Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.

"Learn the tools of the trade the hard way." +Fravia

You are not logged in.


Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-04-17 10:09:17

Registered: 2019-05-20
Posts: 2

Desfire ENUM

Hallo everyone,

I have a question how to understand the output of the enum command.

I got this reading for an application on the card.

[+] --- AMK - Application Master Key settings
[+]   AID : F51771
[+]   AID Function Cluster 0xF5: reserved
[+]   AID Key settings           : 0x0b
[+]   Max key number and type    : 2, AES
[=] -------------------------------------------------------------
[+]   Changekey Access rights
[+]   -- AMK authentication is necessary to change any key (default)
[+]    [0x08] Configuration changeable       : YES
[+]    [0x04] AMK required for create/delete : YES
[+]    [0x02] Directory list access with AMK : NO
[+]    [0x01] AMK is changeable              : YES
[=] -------------------------------------------------------------
[=]   Application keys
[+]    Key [0]  Version : 0 (0x00)
[+]    Key [1]  Version : 0 (0x00)
[+]  Tag report 1 file
[+]    Fileid 1 (0x01)
[=]      File Type: 0x00 -> Standard Data File
[=]      Com.Setting: 0x03 -> Enciphered
[=]      Access Rights: 0x1110 - Change (Access Key: 0) - RW (Access Key: 1) - W (Access Key: 1) - R (Access Key: 1)
[=]      Filesize: 96 (0x60)
[=] -------------------------------------------------------------

[+]    Key [0]  Version : 0 (0x00)
[+]    Key [1]  Version : 0 (0x00)

The Application has two keys. What does Version 0 mean? Does it indicate a "default"/ empty key?

Thank you for your help.


#2 2020-06-30 11:07:15

Registered: 2013-04-25
Posts: 9,518

Re: Desfire ENUM

You would need to read a DESfire datasheet to get a better insight in what the version means. 
But basically,   every update (change key) increases a key version.   Or you set the key version when you change the key.
I guess it should be some kind of track record,  look how many times the key has changed.   
to be related to a set of keys they have for that purpose / aid / files.   Extra complexity.


#3 2020-07-03 15:33:58

Registered: 2016-07-21
Posts: 55

Re: Desfire ENUM

Fragggy wrote:

The Application has two keys. What does Version 0 mean? Does it indicate a "default"/ empty key?

The key version is a user defined value. It's intended use is key management.
Les say: Someone had stolen your application key or reverse engeneered it, so you need to switch to another key. You can do this in two different ways:
1) You can use a new key and just probe all your keys until you can enter
2) You read the key version, so you directly know the required (new) key

So most of the times the key version is 0, but you can program this to any value (in allowed range). Some implementations do use this value to store some kind of user information, completely unrelated to the keys.
This came somehow from the old DES encryption where the upper bit is not in use (56 bit keys, but 8 byte of key-data). These 8 bits got a long history of side-use over the time. The first DESfire implementation defined it as "key version", so it's still there...

But over all: The general use is key management, also to easily disable insecure keys by just programming clients with the info "key version must be > X".


Board footer

Powered by FluxBB