From 3833b8ee3b48f1c50fdbaaa47cd426ee41925534 Mon Sep 17 00:00:00 2001
From: Bjoern Kerler <info@revskills.de>
Date: Tue, 7 Apr 2020 21:30:12 +0200
Subject: [PATCH 1/2] Add Mifare Desfire GetDFNames and improve HF MFDES Enum
 output

---
 CHANGELOG.md        |  2 ++
 armsrc/desfire.h    |  1 +
 client/cmdhflist.c  |  3 +++
 client/cmdhfmfdes.c | 63 ++++++++++++++++++++++++++++++++++++++-------
 include/protocols.h |  1 +
 5 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bd11728cf..a878351b7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Add Mifare Desfire GetDFNames and improve HF MFDES Enum output (@bkerler)
+ - Fix Mifare Desfire select appid handling (@bkerler)
  - Improved `hf 14a info` - card detection handling (@bkerler)
  - Updated helptext layout in all luascripts (@iceman1001)
  - Change `hf mfdes info` - output and logging (@bkerler)
diff --git a/armsrc/desfire.h b/armsrc/desfire.h
index 5fa7e8d48..e753106e7 100644
--- a/armsrc/desfire.h
+++ b/armsrc/desfire.h
@@ -150,6 +150,7 @@ enum DESFIRE_CMD {
     GET_FREE_MEMORY                     = 0x6e,
     GET_FILE_IDS                        = 0x6f,
     GET_FILE_SETTINGS                   = 0xf5,
+    GET_DF_NAMES                        = 0x6d,
     CHANGE_FILE_SETTINGS                = 0x5f,
     CREATE_STD_DATA_FILE                = 0xcd,
     CREATE_BACKUP_DATA_FILE             = 0xcb,
diff --git a/client/cmdhflist.c b/client/cmdhflist.c
index 2a4d46a27..871cd68a3 100644
--- a/client/cmdhflist.c
+++ b/client/cmdhflist.c
@@ -768,6 +768,9 @@ void annotateMfDesfire(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) {
                     case MFDES_GET_FILE_IDS:
                         snprintf(exp, size, "GET FILE IDS");
                         break;
+                    case MFDES_GET_DF_NAMES:
+                        snprintf(exp, size, "GET DF NAMES");
+                        break;
                     case MFDES_GET_ISOFILE_IDS:
                         snprintf(exp, size, "GET ISOFILE IDS");
                         break;
diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c
index 52fa191cf..0c692bd33 100644
--- a/client/cmdhfmfdes.c
+++ b/client/cmdhfmfdes.c
@@ -345,6 +345,32 @@ static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) {
     return PM3_SUCCESS;
 }
 
+typedef struct {
+    uint8_t aid[3];
+    uint8_t fid[2];
+    uint8_t name[16];
+} dfname_t;
+
+static int get_desfire_dfnames(dfname_t *dest, uint8_t* dfname_count) {
+    if (dest == NULL) return PM3_ESOFT;
+    uint8_t c[] = {MFDES_GET_DF_NAMES, 0x00, 0x00, 0x00}; //0x6d
+    PacketResponseNG resp;
+    int ret = SendDesfireCmd(c, sizeof(c), INIT, sizeof(c), 0, &resp, 3000);
+    if (ret != PM3_SUCCESS) return ret;
+
+    uint8_t count=0;
+    memcpy(&dest[count], resp.data.asBytes+1, resp.length - 5);
+    if (resp.data.asBytes[resp.length - 3] == MFDES_ADDITIONAL_FRAME) {
+        c[0] = MFDES_ADDITIONAL_FRAME; //0xAF
+        ret = SendDesfireCmd(c, sizeof(c), NONE, sizeof(c), 0, &resp, 3000);
+        if (ret != PM3_SUCCESS) return ret;
+        count++;
+        memcpy(&dest[count], resp.data.asBytes+1, resp.length - 5);
+    }
+    *dfname_count=count-1;
+    return PM3_SUCCESS;
+}
+
 
 // none
 static int get_desfire_fileids(uint8_t *dest, uint8_t *file_ids_len) {
@@ -562,9 +588,7 @@ void getKeySettings(uint8_t *aid) {
     if (memcmp(aid, "\x00\x00\x00", 3) == 0) {
 
         // CARD MASTER KEY
-        PrintAndLogEx(NORMAL, "");
-        PrintAndLogEx(INFO, "--- " _CYAN_("CMK - PICC, Card Master Key settings"));
-
+        //PrintAndLogEx(INFO, "--- " _CYAN_("CMK - PICC, Card Master Key settings"));
         if (get_desfire_select_application(aid) != PM3_SUCCESS) {
             PrintAndLogEx(WARNING, _RED_("   Can't select AID"));
             DropField();
@@ -627,9 +651,7 @@ void getKeySettings(uint8_t *aid) {
     } else {
 
         // AID - APPLICATION MASTER KEYS
-        PrintAndLogEx(NORMAL, "");
-        PrintAndLogEx(SUCCESS, "--- " _CYAN_("AMK - Application Master Key settings"));
-
+        //PrintAndLogEx(SUCCESS, "--- " _CYAN_("AMK - Application Master Key settings"));
         if (get_desfire_select_application(aid) != PM3_SUCCESS) {
             PrintAndLogEx(WARNING, _RED_("   Can't select AID"));
             DropField();
@@ -682,11 +704,21 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
     uint8_t file_ids[33] = {0};
     uint8_t file_ids_len = 0;
 
+    dfname_t dfnames[255] = {0};
+    uint8_t dfname_count=0;
+
     if (get_desfire_appids(app_ids, &app_ids_len) != PM3_SUCCESS) {
         PrintAndLogEx(ERR, "Can't get list of applications on tag");
         return PM3_ESOFT;
     }
 
+    if (get_desfire_dfnames(dfnames,&dfname_count)!=PM3_SUCCESS)
+    {
+        PrintAndLogEx(WARNING, _RED_("Can't get DF Names"));
+        DropField();
+        return PM3_ESOFT;
+    }
+
     PrintAndLogEx(NORMAL, "");
     PrintAndLogEx(INFO, "-- Mifare DESFire Enumerate applications --------------------");
     PrintAndLogEx(INFO, "-------------------------------------------------------------");
@@ -698,7 +730,21 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
         aid[1] = app_ids[i + 1];
         aid[2] = app_ids[i + 2];
 
-        PrintAndLogEx(SUCCESS, " AID %d : " _GREEN_("%02X %02X %02X"), i, app_ids[i], app_ids[i + 1], app_ids[i + 2]);
+        PrintAndLogEx(NORMAL, "");
+
+        if (memcmp(aid, "\x00\x00\x00", 3) == 0) {
+            // CARD MASTER KEY
+            PrintAndLogEx(INFO, "--- " _CYAN_("CMK - PICC, Card Master Key settings"));
+        }
+        else {
+            PrintAndLogEx(SUCCESS, "--- " _CYAN_("AMK - Application Master Key settings"));
+        }
+
+        if (i<dfname_count) {
+             PrintAndLogEx(SUCCESS, "  AID : " _GREEN_("%02X %02X %02X"), aid[0], aid[1], aid[2]);
+        } else {
+             PrintAndLogEx(SUCCESS, "  AID : " _GREEN_("%02X %02X %02X") " - Name : " _YELLOW_("%s"), aid[0], aid[1], aid[2], dfnames[i/3].name);
+        }
 
         getKeySettings(aid);
 
@@ -709,13 +755,12 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
             return PM3_ESOFT;
         }
 
-
         // Get File IDs
         if (get_desfire_fileids(file_ids, &file_ids_len) == PM3_SUCCESS) {
             PrintAndLogEx(SUCCESS, " Tag report " _GREEN_("%d") "file%c", file_ids_len, (file_ids_len == 1) ? ' ' : 's');
             for (int j = 0; j < file_ids_len; ++j) {
                 PrintAndLogEx(SUCCESS, "   Fileid %d (0x%02x)", file_ids[j], file_ids[j]);
-                
+
                 uint8_t filesettings[20] = {0};
                 uint8_t fileset_len = 0;
                 int res = get_desfire_filesettings(j, filesettings, &fileset_len);
diff --git a/include/protocols.h b/include/protocols.h
index 89038a789..75be78ae9 100644
--- a/include/protocols.h
+++ b/include/protocols.h
@@ -387,6 +387,7 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 #define MFDES_AUTHENTICATION_FRAME      0xAF
 #define MFDES_ADDITIONAL_FRAME          0xAF
 #define MFDES_READSIG                   0x3C
+#define MFDES_GET_DF_NAMES              0x6D
 
 // LEGIC Commands
 #define LEGIC_MIM_22                    0x0D

From 7085e3a3f194b11bf64865cd23a866bfba7596e0 Mon Sep 17 00:00:00 2001
From: Bjoern Kerler <info@revskills.de>
Date: Tue, 7 Apr 2020 21:52:59 +0200
Subject: [PATCH 2/2] Fix display of DF and minor bug

---
 client/cmdhfmfdes.c | 41 ++++++++++++++++++++---------------------
 1 file changed, 20 insertions(+), 21 deletions(-)

diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c
index 0c692bd33..de8ad2895 100644
--- a/client/cmdhfmfdes.c
+++ b/client/cmdhfmfdes.c
@@ -351,23 +351,23 @@ typedef struct {
     uint8_t name[16];
 } dfname_t;
 
-static int get_desfire_dfnames(dfname_t *dest, uint8_t* dfname_count) {
+static int get_desfire_dfnames(dfname_t *dest, uint8_t *dfname_count) {
     if (dest == NULL) return PM3_ESOFT;
     uint8_t c[] = {MFDES_GET_DF_NAMES, 0x00, 0x00, 0x00}; //0x6d
     PacketResponseNG resp;
     int ret = SendDesfireCmd(c, sizeof(c), INIT, sizeof(c), 0, &resp, 3000);
     if (ret != PM3_SUCCESS) return ret;
 
-    uint8_t count=0;
-    memcpy(&dest[count], resp.data.asBytes+1, resp.length - 5);
+    uint8_t count = 1;
+    memcpy(&dest[count - 1], resp.data.asBytes + 1, resp.length - 5);
     if (resp.data.asBytes[resp.length - 3] == MFDES_ADDITIONAL_FRAME) {
         c[0] = MFDES_ADDITIONAL_FRAME; //0xAF
         ret = SendDesfireCmd(c, sizeof(c), NONE, sizeof(c), 0, &resp, 3000);
         if (ret != PM3_SUCCESS) return ret;
         count++;
-        memcpy(&dest[count], resp.data.asBytes+1, resp.length - 5);
+        memcpy(&dest[count - 1], resp.data.asBytes + 1, resp.length - 5);
     }
-    *dfname_count=count-1;
+    *dfname_count = count;
     return PM3_SUCCESS;
 }
 
@@ -388,7 +388,7 @@ static int get_desfire_fileids(uint8_t *dest, uint8_t *file_ids_len) {
     return PM3_ESOFT;
 }
 
-static int get_desfire_filesettings( uint8_t file_id, uint8_t *dest, uint8_t *destlen) {
+static int get_desfire_filesettings(uint8_t file_id, uint8_t *dest, uint8_t *destlen) {
     uint8_t c[] = {MFDES_GET_FILE_SETTINGS, 0x00, 0x00, 0x01, file_id, 0x00};  // 0xF5
     PacketResponseNG resp;
     int ret = SendDesfireCmd(c, sizeof(c), NONE, sizeof(c), 0, &resp, 1500);
@@ -575,7 +575,7 @@ char *getVersionStr(uint8_t major, uint8_t minor) {
     else if (major == 0x12 && minor == 0x00)
         sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire EV2") ")", major, minor);
 //    else if (major == 0x13 && minor == 0x00)
-//        sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire EV3") ")", major, minor);    
+//        sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire EV3") ")", major, minor);
     else if (major == 0x30 && minor == 0x00)
         sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire Light") ")", major, minor);
     else
@@ -705,15 +705,14 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
     uint8_t file_ids_len = 0;
 
     dfname_t dfnames[255] = {0};
-    uint8_t dfname_count=0;
+    uint8_t dfname_count = 0;
 
     if (get_desfire_appids(app_ids, &app_ids_len) != PM3_SUCCESS) {
         PrintAndLogEx(ERR, "Can't get list of applications on tag");
         return PM3_ESOFT;
     }
 
-    if (get_desfire_dfnames(dfnames,&dfname_count)!=PM3_SUCCESS)
-    {
+    if (get_desfire_dfnames(dfnames, &dfname_count) != PM3_SUCCESS) {
         PrintAndLogEx(WARNING, _RED_("Can't get DF Names"));
         DropField();
         return PM3_ESOFT;
@@ -735,15 +734,15 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
         if (memcmp(aid, "\x00\x00\x00", 3) == 0) {
             // CARD MASTER KEY
             PrintAndLogEx(INFO, "--- " _CYAN_("CMK - PICC, Card Master Key settings"));
-        }
-        else {
+        } else {
             PrintAndLogEx(SUCCESS, "--- " _CYAN_("AMK - Application Master Key settings"));
         }
 
-        if (i<dfname_count) {
-             PrintAndLogEx(SUCCESS, "  AID : " _GREEN_("%02X %02X %02X"), aid[0], aid[1], aid[2]);
-        } else {
-             PrintAndLogEx(SUCCESS, "  AID : " _GREEN_("%02X %02X %02X") " - Name : " _YELLOW_("%s"), aid[0], aid[1], aid[2], dfnames[i/3].name);
+        PrintAndLogEx(SUCCESS, "  AID : " _GREEN_("%02X %02X %02X"), aid[0], aid[1], aid[2]);
+        for (int m = 0; m < dfname_count; m++) {
+            if (dfnames[m].aid[0] == aid[0] && dfnames[m].aid[1] == aid[1] && dfnames[m].aid[2] == aid[2]) {
+                PrintAndLogEx(SUCCESS, "  -  DF " _YELLOW_("%02X %02X") " Name : " _YELLOW_("%s"), dfnames[m].fid[0], dfnames[m].fid[1], dfnames[m].name);
+            }
         }
 
         getKeySettings(aid);
@@ -765,13 +764,13 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
                 uint8_t fileset_len = 0;
                 int res = get_desfire_filesettings(j, filesettings, &fileset_len);
                 if (res == PM3_SUCCESS) {
-                    PrintAndLogEx(INFO, "  Settings [%u] %s", fileset_len, sprint_hex(filesettings, fileset_len) );
+                    PrintAndLogEx(INFO, "  Settings [%u] %s", fileset_len, sprint_hex(filesettings, fileset_len));
                 }
             }
         }
-        
-        
-        
+
+
+
 
         /*
                 // Get ISO File IDs
@@ -844,7 +843,7 @@ static int CmdHF14ADesAuth(const char *Cmd) {
     uint8_t cmdAuthMode = param_get8(Cmd, 0);
     uint8_t cmdAuthAlgo = param_get8(Cmd, 1);
     // AID
-    if (param_gethex(Cmd, 2, aid, aidlength*2)) {
+    if (param_gethex(Cmd, 2, aid, aidlength * 2)) {
         PrintAndLogEx(WARNING, "aid must include %d HEX symbols", 3);
         return PM3_EINVARG;
     }