From 057e611b6d336496f4c552858fdb8627bc2bc5f0 Mon Sep 17 00:00:00 2001 From: Bjoern Kerler Date: Thu, 9 Apr 2020 17:15:45 +0200 Subject: [PATCH] Fix bugs, improve error reporting, add format picc and createapplication --- client/cmdhflist.c | 2 +- client/cmdhfmfdes.c | 427 +++++++++++++++++++++++++++++++++++++------- client/cmdhfmfdes.h | 53 +----- include/protocols.h | 43 +++-- 4 files changed, 396 insertions(+), 129 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 871cd68a3..b40b06d56 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -819,7 +819,7 @@ void annotateMfDesfire(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { case MFDES_GET_KEY_VERSION: snprintf(exp, size, "GET KEY VERSION"); break; - case MFDES_AUTHENTICATION_FRAME: + case MFDES_ADDITIONAL_FRAME: snprintf(exp, size, "AUTH FRAME / NEXT FRAME"); break; default: diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index 22e401b07..fcd2f227b 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -34,6 +34,8 @@ uint8_t key_ones_data[16] = { 0x01 }; uint8_t key_defa_data[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; uint8_t key_picc_data[16] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f }; +#define status(x) ( ((uint16_t)(0x91<<8)) + x ) + typedef enum { UNKNOWN = 0, MF3ICD40, @@ -104,7 +106,7 @@ int DESFIRESendApdu(bool activate_field, bool leavefield_on, sAPDU apdu, uint8_t if (sw) *sw = isw; - if (isw != 0x9000 && isw != MFDES_SUCCESS_FRAME_RESP && isw != MFDES_ADDITIONAL_FRAME_RESP) { + if (isw != 0x9000 && isw != status(MFDES_OPERATION_OK) && isw != status(MFDES_ADDITIONAL_FRAME) && isw != status(MFDES_NO_CHANGES)) { if (GetAPDULogging()) { if (isw >> 8 == 0x61) { PrintAndLogEx(ERR, "APDU chaining len:%02x -->", isw & 0xff); @@ -114,31 +116,163 @@ int DESFIRESendApdu(bool activate_field, bool leavefield_on, sAPDU apdu, uint8_t } } } - return PM3_SUCCESS; } +static char* GetErrorString(int res) +{ + switch(res){ + case PM3_EUNDEF: + return "Undefined error"; + case PM3_EINVARG: + return "Invalid argument(s)"; + case PM3_EDEVNOTSUPP: + return "Operation not supported by device"; + case PM3_ETIMEOUT: + return "Operation timed out"; + case PM3_EOPABORTED: + return "Operation aborted (by user)"; + case PM3_ENOTIMPL: + return "Not (yet) implemented"; + case PM3_ERFTRANS: + return "Error while RF transmission"; + case PM3_EIO: + return "Input / output error"; + case PM3_EOVFLOW: + return "Buffer overflow"; + case PM3_ESOFT: + return "Software error"; + case PM3_EFLASH: + return "Flash error"; + case PM3_EMALLOC: + return "Memory allocation error"; + case PM3_EFILE: + return "File error"; + case PM3_ENOTTY: + return "Generic TTY error"; + case PM3_EINIT: + return "Initialization error"; + case PM3_EWRONGANSVER: + return "Expected a different answer error"; + case PM3_EOUTOFBOUND: + return "Memory out-of-bounds error"; + case PM3_ECARDEXCHANGE: + return "Exchange with card error"; + case PM3_EAPDU_ENCODEFAIL: + return "Failed to create APDU"; + case PM3_ENODATA: + return "No data"; + case PM3_EFATAL: + return "Fatal error"; + default: + break; + } + return ""; +} + +static int getstatus(int res, uint16_t * sw) +{ + if (sw==NULL) return PM3_ESOFT; + + if (res==PM3_EAPDU_FAIL) + { + if (((*sw>>8)&0xFF)==0x91){ + switch (*sw&0xFF){ + case MFDES_E_OUT_OF_EEPROM: + PrintAndLogEx(ERR, "APDU error: %02x --> Out of Eeprom, insufficient NV-Memory to complete command", *sw & 0xff); + break; + case MFDES_E_ILLEGAL_COMMAND_CODE: + PrintAndLogEx(ERR, "APDU error: %02x --> Command code not supported", *sw & 0xff); + break; + case MFDES_E_INTEGRITY_ERROR: + PrintAndLogEx(ERR, "APDU error: %02x --> CRC or MAC does not match data / Padding bytes invalid", *sw & 0xff); + break; + case MFDES_E_NO_SUCH_KEY: + PrintAndLogEx(ERR, "APDU error: %02x --> Invalid key number specified", *sw & 0xff); + break; + case MFDES_E_LENGTH: + PrintAndLogEx(ERR, "APDU error: %02x --> Length of command string invalid", *sw & 0xff); + break; + case MFDES_E_PERMISSION_DENIED: + PrintAndLogEx(ERR, "APDU error: %02x --> Current configuration/status does not allow the requested command", *sw & 0xff); + break; + case MFDES_E_PARAMETER_ERROR: + PrintAndLogEx(ERR, "APDU error: %02x --> Value of the parameter(s) invalid", *sw & 0xff); + break; + case MFDES_E_APPLICATION_NOT_FOUND: + PrintAndLogEx(ERR, "APDU error: %02x --> Requested AID not present on PICC", *sw & 0xff); + break; + case MFDES_E_APPL_INTEGRITY: + PrintAndLogEx(ERR, "APDU error: %02x --> Application integrity error, application will be disabled", *sw & 0xff); + break; + case MFDES_E_AUTHENTIFICATION_ERROR: + PrintAndLogEx(ERR, "APDU error: %02x --> Current authentication status does not allow the requested command", *sw & 0xff); + break; + case MFDES_E_BOUNDARY: + PrintAndLogEx(ERR, "APDU error: %02x --> Attempted to read/write data from/to beyong the file's/record's limit", *sw & 0xff); + break; + case MFDES_E_PICC_INTEGRITY: + PrintAndLogEx(ERR, "APDU error: %02x --> PICC integrity error, PICC will be disabled", *sw & 0xff); + break; + case MFDES_E_COMMAND_ABORTED: + PrintAndLogEx(ERR, "APDU error: %02x --> Previous command was not fully completed / Not all Frames were requested or provided by the PCD", *sw & 0xff); + break; + case MFDES_E_PICC_DISABLED: + PrintAndLogEx(ERR, "APDU error: %02x --> PICC was disabled by an unrecoverable error", *sw & 0xff); + break; + case MFDES_E_COUNT: + PrintAndLogEx(ERR, "APDU error: %02x --> Application count is limited to 28, not addition CreateApplication possible", *sw & 0xff); + break; + case MFDES_E_DUPLICATE: + PrintAndLogEx(ERR, "APDU error: %02x --> Duplicate entry: File/Application does already exist", *sw & 0xff); + break; + case MFDES_E_EEPROM: + PrintAndLogEx(ERR, "APDU error: %02x --> Eeprom error due to loss of power, internal backup/rollback mechanism activated", *sw & 0xff); + break; + case MFDES_E_FILE_NOT_FOUND: + PrintAndLogEx(ERR, "APDU error: %02x --> Specified file number does not exist", *sw & 0xff); + break; + case MFDES_E_FILE_INTEGRITY: + PrintAndLogEx(ERR, "APDU error: %02x --> File integrity error, file will be disabled", *sw & 0xff); + break; + default: + PrintAndLogEx(ERR, "APDU error: %02x --> Unknown error", *sw & 0xff); + break; + } + } + } else { + PrintAndLogEx(ERR, "%s",GetErrorString(res)); + } + return res; +} static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_len, uint16_t *sw, int splitbysize) { - //SetAPDULogging(true); + if (g_debugMode) + { + if (apdu==NULL) PrintAndLogEx(ERR, "APDU=NULL"); + if (dest==NULL) PrintAndLogEx(ERR, "DEST=NULL"); + if (sw==NULL) PrintAndLogEx(ERR, "SW=NULL"); + if (recv_len==NULL) PrintAndLogEx(ERR, "RECV_LEN=NULL"); + } + if (apdu==NULL || sw==NULL || recv_len==NULL) return PM3_ESOFT; + *sw = 0; uint8_t data[255 * 5] = {0x00}; int resplen = 0; int pos = 0; int i = 1; int res = DESFIRESendApdu(select, true, *apdu, data, sizeof(data), &resplen, sw); - if (res != PM3_SUCCESS) return res; - if (*sw != MFDES_ADDITIONAL_FRAME_RESP && *sw != MFDES_SUCCESS_FRAME_RESP) return PM3_ESOFT; + if (res != PM3_SUCCESS) return getstatus(res,sw); if (dest != NULL) { memcpy(dest, data, resplen); } pos += resplen; - if (*sw == MFDES_ADDITIONAL_FRAME_RESP) { + while (*sw == status(MFDES_ADDITIONAL_FRAME)) { apdu->INS = MFDES_ADDITIONAL_FRAME; //0xAF res = DESFIRESendApdu(false, true, *apdu, data, sizeof(data), &resplen, sw); - if (res != PM3_SUCCESS) return res; + if (res != PM3_SUCCESS) return getstatus(res,sw); if (dest != NULL) { if (splitbysize) { memcpy(&dest[i * splitbysize], data, resplen); @@ -148,12 +282,12 @@ static int send_desfire_cmd(sAPDU *apdu, bool select, uint8_t *dest, int *recv_l } } pos += resplen; + if (*sw!=status(MFDES_ADDITIONAL_FRAME)) break; } if (splitbysize) *recv_len = i; else { *recv_len = pos; } - //SetAPDULogging(false); return PM3_SUCCESS; } @@ -180,7 +314,7 @@ static int test_desfire_authenticate() { sAPDU apdu = {0x90, MFDES_AUTHENTICATE, 0x00, 0x00, 0x01, &c}; // 0x0A, KEY 0 int recv_len = 0; uint16_t sw = 0; - return send_desfire_cmd(&apdu, false, NONE, &recv_len, &sw, 0); + return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0); } // none @@ -189,7 +323,7 @@ static int test_desfire_authenticate_iso() { sAPDU apdu = {0x90, MFDES_AUTHENTICATE_ISO, 0x00, 0x00, 0x01, &c}; // 0x1A, KEY 0 int recv_len = 0; uint16_t sw = 0; - return send_desfire_cmd(&apdu, false, NONE, &recv_len, &sw, 0); + return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0); } //none @@ -198,7 +332,7 @@ static int test_desfire_authenticate_aes() { sAPDU apdu = {0x90, MFDES_AUTHENTICATE_AES, 0x00, 0x00, 0x01, &c}; // 0xAA, KEY 0 int recv_len = 0; uint16_t sw = 0; - return send_desfire_cmd(&apdu, false, NONE, &recv_len, &sw, 0); + return send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0); } // --- FREE MEM @@ -209,7 +343,8 @@ static int desfire_print_freemem(uint32_t free_mem) { // init / disconnect static int get_desfire_freemem(uint32_t *free_mem) { - sAPDU apdu = {0x90, MFDES_GET_FREE_MEMORY, 0x00, 0x00, 0x00, NONE}; // 0x6E + if (free_mem==NULL) return PM3_ESOFT; + sAPDU apdu = {0x90, MFDES_GET_FREE_MEMORY, 0x00, 0x00, 0x00, NULL}; // 0x6E int recv_len = 0; uint16_t sw = 0; uint8_t fmem[4] = {0}; @@ -226,7 +361,7 @@ static int get_desfire_freemem(uint32_t *free_mem) { // --- GET SIGNATURE static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t signature_len, desfire_cardtype_t card_type) { - + if (uid==NULL || signature==NULL) return PM3_ESOFT; // DESFire Ev3 - wanted // ref: MIFARE Desfire Originality Signature Validation @@ -278,6 +413,7 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign // init / disconnect static int get_desfire_signature(uint8_t *signature, size_t *signature_len) { + if (signature==NULL || signature_len==NULL) return PM3_ESOFT; uint8_t c = 0x00; sAPDU apdu = {0x90, MFDES_READSIG, 0x00, 0x00, 0x01, &c}; // 0x3C int recv_len = 0; @@ -334,17 +470,14 @@ static int desfire_print_keysetting(uint8_t key_settings, uint8_t num_keys) { // none static int get_desfire_keysettings(uint8_t *key_settings, uint8_t *num_keys) { - sAPDU apdu = {0x90, MFDES_GET_KEY_SETTINGS, 0x00, 0x00, 0x00, NONE}; //0x45 + if (key_settings==NULL || num_keys==NULL) return PM3_ESOFT; + sAPDU apdu = {0x90, MFDES_GET_KEY_SETTINGS, 0x00, 0x00, 0x00, NULL}; //0x45 int recv_len = 0; uint16_t sw = 0; uint8_t data[2] = {0}; if (num_keys == NULL) return PM3_ESOFT; if (key_settings == NULL) return PM3_ESOFT; int res = send_desfire_cmd(&apdu, false, data, &recv_len, &sw, 0); - if (sw == MFDES_EAUTH_RESP) { - PrintAndLogEx(WARNING, _RED_("[get_desfire_keysettings] Authentication error")); - return PM3_ESOFT; - } if (res != PM3_SUCCESS) return res; *key_settings = data[0]; @@ -360,21 +493,19 @@ static int desfire_print_keyversion(uint8_t key_idx, uint8_t key_version) { // none static int get_desfire_keyversion(uint8_t curr_key, uint8_t *num_versions) { + if (num_versions==NULL) return PM3_ESOFT; sAPDU apdu = {0x90, MFDES_GET_KEY_VERSION, 0x00, 0x00, 0x01, &curr_key}; //0x64 int recv_len = 0; uint16_t sw = 0; if (num_versions == NULL) return PM3_ESOFT; int res = send_desfire_cmd(&apdu, false, num_versions, &recv_len, &sw, 0); - if (sw == MFDES_ENO_SUCH_KEY_RESP) { - PrintAndLogEx(WARNING, _RED_("[get_desfire_keyversion] Key %d doesn't exist"), curr_key); - return PM3_ESOFT; - } return res; } // init / disconnect static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) { + if (dest==NULL || app_ids_len==NULL) return PM3_ESOFT; sAPDU apdu = {0x90, MFDES_GET_APPLICATION_IDS, 0x00, 0x00, 0x00, NULL}; //0x6a int recv_len = 0; uint16_t sw = 0; @@ -387,6 +518,7 @@ static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) { } static int get_desfire_dfnames(dfname_t *dest, uint8_t *dfname_count) { + if (dest==NULL || dfname_count==NULL) return PM3_ESOFT; sAPDU apdu = {0x90, MFDES_GET_DF_NAMES, 0x00, 0x00, 0x00, NULL}; //0x6d int recv_len = 0; uint16_t sw = 0; @@ -401,15 +533,22 @@ static int get_desfire_dfnames(dfname_t *dest, uint8_t *dfname_count) { // init static int get_desfire_select_application(uint8_t *aid) { + if (aid==NULL) return PM3_ESOFT; sAPDU apdu = {0x90, MFDES_SELECT_APPLICATION, 0x00, 0x00, 0x03, aid}; //0x5a int recv_len = 0; uint16_t sw = 0; - if (aid == NULL) return PM3_ESOFT; - return send_desfire_cmd(&apdu, true, NONE, &recv_len, &sw, sizeof(dfname_t)); + int res=send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, sizeof(dfname_t)); + if (res != PM3_SUCCESS) { + PrintAndLogEx(WARNING, _RED_(" Can't select AID %X -> %s"),(aid[0]<<16)+(aid[1]<<8)+aid[2],GetErrorString(res)); + DropField(); + return res; + } + return PM3_SUCCESS; } // none static int get_desfire_fileids(uint8_t *dest, uint8_t *file_ids_len) { + if (dest==NULL || file_ids_len==NULL) return PM3_ESOFT; sAPDU apdu = {0x90, MFDES_GET_FILE_IDS, 0x00, 0x00, 0x00, NULL}; //0x6f int recv_len = 0; uint16_t sw = 0; @@ -417,17 +556,179 @@ static int get_desfire_fileids(uint8_t *dest, uint8_t *file_ids_len) { if (file_ids_len == NULL) return PM3_ESOFT; *file_ids_len = 0; int res = send_desfire_cmd(&apdu, false, dest, &recv_len, &sw, 0); - if (res != PM3_SUCCESS) return res; + if (res != PM3_SUCCESS) { + PrintAndLogEx(WARNING, _RED_(" Can't get file ids -> %s"),GetErrorString(res)); + DropField(); + return res; + } *file_ids_len = recv_len; return res; } static int get_desfire_filesettings(uint8_t file_id, uint8_t *dest, int *destlen) { + if (dest==NULL || destlen==NULL) return PM3_ESOFT; sAPDU apdu = {0x90, MFDES_GET_FILE_SETTINGS, 0x00, 0x00, 0x01, &file_id}; // 0xF5 uint16_t sw = 0; - return send_desfire_cmd(&apdu, false, dest, destlen, &sw, 0); + int res=send_desfire_cmd(&apdu, false, dest, destlen, &sw, 0); + if (res != PM3_SUCCESS) { + PrintAndLogEx(WARNING, _RED_(" Can't get file settings -> %s"),GetErrorString(res)); + DropField(); + return res; + } + return res; } +typedef struct { + uint8_t aid[3]; + uint8_t keysetting1; + uint8_t keysetting2; + uint8_t fid[2]; + uint8_t name[16]; +} aidhdr_t; + +static int get_desfire_createapp(aidhdr_t* aidhdr) { + if (aidhdr==NULL) return PM3_ESOFT; + sAPDU apdu = {0x90, MFDES_CREATE_APPLICATION, 0x00, 0x00, sizeof(aidhdr_t), (uint8_t*)aidhdr}; // 0xCA + uint16_t sw = 0; + int recvlen=0; + int res=send_desfire_cmd(&apdu, false, NONE, &recvlen, &sw, 0); + if (res != PM3_SUCCESS) { + PrintAndLogEx(WARNING, _RED_(" Can't create aid -> %s"),GetErrorString(res)); + DropField(); + return res; + } + return res; +} + +static int CmdHF14ADesCreateApp(const char *Cmd) { + if (Cmd==NULL) return PM3_ESOFT; + clearCommandBuffer(); + + CLIParserInit("hf mfdes caid", + "Create Application ID", + "Usage:\n\t-m Auth type (1=normal, 2=iso, 3=aes)\n\t-t Crypt algo (1=DES, 2=3DES, 3=3K3DES, 4=aes)\n\t-a aid (3 bytes)\n\t-n keyno\n\t-k key (8-24 bytes)\n\n" + "Example:\n\thf mfdes caid -a 123456 -f 1122 -k 0F -l 2E -n AppName\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_strx0("aA", "aid", "", "App ID to create"), + arg_strx0("fF", "fid", "", "File ID"), + arg_strx0("kK", "keysetting1", "", "Key Setting 1 (Application Master Key Settings)"), + arg_strx0("lL", "keysetting2", "", "Key Setting 2"), + arg_strx0("nN", "name", "", "App ISO-4 Name"), + arg_param_end + }; + CLIExecWithReturn(Cmd, argtable, true); + /* KeySetting 1 (AMK Setting): + 0: Allow change master key + 1: Free Directory list access without master key + 0: AMK auth needed for GetFileSettings and GetKeySettings + 1: No AMK auth needed for GetFileIDs, GetISOFileIDs, GetFileSettings, GetKeySettings + 2: Free create/delete without master key + 0: CreateFile/DeleteFile only with AMK auth + 1: CreateFile/DeleteFile always + 3: Configuration changable + 0: Configuration frozen + 1: Configuration changable if authenticated with AMK (default) + 4-7: ChangeKey Access Rights + 0: Application master key needed (default) + 0x1..0xD: Auth with specific key needed to change any key + 0xE: Auth with the key to be changed (same KeyNo) is necessary to change a key + 0xF: All Keys within this application are frozen + + */ + /* KeySetting 2: + 0..3: Number of keys stored within the application (max. 14 keys + 4: RFU + 5: Use of 2 byte ISO FID, 0: No, 1: Yes + 6..7: Crypto Method 00: DES/3DES, 01: 3K3DES, 10: AES + Example: + 2E = FID, DES, 14 keys + 6E = FID, 3K3DES, 14 keys + AE = FID, AES, 14 keys + */ + int aidlength = 3; + int fidlength = 2; + uint8_t aid[3] = {0}; + uint8_t fid[2] = {0}; + uint8_t name[16] = {0}; + uint8_t keysetting1=0; + uint8_t keysetting2=0; + int keylen1=1; + int keylen2=1; + int namelen=16; + CLIGetHexWithReturn(1, aid, &aidlength); + CLIGetHexWithReturn(2, fid, &fidlength); + CLIGetHexWithReturn(3, &keysetting1, &keylen1); + CLIGetHexWithReturn(4, &keysetting2, &keylen2); + CLIGetHexWithReturn(5, name, &namelen); + CLIParserFree(); + + if (aidlength < 3) { + PrintAndLogEx(ERR, "AID must have 3 bytes length."); + return PM3_EINVARG; + } + + if (fidlength < 2) { + PrintAndLogEx(ERR, "FID must have 2 bytes length."); + return PM3_EINVARG; + } + + if (keylen1 < 1) { + PrintAndLogEx(ERR, "Keysetting1 must have 1 byte length."); + return PM3_EINVARG; + } + + if (keylen1 < 2) { + PrintAndLogEx(ERR, "Keysetting2 must have 1 byte length."); + return PM3_EINVARG; + } + + if (namelen > 16) { + PrintAndLogEx(ERR, "Name has a max. of 16 bytes length."); + return PM3_EINVARG; + } + + //90 ca 00 00 0e 3cb849 09 22 10e1 d27600 00850101 00 + /*char name[]="Test"; + uint8_t aid[]={0x12,0x34,0x56}; + uint8_t fid[]={0x11,0x22}; + uint8_t keysetting1=0xEE; + uint8_t keysetting2=0xEE;*/ + + if (memcmp(aid, "\x00\x00\x00", 3) == 0) { + PrintAndLogEx(WARNING, _RED_(" Creating root aid 000000 is forbidden.")); + return PM3_ESOFT; + } + + aidhdr_t aidhdr; + memcpy(aidhdr.aid,aid,sizeof(aid)); + aidhdr.keysetting1=keysetting1; + aidhdr.keysetting2=keysetting2; + memcpy(aidhdr.fid,fid,sizeof(fid)); + memcpy(aidhdr.name,name,sizeof(name)); + + return get_desfire_createapp(&aidhdr); +} + +static int CmdHF14ADesFormatPICC(const char *Cmd) { + (void) Cmd; // Cmd is not used so far + + sAPDU apdu = {0xFC, 0xF3, 0x10, 0x00, 0x00, NONE}; // fc f3 10 + uint16_t sw = 0; + int recvlen=0; + int res=send_desfire_cmd(&apdu, false, NONE, &recvlen, &sw, 0); + if (res != PM3_SUCCESS) { + PrintAndLogEx(WARNING, _RED_(" Can't create aid -> %s"),GetErrorString(res)); + DropField(); + return res; + } + + return PM3_SUCCESS; +} + + static int CmdHF14ADesInfo(const char *Cmd) { (void)Cmd; // Cmd is not used so far @@ -481,7 +782,11 @@ static int CmdHF14ADesInfo(const char *Cmd) { PrintAndLogEx(INFO, " Version: %s", getVersionStr(package->versionHW[3], package->versionHW[4])); PrintAndLogEx(INFO, " Storage size: %s", getCardSizeStr(package->versionHW[5])); PrintAndLogEx(INFO, " Protocol: %s", getProtocolStr(package->versionHW[6])); - PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "");// No data pm3: no data available, no host frame available (not really an error) +#define PM3_ENODATA -98 +// Quit program client: reserved, order to quit the program +#define PM3_EFATAL -99 + PrintAndLogEx(INFO, "--- " _CYAN_("Software Information")); PrintAndLogEx(INFO, " Vendor Id: " _YELLOW_("%s"), getTagInfo(package->versionSW[0])); PrintAndLogEx(INFO, " Type: " _YELLOW_("0x%02X"), package->versionSW[1]); @@ -608,22 +913,21 @@ char *getVersionStr(uint8_t major, uint8_t minor) { return buf; } -void getKeySettings(uint8_t *aid) { - +int getKeySettings(uint8_t *aid) { + if (aid==NULL) return PM3_ESOFT; + int res=0; if (memcmp(aid, "\x00\x00\x00", 3) == 0) { // CARD MASTER KEY //PrintAndLogEx(INFO, "--- " _CYAN_("CMK - PICC, Card Master Key settings")); - if (get_desfire_select_application(aid) != PM3_SUCCESS) { - PrintAndLogEx(WARNING, _RED_(" Can't select AID")); - DropField(); - return; - } + res=get_desfire_select_application(aid); + if (res!=PM3_SUCCESS) return res; // KEY Settings - AMK uint8_t num_keys = 0; uint8_t key_setting = 0; - if (get_desfire_keysettings(&key_setting, &num_keys) == PM3_SUCCESS) { + res=get_desfire_keysettings(&key_setting, &num_keys); + if (res == PM3_SUCCESS) { // number of Master keys (0x01) PrintAndLogEx(SUCCESS, " Number of Masterkeys : " _YELLOW_("%u"), (num_keys & 0x3F)); @@ -660,15 +964,15 @@ void getKeySettings(uint8_t *aid) { // Authentication tests int res = test_desfire_authenticate(); - if (res == PM3_ETIMEOUT) return; + if (res == PM3_ETIMEOUT) return res; PrintAndLogEx(SUCCESS, " [0x0A] Authenticate : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO"); res = test_desfire_authenticate_iso(); - if (res == PM3_ETIMEOUT) return; + if (res == PM3_ETIMEOUT) return res; PrintAndLogEx(SUCCESS, " [0x1A] Authenticate ISO : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO"); res = test_desfire_authenticate_aes(); - if (res == PM3_ETIMEOUT) return; + if (res == PM3_ETIMEOUT) return res; PrintAndLogEx(SUCCESS, " [0xAA] Authenticate AES : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO"); PrintAndLogEx(INFO, "-------------------------------------------------------------"); @@ -677,16 +981,14 @@ void getKeySettings(uint8_t *aid) { // AID - APPLICATION MASTER KEYS //PrintAndLogEx(SUCCESS, "--- " _CYAN_("AMK - Application Master Key settings")); - if (get_desfire_select_application(aid) != PM3_SUCCESS) { - PrintAndLogEx(WARNING, _RED_(" Can't select AID")); - DropField(); - return; - } + res=get_desfire_select_application(aid); + if (res!=PM3_SUCCESS) return res; // KEY Settings - AMK uint8_t num_keys = 0; uint8_t key_setting = 0; - if (get_desfire_keysettings(&key_setting, &num_keys) == PM3_SUCCESS) { + res=get_desfire_keysettings(&key_setting, &num_keys); + if (res == PM3_SUCCESS) { desfire_print_keysetting(key_setting, num_keys); } else { PrintAndLogEx(WARNING, _RED_(" Can't read Application Master key settings")); @@ -716,6 +1018,7 @@ void getKeySettings(uint8_t *aid) { } DropField(); + return PM3_SUCCESS; } static int CmdHF14ADesEnumApplications(const char *Cmd) { @@ -732,6 +1035,8 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) { dfname_t dfnames[255] = {0}; uint8_t dfname_count = 0; + int res=0; + if (get_desfire_appids(app_ids, &app_ids_len) != PM3_SUCCESS) { PrintAndLogEx(ERR, "Can't get list of applications on tag"); DropField(); @@ -771,14 +1076,14 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) { } } - getKeySettings(aid); + res=getKeySettings(aid); + if (res!=PM3_SUCCESS) + { + PrintAndLogEx(WARNING, _RED_(" Can't get Key Settings for AID %X -> %s"),(aid[0]<<16)+(aid[1]<<8)+aid[0],GetErrorString(res)); + } - - if (get_desfire_select_application(aid) != PM3_SUCCESS) { - PrintAndLogEx(WARNING, _RED_(" Can't select AID")); - DropField(); - return PM3_ESOFT; - } + res=get_desfire_select_application(aid); + if (res!=PM3_SUCCESS) return res; // Get File IDs if (get_desfire_fileids(file_ids, &file_ids_len) == PM3_SUCCESS) { @@ -830,6 +1135,8 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) { // #define BUFSIZE 256 static int CmdHF14ADesAuth(const char *Cmd) { + if (Cmd==NULL) return PM3_ESOFT; + int res=0; clearCommandBuffer(); // NR DESC KEYLENGHT // ------------------------ @@ -938,20 +1245,13 @@ static int CmdHF14ADesAuth(const char *Cmd) { return PM3_EINVARG; } - if (get_desfire_select_application(aid) != PM3_SUCCESS) { - PrintAndLogEx(WARNING, _RED_(" Can't select AID")); - DropField(); - return PM3_ESOFT; - } + res=get_desfire_select_application(aid); + if (res!=PM3_SUCCESS) return res; uint8_t file_ids[33] = {0}; uint8_t file_ids_len = 0; - int res = get_desfire_fileids(file_ids, &file_ids_len); - if (res != PM3_SUCCESS) { - PrintAndLogEx(WARNING, "Get file ids error."); - DropField(); - return res; - } + res = get_desfire_fileids(file_ids, &file_ids_len); + if (res != PM3_SUCCESS) return res; // algo, keylength, @@ -992,6 +1292,8 @@ static command_t CommandTable[] = { {"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"}, {"enum", CmdHF14ADesEnumApplications, IfPm3Iso14443a, "Tries enumerate all applications"}, {"auth", CmdHF14ADesAuth, IfPm3Iso14443a, "Tries a MIFARE DesFire Authentication"}, + {"caid", CmdHF14ADesCreateApp, IfPm3Iso14443a, "Create Application ID"}, + {"fmtp", CmdHF14ADesFormatPICC, IfPm3Iso14443a, "Format PICC"}, // {"rdbl", CmdHF14ADesRb, IfPm3Iso14443a, "Read MIFARE DesFire block"}, // {"wrbl", CmdHF14ADesWb, IfPm3Iso14443a, "write MIFARE DesFire block"}, {NULL, NULL, NULL, NULL} @@ -1005,6 +1307,7 @@ static int CmdHelp(const char *Cmd) { int CmdHFMFDes(const char *Cmd) { // flush + if (Cmd==NULL) return PM3_ESOFT; clearCommandBuffer(); return CmdsParse(CommandTable, Cmd); } diff --git a/client/cmdhfmfdes.h b/client/cmdhfmfdes.h index 4f6605cff..c1ed4ed60 100644 --- a/client/cmdhfmfdes.h +++ b/client/cmdhfmfdes.h @@ -17,7 +17,7 @@ int CmdHFMFDes(const char *Cmd); char *getCardSizeStr(uint8_t fsize); char *getProtocolStr(uint8_t id); char *getVersionStr(uint8_t major, uint8_t minor); -void getKeySettings(uint8_t *aid); +int getKeySettings(uint8_t *aid); // Ev1 card limits #define MAX_NUM_KEYS 0x0F @@ -28,55 +28,6 @@ void getKeySettings(uint8_t *aid); #define NOT_YET_AUTHENTICATED 0xFF -// status- and error codes | -#define OPERATION_OK 0x00 // Successful operation -#define NO_CHANGES 0x0C // No changes done to backup files -// ,CommitTransaction/ -// AbortTransaction not necessary -#define OUT_OF_EEPROM_ERROR 0x0E // Insufficient NV-Memory to -// complete command -#define ILLEGAL_COMMAND_CODE 0x1C // Command code not supported -#define INTEGRITY_ERROR 0x1E // CRC or MAC does not match data -// Padding bytes not valid -#define NO_SUCH_KEY 0x40 // Invalid key number specified -#define LENGTH_ERROR 0x7E // Length of command string invalid -#define PERMISSION_DENIED 0x9D // Current configuration status -// does not allow the requested -// command -#define PARAMETER_ERROR 0x9E // Value of the parameter(s) inval. -#define APPLICATION_NOT_FOUND 0xA0 // Requested AID not present on PIC -#define APPL_INTEGRITY_ERROR 0xA1 // [1] // Unrecoverable error within app- -// lication, app will be disabled -#define AUTHENTICATION_ERROR 0xAE // Current authentication status -// does not allow the requested -// command -#define ADDITIONAL_FRAME 0xAF // Additional data frame is -// expected to be sent -#define BOUNDARY_ERROR 0xBE // Attempt to read/write data from/ -// to beyond the file's/record's -// limits. Attempt to exceed the -// limits of a value file. -#define PICC_INTEGRITY_ERROR 0xC1 // [1] // Unrecoverable error within PICC -// ,PICC will be disabled -#define COMMAND_ABORTED 0xCA // Previous Command was not fully -// completed Not all Frames were -// requested or provided by PCD -#define PICC_DISABLED_ERROR 0xCD // [1] // PICC was disabled by an unrecoverable error -#define COUNT_ERROR 0xCE // Number of Applications limited -// to 28, no additional -// CreateApplication possible -#define DUPLICATE_ERROR 0xDE // Creation of file/application -// failed because file/application -// with same number already exists -#define EEPROM_ERROR 0xEE // [1] // Could not complete NV-write -// operation due to loss of power, -// internal backup/rollback -// mechanism activated -#define FILE_NOT_FOUND_ERROR 0xF0 // Specified file number does not -// exist -#define FILE_INTEGRITY_ERROR 0xF1 // [1] // Unrecoverable error within file, -// file will be disabled -// -// [1] These errors are not expected to appear during normal operation + #endif diff --git a/include/protocols.h b/include/protocols.h index 03953fcc6..1bfa588c2 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -350,21 +350,17 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. // MIFARE DESFire command set: - #define MFDES_GET_VERSION 0x60 - #define MFDES_AUTHENTICATE 0x0A // AUTHENTICATE_NATIVE #define MFDES_AUTHENTICATE_ISO 0x1A // AUTHENTICATE_STANDARD #define MFDES_AUTHENTICATE_AES 0xAA - +#define MFDES_CREATE_APPLICATION 0xCA #define MFDES_CREDIT 0x0C #define MFDES_LIMITED_CREDIT 0x1C #define MFDES_DEBIT 0xDC - #define MFDES_WRITE_RECORD 0x3B #define MFDES_READSIG 0x3C #define MFDES_WRITE_DATA 0x3D - #define MFDES_GET_KEY_SETTINGS 0x45 #define MFDES_CHANGE_KEY_SETTINGS 0x54 #define MFDES_SELECT_APPLICATION 0x5A @@ -376,18 +372,35 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define MFDES_GET_FREE_MEMORY 0x6E #define MFDES_GET_DF_NAMES 0x6D #define MFDES_GET_FILE_IDS 0x6F - - -#define MFDES_ABORT_TRANSACTION 0xA7 -#define MFDES_AUTHENTICATION_FRAME 0xAF -#define MFDES_ADDITIONAL_FRAME 0xAF -#define MFDES_ADDITIONAL_FRAME_RESP 0x91AF -#define MFDES_SUCCESS_FRAME_RESP 0x9100 -#define MFDES_EAUTH_RESP 0x91AE -#define MFDES_ENO_SUCH_KEY_RESP 0x9140 - #define MFDES_READ_RECORDS 0xBB #define MFDES_READ_DATA 0xBD +#define MFDES_ABORT_TRANSACTION 0xA7 + +// MIFARE DESFire status set: + +#define MFDES_OPERATION_OK 0x00 +#define MFDES_NO_CHANGES 0x0C +#define MFDES_ADDITIONAL_FRAME 0xAF +#define MFDES_E_OUT_OF_EEPROM 0x0E +#define MFDES_E_ILLEGAL_COMMAND_CODE 0x1C +#define MFDES_E_INTEGRITY_ERROR 0x1E +#define MFDES_E_NO_SUCH_KEY 0x40 +#define MFDES_E_LENGTH 0x7E +#define MFDES_E_PERMISSION_DENIED 0x9D +#define MFDES_E_PARAMETER_ERROR 0x9E +#define MFDES_E_APPLICATION_NOT_FOUND 0xA0 +#define MFDES_E_APPL_INTEGRITY 0xA1 +#define MFDES_E_AUTHENTIFICATION_ERROR 0xAE +#define MFDES_E_BOUNDARY 0xBE +#define MFDES_E_PICC_INTEGRITY 0xC1 +#define MFDES_E_COMMAND_ABORTED 0xCA +#define MFDES_E_PICC_DISABLED 0xCD +#define MFDES_E_COUNT 0xCE +#define MFDES_E_DUPLICATE 0xDE +#define MFDES_E_EEPROM 0xEE +#define MFDES_E_FILE_NOT_FOUND 0xF0 +#define MFDES_E_FILE_INTEGRITY 0xF1 + #define MFDES_CREATE_CYCLIC_RECORD_FILE 0xC0 #define MFDES_CREATE_LINEAR_RECORD_FILE 0xC1