diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 004d788a1..b9f18f7ab 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -466,13 +466,13 @@ static int CmdDesGetSessionParameters(CLIParserContext *ctx, DesfireContext *dct if (selectway) *selectway = ISW6bAID; } - + if (appisoid && id) { uint32_t xisoid = 0x0000; bool isoidpresent = false; if (CLIGetUint32Hex(ctx, appisoid, 0x0000, &xisoid, &isoidpresent, 2, "Application ISO ID (for EF) must have 2 bytes length")) return PM3_EINVARG; - + if (isoidpresent) { *id = xisoid & 0xffff; if (selectway) diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index f081bc8a1..0daafd483 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -926,7 +926,7 @@ int DesfireSelectAndAuthenticateEx(DesfireContext *dctx, DesfireSecureChannel se if (verbose) PrintAndLogEx(INFO, "Switch to " _CYAN_("native") " for select"); } - + int res; if (aid == 0x000000) { res = DesfireAnticollision(verbose); @@ -1390,7 +1390,7 @@ static int DesfireAuthenticateLRP(DesfireContext *dctx, DesfireSecureChannel sec // Crypt constants uint8_t RndA[CRYPTO_AES_BLOCK_SIZE] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16}; uint8_t RndB[CRYPTO_AES_BLOCK_SIZE] = {0}; - uint8_t both[CRYPTO_AES_BLOCK_SIZE * 2 + 1] = {0}; // ek/dk_keyNo(RndA+RndB') + uint8_t both[CRYPTO_AES_BLOCK_SIZE * 2 + 1] = {0}; uint8_t subcommand = firstauth ? MFDES_AUTHENTICATE_EV2F : MFDES_AUTHENTICATE_EV2NF; uint8_t *key = dctx->key; @@ -1420,7 +1420,7 @@ static int DesfireAuthenticateLRP(DesfireContext *dctx, DesfireSecureChannel sec if (recv_len != CRYPTO_AES_BLOCK_SIZE + 1) { return 4; } - + if (recv_data[0] != 0x01) return 51; @@ -1443,7 +1443,7 @@ static int DesfireAuthenticateLRP(DesfireContext *dctx, DesfireSecureChannel sec LRPContext ctx = {0}; LRPSetKey(&ctx, sessionkey, 0, true); LRPCMAC(&ctx, tmp, 32, cmac); - + // response = rnda + cmac(sessionkey, rnda+rndb) memcpy(both, RndA, CRYPTO_AES_BLOCK_SIZE); memcpy(both + CRYPTO_AES_BLOCK_SIZE, cmac, CRYPTO_AES_BLOCK_SIZE); @@ -1469,13 +1469,13 @@ static int DesfireAuthenticateLRP(DesfireContext *dctx, DesfireSecureChannel sec // clear IV here DesfireClearIV(dctx); - + // check mac memcpy(tmp, RndB, CRYPTO_AES_BLOCK_SIZE); memcpy(tmp + CRYPTO_AES_BLOCK_SIZE, RndA, CRYPTO_AES_BLOCK_SIZE); if (firstauth) memcpy(tmp + CRYPTO_AES_BLOCK_SIZE * 2, recv_data, CRYPTO_AES_BLOCK_SIZE); - + LRPSetKey(&ctx, sessionkey, 0, true); LRPCMAC(&ctx, tmp, (firstauth) ? CRYPTO_AES_BLOCK_SIZE * 3 : CRYPTO_AES_BLOCK_SIZE * 2, cmac); uint8_t *recCMAC = &recv_data[(firstauth) ? CRYPTO_AES_BLOCK_SIZE : 0]; @@ -1487,7 +1487,7 @@ static int DesfireAuthenticateLRP(DesfireContext *dctx, DesfireSecureChannel sec return 12; } - // decode data + // decode data if (firstauth) { LRPSetKeyEx(&ctx, sessionkey, dctx->IV, 4 * 2, 1, false); size_t declen = 0; diff --git a/client/src/mifare/desfirecrypto.c b/client/src/mifare/desfirecrypto.c index 296d88da1..47e14eedd 100644 --- a/client/src/mifare/desfirecrypto.c +++ b/client/src/mifare/desfirecrypto.c @@ -36,7 +36,7 @@ void DesfireClearContext(DesfireContext *ctx) { ctx->keyNum = 0; ctx->keyType = T_DES; memset(ctx->key, 0, sizeof(ctx->key)); - + LRPClearContext(&ctx->lrpCtx); ctx->secureChannel = DACNone; diff --git a/client/src/mifare/desfirecrypto.h b/client/src/mifare/desfirecrypto.h index 817989f75..4a2810bff 100644 --- a/client/src/mifare/desfirecrypto.h +++ b/client/src/mifare/desfirecrypto.h @@ -77,7 +77,7 @@ typedef struct DesfireContextS { DesfireCryptoAlgorythm keyType; // des/2tdea/3tdea/aes uint8_t key[DESFIRE_MAX_KEY_SIZE]; uint8_t masterKey[DESFIRE_MAX_KEY_SIZE]; // source for kdf - + LRPContext lrpCtx; // KDF finction diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c index 5a232b921..8befbdb2f 100644 --- a/client/src/mifare/desfiresecurechan.c +++ b/client/src/mifare/desfiresecurechan.c @@ -137,7 +137,7 @@ static const AllowedChannelModesS AllowedChannelModes[] = { {ISO7816_READ_BINARY, DACEV1, DCCISO, DCMMACed}, {ISO7816_READ_RECORDS, DACEV1, DCCISO, DCMMACed}, - + // LRP channel separately {MFDES_AUTHENTICATE_EV2F, DACLRP, DCCNative, DCMPlain}, {MFDES_AUTHENTICATE_EV2NF, DACLRP, DCCNative, DCMPlain}, diff --git a/client/src/mifare/desfiretest.c b/client/src/mifare/desfiretest.c index 05df8da68..a4ff117b0 100644 --- a/client/src/mifare/desfiretest.c +++ b/client/src/mifare/desfiretest.c @@ -866,7 +866,7 @@ static bool TestLRPSessionKeys(void) { uint8_t rnda[] = {0x74, 0xD7, 0xDF, 0x6A, 0x2C, 0xEC, 0x0B, 0x72, 0xB4, 0x12, 0xDE, 0x0D, 0x2B, 0x11, 0x17, 0xE6}; uint8_t rndb[] = {0x56, 0x10, 0x9A, 0x31, 0x97, 0x7C, 0x85, 0x53, 0x19, 0xCD, 0x46, 0x18, 0xC9, 0xD2, 0xAE, 0xD2}; uint8_t sessionkeyres[] = {0x13, 0x2D, 0x7E, 0x6F, 0x35, 0xBA, 0x86, 0x1F, 0x39, 0xB3, 0x72, 0x21, 0x21, 0x4E, 0x25, 0xA5}; - + uint8_t sessionkey[16] = {0}; DesfireGenSessionKeyLRP(key, rnda, rndb, true, sessionkey); res = res && (memcmp(sessionkey, sessionkeyres, sizeof(sessionkeyres)) == 0); diff --git a/doc/commands.json b/doc/commands.json index 27558f75f..b328ed7a6 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -973,7 +973,7 @@ }, "help": { "command": "help", - "description": "help use ` help` for details of a command prefs { edit client/device preferences... } -------- ----------------------- technology ----------------------- analyse { analyse utils... } data { plot window / data buffer manipulation... } emv { emv iso-14443 / iso-7816... } hf { high frequency commands... } hw { hardware commands... } lf { low frequency commands... } nfc { nfc commands... } reveng { crc calculations from reveng software... } smart { smart card iso-7816 commands... } script { scripting commands... } trace { trace manipulation... } wiegand { wiegand format manipulation... } -------- ----------------------- general ----------------------- clear clear screen hints turn hints on / off msleep add a pause in milliseconds rem add a text line in log file quit exit exit program [=] session log e:\\proxspace\\pm3/.proxmark3/logs/log_20210816.txt --------------------------------------------------------------------------------------- auto available offline: no run lf search / hf search / data plot / data save", + "description": "help use ` help` for details of a command prefs { edit client/device preferences... } -------- ----------------------- technology ----------------------- analyse { analyse utils... } data { plot window / data buffer manipulation... } emv { emv iso-14443 / iso-7816... } hf { high frequency commands... } hw { hardware commands... } lf { low frequency commands... } nfc { nfc commands... } reveng { crc calculations from reveng software... } smart { smart card iso-7816 commands... } script { scripting commands... } trace { trace manipulation... } wiegand { wiegand format manipulation... } -------- ----------------------- general ----------------------- clear clear screen hints turn hints on / off msleep add a pause in milliseconds rem add a text line in log file quit exit exit program [=] session log e:\\proxspace\\pm3/.proxmark3/logs/log_20210819.txt --------------------------------------------------------------------------------------- auto available offline: no run lf search / hf search / data plot / data save", "notes": [ "auto" ], @@ -3963,11 +3963,12 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id of application for some parameters (3 hex bytes, big endian)", + "--appisoid application iso id (iso df id) (2 hex bytes, big endian). works only for iso read commands.", "--save saves channels parameters to defaults if authentication succeeds" ], - "usage": "hf mfdes auth [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--save]" + "usage": "hf mfdes auth [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--save]" }, "hf mfdes bruteaid": { "command": "hf mfdes bruteaid", @@ -4010,7 +4011,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id of application (3 hex bytes, big endian)", "--oldalgo old key crypto algorithm: des, 2tdea, 3tdea, aes", "--oldkey old key (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", @@ -4019,7 +4020,7 @@ "--newkey new key (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", "--newver new key's version (1 hex byte)" ], - "usage": "hf mfdes changekey [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--oldalgo ] [--oldkey ] [--newkeyno ] [--newalgo ] [--newkey ] [--newver ]" + "usage": "hf mfdes changekey [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--oldalgo ] [--oldkey ] [--newkeyno ] [--newalgo ] [--newkey ] [--newver ]" }, "hf mfdes chfilesettings": { "command": "hf mfdes chfilesettings", @@ -4041,7 +4042,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--rawdata file settings (hex > 5 bytes). have priority over the other settings.", @@ -4053,7 +4054,7 @@ "--chrights change file settings access mode: the specified key, free, deny", "--no-auth execute without authentication" ], - "usage": "hf mfdes chfilesettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth]" + "usage": "hf mfdes chfilesettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth]" }, "hf mfdes chk": { "command": "hf mfdes chk", @@ -4101,11 +4102,11 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "-d, --data key settings (hex 1 byte)" ], - "usage": "hf mfdes chkeysettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [-d ]" + "usage": "hf mfdes chkeysettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [-d ]" }, "hf mfdes clearrecfile": { "command": "hf mfdes clearrecfile", @@ -4125,12 +4126,12 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id for clearing (1 hex byte)", "--no-auth execute without authentication" ], - "usage": "hf mfdes clearrecfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth]" + "usage": "hf mfdes clearrecfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth]" }, "hf mfdes createapp": { "command": "hf mfdes createapp", @@ -4181,7 +4182,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--rawdata rawdata that sends to command", "--aid application id for create. mandatory. (3 hex bytes, big endian)", "--fid iso file id. forbidden values: 0000 3f00, 3fff, ffff. (2 hex bytes, big endian). if specified - enable iso file id over all the files in the app.", @@ -4191,7 +4192,7 @@ "--dstalgo application key crypt algo: des, 2tdea, 3tdea, aes. default des", "--numkeys keys count. 0x00..0x0e. default 0x0e" ], - "usage": "hf mfdes createapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--rawdata ] [--aid ] [--fid ] [--dfname ] [--ks1 ] [--ks2 ] [--dstalgo ] [--numkeys ]" + "usage": "hf mfdes createapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--rawdata ] [--aid ] [--fid ] [--dfname ] [--ks1 ] [--ks2 ] [--dstalgo ] [--numkeys ]" }, "hf mfdes createfile": { "command": "hf mfdes createfile", @@ -4217,7 +4218,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--isofid iso file id (2 hex bytes)", @@ -4233,7 +4234,7 @@ "--size file size (3 hex bytes, big endian)", "--backup create backupfile instead of standard file" ], - "usage": "hf mfdes createfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--isofid ] [--rawtype ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--backup]" + "usage": "hf mfdes createfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--isofid ] [--rawtype ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--backup]" }, "hf mfdes createmacfile": { "command": "hf mfdes createmacfile", @@ -4259,7 +4260,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--amode file access mode: plain/mac/encrypt", @@ -4272,7 +4273,7 @@ "--mackey aes-128 key for mac (16 hex bytes, big endian). default 0x00..00", "--mackeyver aes key version for mac (1 hex byte). default 0x00" ], - "usage": "hf mfdes createmacfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--mackey ] [--mackeyver ]" + "usage": "hf mfdes createmacfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--mackey ] [--mackeyver ]" }, "hf mfdes createrecordfile": { "command": "hf mfdes createrecordfile", @@ -4296,7 +4297,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--isofid iso file id (2 hex bytes)", @@ -4311,7 +4312,7 @@ "--maxrecord max. number of records (3 hex bytes, big endian)", "--cyclic create cyclic record file instead of linear record file" ], - "usage": "hf mfdes createrecordfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--isofid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--maxrecord ] [--cyclic]" + "usage": "hf mfdes createrecordfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--isofid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--maxrecord ] [--cyclic]" }, "hf mfdes createvaluefile": { "command": "hf mfdes createvaluefile", @@ -4335,7 +4336,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--amode file access mode: plain/mac/encrypt", @@ -4350,7 +4351,7 @@ "--value value (4 hex bytes, big endian)", "--lcredit limited credit enabled (bit 0 = limited credit, 1 = freevalue)" ], - "usage": "hf mfdes createvaluefile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--lower ] [--upper ] [--value ] [--lcredit ]" + "usage": "hf mfdes createvaluefile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--lower ] [--upper ] [--value ] [--lcredit ]" }, "hf mfdes default": { "command": "hf mfdes default", @@ -4368,9 +4369,9 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2" + "-s, --schann secure channel: d40/ev1/ev2/lrp" ], - "usage": "hf mfdes default [-h] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ]" + "usage": "hf mfdes default [-h] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ]" }, "hf mfdes deleteapp": { "command": "hf mfdes deleteapp", @@ -4390,10 +4391,10 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id of delegated application (3 hex bytes, big endian)" ], - "usage": "hf mfdes deleteapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" + "usage": "hf mfdes deleteapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" }, "hf mfdes deletefile": { "command": "hf mfdes deletefile", @@ -4413,12 +4414,12 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--no-auth execute without authentication" ], - "usage": "hf mfdes deletefile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth]" + "usage": "hf mfdes deletefile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth]" }, "hf mfdes detect": { "command": "hf mfdes detect", @@ -4441,12 +4442,12 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--dict file with keys dictionary", "--save save found key and parameters to defaults" ], - "usage": "hf mfdes detect [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--dict ] [--save]" + "usage": "hf mfdes detect [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--dict ] [--save]" }, "hf mfdes dump": { "command": "hf mfdes dump", @@ -4466,11 +4467,11 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--no-auth execute without authentication" ], - "usage": "hf mfdes dump [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" + "usage": "hf mfdes dump [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" }, "hf mfdes formatpicc": { "command": "hf mfdes formatpicc", @@ -4490,10 +4491,10 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id of delegated application (3 hex bytes, big endian)" ], - "usage": "hf mfdes formatpicc [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" + "usage": "hf mfdes formatpicc [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" }, "hf mfdes freemem": { "command": "hf mfdes freemem", @@ -4513,10 +4514,10 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfreemem [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" + "usage": "hf mfdes getfreemem [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" }, "hf mfdes getaids": { "command": "hf mfdes getaids", @@ -4536,10 +4537,10 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--no-auth execute without authentication" ], - "usage": "hf mfdes getaids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" + "usage": "hf mfdes getaids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" }, "hf mfdes getappnames": { "command": "hf mfdes getappnames", @@ -4559,10 +4560,10 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--no-auth execute without authentication" ], - "usage": "hf mfdes getappnames [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" + "usage": "hf mfdes getappnames [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" }, "hf mfdes getfileids": { "command": "hf mfdes getfileids", @@ -4583,11 +4584,11 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfileids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" + "usage": "hf mfdes getfileids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" }, "hf mfdes getfileisoids": { "command": "hf mfdes getfileisoids", @@ -4608,11 +4609,11 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfileisoids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" + "usage": "hf mfdes getfileisoids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" }, "hf mfdes getfilesettings": { "command": "hf mfdes getfilesettings", @@ -4633,12 +4634,12 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte). default: 1", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfilesettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth]" + "usage": "hf mfdes getfilesettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth]" }, "hf mfdes getkeysettings": { "command": "hf mfdes getkeysettings", @@ -4659,10 +4660,10 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)" ], - "usage": "hf mfdes getkeysettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" + "usage": "hf mfdes getkeysettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" }, "hf mfdes getkeyversions": { "command": "hf mfdes getkeyversions", @@ -4684,12 +4685,12 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--keynum key number/count (hex 1 byte). default 0x00.", "--keyset keyset number (hex 1 byte)" ], - "usage": "hf mfdes getkeyversions [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--keynum ] [--keyset ]" + "usage": "hf mfdes getkeyversions [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--keynum ] [--keyset ]" }, "hf mfdes getuid": { "command": "hf mfdes getuid", @@ -4709,9 +4710,9 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2" + "-s, --schann secure channel: d40/ev1/ev2/lrp" ], - "usage": "hf mfdes getuid [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ]" + "usage": "hf mfdes getuid [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ]" }, "hf mfdes help": { "command": "hf mfdes help", @@ -4765,12 +4766,12 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--no-auth execute without authentication", "--no-deep not to check authentication commands that avail for any application", "--files scan files and print file settings for each application" ], - "usage": "hf mfdes lsapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth] [--no-deep] [--files]" + "usage": "hf mfdes lsapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth] [--no-deep] [--files]" }, "hf mfdes lsfiles": { "command": "hf mfdes lsfiles", @@ -4790,11 +4791,11 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--no-auth execute without authentication" ], - "usage": "hf mfdes lsfiles [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" + "usage": "hf mfdes lsfiles [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--no-auth]" }, "hf mfdes mad": { "command": "hf mfdes mad", @@ -4819,11 +4820,11 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id of issuer info file, (non-standard feature!) (3 hex bytes, big endian)", "--auth authenticate to get info from getapplicationids command (non-standard feature!)" ], - "usage": "hf mfdes mad [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--auth]" + "usage": "hf mfdes mad [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--auth]" }, "hf mfdes read": { "command": "hf mfdes read", @@ -4853,7 +4854,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--no-auth execute without authentication", @@ -4863,7 +4864,7 @@ "--appisoid application iso id (iso df id) (2 hex bytes, big endian). works only for iso read commands.", "--fileisoid file iso id (iso df id) (2 hex bytes, big endian). works only for iso read commands." ], - "usage": "hf mfdes read [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-l ] [--appisoid ] [--fileisoid ]" + "usage": "hf mfdes read [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-l ] [--appisoid ] [--fileisoid ]" }, "hf mfdes selectapp": { "command": "hf mfdes selectapp", @@ -4873,7 +4874,8 @@ "hf mfdes selectapp --mf -> select master file (picc level)", "hf mfdes selectapp --dfname aid123456 -> select application aid123456 by df name", "hf mfdes selectapp --isoid 1111 -> select application 1111 by iso id", - "hf mfdes selectapp --isoid 1111 --fileisoid 2222 -> select application 1111 file 2222 by iso id" + "hf mfdes selectapp --isoid 1111 --fileisoid 2222 -> select application 1111 file 2222 by iso id", + "hf mfdes selectapp --isoid 01df --fileisoid 00ef -> select file 00 on the desfire light" ], "offline": false, "options": [ @@ -4887,14 +4889,14 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id of application for some parameters (3 hex bytes, big endian)", "--dfname application df name (string, max 16 chars). selects application via iso select command", "--mf select mf (master file) via iso channel", "--isoid application iso id (iso df id) (2 hex bytes, big endian)", "--fileisoid select file inside application by iso id (iso df id) (2 hex bytes, big endian)." ], - "usage": "hf mfdes selectapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--dfname ] [--mf] [--isoid ] [--fileisoid ]" + "usage": "hf mfdes selectapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--dfname ] [--mf] [--isoid ] [--fileisoid ]" }, "hf mfdes setconfig": { "command": "hf mfdes setconfig", @@ -4905,15 +4907,17 @@ "02h ats update.", "03h sak update", "04h secure messaging configuration.", - "05h capability data. (here change for lrp in the desfire light)", - "06h df name renaming", - "08h file renaming", - "09h value file configuration", - "0ah failed authentication counter setting", + "05h capability data. (here change for lrp in the desfire light [enable 00000000010000000000])", + "06h df name renaming (one-time)", + "08h file renaming (one-time)", + "09h value file configuration (one-time)", + "0ah failed authentication counter setting [disable 00ffffffff]", "0bh hw configuration", "", "hf mfdes setconfig --param 03 --data 0428 -> set sak", - "hf mfdes setconfig --param 02 --data 0875778102637264 -> set ats (first byte - length)" + "hf mfdes setconfig --param 02 --data 0875778102637264 -> set ats (first byte - length)", + "hf mfdes setconfig --appisoid 01df -t aes -s ev2 --param 05 --data 00000000020000000000 -> set lrp mode enable for desfire light", + "hf mfdes setconfig --appisoid 01df -t aes -s ev2 --param 0a --data 00ffffffff -> disable failed auth counters for desfire light" ], "offline": false, "options": [ @@ -4927,16 +4931,17 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id of application for some parameters (3 hex bytes, big endian)", + "--appisoid application iso id (iso df id) (2 hex bytes, big endian). works only for iso read commands.", "-p, --param parameter id (hex 1 byte)", "-d, --data data for parameter (hex 1..30 bytes)" ], - "usage": "hf mfdes setconfig [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [-p ] [-d ]" + "usage": "hf mfdes setconfig [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [-p ] [-d ]" }, "hf mfdes test": { "command": "hf mfdes test", - "description": "[=] ------ desfire tests ------ [!] no space for crc. pos: 1 [=] crc16............. passed [!] no space for crc. pos: 2 [=] crc32............. passed [=] cmac subkeys...... passed [=] an10922 aes....... passed [=] an10922 2tdea..... passed [=] an10922 3tdea..... passed [=] cmac 3tdea........ passed [=] cmac 2tdea........ passed [=] cmac des.......... passed [=] ev2 session keys.. passed [=] ev2 iv calc....... passed [=] ev2 mac calc...... passed [=] trans session key. passed [=] lrp plaintexts.... passed [=] lrp updated keys.. passed [=] lrp eval.......... passed [=] lrp inc counter... passed [=] lrp encode........ passed [=] lrp decode........ passed [=] lrp subkeys....... passed [=] lrp cmac.......... passed [=] --------------------------- [+] tests [ ok ] ======================================================================================= hf seos { seos rfids... } --------------------------------------------------------------------------------------- hf seos help available offline: yes help this help list list seos history --------------------------------------------------------------------------------------- hf seos info available offline: no get info from seos tags", + "description": "[=] ------ desfire tests ------ [!] no space for crc. pos: 1 [=] crc16............. passed [!] no space for crc. pos: 2 [=] crc32............. passed [=] cmac subkeys...... passed [=] an10922 aes....... passed [=] an10922 2tdea..... passed [=] an10922 3tdea..... passed [=] cmac 3tdea........ passed [=] cmac 2tdea........ passed [=] cmac des.......... passed [=] ev2 session keys.. passed [=] ev2 iv calc....... passed [=] ev2 mac calc...... passed [=] trans session key. passed [=] lrp plaintexts.... passed [=] lrp updated keys.. passed [=] lrp eval.......... passed [=] lrp inc counter... passed [=] lrp encode........ passed [=] lrp decode........ passed [=] lrp subkeys....... passed [=] lrp cmac.......... passed [=] lrp session keys.. passed [=] --------------------------- [+] tests [ ok ] ======================================================================================= hf seos { seos rfids... } --------------------------------------------------------------------------------------- hf seos help available offline: yes help this help list list seos history --------------------------------------------------------------------------------------- hf seos info available offline: no get info from seos tags", "notes": [ "hf seos info" ], @@ -4966,14 +4971,14 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "-o, --op operation: get(default)/credit/limcredit(limited credit)/debit/clear. operation clear: get-getopt-debit to min value", "-d, --data value for operation (hex 4 bytes)", "--no-auth execute without authentication" ], - "usage": "hf mfdes value [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [-o ] [-d ] [--no-auth]" + "usage": "hf mfdes value [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [-o ] [-d ] [--no-auth]" }, "hf mfdes write": { "command": "hf mfdes write", @@ -5006,7 +5011,7 @@ "-i, --kdfi kdf input (hex 1-31 bytes)", "-m, --cmode communicaton mode: plain/mac/encrypt", "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2", + "-s, --schann secure channel: d40/ev1/ev2/lrp", "--aid application id (3 hex bytes, big endian)", "--fid file id (1 hex byte)", "--no-auth execute without authentication", @@ -5021,7 +5026,7 @@ "--readerid reader id for commitreaderid command. if present - the command issued before write command.", "--trkey key for decode previous reader id." ], - "usage": "hf mfdes write [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-d ] [--debit] [--commit] [--updaterec ] [--appisoid ] [--fileisoid ] [--readerid ] [--trkey ]" + "usage": "hf mfdes write [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-d ] [--debit] [--commit] [--updaterec ] [--appisoid ] [--fileisoid ] [--readerid ] [--trkey ]" }, "hf mfp auth": { "command": "hf mfp auth", @@ -9959,6 +9964,6 @@ "metadata": { "commands_extracted": 589, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2021-08-16T14:02:15" + "extracted_on": "2021-08-19T10:23:32" } } \ No newline at end of file