Hey Guys,
I have an app that can read information from a Mifare Desfire EV1 card (That I don't have the key for). Now I believe that the master key is loaded into memory at some point in order to decrypt the information on the card.
Could someone point me in the right direction?
I can attach IDA to the application however there are heaps of different calls, I can't really see a call where the key is being passed to it. Does anyone know of the Android Mifare Decrypted call?
Perhaps the key is passed to the driver then its decrypted?
TL;DR
Can you extract Desfire EV1 Keys from a compiled app that I can successfully read a card? (Hopefully the key exchange isn't done in TZ!)
Cheers guys!
I have an app that can read information from a Mifare Desfire EV1 card (That I don't have the key for). Now I believe that the master key is loaded into memory at some point in order to decrypt the information on the card.
Could someone point me in the right direction?
I can attach IDA to the application however there are heaps of different calls, I can't really see a call where the key is being passed to it. Does anyone know of the Android Mifare Decrypted call?
Perhaps the key is passed to the driver then its decrypted?
TL;DR
Can you extract Desfire EV1 Keys from a compiled app that I can successfully read a card? (Hopefully the key exchange isn't done in TZ!)
Cheers guys!