WIP

2025-08-22 22:33:48 -07:00 · 2024-09-16 15:11:20 +01:00 · 2024-09-16 15:11:20 +01:00 · 174b846e99
commit 174b846e99
parent 1d1e47b598
8 changed files with 90 additions and 16 deletions
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@ -37,7 +37,7 @@ APP_CFLAGS = $(PLATFORM_DEFS) \
 SRC_LF = lfops.c lfsampling.c pcf7931.c lfdemod.c lfadc.c
 SRC_HF = hfops.c
 SRC_ISO15693 = iso15693.c iso15693tools.c
-SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_mfc.c sam_seos.c
+SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_mfc.c sam_seos.c emvsim.c
 #UNUSED: mifaresniff.c
 SRC_ISO14443b = iso14443b.c
 SRC_FELICA = felica.c
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -54,6 +54,7 @@
 #include "mifarecmd.h"
 #include "mifaredesfire.h"
 #include "mifaresim.h"
 #include "emvsim.h"
 #include "pcf7931.h"
 #include "Standalone/standalone.h"
 #include "util.h"
@ -1624,6 +1625,23 @@ static void PacketReceived(PacketCommandNG *packet) {
            ReaderIso14443a(packet);
            break;
        }
        case 0x0386: {
        //case CMD_HF_ISO14443A_EMV_SIMULATE: {
            struct p {
                uint16_t flags;
                uint8_t exitAfter;
                uint8_t uid[7];
                uint16_t atqa;
                uint8_t sak;
            } PACKED;
            struct p *payload = (struct p *) packet->data.asBytes;
            Dbprintf("We have got hereeee");
            Dbprintf("Flags: %04x, ExitAfter: %02x, UID: %02x %02x %02x %02x %02x %02x %02x, ATQA: %04x, SAK: %02x",
                     payload->flags, payload->exitAfter, payload->uid[0], payload->uid[1], payload->uid[2], payload->uid[3], payload->uid[4], payload->uid[5], payload->uid[6], payload->atqa, payload->sak);
            EMVsim(payload->flags, payload->exitAfter, payload->uid, payload->atqa, payload->sak);
            break;
        }
        case CMD_HF_ISO14443A_SIMULATE: {
            struct p {
                uint8_t tagtype;
--- a/client/src/emv/cmdemv.c
+++ b/client/src/emv/cmdemv.c
@ -39,6 +39,7 @@
 #include "crypto/libpcrypto.h"
 #include "iso4217.h"        // currency lookup
 //static uint8_t PIV_APPLET[9] = "\xA0\x00\x00\x03\x08\x00\x00\x10\x00";
 static int CmdHelp(const char *Cmd);
@ -630,6 +631,7 @@ static int CmdEMVSelect(const char *Cmd) {
    return PM3_SUCCESS;
 }
 // hutton
 static int CmdEMVSmartToNFC(const char *Cmd) {
    //uint8_t data[APDU_AID_LEN] = {0}; // todo: consider removing/cleaning unused vars
    //int datalen = 0;
@ -646,11 +648,30 @@ static int CmdEMVSmartToNFC(const char *Cmd) {
            //arg_lit0("a",  "apdu",    "Show APDU requests and responses"),
            //arg_lit0("t",  "tlv",     "TLV decode results"),
            //arg_lit0("w",  "wired",   "Send data via contact (iso7816) interface. (def: Contactless interface)"),
-            //arg_str1(NULL, NULL, "<hex>", "Applet AID"),
+            //arg_str1(NULL, NULL, "<hex>", "Choose a UID"),
            arg_str0("u", "uid", "<hex>", "optional 7 hex bytes UID"),
            arg_param_end
    };
    CLIExecWithReturn(ctx, Cmd, argtable, true);
    int uid_len = 0;
    uint8_t uid[7] = {0};
    CLIGetHexWithReturn(ctx, 2, uid, &uid_len);
    if (uid_len == 0) {
        PrintAndLogEx(SUCCESS, "No UID provided, using default.");
        //memcpy(applet_id, DEFAULT_UID, sizeof(DEFAULT_UID));
        //aid_len = sizeof(DEFAULT_UID);
        uint8_t default_uid[7] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
        memcpy(uid, default_uid, sizeof(default_uid));
        uid_len = sizeof(default_uid);
    } else if (uid_len != 7) {
        PrintAndLogEx(FAILED, "UID must be 7 bytes long.");
        return PM3_EINVARG;
    }
    PrintAndLogEx(SUCCESS, "UID length is %d", uid_len);
    bool testMode = arg_get_lit(ctx, 1);
    bool show_apdu = true;
@ -671,24 +692,44 @@ static int CmdEMVSmartToNFC(const char *Cmd) {
    //CLIGetHexWithReturn(ctx, 6, data, &datalen);
    CLIParserFree(ctx);
    // todo: check this is relevant for us.
    SetAPDULogging(show_apdu);
-    /*
+    //int res = EMVSmartToNFC(testMode);
    // exec
    uint8_t buf[APDU_RES_LEN] = {0};
    size_t len = 0;
    uint16_t sw = 0;
    int res = EMVSelect(channel, activateField, leaveSignalON, data, datalen, buf, sizeof(buf), &len, &sw, NULL);
-    if (sw)
+    //if (!res) {
-        PrintAndLogEx(INFO, "APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
+    //    PrintAndLogEx(SUCCESS, "EMVSmartToNFC completed successfully.");
    //} else {
    //    PrintAndLogEx(FAILED, "EMVSmartToNFC failed.");
    //}
-    if (res)
+    //struct {
-        return res;
+    //    uint8_t tagtype;
    //    uint16_t flags;
    //    uint8_t uid[10];
    //    uint8_t exitAfter;
    //} PACKED payload;
-    if (decodeTLV)
+    struct {
-        TLVPrintFromBuffer(buf, len);
+        uint16_t flags;
-    */
+        uint8_t exitAfter;
        uint8_t uid[7];
        uint16_t atqa;
        uint8_t sak;
    } PACKED payload;
    //payload.tagtype = 0x1;
    memcpy(payload.uid, uid, uid_len);
    payload.flags = 0x0204;
    payload.exitAfter = 0x1;
    payload.atqa = 0x3;
    payload.sak = 0x0;
    clearCommandBuffer();
    //SendCommandNG(CMD_HF_ISO14443A_EMV_SIMULATE, (uint8_t *)&payload, sizeof(payload));
    SendCommandNG(0x0386, (uint8_t *)&payload, sizeof(payload));
    PrintAndLogEx(INFO, "Press " _GREEN_("pm3 button") " to abort simulation");
    SetAPDULogging(false);
    return PM3_SUCCESS;
--- a/client/src/emv/emvcore.c
+++ b/client/src/emv/emvcore.c
@ -607,6 +607,10 @@ int EMVInternalAuthenticate(Iso7816CommandChannel channel, bool LeaveFieldON, ui
    return EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x00, 0x88, 0x00, 0x00, DDOLLen, DDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
 }
 //int EMVSmartToNFC(bool TestMode) {
 //    return Iso7816SimulateTag(TestMode);
 //}
 int MSCComputeCryptoChecksum(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
    int res = EMVExchangeEx(channel, false, LeaveFieldON, (sAPDU_t) {0x80, 0x2a, 0x8e, 0x80, UDOLlen, UDOL}, true, Result, MaxResultLen, ResultLen, sw, tlv);
    if (*sw == 0x6700 || *sw == 0x6f00) {
--- a/client/src/emv/emvcore.h
+++ b/client/src/emv/emvcore.h
@ -79,6 +79,8 @@ int EMVGenerateChallenge(Iso7816CommandChannel channel, bool LeaveFieldON, uint8
 int EMVAC(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t RefControl, uint8_t *CDOL, size_t CDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
 // DDA
 int EMVInternalAuthenticate(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *DDOL, size_t DDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
 // Simulation of proxmark as a tag
 //int EMVSmartToNFC(bool TestMode); // todo: probs delete...
 // Mastercard
 int MSCComputeCryptoChecksum(Iso7816CommandChannel channel, bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv);
 // Auth
--- a/client/src/iso7816/iso7816core.c
+++ b/client/src/iso7816/iso7816core.c
@ -25,6 +25,7 @@
 #include "ui.h"
 #include "cmdhf14a.h"
 #include "cmdhf14b.h"
 //#include "evmsim.h" // todo: remove
 #include "iso14b.h"      // iso14b_raw_cmd_t
 #include "util_posix.h"
 #include "protocols.h"   // ISO7816 APDU return codes
@ -216,3 +217,7 @@ int Iso7816Select(Iso7816CommandChannel channel, bool activate_field, bool leave
    , sw
                            );
 }
 //int Iso7816SimulateTag(bool testing) {
 //    return Evmsim(testing);
 //}
--- a/client/src/iso7816/iso7816core.h
+++ b/client/src/iso7816/iso7816core.h
@ -58,4 +58,7 @@ int Iso7816ExchangeEx(Iso7816CommandChannel channel, bool activate_field, bool l
 int Iso7816Select(Iso7816CommandChannel channel, bool activate_field, bool leave_field_on, uint8_t *aid, size_t aid_len,
                  uint8_t *result, size_t max_result_len, size_t *result_len, uint16_t *sw);
 // simulate being a contactless smart card using ISO7816 interface
 //int Iso7816SimulateTag(bool activate_field);
 #endif
--- a/tools/deprecated-hid-flasher/flasher/usb_cmd.h
+++ b/tools/deprecated-hid-flasher/flasher/usb_cmd.h
@ -137,6 +137,7 @@ typedef struct {
 #define CMD_HF_ISO14443A_SNIFF                                            0x0383
 #define CMD_HF_ISO14443A_SIMULATE                                         0x0384
 #define CMD_HF_ISO14443A_READER                                           0x0385
 #define CMD_HF_ISO14443A_EMV_SIMULATE                                     0x0386
 #define CMD_HF_LEGIC_SIMULATE                                             0x0387
 #define CMD_HF_LEGIC_READER                                               0x0388
@ -180,7 +181,7 @@ typedef struct {
 #define CMD_HF_MIFARE_READER                                              0x0611
 #define CMD_HF_MIFARE_NESTED                                              0x0612
-#define    CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES                             0x0613
+#define CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES                                0x0613
 #define CMD_HF_MIFARE_READBL                                              0x0620