We know the process for Authentication to Mifare Ultralight C but we cannot do the authentication using PN532 chip. We follow the steps as shown in the commands sets but we can't get the exact result. We need some help to do the authentication process for Mifare Ultralight C. Please give some suggestion or anybody worked on this card can help.
Command: 00 00 FF 05 FB D4 60 01 01 00 CA 00 Response: 00 00 ff 11 ef d5 61 01 10 0c 01 00 44 00 07 04 54 ad f2 ef 45 80 b6 00
Command: 00 00 FF 04 FC D4 42 1A 00 D0 00 Response: 00 00 ff 0c f4 d5 43 00 af 22 f5 ec 57 19 7f 44 72 91 00
Decrypt RndB and rotate to RndB':
Key = 49454D4B41455242214E4143554F5946
enc(RndB) = 22 f5 ec 57 19 7f 44 72
decrypt(enc(RndB)) = d1 f4 00 d1 13 bd ef 04
RndB' = 04 f4 00 d1 13 bd ef d1
Generate RndA and build RndA || RndB':
RndA = 74 bd 85 75 7b d2 8b 77
RndA || RndB' = 74 bd 85 75 7b d2 8b 77 04 f4 00 d1 13 bd ef d1
Encrypt RndA || RndB':
IV = 22F5EC57197F4472
encrypt(RndA || RndB') = 98 70 67 11 40 8F 73 B1 1C 11 15 6A 30 47 ED 58
Now we have to pass this encrypt(RndA || RndB') to the card using AFh Mifare Ultralight C command like this:
Command: 00 00 FF 13 ED D4 42 AF 98 70 67 11 40 8F 73 B1 1C 11 15 6A 30 47 ED 58 60 00 Response: 00 00 ff 03 fd d5 43 01 e7 00
This results in the error code 01h.
The problem is that you rotate RndB into the wrong direction. If you have a RndB like
RndB = decrypt(enc(RndB)) = d1 f4 00 d1 13 bd ef 04
then RndB' should be
RndB' = rotate_left(RndB) = f4 00 d1 13 bd ef 04 d1