Initial Value These values can be entered in the corresponding fields Checking the Limited Value box enables the limited value option Clicking the lt Create Value File gt creates the file within the selected AID Remark Value files always use DESFire s backup feature and require double the memory of the anticipated for value data used Create Record File This command can be used to create a record file and provides options to select the encryption mode for data communication with the PCD and the access rights A record file requires a setting for the Record Size and the Number of Records These values can be entered in the corresponding fields Checking the Cyclic File box turns the file into a Cyclic File in stead of a Linear File Clicking the lt Create Record File gt box creates the file within the selected AID Remark Record files always use DESFire s backup feature and require double the memory of the anticipated for record data used Delete File Clicking the lt Delete File gt box deletes the file within the selected AID The memory space that becomes free because of this deletion cannot be used again for another file File Com
29. he SAM it has to call the GetInitVector function to retrieve the current init vector Remark The methods are included in the DESFireUI because of their availability in the DESFire library An ordinary user of the DESFireUI will most likely never use them Set Init Vector This command allows storing an Init Vector in the coprocessor of the DESfireSAM The Init Vector can be entered in the Init Vector text input box or selected via the drop down box Clicking the lt Set Init Vector gt box will store the Init Vector in the DESFireSAM reader library for applying it in the next cryptographic operation Get Init Vector This command allows retrieving the Init Vector from the coprocessor of the DESfireSAM Clicking the lt Get Init Vector gt box will retrieve the Init Vector from the DESFireSAM reader library and display the result in the transaction log window Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 20 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 5 Use Examples Exercises 5 1 Change keys in DESFire 5 1 1 Change Master Key or Change Key Step 1 2 3 4 10 11 12 Action Put DESFire card on RD700 or RD701 reader Start DESFireUI program Unfold DESFire Commands Select PCD Commands Click lt Interface Open gt box Select T CL Commands Click lt Activate Idle gt box Click lt RATS gt box
30. ici 5 3 2 2 Interface ClOSC cccccceseececeesseeeeeeeeeeeessneeeeeseees 5 3 2 3 RF Resets erae e eaaa aaae 6 3 2 4 Options available for RD70OX sssseseseeeeeeeeeeeeene 6 3 2 4 1 Show Micore Register Control sssseeseesseeseeeseee 6 3 2 4 2 Enable High Baud rates eee 7 3 2 4 3 Automatic retrieval of command execution times 7 3 2 5 Selecting the DESFire APDU format 7 3 3 T CL COmmand5s cccccccceceeceeeeesneeeeesseeeeessaees 7 3 3 1 Leave TeSt OS erin eaer 7 3 3 2 Activate Wakeup Activate Idle and Halt 7 3 3 3 RATS and Deselect siririca 8 3 3 4 Protocol and Parameter Selection 0 8 3 4 Security COMMANAS cceeeeeeeeeeeeeeeeeeeeeneeeenees 9 3 4 1 Authenticate eccccccscceeeeeeeeeeeneeeeeeeeeseeenneees 9 3 4 2 Get Key Version eccceesceseseeeneeteneeeeeetseeeenees 9 3 4 3 Get Key Settings eeeeeceeseeeeneeeeneeseneeeeneeeeaees 9 3 4 4 Change Key Settings cceeseeeseesereeeteeeeneees 9 3 4 5 Change Key cceecceesceesseeesseeeeeeeeseaeeseaeetsaeeenaees 9 3 4 6 Format PICC ccccccseceeseseeeeeneeesseeeeeessneeeesees 9 3 5 PICC Commands siisii iiinis 10 3 5 1 Get Application IDS 0 0 00 eeeeeeeeeeeeeeneeeteeeeees 10 3 5 2 Select Application c cc eeeeesseceeeeeseeeteeeeteee 10 3 5 3 Create Application cccceceeseeeteeeeseeenereaes 10 3 5 4 Delete Application eeeeeeesereeessneeeeenneeeees
31. ing the Key Number and Key that can be selected from or entered in the Key Number and Key fields Valid range for the key number is zero to 14 The key has a length of 16 bytes that are entered as 32 hexadecimal numbers Clicking the lt Authenticate gt box perform the authentication with the currently selected Application ID The result of the operation is shown in the transaction log window Get Key Version Clicking the lt Get Key Version gt box retrieves the version of the specified key from the PICC and displays it in the transaction log window Get Key Settings Clicking the lt Get Key Settings gt box retrieves the settings for the specified key and displays them by setting or clearing the corresponding checkboxes and the Access Rights field Change Key Settings Utilizes the same controls as the Get Key Settings command but this time it is possible to modify the settings Clicking the lt Change Key Settings gt box will modify the settings according to the value of the corresponding checkboxes and the Access Rights field Change Key Allows changing the value of a selected key The number can be entered or selected in the Key Number field The new value for the key can be entered as 32 hexadecimal digits or selected from a previous value in the Key field Depending on the access rights it might be required to not provide the value of the previous key In that case the Prev Key field must be left empty that means a
32. into several sections Desfireur ee iojxi E Fife DESFire Commands E SaM DESFireSAM Commands O Use 1507816 framing for this CID Reset Tiotal Time DesfireUl Version 2 1 Fig 1 DESFireUl dialog window The upper left section shows all commands that can be send to the DESFire and DESFireSAM Clicking the signs opens up several command sections and after clicking all signs it shows all available commands The upper right section contains the dialog section for all commands It will show all parameters and command boxes for the selected command The lower left section contains some tools to measure command execution times for the DESFire operation The lower right section contains the transaction log window Scroll bars will pop up as soon as the content of the window extends the space on the screen Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 4 of 36 Philips Semiconductors UM 3 DESFire commands DESFireUI Demo software for DESFire and DESFireSAM 3 1 DESFire command dialog window The DESFire commands become visible as a tree after a mouse click on the sign 3 2 3 2 1 3 2 2 ol Further clicking on the signs will reveal all commands per section Clicking on a command name will select it and the corresponding command dialog window will open up in the upper right section
33. ion 5 4 Step Action 1 Put DESFireSAM card in smartcard reader with PC SC interface 2 Put DESFire card on RD700 or RD701 reader 3 Start DESFireUI program 4 Unfold DESFire Commands 5 Select PCD Commands Click lt Interface Open gt box 6 Select T CL Commands Click lt Activate Idle gt box Click lt RATS gt box 7 Unfold PICC commands 8 Select Select Application Enter or Select 111111h for Application Id Click lt Select App gt box 9 Unfold DESFireSAM Commands 10 Select SAM Activation Click lt Activate SAM gt box Select DESFire SAM window will indicate that SAM has been selected Click lt OK gt box to continue 11 Unfold Security Related Commands 12 Select Authenticate Host Enter or select 00h for KeyNo and 00h for KeyV Check Generate Session Key Enter or select all zeroes for Secret Key click lt Authenticate Host gt box 13 Unfold Key Handling Commands 14 Select Change Key Entry Enter 111111h for DF AID and 01h for DF KeyNo 19 In some systems it may be necessary to physically remove the SAM card and re insert it before this the SAM can be recognized in the reader 20 Ifthe DESFireSAM is not in virgin state please enter the Key value of KeyNo 0x00 Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 31 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM Step Action Enter 1111111111111111111111111
34. ivate Idle and Halt These commands reflect the initial states of a PICC as described in the state diagrams of the 15014443 specification 3 Although the DESFire does not allow switching between these two formats during an active session it is possible within DESFireUI to demonstrate the failure effect Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 7 of 36 Philips Semiconductors UM 3 3 3 3 3 4 DESFireUI Demo software for DESFire and DESFireSAM e The lt Activate Idle gt box represents the ISO IEC 14443 commands REQA Anticollision and Select anticollision loop incl all cascade levels e The lt Activate Wakup gt box represents the ISO IEC 14443 commands WUPA and Select incl all cascade levels e The lt Halt gt box represents the ISO IEC 14443 command HALTA To activate a PICC after entering an RF field it needs to go through a sequence of commands Initially it can be activated with the lt Activate Idle gt box According to 1SO14443 it can then be selected and de activated put to sleep with the lt Halt gt box A de activated card can be activated again with the lt Activate Wakeup gt box Remark These boxes execute all the detailed operations as specified in the IS014443 specification to activate a card Please see those specifications for more information RATS and Deselect To establish a T CL connection with a DESFire the Request
35. lso without spaces Clicking the lt Change Key gt box will replace the value of the selected key Format PICC Formatting the DESFire deletes any application permanently from the PICC including all data files The format PICC operation will not change the value of the master key To execute the Format command it is necessary to first select AID zero and successfully perform an authentication with the master key Unlike the Delete File and Delete Application commands this also frees the memory that can then be re used Clicking the lt Format Picc gt box will format the DESFire and release all EEPROM space 5 The DESFire leaves the production facility without any user data structure and just key zero as the masterkey for the card containing all zeroes Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 9 of 36 Philips Semiconductors UM 3 5 3 5 1 3 5 2 3 5 3 3 5 4 DESFireUI Demo software for DESFire and DESFireSAM PICC Commands These commands can only be executed if AID zero is selected The lt Get Version gt command is an exception to this rule and can be send at any time Get Application IDs Clicking the lt Get App Ids gt box retrieves the list of available AlDs from the PICC and populates the Application ID field on the top of the dialog window This selection box can later be used to select one AID from the AIDs that are available on the PIC
36. lt Activate SAM gt box Select DESFire SAM window will indicate that SAM has been selected Click lt OK gt box to continue 5 Unfold Key Handling Commands 6 Select Get KUC Entry Enter or select OFh for Reference number KUC 7 Click lt Get KUC Enitry gt box and watch of current value of Key Usage Counter 8 Unfold Security Related Commands 9 Select Authenticate Host Enter or select 00h for KeyNo and 00h for KeyV Check Generate Session Key Enter or select all zeroes for Secret Key Click lt Authenticate Host gt box 10 Select Change Key Entry Enter or select OFh for RefNoKUC Check Update Reference number of KUC Enter or select 00h for Nr of Key to change Click lt Change Key Entry gt box 11 Select Authenticate Host Enter or select 00h for KeyNo and 00h for KeyV Check Generate Session Key Enter or select all zeroes for Secret Key for Secret Key Click lt Authenticate Host gt box 12 Select Get KUC Entry Enter or select OFh for Reference number KUC Click lt Get KUC Eniry gt box and watch current value of Key Usage Counter Remark Repeat steps 11 and 12 a few times to see the increase of the KUC 13 In SAM Activation click lt Deactivate SAM gt box 14 Exit DESFireUI program 14 In some systems it may be necessary to physically remove the SAM card and re insert it before this the SAM can be recognized in the reader 15 If the DESFireSAM is not in virgin state please enter the Key value of KeyNo
37. mand allows disabling the cryptographic functionality of the SAM permanently and irreversibly The command provides check boxes for Disable Change Key PICC Disable Decryption Disable Encryption Disable Verify MAC Disable Generate MAC Remark Successful host authentication with the one of the three key versions stored in KeyNo 00h is required before this command can be executed 4 4 Key Handling Commands The Key Handling Commands group contains all commands to handle the keys and related parameters Most commands require authentication with the host before they can be executed Exceptions to this rule are Get Version Get Key Entry Get KUC Entry Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 15 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 4 4 1 Change Key Entry This command can be used to update any key entry stored in the DESFire SAM J Desfire Ut De Hicox Fife DESFire Commands E SaM DESFireSAM Commands s9 Get KUC Entry 3 Dump Session Key Prepare For Authenticate PICC SAM Activation Key A hex Key B hex pi Configuration Commands Disable Crypto E 9 Key Handling Commands J Change Key Entry DF AID hex foooooa DF KeyNo hex Get Key Entry 3 Change KUC Entry KeyNoCEK hex oo KeyVCEK hex 3 Prepare for Change Key PICC O Allow Dumping Session Key O Allow Cry
38. mands The File Commands can be used to exchange data between PCD and PICC The commands are divided into three subcategories one for each of the available file types They can only operate on AlDs other than zero Any operation requires the selection of an existing FID A list of valid FIDs can automatically be obtained by issuing the Get File IDs command from the Application Commands group Section 3 6 1 Remark Authentication using the appropriate access rights configured when the file was created using Create File commands in the Application Commands will be required if the file has not been set up with free use of the applicable functions described in this section An error code Error code 1be Unknown error will be returned if this not done 7 Only the Format DESFire command can empty the PICC and make all memory available again Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 12 of 36 Philips Semiconductors UM 3 7 1 3 7 2 3 7 3 DESFireUI Demo software for DESFire and DESFireSAM Data File Access Allows reading data from and writing data to the file with the selected FID Clicking the lt Read Data gt box will read the data from the file starting from the given Offset and up to the Length specified The data being read is shown in the Data field Specifying a length of zero bytes reads the entire file Data to be written into the PICC can be ente
39. mo software for DESFire and DESFireSAM Get Version Clicking the lt Get Version gt box retrieves manufacturing information from the DESFire and shows it in the transaction log window Table 1 DESFire Get Version information Hardware info Software info part 1 Software info part 2 e Vendor ID e Vendor ID e UID 0x04 for PHILIPS 0x04 for PHILIPS 7 byte UID e Type e Type e BatchNo A Sub Type Sub Type batch number e Major Version e Major Version e Production CW calendar week e Minor Version e Minor Version of production e Storage Size e Software Storage Size e Production Year e Protocol e Protocol 0x05 year of production for ISO 14443 2 and 3 Application Commands The Application Commands can be used to perform file management They can only operate on AIDs other than zero Remark Authentication using the appropriate access rights configured when the application was created using Create Application command see Section 3 5 3 will be required if the application has not been set up to allow free use of the applicable functions described in this section An error code Error code 1be Unknown error will be returned if this not done Get File IDs Clicking the lt Get File ID gt box retrieves all File IDs FIDs that exist within the selected AID and shows them in the transaction log window This command also populates the File ID selection box with available FIDs This box can then be used to select an FI
40. n selected Click lt OK gt box to continue 11 Unfold Security Related Commands 12 Select Prepare for Authenticate PICC Enter or select 01h for KeyNo and FFh for KeyV Make sure that Non Diversified Authentication and Select by Key Entry number are checked 13 Click lt Prepare for Authenticate PICC gt box 14 Unfold Security Commands 15 Select Authenticate Enter or select 01 for Key Number remark that no key can be entered since the authentication will be performed through the SAM Click lt Authenticate PICC gt box 18 In some systems it may be necessary to physically remove the SAM card and re insert it before this the SAM can be recognized in the reader Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 29 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM Step Action 16 In T CL Commands click lt Deselect gt box to deselect the DESFire 17 In SAM Activation click lt Deactivate SAM gt box 18 Exit DESFireUI program Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 30 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 5 6 DESFire key change using DESFireSAM Remark This example assumes using the DESFire card that has been configured in Section 5 1 1 and Section 5 1 2 and the DESFire SAM that has been configured in Sect
41. nd opens up the corresponding dialog in the upper right window LK sax Fife DESFire Commands E Sat a sss oo DESFireU supports PC SC readers only 2 vation Configuration Commands p3 Disable Crypto E 8 Key Handling Commands 3 Change Key Entry I Get Key Entry lt 9 Change KUC Entry lt 9 Get KUC Entry 9 Prepare for Change Key PICC Dump Session Key E Security Related Commands F Authenticate Host Select Application Prepare For Authenticate PICC F Load Init Vector Activate SAM El General Commands Get Version Deactivate SAM E if Setter and Getter methods If Set Init Vector If Get Init Vector O Use 1 07816 framing for this CID Reset Total Time DesfireUl Version 2 1 Fig 4 DESFireSAM Commands 4 2 SAM Activation For the DESFireSAM the DESFireUI only supports smartcard readers with a PC SC interface Clicking the lt Activate SAM gt box initiates a search for a PC SC reader with a DESFireSAM present Available options will be presented and the user can select the reader that should be used The SAM in the selected reader will be activated and the result will be shown in the transaction log window Koninklijke Philips Electronics N V 2005 All rights reserved 14 of 36 User manual Rev 01 27 May 2005 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 4 3 Configuration Commands 4 3 1 Disable Crypto This com
42. ntry command allows selective programming of the key entry It provides check boxes to change e Update Configuration Set e Update Reference number of KUC e Update Change Entry Key s number and version e Update DF Key number and DF AID e Update KeyVa e Update KeyVb e Update KeyVc e Nrof Key Entry to change If Crypto with Secret key is configured for the KeyNoCEK AND the session key is a secret key not based on random number then the 7 byte UID of the DESFireSAM has to be appended to the new key before encryption to assign this command message to a specific DESFire SAM This will dedicate the generated cryptogram to the unique DESFire SAM and will not work with another SAM The command provides an entry box to enter the UID of the SAM This box is automatically populated with the Get Version command see Section 4 6 1 If KeyNoCEK is set to FEh the key entry is transmitted in plain but still a 2 byte CRC and padding with 00h has to be applied The Plain Transmission checkbox can be used to transmit the entry in plain text Clicking the lt Change Entry Key gt box actually changes the configuration and contents of the key entry according to the selections in the dialog window Remark Successful host authentication with the key specified in KeyNoCEK of the selected key entry to change is required Get Key Entry The Get Key Entry command allows reading data from the key entry specified in the Key Nr box 9 This feature is
43. pto With Secret Key E F Securty Related Commands O Keep DES InitVector O Disable Change Key PICC F Authenticate Host O Disable Decryption O Disable Encryption Select Application O Disable Verify MAC O Disable Generate MAC Key C hex Joooooooooooo0oooo000000000000C 7 oooooononoooono0o0000000000000 7 oooooocpooooooono0000000000000 7 had RefNoKUC hex 00 Crypto DESFire Crypto ISO 10116 Crypto Mifare O Host Authentication After Reset Required Load Init Vector General Commands Get Version If Setter and Getter methods if Set Init Vector If Get Init Vector oj O Update Configuration Set o O Update Reference Number of KUC O Update Change Entry Key s number and version C Update DF key number and DF AID O Update Key Version A O Update Key Version B O Update Key Version C WHAT SHALL BE UPDATED UID hex oooo0000000000 X If crypto with secret key or plain transmission O Plain Transmission Nr of Key to change hex foo x Change Key Entry O Use 1S07816 framing for this CID Last Command Reset Total Time DesfireUl Version 2 1 Fig 5 Change Key Entry dialog window The command provides option boxes to enter new keys for key version A B and C For communication with the DESFire there is also an entry field for the DESFire AID and DESFire key number Every key entry is linked to a Change Entry Key CEK an
44. red as hexadecimal digits into the Data field When the data is entered the program automatically counts the number of bytes in the Length field Clicking the lt Write Data gt box writes the data to the file starting from the given Offset Value File Access The file is selected by the value in the File Id field Clicking the lt Get Value gt box reads the value from the file and displays the value in the Value field Clicking the lt Credit gt box adds the value of the Value field to the content of the file Clicking the lt Limited Credit gt box adds the value of the Value field to the content of the file with a maximum of the limited credit value that is stored on the PICC Clicking the lt Debit gt box subtracts the value of the Value field from the content of the file Remark Since the value file is a backup file any modification to the value requires clicking the lt Commit Transaction gt box to actually execute the command Record File Access This command allows to read from write to and clear records from the file selected by the File ID field Only records that are written can be read The record file is not a table with empty records The records are created when the data is written If more than one record is written a record can be read selectively by specifying the Start Record and the Number of Records The latest record written is selected by entering zero for the start record The maximum number of records
45. rent and the new key need to be present in the DESFireSAM prior to executing this command The actual change of the keys can be done with the Change Key command in the DESFire Commands see Section 3 4 5 The DESFireUI then uses the SAM ChangeKeyPICC command to generate the cryptogram that is sent to the DESFire to change one of its keys The method of key generation can be selected with radio buttons for e Involvement of Change Key key e Setting of diversification for new key e Status of diversification for current key This command needs values for e KeyNo current key e Key version current key e KeyNo New key e Key version New key For key diversification the DESFire SAM uses the specified DES 3DES key and the unique ID of the DESFire This number can be entered in the UID field Clicking the lt Prepare for Change Key PICC gt box will prepare the DESFireUI to be able to change a key in the DESFire using the DESFire SAM Dump Session Key This command can be used to retrieve the session key generated by the SAM Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 18 of 36 Philips Semiconductors UM 4 5 4 5 1 4 5 2 4 5 3 4 5 4 DESFireUI Demo software for DESFire and DESFireSAM This feature is necessary if the host should handle cryptographic operations like en decipher instead of the SAM Clicking the lt Dump Session Key gt box will return th
46. sor General Commands Get Version The Get Version command returns manufacturing related data of the SAM Clicking the lt Get Version gt box will retrieve the manufacturing data and display it in the transaction window This command will also retrieve the unique ID of the DESFireSAM and automatically populate the entries where that unique ID is required Remark This command can be issued without valid host authentication Setter and Getter methods The SetlnitVector and GetInitVector methods are used in the DESFire library for setting or getting the internal init vector for cryptographic operations stored in the library This is necessary in case the SAM is configured for storing the init vector For example You activate the SAM and issue a host authentication key is configured for keeping the init vector Now the SAM keeps the init vector and the library has the correct init vector stored internally If you now call the Encipher function the SAM has afterwards a new init vector stored but the library itself does not decipher the data and is therefore not able to create the correct init vector for the next operation Only the application that uses and deciphers the data knows the init vector If the next step is to change a key entry in the SAM the init vector has to be set correctly so that the library is able to calculate the correct data block If now the application wants to encipher a block that shall then be deciphered by t
47. t to prove that the key was changed 15 In T CL Commands click lt Deselect gt box to deselect the DESFire 16 Exit DESFireUI program Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 22 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 5 1 2 Change ordinary key Remark This example assumes using the card that has been configured in Section 5 1 1 Step 1 2 3 4 12 13 Action Put DESFire card on RD700 or RD701 reader Start DESFireUI program Unfold DESFire Commands Select PCD Commands Click lt Interface Open gt box Select T CL Commands Click lt Activate Idle gt box Click lt RATS gt box Unfold PICC commands Select Select Application Enter or Select 111111h for Application Id Click lt Select App gt box Unfold Security Commands Select Authenticate Select Key Number 10 remember this was defined as the Change Key Enter 00000000000000000000000000000000h for Key value Click lt Authenticate gt box Select Change Key Select Key Number 1 Enter 11111111111111111111111111111111h for Key value Enter 00000000000000000000000000000000h for Prev Key value Click lt Change Key gt box Select Authenticate Select Key Number 1 Enter 11111111111111111111111111111111h for Key value Click lt Authenticate gt box and watch the transaction log windows for OK result In T CL Commands click lt Deselect gt
48. that can be read from a cyclic record file is always one less than the full number of records configured for that file Clicking the lt Read Records gt box reads Number of Records records from the file beginning by Start Record The content of the records is shown in the transaction log window Clicking the lt Write Record gt box write the content of the Data field to a new record starting at Offset The sum of length of the content in the Data field and the offset must be smaller than the record length Clicking the lt Clear Records gt box deletes all records from the record file Remark Any modification to a Backup file requires clicking the lt Commit Transaction gt box to actually execute the command All file operations performed since the last Commit Transaction command can be discarded by clicking the lt Abort Transaction gt box thus restoring the original value 8 The value of limited credit that is stored in the PICC can be read with the Get Key Settings command Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 13 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 4 DESFireSAM commands 4 1 DESFireSAM command dialog window The DESFireSAM commands become visible as a tree after a mouse click on the sign Further clicking on the signs reveals all commands per section Clicking on a command selects it a
49. tomatically retrieve the command execution time from the RD70x reader every 500 ms The lower left section of the DESFireUI window contains some controls for time measurements The lt Last Commands gt box and lt Total Time gt box enable the user to measure the execution time per command and the incremental time for all commands respectively The times are displayed in the two text display fields next to the boxes The lt Reset Total Time gt box resets the incremental time in the RD70x Selecting the DESFire APDU format The checkbox Use ISO7816 framing for this CID allows the user to let the DESFireUI communicate in either the native DESFire format or the IS07816 APDU format This allows the user to experience the differences in command execution time in either the proprietary format or the IS07816 APDU format T CL Commands T CL refers to a standardized protocol as described in SO14443 part 4 developed to support the exchange of commands in a contactless environment According to 15014443 the PICC activation process starts with some lower level ISO14443 commands and then moves to the ISO14443 part 4 level Therefore this section contains all commands to activate a PICC and enable communication on ISO14443 part 4 level The available commands are sorted in logical 15014443 order Leave Test OS This command is only available for Philips internal evaluation purposes and is not supported for ordinary use Activate Wakeup Act
50. uct Process Change Notification CPCN Philips Semiconductors assumes no responsibility or liability for the use of any of these products conveys no licence or title under any patent copyright or mask work right to these products and makes no representations or warranties that these products are free from patent copyright or mask work right infringement unless otherwise specified Application information Applications that are described herein for any of these products are for illustrative purposes only Philips Semiconductors make no representation or warranty that such applications will be suitable for the specified use without further testing or modification 9 Trademarks Mifare is a trademark of Koninklijke Philips Electronics N V DESFire is a trademark of Koninklijke Philips Electronics N V Koninklijke Philips Electronics N V 2005 All rights reserved User manual Rev 01 27 May 2005 35 of 36 Philips Semiconductors UM DESFireUI Demo software for DESFire and DESFireSAM 10 Contents 1 INTKOUDUCHION cs ccceec fessessececcvecsssesteiccereeeistenedeneeects 3 1 1 Summary of the document content 3 2 Operating iNStructionS ccseceeeseeeeeeeeeees 4 3 DESFire COMMANAS ccsseeeseeeeeeeeeeeeeeseeeee 5 3 1 DESFire command dialog window 6 5 3 2 PCD Commands cccccsceeeeeeneeeeeseeeeeseseeeeees 5 3 2 1 Interface Open seeded ic
Download Pdf Manuals
Related Search