originality signature

asper · 2015-03-10 23:41:35

Does anyone know how to calculate the originality signature of recent nxp product? It is an ECC signature. Any datasheet?

0xFFFF · 2015-03-11 03:12:56

Are you talking about what is described in AN11340?

asper · 2015-03-11 06:51:19

Yes. Knowing public and per-tag key how can i calculate the "validity"?

asper · 2015-03-11 16:54:38

We are able to obtain private key and we have the public key, the algo is ECC and parameteres are known: what is the math process to validate them ?

Last edited by asper (2015-03-11 17:00:27)

marshmellow · 2015-03-11 20:25:36

it appears AN11341 is a secure download on nxp's website. my guess is it explains what you are looking for.

asper · 2015-03-11 20:33:22

The function is already implemented in some nfc android apps... I was only curious.
Anyway it is used also in recent ntag transponders, not only desfire.

Last edited by asper (2015-03-11 20:34:51)

0xFFFF · 2015-03-12 02:11:38

asper wrote:

The function is already implemented in some nfc android apps...

Can you name these apps / provide links? The simpler the application the better.
I know there is an open source example hiding in github (or perhaps stackexchange?). I'll try to dig it up for you.

As marshmellow has already pointed out, AN11341 is a restricted download. You can request access to the document but I'm not sure how you'll go.

Some of my notes:

The 32-byte cryptographic signature is based on elliptic curve cryptography. This signature can be retrieved using the READ_SIG command and can be verified using the corresponding ECC public key in the PCD.
What is the public key?

Pub. N0.: US 2013/0342311 A1
https://docs.google.com/viewer?url=patentimages.storage.googleapis.com/pdfs/US20130342311.pdf

ECDSA algorithm, curve secp128r1.
Using openSSL. Must be using ecdsa.h!
http://openssl.org/

Look at Utilities.java in the 'MIFARE SDK Lite'

asper · 2015-03-12 07:59:38

The app is nfc tag info.

0xFFFF · 2015-03-13 00:17:45

asper wrote:

The app is nfc tag info.

NFC tag info uses the same technique (similar code) as Utilities.java.

Check out http://www.mifare.net/en/products/mifare-sdk/mifare-sdk-lite/#download
You might want to create a fake email address so you can register and download the SDK.

Look for:

checkEcdaSignature(String paramString, byte[] paramArrayOfByte1, byte[] paramArrayOfByte2)

asper · 2015-03-13 12:28:31

Thank you very much ! I knew "you are the right man" !

Proxmark3 community

Announcement

#1 2015-03-10 23:41:35

originality signature

#2 2015-03-11 03:12:56

Re: originality signature

#3 2015-03-11 06:51:19

Re: originality signature

#4 2015-03-11 16:54:38

Re: originality signature

#5 2015-03-11 20:25:36

Re: originality signature

#6 2015-03-11 20:33:22

Re: originality signature

#7 2015-03-12 02:11:38

Re: originality signature

#8 2015-03-12 07:59:38

Re: originality signature

#9 2015-03-13 00:17:45

Re: originality signature

#10 2015-03-13 12:28:31

Re: originality signature

Board footer