diff --git a/armsrc/Makefile b/armsrc/Makefile index dedccd3e0..6d55924b3 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -37,7 +37,7 @@ APP_CFLAGS = $(PLATFORM_DEFS) \ SRC_LF = lfops.c lfsampling.c pcf7931.c lfdemod.c lfadc.c SRC_HF = hfops.c SRC_ISO15693 = iso15693.c iso15693tools.c -SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_mfc.c sam_seos.c +SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_mfc.c sam_seos.c emvsim.c #UNUSED: mifaresniff.c SRC_ISO14443b = iso14443b.c SRC_FELICA = felica.c diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 64c39aff6..79113c48b 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -54,6 +54,7 @@ #include "mifarecmd.h" #include "mifaredesfire.h" #include "mifaresim.h" +#include "emvsim.h" #include "pcf7931.h" #include "Standalone/standalone.h" #include "util.h" @@ -1624,6 +1625,23 @@ static void PacketReceived(PacketCommandNG *packet) { ReaderIso14443a(packet); break; } + case 0x0386: { + //case CMD_HF_ISO14443A_EMV_SIMULATE: { + struct p { + uint16_t flags; + uint8_t exitAfter; + uint8_t uid[7]; + uint16_t atqa; + uint8_t sak; + } PACKED; + struct p *payload = (struct p *) packet->data.asBytes; + + Dbprintf("We have got hereeee"); + Dbprintf("Flags: %04x, ExitAfter: %02x, UID: %02x %02x %02x %02x %02x %02x %02x, ATQA: %04x, SAK: %02x", + payload->flags, payload->exitAfter, payload->uid[0], payload->uid[1], payload->uid[2], payload->uid[3], payload->uid[4], payload->uid[5], payload->uid[6], payload->atqa, payload->sak); + EMVsim(payload->flags, payload->exitAfter, payload->uid, payload->atqa, payload->sak); + break; + } case CMD_HF_ISO14443A_SIMULATE: { struct p { uint8_t tagtype; diff --git a/client/src/emv/cmdemv.c b/client/src/emv/cmdemv.c index a593507ba..707883dcb 100644 --- a/client/src/emv/cmdemv.c +++ b/client/src/emv/cmdemv.c @@ -39,6 +39,7 @@ #include "crypto/libpcrypto.h" #include "iso4217.h" // currency lookup +//static uint8_t PIV_APPLET[9] = "\xA0\x00\x00\x03\x08\x00\x00\x10\x00"; static int CmdHelp(const char *Cmd); @@ -630,6 +631,7 @@ static int CmdEMVSelect(const char *Cmd) { return PM3_SUCCESS; } +// hutton static int CmdEMVSmartToNFC(const char *Cmd) { //uint8_t data[APDU_AID_LEN] = {0}; // todo: consider removing/cleaning unused vars //int datalen = 0; @@ -646,11 +648,30 @@ static int CmdEMVSmartToNFC(const char *Cmd) { //arg_lit0("a", "apdu", "Show APDU requests and responses"), //arg_lit0("t", "tlv", "TLV decode results"), //arg_lit0("w", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), - //arg_str1(NULL, NULL, "", "Applet AID"), + //arg_str1(NULL, NULL, "", "Choose a UID"), + arg_str0("u", "uid", "", "optional 7 hex bytes UID"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); + int uid_len = 0; + uint8_t uid[7] = {0}; + CLIGetHexWithReturn(ctx, 2, uid, &uid_len); + + if (uid_len == 0) { + PrintAndLogEx(SUCCESS, "No UID provided, using default."); + //memcpy(applet_id, DEFAULT_UID, sizeof(DEFAULT_UID)); + //aid_len = sizeof(DEFAULT_UID); + uint8_t default_uid[7] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; + memcpy(uid, default_uid, sizeof(default_uid)); + uid_len = sizeof(default_uid); + } else if (uid_len != 7) { + PrintAndLogEx(FAILED, "UID must be 7 bytes long."); + return PM3_EINVARG; + } + + PrintAndLogEx(SUCCESS, "UID length is %d", uid_len); + bool testMode = arg_get_lit(ctx, 1); bool show_apdu = true; @@ -671,24 +692,44 @@ static int CmdEMVSmartToNFC(const char *Cmd) { //CLIGetHexWithReturn(ctx, 6, data, &datalen); CLIParserFree(ctx); + // todo: check this is relevant for us. SetAPDULogging(show_apdu); - /* - // exec - uint8_t buf[APDU_RES_LEN] = {0}; - size_t len = 0; - uint16_t sw = 0; - int res = EMVSelect(channel, activateField, leaveSignalON, data, datalen, buf, sizeof(buf), &len, &sw, NULL); + //int res = EMVSmartToNFC(testMode); - if (sw) - PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + //if (!res) { + // PrintAndLogEx(SUCCESS, "EMVSmartToNFC completed successfully."); + //} else { + // PrintAndLogEx(FAILED, "EMVSmartToNFC failed."); + //} - if (res) - return res; + //struct { + // uint8_t tagtype; + // uint16_t flags; + // uint8_t uid[10]; + // uint8_t exitAfter; + //} PACKED payload; - if (decodeTLV) - TLVPrintFromBuffer(buf, len); - */ + struct { + uint16_t flags; + uint8_t exitAfter; + uint8_t uid[7]; + uint16_t atqa; + uint8_t sak; + } PACKED payload; + + //payload.tagtype = 0x1; + memcpy(payload.uid, uid, uid_len); + payload.flags = 0x0204; + payload.exitAfter = 0x1; + payload.atqa = 0x3; + payload.sak = 0x0; + + clearCommandBuffer(); + //SendCommandNG(CMD_HF_ISO14443A_EMV_SIMULATE, (uint8_t *)&payload, sizeof(payload)); + SendCommandNG(0x0386, (uint8_t *)&payload, sizeof(payload)); + + PrintAndLogEx(INFO, "Press " _GREEN_("pm3 button") " to abort simulation"); SetAPDULogging(false); return PM3_SUCCESS; diff --git a/client/src/emv/emvcore.c b/client/src/emv/emvcore.c index b2aa524ac..d9c34a6c3 100644 --- a/client/src/emv/emvcore.c +++ b/client/src/emv/emvcore.c @@ -607,6 +607,10 @@ int EMVInternalAuthenticate(Iso7816CommandChannel channel, bool LeaveFieldON, ui return EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x00, 0x88, 0x00, 0x00, DDOLLen, DDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv); } +//int EMVSmartToNFC(bool TestMode) { +// return Iso7816SimulateTag(TestMode); +//} + int MSCComputeCryptoChecksum(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) { int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x80, 0x2a, 0x8e, 0x80, UDOLlen, UDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv); if (*sw == 0x6700 || *sw == 0x6f00) { diff --git a/client/src/emv/emvcore.h b/client/src/emv/emvcore.h index 6ff2b6ef9..d1a9811c8 100644 --- a/client/src/emv/emvcore.h +++ b/client/src/emv/emvcore.h @@ -79,6 +79,8 @@ int EMVGenerateChallenge(Iso7816CommandChannel channel, bool LeaveFieldON, uint8 int EMVAC(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t RefControl, uint8_t *CDOL, size_t CDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv); // DDA int EMVInternalAuthenticate(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *DDOL, size_t DDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv); +// Simulation of proxmark as a tag +//int EMVSmartToNFC(bool TestMode); // todo: probs delete... // Mastercard int MSCComputeCryptoChecksum(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv); // Auth diff --git a/client/src/iso7816/iso7816core.c b/client/src/iso7816/iso7816core.c index 9eafaa599..c00b73eef 100644 --- a/client/src/iso7816/iso7816core.c +++ b/client/src/iso7816/iso7816core.c @@ -25,6 +25,7 @@ #include "ui.h" #include "cmdhf14a.h" #include "cmdhf14b.h" +//#include "evmsim.h" // todo: remove #include "iso14b.h" // iso14b_raw_cmd_t #include "util_posix.h" #include "protocols.h" // ISO7816 APDU return codes @@ -216,3 +217,7 @@ int Iso7816Select(Iso7816CommandChannel channel, bool activate_field, bool leave , sw ); } + +//int Iso7816SimulateTag(bool testing) { +// return Evmsim(testing); +//} diff --git a/client/src/iso7816/iso7816core.h b/client/src/iso7816/iso7816core.h index b24be2dab..75f9d3378 100644 --- a/client/src/iso7816/iso7816core.h +++ b/client/src/iso7816/iso7816core.h @@ -58,4 +58,7 @@ int Iso7816ExchangeEx(Iso7816CommandChannel channel, bool activate_field, bool l int Iso7816Select(Iso7816CommandChannel channel, bool activate_field, bool leave_field_on, uint8_t *aid, size_t aid_len, uint8_t *result, size_t max_result_len, size_t *result_len, uint16_t *sw); +// simulate being a contactless smart card using ISO7816 interface +//int Iso7816SimulateTag(bool activate_field); + #endif diff --git a/tools/deprecated-hid-flasher/flasher/usb_cmd.h b/tools/deprecated-hid-flasher/flasher/usb_cmd.h index 90a76a1be..6c614a628 100644 --- a/tools/deprecated-hid-flasher/flasher/usb_cmd.h +++ b/tools/deprecated-hid-flasher/flasher/usb_cmd.h @@ -137,6 +137,7 @@ typedef struct { #define CMD_HF_ISO14443A_SNIFF 0x0383 #define CMD_HF_ISO14443A_SIMULATE 0x0384 #define CMD_HF_ISO14443A_READER 0x0385 +#define CMD_HF_ISO14443A_EMV_SIMULATE 0x0386 #define CMD_HF_LEGIC_SIMULATE 0x0387 #define CMD_HF_LEGIC_READER 0x0388 @@ -180,7 +181,7 @@ typedef struct { #define CMD_HF_MIFARE_READER 0x0611 #define CMD_HF_MIFARE_NESTED 0x0612 -#define CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES 0x0613 +#define CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES 0x0613 #define CMD_HF_MIFARE_READBL 0x0620