Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2015-03-10 23:41:35

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

originality signature

Does anyone know how to calculate the originality signature of recent nxp product? It is an ECC signature. Any datasheet?

Offline

#2 2015-03-11 03:12:56

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 630

Re: originality signature

Are you talking about what is described in AN11340?


Want to contact me? Here's my email address...
modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#3 2015-03-11 06:51:19

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: originality signature

Yes. Knowing public and per-tag key how can i calculate the "validity"?

Offline

#4 2015-03-11 16:54:38

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: originality signature

We are able to obtain private key and we have the public key, the algo is ECC and parameteres are known: what is the math process to validate them ?

Last edited by asper (2015-03-11 17:00:27)

Offline

#5 2015-03-11 20:25:36

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,301

Re: originality signature

it appears AN11341 is a secure download on nxp's website.  my guess is it explains what you are looking for.

Offline

#6 2015-03-11 20:33:22

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: originality signature

The function is already implemented in some nfc android apps... I was only curious.
Anyway it is used also in recent ntag transponders, not only desfire.

Last edited by asper (2015-03-11 20:34:51)

Offline

#7 2015-03-12 02:11:38

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 630

Re: originality signature

asper wrote:

The function is already implemented in some nfc android apps...

Can you name these apps / provide links? The simpler the application the better.
I know there is an open source example hiding in github (or perhaps stackexchange?). I'll try to dig it up for you.

As marshmellow has already pointed out, AN11341 is a restricted download. You can request access to the document but I'm not sure how you'll go.

Some of my notes:

The 32-byte cryptographic signature is based on elliptic curve cryptography. This signature can be retrieved using the READ_SIG command and can be verified using the corresponding ECC public key in the PCD.
What is the public key?

Pub. N0.: US 2013/0342311 A1
https://docs.google.com/viewer?url=patentimages.storage.googleapis.com/pdfs/US20130342311.pdf

ECDSA algorithm, curve secp128r1.
Using openSSL. Must be using ecdsa.h!
http://openssl.org/

Look at Utilities.java in the 'MIFARE SDK Lite'


Want to contact me? Here's my email address...
modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#8 2015-03-12 07:59:38

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: originality signature

The app is nfc tag info.

Offline

#9 2015-03-13 00:17:45

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 630

Re: originality signature

asper wrote:

The app is nfc tag info.

NFC tag info uses the same technique (similar code) as Utilities.java.

Check out http://www.mifare.net/en/products/mifare-sdk/mifare-sdk-lite/#download
You might want to create a fake email address so you can register and download the SDK.

Look for:

checkEcdaSignature(String paramString, byte[] paramArrayOfByte1, byte[] paramArrayOfByte2)


Want to contact me? Here's my email address...
modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#10 2015-03-13 12:28:31

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: originality signature

Thank you very much ! I knew "you are the right man" !

Offline

Board footer

Powered by FluxBB