Has anyone managed to get Mutual Authentication with an ultralight C card working using this chip? I understand the Authentication procedure but looking at the command set in the chips manual and trying a few things I don't think it is actually possible but thought I would post here before abanding the chip-set and moving back to using a CJS encoder for verification
Thanks in advance
Yes, it is possible to perform mutual authentication with Mifare Ultralight C. Use the following procedure:
STEP 1: Send start authentication command. (1A 00) to card
STEP 2: Card generates an 8 byte random number RndB. This random number is DES/3DES enciphered with the diversified key, denoted by ek(RndB), and is then transmitted to the terminal.
STEP 3 The terminal runs a DES/3DES deciphering operation on the received ek(RndB) and thus retrieves RndB. RndB is then rotated left by 8 bits (first byte is moved to the end of RndB), yielding RndB’. Now the terminal itself generates an 8 byte random number RndA. This RndA is concatenated with RndB’ and enciphered using DES/3DES (The ecryption of the two blocks is chained using the Cipher Block Chaining (CBC) send mode). This token ek(RndA + RndB’) is sent to the card.
STEP 4: The card runs an DES/3DES decipherment on the received token and thus gains RndA + RndB’. The card can now verify the sent RndB’ by comparing it with the RndB’ obtained by rotating the original RndB left by 8 bits internally. A successful verification proves to the card that the card and the terminal possess the same secret (key). If the verification fails, the card stops the authentication procedure and returns an error message. As the card also received the random number RndA, generated by the terminal, it can perform a rotate left operation by 8 bits on RndA to gain RndA’, which is enciphered again, resulting in ek(RndA’). This token is sent to the terminal.
STEP 5: The terminal runs a DES/3DES decipherment on the received ek(RndA’) and thus gains RndA’ for comparison with the terminal-internally rotated RndA’. If the comparison fails, the terminal exits the procedure and may halt the card.
STEP 6: The card sets the authentication state as ‘Authenticated’
Same can be found in this NXP datasheet