From 694215bc5375bd4d44a3c0d62d2aa7656b26e934 Mon Sep 17 00:00:00 2001 From: BlueChip Date: Thu, 21 Nov 2024 00:40:09 +0000 Subject: [PATCH 001/150] add KDF functionality to rf08s 'full' card recovery script --- client/pyscripts/fm11rf08_full.py | 75 +++++++++++++++++++++++--- client/pyscripts/fm11rf08s_recovery.py | 16 ++++-- 2 files changed, 81 insertions(+), 10 deletions(-) diff --git a/client/pyscripts/fm11rf08_full.py b/client/pyscripts/fm11rf08_full.py index e684f904d..f5261dd0f 100644 --- a/client/pyscripts/fm11rf08_full.py +++ b/client/pyscripts/fm11rf08_full.py @@ -142,7 +142,10 @@ globals: lprint(f" Keys not loaded, use {s} to run recovery script [slow]", prompt="[" + color("!", fg="red") + "]") else: # FIXME: recovery() is only for RF08S. TODO for the other ones with a "darknested" attack - keyfile = recoverKeys() + keyfile = recoverKeys(uid=uid, kdf=[["Bambu v1", kdfBambu1]]) + if keyfile == False: + lprint("Script failed - aborting") + return key = loadKeys(keyfile) if key is not None: @@ -396,22 +399,34 @@ If keys cannot be loaded AND --recover is specified, then run key recovery return key -def recoverKeys(): +def recoverKeys(uid, kdf=[[]]): """Run key recovery script""" badrk = 0 # 'bad recovered key' count (ie. not recovered) + keys = False + lprint(f"\nTrying KDFs:"); + for fn in kdf: + lprint(f" {fn[0]:s}", end='') + keys = fn[1](uid) + if keys != False: + lprint(" .. Success", prompt='') + break + lprint(" .. Fail", prompt='') + lprint("\nRunning recovery script, ETA: Less than 30 minutes") lprint('\n`-._,-\'"`-._,-"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,') + r = recovery(quiet=False, keyset=keys) + lprint('`-._,-\'"`-._,-"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,') + + if r == False: + return False - r = recovery(quiet=False) keyfile = r['keyfile'] rkey = r['found_keys'] # fdump = r['dumpfile'] # rdata = r['data'] - lprint('`-._,-\'"`-._,-"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,') - for k in range(0, 16+1): for ab in [0, 1]: if rkey[k][ab] == "": @@ -427,9 +442,57 @@ def recoverKeys(): lprint(f"[{kn}/", end='', prompt='') lprint("A]" if ab == 0 else "B]", end='', prompt='') if badrk > 0: - lprint() + lprint("", prompt='') return keyfile +def kdfBambu1(uid): + from Cryptodome.Protocol.KDF import HKDF + from Cryptodome.Hash import SHA256 + + # Generate all keys + try: + # extracted from Bambu firmware + salt = bytes([0x9a,0x75,0x9c,0xf2,0xc4,0xf7,0xca,0xff,0x22,0x2c,0xb9,0x76,0x9b,0x41,0xbc,0x96]) + keyA = HKDF(uid, 6, salt, SHA256, 16, context=b"RFID-A\0") + keyB = HKDF(uid, 6, salt, SHA256, 16, context=b"RFID-B\0") + except Exception as e: + print(f"{e}") + return False + + # --- Grab block 13 (in sector 3) --- + cmd = f"hf mf rdbl -c 0 --key {keyA[3].hex()} --blk 12" + #lprint(f" `{cmd}`", flush=True, log=False, end='') + for retry in range(5): + p.console(cmd) + + found = False + for line in p.grabbed_output.split('\n'): + if " | " in line and "# | s" not in line: + lsub = line[4:76] + found = True + if found: + break + if not found: + return False + + # --- Try to decode it as a bambu date string --- + try: + dl = bytes.fromhex(lsub[6:53]).decode('ascii').rstrip('\x00') + except Exception: + return False + + # dl 2024_03_22_16_29 + # yy y y m m d d h h m m + exp = r"20[2-3][0-9]_[0-1][0-9]_[0-3][0-9]_[0-2][0-9]_[0-5][0-9]" + if not re.search(exp, dl): + return False + + # --- valid date string, we are confident this is a bambu card --- + keys = [] + for i in range(0, 15+1): + keys.append([keyA[i].hex(), keyB[i].hex()]) + + return keys def verifyKeys(key): """Verify keys diff --git a/client/pyscripts/fm11rf08s_recovery.py b/client/pyscripts/fm11rf08s_recovery.py index 9f7270340..9c7d7d841 100755 --- a/client/pyscripts/fm11rf08s_recovery.py +++ b/client/pyscripts/fm11rf08s_recovery.py @@ -76,7 +76,7 @@ for tool, bin in tools.items(): exit() -def recovery(init_check=False, final_check=False, keep=False, debug=False, supply_chain=False, quiet=True): +def recovery(init_check=False, final_check=False, keep=False, debug=False, supply_chain=False, quiet=True, keyset=False): def show(s='', prompt="[" + color("=", fg="yellow") + "] ", **kwargs): if not quiet: s = f"{prompt}" + f"\n{prompt}".join(s.split('\n')) @@ -94,7 +94,7 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl if uid is None: show("Card not found") - return + return False show("UID: " + color(f"{uid:08X}", fg="green")) def show_key(sec, key_type, key): @@ -106,6 +106,14 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl save_path = prefs['file.default.dumppath'] + os.path.sep found_keys = [["", ""] for _ in range(NUM_SECTORS + NUM_EXTRA_SECTORS)] + + if keyset != False: + n = min(len(found_keys),len(keyset)) + show(f"{n} Key pairs supplied: ") + for i in range(0, n): + found_keys[i] = keyset[i] + show(f" Sector {i:2d} : A = {found_keys[i][0]:12s} B = {found_keys[i][1]:12s}") + if init_check: show("Checking default keys...") p.console("hf mf fchk") @@ -135,7 +143,7 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl if (nonces_with_data == ""): show("Error getting nonces, abort.") - return + return False try: with open(nonces_with_data, 'r') as file: @@ -143,7 +151,7 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl dict_nwd = json.load(file) except json.decoder.JSONDecodeError: show(f"Error parsing {nonces_with_data}, abort.") - return + return False nt = [["", ""] for _ in range(NUM_SECTORS + NUM_EXTRA_SECTORS)] nt_enc = [["", ""] for _ in range(NUM_SECTORS + NUM_EXTRA_SECTORS)] From 7c95488035352d8e4616a5aa377adbde922ac0b4 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 21 Nov 2024 23:05:59 +0100 Subject: [PATCH 002/150] Avoid stupid cppcheck warning --- tools/mfc/card_only/staticnested_1nt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/mfc/card_only/staticnested_1nt.c b/tools/mfc/card_only/staticnested_1nt.c index 80a8dd5a6..e8876287f 100644 --- a/tools/mfc/card_only/staticnested_1nt.c +++ b/tools/mfc/card_only/staticnested_1nt.c @@ -148,10 +148,10 @@ int main(int argc, char *const argv[]) { , nt_par_err_arr[1] , nt_par_err_arr[2] , nt_par_err_arr[3] - , (nt_par_enc >> 3) & 1 - , (nt_par_enc >> 2) & 1 - , (nt_par_enc >> 1) & 1 - , nt_par_enc & 1 + , (uint8_t)((nt_par_enc >> 3) & 1) + , (uint8_t)((nt_par_enc >> 2) & 1) + , (uint8_t)((nt_par_enc >> 1) & 1) + , (uint8_t)(nt_par_enc & 1) , nt ^ nt_enc ); From 1df35ff67c56f7843d20a9503503057e1d9115e6 Mon Sep 17 00:00:00 2001 From: Dimitri Date: Fri, 22 Nov 2024 08:41:27 +0100 Subject: [PATCH 003/150] insert hf_legic.lua script changes --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50eb6424b..363e1eb84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Fixed hf_legic.lua script: delete bit32 commands from the script (@diorch1968) - Fixed symlink name in `mem spiffs tree` (@ANTodorov) - Fixed reported file/link names when `mem spiffs wipe` (ANTodorov) - Updated atrs list (@iceman1001) From a3813e970d1197b5b9f075c504ef4cca7f319079 Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Fri, 22 Nov 2024 17:45:12 +0800 Subject: [PATCH 004/150] Updated legrec functionality to support simulations Added a functionality to simulate/estimate the key recovery process assuming the card was standard keyed. --- CHANGELOG.md | 1 + client/src/cmdhficlass.c | 108 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50eb6424b..31bd7df41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added simulation function to `hf iclass legrec` (@antiklesys) - Fixed symlink name in `mem spiffs tree` (@ANTodorov) - Fixed reported file/link names when `mem spiffs wipe` (ANTodorov) - Updated atrs list (@iceman1001) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index bb95d9a4b..9ad0e76e2 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -4162,6 +4162,107 @@ static int CmdHFiClassLegRecLookUp(const char *Cmd) { return PM3_SUCCESS; } +static void generate_single_key_block_inverted_opt(const uint8_t *startingKey, uint32_t index, uint8_t *keyBlock) { + + uint8_t bits_index = index / 16383; + uint8_t ending_bits[] = { //all possible 70 combinations of 4x0 and 4x1 as key ending bits + 0x0F, 0x17, 0x1B, 0x1D, 0x1E, 0x27, 0x2B, 0x2D, 0x2E, 0x33, + 0x35, 0x36, 0x39, 0x3A, 0x3C, 0x47, 0x4B, 0x4D, 0x4E, 0x53, + 0x55, 0x56, 0x59, 0x5A, 0x5C, 0x63, 0x65, 0x66, 0x69, 0x6A, + 0x6C, 0x71, 0x72, 0x74, 0x78, 0x87, 0x8B, 0x8D, 0x8E, 0x93, + 0x95, 0x96, 0x99, 0x9A, 0x9C, 0xA3, 0xA5, 0xA6, 0xA9, 0xAA, + 0xAC, 0xB1, 0xB2, 0xB4, 0xB8, 0xC3, 0xC5, 0xC6, 0xC9, 0xCA, + 0xCC, 0xD1, 0xD2, 0xD4, 0xD8, 0xE1, 0xE2, 0xE4, 0xE8, 0xF0 + }; + + uint8_t binary_endings[8]; // Array to store binary values for each ending bit + // Extract each bit from the ending_bits[k] and store it in binary_endings + uint8_t ending = ending_bits[bits_index]; + for (int i = 7; i >= 0; i--) { + binary_endings[i] = ending & 1; + ending >>= 1; + } + + uint8_t binary_mids[8]; // Array to store the 2-bit chunks of index + // Iterate over the 16-bit integer and store 2 bits at a time in the result array + for (int i = 0; i < 8; i++) { + // Shift and mask to get 2 bits and store them as an 8-bit value + binary_mids[7 - i] = (index >> (i * 2)) & 0x03; // 0x03 is a mask for 2 bits (binary 11) + } + + memcpy(keyBlock, startingKey, PICOPASS_BLOCK_SIZE); + + // Start from the second byte, index 1 as we're never gonna touch the first byte + for (int i = 1; i < PICOPASS_BLOCK_SIZE; i++) { + // Clear the last bit of the current byte (AND with 0xFE) + keyBlock[i] &= 0xF8; + // Set the last bit to the corresponding value from binary_endings (OR with binary_endings[i]) + keyBlock[i] |= ((binary_mids[i] & 0x03) << 1) | (binary_endings[i] & 0x01); + } + +} + +static int CmdHFiClassLegacyRecSim(void) { + + PrintAndLogEx(INFO, _YELLOW_("This simulation assumes the card is standard keyed.")); + + uint8_t key[PICOPASS_BLOCK_SIZE] = {0}; + uint8_t original_key[PICOPASS_BLOCK_SIZE]; + + uint8_t csn[8] = {0}; + uint8_t new_div_key[8] = {0}; + uint8_t CCNR[12] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + + if (select_only(csn, CCNR, true, false) == false) { + DropField(); + return PM3_ESOFT; + } + HFiClassCalcDivKey(csn, iClass_Key_Table[0], new_div_key, false); + memcpy(key,new_div_key,PICOPASS_BLOCK_SIZE); + memcpy(original_key, key, PICOPASS_BLOCK_SIZE); + + uint8_t zero_key[PICOPASS_BLOCK_SIZE] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + uint8_t zero_key_two[PICOPASS_BLOCK_SIZE] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + int bits_found = -1; + uint32_t index = 0; + #define MAX_UPDATES 16777216 + while (bits_found == -1 && index < MAX_UPDATES) { + uint8_t genkeyblock[PICOPASS_BLOCK_SIZE]; + uint8_t xorkeyblock[PICOPASS_BLOCK_SIZE] = {0}; + + generate_single_key_block_inverted_opt(zero_key, index, genkeyblock); + memcpy(xorkeyblock, genkeyblock, PICOPASS_BLOCK_SIZE); + + for (int i = 0; i < 8 ; i++) { + key[i] = xorkeyblock[i] ^ original_key[i]; + memcpy(zero_key_two, xorkeyblock, PICOPASS_BLOCK_SIZE); + } + + // Extract the last 3 bits of the first byte + uint8_t last_three_bits = key[0] & 0x07; // 0x07 is 00000111 in binary - bitmask + bool same_bits = true; + // Check if the last 3 bits of all bytes are the same + for (int i = 1; i < PICOPASS_BLOCK_SIZE; i++) { + if ((key[i] & 0x07) != last_three_bits) { + same_bits = false; + } + } + if (same_bits){ + bits_found = index; + PrintAndLogEx(SUCCESS, "Original Key: " _GREEN_("%s"), sprint_hex(original_key, sizeof(original_key))); + PrintAndLogEx(SUCCESS, "Weak Key: " _GREEN_("%s"), sprint_hex(key, sizeof(key))); + PrintAndLogEx(SUCCESS, "Key Updates Required to Weak Key: " _GREEN_("%d"), index); + PrintAndLogEx(SUCCESS, "Estimated Time: ~" _GREEN_("%d")" hours", index/6545); + } + + index++; + }//end while + + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; + +} + static int CmdHFiClassLegacyRecover(const char *Cmd) { CLIParserContext *ctx; @@ -4179,6 +4280,7 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) { arg_lit0(NULL, "debug", "Re-enables tracing for debugging. Limits cycles to 1."), arg_lit0(NULL, "notest", "Perform real writes on the card!"), arg_lit0(NULL, "allnight", "Loops the loop for 10 times, recommended loop value of 5000."), + arg_lit0(NULL, "sim", "Runs a simulation based on the card's CSN assuming standard key."), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -4193,6 +4295,12 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) { bool test = true; bool no_test = arg_get_lit(ctx, 5); bool allnight = arg_get_lit(ctx, 6); + bool sim = arg_get_lit(ctx, 7); + + if (sim){ + CmdHFiClassLegacyRecSim(); + return PM3_SUCCESS; + } if (no_test) { test = false; From b1c604c4cb29d38874fd01964ab6f744b051ac6c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 22 Nov 2024 11:32:10 +0100 Subject: [PATCH 005/150] style --- client/luascripts/hf_legic.lua | 4 +- client/src/atrs.h | 2812 ++++++++++++++++---------------- doc/commands.json | 2 +- 3 files changed, 1409 insertions(+), 1409 deletions(-) diff --git a/client/luascripts/hf_legic.lua b/client/luascripts/hf_legic.lua index 30dea2d12..e92b78599 100644 --- a/client/luascripts/hf_legic.lua +++ b/client/luascripts/hf_legic.lua @@ -499,7 +499,7 @@ end function segmentsToTag(bytes, tag) if(#bytes>23) then local start=23 - local i=-1 + local i=-1 if (istable(tag)) then repeat i=i+1 @@ -1768,7 +1768,7 @@ function getSegmentData(bytes, start, index) -- wrp (write proteted) = byte 2 segment.WRP = tonumber(bytes[start+2],16) -- wrc (write control) - bit 4-6 of byte 3 - --segment.WRC = bbit("0x"..bytes[start+3],4,3) + --segment.WRC = bbit("0x"..bytes[start+3],4,3) segment.WRC = (tonumber(bytes[start+3], 16) >> 4) & 0x07 -- rd (read disabled) - bit 7 of byte 3 --segment.RD = bbit("0x"..bytes[start+3],7,1) diff --git a/client/src/atrs.h b/client/src/atrs.h index dd9420097..95a24e997 100644 --- a/client/src/atrs.h +++ b/client/src/atrs.h @@ -3197,1411 +3197,1411 @@ const static atr_t AtrTable[] = { { "3B9F96801FC78031E073FE211BB3E204A5830F90005B", "Tre Italia Gemplus (Telecommunication)" }, { "3B9F96801FC78031E073FEA117574A33058C33390096", "1NCE SIM card (Telecommunication)\nhttps://1nce.com/en-eu/1nce-os/our-architecture" }, { "3B9F96803F87828031E073FE211B67454D753034024B02", "Hologram Global G1 eUICC SIM(Telecommunication)\nhttps: //www.hologram.io/products/global-iot-sim-card/" }, - { "3B9F96803F87828031E073FE211F574543753130136502", "sysmoEUICC1-Cxx - eUCICC for econsumer eSIM RSP (Telecommunication)\nhttps://sysmocom.de/products/sim/sysmocom-euicc/index.html" }, - { "3B9F96803F87828031E073FE211F574543753130266F3D", "An eSIM physical card, you can write eSIM profiles into it and use it as a general SIM (Telecommunication)\nhttps://www.9esim.com/" }, - { "3B9F96803FC3A08031E073F62113574A4D0E1D31300071", "Telenor SIM card (Norway)" }, - { "3B9F96803FC6A08031E073F62116574A4D020B34546369", "SIM card Wingo operator (Switzerland) (Telecommunication)" }, - { "3B9F96803FC7008031E073FE211B6408050300829000EF", "Multipurpose UICC card for 2G, 3G, 4G/LTE, CDMA, ISIM & NFC (Telecommunication)\nhttp://www.smartjac.biz/index.php/component/eshop/telecom/test-uicc-sim-cards/2ff-mini-sim-cards/4g-open-multipurpose-uicc-card-3ff?Itemid=0" }, - { "3B9F96803FC7008031E073FE211F6441262100829000A3", "Smartjac SMAOT100A234FF (Telecommunication)\nhttps://smartjac.com" }, - { "3B9F96803FC7828031E073F62157574A330581053000CE", "COMPRION M2M eUICC (Telecommunication)" }, - { "3B9F96803FC7828031E073F62157574A4D020B60010069", "eSIM GSMA Card (Telecommunication)\nhttps://www.gsma.com/newsroom/wp-content/uploads/SGP.22_v2.2.pdf" }, - { "3B9F96803FC7828031E073F62157574A4D020B60610009", "ting (Telecommunication)" }, - { "3B9F96803FC7828031E073FE211B57AA8660F0010004FB", "The eSIM.me Card (Telecommunication)\nhttps://esim.me/" }, - { "3B9F96803FC7828031E073FE211B57AA8660F0010011EE", "eSIM.me pluggable eSIM (Telecommunication)\nhttps://esim.me/" }, - { "3B9F96803FC7828031E073FE211B57AA8660F0010017E8", "eSim.me Orange Setup (Telecommunication)" }, - { "3B9F96803FC7828031E073FE211B57AA8660F001001EE1", "5Ber (Telecommunication)\nhttps://esim.5ber.com" }, - { "3B9F96803FC7828031E073FE211B633A204E8300900031", "eSIM (Telecommunication)" }, - { "3B9F96803FC7828031E075F62157200355020B60500018", "iPhone 11 SIM Slot eUICC chip. Identified by eSTK.me. (Telecommunication)" }, - { "3B9F96803FC7828031E075F62157200355020C608000CF", "ST33J2M0STL9DZB0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, - { "3B9F96803FC7828031E075F62157210355020B60010048", "ST33G1M2STL8ENL0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, - { "3B9F96803FC7828031E075F62157210355020B60500019", "st33g1m2 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, - { "3B9F96803FC7828031E075F62157210355020C608000CE", "ST33J2M0STL9DZB1 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, - { "3B9F96803FC7828031E075F621573C0455020C61010054", "euicc from iphone14 (Telecommunication)" }, - { "3B9F96803FC7A08031E073F62116574A4D020233456377", "ISIS-Ready T-Mobile Sim Card (Telecommunication)" }, - { "3B9F96803FC7A08031E073F62156574A4D020B3444005B", "Norwegian telenor (Telecommunication)\nhttp://www.telenor.no" }, - { "3B9F96803FC7A08031E073F62157574A4D020B34546329", "Orange FR - opa (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211B63F100E8830090005E", "UICC CARD (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211B6407689A00829000B4", "Orange SIM Card (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211B64080503008290004F", "NFC-enabled SIM card of MTS Russia. (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211F6300690083819000AB", "GSM file system and SWP sample supplied with STMicro development kit (Other)" }, - { "3B9F96803FC7A08031E073FE211F6441269100829000B3", "LTE Lab SIM Ver 1.3 (Telecommunication)" }, - { "3B9F968131FE458065544312210831C073F6218081059A", "Scientific and Technological Research Council of Turkey (test card) (eID)" }, - { "3B9F968131FE45806755454B41451212318073B3A180EA", "AKiS v1.2 on nxp chip" }, - { "3B9F968131FE45806755454B41451252318073B3A180AA", "AKiS v1.2.1 on infineon chip" }, - { "3B9F968131FE45806755454B41451253318073B3A180AB", "AKiS v1.2.1 on nxp chip" }, - { "3B9F968131FE45806755454B41451292318073B3A1806A", "AKiS v1.2.2 on infineon chip" }, - { "3B9F968131FE45806755454B41451293318073B3A1806B", "AKiS v1.3 on infineon chip" }, - { "3B9F968131FE5D00640428010231C073F701D000900065", "German eTicketing SAM (Transport)\nhttps://www.eticket-deutschland.de/" }, - { "3B9F968131FE6D00640428010231C073F701D000900055", "VDV-KA Secure Access Module (German Public Transport) (Transport)\nhttps://www.eticket-deutschland.de/" }, - { "3B9F968131FE9D006405A0030431C073F701D000900028", "Deutsche Telekom AG, TeleSec PKS ECC Signature Card (PKI)\nhttps://www.telesec.de/en/signaturecard" }, - { "3B9F9681B1FE451F070064051EB20031B0739621DB0590005C", "SignTrust (www.signtrust.de)\nInfinion SLE66CX680PE with Starcos 3.2\nhttp://www.deutschepost.de/dpag?xmlFile=link1015459_49595" }, - { "3B9F9681B1FE451F070064051EB20331B0739621C005900044", "German Dentist ID (eID)" }, - { "3B9F96C00A1FC38031E073FE211B63F100AD830F9000DA", "SIM SFR Pro (French Mobile Operator)" }, - { "3B9F96C00A1FC68031E073FE211F65D00233131B810FFA", "Tinkoff SIM card (Telecommunication)" }, - { "3B9F96C00A1FC78031E073FE211B63F100AD830F9000DE", "H3G (Italy) UMTS USIM card" }, - { "3B9F96C00A1FC78031E073FE211B65D0011009228100F3", "Verizon 4G LTE SIM Card (Telecommunication)\nhttp://www.verizonwireless.com/support/information/4gsim.html" }, - { "3B9F96C00A1FC78031E073FE211B65D0018E0E3281007A", "Rogers 3G SIM card" }, - { "3B9F96C00A1FC78031E073FE211F65D0020912EE810F35", "German SIM card Drillisch (Telefonica) (Telecommunication) (Telecommunication)\nhttps://www.drillisch-online.de/" }, - { "3B9F96C00A1FC78031E073FE211F65D0020914F9810F24", "CONNEXA SIM CARD (Telecommunication)" }, - { "3B9F96C00A1FC78031E073FE211F65D0020B11A4810F7E", "Telia Finland Oyj, network operator LTE (Telecommunication)" }, - { "3B9F96C00A1FC78031E073FE211F65D013370F3B810FD2", "Gemalto Security Element (PKI)" }, - { "3B9F96C00A31FE45435431690B010001000000000000000D", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, - { "3B9F96C00A31FE45754A6176656C696E2D4F5320312E3051", "Vietnam ID Card (eID)" }, - { "3B9F96C00A3FC6A08031E073FE211B65D001740EEB810FD7", "Verizon '4G LTE' USIM (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211B65D001740F13810F2E", "SFR GSM SIM Card (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211B65D001740F50810F6D", "5G (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211F65D001900F3B810FE6", "Verizon US USIM card (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211F65D00209107C810F24", "GSM SIM Vodafone NL postpaid NFC+ (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211F65D0021B12B7810FFF", "SIM Card Fastweb IT GSM mobile network (Telecommunication)" }, - { "3B9F96C00A3FC7828031E073FE211F65D00209146C810F13", "euicc (eID)" }, - { "3B9F96C00A3FC7A08031E073FE211B65D001740E8D810FB0", "USIM" }, - { "3B9F96C00A3FC7A08031E073FE211B65D001740EE3810FDE", "EE (UK) Mobile Phone SIM Card circa 2016 (Telecommunication)" }, - { "3B9F96C00A3FC7A08031E073FE211B65D001740F13810F2F", "Phone card sim (Telecommunication)" }, - { "3B9F96C00A3FC7A08031E073FE211F65D0021A12AB810FE3", "Orange SIM (Telecommunication)" }, - { "3B9F96C00A3FC7A08031E073FE211F65D0021B12B7810FFE", "ISPL Card (Telecommunication)" }, - { "3B9F96C0F031FE45754A6176656C696E2D4F5320312E30AB", "ATKey.Card NFC Bio-ID (eID)" }, - { "3B9F97801FC68031E073FE211B6441442100829000E5", "SAKURA Internet SIM (Telecommunication)\nhttps://www.sakura.ad.jp/services/sim/" }, - { "3B9F97801FC68031E073FE211B65CA010E060B81059E", "rain Networks - R15 4G Sim Card (Telecommunication)\nhttp://www.rain.co.za" }, - { "3B9F97801FC78031E073FE211367980801120401045B", "Tmobile Sim card (Telecommunication)" }, - { "3B9F97801FC78031E073FE211367980801120601065B", "Tmobile (Telecommunication)" }, - { "3B9F97801FC78031E073FE2113679814010202010257", "Orange SIM from Egypt (Telecommunication)" }, - { "3B9F97803FC6828031E073FE211F630089008381900069", "ST4SIM-200M (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st4sim-200m.html" }, - { "3B9F97803FC7828031E073FE211F640856210082900019", "eSIM card (Telecommunication)" }, - { "3B9F97803FC7828031E073FE211F6409069200829000FB", "Ubigi Transatel esim (Telecommunication)" }, - { "3B9F978131FE458065544312210831C073F621808105", "Republic of Turkey Identity Card (eID)\nhttps://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, - { "3B9F978131FE458065544312210831C073F62180810590", "Turkish National Electronic Identity Card - TCKK (eID)\nhttp://www.ekds.gov.tr" }, - { "3B9F978131FE458065544312210831C073F6218081059B", "Turkish Republic Identity Card - Turkiye Cumhuriyeti Kimlik Karti (TCKK) (eID)\nhttp://www.ekds.gov.tr/tckk/t-c-kimlik-karti/tanim" }, - { "3B9F978131FE4580655443D2210831C073F6218081055B", "Turkish Republic official electronic ID card with biometric data, e-signature, authentication, secure private-key cryptographic messaging, etc. (eID)\nhttp://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, - { "3B9F978131FE4580655443D3228231C073F621808105D3", "Turkish eID (Turkiye Cumhuriyeti Kimlik Karti) (eID)" }, - { "3B9F97C00A1FC68031E073FE211F65D00233150E810FE8", "SIM Card (Telecommunication)" }, - { "3B9F97C00A1FC78031E073FE211B65D0011009228100F2", "'ultra fast card, max speed supported for telecom'? (transport)" }, - { "3B9F97C00A1FC78031E073FE211B65D001900F3B810F62", "Gemalto Multi-SIM consumer 4.2 (ST33I1M2) (Telecommunication)" }, - { "3B9F97C00A3FC6828031E073FE211B65D0023314A5810FE4", "Thales eUICC French Ministry BAP v2 (Telecommunication)" }, - { "3B9F97C00A3FC6A08031E073FE211B65D001740EEB810FD6", "Verizon 4G LTE Micro SIM (Telecommunication)" }, - { "3B9F97C00A3FC6A08031E073FE211F65D0021B13F6810FBE", "Verizon SIM Card (Telecommunication)" }, - { "3B9F97C00A3FC7A08031E073FE211F65D001900FEE810F33", "AT&T Mobility LLC MicroSIM Card (Telecommunication)\nhttps://www.att.com/wireless/" }, - { "3B9F97C00AB1FE453FC6828031E073FE211B65D0023A14C9810F8B", "SIM (Telecommunication)" }, - { "3B9F97C0FF1FC78031E073FE211B63F100AD830F90002A", "Gemalto Speed Enhancement 97 (Telecommunication)" }, - { "3B9FB681B1FE5D1F4700640411030131C073B7010000900035", "BOS (Telecommunication)" }, - { "3B9FD680B1A0591FC7534C4538385F50534C5F56302E353001", "Infineon SLE88CFX4000P" }, - { "3BA70040..8065A208......", "Gemplus GemSAFE Smart Card (8K)" }, - { "3BA70040148065A214010137", "Gemplus GPK4000sdo" }, - { "3BA70040188065A208010152", "Gemplus GPK8000\nGemSAFE Smart Card (8K)\nMultiApp ID IAS ECC 72K CC (with IAS XL / IAS ECC Applet) IAS ECC Type 3 (Bank)" }, - { "3BA70040188065A209010152", "Gemplus GPK16000" }, - { "3BA70040188065A209010252", "Gemplus GPK16000" }, - { "3BA70040188065A209010352", "Gemplus GemSAFE std (GPK16000?)" }, - { "3BA8008171465D0054434F53312E320065", "Telesec TCOS 1.2" }, - { "3BA8008171465D0054434F53312E324B2E", "CeloCom Card with TCOS 1.2" }, - { "3BAA00401447473245543553343830", "Old German 'D2 Privat' sim card (Telecommunication)" }, - { "3BAA00401447473247543553343830", "GSM-SIM Libertel (900MHz)" }, - { "3BAA004080534F805345030411AAA3", "'open platform' ATMEGA 'new Generation'\nhttp://www.masterixweb-italy.com/new/images/articoli/atmega.jpg" }, - { "3BAB00813140458031C0650806800000000084", "Reloadable Visa Cash card (Schlumberger), Bank of America" }, - { "3BAC00402A001225006480000310009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)\nhttps://esante.gouv.fr/securite/cartes-et-certificats/CPS" }, - { "3BAC00402A001225006480820212009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)" }, - { "3BAD0040FF80318065B00501015E83009000", "Dallas Semiconductor iButton\nJIB\nGemplus GemXpresso 2.11PK" }, - { "3BB0110081319073F2", "SamOS 2.7" }, - { "3BB033009181316B35FC", "SkyperfecTV HD IC Card (Pay TV)\nhttps://www.skyperfectv.co.jp/eng/" }, - { "3BB036008131FE5D95", "Betacrypt 2 (Comvenient GmbH) Conditional Access Smart Card (Pay TV)\nwww.comvenient.com" }, - { "3BB2110010800001", "Atmel memory card AT88SC0104C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nPlug'n'Print" }, - { "3BB2110010800002", "Atmel memory card AT88SC0204C (Atmel memory card)\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5211.pdf\nCard LAVAGE reloadadble from stations TOTAL" }, - { "3BB2110010800004", "Atmel memory card AT88SC0404C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB2110010800008", "Atmel memory card AT88SC0808C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nSmart VR Card - GD Burti" }, - { "3BB2110010800016", "Atmel memory card AT88SC1616C\nhttps://www.microchip.com/en-us/product/AT88SC1616C#document-table\nRexall (Canada) - Blood Pressure Check card\nhttp://www.rexall.ca/services/blood-pressure-tracking" }, - { "3BB3110000000032", "Atmel memory card AT88SC3216C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB3110000000064", "Atmel memory card AT88SC6416C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB3110000000128", "Atmel memory card AT88SC12816C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB3110000000256", "Atmel memory card AT88SC25616C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB7110081319043A5..............", "Siemens CardOS/M V1.4 (SLE44C80S)" }, - { "3BB7110081319043C517B09D19221E1F", "CryptoTech blank access/authentication card (Other)\nhttp://www.cryptotech.com.pl/" }, - { "3BB7110081319053B5..............", "CardOS EM/V1.4 (SLE44CR80S)" }, - { "3BB711008131FE432025854702202866", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, - { "3BB711008131FE4320283FB50320313B", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, - { "3BB718008131704310434E5452563253", "Avtor SecureToken (PKI)" }, - { "3BB718008131FE6553504B323490005A", "Giesecke & Devrient Starcos 2.4" }, - { "3BB71800C03E31FE6553504B3234900025", "G&D STARCOS SPK 2.4" }, - { "3BB794008131FE5553504B32329000E0", "Dresdner Bank (a German Bank) Key-Card for InternetBanking" }, - { "3BB794008131FE6553504B32329000D0", "Giesecke & Devrient STARCOS SPK2.2" }, - { "3BB794008131FE6553504B32339000D1", "Giesecke & Devrient Starcos 2.3\nDeutsche Bank WebSign (RSA-Card)\nG&D StarSign Token\nOsakidetza ONA (eID)\nhttp://www.osakidetza.euskadi.eus/r85-ckserv01/es/contenidos/nota_prensa/ruedasanidad35/es_rs/ruedasanidad35_c.html" }, - { "3BB813008131205D0057696E4361726402", "SmartCard for Windows 1.1" }, - { "3BB813008131FA524348544D4F494341A5", "citizen digital certificate (PKI)\nhttp://moica.nat.gov.tw/" }, - { "3BB897008131FE45FFFF148230502300F1", "UAE Emirates ID (eID)\nhttps://www.icp.gov.ae" }, - { "3BB89700813FE45FFFF148230502300F", "UAE Emirates ID (eID)" }, - { "3BB89700C00831FE45FFFF148230502300B8", "Infineon SECORA ID X (JavaCard)" }, - { "3BB918008131FE9E8073FF614083000000DF", "Serbian Identity Card\nThis is the new Serbian biometric identity card (every adult cityzen\nmust have). The chip contains owners picture, name, date and place\nof birth, current address, unique ID number and fingerprint." }, - { "3BB9940040144747334D4838353330", "T D1 GSM card (Telecommunication)" }, - { "3BB9940040144747334E4838363430", "GSM-SIM card of the Austrian mobile phone provider One\nhttp://www.one.at\nProximus SIM - Belgium (SetCOS?)\no2 GSM-SIM card Germany 2003" }, - { "3BBA11001000434C5F53414D00133800", "Planeta Informatica CL-SAM (Other)\nhttp://www.planeta.inf.br/" }, - { "3BBA11008131FE4D55454B41452056312E30AE", "AKIS v1.0 on infineon chip" }, - { "3BBA13008131865D0064050A0201318090008B", "Telesec TCOS 2 (SLE44)\nTCOS 2.0 (on CR80S)\nCryptokarte with RSA-Controller, T=1 Protocol" }, - { "3BBA14008131865D0064051402023180900091", "TCOS 2.0 (on CX160S)\nTelesec TCOS 2 (SLE66)" }, - { "3BBA14008131865D0064057B020331809000", "PHILIPS (HealthCare)" }, - { "3BBA14008131865D0064057B020331809000FF", "PHILIPS (HealthCare)" }, - { "3BBA14008131865D0064057B0203319000FF", "JCOP CARD (Other)" }, - { "3BBA94004014", "GG3RS732S0 ?" }, - { "3BBA9400401447473352533731365300", "Micro Sim MCP crew sim (Telecommunication)" }, - { "3BBA9400401447473352533731365320", "GSM SIM Elisa Estonia" }, - { "3BBA9400401447473352533731365330", "GSM-SIM Viag Interkom E2 Loop (1800MHz)\nGSM-SIM card of the Austrian A1\nhttp://www.a1.net/privat/home\nGSM SIM Radiolinja Estonia; 2005" }, - { "3BBA9400401447473353533731365330", "GSM SIM Cellway (e-plus), Germany (Telecommunication)" }, - { "3BBA95001080434C5F53414D00013811", "CLSAM (Transport)\nhttp://www.planeta.inf.br" }, - { "3BBA950081B1865D1F430064045C02033180900084", "T-Mobile Corporate ID Card" }, - { "3BBA96008131865D0064056002033180900066", "Telesec TCOS 2 (SLE66P)\nTCOS 2.0 (on CX320P)\nTeleSec Netkey Card" }, - { "3BBA96008131865D00640560020331809000667001040530C9", "TeleSec Netkey E4 Card" }, - { "3BBA96008131865D0064057B0203318090007D", "TeleSec NetKey Card\nDeutsche Post card (tcos)" }, - { "3BBB18008131FE4580670518B1020184008105E0", "STARCOS Smart Card (Other)\nhttps://www.gi-de.com/de/identities/unternehmenssicherheit/signaturkarte" }, - { "3BBB1800C01031FE4580670412B003030000810138", "Giesecke & Devrient Star Sign Card, STARCOS 3.0 DI, 72 KB, RSA2048 bit\nGiesecke & Devrient Smartc@fe Expert 32K v2.0" }, - { "3BBB1800C01031FE4580670412B00303000081053C", "Philips Smart MX\nSzczecin University of Technology in Poland student identity card (Elektroniczna Legitymacja Studencka = student identity card)\nCSOB bank, Czech Republic\nCATCert (Agencia Catalana de Certificacio) catalan government workers identity card" }, - { "3BBB1800C03E31FE654726442054534D20312E30B7", "Italian Tachograph Driver Card" }, - { "3BBC1800813120755A43332E313220524556204146", "ZeitControl BasicCard Enhanced 3.7\nhttp://www.basiccard.com/" }, - { "3BBC1800813120755A43332E313420524556204445", "ZeitControl BasicCard Enhanced 3.14 Rev D\nhttp://www.basiccard.com/" }, - { "3BBC1800813120755A43332E333220524556204247", "ZeitControl BasicCard (Other)\nhttps://ZeitControl" }, - { "3BBC1800813120755A43332E333420524556204447", "ZeitControl BasicCard Enhanced ZC3.34 (Other)\nhttps://www.zeitcontrol.de/en" }, - { "3BBC94004014474733483335585332303030", "GSM-SIM Era-PL\nT-Mobile GSM SIM Card" }, - { "3BBC94004014474733483335585632303030", "GSM SIM CARD 32K, Vodafone" }, - { "3BBC94004014474733493539424332303030", "GSM SIM Vodafona NL prepaid" }, - { "3BBC94004014474733493543414331303030", "Siemens SIM card" }, - { "3BBC94004014474733493731394332303020", "Telenor SIM card (Norway)" }, - { "3BBC94004014474733494231424331303020", "Telenor SIM (Telecommunication)" }, - { "3BBC94004014474733494231424331303030", "SIM Card (Scarlet, Belgium) (Telecommunication)\nhttps://www.scarlet.be/nl/prepaid/" }, - { "3BBC94004014474733533035315331303130", "GSM SIM (Tele2, Estonia)\nGSM SIM Elisa Estonia; 2007\nGSM SIM from 'fonic' Germany" }, - { "3BBC94004014474733533443454332303030", "Era-PL SIM Card (Telecommunication)" }, - { "3BBD110000414C4946415820503031523041", "alifax (HealthCare)" }, - { "3BBD18008131FE45805102670414B10101020081053D", "Austrian 'e-Card' (=Health Card)\nspecial Version of Starcos 3.1" }, - { "3BBD18008131FE45805102670518B102020201810531", "Austrian health insurance card 'e-card'" }, - { "3BBD18008131FE45805103670414B10101020081053C", "Austrian Health insurance card 'eCard' (HealthCare)\nhttp://www.chipkarte.at" }, - { "3BBE..000041052000............00009000", "CryptoMate64 USB Cryptographic token\nhttp://www.acs.com.hk/en/products/18/cryptomate64-cryptographic-usb-tokens/\nACS ACOS5-64 V2.00\nhttp://www.acs.com.hk/en/products/17/acos5-64-cryptographic-smart-card/" }, - { "3BBE1100004101102038000000000000000000", "ACOS2" }, - { "3BBE1100004101380000000000000000019000", "ACS (Advanced Card System) ACOS-1\nACOS3\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE1100004101380000000000000000029000", "ACS (Advanced Card System) ACOS-1 8K" }, - { "3BBE1100004101380000010000000000019000", "ACOS3 Microprocessor Card (Contact) (Other)\nhttp://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE1100004101380000030000000000019000", "ACS ACOS3-32 (Telecommunication)\nhttp://www.acos3.com/" }, - { "3BBE110000410138000004006275627A019000", "Advanced Card Systems ACOS3 (24k) V1.7\nhttp://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=ACOS3" }, - { "3BBE1100004101380000050000000000029000", "ACS (Advanced Card System) ACOS2" }, - { "3BBE1100004101380100030000000000029000", "ACOS2 test card from ACS reading off a ACR38U" }, - { "3BBE1100004101380300040000000000019000", "ACOS 3 from ACS (Other)" }, - { "3BBE1100004101380400140000000000019000", "Dekart Smartcard Logon (eID)\nhttp://www.smartcardfocus.com/shop/ilp/se~81/dekart-smartcard-logon/p/index.shtml" }, - { "3BBE1100004101380400140000000000029000", "DEKART proprietary logon authentication solution for Windows (Other)\nhttp://www.dekart.com/products/" }, - { "3BBE1100004101380500070000000000029000", "EEPROM card (Other)" }, - { "3BBE11000041013817CE010000000000019000", "ACOS3 Contact Microprocessor Card (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE1100004101382500030000000000019000", "8 pin (eID)" }, - { "3BBE1100004101384D800A8050524F56009000", "ACS (Advanced Card System) ACOS-3" }, - { "3BBE110000410138FF40000000000000019000", "Acos3 (zend) (eID)" }, - { "3BBE1100004107020000000000000000019000", "ACOS7 MOC Combi-Card (Other)\nhttp://www.acs.com.hk/en/products/123/acos7-moc-combi-card/" }, - { "3BBE1800004105..0000000000000000009000", "Advanced Card Systems (ACS) ACOS5 Cryptographic Smart Card" }, - { "3BBE1800004105100000000000000000009000", "ACS ACOS5 'ACOS5-32-G' dual card\nhttp://www.acs.com.hk/acos5.asp" }, - { "3BBE1800004206110000000000000000009000", "Etoken nano 192k (eID)" }, - { "3BBE94004014474733463034415A455439313330", "GSM operator Life Ukraine (Telecommunication)" }, - { "3BBE940040144747335333454441544C36303130", "SingTel hi! Prepaid GSM SIM UICC (Telecommunication)" }, - { "3BBE940040144747335333454841544C39313000", "Latvian GSM operator TELE2" }, - { "3BBE940040144747335333474841544C39313030", "simCard Vip Mobile(Serbia) or Telecom Austria (Telecommunication)\nhttp://www.vipmobile.rs/" }, - { "3BBE94008131FE3553504B3233205745353031364E4325", "G&D StarCOS SPK 2.3 secure element (Bank)" }, - { "3BBE9500004103000000000000000000029000", "touchatag SAM card\nSpanish University of Murcia smart ID card - Old version with CajaMurcia Banking card integrated (Maestro card) (M.Mar OS) - Also used by many others spanish universities\nACOS6 C6\nhttps://www.acs.com.hk/en/products/309/acos6-multi-application-purse-card-contact/\nACOS6S C7 SAM\nhttps://www.acs.com.hk/en/products/310/acos6-sam-secure-access-module-card-contact/" }, - { "3BBE96000041013802001D0000000000019000", "ACOS3-32 (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE9600004103000000000000000000029000", "SAM inside the Tikitag reader from Alcatel-Lucent\nhttp://hackerati.com/post/57314994/rfid-on-the-cheap-hacking-tikitag" }, - { "3BBE9600004105004E46000000000000009000", "ACOS5-64 v3.00 (PKI)\nhttps://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, - { "3BBE9600004105300000000000000000009000", "CryptoMate Nano USB Cryptographic token\nhttp://www.acs.com.hk/en/products/414/cryptomate-nano-cryptographic-usb-tokens/\nACS ACOS5-64 V3.00\nhttp://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, - { "3BBE9600004206210000000000000000009000", "ESMART Token (PKI)\nhttps://esmart.ru/products/informatsionnaya-bezopasnost/smart-karty-esmart-token/" }, - { "3BBE9600801FC78031E073FE21136200..83819000..", "Vodafone (Italy) 128 kB GSM SIM card\nTIM (Italy) 128 kB GSM SIM card" }, - { "3BBF..008131FE5D0064040F03..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD036" }, - { "3BBF..008131FE5D0064041103..31C073F701D0009000..", "TCOS 3.0 on Philips P5CT072" }, - { "3BBF..008131FE5D0064041503..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD072" }, - { "3BBF..008131FE5D00640428030231C073F701D0009000..", "TCOS 3.0 release 2 on Philips P5CD080" }, - { "3BBF..008131FE5D0064056D03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX642P" }, - { "3BBF..008131FE5D0064058903..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX641P" }, - { "3BBF..008131FE5D0064058A03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX640P" }, - { "3BBF..008131FE5D0064059103..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX680PE" }, - { "3BBF11008131..4545504100000000........0000......", "Austrian Quick E-purse\nhttp://www.quick.at/" }, - { "3BBF11008131FE45455041000000000000000000000000F1", "a.sign premium signature card" }, - { "3BBF11008131FE4545504100000000792780760000000059", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (old model) (Bank)" }, - { "3BBF11008131FE454D434100000100016971850000000077", "Austrian 'easybank' branded Mastercard, issued 2007" }, - { "3BBF11008131FE454D434100000100020820510000000090", "austrian combined card of a mastercard and OBB Vorteilscard (Austrian Federal Railways)\nhttp://www.oebb.at/pv/de/Servicebox/VORTEILScard/Bezahlen_mit_der_VORTEILScard/VORTEILScard_MasterCard.jsp" }, - { "3BBF11008131FE454D43410000010002559133000000001E", "Mastercard (Paylife Austria)" }, - { "3BBF1100C01031FE44534D405254204341464520312E3143C1", "Giesecke&Devrient SmartCafe 1.1" }, - { "3BBF18008031703553544152434F5320533231204390009B", "Giesecke & Devrient STARCOS S2.1" }, - { "3BBF18008131705553544152434F532053323120439000FA", "Giesecke & Devrient STARCOS S2.1" }, - { "3BBF1800C02031705253544152434F5320533231204390009C", "Giesecke & Devrient SPK 2.1 C" }, - { "3BBF9300801FC68031E073FE2113576573746B2E6D65E3", "eSTK.me v1.2.5 or later (Telecommunication)\nhttps://eSTK.me" }, - { "3BBF9300803FC6828031E073FE2113576573746B2E6D6541", "eSTK.me v1.2.4 (Telecommunication)\nhttps://eSTK.me" }, - { "3BBF94008131FE65454C55204175737472696120312E3238", "A-Trust: trust-sign (Old Version, ca. 2002) for Digital Signature etc.\nA-Trust: a-sign-premium (ca. 2004) 'Burgerkarte' ('Citizen-Card')\nfor Identifikation, Digital Signature etc.\n('should be' Starcos 2.3)" }, - { "3BBF9500801FC68031E073FE2113576573746B2E6D65E5", "eSTK.me v3.1.1 or later (Telecommunication)\nhttps://estk.me" }, - { "3BBF9500803FC6828031E073FE2113576573746B2E6D6547", "eSTK.me v3.1.1 (Telecommunication)\nhttps://eSTK.me" }, - { "3BBF96008131FE5D0064........31C073F701D0009000..", "TCOS 3.0 / NetKey 3.0" }, - { "3BBF96008131FE5D00640411000031C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, - { "3BBF96008131FE5D00640411030131C07301D000900000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, - { "3BBF96008131FE5D00640411030131C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, - { "3BC5FF8131FB458073C6010000", "Japanese Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/en/kojinbango/index.html" }, - { "3BC800000073C84000000000", "verve (Bank)" }, - { "3BCDFF8031FE450068D276000028040481009000CD", "Tachograph company test card (Transport)" }, - { "3BD096FF81B1FE451F032E", "New european health insurance card of the German health insurance (G2) (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, - { "3BD096FF81B1FE451F072A", "German public health insurance card (,,Gesundheitskarte'), 2nd generation (G2), issuer Techniker Krankenkasse (HealthCare)\nhttps://gematik.de/cms/de/spezifikation/wirkbetrieb/kartengeneration2/kartengeneration2.jsp" }, - { "3BD096FF81B1FE451FC7EA", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, - { "3BD097FF81B1FE451F072B", "German Elektronische Gesundheitskarte (eGK) (HealthCare) - From TK (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, - { "3BD097FF81B1FE451FC7EB", "German Health Professional Card (eHBA) (HealthCare)\ngSMC-KT, STARCOS 3.6 (HealthCare)" }, - { "3BD0A8FF81F1FB24001FC3F4", "Philips DESFire SAM" }, - { "3BD218008131FE450101C1", "Dutch License Plate Card (RDW)\nhttps://commons.wikimedia.org/wiki/File:Kentekencard_voorzijde_1_december_2013.jpg" }, - { "3BD218008131FE58C90114", "Atos CardOS5 (PKI)\nhttp://atos.net/NR/rdonlyres/17C7BDD0-225B-4A58-B9A4-438EA3F3238A/0/74743_20120830_160149_cardos_v5_0__datenblatt_en.pdf" }, - { "3BD218008131FE58C90217", "Atos CardOS 5.3 (PKI)\nhttp://www.atos.net/cardos" }, - { "3BD218008131FE58C90316", "Austrian 'RKS-Card' issued by GlobalTrust (PKI)\nhttps://secure.globaltrust.eu/info-rksv.html" }, - { "3BD218008131FE58C90411", "Identity Card in Slovakia with security chip and e-signature issued after 2021-06-21 (eID)\nD-TRUST Card 4.1 Standard, qualified signature card" }, - { "3BD218008131FE58CA6076", "CardOS IoT V5.4 (PKI)\nhttps://atos.net/wp-content/uploads/2018/11/ct_181127_lpm_cardos_iot_v5-4_fs_en4_web.pdf" }, - { "3BD218008131FE58CB0116", "D-Trust Card 5.1/5.4 (contact based)\nhttps://www.d-trust.net/de/support/signatur-und-siegelkarten" }, - { "3BD21802C10A31FE58C80D51", "Siemens Card CardOS M4.4" }, - { "3BD296FF81B1FE451F870102AB", "Electronic Vehicle Registration (eVR) from RDW.nl (The Netherlands), open sourced at [URL], demo (Windows / Linux Wine Mono) (Transport)\nhttps://github.com/eVRMTV/eVR" }, - { "3BD396FF81B1FE451F078081052D", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, - { "3BD5180081313A7D8073C8211030", "Aladdin eToken NG-Flash with 256MB of flash memory\nAladdin eToken PRO (72KB)\nhttp://www.aladdin.com/etoken/devices/default.aspx" }, - { "3BD518008131FE7D8073C82110F4", "Bank of Lithuania Identification card\nGemalto SafeNet eToken Java Based Cards\nhttps://safenet.gemalto.com/multi-factor-authentication/authenticators/pki-usb-authentication/" }, - { "3BD518FF8091FE1FC38073C8211308", "Athena IDProtect (JavaCard 2.2.2)\nhttp://www.athena-scs.com/product.asp?pid=32\nThales nShield Security World Card - Remote Administration Ready\nhttps://www.thalesesecurity.fr/products/hsm-management-and-monitoring/nshield-remote-administration" }, - { "3BD518FF8191FE1FC38073C821100A", "ComSign digital signature card (eID)\nhttps://www.comsign.co.uk/" }, - { "3BD518FF8191FE1FC38073C8211309", "Athena IDProtect Key (v2)\nhttp://www.athena-scs.com/product.asp?pid=33" }, - { "3BD518FF81B1FE451FC38073C821106F", "DPI Card ID Guatemala Version 2024 (eID)\nhttps://www.renap.gob.gt/" }, - { "3BD5950400AE01020101", "Axalto Cyberflex Access 64K v2b SM 1.1" }, - { "3BD595FF8091FE1FC38073C8211385", "Athena IDProtect - Cryptographic Java Card\nhttp://www.athena-scs.com/product.asp?pid=32" }, - { "3BD596028031FE654F734549441F", "AVR128DA32 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, - { "3BD596FF80B1FE451F878073C82110A4", "French national identity card (eID)\nhttps://en.wikipedia.org/wiki/National_identity_card_(France)" }, - { "3BD596FF8191FE1FC34332333030CC", "HID Global - Crescendo C2300 (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c2300" }, - { "3BD6180080B1806D1F038051006110309E", "Atmel/Athena T0 PC/SC Compliance Test Card No. 1" }, - { "3BD618008131FE7D415350204F5383", "ASP FIXED CHAL1, 2, 3 and 4 (Other)" }, - { "3BD6180081B1807D1F038051006110308F", "ASECard Crypto\nhttp://www.athena-scs.com/product.asp?pid=8" }, - { "3BD618FF8191FE1FC34573C8211110DD", "PDOX J3R180 (JavaCard)" }, - { "3BD6960081B1FE451F078031C1521118F8", "smart card from NASA, 2019 (PKI)" }, - { "3BD6960081B1FE451F878031C152211949", "DHS CAC card (PKI)" }, - { "3BD6960081B1FE451F878031C152411A2A", "Identiv SCR3310 v2.0 (eID)" }, - { "3BD6970081B1FE451F078031C1521118F9", "NASA Personal Identity Verification (PIV) card (eID)\nIDEMIA Cosmo V8.0 with a PIV applet" }, - { "3BD6970081B1FE451F078031C1521119F8", "Secure badge (PKI)" }, - { "3BD6970081B1FE451F878031C152211948", "DOS PIV (PKI)" }, - { "3BD6970081B1FE451F878031C152211A4B", "ID-One PIV 2.4 (P/N 1501381) from IDEMIA (Other)" }, - { "3BD6970081B1FE451F878031C152411A2B", "Oberthur Technologies ID-One PIV/CIV on V8 Device (eID)\nhttps://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2986.pdf\nIDEMIA Cosmo V8.1 with a PIV applet" }, - { "3BD71100400A654E434F533037", "eNCOS MC MChip Advance (Bank)" }, - { "3BD7970081B1FE451F878031C15351132012", "IdemiaID-ONEPIV (eID)\nhttps://www.idemia.com/id-one-piv-card" }, - { "3BD81800801F078031C1640806920F", "US Government CAC (PKI) / IDEMIA Cosmo v8 (PKI)\nhttps://www.idemia.com/id-one-piv-card" }, - { "3BD81800801F078031C1640806920FDF", "US DoD Common Access Card (IDEMIA Cosmo v8) (PKI)" }, - { "3BD8180080B1FE451F078031C1640806920FD5", "Oberthur Cosmo v8 (PKI)" }, - { "3BD818FF8131FE458064041BB42A8105D5", "Schweizerische Krankenversicherungskarte KVG (HealthCare)" }, - { "3BD818FF81B1FE451F038064041AB403810561", "D-Trust multicard advanced 3.1\nGerman public health insurance card ('Gesundheitskarte'), issuer SBK 'Siemens Betriebskrankenkasse'" }, - { "3BD896008031FE4400531200840F90001F", "Cape Verde National Identity Card (CNI) (eID)\nhttps://sniac.cv/cartao-nacional-de-identificacao/" }, - { "3BD8960081B1FE451F0743485447504B494ADD", "Citizen Digital Certificate, Taiwan (PKI)\nhttp://moica.nat.gov.tw/" }, - { "3BD896FF8131FE458064041BB42A81055B", "Swiss LAMal health insurance card" }, - { "3BD911008131FE8D0000464F4D53312E3132", "TFOMS (eID)\nhttp://www.samtfoms.ru" }, - { "3BD918008011F08054434F4C4482900062", "TransaXiom Janus Card (Other)\nhttp://www.transaxiom.co.uk" }, - { "3BD91800C00910FE5459464F4E45000000", "Tyfone's SideTap Card (NFC payments)" }, - { "3BD918FF8191FE1FC35441474C494F5049565B", "Taglio PIV C2190 (NXP JCOP 3 SecID P60 CS) (eID)\nhttps://www.taglio.com/pivcard.html" }, - { "3BD99400004D4502000901009000", "Moviestar. GSM SIM card (Telecommunication)" }, - { "3BD99400004D454576352E369000", "Vending Machine Card (Other)" }, - { "3BD99400004D4D41523331349000", "Vodafone Spain 64kb SIM card. GSM/3G networks" }, - { "3BD99500004D4516005401009000", "MTS Ukraine (Telecommunication)\nhttp://www.mts.ua/" }, - { "3BD996FF8131FE454352455343454E444FFF", "HID Global Crescendo JCOP 21 v2.4.1 R2 64K (PKI)" }, - { "3BD996FF8131FE458031B8738601E0810522", "German dentist's identity card (eID)\nhttp://www.medisign.de/" }, - { "3BD996FF8191FE1FC343323330302D4B4559BA", "Crescendo Key (USB Type-A) (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/crescendo-key" }, - { "3BDA11FF81B1FE551F0300318473800180009000E4", "Gnuk OpenPGP Token (PKI)\nhttps://www.fsij.org/category/gnuk.html" }, - { "3BDA11FF81B1FE551F0300318473800180059000E1", "Nitrokey Start (Openpgp USB) (Other)\nhttps://www.nitrokey.com/products/nitrokey-start" }, - { "3BDA13FF8131FB468012392F31C173C601C03B", "My Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttp://www.cas.go.jp/jp/seisaku/bangoseido/english.html" }, - { "3BDA1802C10A31FE584B53776973735369676EA9", "SuisseID Post - ATOS CardOS 4.x (eID)\nhttps://postsuisseid.ch/" }, - { "3BDA18FF8191FE1FC350564A434F503353494472", "J3H145 (P6 SecID) purchased from FUTAKO Ltd., Taiwan (JavaCard)\nhttp://www.javacardsdk.com" }, - { "3BDA18FF8191FE1FC380641211111073C0C1801B", "Belarus national identity card (passport)\nhttps://eng.belta.by/infographica/view/id-cards-in-belarus-7095/" }, - { "3BDA18FF81B1FE451FC3546963546F6B20322E3068", "TikTok 2.0 (PKI)" }, - { "3BDA18FF81B1FE451FC3546963546F6B20332E3069", "TicTok 3.0 (PKI) (PKI)\nhttps://en.cryptoshop.com/products/cryptas-tictok-v3-basisartikel.html" }, - { "3BDA18FF81B1FE751F030031C573C001400090000C", "OpenPGP Card V2" }, - { "3BDA18FF81B1FE751F030031F573C001600090001C", "OpenPGP Card V3" }, - { "3BDA9400004D4D41524A2B33399000", "SIM card from Vodafone Spain" }, - { "3BDA9500400A2508004053434F535441", "Card used for issuing commodity to benificiary for rice, wheat and more (Other)" }, - { "3BDA96FF8031FE454D696E694C6F61646572AB", "iClass SE Processor (Miniloader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, - { "3BDA96FF8031FE45536E6D704C6F61646572A8", "iClass SE Processor (SNMP Loader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, - { "3BDA96FF8131FE45805631B85349434181057B", "STARCOS 3.5 ID ECC C1R (PKI)\nhttps://www.gi-de.com/fileadmin/user_upload/MS/Certificates/STARCOS35_ID_ECC_TABLES.pdf" }, - { "3BDA96FF8191FE1FC343323330302D46495053E2", "Crescendo 2300 FIPS (JavaCard)" }, - { "3BDA96FF81B1FE451F0780584943412056322E30E9", "Starcos chip card from Giesecke & Devrient (PKI)\nhttps://ica.cz/functionality-smart-card" }, - { "3BDB11FF5000FF0000000000000007921603", "NEC V-WAY64 v2.1" }, - { "3BDB1800801F030031C06477E303008290004F", "Oberthur ID-One Cosmo 64K V5.2" }, - { "3BDB18008031FE448059494465616C20312E367D", "ID card Albania (eID)" }, - { "3BDB180080B1FE451F830031C064C7FC1000019000FA", "Oberthur Cosmo V7 64K Dual/128K" }, - { "3BDB18FF8191FE1FC306092B06010401E9100503D7", "SafeSign Default QSCD (NXP JCOP 3 SecID P60) (PKI)\nhttps://www.tuv-nederland.nl/assets/files/cerfiticaten/2020/02/security-target-v1.0.pdf" }, - { "3BDB18FF8191FE1FC306092B06010401E9100504D0", "Serbian qualified electronic certificate issued by Serbian Post sertification centr (PKI)\nhttps://www.ca.posta.rs/serbian_post_ca.htm" }, - { "3BDB18FF81B1FE751F03504B436172642056312E30ED", "Tecos 3 card (Other)" }, - { "3BDB18FF81B1FE751F035A43372E35205245562041AE", "BasicCard Professional ZC7.5-COMBI (Other)\nhttp://www.basiccard.com/" }, - { "3BDB18FF81B1FE751F035A43372E36205245562044A8", "Zeitcontrol Professional BasicCard ZC 7.6 REV D (Other)\nhttp://www.zeitcontrol.de/en/products/basiccard/basiccard" }, - { "3BDB18FFC080B1FE751F035A43372E352052455620416F", "ZeitControl BasicCard ZC7.5 user-programmable dual interface smart card\nhttp://www.smartcardfocus.com/shop/ilp/id~380/BasicCard_ZC7_5_Dual_Interface/p/index.shtml" }, - { "3BDB18FFC080B1FE751F035A43372E352052455620426C", "BasicCard ZC7.5 dual-interface programmable smartcard (30K) (eID)\nhttps://secure.zeitcontrol.de/shop/Smart-card-BasicCard-Professional-ZC75-Combi" }, - { "3BDB18FFC080B1FE751F035A43372E352052455620446A", "Smart card BasicCard Professional ZC7.5, ZeitControl cardsystems GmbH\nhttp://www.zeitcontrol.de/en/products/chip-cards/processor-chip-cards/basiccard" }, - { "3BDB18FFC080B1FE751F035A43372E3620524556204469", "ZeitControl BasicCard 7.6 (Other)\nhttps://www.zeitcontrol.de/en/products/basiccard/basiccard" }, - { "3BDB96004010004F535F335F3134059000", "Vehicle identity card for Iran (eID)" }, - { "3BDB9600801F030031C06477E30300829000C1", "Oberthur Card Systems (contactless pilot) ID-One Cosmo v5.2D 64K\nOberthur Card Systems (PIV Transitional) ID-One Cosmo v5.2D 72K\nCAC (Common Access Card)" }, - { "3BDB9600801F030031C064B0F3100007900080", "DoD CAC, Oberthur ID One 128 v5.5 Dual" }, - { "3BDB9600801F030031C064B0F310000F900088", "US Department of Veterans Affairs PIV" }, - { "3BDB9600801F830031C0641D18010001900051", "ID0One Cosmo Development Kit (JavaCard)" }, - { "3BDB96008031FE448059654944204E414452418F", "Pakistan ID card (eID)" }, - { "3BDB960080B1FE451F830012233F536549440F9000F1", "Estonia ID-card (eID)\nhttps://id.ee" }, - { "3BDB960080B1FE451F830012428F536549440F900020", "Latvia eID (eID)\nhttps://www.eparaksts.lv/lv/" }, - { "3BDB960080B1FE451F830031C064102301000F900063", "Extremenian Health Service target (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, - { "3BDB960080B1FE451F830031C0641A1801000790005A", "Ercom CRYPTOSMART\nhttp://www.ssi.gouv.fr/entreprise/qualification/gamme-cryptosmart-pour-la-securisation-des-smartphones-et-des-tablettes/" }, - { "3BDB960080B1FE451F830031C0641A1801000F900052", "Serbian Car registration ID card\nhttp://blog.goranrakic.com/archives/2011/07/citanje_saobracajne_dozvole_sa_cipom.html" }, - { "3BDB960080B1FE451F830031C0641A71010007900033", "ChamberSign Gemalto USB Shell Token V2 - Certificate Audacio ** (eID)\nhttp://www.chambersign.fr/certificat-rgs-audacio/" }, - { "3BDB960080B1FE451F830031C064B0FC100007900005", "Oberthur Cosmo V7 debug card (SDK)" }, - { "3BDB960080B1FE451F830031C064B0FC10000F90000D", "ID-One PIV (that's the only non-numeric identifying mark) (PKI)" }, - { "3BDB960080B1FE451F830031C064BAFC10000790000F", "Oberthur ID-One Cosmo v7.0 80K (eID)\nhttps://www.ssi.gouv.fr/uploads/IMG/certificat/ANSSI-CC-cible_2011-64en.pdf" }, - { "3BDB960080B1FE451F830031C064BAFC10000F900007", "Oberthur ID-One Cosmo v7.0 (PKI)\nhttps://csrc.nist.rip/groups/STM/cmvp/documents/140-1/140sp/140sp1236.pdf" }, - { "3BDB960080B1FE451F830031C064BE1B0100019000FB", "Bank card" }, - { "3BDB960080B1FE451F830031C064C30801000F90009B", "SIM Aruba (Italian provider)" }, - { "3BDB960080B1FE451F830031C064C7FC100001900074", "Oberthur Cosmo (eID)\nhttp://www.stampit.org" }, - { "3BDB960080B1FE451F830031C064C7FC10000F90007A", "Guatemalan ID Card\nhttp://www.renap.gob.gt/" }, - { "3BDB960080B1FE451F830031C164084022300F90000A", "Oberthur v7 - in a Gemalto (was Gemplus) GemPC Key SmartCard Reader (grey USB dongle) - bought at ChamberSign (PKI)" }, - { "3BDB960080B1FE451F830031E85427E6040007900084", "Polish encard (eID)" }, - { "3BDB960080B1FE451F830031E85427E604000F90008C", "Token card from iBRE CompanyNet (mbank) (Bank)" }, - { "3BDB960080B1FE451F834553544F4E49412D65494455", "Estonian Identity Card (ID-One Cosmo v8.1) (eID)" }, - { "3BDB960080B1FE451F870031C1640958223607900019", "Idemia Solvo Fly 40 (JavaCard)" }, - { "3BDB960081B1FE451F0380F9A0000003080000100018", "Oberthur CS PIV End Point v1.08 FIPS201 Certified" }, - { "3BDB960081B1FE451F0380F9A0000003480000000149", "Fly Clear card" }, - { "3BDB960081B1FE451F8380F9A0000003080000100098", "Oberthur Cosmo v7 128K with PIV applet\nhttp://www.smartcardfocus.com/shop/ilp/id~410/p/index.shtml" }, - { "3BDB96FF80B1FE451F870031C164093364490F9000BC", "cnie Carte Nationale d'Identite Electronique (eID)" }, - { "3BDB96FF80B1FE451F870031C164093772130F9000F4", "French ID Card 2021 (eID)\nhttps://ants.gouv.fr/nos-missions/les-titres-produits-par-l-ants/les-documents-d-identite/la-puce-de-la-nouvelle-carte-nationale-didentite" }, - { "3BDB96FF8131FE4580670534B50201064081051B", "SINA STARCOS 3.5 BX-CombiCard+HSB (Other)" }, - { "3BDB96FFC01031FE4580671501B403000900810521", "Digital Tachograph Card for Professional Driver\nolish driver card for digital tachograph" }, - { "3BDC1802C10A31FE588031A873B0019B2460071320AA", "Public Services Card | Ireland (Other)\nhttps://psc.gov.ie/" }, - { "3BDC18FF00001225006480000401009000", "Vitale card CPS V4 (Carte Profesionnel de Sante) (HealthCare)" }, - { "3BDC18FF8011C18073C821136605036351000232", "GoTrust Idem Card (Other)\nhttps://www.gotrustid.com/idem-card" }, - { "3BDC18FF8091FE1FC38073C8211366010B0352000539", "Digital Signature Costa Rica (eID)" }, - { "3BDC18FF8091FE1FC38073C821136602040355000235", "ST security module for German smart meter gateway (JavaCard)\nhttps://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2-Anforderungen_an_die_Funktionalitaet.pdf?__blob=publicationFile&v=3" }, - { "3BDC18FF8111C18073C821136605036351000233", "GoTrust Idem Key (Other)\nhttps://www.gotrustid.com/idem-key" }, - { "3BDC18FF8111FE8073C82113660106013080018D", "Aladdin R.D. JaCarta LT (eID)" }, - { "3BDC18FF8191FE1FC3060A2B06010401E910050103D2", "DoD (Other)\nhttps://cps.ca.pkidefensie.nl/" }, - { "3BDC18FF8191FE1FC3060A2B06010401E910050203D1", "Caregiver card for Dutch Medical System called UZI (Unieke Zorgverlener Identificatie, Caring Unique Identification) (HealthCare)\nhttps://www.uziregister.nl/" }, - { "3BDC18FF8191FE1FC3060A2B06010401E910050204D6", "UZI (HealthCare)" }, - { "3BDC18FF8191FE1FC38073C821136601060130040155", "Athena IDProtect Key Laser" }, - { "3BDC18FF8191FE1FC38073C821136601061159000128", "JaCarta (PKI)\nhttp://www.aladdin-rd.ru" }, - { "3BDC18FF8191FE1FC38073C8211366010B0352000538", "Athena IDProtect Smart Card Logon Card" }, - { "3BDC18FF8191FE1FC38073C821136605024258000279", "NXP Athena SCS (PKI)" }, - { "3BDC18FF8191FE1FC38073C821136605036057000255", "NXP IDProtect (X) (JavaCard)" }, - { "3BDC18FF8191FE1FC38073C821136605036351000250", "JCOP3 SecID P60 CS (JavaCard)" }, - { "3BDC18FFC080B1FE751F035A43382E362052455620443657", "ZeitControl Professional Multi-Application BasicCard ZC8.6 (Other)\nhttps://www.zeitcontrol.de/Smart-card-BasicCard-Professional-ZC76" }, - { "3BDC96FF8111FE8031C8544356300573FFA1C03B", "NXP Javacard with Athena SCS OS (JavaCard)" }, - { "3BDC96FF8111FE8031C8544356350773FFA1C03C", "NXP JCOP 4, J3R200P0X3U/0ZA16CP NXD6.2 (JavaCard)" }, - { "3BDC96FF8191FE1FC38073C8211366050363510002DE", "Montenegro eID (eID)" }, - { "3BDC96FF81B1FE431FC30B46415245474F53414D5632CC", "Multismartcard SAM (used in proprietary Scheidt&Bachmann Smartcard Reader v2)" }, - { "3BDD18008131FE4580F9A0000000770100700A90008B", "National ID Card of Peru issued by RENIEC from Oberthur" }, - { "3BDD18008131FE4580F9A000000077010800079000FE", "Oberthur Cosmo v7 IAS ECC\nBrazilian 'e-CNPJ' card, issued by Certisign (Oberthur)" }, - { "3BDD18008131FE45904C41545649412D65494490008C", "Identity card (eID) Republic of Latvia\nhttp://www.pmlp.gov.lv/lv/pakalpojumi/passes/eid.html" }, - { "3BDD18008191FE1FC3006646530803003671DF00008097", "Feitian K9Plus - ePass FIDO-NFC with PIV (Other)\nhttps://ftsafe.com/products/FIDO/NFC" }, - { "3BDD18FF8191FE1FC3006646530803003671DF00008068", "Feitian FIDO NFC Plus K9 Security Key (Other)\nhttps://www.ftsafe.com/products/FIDO/NFC" }, - { "3BDD18FF8191FE1FC3FF4F70656E506879736963616CF6", "Open Physical PIV-Compatible NXP SECID P60 (eID)\nhttps://openphysical.org/" }, - { "3BDD18FFC080B1FE451FC30068D276000028040411009000C9", "Russian Federation driver card for the digital tachograph\nPolish driver card for digital tachograph" }, - { "3BDD18FFC080B1FE451FC30068D276000028040971009000A4", "Worktime/driving style monitoring card (Transport)\nhttp://www.paetronics.fi/en/" }, - { "3BDD96008010FE8031806301FFC073B3211B8105", "BIFIT iBank 2 USB Key (Bank)\nhttp://bifit.ua" }, - { "3BDD96008031FE450031B8640429ECC1739401808248", "Finnish Digital and Population Services Agency Organisation Card (eID)\nhttps://dvv.fi/en/organisation-cards" }, - { "3BDD960080B1FE451F8380640503040056564453414554FC", "VASCO DIGIPASS KEY 101 (Other)" }, - { "3BDD96008131FE4580F9A00000007701080007900070", "IDEMIA Cosmo v8.1-n (JavaCard)" }, - { "3BDD96FF801F034E5850204E53434F5320342E3006", "SCOSTA (Transport)" }, - { "3BDD96FF8131FE4580595F5374645F496E697481059B", "Karta kryptograficzna cryptoCertum 3.5 (PKI)\nhttps://www.certum.pl/pl/karty-do-czytnikow/" }, - { "3BDD96FF81B1FE451F03006404050803739621D0009000C9", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse" }, - { "3BDD96FF81B1FE451F03006404050A02739621D0009000CA", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse, issued 02/15 (HealthCare)" }, - { "3BDD96FF81B1FE451F030064057310A673D621C000900053", "New european health insurance card of the German health insurance" }, - { "3BDD96FF81B1FE451F038031B052010364041BB42281051B", "Austrian Motor Vehicle Registration Certificate (Transport)" }, - { "3BDD96FF81B1FE451F038031B052020364041BB422810518", "Austrian 'e-card' G3 (State Health Insurance Card)\n(running StarCOS 3.4 by Giesecke & Devrient)" }, - { "3BDD97FF81B1FE451F03006404050803739621D0009000C8", "German 'eGK' (State Health Insurance Card)" }, - { "3BDD97FF81B1FE451F0300640405080373969621D00090C8", "German public health insurance card ('Gesundheitskarte'), issuer Knappschaft" }, - { "3BDD97FF81B1FE451F03006404050A02739621D0009000CB", "German Elektronische Gesundheitskarte (eGK) (HealthCare)\nhttp://www.bmg.bund.de/en/health/the-electronic-health-card.html\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, - { "3BDE11000049434F5335330000000000000008", "MyKID (eID)" }, - { "3BDE13000049434F5335330000000000000008", "Malaysian citizens under age of 12 including newborns (non-compulsory) (eID)\nhttps://en.wikipedia.org/wiki/Malaysian_identity_card#MyKid" }, - { "3BDE18FF8191FE1FC38031815448534D317380214081071C", "SmartCard-HSM 4K USB-Token (JavaCard)\nhttps://www.smartcard-hsm.com/features.html#usbstick" }, - { "3BDE18FF81F1FB34001F074445534669726553414D56312E30D2", "Mifare Desfire SAM Module" }, - { "3BDE18FF81F1FE43003F078344455346697265382053414D2D5817", "NXP SAM" }, - { "3BDE18FFC080B1FE451F034573744549442076657220312E302B", "Estonian Identity Card (EstEID v1.0 2006 cold)" }, - { "3BDE86FF9101F1FB34001F074445534669726553414D56312E305D", "Mifare Desfire SAM Module (after warm reset) (Other)" }, - { "3BDE96FF8191FE1FC38031815448534D3173802140810792", "SmartCard HSM (PKI)\nhttps://www.smartcard-hsm.com/" }, - { "3BDE98FF8191FE1FC38031815448534D3173802140810792", "Nitrokey HSM 2 (PKI)\nhttps://docs.nitrokey.com/hsm/" }, - { "3BDF1100400A003180718666654E434F5331839000", "eNCOS MC MChip Advance V10 (Bank)\nhttps://tr.iccore.tech/" }, - { "3BDF18008131FE580031B964050E010073B401D300000022", "Identity Card in Slovakia with security chip and e-signature" }, - { "3BDF18008131FE588031905241016405C903AC73B7B1D444", "a.sign RK CHIP with certificate\nhttps://www.a-trust.at/webshop/Detail.aspx?ProdId=2021" }, - { "3BDF18008131FE588031B05202046405C903AC73B7B1D422", "Austrian 'e-Card' (=Health Card) of the 4th generation. (HealthCare)" }, - { "3BDF18008131FE58AC31B05202046405C903AC73B7B1D422", "e-Card Austria (HealthCare)" }, - { "3BDF18008131FE67005C49434DD49147D276000038330058", "Infineon SICRYPT Card Module D4 PC/SC Compliance Test Card" }, - { "3BDF18008131FE67005C49434DD49147D277000038330059", "Infocrypt Token++ (PKI)\nhttps://tokenplus.ru/products/%D0%A2%D0%BE%D0%BA%D0%B5%D0%BD/" }, - { "3BDF18008131FE7D006B020C0182011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)" }, - { "3BDF18008131FE7D006B040C0184011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)\nhttp://www.regione.toscana.it/cartasanitaria\nhttps://www.agid.gov.it/it/piattaforme/carta-nazionale-servizi" }, - { "3BDF18008131FE7D006B150C0180011101434E53103180E9", "Provider: Actalis S.p.A.\ncode: AT00006181\nhttp://www.actalis.it" }, - { "3BDF18008131FE7D006B150C0181011101434E53103180E8", "Italian healthcare card (TS) National Service Card (CNS)\nCarta Regionale dei Servizi - Regione Lombardia\nTuscany TS-CNS\nhttp://www.regione.toscana.it/cartasanitaria" }, - { "3BDF1801C04031FC7580738421E0694D54434F537302050516", "German digital tachograph control card (Transport)" }, - { "3BDF18FF8091FE1FC3003138644790ECC273140150829000BB", "Ministry of Interior - France 'Agent Card' (Other)" }, - { "3BDF18FF8131FE4580590180484944433730307300011B33", "Crescendo C700 + MiFare 4K\nhttp://www.smartcardfocus.com/shop/ilp/id~265/p/index.shtml" }, - { "3BDF18FF8131FE458073C8211059B81D417574684B6579BA", "Arculus AuthentiKey (Other)" }, - { "3BDF18FF8191FE1FC3003138644790ECC273140150829000BA", "Card store authentication and signature keys (JavaCard)\nhttps://ants.gouv.fr/Les-titres/Cartes-Agents/Adhesion/Telechargement-et-support" }, - { "3BDF18FF8191FE1FC30031B8640000EC0073940000829000FE", "NXP Jcop3 P60 ChipDoc v7b4 (JavaCard)\nhttps://www.javacardos.com/store/products/10029" }, - { "3BDF18FF8191FE1FC30031B86404216010739401C005900001", "Dutch Governement Identity Card using physical (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, - { "3BDF18FF8191FE1FC30031B8640C01ECC173940180829000B3", "ebee card\nhttps://www.ebeeoffice.ca/ebee-home/public\nDigital Signature Costa Rica (issued since 09/2019) (eID)\nhttps://www.mifirmadigital.go.cr/" }, - { "3BDF18FF81B1FE451F870031B96409377213738401E00000008E", "Slovak eID card with dual (NFC and physical) interface. It is Cosmo v9.2. The card is used for electronic identification and for electronic signing with either qualified or just electronic signing certificate. (eID)" }, - { "3BDF18FF81F1FE43001F034D494641524520506C75732053414D98", "Mifare SAM AV2" }, - { "3BDF18FF81F1FE43003F03834D494641524520506C75732053414D3B", "NXP SAM AV2 module" }, - { "3BDF18FF81F1FE43003F03834D4946506C75732053414D3B53414D3B", "Mifare SAM -AV2 (PKI)" }, - { "3BDF18FF81F1FE43003F07834D49464152452053414D204156333011", "NXP SAM AV3 module" }, - { "3BDF18FF910131FE4680319052410264050200AC73D622C099", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, - { "3BDF94FFC080B1FE451F03006AD2760000280415FA10040090006B", "UK Digital Tacho card (Other)" }, - { "3BDF94FFC080B1FE451F03006AD2760000280415FA40040090003B", "DVLA Company Card (Transport)" }, - { "3BDF9500801F878031A073FF21006345B105830F900060", "FUTURE CARD Normal ISO SIM (Telecommunication)" }, - { "3BDF9500801F878031A073FF21006345B309830F90006E", "Card Mobilis Algeria telecom (Telecommunication)\nhttp://www.mobilis.dz" }, - { "3BDF9500801FC38031E073FE211B674C455441323135BD", "SK Telecom SIM card (in Korea) (Telecommunication)\nhttp://www.sktelecom.co.kr/" }, - { "3BDF95FF8091FE1FC349445044554F33475049544356008029", "Generic Card NFC (eID)" }, - { "3BDF95FF8091FE1FC38025A0000000685319000173C8211329", "CardLogix Credensys-J Contacted Java Card 2.2.1 Global Platform 2.1.1 (Atmel AT90SC12872RCFT)\n(bank)" }, - { "3BDF96008031FE450031B864041FECC173940180829000EC", "Ministry of Interior - France 'Agent Card'\n(Carte Agent du Ministere de l'Interieur Francais)" }, - { "3BDF96008031FE450031B8640429ECC173940180829000DA", "Finnish identity card given by the City of Helsinki to all members of city council, board and commitees" }, - { "3BDF960080B1FE451F830012276F5741495242555331079000EA", "IDEMIA ID-One Cosmo V8.2 IAS ECC card (eID)" }, - { "3BDF960080B1FE451F838073BC9180F9A00000007780080201A4", "Latvian eSignature card (eID)\nhttps://www.lvrtc.lv/e-signature.html" }, - { "3BDF960080B1FE451F870031C16408923201738421E0059000C5", "Company Card for Transport companies (Transport)" }, - { "3BDF96008131FE4541434F532D4944303032382E3031366F", "Sri Lankan driving license [ web: motortraffic.gov.lk ] (eID)\nhttp://www.motortraffic.gov.lk/web/index.php?option=com_content&view=article&id=83&Itemid=140&lang=en" }, - { "3BDF96008131FE4580738421E0554978000080830F90000C", "Idemia Cosmo X (eID)\nhttps://cyber.gouv.fr/sites/default/files/2021/08/anssi-cible-cc-2021_36n.pdf" }, - { "3BDF96008131FE588031B05202056405A100AC73D622C020", "Austrian health insurance card 'e-card' (HealthCare)\nhttps://de.wikipedia.org/wiki/E-card_(Chipkarte)" }, - { "3BDF960081B1FE451F838073CC91CBF9A0000003080000100079", "Test PIV Cards available for sale from NIST\nhttp://csrc.nist.gov/groups/SNS/piv/testcards.html" }, - { "3BDF960090103F07008031E0677377696363000073FE210006", "swsim card (Telecommunication)" }, - { "3BDF960090103F07008031E0677377696363000073FE2100DC", "swsim (Telecommunication)" }, - { "3BDF96FF8131FE455A018048494443313158587300011B09", "HID Crescendo iCLASS Px G8H" }, - { "3BDF96FF8131FE4580590180504956434C41537300011BDE", "HID Global pivCLASS v1.0 (PKI)\nhttp://www.hidglobal.com/products/cards-and-credentials/pivclass/pivclass-smart-card" }, - { "3BDF96FF8131FE45805B44452E42415F53433335328105B5", "Employee ID card from the Federal Employment Agency (Germany) (PKI)\nhttps://www.pki.arbeitsagentur.de/" }, - { "3BDF96FF8131FE45805B44452E424E4F544B3130308105A0", "BeA - Certification Card for German Solicitors (Other)\nhttps://bea.bnotk.de/" }, - { "3BDF96FF81B1FE451F870031B96409377213738401E000000000", "National Identity Card of Slovakia (eID) (eID)\nhttps://en.wikipedia.org/wiki/Slovak_identity_card" }, - { "3BDF96FF910131FE4680319052410264050200AC73D622C017", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, - { "3BDF97008131FE588031B05202056405A100AC73D622C021", "Austrian healthcare insurance identification card (HealthCare)\nhttps://www.chipkarte.at" }, - { "3BDF970081B1FE451F838073CC91CBF9A0000003080000100078", "NASA PIV Card (Other)" }, - { "3BE000008131104505", "Emoney indonesia (Bank)" }, - { "3BE000008131204030", "SmarTEC" }, - { "3BE000FF8131FE4514", "'JUKICARD', digitally sign tax documents in Japan" }, - { "3BE20000402049..", "Schlumberger Cryptoflex 4k" }, - { "3BE2000040204905", "Schlumberger Cryptoflex DES" }, - { "3BE2000040204906", "Schlumberger Cryptoflex" }, - { "3BE2000040204907", "Schlumberger Cryptoflex Key Generation" }, - { "3BE200FFC11031FE55C8029C", "Aladdin eToken PRO (USB token)\nSiemens CardOS M4.0" }, - { "3BE300FF9181712644000113202D", "Metrebus Card\n(used in Rome to store personal information and Atac subscription.\nAtac is the public transport company of the city of Rome.)\nhttp://www.atac.roma.it/smart/smart.asp?A=2&S=22&PR=4&LNG=2" }, - { "3BE500008121459C100100800D", "BIN 470132 -- BANK OF AMERICA VISA DEBIT -- GEMALTO MGY 0 U1090788B - 12/14 F8 00 89 (Bank)" }, - { "3BE500008131FE45D00037008089", "ATM card for Standard Chartered, Taiwan" }, - { "3BE500FF8131FE458073C601082D", "MUFG (.jp) (Bank)" }, - { "3BE6000080318066B1A30401110B83", "Java Jcop J2A040 (JavaCard)" }, - { "3BE6000080318066B1A30401110B83009000", "VISA Credit Card (Bank)" }, - { "3BE60000812145324B010101017A", "Axalto Cyberflex Palmera V5" }, - { "3BE600FF8131FE4544492030324D70", "Alior Sync (Poland) - MasterCard Debit Card with PayPass (Bank)\nMasterCard Contactless Debit Card issued by Raiffeisen Bank in Czech Republic\nDebit MasterCard with paypass issued by Bank Zachodni WBK (Poland)\nDebit MasterCard with paypass issued by AliorSync" }, - { "3BE600FF8131FE454449203032566B", "VISA credit card (DKB)" }, - { "3BE600FF8131FE454A434F50303307", "IBM JCOP 30/16" }, - { "3BE600FF8131FE454A434F50313005", "IBM JCOP 10/16\nRental card for Blockbuster, Taiwan" }, - { "3BE600FF8131FE454A434F50323006", "IBM JCOP 20/16\nIBM JCOP20 with MIFARE\nor Datakey Smart Card Model 330J\nhttp://www.datakey.com/products/smart_cards/products_sc_330j.shtml" }, - { "3BE600FF8131FE454A434F50323107", "IBM JCOP ID21" }, - { "3BE600FF8131FE454A434F50333007", "Mifare ProX T=1" }, - { "3BE600FF8131FE454A434F50333106", "IBM JCOP 30/31bio (contact interface)" }, - { "3BE600FF8131FE4580640C7000008A", "AEON Credit Card (Bank)\nhttps://www.aeon.co.jp/card/lineup/" }, - { "3BE700008131FE4200639531059000B9", "Chunghwa Post Co., Ltd. Visa Debit Card (Bank)\nhttp://www.post.gov.tw/post/internet/U_english/index.jsp?ID=24030107" }, - { "3BE70000918131FE410110300100908049", "'FirmenTicket' from the 'Rheinbahn' for the 'VRR'\nits a ticket corporates can buy for their employees. so its called\n'FirmenTicket'. 'Rheinbahn' is the local service operator for the\nmass traffic in and around duesseldorf/germany. 'VRR' is traffic\nnetwork spanning over at least a big part of north rhine westphalia\n(Verkehrsverbund Rhein-Ruhr)\nhttp://www.vrr.de/de/tickets_und_tarife/vielfahrer/firmenticket/index.php" }, - { "3BE700FF8131FE454430382E30203657", "EMV (MasterCard) card, issued by Raiffeisen Bank in Russia\n'Deutsche Kreditbank AG' Visa Card produced by AustriaCard GNC\nAll cards (MasterCard, Maestro, VISA Electron) issued by Raiffeisen Bank in Romania\nEMV (MasterCard) Card, issued by Raiffeisen Bank in Czech Republic" }, - { "3BE700FF8131FE454430382E31203656", "WinWin Austria Player-ID-Card (Other)\nhttps://www.winwin.at/" }, - { "3BE700FF8131FE454430382E32203655", "Mastercard (Bank)" }, - { "3BE700FF8131FE454D43412038203652", "Mastercard credit card issued by 'PayLife Bank GmbH'.\nBank number is '5266' - Bawag PSK." }, - { "3BE700FF8131FE458031C073C62148BE", "Japanese ETC (Electronic Toll Collection System) card (Transport) and Credit card (Issuer: Toyota) (Transport)" }, - { "3BE700FF81B1FE451F018031C073C6214820", "Japanese ETC (Electronic Toll Collection System) card (Transport)" }, - { "3BE8000040FA0073C84011009000", "KEBTechnology KONA USB SmartCard (Other)" }, - { "3BE800008031FE450073C8401300907DE7", "National Health System of Spain - Consejeria de Sanidad y Servicios Sociales - JUNTA DE EXTREMADURA (HealthCare)\nhttps://www.juntaex.es/es/lajunta/consejo-de-gobierno/vicepresidencia-segunda-y-consejeria-de-sanidad-y-servicios-sociales/servicio-extremeno-de-salud" }, - { "3BE80000813120450073C8400000900056", "Visa credit card for Standard Chartered, Taiwan" }, - { "3BE800008131FE00506572736F53696DAA", "Simulated virtual smartcard, from project PersoSim (eID)\nhttps://persosim.de/?q=node/33" }, - { "3BE800008131FE450073C8400000900088", "VISA Card (Skandinaviska Enskilda Banken) with Swedish BankID\nVISA card (Chinatrust Bank (Taiwan), dual-interface card with a Taipei Metro e-purse function)" }, - { "3BE800008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BE800008131FE454A434F5076323431B4", "VISA Debit card for NAB, Australia" }, - { "3BE800FF8131FE43AA00000000000000B0", "Secure Signing Token (eID)" }, - { "3BE800FF8131FE45434C6169726520361A", "DKB Visa card with PayWave" }, - { "3BE90000812145454D565F41545220066C", "VISA card, issued by HVB Bank Czech Republic or austrian BankAustria\nhttp://www.hvb.cz" }, - { "3BE900008121454D435F5F494E46200665", "MasterCard Credit card issued by SpareBank1 in Norway\nhttp://www.sparebank1.no" }, - { "3BE900008121455649535F494E46200678", "VISA card, issued by the Austrian 'Raiffeisen' bank\nhttp://www.raiffeisen.at/\nVisa Card - Maximum - Oyak Bank / Turkey\nVISA, issued by Austrian bank 'Erste Bank'\nVISA card, issued by the Latvian bank 'Latvijas Krajbanka'" }, - { "3BE900008131C345996374691999125610EC", "Compunicate Technologies Inc. (Pay TV)\nhttp://www.cti.com.cn/en/product.aspx?m=20140731165252850216" }, - { "3BE900008131FE00FF506572736F53696D54", "German PersoSim (eID)\nhttps://persosim.secunet.com/en/" }, - { "3BE900008131FE4541434F534A76323034F6", "ACS ACOSJ-DI 95K (in T=1 mode) (JavaCard)" }, - { "3BE900008131FE4543443169A90000000014", "Mastercard credit card, UBS Switzerland (Bank)" }, - { "3BE900008131FE45434432690900000000B7", "Swiss UBS MasterCard Creditcard" }, - { "3BE900008131FE45454D5620303320200699", "Visa credit card\nMasterCard credit card" }, - { "3BE900008131FE45454D5630325F34530680", "Maestro Card issued by 'First Investment Bank' in Bulgaria\nhttp://fibank.bg/\nVisa Electron card: TATRA BANKA, a.s." }, - { "3BE900008131FE454A434F503130563232A3", "ORGA Open Platform DES 16k V2.0 / JCOP10" }, - { "3BE900008131FE454A434F503234325232A0", "NXP J3D081 (JavaCard)" }, - { "3BE900008131FE454A434F503331563232A0", "JCOP 31 / 72k" }, - { "3BE900008131FE454A434F503431563232A7", "IBM JCOP v2.2 41" }, - { "3BE900008131FE454D434120303320200688", "PayLife Gold MasterCard -- an unbranded version of the master card" }, - { "3BE900FF8131FE45434C6169726532203629", "UB(SK) Visa Vusiness card with PayWave (Bank)\nhttps://www.vub.sk/en/companies-entrepreneurs/cards/debit-cards/visa-business/" }, - { "3BE900FF8131FE45434C6169726533203628", "BZ WBK Mastercard (Bank)" }, - { "3BE900FFC11031FE5500640500C80231800047", "Identity card of Italian Republic" }, - { "3BE900FFC11031FE55C80120504E34303132AD", "Siemens CardOS/M 3.0 (SLE66CX160S)" }, - { "3BEA0000813120438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, - { "3BEA0000813120438065A20101013D72D643A5", "GemXpresso Pro R3 32PK (MPCOS, T=1) (warn reset)" }, - { "3BEA00008131FE450031C173C840000090007A", "Nigerian eID Card (cold reset)\nChip is NXP JCOP 2.4.1R3\nDual BCR Signum Mastercard (bank) + Digital Signature Costa Rica (eID)\nhttps://bancobcr.com/wps/portal/bcr/bancobcr/personas/tarjetas/signum_firma_digital/" }, - { "3BEA00008131FE45436F6D624F5320494900FE", "UBS VISA Gold Card\nMasterCard from lhv.ee\nNordea Bank Finland PLC Estonian Branch (ABnote)" }, - { "3BEA00008131FE454A434F5033315632333290", "NAB VISA Debit card" }, - { "3BEA00008131FE454A434F5034315632323195", "HID Crescendo C700\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c700" }, - { "3BEA00FF813120750064051401023100900027", "GCOS-MDK" }, - { "3BEA00FF8131FE455455422D434B010301007B", "Technische Universitat Berlin - Campus Karte\nMaybe Sm@rtCafe Expert 2.0 (Giesecke & Devrient)\nor GemXpresso 211 PK (Gemplus)\nIncludes a Mifare-Chip (1 KB - Memory-Chip)" }, - { "3BEB0000813120454A434F503331333647445478", "card for testing (eID)" }, - { "3BEB0000813142454E4C436853434B303430312B", "Dutch University accesscard & Electronic purse & telphone card" }, - { "3BEB0000813142454E4C4368697070657230310A", "Dutch Post (Chipper)" }, - { "3BEB00008131FE450031C0643F680102079000B6", "Chris firstbank (Bank)" }, - { "3BEB00008131FE450031C0643F6801020F9000BE", "VISA Debit card for Taishin International Bank, Taiwan (Bank)" }, - { "3BEB00008131FE450031C0643F680108079000BC", "Debit Mastercard of Mega ICBC, Taiwan (Bank)\nhttps://www.megabank.com.tw/en-us/english/credit-card" }, - { "3BEB00008131FE450031C064A9EC010082900023", "Junta de Extremadura (Spain) public healthcare card (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, - { "3BEB00008131FE45436F6D624F5320312E3015C5", "Reka Card - Swiss Holiday Member Card (Loyalty)\nhttps://reka.ch/en/rekamoney/privatepersons/reka-card/Seiten/reka-card.aspx?lang=en" }, - { "3BEC00004032424C554520445241474F4E20430001", "Pay TV" }, - { "3BEC00004032544954414E49554D00110106", "Titanium high security access smartcard (the back says something about 'DoorCard') (Other)" }, - { "3BEC00004032544954414E49554D00130202", "Titanium 2 Card Pirat Card for Seca 2 / Viaccess 2004 (Pay TV)" }, - { "3BEC00FF8131FE45A0000000563333304A330600A1", "Datakey model 330J card, www.datakey.com\nhttp://www.hmk.de/downloads/datakey/Model_330J_Smart_Card.pdf\nModel 330J JavaCard v2.1.1\nGlobal Platform v2.0.1 specifications.\nJCCOS operating system applet (Java-based Cryptographic Card Operating System)" }, - { "3BED000080318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 Normal Speed" }, - { "3BED00008131204380318065B083......830090....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, - { "3BED00008131204380318065B08302047E8300900032", "Latvian Digital Signature Card (warm)\nhttp://www.eme.lv/" }, - { "3BED00008131804280318065B0872701BC830890007D", "EMV (V PAY) Issued by UniCredit Bulbank Bulgaria\nGXP7 T=1" }, - { "3BED00008131804280318065B0894001F28300900052", "VISA Debit card for Taishin International Bank, Taiwan" }, - { "3BED00008131FE450031C071C6644D3533560F900046", "Kostadin (Bank)" }, - { "3BED00008131FE450031C071C6644D35354D0F9000", "ING Credit Card (Bank)\nhttps://www.ing.nl/particulier/betalen/creditcards/index.html" }, - { "3BED00FF813120754D424320534D502056312E3130BD", "Used to Control a Laser Device" }, - { "3BEE00008131804280318066B0840C016E01830090008E", "MultiApp Cards (Easy 72K Type B and Combi 72K Type B)\nE.SUN Commercial bank debit master card (Bank)\nTaiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, - { "3BEE00008131804380318066B1A1110100F683009000", "Optelio/Desineo Cards (D72 FXR1)" }, - { "3BEE00008131804380318066B1A11101A0F683009000", "Optelio D72 FXR1 (MD) T=1" }, - { "3BEE00008131804380318066B1A30401110B83009000D4", "Japan Post Bank cash card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/chokin/sogou/kj_cho_sg_iccard.html" }, - { "3BEE00008131FE45003180718665016702A00A8390001B", "IBM JCOP 'Java Card 2.1.1' et 'Open Platform 2.0.1'" }, - { "3BEE00008131FE4580318066409093060F1783019000FD", "Health insurance (HealthCare)" }, - { "3BEE00008131FE4580318066409093060F17830F9000F3", "IC card for the National Health Insurance, Taiwan" }, - { "3BEF..0040148025434552455357....0101039000", "Electronic Identification Card from the FNMT, the Spanish Official\nCertification Authority (Fabrica Nacional de Moneda y Timbre)\nFNMT-Ceres Siemens Infineon SLE 19" }, - { "3BEF..0040148025434552455357....0102039000", "FNMT-Ceres Siemens Infineon SLE 20\nFabrica Nacional de Moneda y Timbre" }, - { "3BEF000081312049005C5043541027F8D27600003833004D", "Infineon Technologies PC/SC Compliance Test Card V1.0" }, - { "3BEF000081314069005C50435335C53AD27600003833000F", "Siemens Nixdorf Sicrypt" }, - { "3BEF00008131FC4580318065110113000153414345810421", "Slovenska sporitelna (SLSP) Bank card, Maestro Card with chip" }, - { "3BEF00008131FC4580318065111123100253414345810412", "VISA card issued by UBS, Switzerland" }, - { "3BEF00008131FE450031C173C8211064474D313600900067", "ING Gold Credit Card (Italy) (Bank)\nhttps://www.ing.it/" }, - { "3BEF00008131FE45417441434F53322E345345204C6337C9", "Maestro Polish Alior debit card (Bank)" }, - { "3BEF00008131FE4543443269A98100002020202020200090", "UBS Switzerland Mastercard credit card (Bank)" }, - { "3BEF00008131FE4543443369098000002020202020200030", "Nordea Credit Gold MasterCard (Bank)\nhttp://www.nordea.ee/Private+customers/Daily+banking/Cards/Nordea+Gold/67062.html?lnkid=frontpage_teaser_GOLD_30-07-2014" }, - { "3BEF00008131FE45434D425F436F6D4444413030353500F7", "Master Card (emitted by bank Nordea - Lithuania)" }, - { "3BEF00008131FE45434D425F436F6D5344413030343000E4", "VISA (Danske Bank Eesti / www.sampopank.ee)" }, - { "3BEF00008131FE45434D425F436F6D5344413030353100E4", "Visa (Sampo Estonia, 2010)" }, - { "3BEF00008131FE45436F6D624F53205620202020202000AD", "Corporate Credit Card - SIEMENS MasterCard issued by Degussa Bank (Bank)" }, - { "3BEF00008131FE45436F6D624F53205649202020202000C4", "VfB Stuttgart Fankarte (pay card for the football stadium of the german club VfB Stuttgart)" }, - { "3BEF00008131FE45444C415A46545632444944313030FF06", "Lufthansa ID Card (eID)" }, - { "3BEF00008131FE45455041000000008891027200000000D9", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, - { "3BEF00008131FE45455041000000010130622200000000C0", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, - { "3BEF00008131FE4546494F4D4B5F3030312030313041009C", "MasterCard/PayPass Card issued by Czech FIO Banka a.s. (contact chip)\nnote the ASCII string ' FIOMK_001 010A' embedded in ATR" }, - { "3BEF00008131FE65005C504353D19147D276000038330070", "Siemens/Infineon Sicrypt S26381-F252-V1 GS:03" }, - { "3BEF00008131FE67005C49434DDBC97ED27600003833001E", "Infineon SICRYPT CardModule Card" }, - { "3BEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, - { "3BEF00FF81312045426173696343617264205A43322E33BD", "ZeitControl BasicCard Enhanced 2.3" }, - { "3BEF00FF81312045426173696343617264205A43332E33BC", "Electronic Purse (Elton Senegal)" }, - { "3BEF00FF81312075426173696343617264205A43332E338C", "ZeitControl BasicCard Enhanced 3.3" }, - { "3BEF00FF81312075426173696343617264205A43332E3788", "ZeitControl BasicCard Enhanced 3.7" }, - { "3BEF00FF81312075426173696343617264205A43332E3986", "ZeitControl BasicCard Enhanced 3.9" }, - { "3BEF00FF81314245.*38", "UNI-Card" }, - { "3BEF00FF8131424565630302030280002240489596002028", "Scard Sparkasse Detmold, Deutschland BLZ 47650130" }, - { "3BEF00FF81315045426173696343617264205A43312E31CC", "ZeitControl BasicCard Compact 1.1" }, - { "3BEF00FF813150456563............................", "GeldKarte v2 (Germany)" }, - { "3BEF00FF8131504565630000000000000000000000000000", "Geldkarte v2" }, - { "3BEF00FF813150456563080B40028000081520033604007E", "old banking card (electronic-card / Maestro / Geldkarte) of the\nStadt-Sparkasse Duesseldorf (like the above, but old - around 2002)." }, - { "3BEF00FF8131504565630D24200280000508335610010243", "German ec card" }, - { "3BEF00FF813152454D46432049424D2034304839363031FB", "IBM MFC 3.5 file system smart card\n(Card from the book 'Smart Card Application Development Using Java')" }, - { "3BEF00FF8131604565630402110000000000A532A50111B6", "GledKarte\nSiemens M3-Module with a Motorola SC-28.\nG&D (Giesecke&Devrient) Geldkarten-OS mit der Version 11" }, - { "3BEF00FF813160456563060314025000065108115E014190", "Geldkarte from Deutsche Bank, Thomson-Chip" }, - { "3BEF00FF8131664549424D204D46433430303230383331A1", "IBM MFC 4.1 file system smart card\nCard from the book 'Smart Card Application Development Using Java'\nauthors: Uwe Hansmann, Martin. S. Nicklous, Thomas Schack, Achim Schneider, Frank Seliger" }, - { "3BEF00FF813166456563202049424D20332E3120202020", "IBM eCash" }, - { "3BEF00FF813166456563202049424D20332E3120202020CF", "IBM eCash" }, - { "3BEF00FF8131864549424D204D4643343030303038333143", "ComCard MFC 4.1" }, - { "3BEF00FF8131FE4065631D038602500023151131280110FD", "DKB Banking Card (EC-Karte 2023) (Bank)\nhttps://www.dkb.de/" }, - { "3BEF00FF8131FE4141434F532046696F6E6131204C633666", "EUROBANK GR (Bank)\nNBG BANK (Bank)" }, - { "3BEF00FF8131FE4541434F53204449616E6131204C63364E", "comdirect VISA card (Bank)\nhttps://www.comdirect.de/konto/karten.html#Visa-Karte" }, - { "3BEF00FF8131FE4541434F53204449616E6132204C63364D", "Alior Bank SA (Bank)\nhttps://www.aliorbank.pl/" }, - { "3BEF00FF8131FE45656306087102500023B8105BA0471116", "DKB Banking Card (EC-Karte 2020) (Bank)" }, - { "3BEF00FF8131FE4565630D12810156001F00006686080122", "Commerzbank signature card SECCOS (6 or 7) providing RAH security profile (Bank)\nhttps://www.chipkartenleser-shop.de/commerzbank/electronic-banking-chipkarten/commerzbank-signaturkarte-2710050006" }, - { "3BEF00FF8131FE4565631104010280000F274000030100E1", "Postbank Geldkarte" }, - { "3BEF00FF8131FE4565631104010280000F462004230100C4", "Postbank ec/Maestro (Germany)" }, - { "3BEF00FF8131FE4565631108430250001021200324053016", "Bank (Bank)" }, - { "3BEF00FF8131FE456563111261025000100A072722071022", "DKB Online Banking Card (Bank)\nhttps://www.dkb.de" }, - { "3BEF00FF8131FE456563111261025000100A07811C0710BA", "German Sparkasse HBCI card (Bank)\nhttps://www.sparkasse.de/service/finanzlexikon/hbci-verfahren.html" }, - { "3BEF00FF8131FE4565631113710528001F00010228372060", "MasterCard of SpardaBank Hamburg in Germany (Bank)\nhttps://www.sparda-bank-hamburg.de" }, - { "3BEF00FF8131FE4565631113710528001F0006124137201E", "BankCard Sparda-Bank Baden-Wurttemberg eG (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F0007241A372072", "Commerzbank Maestro Card (Bank)\nhttp://www.maestrokarten.de/girokontovergleich/commerzbank_girokonto.html" }, - { "3BEF00FF8131FE4565631113710528001F00083B3C372044", "Comdirect Debit Card Germany - AustriaCard 55616 (Bank)\nhttps://www.comdirect.de/" }, - { "3BEF00FF8131FE4565631113710528001F000A1B18372042", "German debit card (girocard, V-Pay) (Bank)\nhttps://www.girocard.eu/english/" }, - { "3BEF00FF8131FE4565631113710528001F000B161C37204A", "Commerzbank / girocard /maestro (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F000D163A37206A", "BankCard Sparda-Bank West eG (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F00120F24372072", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F00153D47372024", "Girocard issued by Comdirect bank AG (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F00193516372071", "Commerzbank Germany (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F00024D36371005", "comdirect girocard (Bank)\nhttps://www.comdirect.de/konto/karten.html#girocard" }, - { "3BEF00FF8131FE4565631114710528001F0003443137100A", "DKB Banking Card (Bank) (Bank)\nhttps://www.dkb.de" }, - { "3BEF00FF8131FE4565631114710528001F00034A36371003", "German Sparkasse, Girocard, GeldCard, girogo, EUROSERV (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F0005210F371057", "girocard maestro Bank (Bank)\nhttps://www.girocard.eu/" }, - { "3BEF00FF8131FE4565631114710528001F0006302F371065", "MasterCard German Sparkasse (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F0006543137101F", "Sparkasse (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F00071D46371020", "DKB (Deutsche Kreditbank) debit card (V-PAY) (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000A1E1337107B", "girocard (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000B361B37105A", "Kreissparkasse bank Girocard (Germany) (Bank)\nhttps://www.kskmse.de/de/home/privatkunden/girokonto/girokonto-online.html?n=true&stref=productbox" }, - { "3BEF00FF8131FE4565631114710528001F000C1A1737107D", "Bank card issued by Sparkasse (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000C2024371074", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ... (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000C3D35371078", "Sparkasse KolnBonn Bank (Bank)\nhttps://www.sparkasse-koelnbonn.de" }, - { "3BEF00FF8131FE4565631114710528001F0010142437105C", "Deutsche Kreditbank AG (Bank)\nhttps://www.dkb.de/" }, - { "3BEF00FF8131FE4565631114710528001F00112D4F37100F", "Bank card (Bank)\nhttps://www.commerzbank.de/" }, - { "3BEF00FF8131FE4565631114710528001F00113B32371064", "DKB GiroCard (Bank)\nhttps://dkb.de" }, - { "3BEF00FF8131FE4565631114710528001F00172846371005", "Sparkasse Zwickau Maestro card (Bank)\nhttps://www.spk-zwickau.de/de/home/privatkunden/girokonto/sparkassencard.html" }, - { "3BEF00FF8131FE4565631114710528001F00180F48371023", "SparkassenCard (Bank)\nhttps://sparkasse.de" }, - { "3BEF00FF8131FE4565631114710528001F0018242A37106A", "Sparkasse girocard (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F00182D1C371055", "Debit card (Germany): ec-cash, GeldKarte(EUR) (Bank)" }, - { "3BEF00FF8131FE456563111562025000100A002B2107201E", "EC Card Sparkasse Mittelfranken Sued (Bank)\nhttps://www.spkmfrs.de" }, - { "3BEF00FF8131FE456563111562025000100A002EFC0720C6", "maestro BankCard (Bank)" }, - { "3BEF00FF8131FE456563111562025000100A09AC030720B2", "Girocard Sparkasse Darmstadt (Bank)" }, - { "3BEF00FF8131FE4565631901620280000F003500420620BB", "Credit card (Germany, Postbank AG): VISA" }, - { "3BEF00FF8131FE4565631D0284025000230509A0D9010182", "Debit card (Bank)" }, - { "3BEF00FF8131FE4565631D028402500023180920E7010121", "Deutsche Kreditbank AG (DKB AG) bank card (Bank)\nhttps://www.dkb.de/info/tan-verfahren/chipTAN/" }, - { "3BEF00FF8131FE458031C06B49424D204A65745A204D3239", "UBS Internet Card (IBM JetZ M2)" }, - { "3BEF00FF8131FE458031E06B042105026B55555555555568", "MasterCard credit card for Mega International Commercial Bank, Taiwan (Bank)\nhttps://www.megabank.com.tw/creditcard/index.asp" }, - { "3BEF00FF8131FF6549424D204D4643393232393238393017", "IBM MFC 4.22 (University of Cambridge smartchip card)" }, - { "3BF01100FF01", "Not a physical smart card. But a JavaCard simulator ATR with default configuration. (JavaCard)" }, - { "3BF01200FF9181B17C451F019B", "Japanese Chijou Digital B-CAS Card (pay TV) (Pay TV)" }, - { "3BF01200FF9181B17C451F0399", "Japanese Chijou Digital B-CAS Card (pay TV)" }, - { "3BF01200FF9181B1EF451F030A", "Japanese Digital CATV C-CAS card" }, - { "3BF01300001000", "MasterCard ETEC InterOp 27. This is an dual-app Maestro/MasterCard Credit EMV test card" }, - { "3BF01300008131FE45E8", "Healthcare card Romania (HealthCare)\nhttp://www.cnas.ro/casmb/national-page/cardul-national-de-asigurari-de-sanatate-2.html" }, - { "3BF01300FF9181B1FE461F0319", "Japan BS/CS 4K Satellite Broadcasting A-CAS Card (Pay TV)\nhttp://www.acas.or.jp/index.html" }, - { "3BF2180000C10A31FE55C80675", "HID iCLASS P16K C4H\nproximity card used for both door locks and keystore" }, - { "3BF2180002C10A31FE55C80776", "Siemens CardOS V4.3" }, - { "3BF2180002C10A31FE58C80874", "Siemens CardOS V4.3B\nD-Trust multicard 2.1 (may only be the testcard for it)" }, - { "3BF2180002C10A31FE58C80975", "Siemens CardOS V4.2B" }, - { "3BF2180002C10A31FE58C80B77", "CardOS V4.2C (SLE66CX360PE dual interface)" }, - { "3BF21800FFC10A31FE55C8068A", "Siemens CardOS M 4.2 (SLE66CX642P)" }, - { "3BF2960000813180438031A6", "Card of Justice (Other)" }, - { "3BF29800FFC11031FE55C80315", "Siemens CardOS M 4.01 (SLE66CX320P)" }, - { "3BF29800FFC11031FE55C80412", "CardOS M4.01a (SLE66CX322P)" }, - { "3BF39600FFC00A31FE4D8031E083", "MARX Cryptoken (supported by RaakSign)" }, - { "3BF41300008131FE4552465A4FED", "Serbian Health Care electronic card (HealthCare)\nhttp://www.rfzo.rs/index.php/osiguranalica/ekartica" }, - { "3BF4180002C10A31FE5856346376C5", "Eutron CryptoIdentity (reader + card token)" }, - { "3BF41800FF8131805500318000C7", "Identity card of Italian Republic" }, - { "3BF49800FFC11031FE554D346376B4", "Eutron Digipass 860 (reader + card token)" }, - { "3BF51300008131FE4573746431308F", "card for NF-e in Brazil (PKI)\nhttps://certificadodigital.imprensaoficial.com.br/certificados-digitais/e-cnpj/a3/e-cnpj-a3-cartao" }, - { "3BF51800008131FE454D794549449A", "Aventra ActiveSecurity MyEID\nhttp://www.aventra.fi/pdf/ActiveSecurity%20MyEID%20Tokens%20white%20paper%20(2p)%20EN.pdf" }, - { "3BF518000210804F73454944", "Atmega 128 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, - { "3BF57100FFFE2400011E0F3339320103", "Mydo IC Card from Japan, based on NTTDATA CARD (Loyalty)\nhttps://www.idemitsu.com/company/history/13.html" }, - { "3BF59100FF918171FE40000A086E773A65", "iCLASS Card (Other)" }, - { "3BF59100FF918171FE4000410000000005", "Contactless Mifare Ultralight" }, - { "3BF59100FF918171FE400041080000000D", "Contactless Mifare" }, - { "3BF59100FF918171FE400041180000001D", "Contactless Mifare 4k" }, - { "3BF59100FF918171FE400041880000008D", "Contactless Mifare 1k or 4k" }, - { "3BF59100FF918171FE4000420001008186", "American Express Blue RFID" }, - { "3BF59100FF918171FE400042000100D1D6", "Japanese Public Key Infrastructure (PKI)\nhttps://www.jpki.go.jp/\nMy Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttps://www.cao.go.jp/bangouseido/" }, - { "3BF59100FF918171FE400042000177D1A1", "German Passport (ePass) (issued May 2008)" }, - { "3BF59100FF918171FE4000420001B3A115", "Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/" }, - { "3BF59600008.31FE454D794549441.", "MyEID card (Infineon chip) (PKI)\nhttps://services.aventra.fi/English/products_MyEID_E.php" }, - { "3BF61300FF1080434849503232", "PostFinance debit (Bank)\nhttps://www.postfinance.ch" }, - { "3BF61300FF910131FE4080640F7000009E", "JA Bank Cash Card (Bank)\nhttps://www.jabank.org/" }, - { "3BF61800FF8131FE454A32413038301B", "NXP J2A080 - 80K (blank)\nhttp://www.classic.nxp.com/acrobat_download2/literature/9397/75016728.pdf" }, - { "3BF61800FF8131FE454A434F5032300E", "IBM JCOP20" }, - { "3BF61800FF8131FE454A434F5033300F", "Philips P8RF5016 running IBM JCOP 30 (contact interface)" }, - { "3BF61800FF8131FE454A434F5033310E", "IBM JCOP BIO31\nIBM JCOP BIO31 Java card" }, - { "3BF71100008131FE6543616E6F6B657999", "Canokey (Other)\nhttp://canokeys.org/" }, - { "3BF711000081718042000063950A019000B9", "ATM Card for Chunghwa Post Inc., Taiwan" }, - { "3BF71100008171FE420000639501019000CC", "ATM Card for Mega International Commercial Bank, Taiwan\nATM card for HSBC Direct, Taiwan\nATM card for TaChong Bank, Taiwan\nATM card for Chunghwa Post, Taiwan\nVISA card for Taipei Fubon Bank, Taiwan\nATM card for Cathay United Bank, Taiwan (Bank)\nhttps://www.cathaybk.com.tw/cathaybk/english/eindex.htm" }, - { "3BF71100008171FE420000639531029000FF", "VISA card for Taipei Fubon Bank, Taiwan" }, - { "3BF71100008171FE420000639531049000F9", "E.SUN Bank, Taiwan (Bank)\nhttps://www.esunbank.com.tw" }, - { "3BF71100008171FE420000639531059000F8", "ATM card for Chunghwa Post, Taiwan\nATM card for E.Sun Commercial Bank, Taiwan\nATM card for Taishin International Bank, Taiwan\nATM card for Bank of Taiwan, Taiwan\nATM card for Land Bank of Taiwan, Taiwan" }, - { "3BF711000140965430040E6CB6D6", "Atmel (FunCard) Smart Card with AT90S8515 and 24LC64 chip on it (Other)\nhttp://docs-europe.electrocomponents.com/webdocs/1173/0900766b811730a2.pdf" }, - { "3BF711000140965430040E6CB6D69000", "PIC16F876-04/SP (PICCard2) or\nPIC16F84A-04/P + 24LC16B (PICCard1) or\nCanal + Canal Digital Spain year 2000/2001 or\nPIC Silver Card 2 (PIC16F876/7 + 24C64)" }, - { "3BF711000140965760140E6CB6D6", "old SECA of D+ Italian sat pay tv" }, - { "3BF711000140965842140E6CB6D6", "UK on digital (terrestrial digital TV card)" }, - { "3BF711000140966060060E6CB6D6", "CANAL+ CANALSATELLITE SmartCard (possibly from 2005) (Pay TV)" }, - { "3BF711000140967070070E6CB6D6", "Cyfra+ SECA Card\nhttp://cyfraplus.pl/" }, - { "3BF711000140967070070E6CB6D69000", "M-II (a.k.a. M-2, a.k.a. Platinum Card), AT90SC6464C based\nKnotCard II\nTitaniumElite" }, - { "3BF7110001409670700A0E6CB6D6", "TopUp TV NagraVision viewing card" }, - { "3BF7110001409670700A0E6CB6D69000", "Canal Digitaal (Pay TV)\nhttp://webshop.canaldigitaal.nl/nl/smartcards-2" }, - { "3BF711000140967070170E6CB6D6", "Canal Satellite card (VERSION 7.1 SYSTEM / SECA2)" }, - { "3BF711000140967070370E6CB6D6", "Carte pour decodeur cable numerique (fourni par www.voo.be et\nwww.ledecodeur.be)" }, - { "3BF711000140967070670E6CB6D6", "UK TopUp TV" }, - { "3BF711000140967071090E6CB6D6", "Carte pour decodeur tele de Neuf Telecom TV" }, - { "3BF71300001000F14040919B9000", "Handelsbanken Inloggningskort (Bank)\nhttps://www.handelsbanken.se/sv/privat/digitala-tjanster/bankid-pa-kort" }, - { "3BF71300008131FE4500C08AC80C658185", "NXP JCop (JavaCard)" }, - { "3BF71300008131FE45464F4D534F4D53A9", "Health card Russian Federation" }, - { "3BF71300008131FE454A434F503234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BF71300008131FE4580654A5030310415", "Nichizeiren Denshi-shomei (eID)\nhttps://www.nichizeiren.or.jp/taxaccount/auth/fifth/" }, - { "3BF71800008031FE45736674652D6E66C4", "SmartCafe Expert 3.2 72K" }, - { "3BF71800008031FE45FE42475265494424", "Bulgarian eID PKI card pilot on IFX SLE78 jTOP (PKI)" }, - { "3BF71800008131FE458055433776706B28", "Only labeled 'J35110', dual interface (JavaCard)" }, - { "3BF718000081718042000063840C019000A7", "Citibank Taiwan ATM Card (Bank)\nhttps://www.citibank.com.tw/" }, - { "3BF718000081718042000063950A019000B0", "7-Eleven icash card, Taiwan" }, - { "3BF79100FF918171FE40000A0260CF5104CB7F", "UK Metro Bank Mastercard Debit (Bank)\nhttps://www.metrobankonline.co.uk/" }, - { "3BF79100FF918171FE40004120001177818040", "Contactless Mifare DESFire" }, - { "3BF8110000400A01654E434F533037", "eNCOS + MCA, MchipAdvance bundled with eNCOS (Bank)" }, - { "3BF81100008171FE4200544E051900000002A1", "Taiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, - { "3BF811200340FF0303030312109000", "Bar Ilan KesefCard from Bezeq (Other)\nhttps://halemo.net/web/www.aurora.co.il/english/c_kesefcard.html" }, - { "3BF811200340FFFFFFFFFF12109000", "G&D (STARCOS SV 1.1)" }, - { "3BF813000010000073C84011009000", "Vivid Money Visa Debit (Bank)\nhttps://vivid.money" }, - { "3BF81300008131FE15597562696B657934D4", "Yubico Yubikey 4 OTP+CCID" }, - { "3BF81300008131FE4546494445534D4F318E", "Fidesmo Card with Dual Interface (JavaCard)\nhttp://shop.fidesmo.com/product/fidesmo-card-dual-interface" }, - { "3BF81300008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BF81300008131FE454A434F5076323431B7", "Nigerian eID Card (blank card)\nChip is NXP JCOP 2.4.1R3\nBank of Hawaii (Bank)\nhttps://www.boh.com/\nLA BANQUE POSTALE (Bank)\nhttps://www.labanquepostale.fr/\nbnpparibas (Bank)\nhttp://www.bnpparibas.com/\nJcop040 (JavaCard)\nJcop21 (JavaCard)\nVisa debit classic (Bank)\nhttp://www.jpmorganchase.com/\nJPMorgan Chase (Bank)\nVisa (Bank)\nhttps://unitedfcu.com/\nJP Morgan chase bank (Bank)\nhttp://www.jpmorganchase.com/\nNavy Federal Credit Union (Bank)\nhttps://www.navyfederal.org" }, - { "3BF81300008131FE454A4F5076323431B7", "Nigerian eID card (eID)" }, - { "3BF81300008131FE455049564B45593730FF", "PIVKey CP70 (PKI)\nhttps://pivkey.com/" }, - { "3BF81300008131FE455241414B43327635CB", "Raak C2 Smart Card (PKI)\nhttp://www.raaktechnologies.com/software-downloads-documentation/" }, - { "3BF81300008131FE45534B555001000000FC", "Silesian Card of Public Services (Transport)\nhttps://portal.kartaskup.pl/" }, - { "3BF81300008131FE45536D617274417070F8", "national Lithuania ID card" }, - { "3BF81300008131FE45FF4A32413034300012", "MIDAS Card Diversification Key JavaCard (J2A040) (Bank)\nhttps://github.com/kategray/midas" }, - { "3BF81300FF108053430663010F900000", "Affinity CUIA Debit (JavaCard)\nhttps://www.affinitycuia.org" }, - { "3BF81300FF910131FE41534C4A01305023100D", "Walden Mutual Bank (Bank)\nhttps://www.waldenmutual.com/sustainable-bank-for-individuals#footnote-s0-4" }, - { "3BF81300FF910131FE41534C4A263123020168", "Chase Visa Debit (Bank)" }, - { "3BF81300FF910131FE41534C4A263123421F36", "Infineon SLJ26P (JavaCard)" }, - { "3BF81800008031FE450073C8401300900092", "G&D StarSign Token" }, - { "3BF81800008131FE450073C8400000900080", "NXP JCOP 31 V2.2 36K - S/C I/F" }, - { "3BF81800008131FE450073C8401300900093", "Giesecke & Devrient Sm@rtCafe Expert 3.0" }, - { "3BF81800008131FE454A434F50563234319C", "NXP JCOP2.4.1\nJ3A080 80KB T=1 GP2.1.1 JC2.2.2 SCP02" }, - { "3BF81800008131FE454A434F5076323431BC", "NXP J2A080 JavaCard" }, - { "3BF81800FF8131FE450073C840000090007F", "NXP JCOP 10\nNXP JCOP 31 (contact interface)" }, - { "3BF81800FF8131FE454A434F507632343143", "VIVOtech SAM\nNXP JCOP V241\nNXP J3A081 JavaCard (contact interface)" }, - { "3BF89600008031FE470073C840000090000D", "Italian driver tachograph smartcard (Transport)\nhttps://www.to.camcom.it/cartatachigrafica" }, - { "3BF89600008131FE4400739401C00F9000DD", "fourth-generation Hong Kong permanent identity card (Other)\nhttps://en.wikipedia.org/wiki/Hong_Kong_identity_card" }, - { "3BF89600008131FE454A434F507632343132", "NXP JCOP 2.4.1 (JavaCard)" }, - { "3BF91100008131FE45436F6D624F53205600AA", "VISA Card (Bank)" }, - { "3BF91300008131F0454E425502000320000097", "Bank" }, - { "3BF91300008131FE45454F4E436172645631F6", "NXP J2A080 (PKI)\nhttp://www.smartcardsource.com/contents/en-ca/d9_JCOP-NXP-cards.html" }, - { "3BF91300008131FE454A434F503234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BF91300008131FE454A434F503431563234A2", "JCOP41 v2.4" }, - { "3BF91300008131FE454A434F5076323431B701", "J2A040 NXP (JavaCard)\nhttps://secure.smartcardsource.com/j2a040-java-smart-card.html" }, - { "3BF91300008131FE45535049564B45593730AD", "PIVKey T840 (Other)\nhttps://pivkey.com/" }, - { "3BF91300FF10808031E0554245524753", "Banrisul bank" }, - { "3BF91500FF910131FE43806448657261829000C7", "RC-S500 card (FeliCa SAM for reader?) (Other)" }, - { "3BF918000000534345372003002046", "G+D FIPS 201 SCE 7.0 (PKI)" }, - { "3BF91800008031FE4580574E454F574156457D", "Neowave Weneo" }, - { "3BF91800008131FE45393532383530313331DA", "JCOP31 / 72B1 V2.2 (4096 RSA key support)\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, - { "3BF91800008131FE454A32443038315F5056B6", "NXP J2D081 Java Card 80KB JCOP 2.4.2 R2 GP 2.2.1 JC 3.0.1 (JavaCard)\nhttp://www.javacardsdk.com/Index.aspx?p0=AAT1P0000012&p1=1&p2=1&p3=1&p4=0&p5=1" }, - { "3BF91800008131FE454A434F503231563232A9", "NXP JCOP 21 V2.2 36K" }, - { "3BF91800008131FE454A434F503331563232A8", "JCOP31 / 72B1 V2.2\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, - { "3BF91800008131FE454A434F503431563232AF", "JCOP41 Cards (not supported, but recognized by Classic Client)\nNHS Care Identity Service (CIS) smartcard (HealthCare)\nhttps://www.e-lfh.org.uk/programmes/national-ra-and-smartcard-policy/" }, - { "3BF91800008131FE4550565F4A3244303831B6", "Taiwanese Health Professional Card(TW HPC) (HealthCare)\nhttps://hca.nat.gov.tw/Intro.aspx" }, - { "3BF91800FF8131FE4550565F4A334130343040", "Yubico Yubikey NEO OTP+U2F+CCID (PKI)\nhttps://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, - { "3BF91800FF8131FE4550565F4A33413038314D", "NXP JCOP J3A081 (JavaCard)\nhttps://secure.smartcardsource.com/j3a081m.html" }, - { "3BF99100FF9181714040000A80041E2E222C1490C2", "Mifare DESFIRE (Other)" }, - { "3BF99100FF91817140400041800431766A781690E0", "DESFIRE MIVARE EV2 (Other)" }, - { "3BF99100FF9181714040004180045B89BAB352803A", "mifare desfire 2k (eID)" }, - { "3BF99100FF918171FC40000A095161900058C290D2", "NFC PASS card (eID)" }, - { "3BF99400008131FE6546542056313030900083", "ePass 2000" }, - { "3BF99600008031FE454A546178436F7265560F", "Secure element for fiscal system in Serbia (PKI)" }, - { "3BF99600008031FE4553434537200000202027", "G&D SmartCafe Expert 7 (JavaCard)" }, - { "3BF99600008031FE4553434537200300204642", "ActivIdentity Activkey Sim (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/activid/usb-tokens" }, - { "3BF99600008031FE4553434537200F0020464E", "Giesecke & Devrient (DoD Alternate Token) G+D Sm@rtCafe Expert v7.0 144K DI #3 (PKI)" }, - { "3BF99600008031FE4553434537202000202007", "Serbian Identity Card (eID) (eID)" }, - { "3BF99600008031FE45534345372047434E335E", "Serbian Identity Card (eID)" }, - { "3BF99600008031FE455343453720474E335E", "Serbian Identity Card (eID)" }, - { "3BF99600008131FE45454F4E43617264563173", "eONCard V1 (PKI)" }, - { "3BF99600008131FE4553434537200E00202028", "Giesecke & Devrient GmbH StarSign CUT S" }, - { "3BF99600008131FE45535049564B4559373028", "Taglio PIVKey C980 (PKI)\nhttps://www.pivkey.com" }, - { "3BF99800FFC11031FE55414D20434D4431313083", "Service card of the Ministry of Defense of Italy - Military Aviation" }, - { "3BF99800FFC11031FE55454920434D4431313083", "Service card of the Ministry of Defense of Italy - Italian Army" }, - { "3BF99800FFC11031FE554D4D20434D443131308F", "Service card of the Ministry of Defense of Italy - Navy" }, - { "3BF99800FFC11031FE55504320434D443131309C", "Service card of the Ministry of Defense of Italy - Civil personnel" }, - { "3BFA..00008131..438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, - { "3BFA00008131FE450031C173C840000090007A", "J3R150 EMV (JavaCard)\nhttp://www.gdrfid.com/" }, - { "3BFA1100008131FE45436F6D624F5320495600E0", "MyWireCard 2go Prepaid VISA Card" }, - { "3BFA110002406043C602F8030300009000", "DeLaRue DX(?)" }, - { "3BFA1300008131FE15597562696B65794E454FA6", "Yubikey NEO" }, - { "3BFA1300008131FE450031C173C8400000900079", "Nigerian eID Card (warm reset)\nChip is NXP JCOP 2.4.1R3" }, - { "3BFA1300008131FE454465786120434620763198", "Dexa Systems Crossfire Card (PKI)\nhttp://www.dexasystems.com/products-services/products/dexa-smartcards-credential-tokens-peripherals" }, - { "3BFA1300008131FE454A434F503.3.56323332..", "JCOPxx/yy v2.3.2 (see hist bytes for more info)" }, - { "3BFA1300008131FE454A434F50323156323331", "J2A040 JCOP (JavaCard)" }, - { "3BFA1300008131FE454A434F5032315632333191", "NXP JCOP 21 V2.3.1 36K" }, - { "3BFA1300008131FE454A434F5032315632343196", "NXP JCOP 2.1 V 2.4.1 (JavaCard)" }, - { "3BFA1300008131FE454A434F50343156", "JCOP41 V221" }, - { "3BFA1300008131FE454A434F5034315632333197", "JCOP41 /72K (eID)" }, - { "3BFA1300008131FE454A434F50763234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BFA1300008131FE54A434F503233191", "Jcop (JavaCard)" }, - { "3BFA1300FF813180450031C173C00100009000B1", "OpenPGP" }, - { "3BFA1300FF918131FE478012392F31C073C7014907", "MITSUBISHI Standard-9M (PKI)\nhttps://www.mdis.co.jp/service/standard-9m/" }, - { "3BFA1800008031FE45FE654944202F20504B4903", "Estonian Identity Card (EstEID v3.5 (10.2014) cold) (eID)\nhttp://id.ee/" }, - { "3BFA1800008131FE4506082A841001876E0805BC", "Dutch Rijkspas (eID)" }, - { "3BFA1800008131FE4506082A841001876E0807BE", "Rijkspas (identification card dutch government employees) (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas\nDutch government multifunctional smartcard (Other)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, - { "3BFA1800008131FE45060860841001876F0602FE", "Card used by the Dutch health insurers to give medical personnel access to patient insurance information" }, - { "3BFA1800008131FE4546534A434F503453494480", "NXP Java Card JCOP4 P71 GP2.3 JC3.0.5 (JavaCard)\nhttps://www.javacardsdk.com/product/j3r180sim/" }, - { "3BFA1800008131FE454A33413034305632343184", "NXP J3A 40K\nJava Card v2.2.2 - Global Platform v2.2.1\nDual-interface functionality (features 1K Mifare emulation)" }, - { "3BFA1800008131FE454A33413038315632343189", "NXP JCOP CJ3A081\nhttp://www.usmartcards.com/media/downloads/492/NXP%20P5CX012%2002X%2040%2073%2080%20144%20%20%202011.pdf" }, - { "3BFA1800008131FE454A3344303831563234328F", "AustriaCard Dual Interface Unpersonalized EMV Cards (Bank)\nhttps://www.austriacard.com" }, - { "3BFA1800008131FE454A434F503431563232319D", "NXP JCOP 41 v2.2.1 72k SmartCard I/F" }, - { "3BFA1800008131FE454A546178436F72655631B2", "Taxpayer Portal Authentication for Fiji Revenue & Customs Service taxpayer portal (PKI)" }, - { "3BFA1800008131FE454D4F54494F4E0000900760", "SIM card (Telecommunication)" }, - { "3BFA1800008131FE4550564A434F5033454D5694", "NXP JCOP3 J3H082 Java Card 3.0.4 Dual-Interface (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop3-j3h082-java-card-3-0-4-j3h081-dual-interface/" }, - { "3BFA1800008131FE4550564A434F503453494493", "National Health Insurance (Taiwan) (HealthCare)" }, - { "3BFA180000910131FE454A33523138302D323535F5", "Cardlogix J3R180 NXP JCOP 4 Java Card 3.0.5 Classic Dual Interface (JavaCard) (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, - { "3BFA180000910131FE454A33523331302D333535FF", "NXP JCOP 4 Java Card 3.0.5 Classic (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, - { "3BFA180000910131FE4550564A434F503453494482", "Supposed P71 SecID purchased from a Chinese manufacturer (JavaCard)" }, - { "3BFA180000910131FE456BD1936AC2F28547E164CC", "J3R180, NXP JCOP4 JC3.0.5 Classic, GP2.3, SECID (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, - { "3BFA180002C10A31FE584B53776973735369676E89", "SuisseId card (used for qualified signatures)\nhttp://postsuisseid.ch/de/suisseid\nhttp://www.suisseid.ch/" }, - { "3BFA1800FF10004A546178436F72655631", "NXP JCOP4 J3R200 P71 (JavaCard)" }, - { "3BFA1800FF8031FE450031807394410000900090", "Kazakhstan Identity Card 2022 (eID)" }, - { "3BFA1800FF8131FE454A434F5032315632333165", "TrubDemax healthcare card\nJCOP 21 / 72k" }, - { "3BFA1800FF8131FE454A434F5034314332303074", "HID Crescendo C200\nhttps://www.hidglobal.com/sites/hidglobal.com/files/resource_files/crescendo-c200-c700-smart-card-ds-en.pdf" }, - { "3BFA1800FF8131FE454A434F5034315632323162", "JCOP41\nHID Crescendo C700\nhttp://www.hidcorp.com/\nShould be compatible to RAAK\nhttp://www.raaktechnologies.com/\nMarx CrypToken MX2048-JCOP USB Token" }, - { "3BFA1800FF8131FE454A434F5034315632333163", "JCOP41 V2.3.1 Dual Interface, Mifare emulation, 72K (NXP SmartMX P5CT072)\nJCOP (Java Card OpenPlatform) is a Java smart card distributed and developed by NXP.\nThe JCOP 41 v2.3.1. is an USB-smart card and can be used not only with standard smart card reader, but also with simple USB-connectors. The JCOP card is connected as ICCD card and can be used with such ICCD standard drivers.\nJCOP 41 is a Dual-Interface Smart Card, that means, the card can also be contacted with a contactless card reader. For building access systems, this card is also be able to emulate Mifare Classic 1k/4k.\nJCOP 41 v2.3.1 is compliant to JavaCard Standard 2.2.1. and GlobalPlattform 2.1.1. Their cryptographic features supports RSA up to 2432 bit, 'Eliptic curves' - ECC GF(2n), AES and 3DES.\nMore information is available here:\nhttp://www.nxp.com/documents/short_data_sheet/P5Cx009_P5Cx072_FAM_SDS.pdf" }, - { "3BFA940000813120438065A20101013D72D64321", "GemXpresso Pro R3 32PK (MPCOS, T=1)" }, - { "3BFA9600008031FE450031C8239752270F9000C1", "Swedish ID card (eID)" }, - { "3BFA960000813180438065A20101013D72D64383", "Malta identity card delivered by the Identity Management Office (eID)\nhttps://mhas.gov.mt/en/MHAS-Departments/Land%20Public%20Registry/Pages/ID-MO.aspx" }, - { "3BFA9800FFC11031FE55C8035341475F504B493277", "Siemens corporate ID card (access to the building / rooms etc,\nstores PKI private keys/certificates)" }, - { "3BFA9800FFC11031FE55C8045341475F504B493270", "Siemens Corporate Card (Belgium , Germany)" }, - { "3BFB11000040288059535059525553AE0002", "Spyrus Rosetta Basic" }, - { "3BFB11000040788059535059525553AE0202", "Rosetta(r) Series II Smart Card manufactured by Spyrus\nhttp://spyrus.com/products/rosetta_smart_usb.asp" }, - { "3BFB1100008131FE450031C06477E910000090006A", "OCS ID-One Cosmo Card USB Token" }, - { "3BFB1100FF81318055006802001010534941450004", "Italian Society of Authors and Publishers ticket and report signing smart card (PKI)\nhttps://www.siae.it/en/utilizzatori/other-services-stamps-certifications-data-and-statistics/automated-ticket-issuing-systems" }, - { "3BFB1300008131FE454A434F50533.3.56323332..", "JCOP-Sxx/yy v2.3.2 (see hist bytes for more info)" }, - { "3BFB1300008131FE456368617269736D6174657884", "Charismathics smart card JCOP and Qualified electronic signature CHJCOP-xxx (PKI)\nhttps://www.stampit.org/en/page/808" }, - { "3BFB1300FF10000031C164099511380F9000", "Mastercard World Elite (CapitalOne Venture) (Bank)\nhttps://www.mastercard.us/en-us/personal/find-a-card/world-elite-mastercard-credit.html" }, - { "3BFB1300FF10800031C164086032060F9000", "Stripe Issuing Card (Bank)" }, - { "3BFB1300FF10800031C164086032100F9000", "Varo (Bank)" }, - { "3BFB1300FF10800031C164089862210F9000", "Visa Debit (Bank)" }, - { "3BFB1300FF10800031C164089862290F9000", "Bank Card (Bank)" }, - { "3BFB1300FF10800031C1640924331E0F9000", "TransferWise Debit Card (Bank)\nhttps://wise.com/" }, - { "3BFB1300FF10800031C164096441360F9000", "Truist Business Debit (Bank)" }, - { "3BFB1300FF813180755A43352E3520524556204763", "ZeitControl BasicCard 5.5" }, - { "3BFB1300FF813180755A43352E3620524556204D6A", "ZeitControl BasicCard ZC5.6 user-programmable smart card\nhttp://www.basiccard.com/index.html?overview.htm" }, - { "3BFB1300FF813180755A43362E3520524556204364", "ZeitControl BasicCard 6.5, multiapplication with 30 kByte EEPROM" }, - { "3BFB1300FFC0803180755A43352E34205245562041A5", "ZeitControl BasicCard Professional 5.4 Revision A" }, - { "3BFB1300FFC0803180755A43352E34205245562048AC", "ZeitControl BasicCard Professional 5.4" }, - { "3BFB1300FFC0803180755A43352E3420524556204DA9", "Basiccard ZC5.4 revision M (Other)\nhttp://basiccard.com" }, - { "3BFB1300FFC0807553544F4C4C4D31504C5553BD", "Stoll M1PLUS (Other)" }, - { "3BFB180000407880595350595255530B0003", "Spyrus, Inc. Rosetta USB (PKI)" }, - { "3BFB180000407880595350595255530B0402", "SPYRUS Rosetta Series 2 (eID)\nhttp://www.spyrus.com/rosetta-hsm/" }, - { "3BFB18000040788059535059525553AE0402", "Spyrus Rosetta Series II" }, - { "3BFB1800008131FE450031C06477E9100001900062", "ID card for personal of 'Govern Illes Balears'\nhttp://www.caib.es/sacmicrofront/contenido.do?cont=7584&mkey=M08110610180317195848&&lang=en" }, - { "3BFB1800008131FE454A33483134354337583330C6", "COTECH OpenPGP Card - ECC (PKI)" }, - { "3BFB9100FF918171FE40004120000100812063CBA08003", "C*******r, MasterCard credit card, Pass Banque, Oberthur - contactless/PayPass" }, - { "3BFB9600008031FE450031C06477E3020082900076", "Oberthur ID-One Cosmo" }, - { "3BFB9600008031FE450031C06477E3030081900074", "D.O.D. Eid Passport rapidgate card (eID)" }, - { "3BFB9600008131FE450031C06477E91000019000EC", "Oberthur ID-ONE v5.4" }, - { "3BFB9600008131FE450031C06477E910000F9000E2", "Elektroniczna Legitymacja Studencka - Polish Student's ID Issued in Poznan in 2007" }, - { "3BFB9600008131FE450031E85427E60100079000BC", "Gemalto (PKI)" }, - { "3BFB9600008131FE4556445349354001000400011F", "Vasco DIGIPASS KEY 200 usb token\nhttp://www.vasco.com/products/digipass/digipass_pki/digipass_pki_keys/digipass_key_200.aspx\nShould contain a 'Oberthur cosmo v 5.4 or V7.0D' smartcard" }, - { "3BFB9800FFC11031FE550064052047033180009000F3", "Gemplus GemGate 32K\ndistributed by Postecert (www.postecert.it) to legally sign documents" }, - { "3BFC1300008131FE15597562696B65794E454F7233E1", "YubiKey NEO (PKI)\nhttp://www.yubico.com/" }, - { "3BFC1300008131FE45597562696B65794E454F7233B1", "Yubikey Neo\nhttp://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, - { "3BFC180000813180459067464A00641606F2727E00E0", "PIVKey C910 PKI Smart Card (eID)\nhttp://pivkey.com/" }, - { "3BFC180000813180459067464A00642D70C172FEE0FE", "pivkey token (JavaCard)\nhttp://www.pivkey.com/" }, - { "3BFC180000813180459067464A0068080.000000000.", "Feitian A22 JavaCard (150K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~712/javacos-a22-dual-interface-java-card-150k/p/index.shtml\nFeitian A40 JavaCard (64K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, - { "3BFC180000813180459067464A01002005000000004E", "Feitian A40 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, - { "3BFC180000813180459067464A01002504000000004A", "Feitian JavaCOS A22CR ()\nhttp://www.javacardos.com/store/javacard-a22cr.php" }, - { "3BFC180000813180459067464A0100870600000000EA", "Feitian FTJCOS (https://www.ftsafe.com/products/Card_OS) (JavaCard)\nhttps://www.ftsafe.com/onlinestore/product?id=18" }, - { "3BFC180000813180459067464A01642F70C172FEE0FD", "Feitian eJavaToken (JavaCard)\nhttp://www.ftsafe.com/product/epass/eJavaToken" }, - { "3BFC1800008131FE458073C8211366020403550002D2", "National Health Insurance Card, Taiwan" }, - { "3BFC9800FFC11031FE55C803496E666F63616D65726528", "New Card Infocamere (Italy) series 1402...\nhttp://www.card.infocamere.it/\nSiemens Informatica - Siemens M4.01a\nchip Infineon SLE66CX322P (CC EAL5)\nMemory EEPROM: 32KB\nOperating system CARDOS\nMax numero dei tentativi PIN: 3\nPin: da 5 a 8 digit\nUnblocked by tool CARDOS API 2.2" }, - { "3BFD..00008131..4380318065B0........83..90....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, - { "3BFD1300001000803180654953060B0183079000", "MIR card issued by Gazprombank (Russia) (Bank)\nhttps://www.gazprombank.ru/personal/cards/7579039/" }, - { "3BFD130000813160658031C0694D54434F537301011660", "Silesian University (Katowice, Poland) Student Identity Card (eID)\nhttps://www.us.edu.pl/" }, - { "3BFD1300008131FE158073C021C057597562694B657940", "Yubico YubiKey 5 NFC (PKI)\nhttps://www.yubico.com/product/yubikey-5-nfc" }, - { "3BFD1300008131FE4500125553554D49444153000000F6", "Midas key diversification card (Other)" }, - { "3BFD1300008131FE4541373030354347203234325231D5", "Feitian ePass FIDO NFC (Other)\nhttps://www.ftsafe.com/Products/FIDO/NFC" }, - { "3BFD1300008131FE4541373030364347203234325231D6", "YubiKey NEO (token)" }, - { "3BFD1300008131FE454A434F50323176323331474454E1", "National Health Insurance Card, Taiwan" }, - { "3BFD1300008131FE45543D314A323133364B56323331DC", "ic Card (JavaCard)" }, - { "3BFD1300008131FE4580318153534431738421C0810730", "Personal Info Card (eID)" }, - { "3BFD1300FF10000031C173C8400052A1C5009000", "IBKR Prepaid MasterCard, Issued by Peoples Trust Company (Bank)\nhttps://www.interactivebrokers.com/en/index.php?f=26451" }, - { "3BFD1300FF10000031C173C8400052A1D5009000", "PayPal Business Debit Mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, - { "3BFD1800008031FE45003180718E6452D904008190005B", "Oberthur Card Systems, authentIC" }, - { "3BFD1800008031FE4553434536302D43443038312D46C4", "Panama Electronic Signature (JavaCard)" }, - { "3BFD1800008031FE45736674652063643134342D6E66D8", "SmartCafe Expert 3.2 144K Dual is a contact and contactless technology Java card from G&D with 144K on-board EEPROM for application and data storage. Certified to FIPS 140-2 Level 3 and Common Criteria EAL 5+. Supports specifications ISO 14443A T=CL and ISO 7816 T=1/0. (PKI)\nhttp://www.smartcardfocus.us/shop/ilp/id~523/smartcafe-expert-3-2-144k-dual/p/index.shtml" }, - { "3BFD1800008031FE45736674652D63643038302D6E66DC", "G&D Sm@Cafe 3.1 (eID)" }, - { "3BFD1800008131FE4553434536302D43433038312D46C2", "Giesecke & Devrient StarSign USB Token" }, - { "3BFD1800008131FE45534C4A35324778787979797A52AA", "The National Health Insurance Card issued by the National Health Insurance Administration Ministy of Health and Welfare in Taiwan (HealthCare)\nhttps://www.nhi.gov.tw/English/Content_List.aspx?n=320832076C00692B&topn=BCB2B0D2433F6491" }, - { "3BFD1800008131FE458031806540907B01518307900055", "Croatian Health Care card" }, - { "3BFD1800008131FE4580318153474531738421C081072E", "Georgian ID Card" }, - { "3BFD1800FF80B1FE451F078073002113574A5448613147005F", "Activkey Sim\nhttp://www.actividentity.com/products/activkey_usb_tokens__home.php" }, - { "3BFD1800FF80B1FE451F078073002113574A54486131480050", "G&D Sm@rtCafe Expert 64 v2" }, - { "3BFD1800FF80B1FE451F078073002113574A544861314A0052", "e-CPF issued by AASP (Lawyers Association of Sao Paulo, Brazil)" }, - { "3BFD1800FF8131FE4543494247555A494A324130383158", "Caregiver card for Dutch Medical System called UZI\n(Unieke Zorgverlener Identificatie, Caring Unique Identification)" }, - { "3BFD9100FF918171FE40004120004100818031C073D621C0D8", "Sparkasse Hanau - German contactless GeldKarte (PPSE, girogo)\nhttps://www.geldkarte.de/_www/en/pub/geldkarte/service_navigation/about_us.php" }, - { "3BFD9400008131204380318065B08302047E83009000B6", "GXPPRo-R3.x STD PTS T=1\nLatvian Digital Signature Card (cold)\nhttp://www.eme.lv/" }, - { "3BFD940000813160658031C0694D54434F5373010111E0", "MTCOS Light\nhttp://www.masktech.de/products/mtcoslight/index.html" }, - { "3BFD940000813160658031C0694D54434F5373010116E7", "Polish student card (eID)" }, - { "3BFD9500008131FE41008C0F17BD008C000000000030F2", "Khmer Identify Card (eID)" }, - { "3BFD9600008031FE45534C4A35324778787979797A5225", "TIPL (Other)" }, - { "3BFD9600008131204380318065B0831100C88300900015", "Gemalto TOP IM GX4 MSA081, T=1 (PKI)" }, - { "3BFD9600008131204380318065B0831148C883009000", "Pay TV" }, - { "3BFD9600008131484280318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 High Speed" }, - { "3BFD9600008131804380318065B0850100D683019000BC", "Queensland Drivers' Licence (Australia) (eID)" }, - { "3BFD9600008131FE4500000152332980000000000000A9", "DPI Guatemala (eID)\nhttp://www.renap.gob.gt/" }, - { "3BFD9600008131FE450000015233672000000000000047", "DPI Guatemala (eID)\nhttps://www.renap.gob.gt/servicios/que-es-el-dpi" }, - { "3BFD9600008131FE4500000161638620000000000000C5", "Renap Guatemala (eID)" }, - { "3BFD9600008131FE450000016687038000000000000003", "DPI (Documento Personal de Identificacion) Guatemala (eID)" }, - { "3BFD9600008131FE45534C4A3532474441303830434348", "Universal JCard C-UJC128-PAC-001 (JavaCard)\nhttps://www.usmartcards.co.uk/universal-j-cards" }, - { "3BFD9600008131FE45534C4A353247444C313238435257", "Universal JCard (Contact) with Infineon SLE78 (JavaCard)\nhttp://www.usmartcards.co.uk/cards/universal-jcard-contact-with-infineon-sle78-white-gloss-pvc-card.html" }, - { "3BFD9600008131FE45534C4A35324778787979797A5224", "J3R180 (JavaCard)" }, - { "3BFE130000108080318066B0840C016E0183009000", "Sberbank of Russia MIR debit card (Bank)\nSwile card\nhttps://www.swile.co/fr-fr/swile-card" }, - { "3BFE1300008131FE454A434F5076323431204C4F542057B1", "LOT test card (JavaCard)\nwww.lotgroup.eu" }, - { "3BFE130000918131804180318066B0840C016E01830090001F", "Japan Post Bank Visa Debit Card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/cashless/yuchodebit/kj_cl_yd_index.html" }, - { "3BFE1800008031FE454573744549442076657220312E30A8", "Estonian Identity Card (EstEID 3.0 'JavaCard' cold)" }, - { "3BFE1800008031FE4553434536302D43443038312D6E46A9", "G&D Sm@rtCafe Expert 6.0 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~684/smartcafe-expert-6-0-80k-dual-/p/index.shtml" }, - { "3BFE1800008031FE4553434536302D43443134352D6E46A0", "Smart Cafe Expert 6.0, Java Card 3.0 (PKI)" }, - { "3BFE1800008031FE45803180664090A4162A0083019000E1", "Estonian Identity Card (EstEID 3.0 'JavaCard' warm)" }, - { "3BFE1800008031FE45803180664090A4162A00830F9000EF", "iEstonian Identity Card (EstEID 3.0 (18.01.2011) warm)" }, - { "3BFE1800008031FE45803180664090A5102E03830F9000EF", "Infineon jTOP SLE78 SLJ52GCA080CL IFX v46.03 (JavaCard) (JavaCard)" }, - { "3BFE1800008031FE45803180664090A5102E038381900061", "Infineon Trust-P (JavaCard)" }, - { "3BFE1800008031FE45803180664090A5102E1083019000F2", "Infineon CJTOP 80K INF SLJ 52GLA080AL M8.4 (JavaCard)" }, - { "3BFE1800008131FE458031815448534D31738021408107FA", "Smartcard-HSM\nhttp://www.cardcontact.de/products/sc-hsm.html" }, - { "3BFE1800FF8131FE454A3231024103479049544356008044", "Brazilian Army ID Card (eID)" }, - { "3BFE1800FF8131FE456368616E67696E677465634A33445E", "xgames pki (eID)" }, - { "3BFE9100FF918171FE40004120001177C1000000000000000089", "Tangem Tap It cryptocurrency hardware wallet (Other)\nhttps://tangem.com/" }, - { "3BFE9100FF918171FE400041200051779180318065B0850300FB", " Italian Card Identity (CIE Comune di Parma) (eID)\nhttp://www.comune.parma.it/servizi/Servizi-Demografici-Carta-di-identita/Carta-di-identita-Elettronica-CIE_A2_C100_P96.aspx" }, - { "3BFE9100FF918171FE40004128000180810073C840000090004D", "Philips SmartMX chip (IBMs JCOP OS)" }, - { "3BFE9100FF918171FE40004128001133B04A434F5033315632C4", "JCOP31 72K\ndual interface functionality, 1K Mifare emulation." }, - { "3BFE9100FF918171FE400041380011F7B14A434F503234325211", "SwissPass (Transport)\nhttps://www.swisspass.ch" }, - { "3BFE9100FF918171FE40004138002180718066B00701010707B7", "Java Gemalto R7 (contactless) (Bank)" }, - { "3BFE9100FF918171FE40004138002180818065A2010201317210", "Santander TUI Brazil (Bank)\nhttp://www.santanderuniversidades.com.br/Paginas/home.aspx" }, - { "3BFE9100FF918171FE40004138002180818066B00701017707B7", "Java Gemalto R5 (contactless) (Bank)" }, - { "3BFE940000801F42803180664750204583018301900002", "TATA Docomo UICC (Telecommunication)\nhttp://www.tatadocomo.com/" }, - { "3BFE9400FF80B1FA451F034573744549442076657220312E3043", "Estonian Identity Card (EstEID v1.0 cold)\nEstonian Identity Card (EstEID v1.1 'MULTOS' warm)" }, - { "3BFE9600008031FE4380738400E065B0850400FB8290004E", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, - { "3BFE9600008031FE4380738400E065B08505002582900091", "Swiss truck driver card (Transport)" }, - { "3BFE9600008131FE45803180664090A5102E03830190006E9000", "Swissbit PS-100u (JavaCard)\nhttps://www.swissbit.com/ps-100u/" }, - { "3BFE9600FF8131FE455DFF6D6553414D2076312E302E320C", "SAM module for Kharkiv E-ticket (mikroelektronika) (JavaCard)\nhttp://www.mikroelektronika.com/en/card-and-ticket-validators" }, - { "3BFE9600FFC00A31FE4D4573744549442076657220312E309B", "Estonian Identity Card (EstEID v1.1 compatible)\nhttp://www.id.ee/?id=11019&&langchange=1" }, - { "3BFF..00008131..4380318065B0........120FFE829000..", "IDPrime MD 8840, 3840, 3810, 840 and 830 Cards T=1" }, - { "3BFF..00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, - { "3BFF0000FF8131FE458025A000000056575343363530000000", "SafeNet SC650" }, - { "3BFF00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, - { "3BFF1100008131FE4D8025A00000005657444B3333300600D0", "Datakey 32K PKI Smart Card Model 330\nhttp://www.datakey.com/products/smart_cards/products_sc_330.shtml" }, - { "3BFF1100008171404200002101314252000[05]63........9000.*", "Smart Card 'The Smart Way to Login'\nUsed on Acer TravelMate to secure boot" }, - { "3BFF11000240648069A2070103570000FF0083009000", "Gemplus GemXpresso" }, - { "3BFF1100FF8131FE9580F9D2760000255444010083000000A0", "GiroCard Haspa Hamburger Sparkasse (Bank)\nhttps://www.haspa.de/privatkunden/ihr-online-banking/unser-angebot/haspa-digital-services-96198/" }, - { "3BFF13000010003100DE525001001500000000000000", "wisely debit (Bank)\nhttps://www.mywisely.com/" }, - { "3BFF13000010003101F1564011001900000000000000", "BVG Guthabenkarte (Prepaid Payment Card for Berlin/Brandenburg Public Transport) (Transport)\nhttps://www.bvg.de/de/service-und-kontakt/guthabenkarte\nRevolut Visa Glow-in-the-dark\nhttps://revolut.com/\nMasterCard debit - PayCenter - Corporate Benefit 'Sachbezugskarte' (Bank)\nhttps://paycenter.de/sachbezugskarte/" }, - { "3BFF13000010003101F1564011001D00000000000000", "albo (Bank)\nhttps://www.albo.mx/" }, - { "3BFF13000010003101F1564011002300000000000000", "ANZ BANK (Bank)\nhttps://www.anz.com.au/personal/" }, - { "3BFF1300008131FE450031B9640404ECC17394018082900052", "AKD kID (eID)\nhttps://www.id.hr" }, - { "3BFF1300008131FE450031B9640444ECC17394018082900012", "Croation personal ID card (eID)\nhttp://eid.hr/" }, - { "3BFF1300008131FE4543433169A92000002020202020200036", "Swiss Lunch Check Wallet Card (Bank)\nhttps://lunchcheck.ch" }, - { "3BFF1300008131FE4543443269A94100002020202020200053", "Visa credit card (Viseca Card Services SA, Switzerland) (Bank)\nhttps://www.viseca.ch/privatkunden/kreditkarten\nVisa credit card, UBS Switzerland (Bank)" }, - { "3BFF1300008131FE45434433690940000020202020202000F3", "VISA credit card (LBBW/Payback VISA) (Bank)" }, - { "3BFF1300008131FE454F574F4B31302D4A................", "OWOK (One Web, One Key) login card\nhttp://www.reiner-sct.com/owok/\nReiner SCT loginCard\nhttps://cardlogin.reiner-sct.com/" }, - { "3BFF1300008131FE4D8025A00000005657444B3333300600D2", "Datakey DCOS model 330 (DKCCOS 6.0 token)" }, - { "3BFF1300918131FE4141434F532046696F6E6131204C6336F4", "TURKEY A101 HADI APP CARD (Bank)\nhttps://a101hadi.a101.com.tr/" }, - { "3BFF1300FF10000031C173082110645631424E079000", "Credit card (Bank)" }, - { "3BFF1300FF10000031C1738211064414D33470779000", "Visa Debit (Bank)\nhttps://www.chase.com/" }, - { "3BFF1300FF10000031C173C821106441443533079000", "BRADESCO-CONTA SALARIO (Bank)" }, - { "3BFF1300FF10000031C173C8211064414D3037079000", "UP Day Ticket Restaurant Card (Other)\nhttps://www.day.it/login" }, - { "3BFF1300FF10000031C173C8211064414D3130079000", "Tangerine MasterCard (Bank)\nhttps://www.tangerine.ca/en/products/spending/creditcard/money-back/" }, - { "3BFF1300FF10000031C173C8211064414D3137079000", "PayPal Business Debit mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, - { "3BFF1300FF10000031C173C8211064414D3330079000", "VISA card issued by ING-DiBa AG (Germany) (Bank)" }, - { "3BFF1300FF10000031C173C8211064414D3331079000", "NAB VISA Debit (contact interface) (Bank)\nhttps://www.nab.com.au/" }, - { "3BFF1300FF10000031C173C8211064414D3337079000", "VISA Credit Card (Postbank), Germany (Bank)" }, - { "3BFF1300FF10000031C173C8211064414D3341079000", "BBVA debit card Uruguay. MIFRE Plus compatible. (Bank)\nScotiabank Passport Visa Infinite credit card (Bank)\nhttps://www.scotiabank.com/ca/en/personal/credit-cards/visa/passport-infinite-card.html" }, - { "3BFF1300FF10000031C173C8211064414D3343079000", "MasterCard issued by President's Choice Bank (Canada) (Bank)\nhttp://pcfinancial.ca/mastercard" }, - { "3BFF1300FF10000031C173C8211064414D3344079000", "VISA debit emitted by FinecoBank (Bank)\nhttps://finecobank.com/" }, - { "3BFF1300FF10000031C173C8211064414D3347079000", "Chase Visa Debit Card (Bank)\nhttps://www.chase.com/bankinghelp" }, - { "3BFF1300FF10000031C173C8211064414D3348079000", "BBVA blue VISA Debit Card (Bank)\nhttps://www.bbva.es/en/personas/productos/tarjetas/tarjeta-joven-ahora.html\nDesjardins Bonus Visa credit card (Bank)\nhttps://www.desjardins.com/ca/personal/loans-credit/credit-cards/bonus-visa/index.jsp" }, - { "3BFF1300FF10000031C173C8211064414D3430079000", "PNC BUSINESS VISA DEBIT (Bank)\nhttps://www.pnc.com/en/small-business/payments-and-processing/payment-cards/pnc-bank-visa-business-debit-card.html" }, - { "3BFF1300FF10000031C173C8211064414D3531079000", "Discover It Credit Card (Bank)" }, - { "3BFF1300FF10000031C173C82110644930424E079000", "National Bank Debit Card with expiration date and cvv code (Bank)" }, - { "3BFF1300FF10000031C173C82110644932424E079000", "Interact, Visa Debit Bank of Novia Scotia (Bank)\nhttps://www.scotiabank.com/global/en/credit-card-terms-and-conditions.html" }, - { "3BFF1300FF10000031C173C82110644D30424E079000", "Debit payment card (Rabobank NL) (Bank)\nhttps://www.rabobank.nl/en/business/making-and-receiving-payments/payments/paying-with-your-bank-card" }, - { "3BFF1300FF10000031C173C82110644D30434E079000", "Huntington (Bank)" }, - { "3BFF1300FF10000031C173C82110645630424E079000", "Rabobank Netherlands VISA debit (Bank)" }, - { "3BFF1300FF10000031C173C82110645631424E079000", "Portuguese 'BancoCTT' Bank Card (Bank)\nhttps://www.bancoctt.pt/o-seu-dia-a-dia/cartao-de-credito-banco-ctt" }, - { "3BFF1300FF10000031C173C82110645631434E079000", "Chase Freedom Unlimited Credit Card (Bank)" }, - { "3BFF1300FF10808031E06B04310502AF555555555555", "USAA EMV Visa Debit Card (Bank)" }, - { "3BFF1300FF10808031E06B04546B0267555555555555", "Target RedCard debit card (Other)" }, - { "3BFF1300FF10808031E06B071405028A555555555555", "Tangerine Debit Card (Bank)\nhttps://www.tangerine.ca" }, - { "3BFF1300FF10808031E06B08240502B5555555555555", "Tangerine Canada Interac debit card (Bank)\nhttps://www.tangerine.ca/" }, - { "3BFF1300FF8031FE45534653452D43583332322D5601010165", "Portugal Santander Totta Universitarios 'Associacao Academica de Coimbra'" }, - { "3BFF1300FF8031FE45534653452D43583332322D5618020876", "SmartCafe Expert Java" }, - { "3BFF1300FF8031FE45534653452D43583332322D5618030877", "Giesecke & Devrient SmartCafe Expert 32K v2.0 #2" }, - { "3BFF1300FF8131FE45656311045002800008390004020502E9", "German 'Geldkarte' supplied by the Deutsche Bank in Karlsruhe,\nBaden-Wurttemberg, Germany." }, - { "3BFF1300FF8131FE45656311045002800008540004230502A5", "Maestrocard/Geldkarte (Stadtsparkasse Haltern, Germany)" }, - { "3BFF1300FF8131FE5D8025A00000005657444B33323005003F", "Datakey DCOS model 320" }, - { "3BFF1300FF910131FE210031C173C82110644D30434E07900094", "AirPlus MasterCard Commercial (Bank)\nhttps://www.airplus.com/us/en/products-solutions/products/corporate-cards/corporate-cards.html" }, - { "3BFF1300FF910131FE4141434F5320486F6C6C7931204C633665", "OEAMTC Visa Club Card (Bank)\nhttps://www.oeamtc.at/mitgliedschaft/leistungen/die-oeamtc-kreditkarte-31091443" }, - { "3BFF1300FF910131FE41455041000000010833995600000000AC", "Austrian Sparkasse ISIC debit card (Mastercard) (eID)\nhttps://isic.at/" }, - { "3BFF1300FF918131FE4141434F532046696F6E6131204C6336F4", "Deutsche Kreditbank Debit (Bank)" }, - { "3BFF1300FF918131FE4141434F53204769756C6961204C6336B5", "revolut debit visa (Bank)\nhttps://www.revolut.com/" }, - { "3BFF1300FF918131FE4541434F53204449616E6132204C6336DF", "Alior Bank MasterCard debit (Bank)\nComdirect (Deutsch Bank) debit VISA (AUSTRIACARD 56015/001) (Bank)" }, - { "3BFF1400FF8131FE458025A000000056575343363530010039", "SafeNet SC650 (PKI)\nhttp://www.safenet-inc.com/data-protection/authentication/smartcard-650/" }, - { "3BFF1400FF8131FE458025A000000056575343363530030239", "SafeNet SC650 v3.2 (PKI)\nhttp://www.safenetat.com/products-solutions/high-assurance-authentication/sc650/" }, - { "3BFF1400FF8131FE458025A00000005657534336353004003C", "SafeNet AT SC650 V4.0 02/2018 (PKI)\nhttps://www.safenetat.com/Solutions/Enterprise-Security/high-assurance-authentication/sc650/" }, - { "3BFF1800008131FE45006B04050100011101434E5310318069", "Sanitary Card of 'Friuli Venezia Giulia' region (Italian Republic)\nCarta Nazionale dei Servizi (Italia)\nhttp://cartaservizi.regione.fvg.it/" }, - { "3BFF1800008131FE45006B040501000112024850431031806C", "Carta del Professionista Sanitario - CNS - Provincia autonoma di Trento\nProfessional Health card, Autonomous Province of Trento" }, - { "3BFF1800008131FE45006B0405010001210143494510318048", "hybrid card for various health services and regional services (access to various organizations and digital signatures)" }, - { "3BFF1800008131FE45006B04050100012101434E5310318059", "CNS - Carta Nazionale dei Servizi (Italia)\nPA emittente: Regione Autonoma della Sardegna\nCarta del Servizio Sanitario Regionale - Emilia Romagna" }, - { "3BFF1800008131FE45006B05051017012101434E531031805E", "Regional Card - Regione Liguria, Veneto - Italy (eID)\nTessera Sanitaria - Carta Regionale dei Servizi" }, - { "3BFF1800008131FE45006B05052000012101434E5310318079", "health card (HealthCare)\nhttps://tscns.regione.sardegna.it/" }, - { "3BFF1800008131FE45006B0505200001F101434E53103180A9", "national health service card (HealthCare)\nhttps://ca.arubapec.it/downloads/MU_LINUX.zip" }, - { "3BFF1800008131FE45006B0505912001F101434E5310318038", "Italian Health Card (TS) and Citizen's Card (CNS) based on IDEMIA ID-One CNS v2 on Cosmo 9.1 (HealthCare)" }, - { "3BFF1800008131FE45006B11050700011101434E531131807B", "Italian National Fire Corps -special identification card (eID)" }, - { "3BFF1800008131FE45006B11050700012101434E531031804A", "Oberthur ID-One Cosmo V7-n it's a java card 2.2.2\nIzenpe Certificado Ciudadano (eID)\nhttps://www.izenpe.eus/informacion/certificado-ciudadano/s15-content/es/" }, - { "3BFF1800008131FE45006B150C0302010101434E5310318061", "Bit4id Digital-DNA Key (eID)" }, - { "3BFF1800008131FE4D8025A00000005657444B3430300600DD", "DataKey 400 (DK400)" }, - { "3BFF1800008131FE55006B02090403010101434E5310318065", "Italian Chambers of Commerce CNS (PKI)\nhttp://www.card.infocamere.it/infocard/pub/" }, - { "3BFF1800008131FE55006B0209040301010144534410318068", "ACA (Lawyer Identifier Card) (eID)" }, - { "3BFF1800008131FE55006B02090503010101434E5310318064", "Bit4id J-SIGN 2048 (L) (PKI)\nhttps://www.bit4id.com/en/j-sign/" }, - { "3BFF1800008131FE55006B02090603010101434E5310318067", "ST microelettronics JSign3 (HealthCare)" }, - { "3BFF1800008131FE55006B02090703010101434E5310318066", "Aruba digital signing card (eID)\nhttps://www.aruba.it" }, - { "3BFF1800008131FE55006B02091403010101434E5310318075", "Smart Card INFOCERT digital key CNS from CST PADOVA (eID)" }, - { "3BFF1800008131FE55006B02091613010101434E5310318067", "ANPR -- Ministero dell'Interno - Italia (PKI)" }, - { "3BFF1800008131FE55006B02091717010101434E5310318062", "Carta Nazionale dei Servizi (CNS) Centro Servizi Territoriali (CST) (PKI)\nhttp://cst.provincia.padova.it/category/faq/firma-digitale" }, - { "3BFF1800FF8031FE45534653452D43583332322D561803087C", "Giesecke & Devrient Sm@rtCafe Expert 2.0" }, - { "3BFF1800FF8031FE45536D4072744361666545787065727465", "Giesecke & Devrient SmartCafe 32K v1" }, - { "3BFF1800FF8131..456563............................", "Geldkarte (generic ATR)" }, - { "3BFF1800FF81313C4565630D02310250001090002600041009", "Maestrocard/Geldkarte (Postbank, Germany)" }, - { "3BFF1800FF81313C4565630D0231025000109001550004107B", "Volksbank VR-BankCard (GeldKarte)" }, - { "3BFF1800FF81313C4565630D02310250001090052900041003", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, - { "3BFF1800FF81313C4565630D023102500010900788000410A0", "HBCI-Karte (Berliner Sparkasse, Germany)" }, - { "3BFF1800FF81313C4565630D023102500010901382000410BE", "Bremer Karte ('Geldkarte und BSAG-Kundenkarte in einem.')\nhttp://www.bsag.de/4911.php" }, - { "3BFF1800FF81313C4565630D0231025000109014060004103D", "Geldkarte/HBCI(DDV-1) (Staedtische Sparkasse Offenbach, Germany)" }, - { "3BFF1800FF81313C4565630D0231025000109014440004107F", "Geldkarte/HBCI (Kreissparkasse Ebersberg, Deutschland)" }, - { "3BFF1800FF81313C4565630D0231025000109055700004100A", "EC-Card from DKB (Deutsche Kreditbank AG)" }, - { "3BFF1800FF81313C4565630D02310280001224300020041059", "Geldkarte (Germany)" }, - { "3BFF1800FF813150456563............................", "GeldKarte v3 (Germany)" }, - { "3BFF1800FF8131FE4065631116710156000F1309D0A957111B", "Harzer Volksbank eG bank card (girocard, V-PAY, debit card, Germany / Giesecke & Devrient, DG Nexolution, 10/22) (Bank)\nhttps://www.harzer-volksbank.de/privatkunden/girokonto-kreditkarten/bankkarte-v-pay.html" }, - { "3BFF1800FF8131FE4165630608710156000FB81026204712CD", "Fyrst Bank Card (Bank)\nhttps://fyrst.de" }, - { "3BFF1800FF8131FE4165630608710156000FB85073204712D8", "Commerzbank maestro (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/girokonten/kostenloses-girokonto/" }, - { "3BFF1800FF8131FE4165630608710156000FB8602AA0471231", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)\nhttps://www.postbank.de/" }, - { "3BFF1800FF8131FE4165630608710156000FB8C0442147127E", "Commerzbank Classic Kreditkarte Mastercard (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/kreditkarten/classic-kreditkarte/" }, - { "3BFF1800FF8131FE4165630608710156000FB8D044A04712EF", "Debitcard (Bank)" }, - { "3BFF1800FF8131FE41656306087102500023B80080C04712B2", "1822direct Bank Card (Bank)\nhttps://www.1822direkt.de" }, - { "3BFF1800FF8131FE41656306087102500023B8907360471271", "Debit card (Germany): Deutsche Kreditbank (DKB), ec-cash, (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, - { "3BFF1800FF8131FE4165631116710156000F0308B09957115B", "Debit card Sparkasse (Germany) (Bank)" }, - { "3BFF1800FF8131FE4165631116710156000F0902904E5711AC", "German Bank Card IDEMIA 9 Maestro/Girocard (Sparkasse S-Payment TPY 1974693D) (Bank)" }, - { "3BFF1800FF8131FE4165631116710156000F0908309A5711D2", "Bank card from German Bank 'Sparkasse', issued by manufacturer 'S-Payment GmbH' (Bank)" }, - { "3BFF1800FF8131FE4165631116710156000F16082024571163", "German Sparkasse with visa (Bank)\nhttps://www.sparkasse.de/lp/echtesmultitalent.html#alle-funktionen" }, - { "3BFF1800FF8131FE450031C573C00180547615020105900074", "SIGILANCE NFC OpenPGP Smart Card (JavaCard)\nhttps://www.sigilance.com/" }, - { "3BFF1800FF8131FE455448434331305445434F4744484E3224", "National Health Insurance Card, Taiwan" }, - { "3BFF1800FF8131FE455448434331305445434F4744494E3126", "National Health Insurance Card, Taiwan" }, - { "3BFF1800FF8131FE4565630D0450028000089009700005002A", "Landesbank baden-Wurttemberg Geldkarte" }, - { "3BFF1800FF8131FE4565630D07630528000D90810600061558", "Geldkarte/HBCI (Frankfurter Sparkasse, Germany)" }, - { "3BFF1800FF8131FE4565630D07630764000D........0615..", "Giesecke & Devrient GmbH\nROM Mask=SDP2G330.E_1 (BES0), SWP2G370.E_1 (CS0)\nInit-Table=ecD6.3\nSignaturerstellungseinheit ZKA TUVIT.09397.TU.03.2005 Banking Signature Card, v6.31 NP, Type 3\nTUVIT.09397.TU.03.2005" }, - { "3BFF1800FF8131FE4565630D07630764000D9058450006158C", "Stadtsparkasse Munchen electronic cash card / Geldkarte" }, - { "3BFF1800FF8131FE4565630D07630764000D907307000615E5", "Sparkasse Acchen HBCI Geld Karte" }, - { "3BFF1800FF8131FE4565630D07630764000D907432000615D7", "German HBCI-Banking Card with 'Geldkarte' from the bank 'Sparkasse Marburg-Biedenkopf'" }, - { "3BFF1800FF8131FE4565630D07630764000D90926100061562", "Geldkarte (Frankfurter Sparkasse, Germany)" }, - { "3BFF1800FF8131FE4565630D08650764000D........0616..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.5\nInit-Table=SWP3G5J0.E_1 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.51\nTUVIT.93129.TU.03.2006" }, - { "3BFF1800FF8131FE4565630D08650764000D9104900006160E", "German Railway's (Deutsche Bahn AG) 'Konzernausweis'" }, - { "3BFF1800FF8131FE4565630D0C760764000D9581200007300F", "Master Card Credit Card issued by WGZ bank (all german volksbank institutes use them)" }, - { "3BFF1800FF8131FE4565630D0C760764000D960361000730CF", "VR-Networld-Card with SECCOS-chip / Volksbank eG Konstanz\nfor Online-Banking (FinTS / HBCI-3.0 + EBICS; RD 01/12 NetWorld)" }, - { "3BFF1800FF8131FE456563110350028000082770020605018A", "old banking card (electronic-card / Maestro / Geldkarte) of the\n'Volksbank Gelderland eG' (around 2003)" }, - { "3BFF1800FF8131FE4565631105400250001055100303050043", "belongs to a banking card (electronic-card / Maestro / Geldkarte).\nthe bank calls it 'VR-BankCard'. the banks name is 'Volksbank\nGelderland eG' and is part of the 'Volksbanken und Raiffeisenbanken'\nhttp://www.vb-gelderland.de/html/5/2394/rubrik/1282.html" }, - { "3BFF1800FF8131FE45656311064002500010........0500..", "Gemplus-mids GmbH,\nROM Mask=ZKA 322 V5A,\nInit-Table=SWI1P070.E_0 (CS0),SDI1P080.E_1 (BES0),\nSignaturerstellungseinheit ZKASignaturkarte v5.02,\nTUVIT.09385.TU.09.2004" }, - { "3BFF1800FF8131FE4565631106400250001005500310050043", "HBCI-Karte (Bordesholmer Sparkasse, Germany)" }, - { "3BFF1800FF8131FE4565631106400250001019100420050028", "Stadtsparkasse Munchen HBCI card / Geldkarte" }, - { "3BFF1800FF8131FE4565631106400250001025600512050057", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, - { "3BFF1800FF8131FE4565631106400250001027300216050006", "GeldKarte from Sparkasse bank" }, - { "3BFF1800FF8131FE4565631106400250001027800325050084", "Volksbank VR-BankCard (GeldKarte)" }, - { "3BFF1800FF8131FE456563110640025000102850011105006D", "HBCI Bancing Card of Sparkasse Pforzheim" }, - { "3BFF1800FF8131FE45656311066202800011........0613..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.2,\nInit-Table=SDI1G280.E_1 (BES0),\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.2b NP & 6.2f NP, Type 3\nTUVIT.09395.TU.01.2005" }, - { "3BFF1800FF8131FE4565631106620280001106600304061387", "Geldkarte (Volksbank Offenburg, Germany)" }, - { "3BFF1800FF8131FE45656311066202800011165005170613B2", "FinTS (BBBank Karlsruhe, Germany)" }, - { "3BFF1800FF8131FE456563110662028000112090030906135C", "Geldkarte [ec, Maestro] (1822 direkt Frankfurter Sparkasse, Germany)" }, - { "3BFF1800FF8131FE45656311066202800011435001170613E3", "EC-Card of Sparkasse Pforzheim Calw" }, - { "3BFF1800FF8131FE45656311075102500010728000020620C6", "Maestro Card Deutsche Kredit Bank (DKB) / Germany" }, - { "3BFF1800FF8131FE45656311076402800011........0619..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.4\nInit-Table=SDI2G4G0.E_4 (BES0), SWI2G4H0.E_2 (CS0)\nSignaturerstellungseinheit ZKA 17.01.2006 Banking Signature Card, v6.4\nTUVIT.93123.TU.01.2006" }, - { "3BFF1800FF8131FE45656311084302500010........0530..", "Gemalto\nROM Mask=ZKA 680 V5A\nInit-Table=SSI3P3M6E_1 (MS0)\nMassen-Signaturerstellungseinheit ZKA Banking Signature Card, Version 5.11M\nTUVIT.93148.TU.06.2007" }, - { "3BFF1800FF8131FE4565631108430250001046500108053027", "HBCI-Karte (Sparkasse Altmark-West, Salzwedel, Germany)" }, - { "3BFF1800FF8131FE45656311084302500010847001040530C9", "HBCI Card (1822 direkt Frankfurter Sparkasse, Germany) Geldkarte [ec, Maestro]" }, - { "3BFF1800FF8131FE45656311086602800011........0620..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.6\nInit-Table=SDI3G6G0.E_3 (BES0), SSI3G6M0.E_2 (S0), SWI3G6H0.E_3 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, Version 6.6\nTUVIT.93130.TU.05.2006 - 2. Nachbestatigung" }, - { "3BFF1800FF8131FE45656311086602800011405003180620D4", "banking card (electronic-card / Maestro / Geldkarte). the bank+calls\nit 'S-Card' or 'Sparkassen-Card'. the banks name is 'Stadtsparkasse\nDuesseldorf' and is part of the 'Sparkassen-Finanzgruppe' (a finance\ngroup, network of local banks)." }, - { "3BFF1800FF8131FE4565631108660280001156000318062092", "Geldkarte [ec, Maestro] (Sparkasse Langen-Seligenstadt, Germany)" }, - { "3BFF1800FF8131FE4565631901500280000F........0512..", "SAGEM ORGA GmbH\nROM Mask=SecV1.5.3\nInit-Table=SDR0O1G0.A_B (BES0), SWR0O1H0.A_5 (CS0)\nSignaturerstellungseinheit ZKA SECCOS Sig v1.5.3\nBSI.02076.TE.12.2006" }, - { "3BFF1800FF8131FE4565631A01410250001052090567051021", "Maestro/Geldkarte (BBBank Karlsruhe, Germany)" }, - { "3BFF1800FF8131FE55006B02090200010101434E531031809F", "Carta Nazionale dei Servizi - InfoCamere" }, - { "3BFF1800FF8131FE55006B0209020001010144534410318092", "Postcom S.P.A. (digital certificate)" }, - { "3BFF1800FF8131FE55006B02090200011101434E531031808F", "Carta Regionale dei Servizi - Regione Lombardia" }, - { "3BFF1800FF8131FE55006B02090200011101434E531131808E", "Infocamere CNS" }, - { "3BFF1800FF8131FE55006B02090300011101434E531131808F", "Card description: Multiservice Card - CMCC - Arma Carabinieri (Carta Multiservizi)" }, - { "3BFF1800FF8131FE55006B02090303010101434E531031809D", "Aruba CNS for Regione Toscana (IT)\nhttp://www.regione.toscana.it\nAruba CNS for Infocamere (the Chambers of Commerce)" }, - { "3BFF1800FF8131FE55006B0209030301010144534410318090", "Postecert (www.postecert.it) to legally sign documents" }, - { "3BFF1800FF8131FE55006B02090303011101434E531131808C", "Infocert 1205* smart card\nUniversita' Degli Studi di Torino (Infocert)" }, - { "3BFF1800FF8131FE55006B0209040301010144534410318097", "J-Sign (STMicroelectronics S.r.l. - Incard Division) (JavaCard)" }, - { "3BFF1800FF8131FE55006B02091300024954494420203180D3", "electronic identity card (PKI)" }, - { "3BFF1800FF8131FE55006B02091301011101434E531131809E", "Service card of the Ministry of Defense of Italy" }, - { "3BFF1800FF8131FE55006B0209130301000150534510318094", "Italian Electronic ID Card (eID)\nhttp://www.interno.gov.it/mininterno/site/it/temi/servizi_demografici/scheda_006.html" }, - { "3BFF1800FF8131FE55006B02091303010101434E531031808D", "Aruba Digital Signature (Other)\nhttps://www.pec.it/offerta-firma-digitale.aspx" }, - { "3BFF1800FF8131FE55006B02091303011101434E531131809C", "Politecnico di Torino Student Card (eID)\nhttp://www.polito.it/" }, - { "3BFF1800FF8131FE55006B02091617011101434E531131808D", "Carta Regionale dei Servizi - Regione Autonoma Friuli Venezia Giulia (HealthCare)\nhttps://www.regione.fvg.it/rafvg/cms/RAFVG/GEN/carta-regionale-servizi/" }, - { "3BFF1800FF8131FE55006B02091717011101434E531131808C", "european health insurance card and Regional (ItalY - Provincia Autonoma di Trento) Service Card (CPS) (eID)\nhttps://www.provincia.tn.it/Servizi/Attivare-la-Carta-Provinciale-dei-Servizi-CPS#cos_e" }, - { "3BFF1800FF8131FE55006B42495434494420312E3000900091", "Touch&Sign 2048 (PKI)" }, - { "3BFF1800FF8131FE55006B42495434494420322E3000900092", "Izenpe Green Card (Citizen Certificate) (eID)\nhttp://www.izenpe.com/s15-12020/en/contenidos/informacion/ciudadano/en_def/index.shtml" }, - { "3BFF1800FFC10A31FE55006B0508C805011101434E531031800C", "Carta Regionale dei Servizi - Regione Lombardia" }, - { "3BFF1800FFC10A31FE55006B0508C809011101434E5310318000", "Carta regionale dei servizi - Regione Sicilia\nhttp://www.regione.sicilia.it/crs/index.asp" }, - { "3BFF1800FFC10A31FE55006B0508C80A011101434E5310318003", "Carta Regionale dei Servizi - Regione Lombardia" }, - { "3BFF1800FFC10A31FE55006B0508C80C011101434E5310318005", "Healthcare card (TS-CNS) - Provincia Autonoma di Trento\nUnified Healthcare card (TS-CNS) - Repubblica Italiana" }, - { "3BFF32000010808031E05B4742500000000000000255", "UK NatWest BT PayToView Mondex" }, - { "3BFF6700008131FE45FF43727970746E6F784649444F32305F", "Fast Identification Online card (FIDO2) from Cryptnox manufacturer (Other)\nhttps://www.cryptnox.ch" }, - { "3BFF9100FF918171FC40000A654B5450304432654B5450043D5B62", "Indonesian eID (eID)" }, - { "3BFF94000000434D425F55425369676E3030303215", "UBS Access Card used for online banking with UBS in Switzerland.\nIt resides in a calculator like token, that is used for a challenge\nresponse when logging in." }, - { "3BFF940000400A80310073122113574A330E01314100", "O2 Loop SIM card" }, - { "3BFF940000400A80310073122113574A330E02314100", "GSM-SIM Beeline RU (Telecommunication)\nhttp://beeline.ru" }, - { "3BFF940000400A80310073122113574A330E02324100", "Turkcell SIMPlus64 / Turkey" }, - { "3BFF940000400A80310073122113574A330E10314100", "GSM SIM MEDIONmobile (MVNO) the Netherlands (Telecommunication)" }, - { "3BFF940000801F478031E073FE210000000000830F900052", "Telecommunication SIM (Telecommunication)" }, - { "3BFF9400008131804380318065B0850201F3120FFF82900079", "Serbian Identity Card (eID)\nJava Card (Sealys MultiApp ID v2.1) supporting Global Platform 2.1.1" }, - { "3BFF9400008131FE4380318065B0846160FB120FFD8290000E", "IDPrime 930 FIPS Level 3 (T=1 CT=94) (BAI4) (PKI)" }, - { "3BFF9400008131FE4380318065B085040011120FFF829000E2", "DPI Card ID Guatemala Version 2018 (eID) (eID)\nhttps://www.renap.gob.gt" }, - { "3BFF940000C00AB1FE491F438031E073F62113573436434132302068", "Sonera UICC (Telecommunication)" }, - { "3BFF9400FF400A80310073122113574A332009314100", "Globul GSM operator card (Bulgaria) (Telecommunication)" }, - { "3BFF9400FF80B1FE451F030068D276000028FE052231800090001E", "Alice Business card (to be used in the modem supplied by an Italian provider)" }, - { "3BFF9400FF80B1FE451F030068D276000028FF051E318000900023", "D-Trust Signature Card (www.d-trust.net):\n- Citizencard of the People of Ulm in Germany (Burgerkarte)\n- Qualified Electronic Signature Card (Qualifizierte Signaturkarte)" }, - { "3BFF9400FFC00A1F438031E073362113574A43491C3130321C", "Giesecke & Devrient - UniverSIM Pegasus" }, - { "3BFF9400FFC00A1F478031E073F62113574A33200B314141D4", "SIM (Telecommunication)" }, - { "3BFF950000400A80310073122113574A330E10314100", "Verizon GSM SIM (Telecommunication)" }, - { "3BFF9500008031FE4380318067B0850201F3A3018301900045", "Swedish digital tachograph driver smart card (Other)\nhttps://www.transportstyrelsen.se/sv/vagtrafik/Yrkestrafik/Kor--och-vilotider/Fardskrivare/ansokan-om-forarkort/" }, - { "3BFF9500008031FE4380318067B0850201F3A3048301900040", "Company Card for authentication in tachograph applications (Other)\nhttps://ec.europa.eu/transport/modes/road/social_provisions/tachograph/tachonet_en" }, - { "3BFF9500008031FE4380318067B0850201F3A3138301900057", "Driver's Card (Tachograf card) issued by pwpw Poland (Transport)\nhttps://www.pwpw.pl/en/Products/Cards/Cards.html" }, - { "3BFF9500008031FE4380318067B0850201F3A3138301F83BFF", "UK Drivers Tachograph Card (Transport)" }, - { "3BFF950000C00A1F438031E073362113574A330E0231410088", "'BASE' SIM card; BASE is a german mobile phone operator, which is a brand of E-Plus, Germany." }, - { "3BFF95000150801C444E41535034323020526576533430", "Nagra card Canal+ (Polish TV provider) (Pay TV)\nhttps://pl.canalplus.com/" }, - { "3BFF95000150801C444E41535034323020526576533430F1", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, - { "3BFF95000150801C444E41535034323020526576533430F15D", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, - { "3BFF95000150801C444E41535034323020526576533441", "Platforma Canal+ Polska, cayman card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, - { "3BFF9500FF400A803100731A2113574A504860314147", "Vodafone 64 KB SIM with Javacard" }, - { "3BFF9500FF400A8031E873F62113674A474860314200", "Giesecke & Devrient STARSIM" }, - { "3BFF9500FF50801C444E41535034303020526576493431", "Pay TV card nc+ polish (seca with merlin layer) (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, - { "3BFF9500FF50801C444E41535034303020526576493435", "Decoder card for VOO TV distributer in Belgium (Pay TV)" }, - { "3BFF9500FF50801C444E41535034303020526576493439", "Big TV India (Pay TV)\nhttps://www.lyngsat.com/packages/Big-TV.html" }, - { "3BFF9500FF50801C444E41535034303020526576493441", "Pay TV - NC+ in Poland (Pay TV)\nhttp://ncplus.pl/" }, - { "3BFF9500FF50801C444E41535034303020526576493447", "Platforma Canal+ Polska, cameleon card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, - { "3BFF9500FF50801C444E4153503430302052657649344A", "Sat Tv (Nagra) (Pay TV)" }, - { "3BFF9500FF50801C444E41535034303020526576493548", "Canal+ France Nagra3 (Pay TV)\nhttps://www.canalplus.com/" }, - { "3BFF9500FF50801C444E41535034383220526576523038", "CANALSAT, mediaguard key (Pay TV)" }, - { "3BFF9500FFC00A1F438031E073362113574A3320073341411F", "Swisscom 3G SIM card" }, - { "3BFF9500FFC00A1F438031E073F62113574A334857314141E5", "MTNL 3G USIM (India)" }, - { "3BFF9500FFC00A1F438031E073F62113574A334861324147D6", "GSM SIM (issued by e-plus, Germany)" }, - { "3BFF9500FFC00A1F438031E073F62113574A554860324100F6", "GSM SIM from O2 Germany (UMTS ready) from 2005" }, - { "3BFF9500FFC00A1F478031E073F62113574A33200B314141D5", "Telenor SIM card (Norway)" }, - { "3BFF9600008031FE45536D40727443616665204578702E374E", "haruka (eID)" }, - { "3BFF9600008131804380318065B0850300EF12026C829000F9", "Authorization Card (eID)" }, - { "3BFF9600008131804380318065B0850300EF120FFF82900067", "Greek Academic ID (eID)\nhttp://academicid.minedu.gov.gr/" }, - { "3BFF9600008131804380318065B0850300EF12FFFE82900096", "Gematlo IDCore 8030 (JavaCard)" }, - { "3BFF9600008131804380318065B08503010F120FFF82900086", "Azerbaijan Republic National Identity Card (eID) (eID)\nhttps://www.mia.gov.az/" }, - { "3BFF9600008131804380318068B0850300EF780100829000F1", "Cameroon National Identity Card (eID)" }, - { "3BFF9600008131FE4380318065B0845651101201788290006A", "SafeNet eToken 5300 (PKI)" }, - { "3BFF9600008131FE4380318065B08456511012021082900001", "Nedap NexS N:Secure (eID)\nhttps://www.nsecure.nl/nl/" }, - { "3BFF9600008131FE4380318065B0846160FB120FFD8290000C", "IDPrime 930 FIPS Level 2 (T=1 CT=96) (BAI3.1) (PKI)" }, - { "3BFF9600008131FE4380318065B0846566FB12017882900085", "eToken 5110+ FIPS 140-2 Level 2 (JavaCard)" }, - { "3BFF9600008131FE4380318065B0846566FB120FFC8290000F", "SmartID 3930 FIDO Contact and Contactless card (PKI)\nhttps://www.smartcardfocus.com/shop/ilp/id~962/safenet-idprime-3930-fido-dual-interface-fips-l2/p/index.shtml" }, - { "3BFF9600008131FE4380318065B0846669FB12FFFE829000F1", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, - { "3BFF9600008131FE4380318065B085040011120FFF829000E0", "Pakistan National identity card (eID)" }, - { "3BFF9600008131FE4380318065B085040120120FFF829000D0", "Portuguese National Identity Card (eID) (eID)\nhttps://www.autenticacao.gov.pt/o-cartao-de-cidadao" }, - { "3BFF9600008131FE4380318065B085050011120FFF829000E1", "Portuguese autentication card (eID)\nhttps://www.autenticacao.gov.pt/web/guest/cc-aplicacao" }, - { "3BFF9600008131FE4380318065B08505003912017882900040", "Identicard for french advocates (eID)\nhttps://doc.ubuntu-fr.org/avocats_sur_ubuntu" }, - { "3BFF9600008131FE4380318065B0855956FB12017882900088", "SafeNet 5110 token for eSignature (eID)\nhttps://www.certsign.ro/en/support/safenet-installing-the-device-on-windows/" }, - { "3BFF9600008131FE4380318065B0855956FB120FFC82900002", "THALES SafeNet IDPrime 3940 Fido (PKI)\nhttps://cpl.thalesgroup.com/fr/resources/access-management/idprime-3940-product-brief" }, - { "3BFF9600008131FE4380318065B0855956FB120FFE82900000", "SafeNet eToken 5110 SC (PKI)\nhttps://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token" }, - { "3BFF9600008131FE4580F9A0000003080000100053454E54AC", "cac (eID)" }, - { "3BFF9600008131FE55006B02090403010101434E53103180EB", "Aruba PEC SpA digital signature card made by Incard (eID)\nhttps://www.pec.it/download-software-driver.aspx" }, - { "3BFF960000C00A31FE4380318065B085040011120FFF829000AB", "French National Identity Card (eID) (eID)\nhttps://www.interieur.gouv.fr/actualites/actu-du-ministere/nouvelle-carte-nationale-didentite" }, - { "3BFF9600FF8131FE406563111562025000100A0190A90730BF", "girocard Sparkasse Ansbach, Germany BLZ 76550000 (Bank)" }, - { "3BFF9600FF8131FE406563111562025000100A0271500730A4", "Debitcard Sparkasse Duesseldorf (Bank) (Bank)\nhttps://www.sskduesseldorf.de/" }, - { "3BFF9600FF8131FE406563111665025000100B22BBEB074080", "girocard contactless (Bank)" }, - { "3BFF9600FF8131FE4065631D02840156001F190850E10200EF", "Raiffeiesenbank Girocard Maestro (Bank)" }, - { "3BFF9600FF8131FE4065631D02840156001F2108B0A902007F", "Debit Card Sparda-Bank Baden-Wurttemberg eG (Bank)" }, - { "3BFF9600FF8131FE4065631D028401560024090A10CC0200AB", "Postbank Germany (Bank)\nhttps://www.postbank.de/privatkunden/services.html" }, - { "3BFF9600FF8131FE4065631D028402500023010A60D40200C9", "DKB Girocard (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, - { "3BFF9600FF8131FE4065631D0284025000230308C0B702000A", "German Debitcard from Sparkasse (Bank)" }, - { "3BFF9600FF8131FE4065631D0284025000230709E0F9020061", "Sparkasse Ingolstadt (Bank)" }, - { "3BFF9600FF8131FE4065631D0284025000231208A0EB020027", "Girocard (Bank)" }, - { "3BFF9600FF8131FE4065631D028402500023140710B80200CD", "Sparkasse Aachen - german Maestro/Girocard (S-Payment TGI 50380969) (Bank)" }, - { "3BFF9600FF8131FE4065631D028402500023150860DC0200D7", "Deutsche Kreditbank AG, Girocard (Bank)\nhttps://www.dkb.de" }, - { "3BFF9600FF8131FE4065631D028402500023160BB0C102001A", "debit card (Bank)" }, - { "3BFF9600FF8131FE4065631D0284025000232106F0ED02004C", "DKB Girocard (Bank)" }, - { "3BFF9600FF8131FE4065631D028402500023230900A80200F4", "Kreissparkasse girocard (Bank)" }, - { "3BFF9600FF8131FE4065631D038601560002130B90FE011034", "EC card from Raiffeisenbank im Hochtaunus, Germany (Bank)" }, - { "3BFF9600FF8131FE4065631D0386025000230808914F0110B8", "Debit card (Germany): ec-cash, GeldKarte(EUR), Visa, Cirrus (Bank)" }, - { "3BFF9600FF8131FE4065631D038602500023130981390110C4", "girocard contactless (Bank)" }, - { "3BFF9600FF8131FE456563060752025000103025411A064082", "DKB (Deutsche Kreditbank) girocard (V-PAY, GeldKarte) (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, - { "3BFF9600FF8131FE4565630D09710764000D00035450070181", "Commerzbank ServiceCard / Maestro / GeldKarte / Cirrus / girocard / CashGroup / electronic cash" }, - { "3BFF9600FF8131FE4565631901500280000F002B0046501172", "Sparkasse Bremen Germany HBCI DDV" }, - { "3BFF9600FF8131FE4565631901500280000F002F0025501115", "German Postbank Giro card with electronic cash, Maestro, GeldKarte features" }, - { "3BFF9600FF8131FE4D8031E06B0431050277555555555555EA", "IRMA card (eID)\nhttp://irmacard.org" }, - { "3BFF9600FF8131FE55006B02090403010101434E5310318014", "JavaCard Bit4Id (JavaCard)" }, - { "3BFF9600FF918131FE4D8031E06B043105027555555555555579", "algeria national identity card (eID)" }, - { "3BFF9600FFC00A1F438031E073362113574A43491C3130321E", "Giesecke & Devrient - UniverSIM Pegasus" }, - { "3BFF9600FFC00A31FE4D8031E06B04200502585555555555559F", "MULTOS (Other)" }, - { "3BFF9600FFC00A31FE4D8031E06B04310502A85555555555557E", "Multos (Other)" }, - { "3BFF9700008131FE4380318065B0846160FB120FFD8290000D", "IDPrime 3930 FIPS Level 3 (T=1 CT=97) (BAI6) (PKI)" }, - { "3BFF9700008131FE4380318065B08466693912FFFE82900032", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, - { "3BFF9700FFC00A31FE4D8031E06B04520502BB5555555555550F", "MULTOS Dual Interface Card - MC4-P23-S1 (Other)" }, - { "3F05DC20FC0001", "DigiCash Facility Card" }, - { "3F28000011140003689000", "SIMEMU - a DIY GSM SIM card\nhttp://simemu.cjb.net/" }, - { "3F2D0027A051827D00000052000C9000", "Porta Moedas Multibanco (Portugeese electronic purse)" }, - { "3F2F0036AF690204018000000A0E833E9F16", "SIM Card GSM (Telecommunication)" }, - { "3F2F008059AF0201013000000A0E83069F12", "Gemplus GemXplore" }, - { "3F2F008059AF02010230000C0A0E831E9F16", "GSM-SIM (900MHz) card of the carrier 'Mannesmann Mobilfunk' for\ntheir network 'D2-Privat' - now known as Vodafone Mobilfunk\nhttp://www.vodafone.de/" }, - { "3F2F008069AE0202013600000A0E833E9F16", "GSM-SIM e-plus (1800MHz)" }, - { "3F2F008069AF0204013600000A0E833E9F16", "Telia Mobitel GSM (Telecommunication)" }, - { "3F2F008069AF0204013600020A0E833E9F16", "GSM-SIM D2 CallYa (900MHz)" }, - { "3F2F008069AF0307015900000A0E833E9F16", "Nokia SIM Ph2 16K Ver2.0" }, - { "3F2F008069AF0307015900130A0E833E9F16", "Old Spanish Telefonica Movistar GSM SIM card manufactured by Gemplus" }, - { "3F2F008069AF0307015900240A0E833E9F16", "dialog romania now orange (Telecommunication)\nhttps://orange.ro" }, - { "3F2F008069AF0307035200000A0E833E9F16", "GemXplore 98 V1 16K" }, - { "3F2F008069AF03070352000D0A0E833E9F16", "GSM-SIM Debitel D2 (900MHz)" }, - { "3F2F008069AF0307035A00150A0E833E9F16", "Virgin Mobile SIM (Gemplus)" }, - { "3F36110053495B015153", "Sodexo Pass Lunch Card. An employee benefits card to provide meal tickets to workers. (Other)\nhttps://www.sodexo-benefits.it/prodotto/aziende/pausa-pranzo-aziende/pass-lunch-card/#tabsoluzioni" }, - { "3F3BF81300008131FE454A434F5076", "District6 Group employee ID (eID)" }, - { "3F3D1100806728500402200000838E9000", "GSM SIM card of the Austrian provider A1" }, - { "3F3E110046524543434941524F5353419000", "Trenitalia (Italy) fidelity card 'CartaFreccia' (Smartcard)" }, - { "3F3F94008069AF0307015900000A0E833E9F16", "Finnish SIM card from 'Radiolinja' now 'Elisa'" }, - { "3F6525....046C90.0", "Carte Bancaire (French banking card)" }, - { "3F65250024096B9000", "Old Postgirot/Plusgirot SmartSec bank ID card (Bank)" }, - { "3F65250024096E9000", "Oberthur Bull CP8 smart card. Russian 'Pochtovyj Bank' (Bank)" }, - { "3F6525002B09629000", "Coinamatic SmartyCity smartcard" }, - { "3F6525002B09699000", "Municipal parking meter card for the City of St. John's, NL, Canada.\nhttp://www.stjohns.ca/index.jsp" }, - { "3F6525002B09EB9000", "Bull Scot 5" }, - { "3F6525002[2C]09[F6]99000", "Sesam Vitale (French health card)" }, - { "3F65250052096A9000", "French carte Vitale" }, - { "3F6525005343689000", "'Flying Cow'- russian pirate CAM-card. (Pay TV)\nhttp://mxc.do.am/publ/collection/viewing_card_smart_karty_sputnikovogo_veshhanija/flying_cow_smart_card/13-1-0-25" }, - { "3F652500A[34]096A9000", "Sesam Vitale (French health card)" }, - { "3F6525082204689000", "France Telecom card (ex Pastel card)" }, - { "3F6525082304689000", "France Telecom card" }, - { "3F6525083304209000", "D-Trust card" }, - { "3F65250843046C9000", "CB visa La Poste France (Oberthur)\nCB visa Societe Generale France (Oberthur)" }, - { "3F65250863046C9000", "CB visa La Poste France (Oberthur)\nCB Master Carte du Credit Mutuel" }, - { "3F65250865046C9000", "CB visa Boursorama France (Axalto)" }, - { "3F6535100.04[6,E]C9000", "Postcard (Switzerland)" }, - { "3F6535100104EC9000", "Old Swiss Postbank card (Bank)" }, - { "3F6535640104689040", "Bull AFNOR-positioned microprocessor chip card 'Carte Pastel Internationale' by France Telecom (Other)\nhttp://phonecards.free.fr/carte_pastel.htm" }, - { "3F6535640204689040", "Carte Pastel Nationale - nominal France Telecom service card with Bull CP8 chip in AFNOR position (Other)" }, - { "3F65356402046C9040", "Postcard (Switzerland)" }, - { "3F6725002120000F689000", "Smart Builder 'your kit for PC/SC applications' and Bull\nhttp://www.cp8.bull.net/" }, - { "3F6725002120000F789000", "Bank Nederlandse Gemeenten, BNG Data Services" }, - { "3F67250026140020689000", "Pay-TV card from Casema Cable Television, Netherland" }, - { "3F6725002A20000F689000", "Carte Grand Voyageur (SNCF: French train company)" }, - { "3F6725002A200040689F00", "Swiss Cash card\nChipknip SNS Bank (banking card)" }, - { "3F6725002A200041689000", "ChipKnip" }, - { "3F6725002A20004[01]689000", "Dutch ChipKnip, Proton\n(chip Bull CC 60 V1, Bull CC 60 V2 or Bull CC 1000)" }, - { "3F67250421200007689000", "Philips TB100 (C-MOS chip)" }, - { "3F672F0011140001689000", "FilmNet(Sweden, 1984-1997) (Pay TV)" }, - { "3F672F0011140003689000", "D2MAC/Eurocrypt (Pay TV)" }, - { "3F672F0411200000689000", "BULL HN ITALIA 06/92 - 100.000 - 64MP\nLa Sapienza - Universita' di Roma" }, - { "3F69000024AF01700101FF9000", "French GSM SIM card (900MHz)" }, - { "3F69000025AF01700103FF9000", "French Gift Card (Loyalty)" }, - { "3F6A000000640150010C820101A9", "Credit Card cafe Selecta" }, - { "3F6B150002A007906F4D59000C9000", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, - { "3F6C000024A03000FF00000100049000", "Gemplus MCOS 16K DES Sample Card" }, - { "3F6C000025A0308976000001030C9000", "MCOS 24Ko Gemplus (eID)" }, - { "3F6C000025A0308976000004010C9000", "MCOS 24k EEPROM" }, - { "3F6C000025A03100FF00000180049000", "Motorola Clone Card (Telecommunication)\nhttp://web.mclink.it/MK0750/Motorola_files/docuclon.txt" }, - { "3F6C00003CA0309E6100000100049000", "Gemplus - British Gas - Gascard" }, - { "3F6C00003CA030A758000001018C9000", "Rendezvous Series 7 (D2-Mac satellite TV card)" }, - { "3F6C00003DA030BE4100370100049000", "Sberbank (Bank)" }, - { "3F6D000080318065B00501025E83009000", "Gemplus GemXpresso 211PK or 211PK-IS" }, - { "3F6D000080318065B00501025E92009000", "Gemplus GemXpresso 32K" }, - { "3F7613250421B0114A5003", "DSS/DTV F (P1; first generation access card) (Pay TV)" }, - { "3F77130000C11400A2689000", "Boxer DTV Sweden (Pay TV)\nhttp://www.boxer.se" }, - { "3F77180000C11400A2689000", "Viacess card HRT (Hrvatska Radio Televizija)" }, - { "3F77180000C11401A2689000", "VIA 2.6 XXX (Pay TV)" }, - { "3F77180000C21400C1689000", "Viaccess Sexview" }, - { "3F77180000C2474000689000", "Viacces card: SRG SSR idee suisse" }, - { "3F77180000C27A4102689000", "Viacces card: SRG SSR idee suisse" }, - { "3F77180000C27A4202689000", "SCT (Via Access)" }, - { "3F77180000C27A4302689000", "DORCEL (Via Access)" }, - { "3F77180000C27A4402689000", "XXX Redlight_HD (Viaccess)" }, - { "3F77180000C2EB41026C9000", "Elite HD10+ (Pay TV)\nSatellite cryptoworks card - Smart card Viaccess (Telesat - belgium) (Pay TV)" }, - { "3F77180000C2EB45026C9000", "facetv (Other)" }, - { "3F77180000D38A4001649000", "Skylink Viaccess 5.0 (Pay TV)\nhttp://www.skylink.sk/" }, - { "3F77180000D38A4201649000", "Satellite decoder card for TV Vlaanderen (Other)\nhttps://www.tv-vlaanderen.be" }, - { "3F77180000DAAC4114649000", "Fransat PC7 (Pay TV)\nhttps://www.fransat.fr/" }, - { "3F7718250029140062689000", "Viaccess card" }, - { "3F7812250140B0034A50204855", "DSS/DTV H" }, - { "3F7813250340B020FFFF4A5000", "DSS/DTV P4" }, - { "3F7D11250241B00369FF4A50F08000565403", "Viasat Baltics Videoguard card (Pay TV)" }, - { "3F7E11250521B01200004D59000000534B0900", "Sky Viewing Card (Gen 9) (Pay TV)" }, - { "3F7E11250540B00800004D59000000534B0B07", "BSkyB Series 11 (DSS satellite TV card)" }, - { "3F7E11250540B00800004D59000000534B0B08", "Sky Series 11 (DSS satellite TV card)" }, - { "3F7E11250940B00100004D59000003534B0A01", "Sky Series 10 (DSS satellite TV card)" }, - { "3F7F11250333B00969FF4A507000005654010000", "Viasat Baltic (satellite card, NDS)" }, - { "3F7F11250540B00F69FF4D59000000534B0C0600", "Sky Series 12 (DSS satellite TV card)" }, - { "3F7F13250140B01069FF4A5001474C0000000000", "NDS Smartcard (Pay TV)" }, - { "3F7F13250240B00C69FF4A50C000005253000000", "Stream Italy NDS 1 (Pay TV)" }, - { "3F7F13250240B01269FF4A5090474C0000000000", "NDS VideoGuard GL23 Card (Sky Brazil) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, - { "3F7F13250240B01269FF4A509054560000000000", "NDS Smartcard (Pay TV)" }, - { "3F7F13250241B004FFFF4A508080000000475806", "NDS card DIRECTV (Other)" }, - { "3F7F13250241B00EFFFF4A508080000000474C07", "SKY BRASIL (Pay TV)" }, - { "3F7F13250333B00669FF4A50D000005359000000", "Sky 2005/6 (DSS satellite TV card)" }, - { "3F7F13250333B01169FF4A505000004956010000", "Indonesia Videoguard 2 card" }, - { "3F7F13250333B01169FF4A505000005344010000", "STAR TV (Pay TV)" }, - { "3F7F13250338B004FFFF4A500000294855......", "DSS/DTV HU" }, - { "3F7F13250340B00B694C4A50C000005359000000", "Sky Digital (DSS satellite TV card)" }, - { "3F7F13250540B01169FF4A500000004754000C00", "YES DBS Israel Videoguard 090C,090D" }, - { "3F7F15250333B01169FF4A505000004956010000", "Sky Germany V13 Smartcard (Pay TV)" }, - { "3F961880018051006110309F", "Atmel/Athena T0 Inverse Convention PC/SC Compliance Test Card No. 2" }, - { "3FEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, - { "3FFA1125040001B00200004D59008180", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, - { "3FFA1125050001B0023B364D59028090", "HackTV SKY11 PIC16F84 card (Other)\nhttps://github.com/captainjack64/hacktv" }, - { "3FFA1125050001B0023B404D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, - { "3FFA1125050001B0023BD04D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, - { "3FFD11250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland G02 (Pay TV)" }, - { "3FFD11250250800F41B00A69FF4A507080005A4503", "Buypass smart card (Bank)\nhttps://www.buypass.no/bruker/buypass-id/buypass-smartkort" }, - { "3FFD11250250800F41B00D69FF4A50F08000565403", "Viasat (Pay TV)" }, - { "3FFD11250250800F41B00F69FF4A50F080005A4A03", "Telekom Romania Communications (DVB-C) (Pay TV)\nhttps://www.telekom.ro/" }, - { "3FFD13250250000F33B00F69FF4A50D00000535902", "Sky Digital (DSS satellite TV card) 2009 issue" }, - { "3FFD13250250000F33B01669FF4A50D08000535903", "Sky TV Multiroom (Pay TV)" }, - { "3FFD13250250800F..B0..69FF4A50D08000495403", "Sky (Italy) VideoGuard CAM card" }, - { "3FFD13250250800F33B008FFFF4A50900000474C01", "Sky (Brasil) VideoGuard CAM card" }, - { "3FFD13250250800F33B008FFFF4A50900000545601", "NDS Videoguard TV CAM card (Sky Mexico 0905) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, - { "3FFD13250250800F41B00A69FF4A50F00000503103", "Sky Germany V14 NDS card (Pay TV)\nhttp://www.wikipedia.org/wiki/Sky_Deutschland" }, - { "3FFD13250250800F41B00F69FF4A50F080005A4A03", "Orange Romania (DVB-C) (Pay TV)\nhttps://www.orange.ro/" }, - { "3FFD13250250800F55B00269FF4A50F08000503103", "SKY DE V15 (Pay TV)" }, - { "3FFD14250150000F33B00BFFFF4A50800000475801", "DirecTV card" }, - { "3FFD14250250800F41B00A69FF4A507080004E5A03", "Sky Network Televisiton Limited (New Zealand) card for new (2016) decoder. Reportedly, this is a Kaon NS1120-500 box. (Pay TV)\nhttp://www.sky.co.nz" }, - { "3FFD14250250800F41B00D69FF4A50F08000425203", "Airtel Digital TV (Pay TV)" }, - { "3FFD15250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland (G02) (Pay TV)\nhttps://www.kabeldeutschland.com" }, - { "3FFD15250250800F41B00569FF4A50F00000415A03", "astro Pay TV Measat 91.5 E Caid: 0910 Provider: 000000" }, - { "3FFD15250250800F41B00A69FF4A50F00000503103", "Sky Germany [NDS|V14] (098C:000000) (Pay TV)" }, - { "3FFD15250250800F41B00D69FF4A50F08000414A03", "beIN Sports Arabia NDS (09B5:000000) (Pay TV)" }, - { "3FFD15250250800F41B00D69FF4A50F08000565403", "TVPLAY HOME (Pay TV)\nhttps://www.tvplayhome.lt/" }, - { "3FFD15250250800F55B00269FF4A50F08000503103", "Sky Germany [NDS|V15] (098D:000000) (Pay TV) (Pay TV)\nhttp://www.sky.de" }, - { "3FFDFF250250800F54B00469FF4A50D08000495403", "SKy italia (Pay TV)" }, - { "3FFE142503108041B00769FF4A5070804245544114", "OSN (Pay TV)\nhttps://www.osn.com" }, - { "3FFF112503108041B00669FF4A50700000415A010011", "Astro (Pay TV)\nhttp://www.astro.com.my" }, - { "3FFF112503108041B00769FF4A507000005031010011", "Sky (Germany) VideoGuard CAM card (www.sky.de)" }, - { "3FFF13250250800F54B003FFFF4A508000000000474C05", "Sky (Brasil) VideoGuard CAM card" }, - { "3FFF132503108033B00E69FF4A507000004954020000", "Sky entitlement card" }, - { "3FFF132503108033B01069FF4A507000004E5A010000", "NDS SKY NZ (Pay TV)" }, - { "3FFF13250B50000F33B00469FF4A50E000005335000000", "Stream TV (IP television) decoder card, provided by stream.ru ISP in Moscow" }, - { "3FFF13250B50000F33B00469FF4A50E000005438000000", "Stream TV (IP television) decoder card, provided by aon (Telekom Austria) TV card, contains Incorporated NDS Videoguard (TM) security system" }, - { "3FFF142503108033B01069FF4A507000004352010000", "Russian cable TV AKADO NDS Card (Pay TV)\nhttp://www.akado.ru/" }, - { "3FFF142503108033B01069FF4A507000005A45010000", "Norwegian DVB-C provider Get (www.get.no). NDS Videoguard security card." }, - { "3FFF142503108041B00169FF4A507000005356010000", "Tata Sky India Card (Telecommunication)" }, - { "3FFF142503108041B00169FF4A507000005A48010000", "'D-Smart' NDS from Turkie" }, - { "3FFF142503108041B00169FF4A507000005A4A010000", "Dolce by RomTelecom (Pay TV)" }, - { "3FFF142503108041B00169FF4A507000005A4B010000", "Pay TV, Viasat Ukraine" }, - { "3FFF142503108041B00269FF4A507000004252010000", "airtel (Pay TV)" }, - { "3FFF142503108041B00269FF4A50708000414F010014", "Pay TV" }, - { "3FFF142503108041B00769FF4A507080005844010014", "NDS vivacom Bulgaria card (Pay TV)\nhttps://www.vivacom.bg/bg/tv" }, - { "3FFF142503108041B00769FF4A5070800058440100FF", "Provider Vivacom Bulgaria NDS (Pay TV)\nhttp://www.vivacom.bg/en/satellite-services" }, - { "3FFF142503108041B00769FF4A507080005845010014", "Sat TV (Other)" }, - { "3FFF142503108054B00169FF4A507000004B57010000", "PayTV Card Kabel BW (www.kabelbw.de), Encryption: NDS by Videoguard, Distribution Standard: DVB-C" }, - { "3FFF152503108041B00769FF4A507000005031010015", "Sky (Germany) VideoGuard CAM card (www.sky.de) in Fast Mode (ins7e11=15) (Pay TV)" }, - { "3FFF3F3F3F3F003F3FFF3F3F3F3F3FFF3FFF953FFF953FFF", "Premium joker card to see Spanish TDT premium (goltv)" }, - { "3FFF9500FF918171..4700..4.4.....3.3.3.20..657.........", "Nagravision TV CAM card\nhttp://en.wikipedia.org/wiki/Nagravision" }, - { "3FFF9500FF918171..47004E434D45443.303.20526576..3.3...", "Mediaset Premium (Italy) CAM card" }, - { "3FFF9500FF918171644700444E41535030303320526576333233FF", "Satellite TV Card 'Via Digital' (Nagra)" }, - { "3FFF9500FF918171A04700444E4153503031302052657641323048", "DSS/DISH ROM10" }, - { "3FFF9500FF918171A04700444E4153503031302052657641323149", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/" }, - { "3FFF9500FF918171A04700444E4153503031312052657642", "NTL digital TV card (Nagravision)" }, - { "3FFF9500FF918171A04700444E415350303131205265764230364E", "Telewest Broadband (Nagravision)" }, - { "3FFF9500FF918171A04700444E415350303131205265764230423A", "NagraVision card for StarHub Digital Cable DVB-C Singapore" }, - { "3FFF9500FF918171A04700444E415350303131205265764230443C", "NagraVision card for Virgin Media in the UK" }, - { "3FFF9500FF918171A04700444E415350313830204D657230303028", "NagraVision (VG04) for Virgin Media (UK)\nNagraVision 3 for DigiTV (Romania)\nhttp://www.rcs-rds.ro/televiziune-digi-tv/satelit" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641303114", "TVA Digital - Nagra Vision ID TV-01" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641303712", "UPC Austria/UPC-Cablecom Switzerland, digital television encryption card\nhttp://www.upc-cablecom.ch/" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641323215", "UM01 card from German Unitymedia cable TV provider" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641343514", "Telenet N.V. HDTV Decoder Card Belgium" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641433365", "Brazilian NET Digital (Cable TV provider) - Nagra Vision 'NASP110 RevA01'" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647303216", "Polsat Nagra3\nBrazil - Claro TV Nagra3 Red" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647303410", "Nagra 3 Card - Telefonica Brazil Green" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647303612", "UM02 card from German Unitymedia cable TV provider" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647433463", "HD+ card used by the satellite company astra for decryption of the HDTV channels of RTL, VOX, Sat1 and ProSieben. Nagravision V3 is used for the encryption." }, - { "3FFF9500FF918171FE4700444E415350313830204D65724A30320E", "Nagra 3 Digital Plus Spain" }, - { "3FFF9500FF918171FE4700444E415350314130204D65725332336D", "Ziggo (Pay TV)" }, - { "3FFF9500FF918171FE4700444E41535032343120447368", "DISH Network G3 (Pay TV)" }, - { "3FFF9500FF918171FE4700444E415350323431204473684830390C", "Dish Network Smart Card (Pay TV)" }, - { "3FFF9500FF918171FE47004E434D4544303041205265764130316C", "Mediaset Premium (Italy) 2013" }, - { "3FFF9500FF918171FE47004E434D4544303043205265764330306D", "Mediaset Premium rechargeable (Pay TV)\nhttp://www.mediasetpremium.it/" }, - { "3FFF9500FF918171FE47005449474552363031205265764D383013", "Spanish pay TV card for GOLTV" }, - { "3FFF9500FF918171FE5700444E415350314230204D657257323079", "Vodafone HUNGARY (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323113", "Nagravision D08 / KD-31 Vodafone Cable Germany (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323210", "Telenet CI+ card Belgium (Pay TV)\nhttps://www2.telenet.be/nl/tv-met-een-kaartje/" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323517", "New ROM of Nagra PayTV Card DNASP410 (Pay TV)\nhttp://en.wikipedia.org/wiki/Nagravision" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323715", "New Digi Slovakia (Pay TV)\nhttps://www.lyngsat.com/packages/Digi.html" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651324260", "Nagravision Kudelski Generation 7 card Rom410 MerQ2B (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651325371", "Slovak and Czech pay TV provider Slovak Telecom (Pay TV)\nhttp://www.flysat.com/novadigi-sk.php" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653363017", "HD+ HD04b Card (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653363413", "claro card honduras central america 'NAGRA' (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653364166", "NAGRA KUDELSKI (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653364265", "Nagra Kudelski / Canalsat Reunion (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503435302052657657363014", "HD+ HD05 Paytv smartcard (Pay TV)" }, - { "3FFF9500FF918171FE5700444E415350343832205265765232361C", "Max Tv Croatia (Pay TV)\nhttps://www.lyngsat.com/packages/Max-TV.html" }, - { "3FFF9500FF918171FE5700444E415350353532204473684E30391F", "Dish Network ROM552 (Pay TV)" }, - { "3FFF9500FF918171FE5700444E415350353532204473684E304264", "Dish Network (Satellite Pay TV) NASP 552 (Pay TV)\nhttp://www.dishnetwork.com/" }, - { "3FFF9500FF918171FE5700444E415350353533205265764E304178", "BELL CA EXPRESS VU CARD (Pay TV)" }, - { "3FFF9500FF918171FF4700444E4153505330312044736836303916", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/\nCards were obsoleted in nationwide system update in 2009." }, - { "3FFF9500FF918171FF4700444E4153505330312052657636343702", "BELL EXPRESSVU (Pay TV)" }, - { "3FFF9500FF918171FF470054494745523030332052657632353064", "Tivu' Sat (Italy) CAM card www.tivu.tv" }, - {NULL, "n/a"} - }; + { "3B9F96803F87828031E073FE211F574543753130136502", "sysmoEUICC1-Cxx - eUCICC for econsumer eSIM RSP (Telecommunication)\nhttps://sysmocom.de/products/sim/sysmocom-euicc/index.html" }, + { "3B9F96803F87828031E073FE211F574543753130266F3D", "An eSIM physical card, you can write eSIM profiles into it and use it as a general SIM (Telecommunication)\nhttps://www.9esim.com/" }, + { "3B9F96803FC3A08031E073F62113574A4D0E1D31300071", "Telenor SIM card (Norway)" }, + { "3B9F96803FC6A08031E073F62116574A4D020B34546369", "SIM card Wingo operator (Switzerland) (Telecommunication)" }, + { "3B9F96803FC7008031E073FE211B6408050300829000EF", "Multipurpose UICC card for 2G, 3G, 4G/LTE, CDMA, ISIM & NFC (Telecommunication)\nhttp://www.smartjac.biz/index.php/component/eshop/telecom/test-uicc-sim-cards/2ff-mini-sim-cards/4g-open-multipurpose-uicc-card-3ff?Itemid=0" }, + { "3B9F96803FC7008031E073FE211F6441262100829000A3", "Smartjac SMAOT100A234FF (Telecommunication)\nhttps://smartjac.com" }, + { "3B9F96803FC7828031E073F62157574A330581053000CE", "COMPRION M2M eUICC (Telecommunication)" }, + { "3B9F96803FC7828031E073F62157574A4D020B60010069", "eSIM GSMA Card (Telecommunication)\nhttps://www.gsma.com/newsroom/wp-content/uploads/SGP.22_v2.2.pdf" }, + { "3B9F96803FC7828031E073F62157574A4D020B60610009", "ting (Telecommunication)" }, + { "3B9F96803FC7828031E073FE211B57AA8660F0010004FB", "The eSIM.me Card (Telecommunication)\nhttps://esim.me/" }, + { "3B9F96803FC7828031E073FE211B57AA8660F0010011EE", "eSIM.me pluggable eSIM (Telecommunication)\nhttps://esim.me/" }, + { "3B9F96803FC7828031E073FE211B57AA8660F0010017E8", "eSim.me Orange Setup (Telecommunication)" }, + { "3B9F96803FC7828031E073FE211B57AA8660F001001EE1", "5Ber (Telecommunication)\nhttps://esim.5ber.com" }, + { "3B9F96803FC7828031E073FE211B633A204E8300900031", "eSIM (Telecommunication)" }, + { "3B9F96803FC7828031E075F62157200355020B60500018", "iPhone 11 SIM Slot eUICC chip. Identified by eSTK.me. (Telecommunication)" }, + { "3B9F96803FC7828031E075F62157200355020C608000CF", "ST33J2M0STL9DZB0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, + { "3B9F96803FC7828031E075F62157210355020B60010048", "ST33G1M2STL8ENL0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, + { "3B9F96803FC7828031E075F62157210355020B60500019", "st33g1m2 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, + { "3B9F96803FC7828031E075F62157210355020C608000CE", "ST33J2M0STL9DZB1 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, + { "3B9F96803FC7828031E075F621573C0455020C61010054", "euicc from iphone14 (Telecommunication)" }, + { "3B9F96803FC7A08031E073F62116574A4D020233456377", "ISIS-Ready T-Mobile Sim Card (Telecommunication)" }, + { "3B9F96803FC7A08031E073F62156574A4D020B3444005B", "Norwegian telenor (Telecommunication)\nhttp://www.telenor.no" }, + { "3B9F96803FC7A08031E073F62157574A4D020B34546329", "Orange FR - opa (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211B63F100E8830090005E", "UICC CARD (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211B6407689A00829000B4", "Orange SIM Card (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211B64080503008290004F", "NFC-enabled SIM card of MTS Russia. (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211F6300690083819000AB", "GSM file system and SWP sample supplied with STMicro development kit (Other)" }, + { "3B9F96803FC7A08031E073FE211F6441269100829000B3", "LTE Lab SIM Ver 1.3 (Telecommunication)" }, + { "3B9F968131FE458065544312210831C073F6218081059A", "Scientific and Technological Research Council of Turkey (test card) (eID)" }, + { "3B9F968131FE45806755454B41451212318073B3A180EA", "AKiS v1.2 on nxp chip" }, + { "3B9F968131FE45806755454B41451252318073B3A180AA", "AKiS v1.2.1 on infineon chip" }, + { "3B9F968131FE45806755454B41451253318073B3A180AB", "AKiS v1.2.1 on nxp chip" }, + { "3B9F968131FE45806755454B41451292318073B3A1806A", "AKiS v1.2.2 on infineon chip" }, + { "3B9F968131FE45806755454B41451293318073B3A1806B", "AKiS v1.3 on infineon chip" }, + { "3B9F968131FE5D00640428010231C073F701D000900065", "German eTicketing SAM (Transport)\nhttps://www.eticket-deutschland.de/" }, + { "3B9F968131FE6D00640428010231C073F701D000900055", "VDV-KA Secure Access Module (German Public Transport) (Transport)\nhttps://www.eticket-deutschland.de/" }, + { "3B9F968131FE9D006405A0030431C073F701D000900028", "Deutsche Telekom AG, TeleSec PKS ECC Signature Card (PKI)\nhttps://www.telesec.de/en/signaturecard" }, + { "3B9F9681B1FE451F070064051EB20031B0739621DB0590005C", "SignTrust (www.signtrust.de)\nInfinion SLE66CX680PE with Starcos 3.2\nhttp://www.deutschepost.de/dpag?xmlFile=link1015459_49595" }, + { "3B9F9681B1FE451F070064051EB20331B0739621C005900044", "German Dentist ID (eID)" }, + { "3B9F96C00A1FC38031E073FE211B63F100AD830F9000DA", "SIM SFR Pro (French Mobile Operator)" }, + { "3B9F96C00A1FC68031E073FE211F65D00233131B810FFA", "Tinkoff SIM card (Telecommunication)" }, + { "3B9F96C00A1FC78031E073FE211B63F100AD830F9000DE", "H3G (Italy) UMTS USIM card" }, + { "3B9F96C00A1FC78031E073FE211B65D0011009228100F3", "Verizon 4G LTE SIM Card (Telecommunication)\nhttp://www.verizonwireless.com/support/information/4gsim.html" }, + { "3B9F96C00A1FC78031E073FE211B65D0018E0E3281007A", "Rogers 3G SIM card" }, + { "3B9F96C00A1FC78031E073FE211F65D0020912EE810F35", "German SIM card Drillisch (Telefonica) (Telecommunication) (Telecommunication)\nhttps://www.drillisch-online.de/" }, + { "3B9F96C00A1FC78031E073FE211F65D0020914F9810F24", "CONNEXA SIM CARD (Telecommunication)" }, + { "3B9F96C00A1FC78031E073FE211F65D0020B11A4810F7E", "Telia Finland Oyj, network operator LTE (Telecommunication)" }, + { "3B9F96C00A1FC78031E073FE211F65D013370F3B810FD2", "Gemalto Security Element (PKI)" }, + { "3B9F96C00A31FE45435431690B010001000000000000000D", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, + { "3B9F96C00A31FE45754A6176656C696E2D4F5320312E3051", "Vietnam ID Card (eID)" }, + { "3B9F96C00A3FC6A08031E073FE211B65D001740EEB810FD7", "Verizon '4G LTE' USIM (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211B65D001740F13810F2E", "SFR GSM SIM Card (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211B65D001740F50810F6D", "5G (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211F65D001900F3B810FE6", "Verizon US USIM card (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211F65D00209107C810F24", "GSM SIM Vodafone NL postpaid NFC+ (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211F65D0021B12B7810FFF", "SIM Card Fastweb IT GSM mobile network (Telecommunication)" }, + { "3B9F96C00A3FC7828031E073FE211F65D00209146C810F13", "euicc (eID)" }, + { "3B9F96C00A3FC7A08031E073FE211B65D001740E8D810FB0", "USIM" }, + { "3B9F96C00A3FC7A08031E073FE211B65D001740EE3810FDE", "EE (UK) Mobile Phone SIM Card circa 2016 (Telecommunication)" }, + { "3B9F96C00A3FC7A08031E073FE211B65D001740F13810F2F", "Phone card sim (Telecommunication)" }, + { "3B9F96C00A3FC7A08031E073FE211F65D0021A12AB810FE3", "Orange SIM (Telecommunication)" }, + { "3B9F96C00A3FC7A08031E073FE211F65D0021B12B7810FFE", "ISPL Card (Telecommunication)" }, + { "3B9F96C0F031FE45754A6176656C696E2D4F5320312E30AB", "ATKey.Card NFC Bio-ID (eID)" }, + { "3B9F97801FC68031E073FE211B6441442100829000E5", "SAKURA Internet SIM (Telecommunication)\nhttps://www.sakura.ad.jp/services/sim/" }, + { "3B9F97801FC68031E073FE211B65CA010E060B81059E", "rain Networks - R15 4G Sim Card (Telecommunication)\nhttp://www.rain.co.za" }, + { "3B9F97801FC78031E073FE211367980801120401045B", "Tmobile Sim card (Telecommunication)" }, + { "3B9F97801FC78031E073FE211367980801120601065B", "Tmobile (Telecommunication)" }, + { "3B9F97801FC78031E073FE2113679814010202010257", "Orange SIM from Egypt (Telecommunication)" }, + { "3B9F97803FC6828031E073FE211F630089008381900069", "ST4SIM-200M (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st4sim-200m.html" }, + { "3B9F97803FC7828031E073FE211F640856210082900019", "eSIM card (Telecommunication)" }, + { "3B9F97803FC7828031E073FE211F6409069200829000FB", "Ubigi Transatel esim (Telecommunication)" }, + { "3B9F978131FE458065544312210831C073F621808105", "Republic of Turkey Identity Card (eID)\nhttps://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, + { "3B9F978131FE458065544312210831C073F62180810590", "Turkish National Electronic Identity Card - TCKK (eID)\nhttp://www.ekds.gov.tr" }, + { "3B9F978131FE458065544312210831C073F6218081059B", "Turkish Republic Identity Card - Turkiye Cumhuriyeti Kimlik Karti (TCKK) (eID)\nhttp://www.ekds.gov.tr/tckk/t-c-kimlik-karti/tanim" }, + { "3B9F978131FE4580655443D2210831C073F6218081055B", "Turkish Republic official electronic ID card with biometric data, e-signature, authentication, secure private-key cryptographic messaging, etc. (eID)\nhttp://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, + { "3B9F978131FE4580655443D3228231C073F621808105D3", "Turkish eID (Turkiye Cumhuriyeti Kimlik Karti) (eID)" }, + { "3B9F97C00A1FC68031E073FE211F65D00233150E810FE8", "SIM Card (Telecommunication)" }, + { "3B9F97C00A1FC78031E073FE211B65D0011009228100F2", "'ultra fast card, max speed supported for telecom'? (transport)" }, + { "3B9F97C00A1FC78031E073FE211B65D001900F3B810F62", "Gemalto Multi-SIM consumer 4.2 (ST33I1M2) (Telecommunication)" }, + { "3B9F97C00A3FC6828031E073FE211B65D0023314A5810FE4", "Thales eUICC French Ministry BAP v2 (Telecommunication)" }, + { "3B9F97C00A3FC6A08031E073FE211B65D001740EEB810FD6", "Verizon 4G LTE Micro SIM (Telecommunication)" }, + { "3B9F97C00A3FC6A08031E073FE211F65D0021B13F6810FBE", "Verizon SIM Card (Telecommunication)" }, + { "3B9F97C00A3FC7A08031E073FE211F65D001900FEE810F33", "AT&T Mobility LLC MicroSIM Card (Telecommunication)\nhttps://www.att.com/wireless/" }, + { "3B9F97C00AB1FE453FC6828031E073FE211B65D0023A14C9810F8B", "SIM (Telecommunication)" }, + { "3B9F97C0FF1FC78031E073FE211B63F100AD830F90002A", "Gemalto Speed Enhancement 97 (Telecommunication)" }, + { "3B9FB681B1FE5D1F4700640411030131C073B7010000900035", "BOS (Telecommunication)" }, + { "3B9FD680B1A0591FC7534C4538385F50534C5F56302E353001", "Infineon SLE88CFX4000P" }, + { "3BA70040..8065A208......", "Gemplus GemSAFE Smart Card (8K)" }, + { "3BA70040148065A214010137", "Gemplus GPK4000sdo" }, + { "3BA70040188065A208010152", "Gemplus GPK8000\nGemSAFE Smart Card (8K)\nMultiApp ID IAS ECC 72K CC (with IAS XL / IAS ECC Applet) IAS ECC Type 3 (Bank)" }, + { "3BA70040188065A209010152", "Gemplus GPK16000" }, + { "3BA70040188065A209010252", "Gemplus GPK16000" }, + { "3BA70040188065A209010352", "Gemplus GemSAFE std (GPK16000?)" }, + { "3BA8008171465D0054434F53312E320065", "Telesec TCOS 1.2" }, + { "3BA8008171465D0054434F53312E324B2E", "CeloCom Card with TCOS 1.2" }, + { "3BAA00401447473245543553343830", "Old German 'D2 Privat' sim card (Telecommunication)" }, + { "3BAA00401447473247543553343830", "GSM-SIM Libertel (900MHz)" }, + { "3BAA004080534F805345030411AAA3", "'open platform' ATMEGA 'new Generation'\nhttp://www.masterixweb-italy.com/new/images/articoli/atmega.jpg" }, + { "3BAB00813140458031C0650806800000000084", "Reloadable Visa Cash card (Schlumberger), Bank of America" }, + { "3BAC00402A001225006480000310009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)\nhttps://esante.gouv.fr/securite/cartes-et-certificats/CPS" }, + { "3BAC00402A001225006480820212009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)" }, + { "3BAD0040FF80318065B00501015E83009000", "Dallas Semiconductor iButton\nJIB\nGemplus GemXpresso 2.11PK" }, + { "3BB0110081319073F2", "SamOS 2.7" }, + { "3BB033009181316B35FC", "SkyperfecTV HD IC Card (Pay TV)\nhttps://www.skyperfectv.co.jp/eng/" }, + { "3BB036008131FE5D95", "Betacrypt 2 (Comvenient GmbH) Conditional Access Smart Card (Pay TV)\nwww.comvenient.com" }, + { "3BB2110010800001", "Atmel memory card AT88SC0104C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nPlug'n'Print" }, + { "3BB2110010800002", "Atmel memory card AT88SC0204C (Atmel memory card)\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5211.pdf\nCard LAVAGE reloadadble from stations TOTAL" }, + { "3BB2110010800004", "Atmel memory card AT88SC0404C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB2110010800008", "Atmel memory card AT88SC0808C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nSmart VR Card - GD Burti" }, + { "3BB2110010800016", "Atmel memory card AT88SC1616C\nhttps://www.microchip.com/en-us/product/AT88SC1616C#document-table\nRexall (Canada) - Blood Pressure Check card\nhttp://www.rexall.ca/services/blood-pressure-tracking" }, + { "3BB3110000000032", "Atmel memory card AT88SC3216C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB3110000000064", "Atmel memory card AT88SC6416C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB3110000000128", "Atmel memory card AT88SC12816C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB3110000000256", "Atmel memory card AT88SC25616C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB7110081319043A5..............", "Siemens CardOS/M V1.4 (SLE44C80S)" }, + { "3BB7110081319043C517B09D19221E1F", "CryptoTech blank access/authentication card (Other)\nhttp://www.cryptotech.com.pl/" }, + { "3BB7110081319053B5..............", "CardOS EM/V1.4 (SLE44CR80S)" }, + { "3BB711008131FE432025854702202866", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, + { "3BB711008131FE4320283FB50320313B", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, + { "3BB718008131704310434E5452563253", "Avtor SecureToken (PKI)" }, + { "3BB718008131FE6553504B323490005A", "Giesecke & Devrient Starcos 2.4" }, + { "3BB71800C03E31FE6553504B3234900025", "G&D STARCOS SPK 2.4" }, + { "3BB794008131FE5553504B32329000E0", "Dresdner Bank (a German Bank) Key-Card for InternetBanking" }, + { "3BB794008131FE6553504B32329000D0", "Giesecke & Devrient STARCOS SPK2.2" }, + { "3BB794008131FE6553504B32339000D1", "Giesecke & Devrient Starcos 2.3\nDeutsche Bank WebSign (RSA-Card)\nG&D StarSign Token\nOsakidetza ONA (eID)\nhttp://www.osakidetza.euskadi.eus/r85-ckserv01/es/contenidos/nota_prensa/ruedasanidad35/es_rs/ruedasanidad35_c.html" }, + { "3BB813008131205D0057696E4361726402", "SmartCard for Windows 1.1" }, + { "3BB813008131FA524348544D4F494341A5", "citizen digital certificate (PKI)\nhttp://moica.nat.gov.tw/" }, + { "3BB897008131FE45FFFF148230502300F1", "UAE Emirates ID (eID)\nhttps://www.icp.gov.ae" }, + { "3BB89700813FE45FFFF148230502300F", "UAE Emirates ID (eID)" }, + { "3BB89700C00831FE45FFFF148230502300B8", "Infineon SECORA ID X (JavaCard)" }, + { "3BB918008131FE9E8073FF614083000000DF", "Serbian Identity Card\nThis is the new Serbian biometric identity card (every adult cityzen\nmust have). The chip contains owners picture, name, date and place\nof birth, current address, unique ID number and fingerprint." }, + { "3BB9940040144747334D4838353330", "T D1 GSM card (Telecommunication)" }, + { "3BB9940040144747334E4838363430", "GSM-SIM card of the Austrian mobile phone provider One\nhttp://www.one.at\nProximus SIM - Belgium (SetCOS?)\no2 GSM-SIM card Germany 2003" }, + { "3BBA11001000434C5F53414D00133800", "Planeta Informatica CL-SAM (Other)\nhttp://www.planeta.inf.br/" }, + { "3BBA11008131FE4D55454B41452056312E30AE", "AKIS v1.0 on infineon chip" }, + { "3BBA13008131865D0064050A0201318090008B", "Telesec TCOS 2 (SLE44)\nTCOS 2.0 (on CR80S)\nCryptokarte with RSA-Controller, T=1 Protocol" }, + { "3BBA14008131865D0064051402023180900091", "TCOS 2.0 (on CX160S)\nTelesec TCOS 2 (SLE66)" }, + { "3BBA14008131865D0064057B020331809000", "PHILIPS (HealthCare)" }, + { "3BBA14008131865D0064057B020331809000FF", "PHILIPS (HealthCare)" }, + { "3BBA14008131865D0064057B0203319000FF", "JCOP CARD (Other)" }, + { "3BBA94004014", "GG3RS732S0 ?" }, + { "3BBA9400401447473352533731365300", "Micro Sim MCP crew sim (Telecommunication)" }, + { "3BBA9400401447473352533731365320", "GSM SIM Elisa Estonia" }, + { "3BBA9400401447473352533731365330", "GSM-SIM Viag Interkom E2 Loop (1800MHz)\nGSM-SIM card of the Austrian A1\nhttp://www.a1.net/privat/home\nGSM SIM Radiolinja Estonia; 2005" }, + { "3BBA9400401447473353533731365330", "GSM SIM Cellway (e-plus), Germany (Telecommunication)" }, + { "3BBA95001080434C5F53414D00013811", "CLSAM (Transport)\nhttp://www.planeta.inf.br" }, + { "3BBA950081B1865D1F430064045C02033180900084", "T-Mobile Corporate ID Card" }, + { "3BBA96008131865D0064056002033180900066", "Telesec TCOS 2 (SLE66P)\nTCOS 2.0 (on CX320P)\nTeleSec Netkey Card" }, + { "3BBA96008131865D00640560020331809000667001040530C9", "TeleSec Netkey E4 Card" }, + { "3BBA96008131865D0064057B0203318090007D", "TeleSec NetKey Card\nDeutsche Post card (tcos)" }, + { "3BBB18008131FE4580670518B1020184008105E0", "STARCOS Smart Card (Other)\nhttps://www.gi-de.com/de/identities/unternehmenssicherheit/signaturkarte" }, + { "3BBB1800C01031FE4580670412B003030000810138", "Giesecke & Devrient Star Sign Card, STARCOS 3.0 DI, 72 KB, RSA2048 bit\nGiesecke & Devrient Smartc@fe Expert 32K v2.0" }, + { "3BBB1800C01031FE4580670412B00303000081053C", "Philips Smart MX\nSzczecin University of Technology in Poland student identity card (Elektroniczna Legitymacja Studencka = student identity card)\nCSOB bank, Czech Republic\nCATCert (Agencia Catalana de Certificacio) catalan government workers identity card" }, + { "3BBB1800C03E31FE654726442054534D20312E30B7", "Italian Tachograph Driver Card" }, + { "3BBC1800813120755A43332E313220524556204146", "ZeitControl BasicCard Enhanced 3.7\nhttp://www.basiccard.com/" }, + { "3BBC1800813120755A43332E313420524556204445", "ZeitControl BasicCard Enhanced 3.14 Rev D\nhttp://www.basiccard.com/" }, + { "3BBC1800813120755A43332E333220524556204247", "ZeitControl BasicCard (Other)\nhttps://ZeitControl" }, + { "3BBC1800813120755A43332E333420524556204447", "ZeitControl BasicCard Enhanced ZC3.34 (Other)\nhttps://www.zeitcontrol.de/en" }, + { "3BBC94004014474733483335585332303030", "GSM-SIM Era-PL\nT-Mobile GSM SIM Card" }, + { "3BBC94004014474733483335585632303030", "GSM SIM CARD 32K, Vodafone" }, + { "3BBC94004014474733493539424332303030", "GSM SIM Vodafona NL prepaid" }, + { "3BBC94004014474733493543414331303030", "Siemens SIM card" }, + { "3BBC94004014474733493731394332303020", "Telenor SIM card (Norway)" }, + { "3BBC94004014474733494231424331303020", "Telenor SIM (Telecommunication)" }, + { "3BBC94004014474733494231424331303030", "SIM Card (Scarlet, Belgium) (Telecommunication)\nhttps://www.scarlet.be/nl/prepaid/" }, + { "3BBC94004014474733533035315331303130", "GSM SIM (Tele2, Estonia)\nGSM SIM Elisa Estonia; 2007\nGSM SIM from 'fonic' Germany" }, + { "3BBC94004014474733533443454332303030", "Era-PL SIM Card (Telecommunication)" }, + { "3BBD110000414C4946415820503031523041", "alifax (HealthCare)" }, + { "3BBD18008131FE45805102670414B10101020081053D", "Austrian 'e-Card' (=Health Card)\nspecial Version of Starcos 3.1" }, + { "3BBD18008131FE45805102670518B102020201810531", "Austrian health insurance card 'e-card'" }, + { "3BBD18008131FE45805103670414B10101020081053C", "Austrian Health insurance card 'eCard' (HealthCare)\nhttp://www.chipkarte.at" }, + { "3BBE..000041052000............00009000", "CryptoMate64 USB Cryptographic token\nhttp://www.acs.com.hk/en/products/18/cryptomate64-cryptographic-usb-tokens/\nACS ACOS5-64 V2.00\nhttp://www.acs.com.hk/en/products/17/acos5-64-cryptographic-smart-card/" }, + { "3BBE1100004101102038000000000000000000", "ACOS2" }, + { "3BBE1100004101380000000000000000019000", "ACS (Advanced Card System) ACOS-1\nACOS3\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE1100004101380000000000000000029000", "ACS (Advanced Card System) ACOS-1 8K" }, + { "3BBE1100004101380000010000000000019000", "ACOS3 Microprocessor Card (Contact) (Other)\nhttp://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE1100004101380000030000000000019000", "ACS ACOS3-32 (Telecommunication)\nhttp://www.acos3.com/" }, + { "3BBE110000410138000004006275627A019000", "Advanced Card Systems ACOS3 (24k) V1.7\nhttp://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=ACOS3" }, + { "3BBE1100004101380000050000000000029000", "ACS (Advanced Card System) ACOS2" }, + { "3BBE1100004101380100030000000000029000", "ACOS2 test card from ACS reading off a ACR38U" }, + { "3BBE1100004101380300040000000000019000", "ACOS 3 from ACS (Other)" }, + { "3BBE1100004101380400140000000000019000", "Dekart Smartcard Logon (eID)\nhttp://www.smartcardfocus.com/shop/ilp/se~81/dekart-smartcard-logon/p/index.shtml" }, + { "3BBE1100004101380400140000000000029000", "DEKART proprietary logon authentication solution for Windows (Other)\nhttp://www.dekart.com/products/" }, + { "3BBE1100004101380500070000000000029000", "EEPROM card (Other)" }, + { "3BBE11000041013817CE010000000000019000", "ACOS3 Contact Microprocessor Card (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE1100004101382500030000000000019000", "8 pin (eID)" }, + { "3BBE1100004101384D800A8050524F56009000", "ACS (Advanced Card System) ACOS-3" }, + { "3BBE110000410138FF40000000000000019000", "Acos3 (zend) (eID)" }, + { "3BBE1100004107020000000000000000019000", "ACOS7 MOC Combi-Card (Other)\nhttp://www.acs.com.hk/en/products/123/acos7-moc-combi-card/" }, + { "3BBE1800004105..0000000000000000009000", "Advanced Card Systems (ACS) ACOS5 Cryptographic Smart Card" }, + { "3BBE1800004105100000000000000000009000", "ACS ACOS5 'ACOS5-32-G' dual card\nhttp://www.acs.com.hk/acos5.asp" }, + { "3BBE1800004206110000000000000000009000", "Etoken nano 192k (eID)" }, + { "3BBE94004014474733463034415A455439313330", "GSM operator Life Ukraine (Telecommunication)" }, + { "3BBE940040144747335333454441544C36303130", "SingTel hi! Prepaid GSM SIM UICC (Telecommunication)" }, + { "3BBE940040144747335333454841544C39313000", "Latvian GSM operator TELE2" }, + { "3BBE940040144747335333474841544C39313030", "simCard Vip Mobile(Serbia) or Telecom Austria (Telecommunication)\nhttp://www.vipmobile.rs/" }, + { "3BBE94008131FE3553504B3233205745353031364E4325", "G&D StarCOS SPK 2.3 secure element (Bank)" }, + { "3BBE9500004103000000000000000000029000", "touchatag SAM card\nSpanish University of Murcia smart ID card - Old version with CajaMurcia Banking card integrated (Maestro card) (M.Mar OS) - Also used by many others spanish universities\nACOS6 C6\nhttps://www.acs.com.hk/en/products/309/acos6-multi-application-purse-card-contact/\nACOS6S C7 SAM\nhttps://www.acs.com.hk/en/products/310/acos6-sam-secure-access-module-card-contact/" }, + { "3BBE96000041013802001D0000000000019000", "ACOS3-32 (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE9600004103000000000000000000029000", "SAM inside the Tikitag reader from Alcatel-Lucent\nhttp://hackerati.com/post/57314994/rfid-on-the-cheap-hacking-tikitag" }, + { "3BBE9600004105004E46000000000000009000", "ACOS5-64 v3.00 (PKI)\nhttps://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, + { "3BBE9600004105300000000000000000009000", "CryptoMate Nano USB Cryptographic token\nhttp://www.acs.com.hk/en/products/414/cryptomate-nano-cryptographic-usb-tokens/\nACS ACOS5-64 V3.00\nhttp://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, + { "3BBE9600004206210000000000000000009000", "ESMART Token (PKI)\nhttps://esmart.ru/products/informatsionnaya-bezopasnost/smart-karty-esmart-token/" }, + { "3BBE9600801FC78031E073FE21136200..83819000..", "Vodafone (Italy) 128 kB GSM SIM card\nTIM (Italy) 128 kB GSM SIM card" }, + { "3BBF..008131FE5D0064040F03..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD036" }, + { "3BBF..008131FE5D0064041103..31C073F701D0009000..", "TCOS 3.0 on Philips P5CT072" }, + { "3BBF..008131FE5D0064041503..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD072" }, + { "3BBF..008131FE5D00640428030231C073F701D0009000..", "TCOS 3.0 release 2 on Philips P5CD080" }, + { "3BBF..008131FE5D0064056D03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX642P" }, + { "3BBF..008131FE5D0064058903..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX641P" }, + { "3BBF..008131FE5D0064058A03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX640P" }, + { "3BBF..008131FE5D0064059103..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX680PE" }, + { "3BBF11008131..4545504100000000........0000......", "Austrian Quick E-purse\nhttp://www.quick.at/" }, + { "3BBF11008131FE45455041000000000000000000000000F1", "a.sign premium signature card" }, + { "3BBF11008131FE4545504100000000792780760000000059", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (old model) (Bank)" }, + { "3BBF11008131FE454D434100000100016971850000000077", "Austrian 'easybank' branded Mastercard, issued 2007" }, + { "3BBF11008131FE454D434100000100020820510000000090", "austrian combined card of a mastercard and OBB Vorteilscard (Austrian Federal Railways)\nhttp://www.oebb.at/pv/de/Servicebox/VORTEILScard/Bezahlen_mit_der_VORTEILScard/VORTEILScard_MasterCard.jsp" }, + { "3BBF11008131FE454D43410000010002559133000000001E", "Mastercard (Paylife Austria)" }, + { "3BBF1100C01031FE44534D405254204341464520312E3143C1", "Giesecke&Devrient SmartCafe 1.1" }, + { "3BBF18008031703553544152434F5320533231204390009B", "Giesecke & Devrient STARCOS S2.1" }, + { "3BBF18008131705553544152434F532053323120439000FA", "Giesecke & Devrient STARCOS S2.1" }, + { "3BBF1800C02031705253544152434F5320533231204390009C", "Giesecke & Devrient SPK 2.1 C" }, + { "3BBF9300801FC68031E073FE2113576573746B2E6D65E3", "eSTK.me v1.2.5 or later (Telecommunication)\nhttps://eSTK.me" }, + { "3BBF9300803FC6828031E073FE2113576573746B2E6D6541", "eSTK.me v1.2.4 (Telecommunication)\nhttps://eSTK.me" }, + { "3BBF94008131FE65454C55204175737472696120312E3238", "A-Trust: trust-sign (Old Version, ca. 2002) for Digital Signature etc.\nA-Trust: a-sign-premium (ca. 2004) 'Burgerkarte' ('Citizen-Card')\nfor Identifikation, Digital Signature etc.\n('should be' Starcos 2.3)" }, + { "3BBF9500801FC68031E073FE2113576573746B2E6D65E5", "eSTK.me v3.1.1 or later (Telecommunication)\nhttps://estk.me" }, + { "3BBF9500803FC6828031E073FE2113576573746B2E6D6547", "eSTK.me v3.1.1 (Telecommunication)\nhttps://eSTK.me" }, + { "3BBF96008131FE5D0064........31C073F701D0009000..", "TCOS 3.0 / NetKey 3.0" }, + { "3BBF96008131FE5D00640411000031C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, + { "3BBF96008131FE5D00640411030131C07301D000900000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, + { "3BBF96008131FE5D00640411030131C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, + { "3BC5FF8131FB458073C6010000", "Japanese Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/en/kojinbango/index.html" }, + { "3BC800000073C84000000000", "verve (Bank)" }, + { "3BCDFF8031FE450068D276000028040481009000CD", "Tachograph company test card (Transport)" }, + { "3BD096FF81B1FE451F032E", "New european health insurance card of the German health insurance (G2) (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, + { "3BD096FF81B1FE451F072A", "German public health insurance card (,,Gesundheitskarte'), 2nd generation (G2), issuer Techniker Krankenkasse (HealthCare)\nhttps://gematik.de/cms/de/spezifikation/wirkbetrieb/kartengeneration2/kartengeneration2.jsp" }, + { "3BD096FF81B1FE451FC7EA", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, + { "3BD097FF81B1FE451F072B", "German Elektronische Gesundheitskarte (eGK) (HealthCare) - From TK (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, + { "3BD097FF81B1FE451FC7EB", "German Health Professional Card (eHBA) (HealthCare)\ngSMC-KT, STARCOS 3.6 (HealthCare)" }, + { "3BD0A8FF81F1FB24001FC3F4", "Philips DESFire SAM" }, + { "3BD218008131FE450101C1", "Dutch License Plate Card (RDW)\nhttps://commons.wikimedia.org/wiki/File:Kentekencard_voorzijde_1_december_2013.jpg" }, + { "3BD218008131FE58C90114", "Atos CardOS5 (PKI)\nhttp://atos.net/NR/rdonlyres/17C7BDD0-225B-4A58-B9A4-438EA3F3238A/0/74743_20120830_160149_cardos_v5_0__datenblatt_en.pdf" }, + { "3BD218008131FE58C90217", "Atos CardOS 5.3 (PKI)\nhttp://www.atos.net/cardos" }, + { "3BD218008131FE58C90316", "Austrian 'RKS-Card' issued by GlobalTrust (PKI)\nhttps://secure.globaltrust.eu/info-rksv.html" }, + { "3BD218008131FE58C90411", "Identity Card in Slovakia with security chip and e-signature issued after 2021-06-21 (eID)\nD-TRUST Card 4.1 Standard, qualified signature card" }, + { "3BD218008131FE58CA6076", "CardOS IoT V5.4 (PKI)\nhttps://atos.net/wp-content/uploads/2018/11/ct_181127_lpm_cardos_iot_v5-4_fs_en4_web.pdf" }, + { "3BD218008131FE58CB0116", "D-Trust Card 5.1/5.4 (contact based)\nhttps://www.d-trust.net/de/support/signatur-und-siegelkarten" }, + { "3BD21802C10A31FE58C80D51", "Siemens Card CardOS M4.4" }, + { "3BD296FF81B1FE451F870102AB", "Electronic Vehicle Registration (eVR) from RDW.nl (The Netherlands), open sourced at [URL], demo (Windows / Linux Wine Mono) (Transport)\nhttps://github.com/eVRMTV/eVR" }, + { "3BD396FF81B1FE451F078081052D", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, + { "3BD5180081313A7D8073C8211030", "Aladdin eToken NG-Flash with 256MB of flash memory\nAladdin eToken PRO (72KB)\nhttp://www.aladdin.com/etoken/devices/default.aspx" }, + { "3BD518008131FE7D8073C82110F4", "Bank of Lithuania Identification card\nGemalto SafeNet eToken Java Based Cards\nhttps://safenet.gemalto.com/multi-factor-authentication/authenticators/pki-usb-authentication/" }, + { "3BD518FF8091FE1FC38073C8211308", "Athena IDProtect (JavaCard 2.2.2)\nhttp://www.athena-scs.com/product.asp?pid=32\nThales nShield Security World Card - Remote Administration Ready\nhttps://www.thalesesecurity.fr/products/hsm-management-and-monitoring/nshield-remote-administration" }, + { "3BD518FF8191FE1FC38073C821100A", "ComSign digital signature card (eID)\nhttps://www.comsign.co.uk/" }, + { "3BD518FF8191FE1FC38073C8211309", "Athena IDProtect Key (v2)\nhttp://www.athena-scs.com/product.asp?pid=33" }, + { "3BD518FF81B1FE451FC38073C821106F", "DPI Card ID Guatemala Version 2024 (eID)\nhttps://www.renap.gob.gt/" }, + { "3BD5950400AE01020101", "Axalto Cyberflex Access 64K v2b SM 1.1" }, + { "3BD595FF8091FE1FC38073C8211385", "Athena IDProtect - Cryptographic Java Card\nhttp://www.athena-scs.com/product.asp?pid=32" }, + { "3BD596028031FE654F734549441F", "AVR128DA32 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, + { "3BD596FF80B1FE451F878073C82110A4", "French national identity card (eID)\nhttps://en.wikipedia.org/wiki/National_identity_card_(France)" }, + { "3BD596FF8191FE1FC34332333030CC", "HID Global - Crescendo C2300 (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c2300" }, + { "3BD6180080B1806D1F038051006110309E", "Atmel/Athena T0 PC/SC Compliance Test Card No. 1" }, + { "3BD618008131FE7D415350204F5383", "ASP FIXED CHAL1, 2, 3 and 4 (Other)" }, + { "3BD6180081B1807D1F038051006110308F", "ASECard Crypto\nhttp://www.athena-scs.com/product.asp?pid=8" }, + { "3BD618FF8191FE1FC34573C8211110DD", "PDOX J3R180 (JavaCard)" }, + { "3BD6960081B1FE451F078031C1521118F8", "smart card from NASA, 2019 (PKI)" }, + { "3BD6960081B1FE451F878031C152211949", "DHS CAC card (PKI)" }, + { "3BD6960081B1FE451F878031C152411A2A", "Identiv SCR3310 v2.0 (eID)" }, + { "3BD6970081B1FE451F078031C1521118F9", "NASA Personal Identity Verification (PIV) card (eID)\nIDEMIA Cosmo V8.0 with a PIV applet" }, + { "3BD6970081B1FE451F078031C1521119F8", "Secure badge (PKI)" }, + { "3BD6970081B1FE451F878031C152211948", "DOS PIV (PKI)" }, + { "3BD6970081B1FE451F878031C152211A4B", "ID-One PIV 2.4 (P/N 1501381) from IDEMIA (Other)" }, + { "3BD6970081B1FE451F878031C152411A2B", "Oberthur Technologies ID-One PIV/CIV on V8 Device (eID)\nhttps://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2986.pdf\nIDEMIA Cosmo V8.1 with a PIV applet" }, + { "3BD71100400A654E434F533037", "eNCOS MC MChip Advance (Bank)" }, + { "3BD7970081B1FE451F878031C15351132012", "IdemiaID-ONEPIV (eID)\nhttps://www.idemia.com/id-one-piv-card" }, + { "3BD81800801F078031C1640806920F", "US Government CAC (PKI) / IDEMIA Cosmo v8 (PKI)\nhttps://www.idemia.com/id-one-piv-card" }, + { "3BD81800801F078031C1640806920FDF", "US DoD Common Access Card (IDEMIA Cosmo v8) (PKI)" }, + { "3BD8180080B1FE451F078031C1640806920FD5", "Oberthur Cosmo v8 (PKI)" }, + { "3BD818FF8131FE458064041BB42A8105D5", "Schweizerische Krankenversicherungskarte KVG (HealthCare)" }, + { "3BD818FF81B1FE451F038064041AB403810561", "D-Trust multicard advanced 3.1\nGerman public health insurance card ('Gesundheitskarte'), issuer SBK 'Siemens Betriebskrankenkasse'" }, + { "3BD896008031FE4400531200840F90001F", "Cape Verde National Identity Card (CNI) (eID)\nhttps://sniac.cv/cartao-nacional-de-identificacao/" }, + { "3BD8960081B1FE451F0743485447504B494ADD", "Citizen Digital Certificate, Taiwan (PKI)\nhttp://moica.nat.gov.tw/" }, + { "3BD896FF8131FE458064041BB42A81055B", "Swiss LAMal health insurance card" }, + { "3BD911008131FE8D0000464F4D53312E3132", "TFOMS (eID)\nhttp://www.samtfoms.ru" }, + { "3BD918008011F08054434F4C4482900062", "TransaXiom Janus Card (Other)\nhttp://www.transaxiom.co.uk" }, + { "3BD91800C00910FE5459464F4E45000000", "Tyfone's SideTap Card (NFC payments)" }, + { "3BD918FF8191FE1FC35441474C494F5049565B", "Taglio PIV C2190 (NXP JCOP 3 SecID P60 CS) (eID)\nhttps://www.taglio.com/pivcard.html" }, + { "3BD99400004D4502000901009000", "Moviestar. GSM SIM card (Telecommunication)" }, + { "3BD99400004D454576352E369000", "Vending Machine Card (Other)" }, + { "3BD99400004D4D41523331349000", "Vodafone Spain 64kb SIM card. GSM/3G networks" }, + { "3BD99500004D4516005401009000", "MTS Ukraine (Telecommunication)\nhttp://www.mts.ua/" }, + { "3BD996FF8131FE454352455343454E444FFF", "HID Global Crescendo JCOP 21 v2.4.1 R2 64K (PKI)" }, + { "3BD996FF8131FE458031B8738601E0810522", "German dentist's identity card (eID)\nhttp://www.medisign.de/" }, + { "3BD996FF8191FE1FC343323330302D4B4559BA", "Crescendo Key (USB Type-A) (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/crescendo-key" }, + { "3BDA11FF81B1FE551F0300318473800180009000E4", "Gnuk OpenPGP Token (PKI)\nhttps://www.fsij.org/category/gnuk.html" }, + { "3BDA11FF81B1FE551F0300318473800180059000E1", "Nitrokey Start (Openpgp USB) (Other)\nhttps://www.nitrokey.com/products/nitrokey-start" }, + { "3BDA13FF8131FB468012392F31C173C601C03B", "My Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttp://www.cas.go.jp/jp/seisaku/bangoseido/english.html" }, + { "3BDA1802C10A31FE584B53776973735369676EA9", "SuisseID Post - ATOS CardOS 4.x (eID)\nhttps://postsuisseid.ch/" }, + { "3BDA18FF8191FE1FC350564A434F503353494472", "J3H145 (P6 SecID) purchased from FUTAKO Ltd., Taiwan (JavaCard)\nhttp://www.javacardsdk.com" }, + { "3BDA18FF8191FE1FC380641211111073C0C1801B", "Belarus national identity card (passport)\nhttps://eng.belta.by/infographica/view/id-cards-in-belarus-7095/" }, + { "3BDA18FF81B1FE451FC3546963546F6B20322E3068", "TikTok 2.0 (PKI)" }, + { "3BDA18FF81B1FE451FC3546963546F6B20332E3069", "TicTok 3.0 (PKI) (PKI)\nhttps://en.cryptoshop.com/products/cryptas-tictok-v3-basisartikel.html" }, + { "3BDA18FF81B1FE751F030031C573C001400090000C", "OpenPGP Card V2" }, + { "3BDA18FF81B1FE751F030031F573C001600090001C", "OpenPGP Card V3" }, + { "3BDA9400004D4D41524A2B33399000", "SIM card from Vodafone Spain" }, + { "3BDA9500400A2508004053434F535441", "Card used for issuing commodity to benificiary for rice, wheat and more (Other)" }, + { "3BDA96FF8031FE454D696E694C6F61646572AB", "iClass SE Processor (Miniloader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, + { "3BDA96FF8031FE45536E6D704C6F61646572A8", "iClass SE Processor (SNMP Loader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, + { "3BDA96FF8131FE45805631B85349434181057B", "STARCOS 3.5 ID ECC C1R (PKI)\nhttps://www.gi-de.com/fileadmin/user_upload/MS/Certificates/STARCOS35_ID_ECC_TABLES.pdf" }, + { "3BDA96FF8191FE1FC343323330302D46495053E2", "Crescendo 2300 FIPS (JavaCard)" }, + { "3BDA96FF81B1FE451F0780584943412056322E30E9", "Starcos chip card from Giesecke & Devrient (PKI)\nhttps://ica.cz/functionality-smart-card" }, + { "3BDB11FF5000FF0000000000000007921603", "NEC V-WAY64 v2.1" }, + { "3BDB1800801F030031C06477E303008290004F", "Oberthur ID-One Cosmo 64K V5.2" }, + { "3BDB18008031FE448059494465616C20312E367D", "ID card Albania (eID)" }, + { "3BDB180080B1FE451F830031C064C7FC1000019000FA", "Oberthur Cosmo V7 64K Dual/128K" }, + { "3BDB18FF8191FE1FC306092B06010401E9100503D7", "SafeSign Default QSCD (NXP JCOP 3 SecID P60) (PKI)\nhttps://www.tuv-nederland.nl/assets/files/cerfiticaten/2020/02/security-target-v1.0.pdf" }, + { "3BDB18FF8191FE1FC306092B06010401E9100504D0", "Serbian qualified electronic certificate issued by Serbian Post sertification centr (PKI)\nhttps://www.ca.posta.rs/serbian_post_ca.htm" }, + { "3BDB18FF81B1FE751F03504B436172642056312E30ED", "Tecos 3 card (Other)" }, + { "3BDB18FF81B1FE751F035A43372E35205245562041AE", "BasicCard Professional ZC7.5-COMBI (Other)\nhttp://www.basiccard.com/" }, + { "3BDB18FF81B1FE751F035A43372E36205245562044A8", "Zeitcontrol Professional BasicCard ZC 7.6 REV D (Other)\nhttp://www.zeitcontrol.de/en/products/basiccard/basiccard" }, + { "3BDB18FFC080B1FE751F035A43372E352052455620416F", "ZeitControl BasicCard ZC7.5 user-programmable dual interface smart card\nhttp://www.smartcardfocus.com/shop/ilp/id~380/BasicCard_ZC7_5_Dual_Interface/p/index.shtml" }, + { "3BDB18FFC080B1FE751F035A43372E352052455620426C", "BasicCard ZC7.5 dual-interface programmable smartcard (30K) (eID)\nhttps://secure.zeitcontrol.de/shop/Smart-card-BasicCard-Professional-ZC75-Combi" }, + { "3BDB18FFC080B1FE751F035A43372E352052455620446A", "Smart card BasicCard Professional ZC7.5, ZeitControl cardsystems GmbH\nhttp://www.zeitcontrol.de/en/products/chip-cards/processor-chip-cards/basiccard" }, + { "3BDB18FFC080B1FE751F035A43372E3620524556204469", "ZeitControl BasicCard 7.6 (Other)\nhttps://www.zeitcontrol.de/en/products/basiccard/basiccard" }, + { "3BDB96004010004F535F335F3134059000", "Vehicle identity card for Iran (eID)" }, + { "3BDB9600801F030031C06477E30300829000C1", "Oberthur Card Systems (contactless pilot) ID-One Cosmo v5.2D 64K\nOberthur Card Systems (PIV Transitional) ID-One Cosmo v5.2D 72K\nCAC (Common Access Card)" }, + { "3BDB9600801F030031C064B0F3100007900080", "DoD CAC, Oberthur ID One 128 v5.5 Dual" }, + { "3BDB9600801F030031C064B0F310000F900088", "US Department of Veterans Affairs PIV" }, + { "3BDB9600801F830031C0641D18010001900051", "ID0One Cosmo Development Kit (JavaCard)" }, + { "3BDB96008031FE448059654944204E414452418F", "Pakistan ID card (eID)" }, + { "3BDB960080B1FE451F830012233F536549440F9000F1", "Estonia ID-card (eID)\nhttps://id.ee" }, + { "3BDB960080B1FE451F830012428F536549440F900020", "Latvia eID (eID)\nhttps://www.eparaksts.lv/lv/" }, + { "3BDB960080B1FE451F830031C064102301000F900063", "Extremenian Health Service target (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, + { "3BDB960080B1FE451F830031C0641A1801000790005A", "Ercom CRYPTOSMART\nhttp://www.ssi.gouv.fr/entreprise/qualification/gamme-cryptosmart-pour-la-securisation-des-smartphones-et-des-tablettes/" }, + { "3BDB960080B1FE451F830031C0641A1801000F900052", "Serbian Car registration ID card\nhttp://blog.goranrakic.com/archives/2011/07/citanje_saobracajne_dozvole_sa_cipom.html" }, + { "3BDB960080B1FE451F830031C0641A71010007900033", "ChamberSign Gemalto USB Shell Token V2 - Certificate Audacio ** (eID)\nhttp://www.chambersign.fr/certificat-rgs-audacio/" }, + { "3BDB960080B1FE451F830031C064B0FC100007900005", "Oberthur Cosmo V7 debug card (SDK)" }, + { "3BDB960080B1FE451F830031C064B0FC10000F90000D", "ID-One PIV (that's the only non-numeric identifying mark) (PKI)" }, + { "3BDB960080B1FE451F830031C064BAFC10000790000F", "Oberthur ID-One Cosmo v7.0 80K (eID)\nhttps://www.ssi.gouv.fr/uploads/IMG/certificat/ANSSI-CC-cible_2011-64en.pdf" }, + { "3BDB960080B1FE451F830031C064BAFC10000F900007", "Oberthur ID-One Cosmo v7.0 (PKI)\nhttps://csrc.nist.rip/groups/STM/cmvp/documents/140-1/140sp/140sp1236.pdf" }, + { "3BDB960080B1FE451F830031C064BE1B0100019000FB", "Bank card" }, + { "3BDB960080B1FE451F830031C064C30801000F90009B", "SIM Aruba (Italian provider)" }, + { "3BDB960080B1FE451F830031C064C7FC100001900074", "Oberthur Cosmo (eID)\nhttp://www.stampit.org" }, + { "3BDB960080B1FE451F830031C064C7FC10000F90007A", "Guatemalan ID Card\nhttp://www.renap.gob.gt/" }, + { "3BDB960080B1FE451F830031C164084022300F90000A", "Oberthur v7 - in a Gemalto (was Gemplus) GemPC Key SmartCard Reader (grey USB dongle) - bought at ChamberSign (PKI)" }, + { "3BDB960080B1FE451F830031E85427E6040007900084", "Polish encard (eID)" }, + { "3BDB960080B1FE451F830031E85427E604000F90008C", "Token card from iBRE CompanyNet (mbank) (Bank)" }, + { "3BDB960080B1FE451F834553544F4E49412D65494455", "Estonian Identity Card (ID-One Cosmo v8.1) (eID)" }, + { "3BDB960080B1FE451F870031C1640958223607900019", "Idemia Solvo Fly 40 (JavaCard)" }, + { "3BDB960081B1FE451F0380F9A0000003080000100018", "Oberthur CS PIV End Point v1.08 FIPS201 Certified" }, + { "3BDB960081B1FE451F0380F9A0000003480000000149", "Fly Clear card" }, + { "3BDB960081B1FE451F8380F9A0000003080000100098", "Oberthur Cosmo v7 128K with PIV applet\nhttp://www.smartcardfocus.com/shop/ilp/id~410/p/index.shtml" }, + { "3BDB96FF80B1FE451F870031C164093364490F9000BC", "cnie Carte Nationale d'Identite Electronique (eID)" }, + { "3BDB96FF80B1FE451F870031C164093772130F9000F4", "French ID Card 2021 (eID)\nhttps://ants.gouv.fr/nos-missions/les-titres-produits-par-l-ants/les-documents-d-identite/la-puce-de-la-nouvelle-carte-nationale-didentite" }, + { "3BDB96FF8131FE4580670534B50201064081051B", "SINA STARCOS 3.5 BX-CombiCard+HSB (Other)" }, + { "3BDB96FFC01031FE4580671501B403000900810521", "Digital Tachograph Card for Professional Driver\nolish driver card for digital tachograph" }, + { "3BDC1802C10A31FE588031A873B0019B2460071320AA", "Public Services Card | Ireland (Other)\nhttps://psc.gov.ie/" }, + { "3BDC18FF00001225006480000401009000", "Vitale card CPS V4 (Carte Profesionnel de Sante) (HealthCare)" }, + { "3BDC18FF8011C18073C821136605036351000232", "GoTrust Idem Card (Other)\nhttps://www.gotrustid.com/idem-card" }, + { "3BDC18FF8091FE1FC38073C8211366010B0352000539", "Digital Signature Costa Rica (eID)" }, + { "3BDC18FF8091FE1FC38073C821136602040355000235", "ST security module for German smart meter gateway (JavaCard)\nhttps://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2-Anforderungen_an_die_Funktionalitaet.pdf?__blob=publicationFile&v=3" }, + { "3BDC18FF8111C18073C821136605036351000233", "GoTrust Idem Key (Other)\nhttps://www.gotrustid.com/idem-key" }, + { "3BDC18FF8111FE8073C82113660106013080018D", "Aladdin R.D. JaCarta LT (eID)" }, + { "3BDC18FF8191FE1FC3060A2B06010401E910050103D2", "DoD (Other)\nhttps://cps.ca.pkidefensie.nl/" }, + { "3BDC18FF8191FE1FC3060A2B06010401E910050203D1", "Caregiver card for Dutch Medical System called UZI (Unieke Zorgverlener Identificatie, Caring Unique Identification) (HealthCare)\nhttps://www.uziregister.nl/" }, + { "3BDC18FF8191FE1FC3060A2B06010401E910050204D6", "UZI (HealthCare)" }, + { "3BDC18FF8191FE1FC38073C821136601060130040155", "Athena IDProtect Key Laser" }, + { "3BDC18FF8191FE1FC38073C821136601061159000128", "JaCarta (PKI)\nhttp://www.aladdin-rd.ru" }, + { "3BDC18FF8191FE1FC38073C8211366010B0352000538", "Athena IDProtect Smart Card Logon Card" }, + { "3BDC18FF8191FE1FC38073C821136605024258000279", "NXP Athena SCS (PKI)" }, + { "3BDC18FF8191FE1FC38073C821136605036057000255", "NXP IDProtect (X) (JavaCard)" }, + { "3BDC18FF8191FE1FC38073C821136605036351000250", "JCOP3 SecID P60 CS (JavaCard)" }, + { "3BDC18FFC080B1FE751F035A43382E362052455620443657", "ZeitControl Professional Multi-Application BasicCard ZC8.6 (Other)\nhttps://www.zeitcontrol.de/Smart-card-BasicCard-Professional-ZC76" }, + { "3BDC96FF8111FE8031C8544356300573FFA1C03B", "NXP Javacard with Athena SCS OS (JavaCard)" }, + { "3BDC96FF8111FE8031C8544356350773FFA1C03C", "NXP JCOP 4, J3R200P0X3U/0ZA16CP NXD6.2 (JavaCard)" }, + { "3BDC96FF8191FE1FC38073C8211366050363510002DE", "Montenegro eID (eID)" }, + { "3BDC96FF81B1FE431FC30B46415245474F53414D5632CC", "Multismartcard SAM (used in proprietary Scheidt&Bachmann Smartcard Reader v2)" }, + { "3BDD18008131FE4580F9A0000000770100700A90008B", "National ID Card of Peru issued by RENIEC from Oberthur" }, + { "3BDD18008131FE4580F9A000000077010800079000FE", "Oberthur Cosmo v7 IAS ECC\nBrazilian 'e-CNPJ' card, issued by Certisign (Oberthur)" }, + { "3BDD18008131FE45904C41545649412D65494490008C", "Identity card (eID) Republic of Latvia\nhttp://www.pmlp.gov.lv/lv/pakalpojumi/passes/eid.html" }, + { "3BDD18008191FE1FC3006646530803003671DF00008097", "Feitian K9Plus - ePass FIDO-NFC with PIV (Other)\nhttps://ftsafe.com/products/FIDO/NFC" }, + { "3BDD18FF8191FE1FC3006646530803003671DF00008068", "Feitian FIDO NFC Plus K9 Security Key (Other)\nhttps://www.ftsafe.com/products/FIDO/NFC" }, + { "3BDD18FF8191FE1FC3FF4F70656E506879736963616CF6", "Open Physical PIV-Compatible NXP SECID P60 (eID)\nhttps://openphysical.org/" }, + { "3BDD18FFC080B1FE451FC30068D276000028040411009000C9", "Russian Federation driver card for the digital tachograph\nPolish driver card for digital tachograph" }, + { "3BDD18FFC080B1FE451FC30068D276000028040971009000A4", "Worktime/driving style monitoring card (Transport)\nhttp://www.paetronics.fi/en/" }, + { "3BDD96008010FE8031806301FFC073B3211B8105", "BIFIT iBank 2 USB Key (Bank)\nhttp://bifit.ua" }, + { "3BDD96008031FE450031B8640429ECC1739401808248", "Finnish Digital and Population Services Agency Organisation Card (eID)\nhttps://dvv.fi/en/organisation-cards" }, + { "3BDD960080B1FE451F8380640503040056564453414554FC", "VASCO DIGIPASS KEY 101 (Other)" }, + { "3BDD96008131FE4580F9A00000007701080007900070", "IDEMIA Cosmo v8.1-n (JavaCard)" }, + { "3BDD96FF801F034E5850204E53434F5320342E3006", "SCOSTA (Transport)" }, + { "3BDD96FF8131FE4580595F5374645F496E697481059B", "Karta kryptograficzna cryptoCertum 3.5 (PKI)\nhttps://www.certum.pl/pl/karty-do-czytnikow/" }, + { "3BDD96FF81B1FE451F03006404050803739621D0009000C9", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse" }, + { "3BDD96FF81B1FE451F03006404050A02739621D0009000CA", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse, issued 02/15 (HealthCare)" }, + { "3BDD96FF81B1FE451F030064057310A673D621C000900053", "New european health insurance card of the German health insurance" }, + { "3BDD96FF81B1FE451F038031B052010364041BB42281051B", "Austrian Motor Vehicle Registration Certificate (Transport)" }, + { "3BDD96FF81B1FE451F038031B052020364041BB422810518", "Austrian 'e-card' G3 (State Health Insurance Card)\n(running StarCOS 3.4 by Giesecke & Devrient)" }, + { "3BDD97FF81B1FE451F03006404050803739621D0009000C8", "German 'eGK' (State Health Insurance Card)" }, + { "3BDD97FF81B1FE451F0300640405080373969621D00090C8", "German public health insurance card ('Gesundheitskarte'), issuer Knappschaft" }, + { "3BDD97FF81B1FE451F03006404050A02739621D0009000CB", "German Elektronische Gesundheitskarte (eGK) (HealthCare)\nhttp://www.bmg.bund.de/en/health/the-electronic-health-card.html\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, + { "3BDE11000049434F5335330000000000000008", "MyKID (eID)" }, + { "3BDE13000049434F5335330000000000000008", "Malaysian citizens under age of 12 including newborns (non-compulsory) (eID)\nhttps://en.wikipedia.org/wiki/Malaysian_identity_card#MyKid" }, + { "3BDE18FF8191FE1FC38031815448534D317380214081071C", "SmartCard-HSM 4K USB-Token (JavaCard)\nhttps://www.smartcard-hsm.com/features.html#usbstick" }, + { "3BDE18FF81F1FB34001F074445534669726553414D56312E30D2", "Mifare Desfire SAM Module" }, + { "3BDE18FF81F1FE43003F078344455346697265382053414D2D5817", "NXP SAM" }, + { "3BDE18FFC080B1FE451F034573744549442076657220312E302B", "Estonian Identity Card (EstEID v1.0 2006 cold)" }, + { "3BDE86FF9101F1FB34001F074445534669726553414D56312E305D", "Mifare Desfire SAM Module (after warm reset) (Other)" }, + { "3BDE96FF8191FE1FC38031815448534D3173802140810792", "SmartCard HSM (PKI)\nhttps://www.smartcard-hsm.com/" }, + { "3BDE98FF8191FE1FC38031815448534D3173802140810792", "Nitrokey HSM 2 (PKI)\nhttps://docs.nitrokey.com/hsm/" }, + { "3BDF1100400A003180718666654E434F5331839000", "eNCOS MC MChip Advance V10 (Bank)\nhttps://tr.iccore.tech/" }, + { "3BDF18008131FE580031B964050E010073B401D300000022", "Identity Card in Slovakia with security chip and e-signature" }, + { "3BDF18008131FE588031905241016405C903AC73B7B1D444", "a.sign RK CHIP with certificate\nhttps://www.a-trust.at/webshop/Detail.aspx?ProdId=2021" }, + { "3BDF18008131FE588031B05202046405C903AC73B7B1D422", "Austrian 'e-Card' (=Health Card) of the 4th generation. (HealthCare)" }, + { "3BDF18008131FE58AC31B05202046405C903AC73B7B1D422", "e-Card Austria (HealthCare)" }, + { "3BDF18008131FE67005C49434DD49147D276000038330058", "Infineon SICRYPT Card Module D4 PC/SC Compliance Test Card" }, + { "3BDF18008131FE67005C49434DD49147D277000038330059", "Infocrypt Token++ (PKI)\nhttps://tokenplus.ru/products/%D0%A2%D0%BE%D0%BA%D0%B5%D0%BD/" }, + { "3BDF18008131FE7D006B020C0182011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)" }, + { "3BDF18008131FE7D006B040C0184011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)\nhttp://www.regione.toscana.it/cartasanitaria\nhttps://www.agid.gov.it/it/piattaforme/carta-nazionale-servizi" }, + { "3BDF18008131FE7D006B150C0180011101434E53103180E9", "Provider: Actalis S.p.A.\ncode: AT00006181\nhttp://www.actalis.it" }, + { "3BDF18008131FE7D006B150C0181011101434E53103180E8", "Italian healthcare card (TS) National Service Card (CNS)\nCarta Regionale dei Servizi - Regione Lombardia\nTuscany TS-CNS\nhttp://www.regione.toscana.it/cartasanitaria" }, + { "3BDF1801C04031FC7580738421E0694D54434F537302050516", "German digital tachograph control card (Transport)" }, + { "3BDF18FF8091FE1FC3003138644790ECC273140150829000BB", "Ministry of Interior - France 'Agent Card' (Other)" }, + { "3BDF18FF8131FE4580590180484944433730307300011B33", "Crescendo C700 + MiFare 4K\nhttp://www.smartcardfocus.com/shop/ilp/id~265/p/index.shtml" }, + { "3BDF18FF8131FE458073C8211059B81D417574684B6579BA", "Arculus AuthentiKey (Other)" }, + { "3BDF18FF8191FE1FC3003138644790ECC273140150829000BA", "Card store authentication and signature keys (JavaCard)\nhttps://ants.gouv.fr/Les-titres/Cartes-Agents/Adhesion/Telechargement-et-support" }, + { "3BDF18FF8191FE1FC30031B8640000EC0073940000829000FE", "NXP Jcop3 P60 ChipDoc v7b4 (JavaCard)\nhttps://www.javacardos.com/store/products/10029" }, + { "3BDF18FF8191FE1FC30031B86404216010739401C005900001", "Dutch Governement Identity Card using physical (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, + { "3BDF18FF8191FE1FC30031B8640C01ECC173940180829000B3", "ebee card\nhttps://www.ebeeoffice.ca/ebee-home/public\nDigital Signature Costa Rica (issued since 09/2019) (eID)\nhttps://www.mifirmadigital.go.cr/" }, + { "3BDF18FF81B1FE451F870031B96409377213738401E00000008E", "Slovak eID card with dual (NFC and physical) interface. It is Cosmo v9.2. The card is used for electronic identification and for electronic signing with either qualified or just electronic signing certificate. (eID)" }, + { "3BDF18FF81F1FE43001F034D494641524520506C75732053414D98", "Mifare SAM AV2" }, + { "3BDF18FF81F1FE43003F03834D494641524520506C75732053414D3B", "NXP SAM AV2 module" }, + { "3BDF18FF81F1FE43003F03834D4946506C75732053414D3B53414D3B", "Mifare SAM -AV2 (PKI)" }, + { "3BDF18FF81F1FE43003F07834D49464152452053414D204156333011", "NXP SAM AV3 module" }, + { "3BDF18FF910131FE4680319052410264050200AC73D622C099", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, + { "3BDF94FFC080B1FE451F03006AD2760000280415FA10040090006B", "UK Digital Tacho card (Other)" }, + { "3BDF94FFC080B1FE451F03006AD2760000280415FA40040090003B", "DVLA Company Card (Transport)" }, + { "3BDF9500801F878031A073FF21006345B105830F900060", "FUTURE CARD Normal ISO SIM (Telecommunication)" }, + { "3BDF9500801F878031A073FF21006345B309830F90006E", "Card Mobilis Algeria telecom (Telecommunication)\nhttp://www.mobilis.dz" }, + { "3BDF9500801FC38031E073FE211B674C455441323135BD", "SK Telecom SIM card (in Korea) (Telecommunication)\nhttp://www.sktelecom.co.kr/" }, + { "3BDF95FF8091FE1FC349445044554F33475049544356008029", "Generic Card NFC (eID)" }, + { "3BDF95FF8091FE1FC38025A0000000685319000173C8211329", "CardLogix Credensys-J Contacted Java Card 2.2.1 Global Platform 2.1.1 (Atmel AT90SC12872RCFT)\n(bank)" }, + { "3BDF96008031FE450031B864041FECC173940180829000EC", "Ministry of Interior - France 'Agent Card'\n(Carte Agent du Ministere de l'Interieur Francais)" }, + { "3BDF96008031FE450031B8640429ECC173940180829000DA", "Finnish identity card given by the City of Helsinki to all members of city council, board and commitees" }, + { "3BDF960080B1FE451F830012276F5741495242555331079000EA", "IDEMIA ID-One Cosmo V8.2 IAS ECC card (eID)" }, + { "3BDF960080B1FE451F838073BC9180F9A00000007780080201A4", "Latvian eSignature card (eID)\nhttps://www.lvrtc.lv/e-signature.html" }, + { "3BDF960080B1FE451F870031C16408923201738421E0059000C5", "Company Card for Transport companies (Transport)" }, + { "3BDF96008131FE4541434F532D4944303032382E3031366F", "Sri Lankan driving license [ web: motortraffic.gov.lk ] (eID)\nhttp://www.motortraffic.gov.lk/web/index.php?option=com_content&view=article&id=83&Itemid=140&lang=en" }, + { "3BDF96008131FE4580738421E0554978000080830F90000C", "Idemia Cosmo X (eID)\nhttps://cyber.gouv.fr/sites/default/files/2021/08/anssi-cible-cc-2021_36n.pdf" }, + { "3BDF96008131FE588031B05202056405A100AC73D622C020", "Austrian health insurance card 'e-card' (HealthCare)\nhttps://de.wikipedia.org/wiki/E-card_(Chipkarte)" }, + { "3BDF960081B1FE451F838073CC91CBF9A0000003080000100079", "Test PIV Cards available for sale from NIST\nhttp://csrc.nist.gov/groups/SNS/piv/testcards.html" }, + { "3BDF960090103F07008031E0677377696363000073FE210006", "swsim card (Telecommunication)" }, + { "3BDF960090103F07008031E0677377696363000073FE2100DC", "swsim (Telecommunication)" }, + { "3BDF96FF8131FE455A018048494443313158587300011B09", "HID Crescendo iCLASS Px G8H" }, + { "3BDF96FF8131FE4580590180504956434C41537300011BDE", "HID Global pivCLASS v1.0 (PKI)\nhttp://www.hidglobal.com/products/cards-and-credentials/pivclass/pivclass-smart-card" }, + { "3BDF96FF8131FE45805B44452E42415F53433335328105B5", "Employee ID card from the Federal Employment Agency (Germany) (PKI)\nhttps://www.pki.arbeitsagentur.de/" }, + { "3BDF96FF8131FE45805B44452E424E4F544B3130308105A0", "BeA - Certification Card for German Solicitors (Other)\nhttps://bea.bnotk.de/" }, + { "3BDF96FF81B1FE451F870031B96409377213738401E000000000", "National Identity Card of Slovakia (eID) (eID)\nhttps://en.wikipedia.org/wiki/Slovak_identity_card" }, + { "3BDF96FF910131FE4680319052410264050200AC73D622C017", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, + { "3BDF97008131FE588031B05202056405A100AC73D622C021", "Austrian healthcare insurance identification card (HealthCare)\nhttps://www.chipkarte.at" }, + { "3BDF970081B1FE451F838073CC91CBF9A0000003080000100078", "NASA PIV Card (Other)" }, + { "3BE000008131104505", "Emoney indonesia (Bank)" }, + { "3BE000008131204030", "SmarTEC" }, + { "3BE000FF8131FE4514", "'JUKICARD', digitally sign tax documents in Japan" }, + { "3BE20000402049..", "Schlumberger Cryptoflex 4k" }, + { "3BE2000040204905", "Schlumberger Cryptoflex DES" }, + { "3BE2000040204906", "Schlumberger Cryptoflex" }, + { "3BE2000040204907", "Schlumberger Cryptoflex Key Generation" }, + { "3BE200FFC11031FE55C8029C", "Aladdin eToken PRO (USB token)\nSiemens CardOS M4.0" }, + { "3BE300FF9181712644000113202D", "Metrebus Card\n(used in Rome to store personal information and Atac subscription.\nAtac is the public transport company of the city of Rome.)\nhttp://www.atac.roma.it/smart/smart.asp?A=2&S=22&PR=4&LNG=2" }, + { "3BE500008121459C100100800D", "BIN 470132 -- BANK OF AMERICA VISA DEBIT -- GEMALTO MGY 0 U1090788B - 12/14 F8 00 89 (Bank)" }, + { "3BE500008131FE45D00037008089", "ATM card for Standard Chartered, Taiwan" }, + { "3BE500FF8131FE458073C601082D", "MUFG (.jp) (Bank)" }, + { "3BE6000080318066B1A30401110B83", "Java Jcop J2A040 (JavaCard)" }, + { "3BE6000080318066B1A30401110B83009000", "VISA Credit Card (Bank)" }, + { "3BE60000812145324B010101017A", "Axalto Cyberflex Palmera V5" }, + { "3BE600FF8131FE4544492030324D70", "Alior Sync (Poland) - MasterCard Debit Card with PayPass (Bank)\nMasterCard Contactless Debit Card issued by Raiffeisen Bank in Czech Republic\nDebit MasterCard with paypass issued by Bank Zachodni WBK (Poland)\nDebit MasterCard with paypass issued by AliorSync" }, + { "3BE600FF8131FE454449203032566B", "VISA credit card (DKB)" }, + { "3BE600FF8131FE454A434F50303307", "IBM JCOP 30/16" }, + { "3BE600FF8131FE454A434F50313005", "IBM JCOP 10/16\nRental card for Blockbuster, Taiwan" }, + { "3BE600FF8131FE454A434F50323006", "IBM JCOP 20/16\nIBM JCOP20 with MIFARE\nor Datakey Smart Card Model 330J\nhttp://www.datakey.com/products/smart_cards/products_sc_330j.shtml" }, + { "3BE600FF8131FE454A434F50323107", "IBM JCOP ID21" }, + { "3BE600FF8131FE454A434F50333007", "Mifare ProX T=1" }, + { "3BE600FF8131FE454A434F50333106", "IBM JCOP 30/31bio (contact interface)" }, + { "3BE600FF8131FE4580640C7000008A", "AEON Credit Card (Bank)\nhttps://www.aeon.co.jp/card/lineup/" }, + { "3BE700008131FE4200639531059000B9", "Chunghwa Post Co., Ltd. Visa Debit Card (Bank)\nhttp://www.post.gov.tw/post/internet/U_english/index.jsp?ID=24030107" }, + { "3BE70000918131FE410110300100908049", "'FirmenTicket' from the 'Rheinbahn' for the 'VRR'\nits a ticket corporates can buy for their employees. so its called\n'FirmenTicket'. 'Rheinbahn' is the local service operator for the\nmass traffic in and around duesseldorf/germany. 'VRR' is traffic\nnetwork spanning over at least a big part of north rhine westphalia\n(Verkehrsverbund Rhein-Ruhr)\nhttp://www.vrr.de/de/tickets_und_tarife/vielfahrer/firmenticket/index.php" }, + { "3BE700FF8131FE454430382E30203657", "EMV (MasterCard) card, issued by Raiffeisen Bank in Russia\n'Deutsche Kreditbank AG' Visa Card produced by AustriaCard GNC\nAll cards (MasterCard, Maestro, VISA Electron) issued by Raiffeisen Bank in Romania\nEMV (MasterCard) Card, issued by Raiffeisen Bank in Czech Republic" }, + { "3BE700FF8131FE454430382E31203656", "WinWin Austria Player-ID-Card (Other)\nhttps://www.winwin.at/" }, + { "3BE700FF8131FE454430382E32203655", "Mastercard (Bank)" }, + { "3BE700FF8131FE454D43412038203652", "Mastercard credit card issued by 'PayLife Bank GmbH'.\nBank number is '5266' - Bawag PSK." }, + { "3BE700FF8131FE458031C073C62148BE", "Japanese ETC (Electronic Toll Collection System) card (Transport) and Credit card (Issuer: Toyota) (Transport)" }, + { "3BE700FF81B1FE451F018031C073C6214820", "Japanese ETC (Electronic Toll Collection System) card (Transport)" }, + { "3BE8000040FA0073C84011009000", "KEBTechnology KONA USB SmartCard (Other)" }, + { "3BE800008031FE450073C8401300907DE7", "National Health System of Spain - Consejeria de Sanidad y Servicios Sociales - JUNTA DE EXTREMADURA (HealthCare)\nhttps://www.juntaex.es/es/lajunta/consejo-de-gobierno/vicepresidencia-segunda-y-consejeria-de-sanidad-y-servicios-sociales/servicio-extremeno-de-salud" }, + { "3BE80000813120450073C8400000900056", "Visa credit card for Standard Chartered, Taiwan" }, + { "3BE800008131FE00506572736F53696DAA", "Simulated virtual smartcard, from project PersoSim (eID)\nhttps://persosim.de/?q=node/33" }, + { "3BE800008131FE450073C8400000900088", "VISA Card (Skandinaviska Enskilda Banken) with Swedish BankID\nVISA card (Chinatrust Bank (Taiwan), dual-interface card with a Taipei Metro e-purse function)" }, + { "3BE800008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BE800008131FE454A434F5076323431B4", "VISA Debit card for NAB, Australia" }, + { "3BE800FF8131FE43AA00000000000000B0", "Secure Signing Token (eID)" }, + { "3BE800FF8131FE45434C6169726520361A", "DKB Visa card with PayWave" }, + { "3BE90000812145454D565F41545220066C", "VISA card, issued by HVB Bank Czech Republic or austrian BankAustria\nhttp://www.hvb.cz" }, + { "3BE900008121454D435F5F494E46200665", "MasterCard Credit card issued by SpareBank1 in Norway\nhttp://www.sparebank1.no" }, + { "3BE900008121455649535F494E46200678", "VISA card, issued by the Austrian 'Raiffeisen' bank\nhttp://www.raiffeisen.at/\nVisa Card - Maximum - Oyak Bank / Turkey\nVISA, issued by Austrian bank 'Erste Bank'\nVISA card, issued by the Latvian bank 'Latvijas Krajbanka'" }, + { "3BE900008131C345996374691999125610EC", "Compunicate Technologies Inc. (Pay TV)\nhttp://www.cti.com.cn/en/product.aspx?m=20140731165252850216" }, + { "3BE900008131FE00FF506572736F53696D54", "German PersoSim (eID)\nhttps://persosim.secunet.com/en/" }, + { "3BE900008131FE4541434F534A76323034F6", "ACS ACOSJ-DI 95K (in T=1 mode) (JavaCard)" }, + { "3BE900008131FE4543443169A90000000014", "Mastercard credit card, UBS Switzerland (Bank)" }, + { "3BE900008131FE45434432690900000000B7", "Swiss UBS MasterCard Creditcard" }, + { "3BE900008131FE45454D5620303320200699", "Visa credit card\nMasterCard credit card" }, + { "3BE900008131FE45454D5630325F34530680", "Maestro Card issued by 'First Investment Bank' in Bulgaria\nhttp://fibank.bg/\nVisa Electron card: TATRA BANKA, a.s." }, + { "3BE900008131FE454A434F503130563232A3", "ORGA Open Platform DES 16k V2.0 / JCOP10" }, + { "3BE900008131FE454A434F503234325232A0", "NXP J3D081 (JavaCard)" }, + { "3BE900008131FE454A434F503331563232A0", "JCOP 31 / 72k" }, + { "3BE900008131FE454A434F503431563232A7", "IBM JCOP v2.2 41" }, + { "3BE900008131FE454D434120303320200688", "PayLife Gold MasterCard -- an unbranded version of the master card" }, + { "3BE900FF8131FE45434C6169726532203629", "UB(SK) Visa Vusiness card with PayWave (Bank)\nhttps://www.vub.sk/en/companies-entrepreneurs/cards/debit-cards/visa-business/" }, + { "3BE900FF8131FE45434C6169726533203628", "BZ WBK Mastercard (Bank)" }, + { "3BE900FFC11031FE5500640500C80231800047", "Identity card of Italian Republic" }, + { "3BE900FFC11031FE55C80120504E34303132AD", "Siemens CardOS/M 3.0 (SLE66CX160S)" }, + { "3BEA0000813120438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, + { "3BEA0000813120438065A20101013D72D643A5", "GemXpresso Pro R3 32PK (MPCOS, T=1) (warn reset)" }, + { "3BEA00008131FE450031C173C840000090007A", "Nigerian eID Card (cold reset)\nChip is NXP JCOP 2.4.1R3\nDual BCR Signum Mastercard (bank) + Digital Signature Costa Rica (eID)\nhttps://bancobcr.com/wps/portal/bcr/bancobcr/personas/tarjetas/signum_firma_digital/" }, + { "3BEA00008131FE45436F6D624F5320494900FE", "UBS VISA Gold Card\nMasterCard from lhv.ee\nNordea Bank Finland PLC Estonian Branch (ABnote)" }, + { "3BEA00008131FE454A434F5033315632333290", "NAB VISA Debit card" }, + { "3BEA00008131FE454A434F5034315632323195", "HID Crescendo C700\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c700" }, + { "3BEA00FF813120750064051401023100900027", "GCOS-MDK" }, + { "3BEA00FF8131FE455455422D434B010301007B", "Technische Universitat Berlin - Campus Karte\nMaybe Sm@rtCafe Expert 2.0 (Giesecke & Devrient)\nor GemXpresso 211 PK (Gemplus)\nIncludes a Mifare-Chip (1 KB - Memory-Chip)" }, + { "3BEB0000813120454A434F503331333647445478", "card for testing (eID)" }, + { "3BEB0000813142454E4C436853434B303430312B", "Dutch University accesscard & Electronic purse & telphone card" }, + { "3BEB0000813142454E4C4368697070657230310A", "Dutch Post (Chipper)" }, + { "3BEB00008131FE450031C0643F680102079000B6", "Chris firstbank (Bank)" }, + { "3BEB00008131FE450031C0643F6801020F9000BE", "VISA Debit card for Taishin International Bank, Taiwan (Bank)" }, + { "3BEB00008131FE450031C0643F680108079000BC", "Debit Mastercard of Mega ICBC, Taiwan (Bank)\nhttps://www.megabank.com.tw/en-us/english/credit-card" }, + { "3BEB00008131FE450031C064A9EC010082900023", "Junta de Extremadura (Spain) public healthcare card (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, + { "3BEB00008131FE45436F6D624F5320312E3015C5", "Reka Card - Swiss Holiday Member Card (Loyalty)\nhttps://reka.ch/en/rekamoney/privatepersons/reka-card/Seiten/reka-card.aspx?lang=en" }, + { "3BEC00004032424C554520445241474F4E20430001", "Pay TV" }, + { "3BEC00004032544954414E49554D00110106", "Titanium high security access smartcard (the back says something about 'DoorCard') (Other)" }, + { "3BEC00004032544954414E49554D00130202", "Titanium 2 Card Pirat Card for Seca 2 / Viaccess 2004 (Pay TV)" }, + { "3BEC00FF8131FE45A0000000563333304A330600A1", "Datakey model 330J card, www.datakey.com\nhttp://www.hmk.de/downloads/datakey/Model_330J_Smart_Card.pdf\nModel 330J JavaCard v2.1.1\nGlobal Platform v2.0.1 specifications.\nJCCOS operating system applet (Java-based Cryptographic Card Operating System)" }, + { "3BED000080318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 Normal Speed" }, + { "3BED00008131204380318065B083......830090....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, + { "3BED00008131204380318065B08302047E8300900032", "Latvian Digital Signature Card (warm)\nhttp://www.eme.lv/" }, + { "3BED00008131804280318065B0872701BC830890007D", "EMV (V PAY) Issued by UniCredit Bulbank Bulgaria\nGXP7 T=1" }, + { "3BED00008131804280318065B0894001F28300900052", "VISA Debit card for Taishin International Bank, Taiwan" }, + { "3BED00008131FE450031C071C6644D3533560F900046", "Kostadin (Bank)" }, + { "3BED00008131FE450031C071C6644D35354D0F9000", "ING Credit Card (Bank)\nhttps://www.ing.nl/particulier/betalen/creditcards/index.html" }, + { "3BED00FF813120754D424320534D502056312E3130BD", "Used to Control a Laser Device" }, + { "3BEE00008131804280318066B0840C016E01830090008E", "MultiApp Cards (Easy 72K Type B and Combi 72K Type B)\nE.SUN Commercial bank debit master card (Bank)\nTaiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, + { "3BEE00008131804380318066B1A1110100F683009000", "Optelio/Desineo Cards (D72 FXR1)" }, + { "3BEE00008131804380318066B1A11101A0F683009000", "Optelio D72 FXR1 (MD) T=1" }, + { "3BEE00008131804380318066B1A30401110B83009000D4", "Japan Post Bank cash card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/chokin/sogou/kj_cho_sg_iccard.html" }, + { "3BEE00008131FE45003180718665016702A00A8390001B", "IBM JCOP 'Java Card 2.1.1' et 'Open Platform 2.0.1'" }, + { "3BEE00008131FE4580318066409093060F1783019000FD", "Health insurance (HealthCare)" }, + { "3BEE00008131FE4580318066409093060F17830F9000F3", "IC card for the National Health Insurance, Taiwan" }, + { "3BEF..0040148025434552455357....0101039000", "Electronic Identification Card from the FNMT, the Spanish Official\nCertification Authority (Fabrica Nacional de Moneda y Timbre)\nFNMT-Ceres Siemens Infineon SLE 19" }, + { "3BEF..0040148025434552455357....0102039000", "FNMT-Ceres Siemens Infineon SLE 20\nFabrica Nacional de Moneda y Timbre" }, + { "3BEF000081312049005C5043541027F8D27600003833004D", "Infineon Technologies PC/SC Compliance Test Card V1.0" }, + { "3BEF000081314069005C50435335C53AD27600003833000F", "Siemens Nixdorf Sicrypt" }, + { "3BEF00008131FC4580318065110113000153414345810421", "Slovenska sporitelna (SLSP) Bank card, Maestro Card with chip" }, + { "3BEF00008131FC4580318065111123100253414345810412", "VISA card issued by UBS, Switzerland" }, + { "3BEF00008131FE450031C173C8211064474D313600900067", "ING Gold Credit Card (Italy) (Bank)\nhttps://www.ing.it/" }, + { "3BEF00008131FE45417441434F53322E345345204C6337C9", "Maestro Polish Alior debit card (Bank)" }, + { "3BEF00008131FE4543443269A98100002020202020200090", "UBS Switzerland Mastercard credit card (Bank)" }, + { "3BEF00008131FE4543443369098000002020202020200030", "Nordea Credit Gold MasterCard (Bank)\nhttp://www.nordea.ee/Private+customers/Daily+banking/Cards/Nordea+Gold/67062.html?lnkid=frontpage_teaser_GOLD_30-07-2014" }, + { "3BEF00008131FE45434D425F436F6D4444413030353500F7", "Master Card (emitted by bank Nordea - Lithuania)" }, + { "3BEF00008131FE45434D425F436F6D5344413030343000E4", "VISA (Danske Bank Eesti / www.sampopank.ee)" }, + { "3BEF00008131FE45434D425F436F6D5344413030353100E4", "Visa (Sampo Estonia, 2010)" }, + { "3BEF00008131FE45436F6D624F53205620202020202000AD", "Corporate Credit Card - SIEMENS MasterCard issued by Degussa Bank (Bank)" }, + { "3BEF00008131FE45436F6D624F53205649202020202000C4", "VfB Stuttgart Fankarte (pay card for the football stadium of the german club VfB Stuttgart)" }, + { "3BEF00008131FE45444C415A46545632444944313030FF06", "Lufthansa ID Card (eID)" }, + { "3BEF00008131FE45455041000000008891027200000000D9", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, + { "3BEF00008131FE45455041000000010130622200000000C0", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, + { "3BEF00008131FE4546494F4D4B5F3030312030313041009C", "MasterCard/PayPass Card issued by Czech FIO Banka a.s. (contact chip)\nnote the ASCII string ' FIOMK_001 010A' embedded in ATR" }, + { "3BEF00008131FE65005C504353D19147D276000038330070", "Siemens/Infineon Sicrypt S26381-F252-V1 GS:03" }, + { "3BEF00008131FE67005C49434DDBC97ED27600003833001E", "Infineon SICRYPT CardModule Card" }, + { "3BEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, + { "3BEF00FF81312045426173696343617264205A43322E33BD", "ZeitControl BasicCard Enhanced 2.3" }, + { "3BEF00FF81312045426173696343617264205A43332E33BC", "Electronic Purse (Elton Senegal)" }, + { "3BEF00FF81312075426173696343617264205A43332E338C", "ZeitControl BasicCard Enhanced 3.3" }, + { "3BEF00FF81312075426173696343617264205A43332E3788", "ZeitControl BasicCard Enhanced 3.7" }, + { "3BEF00FF81312075426173696343617264205A43332E3986", "ZeitControl BasicCard Enhanced 3.9" }, + { "3BEF00FF81314245.*38", "UNI-Card" }, + { "3BEF00FF8131424565630302030280002240489596002028", "Scard Sparkasse Detmold, Deutschland BLZ 47650130" }, + { "3BEF00FF81315045426173696343617264205A43312E31CC", "ZeitControl BasicCard Compact 1.1" }, + { "3BEF00FF813150456563............................", "GeldKarte v2 (Germany)" }, + { "3BEF00FF8131504565630000000000000000000000000000", "Geldkarte v2" }, + { "3BEF00FF813150456563080B40028000081520033604007E", "old banking card (electronic-card / Maestro / Geldkarte) of the\nStadt-Sparkasse Duesseldorf (like the above, but old - around 2002)." }, + { "3BEF00FF8131504565630D24200280000508335610010243", "German ec card" }, + { "3BEF00FF813152454D46432049424D2034304839363031FB", "IBM MFC 3.5 file system smart card\n(Card from the book 'Smart Card Application Development Using Java')" }, + { "3BEF00FF8131604565630402110000000000A532A50111B6", "GledKarte\nSiemens M3-Module with a Motorola SC-28.\nG&D (Giesecke&Devrient) Geldkarten-OS mit der Version 11" }, + { "3BEF00FF813160456563060314025000065108115E014190", "Geldkarte from Deutsche Bank, Thomson-Chip" }, + { "3BEF00FF8131664549424D204D46433430303230383331A1", "IBM MFC 4.1 file system smart card\nCard from the book 'Smart Card Application Development Using Java'\nauthors: Uwe Hansmann, Martin. S. Nicklous, Thomas Schack, Achim Schneider, Frank Seliger" }, + { "3BEF00FF813166456563202049424D20332E3120202020", "IBM eCash" }, + { "3BEF00FF813166456563202049424D20332E3120202020CF", "IBM eCash" }, + { "3BEF00FF8131864549424D204D4643343030303038333143", "ComCard MFC 4.1" }, + { "3BEF00FF8131FE4065631D038602500023151131280110FD", "DKB Banking Card (EC-Karte 2023) (Bank)\nhttps://www.dkb.de/" }, + { "3BEF00FF8131FE4141434F532046696F6E6131204C633666", "EUROBANK GR (Bank)\nNBG BANK (Bank)" }, + { "3BEF00FF8131FE4541434F53204449616E6131204C63364E", "comdirect VISA card (Bank)\nhttps://www.comdirect.de/konto/karten.html#Visa-Karte" }, + { "3BEF00FF8131FE4541434F53204449616E6132204C63364D", "Alior Bank SA (Bank)\nhttps://www.aliorbank.pl/" }, + { "3BEF00FF8131FE45656306087102500023B8105BA0471116", "DKB Banking Card (EC-Karte 2020) (Bank)" }, + { "3BEF00FF8131FE4565630D12810156001F00006686080122", "Commerzbank signature card SECCOS (6 or 7) providing RAH security profile (Bank)\nhttps://www.chipkartenleser-shop.de/commerzbank/electronic-banking-chipkarten/commerzbank-signaturkarte-2710050006" }, + { "3BEF00FF8131FE4565631104010280000F274000030100E1", "Postbank Geldkarte" }, + { "3BEF00FF8131FE4565631104010280000F462004230100C4", "Postbank ec/Maestro (Germany)" }, + { "3BEF00FF8131FE4565631108430250001021200324053016", "Bank (Bank)" }, + { "3BEF00FF8131FE456563111261025000100A072722071022", "DKB Online Banking Card (Bank)\nhttps://www.dkb.de" }, + { "3BEF00FF8131FE456563111261025000100A07811C0710BA", "German Sparkasse HBCI card (Bank)\nhttps://www.sparkasse.de/service/finanzlexikon/hbci-verfahren.html" }, + { "3BEF00FF8131FE4565631113710528001F00010228372060", "MasterCard of SpardaBank Hamburg in Germany (Bank)\nhttps://www.sparda-bank-hamburg.de" }, + { "3BEF00FF8131FE4565631113710528001F0006124137201E", "BankCard Sparda-Bank Baden-Wurttemberg eG (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F0007241A372072", "Commerzbank Maestro Card (Bank)\nhttp://www.maestrokarten.de/girokontovergleich/commerzbank_girokonto.html" }, + { "3BEF00FF8131FE4565631113710528001F00083B3C372044", "Comdirect Debit Card Germany - AustriaCard 55616 (Bank)\nhttps://www.comdirect.de/" }, + { "3BEF00FF8131FE4565631113710528001F000A1B18372042", "German debit card (girocard, V-Pay) (Bank)\nhttps://www.girocard.eu/english/" }, + { "3BEF00FF8131FE4565631113710528001F000B161C37204A", "Commerzbank / girocard /maestro (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F000D163A37206A", "BankCard Sparda-Bank West eG (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F00120F24372072", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F00153D47372024", "Girocard issued by Comdirect bank AG (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F00193516372071", "Commerzbank Germany (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F00024D36371005", "comdirect girocard (Bank)\nhttps://www.comdirect.de/konto/karten.html#girocard" }, + { "3BEF00FF8131FE4565631114710528001F0003443137100A", "DKB Banking Card (Bank) (Bank)\nhttps://www.dkb.de" }, + { "3BEF00FF8131FE4565631114710528001F00034A36371003", "German Sparkasse, Girocard, GeldCard, girogo, EUROSERV (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F0005210F371057", "girocard maestro Bank (Bank)\nhttps://www.girocard.eu/" }, + { "3BEF00FF8131FE4565631114710528001F0006302F371065", "MasterCard German Sparkasse (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F0006543137101F", "Sparkasse (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F00071D46371020", "DKB (Deutsche Kreditbank) debit card (V-PAY) (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000A1E1337107B", "girocard (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000B361B37105A", "Kreissparkasse bank Girocard (Germany) (Bank)\nhttps://www.kskmse.de/de/home/privatkunden/girokonto/girokonto-online.html?n=true&stref=productbox" }, + { "3BEF00FF8131FE4565631114710528001F000C1A1737107D", "Bank card issued by Sparkasse (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000C2024371074", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ... (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000C3D35371078", "Sparkasse KolnBonn Bank (Bank)\nhttps://www.sparkasse-koelnbonn.de" }, + { "3BEF00FF8131FE4565631114710528001F0010142437105C", "Deutsche Kreditbank AG (Bank)\nhttps://www.dkb.de/" }, + { "3BEF00FF8131FE4565631114710528001F00112D4F37100F", "Bank card (Bank)\nhttps://www.commerzbank.de/" }, + { "3BEF00FF8131FE4565631114710528001F00113B32371064", "DKB GiroCard (Bank)\nhttps://dkb.de" }, + { "3BEF00FF8131FE4565631114710528001F00172846371005", "Sparkasse Zwickau Maestro card (Bank)\nhttps://www.spk-zwickau.de/de/home/privatkunden/girokonto/sparkassencard.html" }, + { "3BEF00FF8131FE4565631114710528001F00180F48371023", "SparkassenCard (Bank)\nhttps://sparkasse.de" }, + { "3BEF00FF8131FE4565631114710528001F0018242A37106A", "Sparkasse girocard (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F00182D1C371055", "Debit card (Germany): ec-cash, GeldKarte(EUR) (Bank)" }, + { "3BEF00FF8131FE456563111562025000100A002B2107201E", "EC Card Sparkasse Mittelfranken Sued (Bank)\nhttps://www.spkmfrs.de" }, + { "3BEF00FF8131FE456563111562025000100A002EFC0720C6", "maestro BankCard (Bank)" }, + { "3BEF00FF8131FE456563111562025000100A09AC030720B2", "Girocard Sparkasse Darmstadt (Bank)" }, + { "3BEF00FF8131FE4565631901620280000F003500420620BB", "Credit card (Germany, Postbank AG): VISA" }, + { "3BEF00FF8131FE4565631D0284025000230509A0D9010182", "Debit card (Bank)" }, + { "3BEF00FF8131FE4565631D028402500023180920E7010121", "Deutsche Kreditbank AG (DKB AG) bank card (Bank)\nhttps://www.dkb.de/info/tan-verfahren/chipTAN/" }, + { "3BEF00FF8131FE458031C06B49424D204A65745A204D3239", "UBS Internet Card (IBM JetZ M2)" }, + { "3BEF00FF8131FE458031E06B042105026B55555555555568", "MasterCard credit card for Mega International Commercial Bank, Taiwan (Bank)\nhttps://www.megabank.com.tw/creditcard/index.asp" }, + { "3BEF00FF8131FF6549424D204D4643393232393238393017", "IBM MFC 4.22 (University of Cambridge smartchip card)" }, + { "3BF01100FF01", "Not a physical smart card. But a JavaCard simulator ATR with default configuration. (JavaCard)" }, + { "3BF01200FF9181B17C451F019B", "Japanese Chijou Digital B-CAS Card (pay TV) (Pay TV)" }, + { "3BF01200FF9181B17C451F0399", "Japanese Chijou Digital B-CAS Card (pay TV)" }, + { "3BF01200FF9181B1EF451F030A", "Japanese Digital CATV C-CAS card" }, + { "3BF01300001000", "MasterCard ETEC InterOp 27. This is an dual-app Maestro/MasterCard Credit EMV test card" }, + { "3BF01300008131FE45E8", "Healthcare card Romania (HealthCare)\nhttp://www.cnas.ro/casmb/national-page/cardul-national-de-asigurari-de-sanatate-2.html" }, + { "3BF01300FF9181B1FE461F0319", "Japan BS/CS 4K Satellite Broadcasting A-CAS Card (Pay TV)\nhttp://www.acas.or.jp/index.html" }, + { "3BF2180000C10A31FE55C80675", "HID iCLASS P16K C4H\nproximity card used for both door locks and keystore" }, + { "3BF2180002C10A31FE55C80776", "Siemens CardOS V4.3" }, + { "3BF2180002C10A31FE58C80874", "Siemens CardOS V4.3B\nD-Trust multicard 2.1 (may only be the testcard for it)" }, + { "3BF2180002C10A31FE58C80975", "Siemens CardOS V4.2B" }, + { "3BF2180002C10A31FE58C80B77", "CardOS V4.2C (SLE66CX360PE dual interface)" }, + { "3BF21800FFC10A31FE55C8068A", "Siemens CardOS M 4.2 (SLE66CX642P)" }, + { "3BF2960000813180438031A6", "Card of Justice (Other)" }, + { "3BF29800FFC11031FE55C80315", "Siemens CardOS M 4.01 (SLE66CX320P)" }, + { "3BF29800FFC11031FE55C80412", "CardOS M4.01a (SLE66CX322P)" }, + { "3BF39600FFC00A31FE4D8031E083", "MARX Cryptoken (supported by RaakSign)" }, + { "3BF41300008131FE4552465A4FED", "Serbian Health Care electronic card (HealthCare)\nhttp://www.rfzo.rs/index.php/osiguranalica/ekartica" }, + { "3BF4180002C10A31FE5856346376C5", "Eutron CryptoIdentity (reader + card token)" }, + { "3BF41800FF8131805500318000C7", "Identity card of Italian Republic" }, + { "3BF49800FFC11031FE554D346376B4", "Eutron Digipass 860 (reader + card token)" }, + { "3BF51300008131FE4573746431308F", "card for NF-e in Brazil (PKI)\nhttps://certificadodigital.imprensaoficial.com.br/certificados-digitais/e-cnpj/a3/e-cnpj-a3-cartao" }, + { "3BF51800008131FE454D794549449A", "Aventra ActiveSecurity MyEID\nhttp://www.aventra.fi/pdf/ActiveSecurity%20MyEID%20Tokens%20white%20paper%20(2p)%20EN.pdf" }, + { "3BF518000210804F73454944", "Atmega 128 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, + { "3BF57100FFFE2400011E0F3339320103", "Mydo IC Card from Japan, based on NTTDATA CARD (Loyalty)\nhttps://www.idemitsu.com/company/history/13.html" }, + { "3BF59100FF918171FE40000A086E773A65", "iCLASS Card (Other)" }, + { "3BF59100FF918171FE4000410000000005", "Contactless Mifare Ultralight" }, + { "3BF59100FF918171FE400041080000000D", "Contactless Mifare" }, + { "3BF59100FF918171FE400041180000001D", "Contactless Mifare 4k" }, + { "3BF59100FF918171FE400041880000008D", "Contactless Mifare 1k or 4k" }, + { "3BF59100FF918171FE4000420001008186", "American Express Blue RFID" }, + { "3BF59100FF918171FE400042000100D1D6", "Japanese Public Key Infrastructure (PKI)\nhttps://www.jpki.go.jp/\nMy Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttps://www.cao.go.jp/bangouseido/" }, + { "3BF59100FF918171FE400042000177D1A1", "German Passport (ePass) (issued May 2008)" }, + { "3BF59100FF918171FE4000420001B3A115", "Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/" }, + { "3BF59600008.31FE454D794549441.", "MyEID card (Infineon chip) (PKI)\nhttps://services.aventra.fi/English/products_MyEID_E.php" }, + { "3BF61300FF1080434849503232", "PostFinance debit (Bank)\nhttps://www.postfinance.ch" }, + { "3BF61300FF910131FE4080640F7000009E", "JA Bank Cash Card (Bank)\nhttps://www.jabank.org/" }, + { "3BF61800FF8131FE454A32413038301B", "NXP J2A080 - 80K (blank)\nhttp://www.classic.nxp.com/acrobat_download2/literature/9397/75016728.pdf" }, + { "3BF61800FF8131FE454A434F5032300E", "IBM JCOP20" }, + { "3BF61800FF8131FE454A434F5033300F", "Philips P8RF5016 running IBM JCOP 30 (contact interface)" }, + { "3BF61800FF8131FE454A434F5033310E", "IBM JCOP BIO31\nIBM JCOP BIO31 Java card" }, + { "3BF71100008131FE6543616E6F6B657999", "Canokey (Other)\nhttp://canokeys.org/" }, + { "3BF711000081718042000063950A019000B9", "ATM Card for Chunghwa Post Inc., Taiwan" }, + { "3BF71100008171FE420000639501019000CC", "ATM Card for Mega International Commercial Bank, Taiwan\nATM card for HSBC Direct, Taiwan\nATM card for TaChong Bank, Taiwan\nATM card for Chunghwa Post, Taiwan\nVISA card for Taipei Fubon Bank, Taiwan\nATM card for Cathay United Bank, Taiwan (Bank)\nhttps://www.cathaybk.com.tw/cathaybk/english/eindex.htm" }, + { "3BF71100008171FE420000639531029000FF", "VISA card for Taipei Fubon Bank, Taiwan" }, + { "3BF71100008171FE420000639531049000F9", "E.SUN Bank, Taiwan (Bank)\nhttps://www.esunbank.com.tw" }, + { "3BF71100008171FE420000639531059000F8", "ATM card for Chunghwa Post, Taiwan\nATM card for E.Sun Commercial Bank, Taiwan\nATM card for Taishin International Bank, Taiwan\nATM card for Bank of Taiwan, Taiwan\nATM card for Land Bank of Taiwan, Taiwan" }, + { "3BF711000140965430040E6CB6D6", "Atmel (FunCard) Smart Card with AT90S8515 and 24LC64 chip on it (Other)\nhttp://docs-europe.electrocomponents.com/webdocs/1173/0900766b811730a2.pdf" }, + { "3BF711000140965430040E6CB6D69000", "PIC16F876-04/SP (PICCard2) or\nPIC16F84A-04/P + 24LC16B (PICCard1) or\nCanal + Canal Digital Spain year 2000/2001 or\nPIC Silver Card 2 (PIC16F876/7 + 24C64)" }, + { "3BF711000140965760140E6CB6D6", "old SECA of D+ Italian sat pay tv" }, + { "3BF711000140965842140E6CB6D6", "UK on digital (terrestrial digital TV card)" }, + { "3BF711000140966060060E6CB6D6", "CANAL+ CANALSATELLITE SmartCard (possibly from 2005) (Pay TV)" }, + { "3BF711000140967070070E6CB6D6", "Cyfra+ SECA Card\nhttp://cyfraplus.pl/" }, + { "3BF711000140967070070E6CB6D69000", "M-II (a.k.a. M-2, a.k.a. Platinum Card), AT90SC6464C based\nKnotCard II\nTitaniumElite" }, + { "3BF7110001409670700A0E6CB6D6", "TopUp TV NagraVision viewing card" }, + { "3BF7110001409670700A0E6CB6D69000", "Canal Digitaal (Pay TV)\nhttp://webshop.canaldigitaal.nl/nl/smartcards-2" }, + { "3BF711000140967070170E6CB6D6", "Canal Satellite card (VERSION 7.1 SYSTEM / SECA2)" }, + { "3BF711000140967070370E6CB6D6", "Carte pour decodeur cable numerique (fourni par www.voo.be et\nwww.ledecodeur.be)" }, + { "3BF711000140967070670E6CB6D6", "UK TopUp TV" }, + { "3BF711000140967071090E6CB6D6", "Carte pour decodeur tele de Neuf Telecom TV" }, + { "3BF71300001000F14040919B9000", "Handelsbanken Inloggningskort (Bank)\nhttps://www.handelsbanken.se/sv/privat/digitala-tjanster/bankid-pa-kort" }, + { "3BF71300008131FE4500C08AC80C658185", "NXP JCop (JavaCard)" }, + { "3BF71300008131FE45464F4D534F4D53A9", "Health card Russian Federation" }, + { "3BF71300008131FE454A434F503234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BF71300008131FE4580654A5030310415", "Nichizeiren Denshi-shomei (eID)\nhttps://www.nichizeiren.or.jp/taxaccount/auth/fifth/" }, + { "3BF71800008031FE45736674652D6E66C4", "SmartCafe Expert 3.2 72K" }, + { "3BF71800008031FE45FE42475265494424", "Bulgarian eID PKI card pilot on IFX SLE78 jTOP (PKI)" }, + { "3BF71800008131FE458055433776706B28", "Only labeled 'J35110', dual interface (JavaCard)" }, + { "3BF718000081718042000063840C019000A7", "Citibank Taiwan ATM Card (Bank)\nhttps://www.citibank.com.tw/" }, + { "3BF718000081718042000063950A019000B0", "7-Eleven icash card, Taiwan" }, + { "3BF79100FF918171FE40000A0260CF5104CB7F", "UK Metro Bank Mastercard Debit (Bank)\nhttps://www.metrobankonline.co.uk/" }, + { "3BF79100FF918171FE40004120001177818040", "Contactless Mifare DESFire" }, + { "3BF8110000400A01654E434F533037", "eNCOS + MCA, MchipAdvance bundled with eNCOS (Bank)" }, + { "3BF81100008171FE4200544E051900000002A1", "Taiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, + { "3BF811200340FF0303030312109000", "Bar Ilan KesefCard from Bezeq (Other)\nhttps://halemo.net/web/www.aurora.co.il/english/c_kesefcard.html" }, + { "3BF811200340FFFFFFFFFF12109000", "G&D (STARCOS SV 1.1)" }, + { "3BF813000010000073C84011009000", "Vivid Money Visa Debit (Bank)\nhttps://vivid.money" }, + { "3BF81300008131FE15597562696B657934D4", "Yubico Yubikey 4 OTP+CCID" }, + { "3BF81300008131FE4546494445534D4F318E", "Fidesmo Card with Dual Interface (JavaCard)\nhttp://shop.fidesmo.com/product/fidesmo-card-dual-interface" }, + { "3BF81300008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BF81300008131FE454A434F5076323431B7", "Nigerian eID Card (blank card)\nChip is NXP JCOP 2.4.1R3\nBank of Hawaii (Bank)\nhttps://www.boh.com/\nLA BANQUE POSTALE (Bank)\nhttps://www.labanquepostale.fr/\nbnpparibas (Bank)\nhttp://www.bnpparibas.com/\nJcop040 (JavaCard)\nJcop21 (JavaCard)\nVisa debit classic (Bank)\nhttp://www.jpmorganchase.com/\nJPMorgan Chase (Bank)\nVisa (Bank)\nhttps://unitedfcu.com/\nJP Morgan chase bank (Bank)\nhttp://www.jpmorganchase.com/\nNavy Federal Credit Union (Bank)\nhttps://www.navyfederal.org" }, + { "3BF81300008131FE454A4F5076323431B7", "Nigerian eID card (eID)" }, + { "3BF81300008131FE455049564B45593730FF", "PIVKey CP70 (PKI)\nhttps://pivkey.com/" }, + { "3BF81300008131FE455241414B43327635CB", "Raak C2 Smart Card (PKI)\nhttp://www.raaktechnologies.com/software-downloads-documentation/" }, + { "3BF81300008131FE45534B555001000000FC", "Silesian Card of Public Services (Transport)\nhttps://portal.kartaskup.pl/" }, + { "3BF81300008131FE45536D617274417070F8", "national Lithuania ID card" }, + { "3BF81300008131FE45FF4A32413034300012", "MIDAS Card Diversification Key JavaCard (J2A040) (Bank)\nhttps://github.com/kategray/midas" }, + { "3BF81300FF108053430663010F900000", "Affinity CUIA Debit (JavaCard)\nhttps://www.affinitycuia.org" }, + { "3BF81300FF910131FE41534C4A01305023100D", "Walden Mutual Bank (Bank)\nhttps://www.waldenmutual.com/sustainable-bank-for-individuals#footnote-s0-4" }, + { "3BF81300FF910131FE41534C4A263123020168", "Chase Visa Debit (Bank)" }, + { "3BF81300FF910131FE41534C4A263123421F36", "Infineon SLJ26P (JavaCard)" }, + { "3BF81800008031FE450073C8401300900092", "G&D StarSign Token" }, + { "3BF81800008131FE450073C8400000900080", "NXP JCOP 31 V2.2 36K - S/C I/F" }, + { "3BF81800008131FE450073C8401300900093", "Giesecke & Devrient Sm@rtCafe Expert 3.0" }, + { "3BF81800008131FE454A434F50563234319C", "NXP JCOP2.4.1\nJ3A080 80KB T=1 GP2.1.1 JC2.2.2 SCP02" }, + { "3BF81800008131FE454A434F5076323431BC", "NXP J2A080 JavaCard" }, + { "3BF81800FF8131FE450073C840000090007F", "NXP JCOP 10\nNXP JCOP 31 (contact interface)" }, + { "3BF81800FF8131FE454A434F507632343143", "VIVOtech SAM\nNXP JCOP V241\nNXP J3A081 JavaCard (contact interface)" }, + { "3BF89600008031FE470073C840000090000D", "Italian driver tachograph smartcard (Transport)\nhttps://www.to.camcom.it/cartatachigrafica" }, + { "3BF89600008131FE4400739401C00F9000DD", "fourth-generation Hong Kong permanent identity card (Other)\nhttps://en.wikipedia.org/wiki/Hong_Kong_identity_card" }, + { "3BF89600008131FE454A434F507632343132", "NXP JCOP 2.4.1 (JavaCard)" }, + { "3BF91100008131FE45436F6D624F53205600AA", "VISA Card (Bank)" }, + { "3BF91300008131F0454E425502000320000097", "Bank" }, + { "3BF91300008131FE45454F4E436172645631F6", "NXP J2A080 (PKI)\nhttp://www.smartcardsource.com/contents/en-ca/d9_JCOP-NXP-cards.html" }, + { "3BF91300008131FE454A434F503234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BF91300008131FE454A434F503431563234A2", "JCOP41 v2.4" }, + { "3BF91300008131FE454A434F5076323431B701", "J2A040 NXP (JavaCard)\nhttps://secure.smartcardsource.com/j2a040-java-smart-card.html" }, + { "3BF91300008131FE45535049564B45593730AD", "PIVKey T840 (Other)\nhttps://pivkey.com/" }, + { "3BF91300FF10808031E0554245524753", "Banrisul bank" }, + { "3BF91500FF910131FE43806448657261829000C7", "RC-S500 card (FeliCa SAM for reader?) (Other)" }, + { "3BF918000000534345372003002046", "G+D FIPS 201 SCE 7.0 (PKI)" }, + { "3BF91800008031FE4580574E454F574156457D", "Neowave Weneo" }, + { "3BF91800008131FE45393532383530313331DA", "JCOP31 / 72B1 V2.2 (4096 RSA key support)\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, + { "3BF91800008131FE454A32443038315F5056B6", "NXP J2D081 Java Card 80KB JCOP 2.4.2 R2 GP 2.2.1 JC 3.0.1 (JavaCard)\nhttp://www.javacardsdk.com/Index.aspx?p0=AAT1P0000012&p1=1&p2=1&p3=1&p4=0&p5=1" }, + { "3BF91800008131FE454A434F503231563232A9", "NXP JCOP 21 V2.2 36K" }, + { "3BF91800008131FE454A434F503331563232A8", "JCOP31 / 72B1 V2.2\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, + { "3BF91800008131FE454A434F503431563232AF", "JCOP41 Cards (not supported, but recognized by Classic Client)\nNHS Care Identity Service (CIS) smartcard (HealthCare)\nhttps://www.e-lfh.org.uk/programmes/national-ra-and-smartcard-policy/" }, + { "3BF91800008131FE4550565F4A3244303831B6", "Taiwanese Health Professional Card(TW HPC) (HealthCare)\nhttps://hca.nat.gov.tw/Intro.aspx" }, + { "3BF91800FF8131FE4550565F4A334130343040", "Yubico Yubikey NEO OTP+U2F+CCID (PKI)\nhttps://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, + { "3BF91800FF8131FE4550565F4A33413038314D", "NXP JCOP J3A081 (JavaCard)\nhttps://secure.smartcardsource.com/j3a081m.html" }, + { "3BF99100FF9181714040000A80041E2E222C1490C2", "Mifare DESFIRE (Other)" }, + { "3BF99100FF91817140400041800431766A781690E0", "DESFIRE MIVARE EV2 (Other)" }, + { "3BF99100FF9181714040004180045B89BAB352803A", "mifare desfire 2k (eID)" }, + { "3BF99100FF918171FC40000A095161900058C290D2", "NFC PASS card (eID)" }, + { "3BF99400008131FE6546542056313030900083", "ePass 2000" }, + { "3BF99600008031FE454A546178436F7265560F", "Secure element for fiscal system in Serbia (PKI)" }, + { "3BF99600008031FE4553434537200000202027", "G&D SmartCafe Expert 7 (JavaCard)" }, + { "3BF99600008031FE4553434537200300204642", "ActivIdentity Activkey Sim (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/activid/usb-tokens" }, + { "3BF99600008031FE4553434537200F0020464E", "Giesecke & Devrient (DoD Alternate Token) G+D Sm@rtCafe Expert v7.0 144K DI #3 (PKI)" }, + { "3BF99600008031FE4553434537202000202007", "Serbian Identity Card (eID) (eID)" }, + { "3BF99600008031FE45534345372047434E335E", "Serbian Identity Card (eID)" }, + { "3BF99600008031FE455343453720474E335E", "Serbian Identity Card (eID)" }, + { "3BF99600008131FE45454F4E43617264563173", "eONCard V1 (PKI)" }, + { "3BF99600008131FE4553434537200E00202028", "Giesecke & Devrient GmbH StarSign CUT S" }, + { "3BF99600008131FE45535049564B4559373028", "Taglio PIVKey C980 (PKI)\nhttps://www.pivkey.com" }, + { "3BF99800FFC11031FE55414D20434D4431313083", "Service card of the Ministry of Defense of Italy - Military Aviation" }, + { "3BF99800FFC11031FE55454920434D4431313083", "Service card of the Ministry of Defense of Italy - Italian Army" }, + { "3BF99800FFC11031FE554D4D20434D443131308F", "Service card of the Ministry of Defense of Italy - Navy" }, + { "3BF99800FFC11031FE55504320434D443131309C", "Service card of the Ministry of Defense of Italy - Civil personnel" }, + { "3BFA..00008131..438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, + { "3BFA00008131FE450031C173C840000090007A", "J3R150 EMV (JavaCard)\nhttp://www.gdrfid.com/" }, + { "3BFA1100008131FE45436F6D624F5320495600E0", "MyWireCard 2go Prepaid VISA Card" }, + { "3BFA110002406043C602F8030300009000", "DeLaRue DX(?)" }, + { "3BFA1300008131FE15597562696B65794E454FA6", "Yubikey NEO" }, + { "3BFA1300008131FE450031C173C8400000900079", "Nigerian eID Card (warm reset)\nChip is NXP JCOP 2.4.1R3" }, + { "3BFA1300008131FE454465786120434620763198", "Dexa Systems Crossfire Card (PKI)\nhttp://www.dexasystems.com/products-services/products/dexa-smartcards-credential-tokens-peripherals" }, + { "3BFA1300008131FE454A434F503.3.56323332..", "JCOPxx/yy v2.3.2 (see hist bytes for more info)" }, + { "3BFA1300008131FE454A434F50323156323331", "J2A040 JCOP (JavaCard)" }, + { "3BFA1300008131FE454A434F5032315632333191", "NXP JCOP 21 V2.3.1 36K" }, + { "3BFA1300008131FE454A434F5032315632343196", "NXP JCOP 2.1 V 2.4.1 (JavaCard)" }, + { "3BFA1300008131FE454A434F50343156", "JCOP41 V221" }, + { "3BFA1300008131FE454A434F5034315632333197", "JCOP41 /72K (eID)" }, + { "3BFA1300008131FE454A434F50763234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BFA1300008131FE54A434F503233191", "Jcop (JavaCard)" }, + { "3BFA1300FF813180450031C173C00100009000B1", "OpenPGP" }, + { "3BFA1300FF918131FE478012392F31C073C7014907", "MITSUBISHI Standard-9M (PKI)\nhttps://www.mdis.co.jp/service/standard-9m/" }, + { "3BFA1800008031FE45FE654944202F20504B4903", "Estonian Identity Card (EstEID v3.5 (10.2014) cold) (eID)\nhttp://id.ee/" }, + { "3BFA1800008131FE4506082A841001876E0805BC", "Dutch Rijkspas (eID)" }, + { "3BFA1800008131FE4506082A841001876E0807BE", "Rijkspas (identification card dutch government employees) (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas\nDutch government multifunctional smartcard (Other)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, + { "3BFA1800008131FE45060860841001876F0602FE", "Card used by the Dutch health insurers to give medical personnel access to patient insurance information" }, + { "3BFA1800008131FE4546534A434F503453494480", "NXP Java Card JCOP4 P71 GP2.3 JC3.0.5 (JavaCard)\nhttps://www.javacardsdk.com/product/j3r180sim/" }, + { "3BFA1800008131FE454A33413034305632343184", "NXP J3A 40K\nJava Card v2.2.2 - Global Platform v2.2.1\nDual-interface functionality (features 1K Mifare emulation)" }, + { "3BFA1800008131FE454A33413038315632343189", "NXP JCOP CJ3A081\nhttp://www.usmartcards.com/media/downloads/492/NXP%20P5CX012%2002X%2040%2073%2080%20144%20%20%202011.pdf" }, + { "3BFA1800008131FE454A3344303831563234328F", "AustriaCard Dual Interface Unpersonalized EMV Cards (Bank)\nhttps://www.austriacard.com" }, + { "3BFA1800008131FE454A434F503431563232319D", "NXP JCOP 41 v2.2.1 72k SmartCard I/F" }, + { "3BFA1800008131FE454A546178436F72655631B2", "Taxpayer Portal Authentication for Fiji Revenue & Customs Service taxpayer portal (PKI)" }, + { "3BFA1800008131FE454D4F54494F4E0000900760", "SIM card (Telecommunication)" }, + { "3BFA1800008131FE4550564A434F5033454D5694", "NXP JCOP3 J3H082 Java Card 3.0.4 Dual-Interface (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop3-j3h082-java-card-3-0-4-j3h081-dual-interface/" }, + { "3BFA1800008131FE4550564A434F503453494493", "National Health Insurance (Taiwan) (HealthCare)" }, + { "3BFA180000910131FE454A33523138302D323535F5", "Cardlogix J3R180 NXP JCOP 4 Java Card 3.0.5 Classic Dual Interface (JavaCard) (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, + { "3BFA180000910131FE454A33523331302D333535FF", "NXP JCOP 4 Java Card 3.0.5 Classic (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, + { "3BFA180000910131FE4550564A434F503453494482", "Supposed P71 SecID purchased from a Chinese manufacturer (JavaCard)" }, + { "3BFA180000910131FE456BD1936AC2F28547E164CC", "J3R180, NXP JCOP4 JC3.0.5 Classic, GP2.3, SECID (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, + { "3BFA180002C10A31FE584B53776973735369676E89", "SuisseId card (used for qualified signatures)\nhttp://postsuisseid.ch/de/suisseid\nhttp://www.suisseid.ch/" }, + { "3BFA1800FF10004A546178436F72655631", "NXP JCOP4 J3R200 P71 (JavaCard)" }, + { "3BFA1800FF8031FE450031807394410000900090", "Kazakhstan Identity Card 2022 (eID)" }, + { "3BFA1800FF8131FE454A434F5032315632333165", "TrubDemax healthcare card\nJCOP 21 / 72k" }, + { "3BFA1800FF8131FE454A434F5034314332303074", "HID Crescendo C200\nhttps://www.hidglobal.com/sites/hidglobal.com/files/resource_files/crescendo-c200-c700-smart-card-ds-en.pdf" }, + { "3BFA1800FF8131FE454A434F5034315632323162", "JCOP41\nHID Crescendo C700\nhttp://www.hidcorp.com/\nShould be compatible to RAAK\nhttp://www.raaktechnologies.com/\nMarx CrypToken MX2048-JCOP USB Token" }, + { "3BFA1800FF8131FE454A434F5034315632333163", "JCOP41 V2.3.1 Dual Interface, Mifare emulation, 72K (NXP SmartMX P5CT072)\nJCOP (Java Card OpenPlatform) is a Java smart card distributed and developed by NXP.\nThe JCOP 41 v2.3.1. is an USB-smart card and can be used not only with standard smart card reader, but also with simple USB-connectors. The JCOP card is connected as ICCD card and can be used with such ICCD standard drivers.\nJCOP 41 is a Dual-Interface Smart Card, that means, the card can also be contacted with a contactless card reader. For building access systems, this card is also be able to emulate Mifare Classic 1k/4k.\nJCOP 41 v2.3.1 is compliant to JavaCard Standard 2.2.1. and GlobalPlattform 2.1.1. Their cryptographic features supports RSA up to 2432 bit, 'Eliptic curves' - ECC GF(2n), AES and 3DES.\nMore information is available here:\nhttp://www.nxp.com/documents/short_data_sheet/P5Cx009_P5Cx072_FAM_SDS.pdf" }, + { "3BFA940000813120438065A20101013D72D64321", "GemXpresso Pro R3 32PK (MPCOS, T=1)" }, + { "3BFA9600008031FE450031C8239752270F9000C1", "Swedish ID card (eID)" }, + { "3BFA960000813180438065A20101013D72D64383", "Malta identity card delivered by the Identity Management Office (eID)\nhttps://mhas.gov.mt/en/MHAS-Departments/Land%20Public%20Registry/Pages/ID-MO.aspx" }, + { "3BFA9800FFC11031FE55C8035341475F504B493277", "Siemens corporate ID card (access to the building / rooms etc,\nstores PKI private keys/certificates)" }, + { "3BFA9800FFC11031FE55C8045341475F504B493270", "Siemens Corporate Card (Belgium , Germany)" }, + { "3BFB11000040288059535059525553AE0002", "Spyrus Rosetta Basic" }, + { "3BFB11000040788059535059525553AE0202", "Rosetta(r) Series II Smart Card manufactured by Spyrus\nhttp://spyrus.com/products/rosetta_smart_usb.asp" }, + { "3BFB1100008131FE450031C06477E910000090006A", "OCS ID-One Cosmo Card USB Token" }, + { "3BFB1100FF81318055006802001010534941450004", "Italian Society of Authors and Publishers ticket and report signing smart card (PKI)\nhttps://www.siae.it/en/utilizzatori/other-services-stamps-certifications-data-and-statistics/automated-ticket-issuing-systems" }, + { "3BFB1300008131FE454A434F50533.3.56323332..", "JCOP-Sxx/yy v2.3.2 (see hist bytes for more info)" }, + { "3BFB1300008131FE456368617269736D6174657884", "Charismathics smart card JCOP and Qualified electronic signature CHJCOP-xxx (PKI)\nhttps://www.stampit.org/en/page/808" }, + { "3BFB1300FF10000031C164099511380F9000", "Mastercard World Elite (CapitalOne Venture) (Bank)\nhttps://www.mastercard.us/en-us/personal/find-a-card/world-elite-mastercard-credit.html" }, + { "3BFB1300FF10800031C164086032060F9000", "Stripe Issuing Card (Bank)" }, + { "3BFB1300FF10800031C164086032100F9000", "Varo (Bank)" }, + { "3BFB1300FF10800031C164089862210F9000", "Visa Debit (Bank)" }, + { "3BFB1300FF10800031C164089862290F9000", "Bank Card (Bank)" }, + { "3BFB1300FF10800031C1640924331E0F9000", "TransferWise Debit Card (Bank)\nhttps://wise.com/" }, + { "3BFB1300FF10800031C164096441360F9000", "Truist Business Debit (Bank)" }, + { "3BFB1300FF813180755A43352E3520524556204763", "ZeitControl BasicCard 5.5" }, + { "3BFB1300FF813180755A43352E3620524556204D6A", "ZeitControl BasicCard ZC5.6 user-programmable smart card\nhttp://www.basiccard.com/index.html?overview.htm" }, + { "3BFB1300FF813180755A43362E3520524556204364", "ZeitControl BasicCard 6.5, multiapplication with 30 kByte EEPROM" }, + { "3BFB1300FFC0803180755A43352E34205245562041A5", "ZeitControl BasicCard Professional 5.4 Revision A" }, + { "3BFB1300FFC0803180755A43352E34205245562048AC", "ZeitControl BasicCard Professional 5.4" }, + { "3BFB1300FFC0803180755A43352E3420524556204DA9", "Basiccard ZC5.4 revision M (Other)\nhttp://basiccard.com" }, + { "3BFB1300FFC0807553544F4C4C4D31504C5553BD", "Stoll M1PLUS (Other)" }, + { "3BFB180000407880595350595255530B0003", "Spyrus, Inc. Rosetta USB (PKI)" }, + { "3BFB180000407880595350595255530B0402", "SPYRUS Rosetta Series 2 (eID)\nhttp://www.spyrus.com/rosetta-hsm/" }, + { "3BFB18000040788059535059525553AE0402", "Spyrus Rosetta Series II" }, + { "3BFB1800008131FE450031C06477E9100001900062", "ID card for personal of 'Govern Illes Balears'\nhttp://www.caib.es/sacmicrofront/contenido.do?cont=7584&mkey=M08110610180317195848&&lang=en" }, + { "3BFB1800008131FE454A33483134354337583330C6", "COTECH OpenPGP Card - ECC (PKI)" }, + { "3BFB9100FF918171FE40004120000100812063CBA08003", "C*******r, MasterCard credit card, Pass Banque, Oberthur - contactless/PayPass" }, + { "3BFB9600008031FE450031C06477E3020082900076", "Oberthur ID-One Cosmo" }, + { "3BFB9600008031FE450031C06477E3030081900074", "D.O.D. Eid Passport rapidgate card (eID)" }, + { "3BFB9600008131FE450031C06477E91000019000EC", "Oberthur ID-ONE v5.4" }, + { "3BFB9600008131FE450031C06477E910000F9000E2", "Elektroniczna Legitymacja Studencka - Polish Student's ID Issued in Poznan in 2007" }, + { "3BFB9600008131FE450031E85427E60100079000BC", "Gemalto (PKI)" }, + { "3BFB9600008131FE4556445349354001000400011F", "Vasco DIGIPASS KEY 200 usb token\nhttp://www.vasco.com/products/digipass/digipass_pki/digipass_pki_keys/digipass_key_200.aspx\nShould contain a 'Oberthur cosmo v 5.4 or V7.0D' smartcard" }, + { "3BFB9800FFC11031FE550064052047033180009000F3", "Gemplus GemGate 32K\ndistributed by Postecert (www.postecert.it) to legally sign documents" }, + { "3BFC1300008131FE15597562696B65794E454F7233E1", "YubiKey NEO (PKI)\nhttp://www.yubico.com/" }, + { "3BFC1300008131FE45597562696B65794E454F7233B1", "Yubikey Neo\nhttp://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, + { "3BFC180000813180459067464A00641606F2727E00E0", "PIVKey C910 PKI Smart Card (eID)\nhttp://pivkey.com/" }, + { "3BFC180000813180459067464A00642D70C172FEE0FE", "pivkey token (JavaCard)\nhttp://www.pivkey.com/" }, + { "3BFC180000813180459067464A0068080.000000000.", "Feitian A22 JavaCard (150K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~712/javacos-a22-dual-interface-java-card-150k/p/index.shtml\nFeitian A40 JavaCard (64K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, + { "3BFC180000813180459067464A01002005000000004E", "Feitian A40 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, + { "3BFC180000813180459067464A01002504000000004A", "Feitian JavaCOS A22CR ()\nhttp://www.javacardos.com/store/javacard-a22cr.php" }, + { "3BFC180000813180459067464A0100870600000000EA", "Feitian FTJCOS (https://www.ftsafe.com/products/Card_OS) (JavaCard)\nhttps://www.ftsafe.com/onlinestore/product?id=18" }, + { "3BFC180000813180459067464A01642F70C172FEE0FD", "Feitian eJavaToken (JavaCard)\nhttp://www.ftsafe.com/product/epass/eJavaToken" }, + { "3BFC1800008131FE458073C8211366020403550002D2", "National Health Insurance Card, Taiwan" }, + { "3BFC9800FFC11031FE55C803496E666F63616D65726528", "New Card Infocamere (Italy) series 1402...\nhttp://www.card.infocamere.it/\nSiemens Informatica - Siemens M4.01a\nchip Infineon SLE66CX322P (CC EAL5)\nMemory EEPROM: 32KB\nOperating system CARDOS\nMax numero dei tentativi PIN: 3\nPin: da 5 a 8 digit\nUnblocked by tool CARDOS API 2.2" }, + { "3BFD..00008131..4380318065B0........83..90....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, + { "3BFD1300001000803180654953060B0183079000", "MIR card issued by Gazprombank (Russia) (Bank)\nhttps://www.gazprombank.ru/personal/cards/7579039/" }, + { "3BFD130000813160658031C0694D54434F537301011660", "Silesian University (Katowice, Poland) Student Identity Card (eID)\nhttps://www.us.edu.pl/" }, + { "3BFD1300008131FE158073C021C057597562694B657940", "Yubico YubiKey 5 NFC (PKI)\nhttps://www.yubico.com/product/yubikey-5-nfc" }, + { "3BFD1300008131FE4500125553554D49444153000000F6", "Midas key diversification card (Other)" }, + { "3BFD1300008131FE4541373030354347203234325231D5", "Feitian ePass FIDO NFC (Other)\nhttps://www.ftsafe.com/Products/FIDO/NFC" }, + { "3BFD1300008131FE4541373030364347203234325231D6", "YubiKey NEO (token)" }, + { "3BFD1300008131FE454A434F50323176323331474454E1", "National Health Insurance Card, Taiwan" }, + { "3BFD1300008131FE45543D314A323133364B56323331DC", "ic Card (JavaCard)" }, + { "3BFD1300008131FE4580318153534431738421C0810730", "Personal Info Card (eID)" }, + { "3BFD1300FF10000031C173C8400052A1C5009000", "IBKR Prepaid MasterCard, Issued by Peoples Trust Company (Bank)\nhttps://www.interactivebrokers.com/en/index.php?f=26451" }, + { "3BFD1300FF10000031C173C8400052A1D5009000", "PayPal Business Debit Mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, + { "3BFD1800008031FE45003180718E6452D904008190005B", "Oberthur Card Systems, authentIC" }, + { "3BFD1800008031FE4553434536302D43443038312D46C4", "Panama Electronic Signature (JavaCard)" }, + { "3BFD1800008031FE45736674652063643134342D6E66D8", "SmartCafe Expert 3.2 144K Dual is a contact and contactless technology Java card from G&D with 144K on-board EEPROM for application and data storage. Certified to FIPS 140-2 Level 3 and Common Criteria EAL 5+. Supports specifications ISO 14443A T=CL and ISO 7816 T=1/0. (PKI)\nhttp://www.smartcardfocus.us/shop/ilp/id~523/smartcafe-expert-3-2-144k-dual/p/index.shtml" }, + { "3BFD1800008031FE45736674652D63643038302D6E66DC", "G&D Sm@Cafe 3.1 (eID)" }, + { "3BFD1800008131FE4553434536302D43433038312D46C2", "Giesecke & Devrient StarSign USB Token" }, + { "3BFD1800008131FE45534C4A35324778787979797A52AA", "The National Health Insurance Card issued by the National Health Insurance Administration Ministy of Health and Welfare in Taiwan (HealthCare)\nhttps://www.nhi.gov.tw/English/Content_List.aspx?n=320832076C00692B&topn=BCB2B0D2433F6491" }, + { "3BFD1800008131FE458031806540907B01518307900055", "Croatian Health Care card" }, + { "3BFD1800008131FE4580318153474531738421C081072E", "Georgian ID Card" }, + { "3BFD1800FF80B1FE451F078073002113574A5448613147005F", "Activkey Sim\nhttp://www.actividentity.com/products/activkey_usb_tokens__home.php" }, + { "3BFD1800FF80B1FE451F078073002113574A54486131480050", "G&D Sm@rtCafe Expert 64 v2" }, + { "3BFD1800FF80B1FE451F078073002113574A544861314A0052", "e-CPF issued by AASP (Lawyers Association of Sao Paulo, Brazil)" }, + { "3BFD1800FF8131FE4543494247555A494A324130383158", "Caregiver card for Dutch Medical System called UZI\n(Unieke Zorgverlener Identificatie, Caring Unique Identification)" }, + { "3BFD9100FF918171FE40004120004100818031C073D621C0D8", "Sparkasse Hanau - German contactless GeldKarte (PPSE, girogo)\nhttps://www.geldkarte.de/_www/en/pub/geldkarte/service_navigation/about_us.php" }, + { "3BFD9400008131204380318065B08302047E83009000B6", "GXPPRo-R3.x STD PTS T=1\nLatvian Digital Signature Card (cold)\nhttp://www.eme.lv/" }, + { "3BFD940000813160658031C0694D54434F5373010111E0", "MTCOS Light\nhttp://www.masktech.de/products/mtcoslight/index.html" }, + { "3BFD940000813160658031C0694D54434F5373010116E7", "Polish student card (eID)" }, + { "3BFD9500008131FE41008C0F17BD008C000000000030F2", "Khmer Identify Card (eID)" }, + { "3BFD9600008031FE45534C4A35324778787979797A5225", "TIPL (Other)" }, + { "3BFD9600008131204380318065B0831100C88300900015", "Gemalto TOP IM GX4 MSA081, T=1 (PKI)" }, + { "3BFD9600008131204380318065B0831148C883009000", "Pay TV" }, + { "3BFD9600008131484280318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 High Speed" }, + { "3BFD9600008131804380318065B0850100D683019000BC", "Queensland Drivers' Licence (Australia) (eID)" }, + { "3BFD9600008131FE4500000152332980000000000000A9", "DPI Guatemala (eID)\nhttp://www.renap.gob.gt/" }, + { "3BFD9600008131FE450000015233672000000000000047", "DPI Guatemala (eID)\nhttps://www.renap.gob.gt/servicios/que-es-el-dpi" }, + { "3BFD9600008131FE4500000161638620000000000000C5", "Renap Guatemala (eID)" }, + { "3BFD9600008131FE450000016687038000000000000003", "DPI (Documento Personal de Identificacion) Guatemala (eID)" }, + { "3BFD9600008131FE45534C4A3532474441303830434348", "Universal JCard C-UJC128-PAC-001 (JavaCard)\nhttps://www.usmartcards.co.uk/universal-j-cards" }, + { "3BFD9600008131FE45534C4A353247444C313238435257", "Universal JCard (Contact) with Infineon SLE78 (JavaCard)\nhttp://www.usmartcards.co.uk/cards/universal-jcard-contact-with-infineon-sle78-white-gloss-pvc-card.html" }, + { "3BFD9600008131FE45534C4A35324778787979797A5224", "J3R180 (JavaCard)" }, + { "3BFE130000108080318066B0840C016E0183009000", "Sberbank of Russia MIR debit card (Bank)\nSwile card\nhttps://www.swile.co/fr-fr/swile-card" }, + { "3BFE1300008131FE454A434F5076323431204C4F542057B1", "LOT test card (JavaCard)\nwww.lotgroup.eu" }, + { "3BFE130000918131804180318066B0840C016E01830090001F", "Japan Post Bank Visa Debit Card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/cashless/yuchodebit/kj_cl_yd_index.html" }, + { "3BFE1800008031FE454573744549442076657220312E30A8", "Estonian Identity Card (EstEID 3.0 'JavaCard' cold)" }, + { "3BFE1800008031FE4553434536302D43443038312D6E46A9", "G&D Sm@rtCafe Expert 6.0 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~684/smartcafe-expert-6-0-80k-dual-/p/index.shtml" }, + { "3BFE1800008031FE4553434536302D43443134352D6E46A0", "Smart Cafe Expert 6.0, Java Card 3.0 (PKI)" }, + { "3BFE1800008031FE45803180664090A4162A0083019000E1", "Estonian Identity Card (EstEID 3.0 'JavaCard' warm)" }, + { "3BFE1800008031FE45803180664090A4162A00830F9000EF", "iEstonian Identity Card (EstEID 3.0 (18.01.2011) warm)" }, + { "3BFE1800008031FE45803180664090A5102E03830F9000EF", "Infineon jTOP SLE78 SLJ52GCA080CL IFX v46.03 (JavaCard) (JavaCard)" }, + { "3BFE1800008031FE45803180664090A5102E038381900061", "Infineon Trust-P (JavaCard)" }, + { "3BFE1800008031FE45803180664090A5102E1083019000F2", "Infineon CJTOP 80K INF SLJ 52GLA080AL M8.4 (JavaCard)" }, + { "3BFE1800008131FE458031815448534D31738021408107FA", "Smartcard-HSM\nhttp://www.cardcontact.de/products/sc-hsm.html" }, + { "3BFE1800FF8131FE454A3231024103479049544356008044", "Brazilian Army ID Card (eID)" }, + { "3BFE1800FF8131FE456368616E67696E677465634A33445E", "xgames pki (eID)" }, + { "3BFE9100FF918171FE40004120001177C1000000000000000089", "Tangem Tap It cryptocurrency hardware wallet (Other)\nhttps://tangem.com/" }, + { "3BFE9100FF918171FE400041200051779180318065B0850300FB", " Italian Card Identity (CIE Comune di Parma) (eID)\nhttp://www.comune.parma.it/servizi/Servizi-Demografici-Carta-di-identita/Carta-di-identita-Elettronica-CIE_A2_C100_P96.aspx" }, + { "3BFE9100FF918171FE40004128000180810073C840000090004D", "Philips SmartMX chip (IBMs JCOP OS)" }, + { "3BFE9100FF918171FE40004128001133B04A434F5033315632C4", "JCOP31 72K\ndual interface functionality, 1K Mifare emulation." }, + { "3BFE9100FF918171FE400041380011F7B14A434F503234325211", "SwissPass (Transport)\nhttps://www.swisspass.ch" }, + { "3BFE9100FF918171FE40004138002180718066B00701010707B7", "Java Gemalto R7 (contactless) (Bank)" }, + { "3BFE9100FF918171FE40004138002180818065A2010201317210", "Santander TUI Brazil (Bank)\nhttp://www.santanderuniversidades.com.br/Paginas/home.aspx" }, + { "3BFE9100FF918171FE40004138002180818066B00701017707B7", "Java Gemalto R5 (contactless) (Bank)" }, + { "3BFE940000801F42803180664750204583018301900002", "TATA Docomo UICC (Telecommunication)\nhttp://www.tatadocomo.com/" }, + { "3BFE9400FF80B1FA451F034573744549442076657220312E3043", "Estonian Identity Card (EstEID v1.0 cold)\nEstonian Identity Card (EstEID v1.1 'MULTOS' warm)" }, + { "3BFE9600008031FE4380738400E065B0850400FB8290004E", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, + { "3BFE9600008031FE4380738400E065B08505002582900091", "Swiss truck driver card (Transport)" }, + { "3BFE9600008131FE45803180664090A5102E03830190006E9000", "Swissbit PS-100u (JavaCard)\nhttps://www.swissbit.com/ps-100u/" }, + { "3BFE9600FF8131FE455DFF6D6553414D2076312E302E320C", "SAM module for Kharkiv E-ticket (mikroelektronika) (JavaCard)\nhttp://www.mikroelektronika.com/en/card-and-ticket-validators" }, + { "3BFE9600FFC00A31FE4D4573744549442076657220312E309B", "Estonian Identity Card (EstEID v1.1 compatible)\nhttp://www.id.ee/?id=11019&&langchange=1" }, + { "3BFF..00008131..4380318065B0........120FFE829000..", "IDPrime MD 8840, 3840, 3810, 840 and 830 Cards T=1" }, + { "3BFF..00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, + { "3BFF0000FF8131FE458025A000000056575343363530000000", "SafeNet SC650" }, + { "3BFF00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, + { "3BFF1100008131FE4D8025A00000005657444B3333300600D0", "Datakey 32K PKI Smart Card Model 330\nhttp://www.datakey.com/products/smart_cards/products_sc_330.shtml" }, + { "3BFF1100008171404200002101314252000[05]63........9000.*", "Smart Card 'The Smart Way to Login'\nUsed on Acer TravelMate to secure boot" }, + { "3BFF11000240648069A2070103570000FF0083009000", "Gemplus GemXpresso" }, + { "3BFF1100FF8131FE9580F9D2760000255444010083000000A0", "GiroCard Haspa Hamburger Sparkasse (Bank)\nhttps://www.haspa.de/privatkunden/ihr-online-banking/unser-angebot/haspa-digital-services-96198/" }, + { "3BFF13000010003100DE525001001500000000000000", "wisely debit (Bank)\nhttps://www.mywisely.com/" }, + { "3BFF13000010003101F1564011001900000000000000", "BVG Guthabenkarte (Prepaid Payment Card for Berlin/Brandenburg Public Transport) (Transport)\nhttps://www.bvg.de/de/service-und-kontakt/guthabenkarte\nRevolut Visa Glow-in-the-dark\nhttps://revolut.com/\nMasterCard debit - PayCenter - Corporate Benefit 'Sachbezugskarte' (Bank)\nhttps://paycenter.de/sachbezugskarte/" }, + { "3BFF13000010003101F1564011001D00000000000000", "albo (Bank)\nhttps://www.albo.mx/" }, + { "3BFF13000010003101F1564011002300000000000000", "ANZ BANK (Bank)\nhttps://www.anz.com.au/personal/" }, + { "3BFF1300008131FE450031B9640404ECC17394018082900052", "AKD kID (eID)\nhttps://www.id.hr" }, + { "3BFF1300008131FE450031B9640444ECC17394018082900012", "Croation personal ID card (eID)\nhttp://eid.hr/" }, + { "3BFF1300008131FE4543433169A92000002020202020200036", "Swiss Lunch Check Wallet Card (Bank)\nhttps://lunchcheck.ch" }, + { "3BFF1300008131FE4543443269A94100002020202020200053", "Visa credit card (Viseca Card Services SA, Switzerland) (Bank)\nhttps://www.viseca.ch/privatkunden/kreditkarten\nVisa credit card, UBS Switzerland (Bank)" }, + { "3BFF1300008131FE45434433690940000020202020202000F3", "VISA credit card (LBBW/Payback VISA) (Bank)" }, + { "3BFF1300008131FE454F574F4B31302D4A................", "OWOK (One Web, One Key) login card\nhttp://www.reiner-sct.com/owok/\nReiner SCT loginCard\nhttps://cardlogin.reiner-sct.com/" }, + { "3BFF1300008131FE4D8025A00000005657444B3333300600D2", "Datakey DCOS model 330 (DKCCOS 6.0 token)" }, + { "3BFF1300918131FE4141434F532046696F6E6131204C6336F4", "TURKEY A101 HADI APP CARD (Bank)\nhttps://a101hadi.a101.com.tr/" }, + { "3BFF1300FF10000031C173082110645631424E079000", "Credit card (Bank)" }, + { "3BFF1300FF10000031C1738211064414D33470779000", "Visa Debit (Bank)\nhttps://www.chase.com/" }, + { "3BFF1300FF10000031C173C821106441443533079000", "BRADESCO-CONTA SALARIO (Bank)" }, + { "3BFF1300FF10000031C173C8211064414D3037079000", "UP Day Ticket Restaurant Card (Other)\nhttps://www.day.it/login" }, + { "3BFF1300FF10000031C173C8211064414D3130079000", "Tangerine MasterCard (Bank)\nhttps://www.tangerine.ca/en/products/spending/creditcard/money-back/" }, + { "3BFF1300FF10000031C173C8211064414D3137079000", "PayPal Business Debit mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, + { "3BFF1300FF10000031C173C8211064414D3330079000", "VISA card issued by ING-DiBa AG (Germany) (Bank)" }, + { "3BFF1300FF10000031C173C8211064414D3331079000", "NAB VISA Debit (contact interface) (Bank)\nhttps://www.nab.com.au/" }, + { "3BFF1300FF10000031C173C8211064414D3337079000", "VISA Credit Card (Postbank), Germany (Bank)" }, + { "3BFF1300FF10000031C173C8211064414D3341079000", "BBVA debit card Uruguay. MIFRE Plus compatible. (Bank)\nScotiabank Passport Visa Infinite credit card (Bank)\nhttps://www.scotiabank.com/ca/en/personal/credit-cards/visa/passport-infinite-card.html" }, + { "3BFF1300FF10000031C173C8211064414D3343079000", "MasterCard issued by President's Choice Bank (Canada) (Bank)\nhttp://pcfinancial.ca/mastercard" }, + { "3BFF1300FF10000031C173C8211064414D3344079000", "VISA debit emitted by FinecoBank (Bank)\nhttps://finecobank.com/" }, + { "3BFF1300FF10000031C173C8211064414D3347079000", "Chase Visa Debit Card (Bank)\nhttps://www.chase.com/bankinghelp" }, + { "3BFF1300FF10000031C173C8211064414D3348079000", "BBVA blue VISA Debit Card (Bank)\nhttps://www.bbva.es/en/personas/productos/tarjetas/tarjeta-joven-ahora.html\nDesjardins Bonus Visa credit card (Bank)\nhttps://www.desjardins.com/ca/personal/loans-credit/credit-cards/bonus-visa/index.jsp" }, + { "3BFF1300FF10000031C173C8211064414D3430079000", "PNC BUSINESS VISA DEBIT (Bank)\nhttps://www.pnc.com/en/small-business/payments-and-processing/payment-cards/pnc-bank-visa-business-debit-card.html" }, + { "3BFF1300FF10000031C173C8211064414D3531079000", "Discover It Credit Card (Bank)" }, + { "3BFF1300FF10000031C173C82110644930424E079000", "National Bank Debit Card with expiration date and cvv code (Bank)" }, + { "3BFF1300FF10000031C173C82110644932424E079000", "Interact, Visa Debit Bank of Novia Scotia (Bank)\nhttps://www.scotiabank.com/global/en/credit-card-terms-and-conditions.html" }, + { "3BFF1300FF10000031C173C82110644D30424E079000", "Debit payment card (Rabobank NL) (Bank)\nhttps://www.rabobank.nl/en/business/making-and-receiving-payments/payments/paying-with-your-bank-card" }, + { "3BFF1300FF10000031C173C82110644D30434E079000", "Huntington (Bank)" }, + { "3BFF1300FF10000031C173C82110645630424E079000", "Rabobank Netherlands VISA debit (Bank)" }, + { "3BFF1300FF10000031C173C82110645631424E079000", "Portuguese 'BancoCTT' Bank Card (Bank)\nhttps://www.bancoctt.pt/o-seu-dia-a-dia/cartao-de-credito-banco-ctt" }, + { "3BFF1300FF10000031C173C82110645631434E079000", "Chase Freedom Unlimited Credit Card (Bank)" }, + { "3BFF1300FF10808031E06B04310502AF555555555555", "USAA EMV Visa Debit Card (Bank)" }, + { "3BFF1300FF10808031E06B04546B0267555555555555", "Target RedCard debit card (Other)" }, + { "3BFF1300FF10808031E06B071405028A555555555555", "Tangerine Debit Card (Bank)\nhttps://www.tangerine.ca" }, + { "3BFF1300FF10808031E06B08240502B5555555555555", "Tangerine Canada Interac debit card (Bank)\nhttps://www.tangerine.ca/" }, + { "3BFF1300FF8031FE45534653452D43583332322D5601010165", "Portugal Santander Totta Universitarios 'Associacao Academica de Coimbra'" }, + { "3BFF1300FF8031FE45534653452D43583332322D5618020876", "SmartCafe Expert Java" }, + { "3BFF1300FF8031FE45534653452D43583332322D5618030877", "Giesecke & Devrient SmartCafe Expert 32K v2.0 #2" }, + { "3BFF1300FF8131FE45656311045002800008390004020502E9", "German 'Geldkarte' supplied by the Deutsche Bank in Karlsruhe,\nBaden-Wurttemberg, Germany." }, + { "3BFF1300FF8131FE45656311045002800008540004230502A5", "Maestrocard/Geldkarte (Stadtsparkasse Haltern, Germany)" }, + { "3BFF1300FF8131FE5D8025A00000005657444B33323005003F", "Datakey DCOS model 320" }, + { "3BFF1300FF910131FE210031C173C82110644D30434E07900094", "AirPlus MasterCard Commercial (Bank)\nhttps://www.airplus.com/us/en/products-solutions/products/corporate-cards/corporate-cards.html" }, + { "3BFF1300FF910131FE4141434F5320486F6C6C7931204C633665", "OEAMTC Visa Club Card (Bank)\nhttps://www.oeamtc.at/mitgliedschaft/leistungen/die-oeamtc-kreditkarte-31091443" }, + { "3BFF1300FF910131FE41455041000000010833995600000000AC", "Austrian Sparkasse ISIC debit card (Mastercard) (eID)\nhttps://isic.at/" }, + { "3BFF1300FF918131FE4141434F532046696F6E6131204C6336F4", "Deutsche Kreditbank Debit (Bank)" }, + { "3BFF1300FF918131FE4141434F53204769756C6961204C6336B5", "revolut debit visa (Bank)\nhttps://www.revolut.com/" }, + { "3BFF1300FF918131FE4541434F53204449616E6132204C6336DF", "Alior Bank MasterCard debit (Bank)\nComdirect (Deutsch Bank) debit VISA (AUSTRIACARD 56015/001) (Bank)" }, + { "3BFF1400FF8131FE458025A000000056575343363530010039", "SafeNet SC650 (PKI)\nhttp://www.safenet-inc.com/data-protection/authentication/smartcard-650/" }, + { "3BFF1400FF8131FE458025A000000056575343363530030239", "SafeNet SC650 v3.2 (PKI)\nhttp://www.safenetat.com/products-solutions/high-assurance-authentication/sc650/" }, + { "3BFF1400FF8131FE458025A00000005657534336353004003C", "SafeNet AT SC650 V4.0 02/2018 (PKI)\nhttps://www.safenetat.com/Solutions/Enterprise-Security/high-assurance-authentication/sc650/" }, + { "3BFF1800008131FE45006B04050100011101434E5310318069", "Sanitary Card of 'Friuli Venezia Giulia' region (Italian Republic)\nCarta Nazionale dei Servizi (Italia)\nhttp://cartaservizi.regione.fvg.it/" }, + { "3BFF1800008131FE45006B040501000112024850431031806C", "Carta del Professionista Sanitario - CNS - Provincia autonoma di Trento\nProfessional Health card, Autonomous Province of Trento" }, + { "3BFF1800008131FE45006B0405010001210143494510318048", "hybrid card for various health services and regional services (access to various organizations and digital signatures)" }, + { "3BFF1800008131FE45006B04050100012101434E5310318059", "CNS - Carta Nazionale dei Servizi (Italia)\nPA emittente: Regione Autonoma della Sardegna\nCarta del Servizio Sanitario Regionale - Emilia Romagna" }, + { "3BFF1800008131FE45006B05051017012101434E531031805E", "Regional Card - Regione Liguria, Veneto - Italy (eID)\nTessera Sanitaria - Carta Regionale dei Servizi" }, + { "3BFF1800008131FE45006B05052000012101434E5310318079", "health card (HealthCare)\nhttps://tscns.regione.sardegna.it/" }, + { "3BFF1800008131FE45006B0505200001F101434E53103180A9", "national health service card (HealthCare)\nhttps://ca.arubapec.it/downloads/MU_LINUX.zip" }, + { "3BFF1800008131FE45006B0505912001F101434E5310318038", "Italian Health Card (TS) and Citizen's Card (CNS) based on IDEMIA ID-One CNS v2 on Cosmo 9.1 (HealthCare)" }, + { "3BFF1800008131FE45006B11050700011101434E531131807B", "Italian National Fire Corps -special identification card (eID)" }, + { "3BFF1800008131FE45006B11050700012101434E531031804A", "Oberthur ID-One Cosmo V7-n it's a java card 2.2.2\nIzenpe Certificado Ciudadano (eID)\nhttps://www.izenpe.eus/informacion/certificado-ciudadano/s15-content/es/" }, + { "3BFF1800008131FE45006B150C0302010101434E5310318061", "Bit4id Digital-DNA Key (eID)" }, + { "3BFF1800008131FE4D8025A00000005657444B3430300600DD", "DataKey 400 (DK400)" }, + { "3BFF1800008131FE55006B02090403010101434E5310318065", "Italian Chambers of Commerce CNS (PKI)\nhttp://www.card.infocamere.it/infocard/pub/" }, + { "3BFF1800008131FE55006B0209040301010144534410318068", "ACA (Lawyer Identifier Card) (eID)" }, + { "3BFF1800008131FE55006B02090503010101434E5310318064", "Bit4id J-SIGN 2048 (L) (PKI)\nhttps://www.bit4id.com/en/j-sign/" }, + { "3BFF1800008131FE55006B02090603010101434E5310318067", "ST microelettronics JSign3 (HealthCare)" }, + { "3BFF1800008131FE55006B02090703010101434E5310318066", "Aruba digital signing card (eID)\nhttps://www.aruba.it" }, + { "3BFF1800008131FE55006B02091403010101434E5310318075", "Smart Card INFOCERT digital key CNS from CST PADOVA (eID)" }, + { "3BFF1800008131FE55006B02091613010101434E5310318067", "ANPR -- Ministero dell'Interno - Italia (PKI)" }, + { "3BFF1800008131FE55006B02091717010101434E5310318062", "Carta Nazionale dei Servizi (CNS) Centro Servizi Territoriali (CST) (PKI)\nhttp://cst.provincia.padova.it/category/faq/firma-digitale" }, + { "3BFF1800FF8031FE45534653452D43583332322D561803087C", "Giesecke & Devrient Sm@rtCafe Expert 2.0" }, + { "3BFF1800FF8031FE45536D4072744361666545787065727465", "Giesecke & Devrient SmartCafe 32K v1" }, + { "3BFF1800FF8131..456563............................", "Geldkarte (generic ATR)" }, + { "3BFF1800FF81313C4565630D02310250001090002600041009", "Maestrocard/Geldkarte (Postbank, Germany)" }, + { "3BFF1800FF81313C4565630D0231025000109001550004107B", "Volksbank VR-BankCard (GeldKarte)" }, + { "3BFF1800FF81313C4565630D02310250001090052900041003", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, + { "3BFF1800FF81313C4565630D023102500010900788000410A0", "HBCI-Karte (Berliner Sparkasse, Germany)" }, + { "3BFF1800FF81313C4565630D023102500010901382000410BE", "Bremer Karte ('Geldkarte und BSAG-Kundenkarte in einem.')\nhttp://www.bsag.de/4911.php" }, + { "3BFF1800FF81313C4565630D0231025000109014060004103D", "Geldkarte/HBCI(DDV-1) (Staedtische Sparkasse Offenbach, Germany)" }, + { "3BFF1800FF81313C4565630D0231025000109014440004107F", "Geldkarte/HBCI (Kreissparkasse Ebersberg, Deutschland)" }, + { "3BFF1800FF81313C4565630D0231025000109055700004100A", "EC-Card from DKB (Deutsche Kreditbank AG)" }, + { "3BFF1800FF81313C4565630D02310280001224300020041059", "Geldkarte (Germany)" }, + { "3BFF1800FF813150456563............................", "GeldKarte v3 (Germany)" }, + { "3BFF1800FF8131FE4065631116710156000F1309D0A957111B", "Harzer Volksbank eG bank card (girocard, V-PAY, debit card, Germany / Giesecke & Devrient, DG Nexolution, 10/22) (Bank)\nhttps://www.harzer-volksbank.de/privatkunden/girokonto-kreditkarten/bankkarte-v-pay.html" }, + { "3BFF1800FF8131FE4165630608710156000FB81026204712CD", "Fyrst Bank Card (Bank)\nhttps://fyrst.de" }, + { "3BFF1800FF8131FE4165630608710156000FB85073204712D8", "Commerzbank maestro (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/girokonten/kostenloses-girokonto/" }, + { "3BFF1800FF8131FE4165630608710156000FB8602AA0471231", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)\nhttps://www.postbank.de/" }, + { "3BFF1800FF8131FE4165630608710156000FB8C0442147127E", "Commerzbank Classic Kreditkarte Mastercard (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/kreditkarten/classic-kreditkarte/" }, + { "3BFF1800FF8131FE4165630608710156000FB8D044A04712EF", "Debitcard (Bank)" }, + { "3BFF1800FF8131FE41656306087102500023B80080C04712B2", "1822direct Bank Card (Bank)\nhttps://www.1822direkt.de" }, + { "3BFF1800FF8131FE41656306087102500023B8907360471271", "Debit card (Germany): Deutsche Kreditbank (DKB), ec-cash, (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, + { "3BFF1800FF8131FE4165631116710156000F0308B09957115B", "Debit card Sparkasse (Germany) (Bank)" }, + { "3BFF1800FF8131FE4165631116710156000F0902904E5711AC", "German Bank Card IDEMIA 9 Maestro/Girocard (Sparkasse S-Payment TPY 1974693D) (Bank)" }, + { "3BFF1800FF8131FE4165631116710156000F0908309A5711D2", "Bank card from German Bank 'Sparkasse', issued by manufacturer 'S-Payment GmbH' (Bank)" }, + { "3BFF1800FF8131FE4165631116710156000F16082024571163", "German Sparkasse with visa (Bank)\nhttps://www.sparkasse.de/lp/echtesmultitalent.html#alle-funktionen" }, + { "3BFF1800FF8131FE450031C573C00180547615020105900074", "SIGILANCE NFC OpenPGP Smart Card (JavaCard)\nhttps://www.sigilance.com/" }, + { "3BFF1800FF8131FE455448434331305445434F4744484E3224", "National Health Insurance Card, Taiwan" }, + { "3BFF1800FF8131FE455448434331305445434F4744494E3126", "National Health Insurance Card, Taiwan" }, + { "3BFF1800FF8131FE4565630D0450028000089009700005002A", "Landesbank baden-Wurttemberg Geldkarte" }, + { "3BFF1800FF8131FE4565630D07630528000D90810600061558", "Geldkarte/HBCI (Frankfurter Sparkasse, Germany)" }, + { "3BFF1800FF8131FE4565630D07630764000D........0615..", "Giesecke & Devrient GmbH\nROM Mask=SDP2G330.E_1 (BES0), SWP2G370.E_1 (CS0)\nInit-Table=ecD6.3\nSignaturerstellungseinheit ZKA TUVIT.09397.TU.03.2005 Banking Signature Card, v6.31 NP, Type 3\nTUVIT.09397.TU.03.2005" }, + { "3BFF1800FF8131FE4565630D07630764000D9058450006158C", "Stadtsparkasse Munchen electronic cash card / Geldkarte" }, + { "3BFF1800FF8131FE4565630D07630764000D907307000615E5", "Sparkasse Acchen HBCI Geld Karte" }, + { "3BFF1800FF8131FE4565630D07630764000D907432000615D7", "German HBCI-Banking Card with 'Geldkarte' from the bank 'Sparkasse Marburg-Biedenkopf'" }, + { "3BFF1800FF8131FE4565630D07630764000D90926100061562", "Geldkarte (Frankfurter Sparkasse, Germany)" }, + { "3BFF1800FF8131FE4565630D08650764000D........0616..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.5\nInit-Table=SWP3G5J0.E_1 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.51\nTUVIT.93129.TU.03.2006" }, + { "3BFF1800FF8131FE4565630D08650764000D9104900006160E", "German Railway's (Deutsche Bahn AG) 'Konzernausweis'" }, + { "3BFF1800FF8131FE4565630D0C760764000D9581200007300F", "Master Card Credit Card issued by WGZ bank (all german volksbank institutes use them)" }, + { "3BFF1800FF8131FE4565630D0C760764000D960361000730CF", "VR-Networld-Card with SECCOS-chip / Volksbank eG Konstanz\nfor Online-Banking (FinTS / HBCI-3.0 + EBICS; RD 01/12 NetWorld)" }, + { "3BFF1800FF8131FE456563110350028000082770020605018A", "old banking card (electronic-card / Maestro / Geldkarte) of the\n'Volksbank Gelderland eG' (around 2003)" }, + { "3BFF1800FF8131FE4565631105400250001055100303050043", "belongs to a banking card (electronic-card / Maestro / Geldkarte).\nthe bank calls it 'VR-BankCard'. the banks name is 'Volksbank\nGelderland eG' and is part of the 'Volksbanken und Raiffeisenbanken'\nhttp://www.vb-gelderland.de/html/5/2394/rubrik/1282.html" }, + { "3BFF1800FF8131FE45656311064002500010........0500..", "Gemplus-mids GmbH,\nROM Mask=ZKA 322 V5A,\nInit-Table=SWI1P070.E_0 (CS0),SDI1P080.E_1 (BES0),\nSignaturerstellungseinheit ZKASignaturkarte v5.02,\nTUVIT.09385.TU.09.2004" }, + { "3BFF1800FF8131FE4565631106400250001005500310050043", "HBCI-Karte (Bordesholmer Sparkasse, Germany)" }, + { "3BFF1800FF8131FE4565631106400250001019100420050028", "Stadtsparkasse Munchen HBCI card / Geldkarte" }, + { "3BFF1800FF8131FE4565631106400250001025600512050057", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, + { "3BFF1800FF8131FE4565631106400250001027300216050006", "GeldKarte from Sparkasse bank" }, + { "3BFF1800FF8131FE4565631106400250001027800325050084", "Volksbank VR-BankCard (GeldKarte)" }, + { "3BFF1800FF8131FE456563110640025000102850011105006D", "HBCI Bancing Card of Sparkasse Pforzheim" }, + { "3BFF1800FF8131FE45656311066202800011........0613..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.2,\nInit-Table=SDI1G280.E_1 (BES0),\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.2b NP & 6.2f NP, Type 3\nTUVIT.09395.TU.01.2005" }, + { "3BFF1800FF8131FE4565631106620280001106600304061387", "Geldkarte (Volksbank Offenburg, Germany)" }, + { "3BFF1800FF8131FE45656311066202800011165005170613B2", "FinTS (BBBank Karlsruhe, Germany)" }, + { "3BFF1800FF8131FE456563110662028000112090030906135C", "Geldkarte [ec, Maestro] (1822 direkt Frankfurter Sparkasse, Germany)" }, + { "3BFF1800FF8131FE45656311066202800011435001170613E3", "EC-Card of Sparkasse Pforzheim Calw" }, + { "3BFF1800FF8131FE45656311075102500010728000020620C6", "Maestro Card Deutsche Kredit Bank (DKB) / Germany" }, + { "3BFF1800FF8131FE45656311076402800011........0619..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.4\nInit-Table=SDI2G4G0.E_4 (BES0), SWI2G4H0.E_2 (CS0)\nSignaturerstellungseinheit ZKA 17.01.2006 Banking Signature Card, v6.4\nTUVIT.93123.TU.01.2006" }, + { "3BFF1800FF8131FE45656311084302500010........0530..", "Gemalto\nROM Mask=ZKA 680 V5A\nInit-Table=SSI3P3M6E_1 (MS0)\nMassen-Signaturerstellungseinheit ZKA Banking Signature Card, Version 5.11M\nTUVIT.93148.TU.06.2007" }, + { "3BFF1800FF8131FE4565631108430250001046500108053027", "HBCI-Karte (Sparkasse Altmark-West, Salzwedel, Germany)" }, + { "3BFF1800FF8131FE45656311084302500010847001040530C9", "HBCI Card (1822 direkt Frankfurter Sparkasse, Germany) Geldkarte [ec, Maestro]" }, + { "3BFF1800FF8131FE45656311086602800011........0620..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.6\nInit-Table=SDI3G6G0.E_3 (BES0), SSI3G6M0.E_2 (S0), SWI3G6H0.E_3 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, Version 6.6\nTUVIT.93130.TU.05.2006 - 2. Nachbestatigung" }, + { "3BFF1800FF8131FE45656311086602800011405003180620D4", "banking card (electronic-card / Maestro / Geldkarte). the bank+calls\nit 'S-Card' or 'Sparkassen-Card'. the banks name is 'Stadtsparkasse\nDuesseldorf' and is part of the 'Sparkassen-Finanzgruppe' (a finance\ngroup, network of local banks)." }, + { "3BFF1800FF8131FE4565631108660280001156000318062092", "Geldkarte [ec, Maestro] (Sparkasse Langen-Seligenstadt, Germany)" }, + { "3BFF1800FF8131FE4565631901500280000F........0512..", "SAGEM ORGA GmbH\nROM Mask=SecV1.5.3\nInit-Table=SDR0O1G0.A_B (BES0), SWR0O1H0.A_5 (CS0)\nSignaturerstellungseinheit ZKA SECCOS Sig v1.5.3\nBSI.02076.TE.12.2006" }, + { "3BFF1800FF8131FE4565631A01410250001052090567051021", "Maestro/Geldkarte (BBBank Karlsruhe, Germany)" }, + { "3BFF1800FF8131FE55006B02090200010101434E531031809F", "Carta Nazionale dei Servizi - InfoCamere" }, + { "3BFF1800FF8131FE55006B0209020001010144534410318092", "Postcom S.P.A. (digital certificate)" }, + { "3BFF1800FF8131FE55006B02090200011101434E531031808F", "Carta Regionale dei Servizi - Regione Lombardia" }, + { "3BFF1800FF8131FE55006B02090200011101434E531131808E", "Infocamere CNS" }, + { "3BFF1800FF8131FE55006B02090300011101434E531131808F", "Card description: Multiservice Card - CMCC - Arma Carabinieri (Carta Multiservizi)" }, + { "3BFF1800FF8131FE55006B02090303010101434E531031809D", "Aruba CNS for Regione Toscana (IT)\nhttp://www.regione.toscana.it\nAruba CNS for Infocamere (the Chambers of Commerce)" }, + { "3BFF1800FF8131FE55006B0209030301010144534410318090", "Postecert (www.postecert.it) to legally sign documents" }, + { "3BFF1800FF8131FE55006B02090303011101434E531131808C", "Infocert 1205* smart card\nUniversita' Degli Studi di Torino (Infocert)" }, + { "3BFF1800FF8131FE55006B0209040301010144534410318097", "J-Sign (STMicroelectronics S.r.l. - Incard Division) (JavaCard)" }, + { "3BFF1800FF8131FE55006B02091300024954494420203180D3", "electronic identity card (PKI)" }, + { "3BFF1800FF8131FE55006B02091301011101434E531131809E", "Service card of the Ministry of Defense of Italy" }, + { "3BFF1800FF8131FE55006B0209130301000150534510318094", "Italian Electronic ID Card (eID)\nhttp://www.interno.gov.it/mininterno/site/it/temi/servizi_demografici/scheda_006.html" }, + { "3BFF1800FF8131FE55006B02091303010101434E531031808D", "Aruba Digital Signature (Other)\nhttps://www.pec.it/offerta-firma-digitale.aspx" }, + { "3BFF1800FF8131FE55006B02091303011101434E531131809C", "Politecnico di Torino Student Card (eID)\nhttp://www.polito.it/" }, + { "3BFF1800FF8131FE55006B02091617011101434E531131808D", "Carta Regionale dei Servizi - Regione Autonoma Friuli Venezia Giulia (HealthCare)\nhttps://www.regione.fvg.it/rafvg/cms/RAFVG/GEN/carta-regionale-servizi/" }, + { "3BFF1800FF8131FE55006B02091717011101434E531131808C", "european health insurance card and Regional (ItalY - Provincia Autonoma di Trento) Service Card (CPS) (eID)\nhttps://www.provincia.tn.it/Servizi/Attivare-la-Carta-Provinciale-dei-Servizi-CPS#cos_e" }, + { "3BFF1800FF8131FE55006B42495434494420312E3000900091", "Touch&Sign 2048 (PKI)" }, + { "3BFF1800FF8131FE55006B42495434494420322E3000900092", "Izenpe Green Card (Citizen Certificate) (eID)\nhttp://www.izenpe.com/s15-12020/en/contenidos/informacion/ciudadano/en_def/index.shtml" }, + { "3BFF1800FFC10A31FE55006B0508C805011101434E531031800C", "Carta Regionale dei Servizi - Regione Lombardia" }, + { "3BFF1800FFC10A31FE55006B0508C809011101434E5310318000", "Carta regionale dei servizi - Regione Sicilia\nhttp://www.regione.sicilia.it/crs/index.asp" }, + { "3BFF1800FFC10A31FE55006B0508C80A011101434E5310318003", "Carta Regionale dei Servizi - Regione Lombardia" }, + { "3BFF1800FFC10A31FE55006B0508C80C011101434E5310318005", "Healthcare card (TS-CNS) - Provincia Autonoma di Trento\nUnified Healthcare card (TS-CNS) - Repubblica Italiana" }, + { "3BFF32000010808031E05B4742500000000000000255", "UK NatWest BT PayToView Mondex" }, + { "3BFF6700008131FE45FF43727970746E6F784649444F32305F", "Fast Identification Online card (FIDO2) from Cryptnox manufacturer (Other)\nhttps://www.cryptnox.ch" }, + { "3BFF9100FF918171FC40000A654B5450304432654B5450043D5B62", "Indonesian eID (eID)" }, + { "3BFF94000000434D425F55425369676E3030303215", "UBS Access Card used for online banking with UBS in Switzerland.\nIt resides in a calculator like token, that is used for a challenge\nresponse when logging in." }, + { "3BFF940000400A80310073122113574A330E01314100", "O2 Loop SIM card" }, + { "3BFF940000400A80310073122113574A330E02314100", "GSM-SIM Beeline RU (Telecommunication)\nhttp://beeline.ru" }, + { "3BFF940000400A80310073122113574A330E02324100", "Turkcell SIMPlus64 / Turkey" }, + { "3BFF940000400A80310073122113574A330E10314100", "GSM SIM MEDIONmobile (MVNO) the Netherlands (Telecommunication)" }, + { "3BFF940000801F478031E073FE210000000000830F900052", "Telecommunication SIM (Telecommunication)" }, + { "3BFF9400008131804380318065B0850201F3120FFF82900079", "Serbian Identity Card (eID)\nJava Card (Sealys MultiApp ID v2.1) supporting Global Platform 2.1.1" }, + { "3BFF9400008131FE4380318065B0846160FB120FFD8290000E", "IDPrime 930 FIPS Level 3 (T=1 CT=94) (BAI4) (PKI)" }, + { "3BFF9400008131FE4380318065B085040011120FFF829000E2", "DPI Card ID Guatemala Version 2018 (eID) (eID)\nhttps://www.renap.gob.gt" }, + { "3BFF940000C00AB1FE491F438031E073F62113573436434132302068", "Sonera UICC (Telecommunication)" }, + { "3BFF9400FF400A80310073122113574A332009314100", "Globul GSM operator card (Bulgaria) (Telecommunication)" }, + { "3BFF9400FF80B1FE451F030068D276000028FE052231800090001E", "Alice Business card (to be used in the modem supplied by an Italian provider)" }, + { "3BFF9400FF80B1FE451F030068D276000028FF051E318000900023", "D-Trust Signature Card (www.d-trust.net):\n- Citizencard of the People of Ulm in Germany (Burgerkarte)\n- Qualified Electronic Signature Card (Qualifizierte Signaturkarte)" }, + { "3BFF9400FFC00A1F438031E073362113574A43491C3130321C", "Giesecke & Devrient - UniverSIM Pegasus" }, + { "3BFF9400FFC00A1F478031E073F62113574A33200B314141D4", "SIM (Telecommunication)" }, + { "3BFF950000400A80310073122113574A330E10314100", "Verizon GSM SIM (Telecommunication)" }, + { "3BFF9500008031FE4380318067B0850201F3A3018301900045", "Swedish digital tachograph driver smart card (Other)\nhttps://www.transportstyrelsen.se/sv/vagtrafik/Yrkestrafik/Kor--och-vilotider/Fardskrivare/ansokan-om-forarkort/" }, + { "3BFF9500008031FE4380318067B0850201F3A3048301900040", "Company Card for authentication in tachograph applications (Other)\nhttps://ec.europa.eu/transport/modes/road/social_provisions/tachograph/tachonet_en" }, + { "3BFF9500008031FE4380318067B0850201F3A3138301900057", "Driver's Card (Tachograf card) issued by pwpw Poland (Transport)\nhttps://www.pwpw.pl/en/Products/Cards/Cards.html" }, + { "3BFF9500008031FE4380318067B0850201F3A3138301F83BFF", "UK Drivers Tachograph Card (Transport)" }, + { "3BFF950000C00A1F438031E073362113574A330E0231410088", "'BASE' SIM card; BASE is a german mobile phone operator, which is a brand of E-Plus, Germany." }, + { "3BFF95000150801C444E41535034323020526576533430", "Nagra card Canal+ (Polish TV provider) (Pay TV)\nhttps://pl.canalplus.com/" }, + { "3BFF95000150801C444E41535034323020526576533430F1", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, + { "3BFF95000150801C444E41535034323020526576533430F15D", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, + { "3BFF95000150801C444E41535034323020526576533441", "Platforma Canal+ Polska, cayman card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, + { "3BFF9500FF400A803100731A2113574A504860314147", "Vodafone 64 KB SIM with Javacard" }, + { "3BFF9500FF400A8031E873F62113674A474860314200", "Giesecke & Devrient STARSIM" }, + { "3BFF9500FF50801C444E41535034303020526576493431", "Pay TV card nc+ polish (seca with merlin layer) (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, + { "3BFF9500FF50801C444E41535034303020526576493435", "Decoder card for VOO TV distributer in Belgium (Pay TV)" }, + { "3BFF9500FF50801C444E41535034303020526576493439", "Big TV India (Pay TV)\nhttps://www.lyngsat.com/packages/Big-TV.html" }, + { "3BFF9500FF50801C444E41535034303020526576493441", "Pay TV - NC+ in Poland (Pay TV)\nhttp://ncplus.pl/" }, + { "3BFF9500FF50801C444E41535034303020526576493447", "Platforma Canal+ Polska, cameleon card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, + { "3BFF9500FF50801C444E4153503430302052657649344A", "Sat Tv (Nagra) (Pay TV)" }, + { "3BFF9500FF50801C444E41535034303020526576493548", "Canal+ France Nagra3 (Pay TV)\nhttps://www.canalplus.com/" }, + { "3BFF9500FF50801C444E41535034383220526576523038", "CANALSAT, mediaguard key (Pay TV)" }, + { "3BFF9500FFC00A1F438031E073362113574A3320073341411F", "Swisscom 3G SIM card" }, + { "3BFF9500FFC00A1F438031E073F62113574A334857314141E5", "MTNL 3G USIM (India)" }, + { "3BFF9500FFC00A1F438031E073F62113574A334861324147D6", "GSM SIM (issued by e-plus, Germany)" }, + { "3BFF9500FFC00A1F438031E073F62113574A554860324100F6", "GSM SIM from O2 Germany (UMTS ready) from 2005" }, + { "3BFF9500FFC00A1F478031E073F62113574A33200B314141D5", "Telenor SIM card (Norway)" }, + { "3BFF9600008031FE45536D40727443616665204578702E374E", "haruka (eID)" }, + { "3BFF9600008131804380318065B0850300EF12026C829000F9", "Authorization Card (eID)" }, + { "3BFF9600008131804380318065B0850300EF120FFF82900067", "Greek Academic ID (eID)\nhttp://academicid.minedu.gov.gr/" }, + { "3BFF9600008131804380318065B0850300EF12FFFE82900096", "Gematlo IDCore 8030 (JavaCard)" }, + { "3BFF9600008131804380318065B08503010F120FFF82900086", "Azerbaijan Republic National Identity Card (eID) (eID)\nhttps://www.mia.gov.az/" }, + { "3BFF9600008131804380318068B0850300EF780100829000F1", "Cameroon National Identity Card (eID)" }, + { "3BFF9600008131FE4380318065B0845651101201788290006A", "SafeNet eToken 5300 (PKI)" }, + { "3BFF9600008131FE4380318065B08456511012021082900001", "Nedap NexS N:Secure (eID)\nhttps://www.nsecure.nl/nl/" }, + { "3BFF9600008131FE4380318065B0846160FB120FFD8290000C", "IDPrime 930 FIPS Level 2 (T=1 CT=96) (BAI3.1) (PKI)" }, + { "3BFF9600008131FE4380318065B0846566FB12017882900085", "eToken 5110+ FIPS 140-2 Level 2 (JavaCard)" }, + { "3BFF9600008131FE4380318065B0846566FB120FFC8290000F", "SmartID 3930 FIDO Contact and Contactless card (PKI)\nhttps://www.smartcardfocus.com/shop/ilp/id~962/safenet-idprime-3930-fido-dual-interface-fips-l2/p/index.shtml" }, + { "3BFF9600008131FE4380318065B0846669FB12FFFE829000F1", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, + { "3BFF9600008131FE4380318065B085040011120FFF829000E0", "Pakistan National identity card (eID)" }, + { "3BFF9600008131FE4380318065B085040120120FFF829000D0", "Portuguese National Identity Card (eID) (eID)\nhttps://www.autenticacao.gov.pt/o-cartao-de-cidadao" }, + { "3BFF9600008131FE4380318065B085050011120FFF829000E1", "Portuguese autentication card (eID)\nhttps://www.autenticacao.gov.pt/web/guest/cc-aplicacao" }, + { "3BFF9600008131FE4380318065B08505003912017882900040", "Identicard for french advocates (eID)\nhttps://doc.ubuntu-fr.org/avocats_sur_ubuntu" }, + { "3BFF9600008131FE4380318065B0855956FB12017882900088", "SafeNet 5110 token for eSignature (eID)\nhttps://www.certsign.ro/en/support/safenet-installing-the-device-on-windows/" }, + { "3BFF9600008131FE4380318065B0855956FB120FFC82900002", "THALES SafeNet IDPrime 3940 Fido (PKI)\nhttps://cpl.thalesgroup.com/fr/resources/access-management/idprime-3940-product-brief" }, + { "3BFF9600008131FE4380318065B0855956FB120FFE82900000", "SafeNet eToken 5110 SC (PKI)\nhttps://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token" }, + { "3BFF9600008131FE4580F9A0000003080000100053454E54AC", "cac (eID)" }, + { "3BFF9600008131FE55006B02090403010101434E53103180EB", "Aruba PEC SpA digital signature card made by Incard (eID)\nhttps://www.pec.it/download-software-driver.aspx" }, + { "3BFF960000C00A31FE4380318065B085040011120FFF829000AB", "French National Identity Card (eID) (eID)\nhttps://www.interieur.gouv.fr/actualites/actu-du-ministere/nouvelle-carte-nationale-didentite" }, + { "3BFF9600FF8131FE406563111562025000100A0190A90730BF", "girocard Sparkasse Ansbach, Germany BLZ 76550000 (Bank)" }, + { "3BFF9600FF8131FE406563111562025000100A0271500730A4", "Debitcard Sparkasse Duesseldorf (Bank) (Bank)\nhttps://www.sskduesseldorf.de/" }, + { "3BFF9600FF8131FE406563111665025000100B22BBEB074080", "girocard contactless (Bank)" }, + { "3BFF9600FF8131FE4065631D02840156001F190850E10200EF", "Raiffeiesenbank Girocard Maestro (Bank)" }, + { "3BFF9600FF8131FE4065631D02840156001F2108B0A902007F", "Debit Card Sparda-Bank Baden-Wurttemberg eG (Bank)" }, + { "3BFF9600FF8131FE4065631D028401560024090A10CC0200AB", "Postbank Germany (Bank)\nhttps://www.postbank.de/privatkunden/services.html" }, + { "3BFF9600FF8131FE4065631D028402500023010A60D40200C9", "DKB Girocard (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, + { "3BFF9600FF8131FE4065631D0284025000230308C0B702000A", "German Debitcard from Sparkasse (Bank)" }, + { "3BFF9600FF8131FE4065631D0284025000230709E0F9020061", "Sparkasse Ingolstadt (Bank)" }, + { "3BFF9600FF8131FE4065631D0284025000231208A0EB020027", "Girocard (Bank)" }, + { "3BFF9600FF8131FE4065631D028402500023140710B80200CD", "Sparkasse Aachen - german Maestro/Girocard (S-Payment TGI 50380969) (Bank)" }, + { "3BFF9600FF8131FE4065631D028402500023150860DC0200D7", "Deutsche Kreditbank AG, Girocard (Bank)\nhttps://www.dkb.de" }, + { "3BFF9600FF8131FE4065631D028402500023160BB0C102001A", "debit card (Bank)" }, + { "3BFF9600FF8131FE4065631D0284025000232106F0ED02004C", "DKB Girocard (Bank)" }, + { "3BFF9600FF8131FE4065631D028402500023230900A80200F4", "Kreissparkasse girocard (Bank)" }, + { "3BFF9600FF8131FE4065631D038601560002130B90FE011034", "EC card from Raiffeisenbank im Hochtaunus, Germany (Bank)" }, + { "3BFF9600FF8131FE4065631D0386025000230808914F0110B8", "Debit card (Germany): ec-cash, GeldKarte(EUR), Visa, Cirrus (Bank)" }, + { "3BFF9600FF8131FE4065631D038602500023130981390110C4", "girocard contactless (Bank)" }, + { "3BFF9600FF8131FE456563060752025000103025411A064082", "DKB (Deutsche Kreditbank) girocard (V-PAY, GeldKarte) (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, + { "3BFF9600FF8131FE4565630D09710764000D00035450070181", "Commerzbank ServiceCard / Maestro / GeldKarte / Cirrus / girocard / CashGroup / electronic cash" }, + { "3BFF9600FF8131FE4565631901500280000F002B0046501172", "Sparkasse Bremen Germany HBCI DDV" }, + { "3BFF9600FF8131FE4565631901500280000F002F0025501115", "German Postbank Giro card with electronic cash, Maestro, GeldKarte features" }, + { "3BFF9600FF8131FE4D8031E06B0431050277555555555555EA", "IRMA card (eID)\nhttp://irmacard.org" }, + { "3BFF9600FF8131FE55006B02090403010101434E5310318014", "JavaCard Bit4Id (JavaCard)" }, + { "3BFF9600FF918131FE4D8031E06B043105027555555555555579", "algeria national identity card (eID)" }, + { "3BFF9600FFC00A1F438031E073362113574A43491C3130321E", "Giesecke & Devrient - UniverSIM Pegasus" }, + { "3BFF9600FFC00A31FE4D8031E06B04200502585555555555559F", "MULTOS (Other)" }, + { "3BFF9600FFC00A31FE4D8031E06B04310502A85555555555557E", "Multos (Other)" }, + { "3BFF9700008131FE4380318065B0846160FB120FFD8290000D", "IDPrime 3930 FIPS Level 3 (T=1 CT=97) (BAI6) (PKI)" }, + { "3BFF9700008131FE4380318065B08466693912FFFE82900032", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, + { "3BFF9700FFC00A31FE4D8031E06B04520502BB5555555555550F", "MULTOS Dual Interface Card - MC4-P23-S1 (Other)" }, + { "3F05DC20FC0001", "DigiCash Facility Card" }, + { "3F28000011140003689000", "SIMEMU - a DIY GSM SIM card\nhttp://simemu.cjb.net/" }, + { "3F2D0027A051827D00000052000C9000", "Porta Moedas Multibanco (Portugeese electronic purse)" }, + { "3F2F0036AF690204018000000A0E833E9F16", "SIM Card GSM (Telecommunication)" }, + { "3F2F008059AF0201013000000A0E83069F12", "Gemplus GemXplore" }, + { "3F2F008059AF02010230000C0A0E831E9F16", "GSM-SIM (900MHz) card of the carrier 'Mannesmann Mobilfunk' for\ntheir network 'D2-Privat' - now known as Vodafone Mobilfunk\nhttp://www.vodafone.de/" }, + { "3F2F008069AE0202013600000A0E833E9F16", "GSM-SIM e-plus (1800MHz)" }, + { "3F2F008069AF0204013600000A0E833E9F16", "Telia Mobitel GSM (Telecommunication)" }, + { "3F2F008069AF0204013600020A0E833E9F16", "GSM-SIM D2 CallYa (900MHz)" }, + { "3F2F008069AF0307015900000A0E833E9F16", "Nokia SIM Ph2 16K Ver2.0" }, + { "3F2F008069AF0307015900130A0E833E9F16", "Old Spanish Telefonica Movistar GSM SIM card manufactured by Gemplus" }, + { "3F2F008069AF0307015900240A0E833E9F16", "dialog romania now orange (Telecommunication)\nhttps://orange.ro" }, + { "3F2F008069AF0307035200000A0E833E9F16", "GemXplore 98 V1 16K" }, + { "3F2F008069AF03070352000D0A0E833E9F16", "GSM-SIM Debitel D2 (900MHz)" }, + { "3F2F008069AF0307035A00150A0E833E9F16", "Virgin Mobile SIM (Gemplus)" }, + { "3F36110053495B015153", "Sodexo Pass Lunch Card. An employee benefits card to provide meal tickets to workers. (Other)\nhttps://www.sodexo-benefits.it/prodotto/aziende/pausa-pranzo-aziende/pass-lunch-card/#tabsoluzioni" }, + { "3F3BF81300008131FE454A434F5076", "District6 Group employee ID (eID)" }, + { "3F3D1100806728500402200000838E9000", "GSM SIM card of the Austrian provider A1" }, + { "3F3E110046524543434941524F5353419000", "Trenitalia (Italy) fidelity card 'CartaFreccia' (Smartcard)" }, + { "3F3F94008069AF0307015900000A0E833E9F16", "Finnish SIM card from 'Radiolinja' now 'Elisa'" }, + { "3F6525....046C90.0", "Carte Bancaire (French banking card)" }, + { "3F65250024096B9000", "Old Postgirot/Plusgirot SmartSec bank ID card (Bank)" }, + { "3F65250024096E9000", "Oberthur Bull CP8 smart card. Russian 'Pochtovyj Bank' (Bank)" }, + { "3F6525002B09629000", "Coinamatic SmartyCity smartcard" }, + { "3F6525002B09699000", "Municipal parking meter card for the City of St. John's, NL, Canada.\nhttp://www.stjohns.ca/index.jsp" }, + { "3F6525002B09EB9000", "Bull Scot 5" }, + { "3F6525002[2C]09[F6]99000", "Sesam Vitale (French health card)" }, + { "3F65250052096A9000", "French carte Vitale" }, + { "3F6525005343689000", "'Flying Cow'- russian pirate CAM-card. (Pay TV)\nhttp://mxc.do.am/publ/collection/viewing_card_smart_karty_sputnikovogo_veshhanija/flying_cow_smart_card/13-1-0-25" }, + { "3F652500A[34]096A9000", "Sesam Vitale (French health card)" }, + { "3F6525082204689000", "France Telecom card (ex Pastel card)" }, + { "3F6525082304689000", "France Telecom card" }, + { "3F6525083304209000", "D-Trust card" }, + { "3F65250843046C9000", "CB visa La Poste France (Oberthur)\nCB visa Societe Generale France (Oberthur)" }, + { "3F65250863046C9000", "CB visa La Poste France (Oberthur)\nCB Master Carte du Credit Mutuel" }, + { "3F65250865046C9000", "CB visa Boursorama France (Axalto)" }, + { "3F6535100.04[6,E]C9000", "Postcard (Switzerland)" }, + { "3F6535100104EC9000", "Old Swiss Postbank card (Bank)" }, + { "3F6535640104689040", "Bull AFNOR-positioned microprocessor chip card 'Carte Pastel Internationale' by France Telecom (Other)\nhttp://phonecards.free.fr/carte_pastel.htm" }, + { "3F6535640204689040", "Carte Pastel Nationale - nominal France Telecom service card with Bull CP8 chip in AFNOR position (Other)" }, + { "3F65356402046C9040", "Postcard (Switzerland)" }, + { "3F6725002120000F689000", "Smart Builder 'your kit for PC/SC applications' and Bull\nhttp://www.cp8.bull.net/" }, + { "3F6725002120000F789000", "Bank Nederlandse Gemeenten, BNG Data Services" }, + { "3F67250026140020689000", "Pay-TV card from Casema Cable Television, Netherland" }, + { "3F6725002A20000F689000", "Carte Grand Voyageur (SNCF: French train company)" }, + { "3F6725002A200040689F00", "Swiss Cash card\nChipknip SNS Bank (banking card)" }, + { "3F6725002A200041689000", "ChipKnip" }, + { "3F6725002A20004[01]689000", "Dutch ChipKnip, Proton\n(chip Bull CC 60 V1, Bull CC 60 V2 or Bull CC 1000)" }, + { "3F67250421200007689000", "Philips TB100 (C-MOS chip)" }, + { "3F672F0011140001689000", "FilmNet(Sweden, 1984-1997) (Pay TV)" }, + { "3F672F0011140003689000", "D2MAC/Eurocrypt (Pay TV)" }, + { "3F672F0411200000689000", "BULL HN ITALIA 06/92 - 100.000 - 64MP\nLa Sapienza - Universita' di Roma" }, + { "3F69000024AF01700101FF9000", "French GSM SIM card (900MHz)" }, + { "3F69000025AF01700103FF9000", "French Gift Card (Loyalty)" }, + { "3F6A000000640150010C820101A9", "Credit Card cafe Selecta" }, + { "3F6B150002A007906F4D59000C9000", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, + { "3F6C000024A03000FF00000100049000", "Gemplus MCOS 16K DES Sample Card" }, + { "3F6C000025A0308976000001030C9000", "MCOS 24Ko Gemplus (eID)" }, + { "3F6C000025A0308976000004010C9000", "MCOS 24k EEPROM" }, + { "3F6C000025A03100FF00000180049000", "Motorola Clone Card (Telecommunication)\nhttp://web.mclink.it/MK0750/Motorola_files/docuclon.txt" }, + { "3F6C00003CA0309E6100000100049000", "Gemplus - British Gas - Gascard" }, + { "3F6C00003CA030A758000001018C9000", "Rendezvous Series 7 (D2-Mac satellite TV card)" }, + { "3F6C00003DA030BE4100370100049000", "Sberbank (Bank)" }, + { "3F6D000080318065B00501025E83009000", "Gemplus GemXpresso 211PK or 211PK-IS" }, + { "3F6D000080318065B00501025E92009000", "Gemplus GemXpresso 32K" }, + { "3F7613250421B0114A5003", "DSS/DTV F (P1; first generation access card) (Pay TV)" }, + { "3F77130000C11400A2689000", "Boxer DTV Sweden (Pay TV)\nhttp://www.boxer.se" }, + { "3F77180000C11400A2689000", "Viacess card HRT (Hrvatska Radio Televizija)" }, + { "3F77180000C11401A2689000", "VIA 2.6 XXX (Pay TV)" }, + { "3F77180000C21400C1689000", "Viaccess Sexview" }, + { "3F77180000C2474000689000", "Viacces card: SRG SSR idee suisse" }, + { "3F77180000C27A4102689000", "Viacces card: SRG SSR idee suisse" }, + { "3F77180000C27A4202689000", "SCT (Via Access)" }, + { "3F77180000C27A4302689000", "DORCEL (Via Access)" }, + { "3F77180000C27A4402689000", "XXX Redlight_HD (Viaccess)" }, + { "3F77180000C2EB41026C9000", "Elite HD10+ (Pay TV)\nSatellite cryptoworks card - Smart card Viaccess (Telesat - belgium) (Pay TV)" }, + { "3F77180000C2EB45026C9000", "facetv (Other)" }, + { "3F77180000D38A4001649000", "Skylink Viaccess 5.0 (Pay TV)\nhttp://www.skylink.sk/" }, + { "3F77180000D38A4201649000", "Satellite decoder card for TV Vlaanderen (Other)\nhttps://www.tv-vlaanderen.be" }, + { "3F77180000DAAC4114649000", "Fransat PC7 (Pay TV)\nhttps://www.fransat.fr/" }, + { "3F7718250029140062689000", "Viaccess card" }, + { "3F7812250140B0034A50204855", "DSS/DTV H" }, + { "3F7813250340B020FFFF4A5000", "DSS/DTV P4" }, + { "3F7D11250241B00369FF4A50F08000565403", "Viasat Baltics Videoguard card (Pay TV)" }, + { "3F7E11250521B01200004D59000000534B0900", "Sky Viewing Card (Gen 9) (Pay TV)" }, + { "3F7E11250540B00800004D59000000534B0B07", "BSkyB Series 11 (DSS satellite TV card)" }, + { "3F7E11250540B00800004D59000000534B0B08", "Sky Series 11 (DSS satellite TV card)" }, + { "3F7E11250940B00100004D59000003534B0A01", "Sky Series 10 (DSS satellite TV card)" }, + { "3F7F11250333B00969FF4A507000005654010000", "Viasat Baltic (satellite card, NDS)" }, + { "3F7F11250540B00F69FF4D59000000534B0C0600", "Sky Series 12 (DSS satellite TV card)" }, + { "3F7F13250140B01069FF4A5001474C0000000000", "NDS Smartcard (Pay TV)" }, + { "3F7F13250240B00C69FF4A50C000005253000000", "Stream Italy NDS 1 (Pay TV)" }, + { "3F7F13250240B01269FF4A5090474C0000000000", "NDS VideoGuard GL23 Card (Sky Brazil) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, + { "3F7F13250240B01269FF4A509054560000000000", "NDS Smartcard (Pay TV)" }, + { "3F7F13250241B004FFFF4A508080000000475806", "NDS card DIRECTV (Other)" }, + { "3F7F13250241B00EFFFF4A508080000000474C07", "SKY BRASIL (Pay TV)" }, + { "3F7F13250333B00669FF4A50D000005359000000", "Sky 2005/6 (DSS satellite TV card)" }, + { "3F7F13250333B01169FF4A505000004956010000", "Indonesia Videoguard 2 card" }, + { "3F7F13250333B01169FF4A505000005344010000", "STAR TV (Pay TV)" }, + { "3F7F13250338B004FFFF4A500000294855......", "DSS/DTV HU" }, + { "3F7F13250340B00B694C4A50C000005359000000", "Sky Digital (DSS satellite TV card)" }, + { "3F7F13250540B01169FF4A500000004754000C00", "YES DBS Israel Videoguard 090C,090D" }, + { "3F7F15250333B01169FF4A505000004956010000", "Sky Germany V13 Smartcard (Pay TV)" }, + { "3F961880018051006110309F", "Atmel/Athena T0 Inverse Convention PC/SC Compliance Test Card No. 2" }, + { "3FEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, + { "3FFA1125040001B00200004D59008180", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, + { "3FFA1125050001B0023B364D59028090", "HackTV SKY11 PIC16F84 card (Other)\nhttps://github.com/captainjack64/hacktv" }, + { "3FFA1125050001B0023B404D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, + { "3FFA1125050001B0023BD04D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, + { "3FFD11250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland G02 (Pay TV)" }, + { "3FFD11250250800F41B00A69FF4A507080005A4503", "Buypass smart card (Bank)\nhttps://www.buypass.no/bruker/buypass-id/buypass-smartkort" }, + { "3FFD11250250800F41B00D69FF4A50F08000565403", "Viasat (Pay TV)" }, + { "3FFD11250250800F41B00F69FF4A50F080005A4A03", "Telekom Romania Communications (DVB-C) (Pay TV)\nhttps://www.telekom.ro/" }, + { "3FFD13250250000F33B00F69FF4A50D00000535902", "Sky Digital (DSS satellite TV card) 2009 issue" }, + { "3FFD13250250000F33B01669FF4A50D08000535903", "Sky TV Multiroom (Pay TV)" }, + { "3FFD13250250800F..B0..69FF4A50D08000495403", "Sky (Italy) VideoGuard CAM card" }, + { "3FFD13250250800F33B008FFFF4A50900000474C01", "Sky (Brasil) VideoGuard CAM card" }, + { "3FFD13250250800F33B008FFFF4A50900000545601", "NDS Videoguard TV CAM card (Sky Mexico 0905) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, + { "3FFD13250250800F41B00A69FF4A50F00000503103", "Sky Germany V14 NDS card (Pay TV)\nhttp://www.wikipedia.org/wiki/Sky_Deutschland" }, + { "3FFD13250250800F41B00F69FF4A50F080005A4A03", "Orange Romania (DVB-C) (Pay TV)\nhttps://www.orange.ro/" }, + { "3FFD13250250800F55B00269FF4A50F08000503103", "SKY DE V15 (Pay TV)" }, + { "3FFD14250150000F33B00BFFFF4A50800000475801", "DirecTV card" }, + { "3FFD14250250800F41B00A69FF4A507080004E5A03", "Sky Network Televisiton Limited (New Zealand) card for new (2016) decoder. Reportedly, this is a Kaon NS1120-500 box. (Pay TV)\nhttp://www.sky.co.nz" }, + { "3FFD14250250800F41B00D69FF4A50F08000425203", "Airtel Digital TV (Pay TV)" }, + { "3FFD15250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland (G02) (Pay TV)\nhttps://www.kabeldeutschland.com" }, + { "3FFD15250250800F41B00569FF4A50F00000415A03", "astro Pay TV Measat 91.5 E Caid: 0910 Provider: 000000" }, + { "3FFD15250250800F41B00A69FF4A50F00000503103", "Sky Germany [NDS|V14] (098C:000000) (Pay TV)" }, + { "3FFD15250250800F41B00D69FF4A50F08000414A03", "beIN Sports Arabia NDS (09B5:000000) (Pay TV)" }, + { "3FFD15250250800F41B00D69FF4A50F08000565403", "TVPLAY HOME (Pay TV)\nhttps://www.tvplayhome.lt/" }, + { "3FFD15250250800F55B00269FF4A50F08000503103", "Sky Germany [NDS|V15] (098D:000000) (Pay TV) (Pay TV)\nhttp://www.sky.de" }, + { "3FFDFF250250800F54B00469FF4A50D08000495403", "SKy italia (Pay TV)" }, + { "3FFE142503108041B00769FF4A5070804245544114", "OSN (Pay TV)\nhttps://www.osn.com" }, + { "3FFF112503108041B00669FF4A50700000415A010011", "Astro (Pay TV)\nhttp://www.astro.com.my" }, + { "3FFF112503108041B00769FF4A507000005031010011", "Sky (Germany) VideoGuard CAM card (www.sky.de)" }, + { "3FFF13250250800F54B003FFFF4A508000000000474C05", "Sky (Brasil) VideoGuard CAM card" }, + { "3FFF132503108033B00E69FF4A507000004954020000", "Sky entitlement card" }, + { "3FFF132503108033B01069FF4A507000004E5A010000", "NDS SKY NZ (Pay TV)" }, + { "3FFF13250B50000F33B00469FF4A50E000005335000000", "Stream TV (IP television) decoder card, provided by stream.ru ISP in Moscow" }, + { "3FFF13250B50000F33B00469FF4A50E000005438000000", "Stream TV (IP television) decoder card, provided by aon (Telekom Austria) TV card, contains Incorporated NDS Videoguard (TM) security system" }, + { "3FFF142503108033B01069FF4A507000004352010000", "Russian cable TV AKADO NDS Card (Pay TV)\nhttp://www.akado.ru/" }, + { "3FFF142503108033B01069FF4A507000005A45010000", "Norwegian DVB-C provider Get (www.get.no). NDS Videoguard security card." }, + { "3FFF142503108041B00169FF4A507000005356010000", "Tata Sky India Card (Telecommunication)" }, + { "3FFF142503108041B00169FF4A507000005A48010000", "'D-Smart' NDS from Turkie" }, + { "3FFF142503108041B00169FF4A507000005A4A010000", "Dolce by RomTelecom (Pay TV)" }, + { "3FFF142503108041B00169FF4A507000005A4B010000", "Pay TV, Viasat Ukraine" }, + { "3FFF142503108041B00269FF4A507000004252010000", "airtel (Pay TV)" }, + { "3FFF142503108041B00269FF4A50708000414F010014", "Pay TV" }, + { "3FFF142503108041B00769FF4A507080005844010014", "NDS vivacom Bulgaria card (Pay TV)\nhttps://www.vivacom.bg/bg/tv" }, + { "3FFF142503108041B00769FF4A5070800058440100FF", "Provider Vivacom Bulgaria NDS (Pay TV)\nhttp://www.vivacom.bg/en/satellite-services" }, + { "3FFF142503108041B00769FF4A507080005845010014", "Sat TV (Other)" }, + { "3FFF142503108054B00169FF4A507000004B57010000", "PayTV Card Kabel BW (www.kabelbw.de), Encryption: NDS by Videoguard, Distribution Standard: DVB-C" }, + { "3FFF152503108041B00769FF4A507000005031010015", "Sky (Germany) VideoGuard CAM card (www.sky.de) in Fast Mode (ins7e11=15) (Pay TV)" }, + { "3FFF3F3F3F3F003F3FFF3F3F3F3F3FFF3FFF953FFF953FFF", "Premium joker card to see Spanish TDT premium (goltv)" }, + { "3FFF9500FF918171..4700..4.4.....3.3.3.20..657.........", "Nagravision TV CAM card\nhttp://en.wikipedia.org/wiki/Nagravision" }, + { "3FFF9500FF918171..47004E434D45443.303.20526576..3.3...", "Mediaset Premium (Italy) CAM card" }, + { "3FFF9500FF918171644700444E41535030303320526576333233FF", "Satellite TV Card 'Via Digital' (Nagra)" }, + { "3FFF9500FF918171A04700444E4153503031302052657641323048", "DSS/DISH ROM10" }, + { "3FFF9500FF918171A04700444E4153503031302052657641323149", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/" }, + { "3FFF9500FF918171A04700444E4153503031312052657642", "NTL digital TV card (Nagravision)" }, + { "3FFF9500FF918171A04700444E415350303131205265764230364E", "Telewest Broadband (Nagravision)" }, + { "3FFF9500FF918171A04700444E415350303131205265764230423A", "NagraVision card for StarHub Digital Cable DVB-C Singapore" }, + { "3FFF9500FF918171A04700444E415350303131205265764230443C", "NagraVision card for Virgin Media in the UK" }, + { "3FFF9500FF918171A04700444E415350313830204D657230303028", "NagraVision (VG04) for Virgin Media (UK)\nNagraVision 3 for DigiTV (Romania)\nhttp://www.rcs-rds.ro/televiziune-digi-tv/satelit" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641303114", "TVA Digital - Nagra Vision ID TV-01" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641303712", "UPC Austria/UPC-Cablecom Switzerland, digital television encryption card\nhttp://www.upc-cablecom.ch/" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641323215", "UM01 card from German Unitymedia cable TV provider" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641343514", "Telenet N.V. HDTV Decoder Card Belgium" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641433365", "Brazilian NET Digital (Cable TV provider) - Nagra Vision 'NASP110 RevA01'" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647303216", "Polsat Nagra3\nBrazil - Claro TV Nagra3 Red" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647303410", "Nagra 3 Card - Telefonica Brazil Green" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647303612", "UM02 card from German Unitymedia cable TV provider" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647433463", "HD+ card used by the satellite company astra for decryption of the HDTV channels of RTL, VOX, Sat1 and ProSieben. Nagravision V3 is used for the encryption." }, + { "3FFF9500FF918171FE4700444E415350313830204D65724A30320E", "Nagra 3 Digital Plus Spain" }, + { "3FFF9500FF918171FE4700444E415350314130204D65725332336D", "Ziggo (Pay TV)" }, + { "3FFF9500FF918171FE4700444E41535032343120447368", "DISH Network G3 (Pay TV)" }, + { "3FFF9500FF918171FE4700444E415350323431204473684830390C", "Dish Network Smart Card (Pay TV)" }, + { "3FFF9500FF918171FE47004E434D4544303041205265764130316C", "Mediaset Premium (Italy) 2013" }, + { "3FFF9500FF918171FE47004E434D4544303043205265764330306D", "Mediaset Premium rechargeable (Pay TV)\nhttp://www.mediasetpremium.it/" }, + { "3FFF9500FF918171FE47005449474552363031205265764D383013", "Spanish pay TV card for GOLTV" }, + { "3FFF9500FF918171FE5700444E415350314230204D657257323079", "Vodafone HUNGARY (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323113", "Nagravision D08 / KD-31 Vodafone Cable Germany (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323210", "Telenet CI+ card Belgium (Pay TV)\nhttps://www2.telenet.be/nl/tv-met-een-kaartje/" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323517", "New ROM of Nagra PayTV Card DNASP410 (Pay TV)\nhttp://en.wikipedia.org/wiki/Nagravision" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323715", "New Digi Slovakia (Pay TV)\nhttps://www.lyngsat.com/packages/Digi.html" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651324260", "Nagravision Kudelski Generation 7 card Rom410 MerQ2B (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651325371", "Slovak and Czech pay TV provider Slovak Telecom (Pay TV)\nhttp://www.flysat.com/novadigi-sk.php" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653363017", "HD+ HD04b Card (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653363413", "claro card honduras central america 'NAGRA' (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653364166", "NAGRA KUDELSKI (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653364265", "Nagra Kudelski / Canalsat Reunion (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503435302052657657363014", "HD+ HD05 Paytv smartcard (Pay TV)" }, + { "3FFF9500FF918171FE5700444E415350343832205265765232361C", "Max Tv Croatia (Pay TV)\nhttps://www.lyngsat.com/packages/Max-TV.html" }, + { "3FFF9500FF918171FE5700444E415350353532204473684E30391F", "Dish Network ROM552 (Pay TV)" }, + { "3FFF9500FF918171FE5700444E415350353532204473684E304264", "Dish Network (Satellite Pay TV) NASP 552 (Pay TV)\nhttp://www.dishnetwork.com/" }, + { "3FFF9500FF918171FE5700444E415350353533205265764E304178", "BELL CA EXPRESS VU CARD (Pay TV)" }, + { "3FFF9500FF918171FF4700444E4153505330312044736836303916", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/\nCards were obsoleted in nationwide system update in 2009." }, + { "3FFF9500FF918171FF4700444E4153505330312052657636343702", "BELL EXPRESSVU (Pay TV)" }, + { "3FFF9500FF918171FF470054494745523030332052657632353064", "Tivu' Sat (Italy) CAM card www.tivu.tv" }, + {NULL, "n/a"} +}; #endif diff --git a/doc/commands.json b/doc/commands.json index ef3c4489d..2b38642f6 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -13003,6 +13003,6 @@ "metadata": { "commands_extracted": 749, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2024-11-20T23:37:32" + "extracted_on": "2024-11-22T02:17:04" } } From 1eb6e5cfe6ec14988660b9355d1a7dc9b0849f54 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 22 Nov 2024 12:15:06 +0100 Subject: [PATCH 006/150] text --- CHANGELOG.md | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 363e1eb84..b474de0fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,21 +3,23 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] -- Fixed hf_legic.lua script: delete bit32 commands from the script (@diorch1968) -- Fixed symlink name in `mem spiffs tree` (@ANTodorov) -- Fixed reported file/link names when `mem spiffs wipe` (ANTodorov) + +## [Orca][2024-11-22] +- Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) +- Fixed `mem spiffs tree` - now show correct symlink name (@ANTodorov) +- Fixed `mem spiffs wipe` - reported file/link names is now correct (@ANTodorov) - Updated atrs list (@iceman1001) - Added support for a new KDF (@iceman1001) - Added Inner range aid and mad entries (@iceman1001) - Changed `mem spiffs` - Use all available space in SPI flash (@ANTodorov) -- Fixed wrong size check in MifareSim (@iceman1001) +- Fixed `hf mf sim` - wrong size check in MifareSim (@iceman1001) - Fixed `hf mf sim` not to respond to authentication attempts for sectors out of bound for selected Mifare type (@piotrva) - Added option to build against non-default python3 with CMake as well (@doegox) - Added option to build against non-default python3 with Makefile (@ANTodorov) - Changed `hf 14a info` `hf mf info` - now detects FM1216-137 CPU cards (@iceman1001) -- Changed `hf iclass configcard` expanding the list of available options and functionalities (@antiklesys) +- Changed `hf iclass configcard` - expanding the list of available options and functionalities (@antiklesys) - Fixed `intertic.py` - missing comma in array (@iceman1001) -- Added improved algorithm for `hf iclass legrec` leveraging reduced entropy from hash0 constraints (@antiklesys) +- Changed `hf iclass legrec` - improved algorithm leveraging reduced entropy from hash0 constraints (@antiklesys) - Fixed `hf iclass configcard` when generating elite or keyroll elite configcards for Rev.C legacy readers (@antiklesys) - Changed `hf mf c*` - now accepts a --gdm flag to write using uscuid/gdm 20/23 alt magic wakeup (@nvx) - Changed `pm3_console()` - Python/Lua/C: replace `passthru` by `capture` and `quiet` (@doegox) @@ -27,12 +29,12 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Changed `hf iclass legrec` - updated script implementation to ensure functionality (@antiklesys) - Added recovered iclass custom key to dictionary (@antiklesys) - Added support for all Hitag S response protocol mode (@douniwan5788) -- Fixed 'hf_young.c' - flags declaration was missing a semicolon (@jakkpotts) +- Fixed `hf_young` - flags declaration was missing a semicolon (@jakkpotts) - Changed `hf mf sim` - add option to allow key b to be used even if readable (@doegox) - Changed `data num` - outputed binary strings are now properly zero padded (@iceman1001) - Changed `hf iclass info` - now tries default keys and decode if legacy (@iceman1001) - Changed `hf iclass chk` - now loads dictionary file by default (@iceman1001) -- Added an Makefile variable `DONT_BUILD_NATIVE` in mfd_aes_brute Makefile to easify downstream package +- Added Makefile variable `DONT_BUILD_NATIVE` in mfd_aes_brute Makefile to easify downstream package (@Cryolitia) - Auto detect whether compile option `march=native` is supported for mfd_aes_brute Makefile - Changed `hf mf sim` - support data-first and nested reader attacks (@doegox) - Fixed `lf search` and `lf em 4x50 rdbl -b ` does not coredump reading EM4450 tag (@ANTodorov) @@ -46,14 +48,14 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `hf 14b setuid` - set uid on magic 14b tag (@iceman1001) - Changed `hf 14b info` - now detect Tiananxin (@iceman1001) - Fixed `lf em 410x brute` - better filehandling and memory handling (@iceman1001) -- Changed split PacketResponseNG status into status and reason(@douniwan5788) -- add a helper script to decode JEDEC data `script run spi_flash_decode` (@ANTodorov) -- show SPI flash JEDEC Manufacturer ID and Device ID in `hw status` output (@ANTodorov) -- Improved `hf iclass configcards` to support generating config cards using a different key than the default k0 as the card's key (@antiklesys) +- Changed split PacketResponseNG status into status and reason (@douniwan5788) +- Added `spi_flash_decode.py` - helper script to decode JEDEC data (@ANTodorov) +- Changed `hw status` - now show SPI flash JEDEC Manufacturer ID and Device ID in output (@ANTodorov) +- Changed `hf iclass configcards` to support generating config cards using a different key than the default k0 as the card's key (@antiklesys) - Added maur keys (@iceman1001) - Fixed `hf mfu pwdgen` for the 7 byte UID (@ANTodorov) - Added `hf iclass unhash` command to reverse an iclass diversified key to hash0 pre-images (@antiklesys) -- Added crypto1 support to `hf 14a raw` (@doegox) +- Changed `hf 14a raw` - now supports crypto (@doegox) - Changed `hw version` command to print LUA and Python versions (@jmichelp) - Updated LUA to v5.4.7 which adds utf-8 support (@jmichelp) - Moved `lf hitag sim --hts` -> `lf hitag hts sim` (@douniwan5788) @@ -71,11 +73,11 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added detection for FM11NT021 (@iceman1001) - Added detection of a magic NTAG 215 (@iceman1001) - Fixed hardnested on AVX512F #2410 (@xianglin1998) -- Added `hf 14a aidsim` - simulates a PICC (like `14a sim`), and allows you to respond to specific AIDs and getData responses (@evildaemond) +- Added `hf 14a aidsim` - simulates a PICC and allows you to respond to specific AIDs and getData responses (@evildaemond) - Fixed arguments for `SimulateIso14443aTag` and `SimulateIso14443aInit` in `hf_young.c`, `hf_aveful.c`, `hf_msdsal.c`, `hf_cardhopper.c`, `hf_reblay.c`, `hf_tcprst.c` and `hf_craftbyte.c` (@archi) - Added `mf_backdoor_dump.py` script that dumps FM11RF08S and similar (Mifare Classic 1k) tag data that can be directly read by known backdoor keys. (@Aptimex) - Added keys for Metro Q transit cards in Huston, TX. (@Anarchothulhu) -- Add new Mifare Classic keys from MifareClassicTool and Flipper projects. (@onovy) +- Added keys from MifareClassicTool and Flipper projects. (@onovy) ## [Backdoor.4.18994][2024-09-10] - Changed flashing messages to be less scary (@iceman1001) From a039ac18cc2c5ea18d7c2ffd2bb300d9c131a598 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 22 Nov 2024 12:15:19 +0100 Subject: [PATCH 007/150] Release v4.19552 - Orca --- Makefile.defs | 4 ++-- armsrc/Makefile | 2 +- bootrom/Makefile | 2 +- client/CMakeLists.txt | 4 ++-- client/Makefile | 4 ++-- client/deps/amiibo.cmake | 2 +- client/deps/cliparser.cmake | 2 +- client/deps/hardnested.cmake | 18 ++++++++-------- client/deps/id48lib.cmake | 2 +- client/deps/jansson.cmake | 2 +- client/deps/lua.cmake | 2 +- client/deps/mbedtls.cmake | 2 +- client/deps/reveng.cmake | 2 +- client/deps/tinycbor.cmake | 2 +- client/deps/whereami.cmake | 2 +- client/experimental_lib/CMakeLists.txt | 2 +- client/src/proxmark3.c | 2 +- common/default_version_pm3.c | 29 +++++++------------------- common_arm/Makefile.common | 2 +- 19 files changed, 36 insertions(+), 51 deletions(-) diff --git a/Makefile.defs b/Makefile.defs index 2496057fa..0d6066489 100644 --- a/Makefile.defs +++ b/Makefile.defs @@ -112,8 +112,8 @@ ifeq ($(DEBUG),1) DEFCFLAGS = -g -O0 -fstrict-aliasing -pipe DEFLDFLAGS = else - DEFCXXFLAGS = -Wall -Werror -O3 -pipe - DEFCFLAGS = -Wall -Werror -O3 -fstrict-aliasing -pipe + DEFCXXFLAGS = -Wall -O3 -pipe + DEFCFLAGS = -Wall -O3 -fstrict-aliasing -pipe DEFLDFLAGS = endif diff --git a/armsrc/Makefile b/armsrc/Makefile index dedccd3e0..b784c0a85 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -185,7 +185,7 @@ showinfo: # version_pm3.c should be checked on every time fullimage.stage1.elf should be remade version_pm3.c: default_version_pm3.c $(OBJDIR)/fpga_version_info.o $(OBJDIR)/fpga_all.o $(THUMBOBJ) $(ARMOBJ) .FORCE $(info [-] CHECK $@) - $(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@ + $(Q)$(CP) $< $@ fpga_version_info.c: $(FPGA_BITSTREAMS) $(FPGA_COMPRESSOR) $(info [-] GEN $@) diff --git a/bootrom/Makefile b/bootrom/Makefile index b6825530d..86c785cd1 100644 --- a/bootrom/Makefile +++ b/bootrom/Makefile @@ -56,7 +56,7 @@ OBJS = $(OBJDIR)/bootrom.s19 # version_pm3.c should be checked on every compilation version_pm3.c: default_version_pm3.c .FORCE $(info [=] CHECK $@) - $(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@ + $(Q)$(CP) $< $@ all: showinfo $(OBJS) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 544fe5395..8d1ab6c58 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -431,7 +431,7 @@ set (TARGET_SOURCES add_custom_command( OUTPUT ${CMAKE_BINARY_DIR}/version_pm3.c - COMMAND sh ${PM3_ROOT}/tools/mkversion.sh ${CMAKE_BINARY_DIR}/version_pm3.c || ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c + COMMAND ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c DEPENDS ${PM3_ROOT}/common/default_version_pm3.c ) @@ -689,7 +689,7 @@ add_executable(proxmark3 ${ADDITIONAL_SRC} ) -target_compile_options(proxmark3 PUBLIC -Wall -Werror -O3) +target_compile_options(proxmark3 PUBLIC -Wall -O3) if (EMBED_READLINE) if (NOT SKIPREADLINE EQUAL 1) add_dependencies(proxmark3 ncurses readline) diff --git a/client/Makefile b/client/Makefile index f7a59ed3f..3fcb0350f 100644 --- a/client/Makefile +++ b/client/Makefile @@ -446,7 +446,7 @@ endif PM3CFLAGS += -DHAVE_SNPRINTF -CXXFLAGS ?= -Wall -Werror +CXXFLAGS ?= -Wall CXXFLAGS += $(MYDEFS) $(MYCXXFLAGS) $(MYINCLUDES) PM3CXXFLAGS = $(CXXFLAGS) @@ -979,7 +979,7 @@ src/pm3_pywrap.c: pm3.i # version_pm3.c should be checked on every compilation src/version_pm3.c: default_version_pm3.c .FORCE $(info [=] CHECK $@) - $(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@ + $(Q)$(CP) $< $@ # easy printing of MAKE VARIABLES print-%: ; @echo $* = $($*) diff --git a/client/deps/amiibo.cmake b/client/deps/amiibo.cmake index c946c0682..8c524c170 100644 --- a/client/deps/amiibo.cmake +++ b/client/deps/amiibo.cmake @@ -19,7 +19,7 @@ target_link_libraries(pm3rrg_rdv4_amiibo PRIVATE m pm3rrg_rdv4_mbedtls) -target_compile_options(pm3rrg_rdv4_amiibo PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_amiibo PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_amiibo PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_amiibo PRIVATE amiitool diff --git a/client/deps/cliparser.cmake b/client/deps/cliparser.cmake index fccae33b7..a85cc2374 100644 --- a/client/deps/cliparser.cmake +++ b/client/deps/cliparser.cmake @@ -9,5 +9,5 @@ target_include_directories(pm3rrg_rdv4_cliparser PRIVATE ../../include ../src) target_include_directories(pm3rrg_rdv4_cliparser INTERFACE cliparser) -target_compile_options(pm3rrg_rdv4_cliparser PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_cliparser PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_cliparser PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/hardnested.cmake b/client/deps/hardnested.cmake index ec545e2a8..468ee4ef2 100644 --- a/client/deps/hardnested.cmake +++ b/client/deps/hardnested.cmake @@ -2,7 +2,7 @@ add_library(pm3rrg_rdv4_hardnested_nosimd OBJECT hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) -target_compile_options(pm3rrg_rdv4_hardnested_nosimd PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_hardnested_nosimd PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_hardnested_nosimd PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_hardnested_nosimd PRIVATE @@ -32,7 +32,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_mmx PRIVATE -Wall -Werror -O3) + target_compile_options(pm3rrg_rdv4_hardnested_mmx PRIVATE -Wall -O3) target_compile_options(pm3rrg_rdv4_hardnested_mmx BEFORE PRIVATE -mmmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_mmx PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -47,7 +47,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_sse2 PRIVATE -Wall -Werror -O3) + target_compile_options(pm3rrg_rdv4_hardnested_sse2 PRIVATE -Wall -O3) target_compile_options(pm3rrg_rdv4_hardnested_sse2 BEFORE PRIVATE -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_sse2 PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -62,7 +62,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_avx PRIVATE -Wall -Werror -O3) + target_compile_options(pm3rrg_rdv4_hardnested_avx PRIVATE -Wall -O3) target_compile_options(pm3rrg_rdv4_hardnested_avx BEFORE PRIVATE -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_avx PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -77,7 +77,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_avx2 PRIVATE -Wall -Werror -O3) + target_compile_options(pm3rrg_rdv4_hardnested_avx2 PRIVATE -Wall -O3) target_compile_options(pm3rrg_rdv4_hardnested_avx2 BEFORE PRIVATE -mmmx -msse2 -mavx -mavx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_avx2 PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -92,7 +92,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_avx512 PRIVATE -Wall -Werror -O3) + target_compile_options(pm3rrg_rdv4_hardnested_avx512 PRIVATE -Wall -O3) target_compile_options(pm3rrg_rdv4_hardnested_avx512 BEFORE PRIVATE -mmmx -msse2 -mavx -mavx2 -mavx512f) set_property(TARGET pm3rrg_rdv4_hardnested_avx512 PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -116,7 +116,7 @@ elseif ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST ARM64_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -Werror -O3) + target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_hardnested_neon PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_hardnested_neon PRIVATE @@ -134,7 +134,7 @@ elseif ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST ARM32_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -Werror -O3) + target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -O3) target_compile_options(pm3rrg_rdv4_hardnested_neon BEFORE PRIVATE -mfpu=neon) set_property(TARGET pm3rrg_rdv4_hardnested_neon PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -155,7 +155,7 @@ add_library(pm3rrg_rdv4_hardnested STATIC hardnested/hardnested_bruteforce.c $ ${SIMD_TARGETS}) -target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_hardnested PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_hardnested PRIVATE ../../common diff --git a/client/deps/id48lib.cmake b/client/deps/id48lib.cmake index 47205d494..fa57d7855 100644 --- a/client/deps/id48lib.cmake +++ b/client/deps/id48lib.cmake @@ -3,7 +3,7 @@ add_library(pm3rrg_rdv4_id48 STATIC id48/id48_generator.c id48/id48_recover.c ) -target_compile_options( pm3rrg_rdv4_id48 PRIVATE -Wpedantic -Wall -Werror -O3 -Wno-unknown-pragmas -Wno-inline -Wno-unused-function -DID48_NO_STDIO) +target_compile_options( pm3rrg_rdv4_id48 PRIVATE -Wpedantic -Wall -O3 -Wno-unknown-pragmas -Wno-inline -Wno-unused-function -DID48_NO_STDIO) target_include_directories(pm3rrg_rdv4_id48 PRIVATE id48) target_include_directories(pm3rrg_rdv4_id48 INTERFACE id48) set_property(TARGET pm3rrg_rdv4_id48 PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/jansson.cmake b/client/deps/jansson.cmake index c91a47047..42c701d5e 100644 --- a/client/deps/jansson.cmake +++ b/client/deps/jansson.cmake @@ -14,5 +14,5 @@ add_library(pm3rrg_rdv4_jansson STATIC target_compile_definitions(pm3rrg_rdv4_jansson PRIVATE HAVE_STDINT_H) target_include_directories(pm3rrg_rdv4_jansson INTERFACE jansson) -target_compile_options(pm3rrg_rdv4_jansson PRIVATE -Wall -Werror -Wno-unused-function -O3) +target_compile_options(pm3rrg_rdv4_jansson PRIVATE -Wall -Wno-unused-function -O3) set_property(TARGET pm3rrg_rdv4_jansson PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/lua.cmake b/client/deps/lua.cmake index d89275be6..3bf85e1ce 100644 --- a/client/deps/lua.cmake +++ b/client/deps/lua.cmake @@ -52,5 +52,5 @@ if (NOT MINGW) endif (NOT MINGW) target_include_directories(pm3rrg_rdv4_lua INTERFACE liblua) -target_compile_options(pm3rrg_rdv4_lua PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_lua PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_lua PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/mbedtls.cmake b/client/deps/mbedtls.cmake index 49c141b68..7c72925ab 100644 --- a/client/deps/mbedtls.cmake +++ b/client/deps/mbedtls.cmake @@ -49,5 +49,5 @@ add_library(pm3rrg_rdv4_mbedtls STATIC target_include_directories(pm3rrg_rdv4_mbedtls PRIVATE ../../common) target_include_directories(pm3rrg_rdv4_mbedtls INTERFACE ../../common/mbedtls) -target_compile_options(pm3rrg_rdv4_mbedtls PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_mbedtls PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_mbedtls PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/reveng.cmake b/client/deps/reveng.cmake index d7e3cfd8a..1040730f1 100644 --- a/client/deps/reveng.cmake +++ b/client/deps/reveng.cmake @@ -13,5 +13,5 @@ target_include_directories(pm3rrg_rdv4_reveng PRIVATE ../src ../../include) target_include_directories(pm3rrg_rdv4_reveng INTERFACE reveng) -target_compile_options(pm3rrg_rdv4_reveng PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_reveng PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_reveng PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/tinycbor.cmake b/client/deps/tinycbor.cmake index 5a6abda25..c74618149 100644 --- a/client/deps/tinycbor.cmake +++ b/client/deps/tinycbor.cmake @@ -11,5 +11,5 @@ add_library(pm3rrg_rdv4_tinycbor STATIC target_include_directories(pm3rrg_rdv4_tinycbor INTERFACE tinycbor) # Strange errors on Mingw when compiling with -O3 -target_compile_options(pm3rrg_rdv4_tinycbor PRIVATE -Wall -Werror -O2) +target_compile_options(pm3rrg_rdv4_tinycbor PRIVATE -Wall -O2) set_property(TARGET pm3rrg_rdv4_tinycbor PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/whereami.cmake b/client/deps/whereami.cmake index d2d6a5b2a..721873066 100644 --- a/client/deps/whereami.cmake +++ b/client/deps/whereami.cmake @@ -2,5 +2,5 @@ add_library(pm3rrg_rdv4_whereami STATIC whereami/whereami.c) target_compile_definitions(pm3rrg_rdv4_whereami PRIVATE WAI_PM3_TUNED) target_include_directories(pm3rrg_rdv4_whereami INTERFACE whereami) -target_compile_options(pm3rrg_rdv4_whereami PRIVATE -Wall -Werror -O3) +target_compile_options(pm3rrg_rdv4_whereami PRIVATE -Wall -O3) set_property(TARGET pm3rrg_rdv4_whereami PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/experimental_lib/CMakeLists.txt b/client/experimental_lib/CMakeLists.txt index e9ac8bb33..ca3317e2d 100644 --- a/client/experimental_lib/CMakeLists.txt +++ b/client/experimental_lib/CMakeLists.txt @@ -432,7 +432,7 @@ set (TARGET_SOURCES add_custom_command( OUTPUT ${CMAKE_BINARY_DIR}/version_pm3.c - COMMAND sh ${PM3_ROOT}/tools/mkversion.sh ${CMAKE_BINARY_DIR}/version_pm3.c || ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c + COMMAND ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c DEPENDS ${PM3_ROOT}/common/default_version_pm3.c ) diff --git a/client/src/proxmark3.c b/client/src/proxmark3.c index 1f80acb88..f0d52cb8a 100644 --- a/client/src/proxmark3.c +++ b/client/src/proxmark3.c @@ -49,7 +49,7 @@ static int mainret = PM3_SUCCESS; #ifndef LIBPM3 #define BANNERMSG1 "" #define BANNERMSG2 " [ :coffee: ]" -#define BANNERMSG3 "" +#define BANNERMSG3 "Release v4.19552 - Orca" typedef enum LogoMode { UTF8, ANSI, ASCII } LogoMode; diff --git a/common/default_version_pm3.c b/common/default_version_pm3.c index d93a7ef15..4380f2132 100644 --- a/common/default_version_pm3.c +++ b/common/default_version_pm3.c @@ -1,20 +1,5 @@ -//----------------------------------------------------------------------------- -// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// See LICENSE.txt for the text of the license. -//----------------------------------------------------------------------------- #include "common.h" -/* This is the default version_pm3.c file that Makefile.common falls back to if sh is not available */ +/* Generated file, do not edit */ #ifndef ON_DEVICE #define SECTVERSINFO #else @@ -23,10 +8,10 @@ const struct version_information_t SECTVERSINFO g_version_information = { VERSION_INFORMATION_MAGIC, - 1, /* version 1 */ - 0, /* version information not present */ - 2, /* cleanliness couldn't be determined */ - "Iceman/master/unknown", - "1970-01-01 00:00:00", - "no sha256" + 1, + 1, + 2, + "Iceman/master/v4.19552", + "2024-11-22 12:15:19", + "a3319015f" }; diff --git a/common_arm/Makefile.common b/common_arm/Makefile.common index e8e574112..a845963b2 100644 --- a/common_arm/Makefile.common +++ b/common_arm/Makefile.common @@ -49,7 +49,7 @@ VPATH = . ../common_arm ../common ../common/crapto1 ../common/mbedtls ../common/ INCLUDES = ../include/proxmark3_arm.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/pm3_cmd.h ARMCFLAGS = -mthumb-interwork -fno-builtin -DEFCFLAGS = -Wall -Werror -Os -pedantic -fstrict-aliasing -pipe +DEFCFLAGS = -Wall -Os -pedantic -fstrict-aliasing -pipe # Some more warnings we want as errors: DEFCFLAGS += -Wbad-function-cast -Wchar-subscripts -Wundef -Wunused -Wuninitialized -Wpointer-arith -Wformat -Wformat-security -Winit-self -Wmissing-include-dirs -Wnested-externs -Wempty-body -Wignored-qualifiers -Wmissing-field-initializers -Wtype-limits From daff8228a22e7db3f6c521c490415c8614d535ee Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 22 Nov 2024 12:15:19 +0100 Subject: [PATCH 008/150] Revert "Release v4.19552 - Orca" This reverts commit a039ac18cc2c5ea18d7c2ffd2bb300d9c131a598. --- Makefile.defs | 4 ++-- armsrc/Makefile | 2 +- bootrom/Makefile | 2 +- client/CMakeLists.txt | 4 ++-- client/Makefile | 4 ++-- client/deps/amiibo.cmake | 2 +- client/deps/cliparser.cmake | 2 +- client/deps/hardnested.cmake | 18 ++++++++-------- client/deps/id48lib.cmake | 2 +- client/deps/jansson.cmake | 2 +- client/deps/lua.cmake | 2 +- client/deps/mbedtls.cmake | 2 +- client/deps/reveng.cmake | 2 +- client/deps/tinycbor.cmake | 2 +- client/deps/whereami.cmake | 2 +- client/experimental_lib/CMakeLists.txt | 2 +- client/src/proxmark3.c | 2 +- common/default_version_pm3.c | 29 +++++++++++++++++++------- common_arm/Makefile.common | 2 +- 19 files changed, 51 insertions(+), 36 deletions(-) diff --git a/Makefile.defs b/Makefile.defs index 0d6066489..2496057fa 100644 --- a/Makefile.defs +++ b/Makefile.defs @@ -112,8 +112,8 @@ ifeq ($(DEBUG),1) DEFCFLAGS = -g -O0 -fstrict-aliasing -pipe DEFLDFLAGS = else - DEFCXXFLAGS = -Wall -O3 -pipe - DEFCFLAGS = -Wall -O3 -fstrict-aliasing -pipe + DEFCXXFLAGS = -Wall -Werror -O3 -pipe + DEFCFLAGS = -Wall -Werror -O3 -fstrict-aliasing -pipe DEFLDFLAGS = endif diff --git a/armsrc/Makefile b/armsrc/Makefile index b784c0a85..dedccd3e0 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -185,7 +185,7 @@ showinfo: # version_pm3.c should be checked on every time fullimage.stage1.elf should be remade version_pm3.c: default_version_pm3.c $(OBJDIR)/fpga_version_info.o $(OBJDIR)/fpga_all.o $(THUMBOBJ) $(ARMOBJ) .FORCE $(info [-] CHECK $@) - $(Q)$(CP) $< $@ + $(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@ fpga_version_info.c: $(FPGA_BITSTREAMS) $(FPGA_COMPRESSOR) $(info [-] GEN $@) diff --git a/bootrom/Makefile b/bootrom/Makefile index 86c785cd1..b6825530d 100644 --- a/bootrom/Makefile +++ b/bootrom/Makefile @@ -56,7 +56,7 @@ OBJS = $(OBJDIR)/bootrom.s19 # version_pm3.c should be checked on every compilation version_pm3.c: default_version_pm3.c .FORCE $(info [=] CHECK $@) - $(Q)$(CP) $< $@ + $(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@ all: showinfo $(OBJS) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 8d1ab6c58..544fe5395 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -431,7 +431,7 @@ set (TARGET_SOURCES add_custom_command( OUTPUT ${CMAKE_BINARY_DIR}/version_pm3.c - COMMAND ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c + COMMAND sh ${PM3_ROOT}/tools/mkversion.sh ${CMAKE_BINARY_DIR}/version_pm3.c || ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c DEPENDS ${PM3_ROOT}/common/default_version_pm3.c ) @@ -689,7 +689,7 @@ add_executable(proxmark3 ${ADDITIONAL_SRC} ) -target_compile_options(proxmark3 PUBLIC -Wall -O3) +target_compile_options(proxmark3 PUBLIC -Wall -Werror -O3) if (EMBED_READLINE) if (NOT SKIPREADLINE EQUAL 1) add_dependencies(proxmark3 ncurses readline) diff --git a/client/Makefile b/client/Makefile index 3fcb0350f..f7a59ed3f 100644 --- a/client/Makefile +++ b/client/Makefile @@ -446,7 +446,7 @@ endif PM3CFLAGS += -DHAVE_SNPRINTF -CXXFLAGS ?= -Wall +CXXFLAGS ?= -Wall -Werror CXXFLAGS += $(MYDEFS) $(MYCXXFLAGS) $(MYINCLUDES) PM3CXXFLAGS = $(CXXFLAGS) @@ -979,7 +979,7 @@ src/pm3_pywrap.c: pm3.i # version_pm3.c should be checked on every compilation src/version_pm3.c: default_version_pm3.c .FORCE $(info [=] CHECK $@) - $(Q)$(CP) $< $@ + $(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@ # easy printing of MAKE VARIABLES print-%: ; @echo $* = $($*) diff --git a/client/deps/amiibo.cmake b/client/deps/amiibo.cmake index 8c524c170..c946c0682 100644 --- a/client/deps/amiibo.cmake +++ b/client/deps/amiibo.cmake @@ -19,7 +19,7 @@ target_link_libraries(pm3rrg_rdv4_amiibo PRIVATE m pm3rrg_rdv4_mbedtls) -target_compile_options(pm3rrg_rdv4_amiibo PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_amiibo PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_amiibo PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_amiibo PRIVATE amiitool diff --git a/client/deps/cliparser.cmake b/client/deps/cliparser.cmake index a85cc2374..fccae33b7 100644 --- a/client/deps/cliparser.cmake +++ b/client/deps/cliparser.cmake @@ -9,5 +9,5 @@ target_include_directories(pm3rrg_rdv4_cliparser PRIVATE ../../include ../src) target_include_directories(pm3rrg_rdv4_cliparser INTERFACE cliparser) -target_compile_options(pm3rrg_rdv4_cliparser PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_cliparser PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_cliparser PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/hardnested.cmake b/client/deps/hardnested.cmake index 468ee4ef2..ec545e2a8 100644 --- a/client/deps/hardnested.cmake +++ b/client/deps/hardnested.cmake @@ -2,7 +2,7 @@ add_library(pm3rrg_rdv4_hardnested_nosimd OBJECT hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) -target_compile_options(pm3rrg_rdv4_hardnested_nosimd PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_hardnested_nosimd PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_hardnested_nosimd PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_hardnested_nosimd PRIVATE @@ -32,7 +32,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_mmx PRIVATE -Wall -O3) + target_compile_options(pm3rrg_rdv4_hardnested_mmx PRIVATE -Wall -Werror -O3) target_compile_options(pm3rrg_rdv4_hardnested_mmx BEFORE PRIVATE -mmmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_mmx PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -47,7 +47,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_sse2 PRIVATE -Wall -O3) + target_compile_options(pm3rrg_rdv4_hardnested_sse2 PRIVATE -Wall -Werror -O3) target_compile_options(pm3rrg_rdv4_hardnested_sse2 BEFORE PRIVATE -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_sse2 PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -62,7 +62,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_avx PRIVATE -Wall -O3) + target_compile_options(pm3rrg_rdv4_hardnested_avx PRIVATE -Wall -Werror -O3) target_compile_options(pm3rrg_rdv4_hardnested_avx BEFORE PRIVATE -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_avx PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -77,7 +77,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_avx2 PRIVATE -Wall -O3) + target_compile_options(pm3rrg_rdv4_hardnested_avx2 PRIVATE -Wall -Werror -O3) target_compile_options(pm3rrg_rdv4_hardnested_avx2 BEFORE PRIVATE -mmmx -msse2 -mavx -mavx2 -mno-avx512f) set_property(TARGET pm3rrg_rdv4_hardnested_avx2 PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -92,7 +92,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_avx512 PRIVATE -Wall -O3) + target_compile_options(pm3rrg_rdv4_hardnested_avx512 PRIVATE -Wall -Werror -O3) target_compile_options(pm3rrg_rdv4_hardnested_avx512 BEFORE PRIVATE -mmmx -msse2 -mavx -mavx2 -mavx512f) set_property(TARGET pm3rrg_rdv4_hardnested_avx512 PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -116,7 +116,7 @@ elseif ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST ARM64_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -O3) + target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_hardnested_neon PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_hardnested_neon PRIVATE @@ -134,7 +134,7 @@ elseif ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST ARM32_CPUS) hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c) - target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -O3) + target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -Werror -O3) target_compile_options(pm3rrg_rdv4_hardnested_neon BEFORE PRIVATE -mfpu=neon) set_property(TARGET pm3rrg_rdv4_hardnested_neon PROPERTY POSITION_INDEPENDENT_CODE ON) @@ -155,7 +155,7 @@ add_library(pm3rrg_rdv4_hardnested STATIC hardnested/hardnested_bruteforce.c $ ${SIMD_TARGETS}) -target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_hardnested PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_hardnested PRIVATE ../../common diff --git a/client/deps/id48lib.cmake b/client/deps/id48lib.cmake index fa57d7855..47205d494 100644 --- a/client/deps/id48lib.cmake +++ b/client/deps/id48lib.cmake @@ -3,7 +3,7 @@ add_library(pm3rrg_rdv4_id48 STATIC id48/id48_generator.c id48/id48_recover.c ) -target_compile_options( pm3rrg_rdv4_id48 PRIVATE -Wpedantic -Wall -O3 -Wno-unknown-pragmas -Wno-inline -Wno-unused-function -DID48_NO_STDIO) +target_compile_options( pm3rrg_rdv4_id48 PRIVATE -Wpedantic -Wall -Werror -O3 -Wno-unknown-pragmas -Wno-inline -Wno-unused-function -DID48_NO_STDIO) target_include_directories(pm3rrg_rdv4_id48 PRIVATE id48) target_include_directories(pm3rrg_rdv4_id48 INTERFACE id48) set_property(TARGET pm3rrg_rdv4_id48 PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/jansson.cmake b/client/deps/jansson.cmake index 42c701d5e..c91a47047 100644 --- a/client/deps/jansson.cmake +++ b/client/deps/jansson.cmake @@ -14,5 +14,5 @@ add_library(pm3rrg_rdv4_jansson STATIC target_compile_definitions(pm3rrg_rdv4_jansson PRIVATE HAVE_STDINT_H) target_include_directories(pm3rrg_rdv4_jansson INTERFACE jansson) -target_compile_options(pm3rrg_rdv4_jansson PRIVATE -Wall -Wno-unused-function -O3) +target_compile_options(pm3rrg_rdv4_jansson PRIVATE -Wall -Werror -Wno-unused-function -O3) set_property(TARGET pm3rrg_rdv4_jansson PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/lua.cmake b/client/deps/lua.cmake index 3bf85e1ce..d89275be6 100644 --- a/client/deps/lua.cmake +++ b/client/deps/lua.cmake @@ -52,5 +52,5 @@ if (NOT MINGW) endif (NOT MINGW) target_include_directories(pm3rrg_rdv4_lua INTERFACE liblua) -target_compile_options(pm3rrg_rdv4_lua PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_lua PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_lua PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/mbedtls.cmake b/client/deps/mbedtls.cmake index 7c72925ab..49c141b68 100644 --- a/client/deps/mbedtls.cmake +++ b/client/deps/mbedtls.cmake @@ -49,5 +49,5 @@ add_library(pm3rrg_rdv4_mbedtls STATIC target_include_directories(pm3rrg_rdv4_mbedtls PRIVATE ../../common) target_include_directories(pm3rrg_rdv4_mbedtls INTERFACE ../../common/mbedtls) -target_compile_options(pm3rrg_rdv4_mbedtls PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_mbedtls PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_mbedtls PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/reveng.cmake b/client/deps/reveng.cmake index 1040730f1..d7e3cfd8a 100644 --- a/client/deps/reveng.cmake +++ b/client/deps/reveng.cmake @@ -13,5 +13,5 @@ target_include_directories(pm3rrg_rdv4_reveng PRIVATE ../src ../../include) target_include_directories(pm3rrg_rdv4_reveng INTERFACE reveng) -target_compile_options(pm3rrg_rdv4_reveng PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_reveng PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_reveng PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/tinycbor.cmake b/client/deps/tinycbor.cmake index c74618149..5a6abda25 100644 --- a/client/deps/tinycbor.cmake +++ b/client/deps/tinycbor.cmake @@ -11,5 +11,5 @@ add_library(pm3rrg_rdv4_tinycbor STATIC target_include_directories(pm3rrg_rdv4_tinycbor INTERFACE tinycbor) # Strange errors on Mingw when compiling with -O3 -target_compile_options(pm3rrg_rdv4_tinycbor PRIVATE -Wall -O2) +target_compile_options(pm3rrg_rdv4_tinycbor PRIVATE -Wall -Werror -O2) set_property(TARGET pm3rrg_rdv4_tinycbor PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/deps/whereami.cmake b/client/deps/whereami.cmake index 721873066..d2d6a5b2a 100644 --- a/client/deps/whereami.cmake +++ b/client/deps/whereami.cmake @@ -2,5 +2,5 @@ add_library(pm3rrg_rdv4_whereami STATIC whereami/whereami.c) target_compile_definitions(pm3rrg_rdv4_whereami PRIVATE WAI_PM3_TUNED) target_include_directories(pm3rrg_rdv4_whereami INTERFACE whereami) -target_compile_options(pm3rrg_rdv4_whereami PRIVATE -Wall -O3) +target_compile_options(pm3rrg_rdv4_whereami PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_whereami PROPERTY POSITION_INDEPENDENT_CODE ON) diff --git a/client/experimental_lib/CMakeLists.txt b/client/experimental_lib/CMakeLists.txt index ca3317e2d..e9ac8bb33 100644 --- a/client/experimental_lib/CMakeLists.txt +++ b/client/experimental_lib/CMakeLists.txt @@ -432,7 +432,7 @@ set (TARGET_SOURCES add_custom_command( OUTPUT ${CMAKE_BINARY_DIR}/version_pm3.c - COMMAND ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c + COMMAND sh ${PM3_ROOT}/tools/mkversion.sh ${CMAKE_BINARY_DIR}/version_pm3.c || ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c DEPENDS ${PM3_ROOT}/common/default_version_pm3.c ) diff --git a/client/src/proxmark3.c b/client/src/proxmark3.c index f0d52cb8a..1f80acb88 100644 --- a/client/src/proxmark3.c +++ b/client/src/proxmark3.c @@ -49,7 +49,7 @@ static int mainret = PM3_SUCCESS; #ifndef LIBPM3 #define BANNERMSG1 "" #define BANNERMSG2 " [ :coffee: ]" -#define BANNERMSG3 "Release v4.19552 - Orca" +#define BANNERMSG3 "" typedef enum LogoMode { UTF8, ANSI, ASCII } LogoMode; diff --git a/common/default_version_pm3.c b/common/default_version_pm3.c index 4380f2132..d93a7ef15 100644 --- a/common/default_version_pm3.c +++ b/common/default_version_pm3.c @@ -1,5 +1,20 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- #include "common.h" -/* Generated file, do not edit */ +/* This is the default version_pm3.c file that Makefile.common falls back to if sh is not available */ #ifndef ON_DEVICE #define SECTVERSINFO #else @@ -8,10 +23,10 @@ const struct version_information_t SECTVERSINFO g_version_information = { VERSION_INFORMATION_MAGIC, - 1, - 1, - 2, - "Iceman/master/v4.19552", - "2024-11-22 12:15:19", - "a3319015f" + 1, /* version 1 */ + 0, /* version information not present */ + 2, /* cleanliness couldn't be determined */ + "Iceman/master/unknown", + "1970-01-01 00:00:00", + "no sha256" }; diff --git a/common_arm/Makefile.common b/common_arm/Makefile.common index a845963b2..e8e574112 100644 --- a/common_arm/Makefile.common +++ b/common_arm/Makefile.common @@ -49,7 +49,7 @@ VPATH = . ../common_arm ../common ../common/crapto1 ../common/mbedtls ../common/ INCLUDES = ../include/proxmark3_arm.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/pm3_cmd.h ARMCFLAGS = -mthumb-interwork -fno-builtin -DEFCFLAGS = -Wall -Os -pedantic -fstrict-aliasing -pipe +DEFCFLAGS = -Wall -Werror -Os -pedantic -fstrict-aliasing -pipe # Some more warnings we want as errors: DEFCFLAGS += -Wbad-function-cast -Wchar-subscripts -Wundef -Wunused -Wuninitialized -Wpointer-arith -Wformat -Wformat-security -Winit-self -Wmissing-include-dirs -Wnested-externs -Wempty-body -Wignored-qualifiers -Wmissing-field-initializers -Wtype-limits From 8c9904b274230f7c24082e5ac6ce7a6f607256a8 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 22 Nov 2024 12:19:10 +0100 Subject: [PATCH 009/150] update release info --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b474de0fc..7ac865172 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ## [unreleased][unreleased] -## [Orca][2024-11-22] +## [Orca.4.19552][2024-11-22] - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) - Fixed `mem spiffs tree` - now show correct symlink name (@ANTodorov) - Fixed `mem spiffs wipe` - reported file/link names is now correct (@ANTodorov) From 3451374cf71ebaed754543651b33fd83488a81d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Nov=C3=BD?= Date: Fri, 22 Nov 2024 21:26:11 +0100 Subject: [PATCH 010/150] Add new Mifare Classic keys from Momentum firmware project. --- CHANGELOG.md | 1 + client/dictionaries/mfc_default_keys.dic | 267 +++++++++++++++++++++++ 2 files changed, 268 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index efe4c5d0a..959596fb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ## [unreleased][unreleased] - Added simulation function to `hf iclass legrec` (@antiklesys) +- Added keys from Momentum firmware projects. (@onovy) ## [Orca.4.19552][2024-11-22] - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index e1d425b80..e156be9ff 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2755,3 +2755,270 @@ D37C8F1793F7 543071543071 5F01015F0101 200510241234 +# Momentum-Firmware +AC935925A876 +ADC169F922CB +AD00EFD353E4 +AEF617B3D004 +AEF617B3D040 +AE381EA0811B +AE683AC2A232 +AF2BFB44A4A5 +A2CA48CA4C05 +A2D5D7469472 +A23412F92811 +A64536FAC799 +A7127F539A16 +A8700E07A58F +A9B9C1D0E3F1 +BC305FE2DA65 +BE3C1BF60B37 +B0A3212D47A5 +B0D58BF147B7 +B02094F92A71 +B1EEAA640EF6 +B19A0664ECA6 +B4FAE0FAD22E +B456E1951216 +B48D7E4E508F +B54D99618ADC +B6728D9B95BA +CA22AF33A19B +CBC83E1548B4 +CB5ED0E57B08 +CC5F59A0CE0A +CF0EC6ACF2F9 +C1F6C7B55F5E +C290A397F84A +C34FAA1931CA +C49C9BF59547 +C497C3BE8273 +C7D1CB6774B0 +C789E4568B99 +C992F85B2DDD +DCD003CF0EA3 +DD30A13519C3 +DD6E74174648 +DE5865F29C44 +DF7C4EC20B50 +D017A84BB582 +D156F66D38EC +D3AEB15D410B +D324152F5BB0 +D3849E31EE4F +D410EFF9113E +D51BCA1DFFFF +D6818C29ED9B +D7142E0F6D0D +D881B675D881 +D9762D114AE5 +EA19E58DD046 +EA4987F8D096 +EB9D9C1B03F6 +EDA4BF3E7B04 +EDC9CC9109A2 +EEF144866688 +E10F0E7A8DD5 +E108EA397A9A +E24359F37FE4 +E3007FA4F781 +E5051FAB4371 +E861FDE1B59F +E87E3554727E +E9B376925A00 +E954024EE754 +FA4D2B3BAFEA +FA8CA10C7D59 +FE98F38F3EE2 +F18D91EE3033 +F3E3F9F977B9 +F4756F7EEAE1 +F654D6C7004F +F697E87E759D +F7A545095C49 +F833E24C3F1C +0CD464CDC100 +0D61BA88789C +0E726E11CFCC +0FC4B1D2EBBA +01E2C14F1B18 +02DB253DC0C7 +03A7AAAA28AD +0380293A9E6D +0402B44FB679 +050BF33DC217 +08A55BC96DC1 +08D6A7765640 +08ED3F92AA53 +09F4EC8D7A66 +1A8CFF2F1BC7 +1C000EB0752F +1D14130D1A0B +1E13EFF32CE2 +101209170A13 +11DDA4862A1C +113355779933 +1153AABAFF6C +12BA20088ED3 +120A7837BB5D +1202165D4EAB +122F595302AA +124F004321D3 +132F641C948B +14CD299DC0C7 +141DF3B1C017 +1415FFFED68D +15B35D0BF715 +156EED7C5F9D +1581C317B073 +164EE10EFFFF +16785FD65BA7 +17C06D19E92F +17E0FA2308FD +1719EB5DAC66 +19BA6776233F +190E6242CE7B +193DFE0FA18E +2B29232D3624 +2CAD8A83DF28 +2D2F182C4024 +2EAD4DD0F7B0 +2FA9B556A4F6 +201106141030 +202011F918A2 +204C0D3DCD9A +20525276F443 +215E9DED9DDF +25FE2B4E4FA9 +251BDBF1C71D +251780F9FBE6 +25467EB0212F +280FD37AD407 +280713CBA260 +286A8893AC6F +3D6F823FFFFF +3E0557273982 +3F41891454EE +30C1DC9DD040 +310308EC52EF +321803E38664 +32774E46C64F +330075000850 +3333F411AAAA +334E91BE3377 +381F84DB8134 +38540EEE8B1C +4A1094F378D8 +4A6E1CAD6D3D +4C44200BC9C5 +4D4946415245 +40454EE64229 +41CD3CD99DD5 +4149206E9BAE +42F82DB5C4AF +4204784B0DC9 +43204334546F +439FB891279F +44ACB624CA14 +44B61F116125 +4427385D72AB +444E4650475A +45450AC8DCA8 +45524DACC5E9 +45574D373B9D +475A444E4650 +4752533E1965 +48B390984150 +48C8852D15F9 +4844426F6E69 +485242F22BE0 +49EE8D52AAB6 +49FEE42DDC18 +49414556EF4D +5AD3FC074A4C +5A15888F3419 +5A2050DA7E3F +5A4920FD6F87 +5CD02DAD8ADE +5C475D2C70C6 +5D819B4BFAF3 +5E696FA0EAD1 +5FA28B8E8BA4 +5F8892561BED +505209266A1F +507A6181E4BF +538BF58687EB +544954CBB2C4 +54546255CDE9 +549BB4FD70C4 +552049EFF3F4 +55213B4F7328 +555D8BBC2D3E +56A4B81B3FC3 +5669C363A4A5 +57E39104CC87 +570FB865D650 +5703815494EF +57059FFD3EE6 +58DBC850A4D5 +585462E190F2 +5990EC1571D7 +6AC79644E0CD +6A530C91F85B +6A86C1895A21 +6C4953590463 +6C79548B3FC3 +6D2BF79566A8 +60D53F070572 +6036F9D72D68 +61152534ACEF +62616E616E61 +66A4932816D3 +6611DFFAAE32 +68C867397AD5 +6862FD600F78 +7ADD3D735725 +7AEB989A5525 +7BF0BE85080F +7B6C00CBAC92 +7CB033257498 +7C20975C6EC9 +7C3AF198425F +7EDAE7923287 +7F796F60FFFF +701AA491A4A5 +72A0C485D3F7 +7213B13D02E0 +722538817225 +7246FCE86427 +735DD20237A9 +746A70C4EF6F +78DF1176C8FD +79E8B59A51E0 +8AC04C1A4E15 +8A0DFD9B7AEA +8A35039F6CD6 +8C524B535E1D +8DF64AB19A16 +8D2B780A148D +8D96A0BA7234 +8EF0AA6432FA +80003D23C6F5 +8000806B5072 +81C0BBCE32E9 +81D6CC146E50 +8380ACDC017E +84A3FD4BA0C6 +840C16869171 +8430A669558C +9AE05868233F +9B2C3E00B561 +9EE3896C4530 +9F14D35BAC08 +9001D0E23F8C +907E5C641D94 +9089B668FFFF +91B1B62402D5 +93FB38FE585A +96AECCC0F7EB +96227EDADBCF From c3e960269027b4bf1d3d4942d5c0c8eff36e5546 Mon Sep 17 00:00:00 2001 From: hochwasser Date: Sat, 23 Nov 2024 10:26:24 +0100 Subject: [PATCH 011/150] Update mfc_default_keys.dic Keys of the BW Kantine Signed-off-by: hochwasser --- client/dictionaries/mfc_default_keys.dic | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index e1d425b80..76b5198b6 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2755,3 +2755,8 @@ D37C8F1793F7 543071543071 5F01015F0101 200510241234 +# +# BW Kantine +56cf3acd90ca +542089792be2 +5420aeada758 From 8ae5e7aee1dccd4234934ce080d98e6b8a9c57c0 Mon Sep 17 00:00:00 2001 From: Akury83 <87064827+Akury83@users.noreply.github.com> Date: Sun, 24 Nov 2024 15:45:43 +1100 Subject: [PATCH 012/150] Update t55xx_default_pwds.dic Update to include Chinese cloner ZX-COPY10. Sniffed using the pm3 client: ```[usb] pm3 --> lf t5 sniff -1 [=] T55xx command detection [+] Downlink mode | password | Data | blk | page | 0 | 1 | raw [+] ------------------------+------------+----------+-----+------+-----+-----+------------------------------------------------------------------------------- [+] Default Read | | | 3 | 0 | 18 | 47 | 101011 [+] Default write/pwd read | [00083838] | 00107070 | 0 | 0 | 18 | 46 | 10000000000000100000111000001110000000 [+] Leading 0 pwd write | 00000000 | 00000000 | 0 | 0 | 6 | 70 | 0100000000000000000000000000000000000000000000000000000000000000000000000 [+] Default write/pwd read | [0EAAACAA] | 1D555955 | 1 | 0 | 18 | 46 | 10000011101010101010101100101010101001 [+] Default write/pwd read | [2AB2CB4D] | 5565969A | 2 | 0 | 18 | 46 | 10001010101011001011001011010011010010 [+] Leading 0 pwd write | 00000000 | 00000000 | 0 | 0 | 7 | 16 | 0100000000000000000000000000000000000000000000000000000000000000000000000 [+] Default write/pwd read | [4B352AB2] | 966A5565 | 3 | 0 | 18 | 47 | 10010010110011010100101010101100101011 [+] Leading 0 pwd write | 00000000 | 00000000 | 0 | 0 | 8 | 23 | 0100000000000000000000000000000000000000000000000000000000000000000000000 [+] Default write/pwd read | [3D9EAE24] | 7B3D5C48 | 7 | 0 | 18 | 46 | 10001111011001111010101110001001000111 [+] ----------------------------------------------------------------------------------------------------------------------------------------------------- [usb] pm3 --> lf t5 det -p 7b3d5c48 [=] Chip type......... T55x7 [=] Modulation........ FSK2a [=] Bit rate.......... 4 - RF/50 [=] Inverted.......... Yes [=] Offset............ 33 [=] Seq. terminator... No [=] Block0............ 00107070 (auto detect) [=] Downlink mode..... default/fixed bit length [=] Password set...... Yes [=] Password.......... 7B3D5C48 [usb] pm3 -->``` Signed-off-by: Akury83 <87064827+Akury83@users.noreply.github.com> --- client/dictionaries/t55xx_default_pwds.dic | 2 ++ 1 file changed, 2 insertions(+) diff --git a/client/dictionaries/t55xx_default_pwds.dic b/client/dictionaries/t55xx_default_pwds.dic index 570264306..206e702f7 100644 --- a/client/dictionaries/t55xx_default_pwds.dic +++ b/client/dictionaries/t55xx_default_pwds.dic @@ -22,6 +22,8 @@ F9DCEBA0 89A69E60 # ref lock 314159E0 +#Zonsin ZX-COPY10 +7B3D5C48 # ref. http://www.proxmark.org/forum/viewtopic.php?pid=28115#p28115 AA55BBBB # ref. http://www.proxmark.org/forum/viewtopic.php?pid=33376#p33376 From 2f2667944cc0d0f4f9da238e8f79e42b3cf3f083 Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Sun, 24 Nov 2024 12:59:04 +0800 Subject: [PATCH 013/150] Update cmdhficlass.c --- client/src/cmdhficlass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 9ad0e76e2..df0f48f73 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -4280,7 +4280,7 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) { arg_lit0(NULL, "debug", "Re-enables tracing for debugging. Limits cycles to 1."), arg_lit0(NULL, "notest", "Perform real writes on the card!"), arg_lit0(NULL, "allnight", "Loops the loop for 10 times, recommended loop value of 5000."), - arg_lit0(NULL, "sim", "Runs a simulation based on the card's CSN assuming standard key."), + arg_lit0(NULL, "est", "Estimates the key updates based on the card's CSN assuming standard key."), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); From 2aae3317a075cc2dd46017c95f9217356379a0b0 Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Sun, 24 Nov 2024 13:08:28 +0800 Subject: [PATCH 014/150] Added more configcards Added special config cards: 1- Elite Bugger : bugs the reader causing an erroneous and disruptive behavior 2- Added one config card to change the reader's default master key 3- Added a reset master key config card to restore the reader to the default master key --- CHANGELOG.md | 1 + client/src/cmdhficlass.c | 13 ++++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index efe4c5d0a..cdfab6688 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) - Added simulation function to `hf iclass legrec` (@antiklesys) ## [Orca.4.19552][2024-11-22] diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index df0f48f73..a7e215e1e 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -264,7 +264,7 @@ static uint8_t card_app2_limit[] = { 0xff, }; -static iclass_config_card_item_t iclass_config_options[30] = { +static iclass_config_card_item_t iclass_config_options[33] = { //Byte A8 - LED Operations {"(LED) - Led idle (Off) / Led read (Off)", {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBF, 0x18, 0xA8, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, {"(LED) - Led idle (Red) / Led read (Off)", {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBF, 0x18, 0xA8, 0x1F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, @@ -300,11 +300,18 @@ static iclass_config_card_item_t iclass_config_options[30] = { {"(ELITE Key) - Set ELITE Key and Enable Dual key (Elite + Standard)", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, {"(ELITE Key) - Set ELITE Key and ENABLE Keyrolling", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, {"(ELITE Key) - Set ELITE Key and DISABLE Standard Key", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x05, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, - //Erroneous / incorrect reader behaviors + //Erroneous / incorrect reader behaviors (read below) + //Elite Bugger: + //Sets block 3 of card 0 presented to the reader to 0, sets block 3 of card 1 presented to the reader to the original value of card 0's block 3 + //Continues setting block 3 of presented cards to block 3 of the previous card the reader scanned + //This renders cards unreadable and hardly recoverable unless the order of the scanned cards is known. + {"(ELITE Bugger) - Renders cards unusable." , {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x02, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, //Reset Operations {"(RESET) - Reset READER to defaults", {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {"(RESET) - Reset ENROLLER to defaults", {0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF}} + {"(RESET) - Reset ENROLLER to defaults", {0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF}}, //Reader Master Key Operations + {"(MASTER Key) - Change Reader Master Key to Custom Key", {0x28, 0xCB, 0x91, 0x9D, 0x00, 0x00, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {"(MASTER Key) - Restore Reader Master Key to Factory Defaults", {0x28, 0xCB, 0x91, 0x9D, 0x00, 0x00, 0x00, 0x1C, 0xE0, 0x5C, 0x91, 0xCF, 0x63, 0x34, 0x23, 0xB9}} }; static const iclass_config_card_item_t *get_config_card_item(int idx) { From c4b8569d87ce8f4d6b9f6f8b1a51dd4feccf538f Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 22 Nov 2024 20:23:55 +0100 Subject: [PATCH 015/150] fix CmdHF14AMfISEN error handling --- armsrc/mifarecmd.c | 2 +- client/src/cmdhfmf.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 026b509b8..1d8e1f55a 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1194,7 +1194,7 @@ out: crypto1_deinit(pcs); LED_B_ON(); if (reply) { - reply_old(CMD_ACK, isOK, cuid, 0, BigBuf_get_EM_addr() + CARD_MEMORY_RF08S_OFFSET, MIFARE_BLOCK_SIZE * (MIFARE_1K_MAXSECTOR + 1)); + reply_mix(CMD_ACK, isOK, cuid, 0, BigBuf_get_EM_addr() + CARD_MEMORY_RF08S_OFFSET, MIFARE_BLOCK_SIZE * (MIFARE_1K_MAXSECTOR + 1)); } LED_B_OFF(); diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index f80005c63..6725ddb9a 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -10007,8 +10007,8 @@ static int CmdHF14AMfISEN(const char *Cmd) { uint64_t t1 = msclock(); uint32_t flags = collect_fm11rf08s_with_data; SendCommandMIX(CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES, flags, 0, 0, key, sizeof(key)); - if (WaitForResponseTimeout(CMD_HF_MIFARE_STATIC_ENCRYPTED_NONCE, &resp, 1000)) { - if (resp.status == PM3_ESOFT) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { + if (resp.oldarg[0] != PM3_SUCCESS) { return NONCE_FAIL; } } From 830549b47498ba7e41e3b231ccd430bf594ed439 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 20 Nov 2024 09:33:21 +0100 Subject: [PATCH 016/150] hf mf isen: add collect_fm11rf08s_without_backdoor option --- armsrc/appmain.c | 2 +- armsrc/mifarecmd.c | 313 +++++++++++++++++++++++++++++-------------- armsrc/mifarecmd.h | 2 +- armsrc/mifareutil.c | 9 ++ armsrc/mifareutil.h | 1 + client/src/cmdhfmf.c | 16 ++- 6 files changed, 239 insertions(+), 104 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index b258b4ff5..ff38906c5 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1778,7 +1778,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES: { - MifareAcquireStaticEncryptedNonces(packet->oldarg[0], packet->data.asBytes, true); + MifareAcquireStaticEncryptedNonces(packet->oldarg[0], packet->data.asBytes, true, packet->oldarg[1], packet->oldarg[2]); break; } case CMD_HF_MIFARE_ACQ_NONCES: { diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 1d8e1f55a..659c5eec0 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1036,7 +1036,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, // acquire static encrypted nonces in order to perform the attack described in // Philippe Teuwen, "MIFARE Classic: exposing the static encrypted nonce variant" //----------------------------------------------------------------------------- -int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply) { +int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply, uint8_t first_block_no, uint8_t first_key_type) { struct Crypto1State mpcs = {0, 0}; struct Crypto1State *pcs; pcs = &mpcs; @@ -1055,6 +1055,10 @@ int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool uint8_t buf[MIFARE_BLOCK_SIZE] = {0x00}; uint64_t ui64Key = bytes_to_num(key, 6); bool with_data = flags & 1; + bool without_backdoor = (flags >> 1) & 1; + if (with_data && without_backdoor) { + return PM3_EINVARG; + } uint32_t cuid = 0; int16_t isOK = PM3_SUCCESS; uint8_t cascade_levels = 0; @@ -1072,121 +1076,230 @@ int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool LED_C_ON(); - for (uint16_t sec = 0; sec < MIFARE_1K_MAXSECTOR + 1; sec++) { - uint16_t sec_gap = sec; - if (sec >= MIFARE_1K_MAXSECTOR) { - // gap between user blocks and advanced verification method blocks - sec_gap += 16; + if (without_backdoor) { + uint32_t nt1 = 0; + + iso14a_card_select_t card_info; + if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (ALL)"); + isOK = PM3_ERFTRANS; + goto out; } - uint16_t blockNo = sec_gap * 4; - for (uint8_t keyType = 0; keyType < 2; keyType++) { - // Test if the action was cancelled - if (BUTTON_PRESS()) { - isOK = PM3_EOPABORTED; + switch (card_info.uidlen) { + case 4 : + cascade_levels = 1; break; + case 7 : + cascade_levels = 2; + break; + case 10: + cascade_levels = 3; + break; + default: + break; + } + if (mifare_classic_authex_cmd(pcs, cuid, first_block_no, MIFARE_AUTH_KEYA + first_key_type, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + + uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + first_key_type, first_block_no, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; + goto out; + } + uint32_t nt_enc = bytes_to_num(receivedAnswer, 4); + + // send some crap to fail auth + CHK_TIMEOUT(); + + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); + isOK = PM3_ERFTRANS; + goto out; + } + if (mifare_classic_authex_cmd(pcs, cuid, first_block_no, MIFARE_AUTH_KEYA + first_key_type, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + // Recover clear nt + struct Crypto1State mpcs_tmp = {0, 0}; + struct Crypto1State *pcs_tmp = &mpcs_tmp; + crypto1_init(pcs_tmp, ui64Key); + uint32_t nt = crypto1_word(pcs_tmp, nt_enc ^ cuid, 1) ^ nt_enc; + int dist = nonce_distance(nt, nt1); + // ref dist is not always stable. Adjust physical distance to maximise ref dist, and try values around estimated nonces... + Dbprintf("Block %2i key %i nested nT=%08x first nT=%08x dist=%i", first_block_no, first_key_type, nt, nt1, dist); + + for (uint16_t sec = 0; sec < MIFARE_1K_MAXSECTOR + 1; sec++) { + uint16_t sec_gap = sec; + if (sec >= MIFARE_1K_MAXSECTOR) { + // gap between user blocks and advanced verification method blocks + sec_gap += 16; } - if (have_uid == false) { // need a full select cycle to get the uid first - iso14a_card_select_t card_info; - if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (ALL)"); - isOK = PM3_ERFTRANS; + uint16_t blockNo = sec_gap * 4; + for (uint8_t keyType = 0; keyType < 2; keyType++) { + // Test if the action was cancelled + if (BUTTON_PRESS()) { + isOK = PM3_EOPABORTED; + break; + } + + len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; goto out; } - switch (card_info.uidlen) { - case 4 : - cascade_levels = 1; - break; - case 7 : - cascade_levels = 2; - break; - case 10: - cascade_levels = 3; - break; - default: - break; - } - have_uid = true; - } else { // no need for anticollision. We can directly select the card + // store nt_enc + memcpy(buf + (keyType * 8) + 4, receivedAnswer, 4); + nt_enc = bytes_to_num(receivedAnswer, 4); + uint8_t nt_par_err = ((((par_enc[0] >> 7) & 1) ^ oddparity8((nt_enc >> 24) & 0xFF)) << 3 | + (((par_enc[0] >> 6) & 1) ^ oddparity8((nt_enc >> 16) & 0xFF)) << 2 | + (((par_enc[0] >> 5) & 1) ^ oddparity8((nt_enc >> 8) & 0xFF)) << 1 | + (((par_enc[0] >> 4) & 1) ^ oddparity8((nt_enc >> 0) & 0xFF))); + // Dbprintf("Sec %2i key %i {nT}=%02x%02x%02x%02x perr=%x", sec, keyType, receivedAnswer[0], receivedAnswer[1], receivedAnswer[2], receivedAnswer[3], nt_par_err); + // store nt_par_err + buf[(keyType * 8) + 2] = nt_par_err; + buf[(keyType * 8) + 3] = 0xAA; // extra check to tell we have nt/nt_enc/par_err + + // send some crap to fail auth + CHK_TIMEOUT(); + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); isOK = PM3_ERFTRANS; goto out; } + if (mifare_classic_authex_cmd(pcs, cuid, first_block_no, MIFARE_AUTH_KEYA + first_key_type, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + nt1 = rewind_nonce(nt1, dist); + num_to_bytes(nt1 >> 16, 2, buf + (keyType * 8)); + emlSetMem_xt(buf, (CARD_MEMORY_RF08S_OFFSET / MIFARE_BLOCK_SIZE) + sec, 1, MIFARE_BLOCK_SIZE); } - - uint32_t nt1 = 0; - if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); - isOK = PM3_ESOFT; - goto out; - }; - if ((with_data) && (keyType == 0)) { - uint8_t data[16]; - uint8_t blocks = 4; - if (blockNo >= MIFARE_1K_MAXSECTOR * 4) { - // special RF08S advanced authentication blocks, let's dump in emulator just in case - blocks = 8; + } + } else { + for (uint16_t sec = 0; sec < MIFARE_1K_MAXSECTOR + 1; sec++) { + uint16_t sec_gap = sec; + if (sec >= MIFARE_1K_MAXSECTOR) { + // gap between user blocks and advanced verification method blocks + sec_gap += 16; + } + uint16_t blockNo = sec_gap * 4; + for (uint8_t keyType = 0; keyType < 2; keyType++) { + // Test if the action was cancelled + if (BUTTON_PRESS()) { + isOK = PM3_EOPABORTED; + break; } - for (uint16_t tb = blockNo; tb < blockNo + blocks; tb++) { - memset(data, 0x00, sizeof(data)); - int res = mifare_classic_readblock(pcs, tb, data); - if (res == 1) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Read error"); - isOK = PM3_ESOFT; + if (have_uid == false) { // need a full select cycle to get the uid first + iso14a_card_select_t card_info; + if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (ALL)"); + isOK = PM3_ERFTRANS; + goto out; + } + switch (card_info.uidlen) { + case 4 : + cascade_levels = 1; + break; + case 7 : + cascade_levels = 2; + break; + case 10: + cascade_levels = 3; + break; + default: + break; + } + have_uid = true; + } else { // no need for anticollision. We can directly select the card + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); + isOK = PM3_ERFTRANS; goto out; } - emlSetMem_xt(data, tb, 1, 16); } - } - // nested authentication - uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType + 4, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); - if (len != 4) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); - isOK = PM3_ESOFT; - goto out; - } - uint32_t nt_enc = bytes_to_num(receivedAnswer, 4); - crypto1_init(pcs, ui64Key); - uint32_t nt = crypto1_word(pcs, nt_enc ^ cuid, 1) ^ nt_enc; - // Dbprintf("Sec %2i key %i nT=%08x", sec, keyType + 4, nt); - // store nt (first half) - num_to_bytes(nt >> 16, 2, buf + (keyType * 8)); - // send some crap to fail auth - uint8_t nack[] = {0x04}; - ReaderTransmit(nack, sizeof(nack), NULL); - if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); - isOK = PM3_ERFTRANS; - goto out; - } - if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); - isOK = PM3_ESOFT; - goto out; - }; + uint32_t nt1 = 0; + if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + if ((with_data) && (keyType == 0)) { + uint8_t data[16]; + uint8_t blocks = 4; + if (blockNo >= MIFARE_1K_MAXSECTOR * 4) { + // special RF08S advanced authentication blocks, let's dump in emulator just in case + blocks = 8; + } + for (uint16_t tb = blockNo; tb < blockNo + blocks; tb++) { + memset(data, 0x00, sizeof(data)); + int res = mifare_classic_readblock(pcs, tb, data); + if (res == 1) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Read error"); + isOK = PM3_ESOFT; + goto out; + } + emlSetMem_xt(data, tb, 1, 16); + } + } + // nested authentication + uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType + 4, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; + goto out; + } + uint32_t nt_enc = bytes_to_num(receivedAnswer, 4); + crypto1_init(pcs, ui64Key); + uint32_t nt = crypto1_word(pcs, nt_enc ^ cuid, 1) ^ nt_enc; + // Dbprintf("Sec %2i key %i nT=%08x", sec, keyType + 4, nt); + // store nt (first half) + num_to_bytes(nt >> 16, 2, buf + (keyType * 8)); + // send some crap to fail auth + CHK_TIMEOUT(); - // nested authentication on regular keytype - len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); - if (len != 4) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); - isOK = PM3_ESOFT; - goto out; + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); + isOK = PM3_ERFTRANS; + goto out; + } + if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + + // nested authentication on regular keytype + len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; + goto out; + } + // store nt_enc + memcpy(buf + (keyType * 8) + 4, receivedAnswer, 4); + nt_enc = bytes_to_num(receivedAnswer, 4); + uint8_t nt_par_err = ((((par_enc[0] >> 7) & 1) ^ oddparity8((nt_enc >> 24) & 0xFF)) << 3 | + (((par_enc[0] >> 6) & 1) ^ oddparity8((nt_enc >> 16) & 0xFF)) << 2 | + (((par_enc[0] >> 5) & 1) ^ oddparity8((nt_enc >> 8) & 0xFF)) << 1 | + (((par_enc[0] >> 4) & 1) ^ oddparity8((nt_enc >> 0) & 0xFF))); + // Dbprintf("Sec %2i key %i {nT}=%02x%02x%02x%02x perr=%x", sec, keyType, receivedAnswer[0], receivedAnswer[1], receivedAnswer[2], receivedAnswer[3], nt_par_err); + // store nt_par_err + buf[(keyType * 8) + 2] = nt_par_err; + buf[(keyType * 8) + 3] = 0xAA; // extra check to tell we have nt/nt_enc/par_err + emlSetMem_xt(buf, (CARD_MEMORY_RF08S_OFFSET / MIFARE_BLOCK_SIZE) + sec, 1, MIFARE_BLOCK_SIZE); + // send some crap to fail auth + CHK_TIMEOUT(); } - // store nt_enc - memcpy(buf + (keyType * 8) + 4, receivedAnswer, 4); - nt_enc = bytes_to_num(receivedAnswer, 4); - uint8_t nt_par_err = ((((par_enc[0] >> 7) & 1) ^ oddparity8((nt_enc >> 24) & 0xFF)) << 3 | - (((par_enc[0] >> 6) & 1) ^ oddparity8((nt_enc >> 16) & 0xFF)) << 2 | - (((par_enc[0] >> 5) & 1) ^ oddparity8((nt_enc >> 8) & 0xFF)) << 1 | - (((par_enc[0] >> 4) & 1) ^ oddparity8((nt_enc >> 0) & 0xFF))); - // Dbprintf("Sec %2i key %i {nT}=%02x%02x%02x%02x perr=%x", sec, keyType, receivedAnswer[0], receivedAnswer[1], receivedAnswer[2], receivedAnswer[3], nt_par_err); - // store nt_par_err - buf[(keyType * 8) + 2] = nt_par_err; - buf[(keyType * 8) + 3] = 0xAA; // extra check to tell we have nt/nt_enc/par_err - emlSetMem_xt(buf, (CARD_MEMORY_RF08S_OFFSET / MIFARE_BLOCK_SIZE) + sec, 1, MIFARE_BLOCK_SIZE); - // send some crap to fail auth - ReaderTransmit(nack, sizeof(nack), NULL); } } out: @@ -3127,7 +3240,8 @@ void MifareHasStaticEncryptedNonce(uint8_t block_no, uint8_t key_type, uint8_t * goto OUT; }; first_nt_counter++; - } else for (uint8_t i = 0; i < nr_nested; i++) { + } else { + for (uint8_t i = 0; i < nr_nested; i++) { if (need_first_auth) { cuid = 0; @@ -3204,6 +3318,7 @@ void MifareHasStaticEncryptedNonce(uint8_t block_no, uint8_t key_type, uint8_t * } oldntenc = ntenc; } + } data[1] = (cuid >> 24) & 0xFF; data[2] = (cuid >> 16) & 0xFF; diff --git a/armsrc/mifarecmd.h b/armsrc/mifarecmd.h index 8f19528c2..2dcfa4e4b 100644 --- a/armsrc/mifarecmd.h +++ b/armsrc/mifarecmd.h @@ -37,7 +37,7 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8 void MifareStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8_t targetKeyType, uint8_t *key); void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain); -int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply); +int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply, uint8_t first_block_no, uint8_t first_key_type); void MifareAcquireNonces(uint32_t arg0, uint32_t flags); void MifareChkKeys(uint8_t *datain, uint8_t reserved_mem); void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 9f4b87674..b8cb4838d 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -983,3 +983,12 @@ int nonce_distance(uint32_t from, uint32_t to) { int nonce16_index(uint16_t nt) { return nonce16_distance(0x0100, nt) + 1; } + +uint32_t rewind_nonce(uint32_t from, uint16_t dist) { + uint16_t x = from >> 16; + for (uint16_t i = 0; i < dist; i++) { + x = ((x << 1 | x >> 15) & 0xffff) ^ ((x >> 1 ^ x >> 2 ^ x >> 4) & 0x100); + } + uint32_t nt = x; + return nt << 16 | prng_successor(nt, 16); +} diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h index b1ae83021..d118533a9 100644 --- a/armsrc/mifareutil.h +++ b/armsrc/mifareutil.h @@ -128,4 +128,5 @@ bool validate_parity_nonce(uint32_t ntenc, uint8_t ntparenc, uint32_t nt); int nonce_distance(uint32_t from, uint32_t to); int nonce16_distance(uint16_t x, uint16_t y); int nonce16_index(uint16_t nt); +uint32_t rewind_nonce(uint32_t from, uint16_t dist); #endif diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 6725ddb9a..2bfd6a020 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -9883,6 +9883,7 @@ static int CmdHF14AMfISEN(const char *Cmd) { arg_rem("FM11RF08S specific options:", "Incompatible with above options, except -k; output in JSON"), arg_lit0(NULL, "collect_fm11rf08s", "collect all nT/{nT}/par_err."), arg_lit0(NULL, "collect_fm11rf08s_with_data", "collect all nT/{nT}/par_err and data blocks."), + arg_lit0(NULL, "collect_fm11rf08s_without_backdoor", "collect all nT/{nT}/par_err without backdoor. Requires first auth keytype and block"), arg_str0("f", "file", "", "Specify a filename for collected data"), arg_param_end }; @@ -9954,9 +9955,18 @@ static int CmdHF14AMfISEN(const char *Cmd) { if (collect_fm11rf08s_with_data) { collect_fm11rf08s = 1; } + bool collect_fm11rf08s_without_backdoor = arg_get_lit(ctx, 23); + if (collect_fm11rf08s_without_backdoor) { + collect_fm11rf08s = 1; + } + if (collect_fm11rf08s_with_data && collect_fm11rf08s_without_backdoor) { + CLIParserFree(ctx); + PrintAndLogEx(WARNING, "Don't mix with_data and without_backdoor options"); + return PM3_EINVARG; + } int fnlen = 0; char filename[FILE_PATH_SIZE] = {0}; - CLIParamStrToBuf(arg_get_str(ctx, 23), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + CLIParamStrToBuf(arg_get_str(ctx, 24), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParserFree(ctx); @@ -10005,8 +10015,8 @@ static int CmdHF14AMfISEN(const char *Cmd) { if (collect_fm11rf08s) { uint64_t t1 = msclock(); - uint32_t flags = collect_fm11rf08s_with_data; - SendCommandMIX(CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES, flags, 0, 0, key, sizeof(key)); + uint32_t flags = collect_fm11rf08s_with_data | (collect_fm11rf08s_without_backdoor << 1); + SendCommandMIX(CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES, flags, blockn, keytype, key, sizeof(key)); if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { if (resp.oldarg[0] != PM3_SUCCESS) { return NONCE_FAIL; From 10d8ae13cac4644756b21d60774dbdbd3e2e45dc Mon Sep 17 00:00:00 2001 From: ry4000 <154689120+ry4000@users.noreply.github.com> Date: Tue, 26 Nov 2024 18:08:48 +1100 Subject: [PATCH 017/150] R&Y: Added GRB Tap-N-Go to aid_desfire.json - Added GRB Tap-N-Go F21201 and F21202 to aid_desfire.json. Thank you. -R&Y. Signed-off-by: ry4000 <154689120+ry4000@users.noreply.github.com> --- client/resources/aid_desfire.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 565c51b0e..53cb47992 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -1151,6 +1151,22 @@ "Description": "FIDs 02: Card Balance; 04: Refill History; 08: Card Information; 0E: Trip History", "Type": "transport" }, + { + "AID": "F21201", + "Vendor": "Green Bay Metro Transit via Genfare", + "Country": "US", + "Name": "Tap-N-Go Card (GRB)", + "Description": "GRB Tap-N-Go Card", + "Type": "transport" + }, + { + "AID": "F21202", + "Vendor": "Green Bay Metro Transit via Genfare", + "Country": "US", + "Name": "Tap-N-Go Card (GRB)", + "Description": "GRB Tap-N-Go Card", + "Type": "transport" + }, { "AID": "F21360", "Vendor": "INIT", From d39775ca46d874a28456342b53079a9e5103a2fb Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Tue, 26 Nov 2024 12:41:05 +0100 Subject: [PATCH 018/150] recover_pk.py: replace secp192r1 by prime192v1 --- tools/recover_pk.py | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/tools/recover_pk.py b/tools/recover_pk.py index 9d9c816fd..a1dffc9eb 100755 --- a/tools/recover_pk.py +++ b/tools/recover_pk.py @@ -12,12 +12,13 @@ from colors import color debug = False + def guess_curvename(signature): siglen = (len(signature) // 2) & 0xfe if siglen == 32: curves = ["secp128r1", "secp128r2"] elif siglen == 48: - curves = ["secp192k1", "secp192r1"] + curves = ["secp192k1", "prime192v1"] elif siglen == 56: curves = ["secp224k1", "secp224r1"] elif siglen == 64: @@ -31,6 +32,7 @@ def guess_curvename(signature): raise ValueError("Unsupported signature size %s" % lenstr) return curves + def recover(data, signature, curvename, alghash=None): recovered = set() try: @@ -60,6 +62,7 @@ def recover(data, signature, curvename, alghash=None): pass return recovered + def recover_multiple(uids, sigs, curvename, alghash=None): recovered = set() assert len(uids) == len(sigs) @@ -82,6 +85,7 @@ def recover_multiple(uids, sigs, curvename, alghash=None): recovered &= recovered_tmp return recovered + def selftests(): tests = [ {'name': "Mifare Ultralight EV1", @@ -158,16 +162,16 @@ def selftests(): # 'samples': ["aa", "DF0E506DFF8FCFC4B7B979D917644445F1230D2C7CDC342AFA842CA240C210BE7275F62073A9670F2DCEFC602CBEE771C2B4CD4A04F3D1EA11F49ABDF7E8B721"], # 'pk': ""}, {'name': "MIFARE Plus Trojka", - # uses secp224r1, None, - 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", - "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], - 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, + # uses secp224r1, None, + 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", + "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], + 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, -# {'name': "MIFARE Ultralight AES", - # uses NID_secp192r1, OpenSSL doesn't support it. This is commented out until that day. -# 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", -# "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], -# 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, + {'name': "MIFARE Ultralight AES", + # uses prime192v1, None, + 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", + "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], + 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, {'name': "MIFARE Classic / QL88", 'samples': ["30933C61", "AEA4DD0B800FAC63D4DE08EE91F4650ED825FD6B4D7DEEE98DBC9BAE10BE003E", @@ -234,13 +238,15 @@ def selftests(): print("Tests: ( %s )" % [fail, ok][succeeded]) print("") + if __name__ == "__main__": if len(sys.argv) == 2 and sys.argv[1] == "selftests": selftests() exit(0) if len(sys.argv) < 3 or len(sys.argv) % 2 == 0: print("Usage: \n%s UID SIGN [UID SIGN] [...]" % sys.argv[0]) - print("Example: \n%s 04ee45daa34084 ebb6102bff74b087d18a57a54bc375159a04ea9bc61080b7f4a85afe1587d73b" % sys.argv[0]) + print("Example: \n%s 04ee45daa34084 ebb6102bff74b087d18a57a54bc375159a04ea9bc61080b7f4a85afe1587d73b" + % sys.argv[0]) exit(1) uids, sigs = sys.argv[1:][::2], sys.argv[1:][1::2] once = True From f0b93405fa12299c37d86db8d566dc246c266dda Mon Sep 17 00:00:00 2001 From: douniwan5788 Date: Wed, 27 Nov 2024 00:01:15 +0800 Subject: [PATCH 019/150] fix Hitag S concatbits and `lf em 410x clone --hts` --- client/src/cmdlfem410x.c | 1 + common/commonutil.c | 4 ++-- include/hitag.h | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/client/src/cmdlfem410x.c b/client/src/cmdlfem410x.c index ebcd9ee8c..10ad41369 100644 --- a/client/src/cmdlfem410x.c +++ b/client/src/cmdlfem410x.c @@ -732,6 +732,7 @@ static int CmdEM410xClone(const char *Cmd) { packet.cmd = HTSF_82xx; memcpy(packet.pwd, "\xBB\xDD\x33\x99", HITAGS_PAGE_SIZE); + packet.mode = HITAGS_UID_REQ_FADV; SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 4000) == false) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); diff --git a/common/commonutil.c b/common/commonutil.c index ad867be86..7ed34067f 100644 --- a/common/commonutil.c +++ b/common/commonutil.c @@ -554,8 +554,8 @@ size_t concatbits(uint8_t *dest, int dest_offset, const uint8_t *src, int src_of end = nbits; step = 1; } else { - i = nbits; - end = 0; + i = nbits - 1; + end = -1; step = -1; } diff --git a/include/hitag.h b/include/hitag.h index 451952ce4..e63b8c448 100644 --- a/include/hitag.h +++ b/include/hitag.h @@ -161,7 +161,7 @@ typedef struct { uint8_t logdata_1[4]; uint8_t nonce[4]; - //Hitag s section + // Hitag S section uint8_t mode; } PACKED lf_hitag_data_t; From 0fa8351fa9fe8eedfc5b8c7ddaf05fc52017602c Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 28 Nov 2024 01:01:11 +0100 Subject: [PATCH 020/150] Add display of maximum read/write block in configuration parsing in hf_mf_ultimatecard.lua --- client/luascripts/hf_mf_ultimatecard.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index 09040eea5..1226e9b07 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -186,6 +186,7 @@ local function read_config() end -- extract data from CONFIG - based on CONFIG in https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md#gen-4-gtu ulprotocol, uidlength, readpass, gtumode, ats, atqa1, atqa2, sak, ulmode = magicconfig:sub(1,2), magicconfig:sub(3,4), magicconfig:sub(5,12), magicconfig:sub(13,14), magicconfig:sub(15,48), magicconfig:sub(51,52), magicconfig:sub(49,50), magicconfig:sub(53,54), magicconfig:sub(55,56) + maxRWblk = magicconfig:sub(57, 58) atqaf = atqa1..' '..atqa2 cardtype, cardprotocol, gtustr, atsstr = 'unknown', 'unknown', 'unknown', 'unknown' if magicconfig == nil then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end @@ -291,6 +292,7 @@ local function read_config() print(' - Version ', cversion) print(' - Signature ', signature1..signature2) end + print(' - Max R/W Block ', maxRWblk) end lib14a.disconnect() return true, 'Ok' From bf1726a31d7c40e0d14ffc8867ab4b727d12608a Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 28 Nov 2024 01:02:41 +0100 Subject: [PATCH 021/150] Add option to set maximum read/write block using hf_mf_ultimatecard.lua --- client/luascripts/hf_mf_ultimatecard.lua | 31 ++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index 1226e9b07..064a30282 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -75,7 +75,11 @@ arguments = [[ -z ATS (<1b length><0-16 ATS> hexsymbols), Configure ATS. Length set to 00 will disable ATS. -w Wipe tag. 0 for Mifare or 1 for UL. Fills tag with zeros and put default values for type selected. -m Ultralight mode (00 UL EV1, 01 NTAG, 02 UL-C, 03 UL) Set type of UL. - -n Ultralight protocol (00 MFC, 01 UL), switches between UL and MFC mode + -n Ultralight protocol (00 MFC, 01 UL), switches between UL and MFC mode]] +-- Need to split because reached maximum string length processed by lua +arguments2 = [[ + -b Set maximum read/write blocks (2 hexsymbols) + NOTE: Ultralight EV1 and NTAG Version info and Signature are stored respectively in blocks 250-251 and 242-249 -k Ultimate Magic Card Key (IF DIFFERENT THAN DEFAULT 00000000) ]] --- @@ -110,6 +114,7 @@ local function help() print(usage) print(ansicolors.cyan..'Arguments'..ansicolors.reset) print(arguments) + print(arguments2) print(ansicolors.cyan..'Example usage'..ansicolors.reset) print(example) end @@ -1012,13 +1017,33 @@ local function wipe(wtype) end end --- +-- Write maximum read/write block number, +local function write_maxRWblk(data) + -- input number check + if data == nil then return nil, 'empty block number' end + if #data == 0 then return nil, 'empty block number' end + if #data ~= 2 then return nil, 'block number wrong length. Should be 1 hex byte' end + + print('Set max R/W block', data) + local info = connect() + if not info then return false, "Can't select card" end + local resp + -- set maximum read/write block + resp = send("CF".._key.."6B"..data) + lib14a.disconnect() + if resp ~= '9000FD07' then return nil, 'Failed to write maximum read/write block' + else + return true, 'Ok' + end +end +--- -- The main entry point function main(args) print() local err, msg if #args == 0 then return help() end -- Read the parameters - for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:q:g:z:n:m:w:') do + for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:q:g:z:n:m:w:b:') do -- help if o == "h" then return help() end -- set Ultimate Magic Card Key for read write @@ -1051,6 +1076,8 @@ function main(args) if o == "m" then err, msg = write_ulm(a) end -- write UL protocol if o == "n" then err, msg = write_ulp(a) end + -- write max r/w block + if o == "b" then err, msg = write_maxRWblk(a) end if err == nil then return oops(msg) end end end From be21154d8384543ba1048ccf10b1d2ffd2ee0d16 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 28 Nov 2024 01:04:18 +0100 Subject: [PATCH 022/150] Refactor arguments help of hf_mf_ultimatecard.lua, done because already had to split the string due to reaching limit of string length in lua. --- client/luascripts/hf_mf_ultimatecard.lua | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index 064a30282..a35b24173 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -51,17 +51,17 @@ arguments = [[ -u UID (8-20 hexsymbols), set UID on tag -t tag type to impersonate 1 = Mifare Mini S20 4-byte - 2 = Mifare Mini S20 7-byte 15 = NTAG 210 - 3 = Mifare Mini S20 10-byte 16 = NTAG 212 - 4 = Mifare 1k S50 4-byte 17 = NTAG 213 - 5 = Mifare 1k S50 7-byte 18 = NTAG 215 - 6 = Mifare 1k S50 10-byte 19 = NTAG 216 - 7 = Mifare 4k S70 4-byte 20 = NTAG I2C 1K - 8 = Mifare 4k S70 7-byte 21 = NTAG I2C 2K - 9 = Mifare 4k S70 10-byte 22 = NTAG I2C 1K PLUS - *** 10 = UL - NOT WORKING FULLY 23 = NTAG I2C 2K PLUS - *** 11 = UL-C - NOT WORKING FULLY 24 = NTAG 213F - 12 = UL EV1 48b 25 = NTAG 216F + 2 = Mifare Mini S20 7-byte | 15 = NTAG 210 + 3 = Mifare Mini S20 10-byte | 16 = NTAG 212 + 4 = Mifare 1k S50 4-byte | 17 = NTAG 213 + 5 = Mifare 1k S50 7-byte | 18 = NTAG 215 + 6 = Mifare 1k S50 10-byte | 19 = NTAG 216 + 7 = Mifare 4k S70 4-byte | 20 = NTAG I2C 1K + 8 = Mifare 4k S70 7-byte | 21 = NTAG I2C 2K + 9 = Mifare 4k S70 10-byte | 22 = NTAG I2C 1K PLUS + *** 10 = UL - NOT WORKING FULLY | 23 = NTAG I2C 2K PLUS + *** 11 = UL-C - NOT WORKING FULLY | 24 = NTAG 213F + 12 = UL EV1 48b | 25 = NTAG 216F 13 = UL EV1 128b *** 14 = UL Plus - NOT WORKING YET From 0eb86f2c5896cab091ea15cf98c2e8dbbbefecac Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 28 Nov 2024 01:10:36 +0100 Subject: [PATCH 023/150] Add info about changes in hf_mf_ultimatecard.lua (set/get maximum read/write block) to Changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cdfab6688..575e97327 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Add option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) - Added simulation function to `hf iclass legrec` (@antiklesys) From 639f16ba3b0f43e6f6766474523b0b9b7c38b184 Mon Sep 17 00:00:00 2001 From: ANTodorov Date: Thu, 28 Nov 2024 10:55:54 +0200 Subject: [PATCH 024/150] added JEDEC information for SPI flash W25Q64JV added some "extrapolated" but logical matches by Manufacturer/Device ID only some reordering --- CHANGELOG.md | 1 + common_arm/flashmem.h | 41 +++++++++++++++++++++++------------------ 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cdfab6688..b4afc52ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) - Added simulation function to `hf iclass legrec` (@antiklesys) diff --git a/common_arm/flashmem.h b/common_arm/flashmem.h index b28989646..616575e49 100644 --- a/common_arm/flashmem.h +++ b/common_arm/flashmem.h @@ -146,28 +146,33 @@ typedef struct { static const spi_flash_t SpiFlashTable[] = { // first element is the default of 4 * 64kB pages (256kB) - { 0x00, 0x00, 0x0000, 4, "unknown" }, // 256k + { 0x00, 0x00, 0x0000, 4, "unknown" }, // 256k // Manufacturer: Puya - { 0x85, 0x00, 0x6015, 32, "P25Q16H" }, // 2048k - /// Manufacturer: Renesas - { 0x1F, 0x46, 0x0000, 32, "AT25XE161D" }, // 2048k - { 0x1F, 0x47, 0x0000, 64, "AT25XE321D" }, // 4096k + { 0x85, 0x14, 0x6015, 32, "P25Q16H" }, // 2048k // Manufacturer: Winbond - { 0xEF, 0x00, 0x3012, 4, "W25X20BV" }, // 256k - { 0xEF, 0x00, 0x3013, 8, "W25X40BV" }, // 512k + { 0xEF, 0x00, 0x3012, 4, "W25X20BV" }, // 256k + { 0xEF, 0x00, 0x3013, 8, "W25X40BV" }, // 512k - { 0xEF, 0x00, 0x4013, 8, "W25Q40BV" }, // 512k - { 0xEF, 0x00, 0x4014, 16, "W25Q80BV" }, // 1024k - { 0xEF, 0x14, 0x4015, 32, "W25Q16BV" }, // 2048k - { 0xEF, 0x15, 0x4016, 64, "W25Q32BV" }, // 4096k + { 0xEF, 0x00, 0x4013, 8, "W25Q40BV" }, // 512k + { 0xEF, 0x00, 0x4014, 16, "W25Q80BV" }, // 1024k + { 0xEF, 0x14, 0x4015, 32, "W25Q16BV" }, // 2048k + { 0xEF, 0x15, 0x4016, 64, "W25Q32BV" }, // 4096k - { 0xEF, 0x21, 0x7022, 4, "W25Q02JV" }, - // identified by Manufacturer /Device ID -// { 0xEF, 0x05, 0x0000, 1, "Winbond!!!" }, - { 0xEF, 0x10, 0x0000, 2, "W25*10BV!!!" }, // 128k - { 0xEF, 0x11, 0x0000, 4, "W25*20BV" }, // 256k - { 0xEF, 0x12, 0x0000, 8, "W25*40BV" }, // 512k - { 0xEF, 0x13, 0x0000, 16, "W25*80BV" } // 1024k + { 0xEF, 0x16, 0x7017, 128, "W25Q64JV" }, // 8192k + { 0xEF, 0x21, 0x7022, 4, "W25Q02JV" }, + + // identified by Manufacturer /Device ID only + /// Manufacturer: Renesas + { 0x1F, 0x46, 0x0000, 32, "AT25XE161D" }, // 2048k + { 0x1F, 0x47, 0x0000, 64, "AT25XE321D" }, // 4096k +// { 0xEF, 0x05, 0x0000, 1, "Winbond!!!" }, // 64k (too small !!!) + { 0xEF, 0x10, 0x0000, 2, "W25*10BV!" }, // 128k (small !!!) + { 0xEF, 0x11, 0x0000, 4, "W25*20BV" }, // 256k + { 0xEF, 0x12, 0x0000, 8, "W25*40BV" }, // 512k + { 0xEF, 0x13, 0x0000, 16, "W25*80BV" }, // 1024k + { 0xEF, 0x14, 0x0000, 32, "W25*16*" }, // 2048k + { 0xEF, 0x15, 0x0000, 64, "W25*32*" }, // 4096k + { 0xEF, 0x16, 0x0000, 128, "W25*64*" } // 8192k }; extern uint8_t spi_flash_pages64k; From 23e6aa40b765f93e71a03fa67c3e36e423718d38 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 28 Nov 2024 17:33:43 +0100 Subject: [PATCH 025/150] hf/lf tune: fix segfault when called from script --- CHANGELOG.md | 3 ++- client/src/ui.c | 16 ++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52e139959..df8ab5448 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] -- Add option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva) +- Fixed `hf/lf tune` segfault when called from script (@doegox) +- Added option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva) - Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) - Added simulation function to `hf iclass legrec` (@antiklesys) diff --git a/client/src/ui.c b/client/src/ui.c index 09730d8d3..68cc71a43 100644 --- a/client/src/ui.c +++ b/client/src/ui.c @@ -696,14 +696,18 @@ void print_progress(uint64_t count, uint64_t max, barMode_t style) { max = (count > max) ? count : max; #if defined(HAVE_READLINE) static int prev_cols = 0; - int rows; - rl_reset_screen_size(); // refresh Readline idea of the actual screen width - rl_get_screen_size(&rows, &cols); + int tmp_cols; + rl_get_screen_size(NULL, &tmp_cols); + // if cols==0: impossible to get screen size, e.g. when scripted + if (tmp_cols != 0) { + // don't call it if cols==0, it would segfault + rl_reset_screen_size(); // refresh Readline idea of the actual screen width + rl_get_screen_size(NULL, &cols); - if (cols < 36) - return; + if (cols < 36) + return; + } - (void) rows; if (prev_cols > cols) { PrintAndLogEx(NORMAL, _CLEAR_ _TOP_ ""); } From a3eb3bfbe960bb5cf670fc0613c5091f3e06c2e0 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Fri, 29 Nov 2024 01:43:56 +0100 Subject: [PATCH 026/150] Automatically set maximum read/write block by hf_mf_ultimatecard.lua when using preset configurations --- client/luascripts/hf_mf_ultimatecard.lua | 49 ++++++++++++++---------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index a35b24173..392e9e0d4 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -644,6 +644,26 @@ local function write_ulm(ulm) return true, 'Ok' end --- +-- Write maximum read/write block number, +local function write_maxRWblk(data) + -- input number check + if data == nil then return nil, 'empty block number' end + if #data == 0 then return nil, 'empty block number' end + if #data ~= 2 then return nil, 'block number wrong length. Should be 1 hex byte' end + + print('Set max R/W block', data) + local info = connect() + if not info then return false, "Can't select card" end + local resp + -- set maximum read/write block + resp = send("CF".._key.."6B"..data) + lib14a.disconnect() + if resp ~= '9000FD07' then return nil, 'Failed to write maximum read/write block' + else + return true, 'Ok' + end +end +--- -- Set type for magic card presets. local function set_type(tagtype) -- tagtype checks @@ -656,6 +676,7 @@ local function set_type(tagtype) send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000900") lib14a.disconnect() write_uid('04112233') + write_maxRWblk('13') -- Setting Mifare mini S20 7-byte elseif tagtype == 2 then print('Setting: Ultimate Magic card to Mifare mini S20 7-byte') @@ -663,6 +684,7 @@ local function set_type(tagtype) send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000900") lib14a.disconnect() write_uid('04112233445566') + write_maxRWblk('13') -- Setting Mifare mini S20 10-byte elseif tagtype == 3 then print('Setting: Ultimate Magic card to Mifare mini S20 10-byte') @@ -670,6 +692,7 @@ local function set_type(tagtype) send("CF".._key.."F000020000000002000978009102DABC19101011121314151684000900") lib14a.disconnect() write_uid('04112233445566778899') + write_maxRWblk('13') -- Setting Mifare 1k S50 4--byte elseif tagtype == 4 then print('Setting: Ultimate Magic card to Mifare 1k S50 4-byte') @@ -677,6 +700,7 @@ local function set_type(tagtype) send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000800") lib14a.disconnect() write_uid('04112233') + write_maxRWblk('3F') -- Setting Mifare 1k S50 7-byte elseif tagtype == 5 then print('Setting: Ultimate Magic card to Mifare 1k S50 7-byte') @@ -684,6 +708,7 @@ local function set_type(tagtype) send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000800") lib14a.disconnect() write_uid('04112233445566') + write_maxRWblk('3F') -- Setting Mifare 1k S50 10-byte elseif tagtype == 6 then print('Setting: Ultimate Magic card to Mifare 1k S50 10-byte') @@ -691,6 +716,7 @@ local function set_type(tagtype) send("CF".._key.."F000020000000002000978009102DABC19101011121314151684000800") lib14a.disconnect() write_uid('04112233445566778899') + write_maxRWblk('3F') -- Setting Mifare 4k S70 4-byte elseif tagtype == 7 then print('Setting: Ultimate Magic card to Mifare 4k S70 4-byte') @@ -698,6 +724,7 @@ local function set_type(tagtype) send("CF".._key.."F000000000000002000978009102DABC19101011121314151602001800") lib14a.disconnect() write_uid('04112233') + write_maxRWblk('FF') -- Setting Mifare 4k S70 7-byte elseif tagtype == 8 then print('Setting: Ultimate Magic card to Mifare 4k S70 7-byte') @@ -705,6 +732,7 @@ local function set_type(tagtype) send("CF".._key.."F000010000000002000978009102DABC19101011121314151642001800") lib14a.disconnect() write_uid('04112233445566') + write_maxRWblk('FF') -- Setting Mifare 4k S70 10-byte elseif tagtype == 9 then print('Setting: Ultimate Magic card to Mifare 4k S70 10-byte') @@ -712,6 +740,7 @@ local function set_type(tagtype) send("CF".._key.."F000020000000002000978009102DABC19101011121314151682001800") lib14a.disconnect() write_uid('04112233445566778899') + write_maxRWblk('FF') -- Setting UL elseif tagtype == 10 then print('Setting: Ultimate Magic card to UL') @@ -1017,26 +1046,6 @@ local function wipe(wtype) end end --- --- Write maximum read/write block number, -local function write_maxRWblk(data) - -- input number check - if data == nil then return nil, 'empty block number' end - if #data == 0 then return nil, 'empty block number' end - if #data ~= 2 then return nil, 'block number wrong length. Should be 1 hex byte' end - - print('Set max R/W block', data) - local info = connect() - if not info then return false, "Can't select card" end - local resp - -- set maximum read/write block - resp = send("CF".._key.."6B"..data) - lib14a.disconnect() - if resp ~= '9000FD07' then return nil, 'Failed to write maximum read/write block' - else - return true, 'Ok' - end -end ---- -- The main entry point function main(args) print() From a11f3173ccd9495d1e260471d888ee3a92761c16 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Fri, 29 Nov 2024 01:45:58 +0100 Subject: [PATCH 027/150] Add preset for 2k MIFARE Classic tags hf_mf_ultimatecard.lua when using preset configurations, update changelog --- CHANGELOG.md | 1 + client/luascripts/hf_mf_ultimatecard.lua | 52 +++++++++++++++++------- 2 files changed, 39 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52e139959..697765632 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Automatically set maximum read/write block when using predefined types in `hf_mf_ultimatecard` script, add 2k predefined types (@piotrva) - Add option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva) - Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index 392e9e0d4..4e65f1942 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -50,20 +50,20 @@ arguments = [[ -c read magic configuration -u UID (8-20 hexsymbols), set UID on tag -t tag type to impersonate - 1 = Mifare Mini S20 4-byte - 2 = Mifare Mini S20 7-byte | 15 = NTAG 210 - 3 = Mifare Mini S20 10-byte | 16 = NTAG 212 - 4 = Mifare 1k S50 4-byte | 17 = NTAG 213 - 5 = Mifare 1k S50 7-byte | 18 = NTAG 215 - 6 = Mifare 1k S50 10-byte | 19 = NTAG 216 - 7 = Mifare 4k S70 4-byte | 20 = NTAG I2C 1K - 8 = Mifare 4k S70 7-byte | 21 = NTAG I2C 2K - 9 = Mifare 4k S70 10-byte | 22 = NTAG I2C 1K PLUS - *** 10 = UL - NOT WORKING FULLY | 23 = NTAG I2C 2K PLUS - *** 11 = UL-C - NOT WORKING FULLY | 24 = NTAG 213F - 12 = UL EV1 48b | 25 = NTAG 216F - 13 = UL EV1 128b - *** 14 = UL Plus - NOT WORKING YET + 1 = Mifare Mini S20 4-byte | 15 = NTAG 210 + 2 = Mifare Mini S20 7-byte | 16 = NTAG 212 + 3 = Mifare Mini S20 10-byte | 17 = NTAG 213 + 4 = Mifare 1k S50 4-byte | 18 = NTAG 215 + 5 = Mifare 1k S50 7-byte | 19 = NTAG 216 + 6 = Mifare 1k S50 10-byte | 20 = NTAG I2C 1K + 7 = Mifare 4k S70 4-byte | 21 = NTAG I2C 2K + 8 = Mifare 4k S70 7-byte | 22 = NTAG I2C 1K PLUS + 9 = Mifare 4k S70 10-byte | 23 = NTAG I2C 2K PLUS + *** 10 = UL - NOT WORKING FULLY | 24 = NTAG 213F + *** 11 = UL-C - NOT WORKING FULLY | 25 = NTAG 216F + 12 = UL EV1 48b | 26 = Mifare 2k S50 4-byte + 13 = UL EV1 128b | 27 = Mifare 2k S50 7-byte + *** 14 = UL Plus - NOT WORKING YET | 28 = Mifare 2k S50 10-byte -p NTAG password (8 hexsymbols), set NTAG password on tag. -a NTAG pack ( 4 hexsymbols), set NTAG pack on tag. @@ -717,6 +717,30 @@ local function set_type(tagtype) lib14a.disconnect() write_uid('04112233445566778899') write_maxRWblk('3F') + -- Setting Mifare 2k S50 4-byte + elseif tagtype == 26 then + print('Setting: Ultimate Magic card to Mifare 2k S50 4-byte') + connect() + send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000800") + lib14a.disconnect() + write_uid('04112233') + write_maxRWblk('7F') + -- Setting Mifare 2k S50 7-byte + elseif tagtype == 27 then + print('Setting: Ultimate Magic card to Mifare 2k S50 7-byte') + connect() + send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000800") + lib14a.disconnect() + write_uid('04112233445566') + write_maxRWblk('7F') + -- Setting Mifare 2k S50 10-byte + elseif tagtype == 28 then + print('Setting: Ultimate Magic card to Mifare 2k S50 10-byte') + connect() + send("CF".._key.."F000020000000002000978009102DABC19101011121314151684000800") + lib14a.disconnect() + write_uid('04112233445566778899') + write_maxRWblk('7F') -- Setting Mifare 4k S70 4-byte elseif tagtype == 7 then print('Setting: Ultimate Magic card to Mifare 4k S70 4-byte') From e4a3a244ce3c557d1b1e09174c0ca25f709efe3e Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Sat, 30 Nov 2024 07:53:52 +0800 Subject: [PATCH 028/150] Added unhash instructions after legbrute Added unhash instructions after legbrute --- client/src/cmdhficlass.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index a7e215e1e..b701aeb19 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -4152,6 +4152,7 @@ static int CmdHFiClassLegRecLookUp(const char *Cmd) { } if (check_values) { PrintAndLogEx(SUCCESS, _GREEN_("CONFIRMED VALID RAW key ") _RED_("%s"), sprint_hex(div_key, 8)); + PrintAndLogEx(INFO, "You can now run -> "_YELLOW_("hf iclass unhash -k %s")" <-to find the pre-images.", sprint_hex(div_key, 8)); verified = true; } else { PrintAndLogEx(INFO, _YELLOW_("Raw Key Invalid")); From ca15bbd01972e36b267543f0cc5897a657c3fe12 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 28 Nov 2024 16:59:05 +0100 Subject: [PATCH 029/150] Rework theremin script --- client/pyscripts/theremin.py | 216 +++++++++++++++++++++++++---------- 1 file changed, 156 insertions(+), 60 deletions(-) diff --git a/client/pyscripts/theremin.py b/client/pyscripts/theremin.py index 790fc6bf8..8cb41737a 100755 --- a/client/pyscripts/theremin.py +++ b/client/pyscripts/theremin.py @@ -1,81 +1,177 @@ #!/usr/bin/python3 -### Parameters +import os +import subprocess +import signal +import numpy as np +from pyaudio import PyAudio, paFloat32, paContinue + # Sound output parameters volume = 1.0 -sample_buf_size = 44 -sampling_freq = 44100 #Hz +sampling_freq = 44100 # Hz # Frequency generator parameters -min_freq = 200 #Hz -max_freq = 2000 #Hz +min_freq = 100 # Hz +max_freq = 6000 # Hz # Proxmark3 parameters -pm3_client="/usr/local/bin/proxmark3" -pm3_reader_dev_file="/dev/ttyACM0" -pm3_tune_cmd="hf tune" +pm3_client = "pm3" +pm3_tune_cmd = "hf tune --value" + +frequency = 440 +buffer = [] -### Modules -import numpy -import pyaudio -from select import select -from subprocess import Popen, DEVNULL, PIPE +def find_zero_crossing_index(array): + for i in range(1, len(array)): + if array[i-1] < 0 and array[i] >= 0: + return i + return None # Return None if no zero-crossing is found -### Main program -p = pyaudio.PyAudio() +def generate_sine_wave(frequency, sample_rate, duration, frame_count): + """Generate a sine wave at a given frequency.""" + t = np.linspace(0, duration, int(sample_rate * duration), endpoint=False) + wave = np.sin(2 * np.pi * frequency * t) + return wave[:frame_count] -# For paFloat32 sample values must be in range [-1.0, 1.0] -stream = p.open(format=pyaudio.paFloat32, - channels=1, - rate=sampling_freq, - output=True) -# Initial voltage to frequency values -min_v = 100.0 -max_v = 0.0 -v = 0 -out_freq = min_freq +# PyAudio Callback function +def pyaudio_callback(in_data, frame_count, time_info, status): + # if in_data is None: + # return (in_data, pyaudio.paContinue) + global frequency + global buffer + wave = generate_sine_wave(frequency, sampling_freq, 0.01, frame_count*2) + i = find_zero_crossing_index(buffer) + if i is None: + buffer = wave + else: + buffer = np.concatenate((buffer[:i], wave)) + data = (buffer[:frame_count] * volume).astype(np.float32).tobytes() + buffer = buffer[frame_count:] + return (data, paContinue) +# pyaudio.paComplete -# Spawn the Proxmark3 client -pm3_proc = Popen([pm3_client, pm3_reader_dev_file, "-c", pm3_tune_cmd], bufsize=0, env={}, stdin=DEVNULL, stdout=PIPE, stderr=DEVNULL) -mv_recbuf = "" -# Read voltages from the Proxmark3, generate the sine wave, output to soundcard -sample_buf = [0.0 for x in range(0, sample_buf_size)] -i = 0 -sinev = 0 -while True: +def silent_pyaudio(): + """ + Lifted and adapted from https://stackoverflow.com/questions/67765911/ + PyAudio is noisy af every time you initialise it, which makes reading the + log output rather difficult. The output appears to be being made by the + C internals, so we can't even redirect the logs with Python's logging + facility. Therefore the nuclear option was selected: swallow all stderr + and stdout for the duration of PyAudio's use. + """ - # Read Proxmark3 client's stdout and extract voltage values - if(select([pm3_proc.stdout], [], [], 0)[0]): + # Open a pair of null files + null_fds = [os.open(os.devnull, os.O_RDWR) for x in range(2)] + # Save the actual stdout (1) and stderr (2) file descriptors. + save_fds = [os.dup(1), os.dup(2)] + # Assign the null pointers to stdout and stderr. + os.dup2(null_fds[0], 1) + os.dup2(null_fds[1], 2) + pyaudio = PyAudio() + os.dup2(save_fds[0], 1) + os.dup2(save_fds[1], 2) + # Close all file descriptors + for fd in null_fds + save_fds: + os.close(fd) + return pyaudio - b = pm3_proc.stdout.read(256).decode("ascii") - if "Done" in b: - break; - for c in b: - if c in "0123456789 mV": - mv_recbuf += c - else: - mv_recbuf = "" - if mv_recbuf[-3:] == " mV": - v = int(mv_recbuf[:-3]) / 1000 - if v < min_v: - min_v = v - 0.001 - if v > max_v: - max_v = v + +def run_pm3_cmd(callback): + # Start the process + process = subprocess.Popen( + [pm3_client, '-c', pm3_tune_cmd], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True, + bufsize=1, # Line buffered + shell=False + ) + + # Read the output line by line as it comes + try: + with process.stdout as pipe: + for line in pipe: + # Process each line + l = line.strip() # Strip to remove any extraneous newline characters + callback(l) + except Exception as e: + print(f"An error occurred: {e}") + finally: + # Ensure the subprocess is properly terminated + process.terminate() + process.wait() + + +def linear_to_exponential_freq(v, min_v, max_v, min_freq, max_freq): + # First, map v to a range between 0 and 1 + if max_v != min_v: + normalized_v = (v - min_v) / (max_v - min_v) + else: + normalized_v = 0.5 + normalized_v = 1 - normalized_v + + # Calculate the ratio of the max frequency to the min frequency + freq_ratio = max_freq / min_freq + + # Calculate the exponential frequency using the mapped v + freq = min_freq * (freq_ratio ** normalized_v) + return freq + + +class foo(): + def __init__(self): + self.p = silent_pyaudio() + # For paFloat32 sample values must be in range [-1.0, 1.0] + self.stream = self.p.open(format=paFloat32, + channels=1, + rate=sampling_freq, + output=True, + stream_callback=pyaudio_callback) + + # Initial voltage to frequency values + self.min_v = 50000.0 + self.max_v = 0.0 + + # Setting the signal handler for SIGINT (Ctrl+C) + signal.signal(signal.SIGINT, self.signal_handler) + + # Start the stream + self.stream.start_stream() + + def __exit__(self): + self.stream.stop_stream() + self.stream.close() + self.p.terminate() + + def signal_handler(self, sig, frame): + print("\nYou pressed Ctrl+C! Press Enter") + self.__exit__() + + def callback(self, line): + if 'mV' not in line: + return + v = int(line.split(' ')[1]) + if v == 0: + return + self.min_v = min(self.min_v, v) + self.max_v = max(self.max_v, v) # Recalculate the audio frequency to generate - out_freq = (max_freq - min_freq) * (max_v - v) / (max_v - min_v) \ - + min_freq + global frequency + frequency = linear_to_exponential_freq(v, self.min_v, self.max_v, min_freq, max_freq) - # Generate the samples and write them to the soundcard - sinevs = out_freq / sampling_freq * numpy.pi * 2 - sample_buf[i] = sinev - sinev += sinevs - sinev = sinev if sinev < numpy.pi * 2 else sinev - numpy.pi * 2 - i = (i + 1) % sample_buf_size - if not i: - stream.write((numpy.sin(sample_buf) * volume). - astype(numpy.float32).tobytes()) +# frequency = max_freq - ((max_freq - min_freq) * (v - self.min_v) / (self.max_v - self.min_v) + min_freq) + #frequency = (frequency + new_frequency)/2 + + +def main(): + f = foo() + run_pm3_cmd(f.callback) + + +if __name__ == "__main__": + main() From d8d090612d00248c61fc3bd6b4f4185dcdc6269b Mon Sep 17 00:00:00 2001 From: Lucifer Voeltner Date: Sat, 30 Nov 2024 17:57:48 +0700 Subject: [PATCH 030/150] 'hf mfu incr' to increment counters of UL-EV1 family; Also fix reading of NTAG counters in 'hf mfu info' --- client/src/cmdhfmfu.c | 132 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 123 insertions(+), 9 deletions(-) diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 658e028e5..68869a6fb 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -1540,21 +1540,13 @@ static int ulev1_print_version(uint8_t *data) { } static int ntag_print_counter(void) { - // NTAG has one counter/tearing. At address 0x02. + // NTAG has one counter. At address 0x02. With no tearing. PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Counter")); - uint8_t tear[1] = {0}; uint8_t counter[3] = {0, 0, 0}; uint16_t len; - len = ulev1_readTearing(0x02, tear, sizeof(tear)); - (void)len; len = ulev1_readCounter(0x02, counter, sizeof(counter)); - (void)len; PrintAndLogEx(INFO, " [02]: %s", sprint_hex(counter, 3)); - PrintAndLogEx(SUCCESS, " - %02X tearing ( %s )" - , tear[0] - , (tear[0] == 0xBD) ? _GREEN_("ok") : _RED_("fail") - ); return len; } @@ -5833,6 +5825,127 @@ out: return PM3_SUCCESS; } +static int CmdHF14AMfUIncr(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfu incr", + "Increment a MIFARE Ultralight Ev1 counter\n" + "Will read but not increment counter if NTAG is detected", + "hf mfu incr -c 0 -v 1337\n" + "hf mfu incr -c 2 -v 0 -p FFFFFFFF"); + void *argtable[] = { + arg_param_begin, + arg_int1("c", "cnt", "", "Counter index from 0"), + arg_int1("v", "val", "", "Value to increment by (0-16777215)"), + arg_str0("p", "pwd", "", "PWD to authenticate with"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + uint8_t counter = arg_get_int_def(ctx, 1, 3); + uint32_t value = arg_get_u32_def(ctx, 2, 16777216); + + int pwd_len; + uint8_t pwd[4] = { 0x00 }; + CLIGetHexWithReturn(ctx, 3, pwd, &pwd_len); + bool has_key = false; + if (pwd_len) { + has_key = true; + if (pwd_len != 4) { + PrintAndLogEx(WARNING, "incorrect PWD length"); + return PM3_EINVARG; + } + } + + CLIParserFree(ctx); + + if (counter > 2) { + PrintAndLogEx(WARNING, "Counter index must be in range 0-2"); + return PM3_EINVARG; + } + if (value > 16777215) { + PrintAndLogEx(WARNING, "Value to increment must be in range 0-16777215"); + return PM3_EINVARG; + } + + uint8_t increment_cmd[6] = { MIFARE_ULEV1_INCR_CNT, counter, 0x00, 0x00, 0x00, 0x00 }; + + for (uint8_t i = 0; i < 3; i++) { + increment_cmd[i + 2] = (value >> (8 * i)) & 0xff; + } + + iso14a_card_select_t card; + if (ul_select(&card) == false) { + PrintAndLogEx(FAILED, "failed to select card, exiting..."); + return PM3_ESOFT; + } + + uint64_t tagtype = GetHF14AMfU_Type(); + uint64_t tags_with_counter_ul = MFU_TT_UL_EV1_48 | MFU_TT_UL_EV1_128 | MFU_TT_UL_EV1; + uint64_t tags_with_counter_ntag = MFU_TT_NTAG_213 | MFU_TT_NTAG_213_F | MFU_TT_NTAG_213_C | MFU_TT_NTAG_213_TT | MFU_TT_NTAG_215 | MFU_TT_NTAG_216; + if ((tagtype & (tags_with_counter_ul | tags_with_counter_ntag)) == 0) { + PrintAndLogEx(WARNING, "tag type does not have counters"); + DropField(); + return PM3_ESOFT; + } + + bool is_ntag = (tagtype & tags_with_counter_ntag) != 0; + if (is_ntag && (counter != 2)) { + PrintAndLogEx(WARNING, "NTAG only has one counter at index 2"); + DropField(); + return PM3_EINVARG; + } + + uint8_t pack[4] = { 0, 0, 0, 0 }; + if (has_key) { + if (ulev1_requestAuthentication(pwd, pack, sizeof(pack)) == PM3_EWRONGANSWER) { + PrintAndLogEx(FAILED, "authentication failed UL-EV1/NTAG"); + DropField(); + return PM3_ESOFT; + } + } + + uint8_t current_counter[3] = { 0, 0, 0 }; + int len = ulev1_readCounter(counter, current_counter, sizeof(current_counter)); + if (len != sizeof(current_counter)) { + PrintAndLogEx(FAILED, "failed to read old counter"); + if (is_ntag) { + PrintAndLogEx(HINT, "NTAG detected, try reading with PWD"); + } + DropField(); + return PM3_ESOFT; + } + + uint32_t current_counter_num = current_counter[0] | (current_counter[1] << 8) | (current_counter[2] << 16); + PrintAndLogEx(INFO, "Current counter... " _GREEN_("%8d") " - " _GREEN_("%s"), current_counter_num, sprint_hex(current_counter, 3)); + + if ((tagtype & tags_with_counter_ntag) != 0) { + PrintAndLogEx(WARNING, "NTAG detected, unable to manually increment counter"); + DropField(); + return PM3_ESOFT; + } + + uint8_t resp[1] = { 0x00 }; + if (ul_send_cmd_raw(increment_cmd, sizeof(increment_cmd), resp, sizeof(resp)) < 0) { + PrintAndLogEx(FAILED, "failed to increment counter"); + DropField(); + return PM3_ESOFT; + } + + uint8_t new_counter[3] = { 0, 0, 0 }; + int new_len = ulev1_readCounter(counter, new_counter, sizeof(new_counter)); + if (new_len != sizeof(current_counter)) { + PrintAndLogEx(FAILED, "failed to read new counter"); + DropField(); + return PM3_ESOFT; + } + + uint32_t new_counter_num = new_counter[0] | (new_counter[1] << 8) | (new_counter[2] << 16); + PrintAndLogEx(INFO, "New counter....... " _GREEN_("%8d") " - " _GREEN_("%s"), new_counter_num, sprint_hex(new_counter, 3)); + + DropField(); + return PM3_SUCCESS; +} + static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"list", CmdHF14AMfuList, AlwaysAvailable, "List MIFARE Ultralight / NTAG history"}, @@ -5845,6 +5958,7 @@ static command_t CommandTable[] = { {"cauth", CmdHF14AMfUCAuth, IfPm3Iso14443a, "Ultralight-C - Authentication"}, {"setpwd", CmdHF14AMfUCSetPwd, IfPm3Iso14443a, "Ultralight-C - Set 3DES key"}, {"dump", CmdHF14AMfUDump, IfPm3Iso14443a, "Dump MIFARE Ultralight family tag to binary file"}, + {"incr", CmdHF14AMfUIncr, IfPm3Iso14443a, "Increments Ev1/NTAG counter"}, {"info", CmdHF14AMfUInfo, IfPm3Iso14443a, "Tag information"}, {"ndefread", CmdHF14MfuNDEFRead, IfPm3Iso14443a, "Prints NDEF records from card"}, {"rdbl", CmdHF14AMfURdBl, IfPm3Iso14443a, "Read block"}, From 4adf6633004ac6efdbd42715e1d7131605d028cc Mon Sep 17 00:00:00 2001 From: Lucifer Voeltner Date: Sun, 1 Dec 2024 16:27:35 +0700 Subject: [PATCH 031/150] Fix Gen 3 APDU block 0 SAK not being written correctly --- armsrc/mifarecmd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 659c5eec0..2eed2ca5c 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -3482,7 +3482,8 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) { retval = PM3_ESOFT; goto OUT; } - cmd[ofs++] = card_info->sak; + cmd[ofs] = block_len < card_info->uidlen ? card_info->sak : cmd[ofs]; + ofs++; cmd[ofs++] = card_info->atqa[0]; cmd[ofs++] = card_info->atqa[1]; AddCrc14A(cmd, sizeof(block_cmd) + MIFARE_BLOCK_SIZE); From ef74de37218776cbab4d7a4fa682c605feac3713 Mon Sep 17 00:00:00 2001 From: Xavier <90627943+kitsunehunter@users.noreply.github.com> Date: Sun, 1 Dec 2024 20:17:05 -0500 Subject: [PATCH 032/150] add static laundry card keys these cards are stored value and manipulating the data is useful Signed-off-by: Xavier <90627943+kitsunehunter@users.noreply.github.com> --- client/dictionaries/mfc_default_keys.dic | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 76b5198b6..646099bad 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2760,3 +2760,9 @@ D37C8F1793F7 56cf3acd90ca 542089792be2 5420aeada758 +#Coinamatic laundry +0734BFB93DAB +85A438F72A8A +#CSC Laundry +212223242555 +717273747555 From 4e40d3d6a732216bbff90de577357a2f9955e3dd Mon Sep 17 00:00:00 2001 From: Xavier <90627943+kitsunehunter@users.noreply.github.com> Date: Sun, 1 Dec 2024 20:27:08 -0500 Subject: [PATCH 033/150] Update mfc_default_keys.dic Signed-off-by: Xavier <90627943+kitsunehunter@users.noreply.github.com> --- client/dictionaries/mfc_default_keys.dic | 3 --- 1 file changed, 3 deletions(-) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 646099bad..f3a339c93 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2760,9 +2760,6 @@ D37C8F1793F7 56cf3acd90ca 542089792be2 5420aeada758 -#Coinamatic laundry -0734BFB93DAB -85A438F72A8A #CSC Laundry 212223242555 717273747555 From 96a1f21764e239551a21e7f1ced3a344969ae64e Mon Sep 17 00:00:00 2001 From: nvx Date: Mon, 2 Dec 2024 16:16:59 +1000 Subject: [PATCH 034/150] fix pacs data in example trace filename --- ...40001.trace => hf_seos_sniff_fc54_cn64001.trace} | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename traces/{hf_seos_sniff_fc60_cn640001.trace => hf_seos_sniff_fc54_cn64001.trace} (100%) diff --git a/traces/hf_seos_sniff_fc60_cn640001.trace b/traces/hf_seos_sniff_fc54_cn64001.trace similarity index 100% rename from traces/hf_seos_sniff_fc60_cn640001.trace rename to traces/hf_seos_sniff_fc54_cn64001.trace From 7fbcb1c30f869c903ade1a2dcd70ec2ae7e3e499 Mon Sep 17 00:00:00 2001 From: nya0 Date: Mon, 2 Dec 2024 16:15:13 +0300 Subject: [PATCH 035/150] added "lf hitag hts dump" command --- client/src/cmdlfhitaghts.c | 91 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/client/src/cmdlfhitaghts.c b/client/src/cmdlfhitaghts.c index d1af178dd..933427ec8 100644 --- a/client/src/cmdlfhitaghts.c +++ b/client/src/cmdlfhitaghts.c @@ -444,6 +444,96 @@ static int CmdLFHitagSRead(const char *Cmd) { return PM3_SUCCESS; } +static int CmdLFHitagSDump(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag hts dump", + "Read all Hitag S memory and save to file\n" + " Crypto mode: \n" + " - key format ISK high + ISK low\n" + " - default key 4F4E4D494B52 (ONMIKR)\n\n" + " 8268/8310 password mode: \n" + " - default password BBDD3399\n", + "lf hitag hts dump --82xx -k BBDD3399 -> pwd mode\n" + "lf hitag hts dump --crypto -> use def crypto\n" + "lf hitag hts dump -k 4F4E4D494B52 -> crypto mode\n" + "lf hitag hts dump --nrar 0102030411223344\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_lit0("8", "82xx", "8268/8310 mode"), + arg_str0(NULL, "nrar", "", "nonce / answer writer, 8 hex bytes"), + arg_lit0(NULL, "crypto", "crypto mode"), + arg_str0("k", "key", "", "pwd or key, 4 or 6 hex bytes"), + arg_int0("m", "mode", "", "response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)"), + arg_str0("f", "file", "", "specify file name"), + arg_lit0(NULL, "ns", "no save to file"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + lf_hitag_data_t packet; + memset(&packet, 0, sizeof(packet)); + + if (process_hitags_common_args(ctx, &packet) < 0) { + CLIParserFree(ctx); + return PM3_EINVARG; + } + + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + + bool nosave = arg_get_lit(ctx, 7); + CLIParserFree(ctx); + + // read all pages + packet.page = 0; + packet.page_count = 0; + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_READ, (uint8_t *) &packet, sizeof(packet)); + + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_LF_HITAGS_READ, &resp, 5000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + print_error(resp.reason); + return PM3_ESOFT; + } + + lf_hts_read_response_t *card = (lf_hts_read_response_t *)resp.data.asBytes; + + const int hts_mem_sizes[] = {1, 8, 64, 64}; + int mem_size = hts_mem_sizes[card->config_page.s.MEMT] * HITAGS_PAGE_SIZE; + + hitags_config_t config = card->config_page.s; + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); + hitags_config_print(config); + + if (nosave) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "Called with no save option"); + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; + } + + if (fnlen < 1) { + char *fptr = filename; + fptr += snprintf(filename, sizeof(filename), "lf-hitags-"); + FillFileNameByUID(fptr, card->pages[HITAGS_UID_PADR], "-dump", HITAGS_PAGE_SIZE); + } + + pm3_save_dump(filename, (uint8_t *)card->pages, mem_size, jsfHitag); + + return PM3_SUCCESS; +} + static int CmdLFHitagSWrite(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf hitag hts wrbl", @@ -615,6 +705,7 @@ static command_t CommandTable[] = { {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("General") " ------------------------"}, {"reader", CmdLFHitagSReader, IfPm3Hitag, "Act like a Hitag S reader"}, {"rdbl", CmdLFHitagSRead, IfPm3Hitag, "Read Hitag S page"}, + {"dump", CmdLFHitagSDump, IfPm3Hitag, "Dump Hitag S pages to a file"}, {"wrbl", CmdLFHitagSWrite, IfPm3Hitag, "Write Hitag S page"}, {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("Simulation") " -----------------------"}, {"sim", CmdLFHitagSSim, IfPm3Hitag, "Simulate Hitag S transponder"}, From 416770c17052d39ad46688ab2f907a3550228c4e Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Mon, 2 Dec 2024 22:43:05 +0100 Subject: [PATCH 036/150] Remove support for 2k MIFARE tags, as it will be better to add this together with other variants of MIFARE Plus in the future --- client/luascripts/hf_mf_ultimatecard.lua | 30 +++--------------------- 1 file changed, 3 insertions(+), 27 deletions(-) diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index 4e65f1942..e3529e366 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -61,9 +61,9 @@ arguments = [[ 9 = Mifare 4k S70 10-byte | 23 = NTAG I2C 2K PLUS *** 10 = UL - NOT WORKING FULLY | 24 = NTAG 213F *** 11 = UL-C - NOT WORKING FULLY | 25 = NTAG 216F - 12 = UL EV1 48b | 26 = Mifare 2k S50 4-byte - 13 = UL EV1 128b | 27 = Mifare 2k S50 7-byte - *** 14 = UL Plus - NOT WORKING YET | 28 = Mifare 2k S50 10-byte + 12 = UL EV1 48b | + 13 = UL EV1 128b | + *** 14 = UL Plus - NOT WORKING YET | -p NTAG password (8 hexsymbols), set NTAG password on tag. -a NTAG pack ( 4 hexsymbols), set NTAG pack on tag. @@ -717,30 +717,6 @@ local function set_type(tagtype) lib14a.disconnect() write_uid('04112233445566778899') write_maxRWblk('3F') - -- Setting Mifare 2k S50 4-byte - elseif tagtype == 26 then - print('Setting: Ultimate Magic card to Mifare 2k S50 4-byte') - connect() - send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000800") - lib14a.disconnect() - write_uid('04112233') - write_maxRWblk('7F') - -- Setting Mifare 2k S50 7-byte - elseif tagtype == 27 then - print('Setting: Ultimate Magic card to Mifare 2k S50 7-byte') - connect() - send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000800") - lib14a.disconnect() - write_uid('04112233445566') - write_maxRWblk('7F') - -- Setting Mifare 2k S50 10-byte - elseif tagtype == 28 then - print('Setting: Ultimate Magic card to Mifare 2k S50 10-byte') - connect() - send("CF".._key.."F000020000000002000978009102DABC19101011121314151684000800") - lib14a.disconnect() - write_uid('04112233445566778899') - write_maxRWblk('7F') -- Setting Mifare 4k S70 4-byte elseif tagtype == 7 then print('Setting: Ultimate Magic card to Mifare 4k S70 4-byte') From cbc7d61781173ea6d79dae796cb8197dea3b6e29 Mon Sep 17 00:00:00 2001 From: Lucifer Voeltner Date: Tue, 3 Dec 2024 10:13:09 +0700 Subject: [PATCH 037/150] modify 'hf mf gen3blk' help to comply with the sak change --- client/src/cmdhfmf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 2bfd6a020..877bbdefb 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -7202,7 +7202,7 @@ static int CmdHf14AGen3Block(const char *Cmd) { " - You can specify part of manufacturer block as\n" " 4/7-bytes for UID change only\n" "\n" - "NOTE: BCC, SAK, ATQA will be calculated automatically" + "NOTE: BCC and ATQA will be calculated automatically" , "hf mf gen3blk --> print current data\n" "hf mf gen3blk -d 01020304 --> set 4 byte uid\n" From e416080ae8e44a8328910962374cad7d4349044f Mon Sep 17 00:00:00 2001 From: Lucifer Voeltner Date: Tue, 3 Dec 2024 10:23:41 +0700 Subject: [PATCH 038/150] make the help message even clearer, and fix a bug featuring me being unable to count --- armsrc/mifarecmd.c | 2 +- client/src/cmdhfmf.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 2eed2ca5c..9820d19a2 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -3482,7 +3482,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) { retval = PM3_ESOFT; goto OUT; } - cmd[ofs] = block_len < card_info->uidlen ? card_info->sak : cmd[ofs]; + cmd[ofs] = block_len <= card_info->uidlen ? card_info->sak : cmd[ofs]; ofs++; cmd[ofs++] = card_info->atqa[0]; cmd[ofs++] = card_info->atqa[1]; diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 877bbdefb..e61a6a7e9 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -7202,7 +7202,8 @@ static int CmdHf14AGen3Block(const char *Cmd) { " - You can specify part of manufacturer block as\n" " 4/7-bytes for UID change only\n" "\n" - "NOTE: BCC and ATQA will be calculated automatically" + "NOTE: BCC and ATQA will be calculated automatically\n" + "SAK will be automatically set to default values if not specified" , "hf mf gen3blk --> print current data\n" "hf mf gen3blk -d 01020304 --> set 4 byte uid\n" From bd803ce8fdaa4f3bcc94483ce4d0368656c519ca Mon Sep 17 00:00:00 2001 From: ANTodorov Date: Sat, 30 Nov 2024 14:38:13 +0200 Subject: [PATCH 039/150] rework to use smart SPI flash detection Check JEDEC ID is in range between 0x0001 ... 0xFFFE, Compare the output from 0x90 and 0x9F, Then the size from the JEDEC ID Otherwise fall-back to 256 kB Extend the spi_flash_decode.py to handle more (known) SPI flash ICs --- CHANGELOG.md | 1 + client/pyscripts/spi_flash_decode.py | 158 ++++++++++++++++++--------- common_arm/flashmem.c | 21 +--- common_arm/flashmem.h | 33 ------ 4 files changed, 114 insertions(+), 99 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52e139959..87968ef48 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed SPI flash detection to calculate the size instead of table lookup, updated spi_flash_decode.py script with more ICs (@ANTodorov) - Add option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva) - Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) diff --git a/client/pyscripts/spi_flash_decode.py b/client/pyscripts/spi_flash_decode.py index 0f125844b..2a89f57af 100644 --- a/client/pyscripts/spi_flash_decode.py +++ b/client/pyscripts/spi_flash_decode.py @@ -12,62 +12,118 @@ except ModuleNotFoundError: return str(s) spi = { + 0x68:{ + "manufacturer": "Boya", + "jedec" : { + 0x40: { + 0x15: { + "part": "BY25Q16BS", + "size": "16mbits", + "sizeB": "2MB", + }, + }, + }, + }, 0x85:{ "manufacturer": "Puya", - 0x60: { - 0x15: { - "part": "P25Q16H", - "size": "16mbits", - "sizeB": "2MB", + "jedec" : { + 0x60: { + 0x15: { + "part": "P25Q16H", + "size": "16mbits", + "sizeB": "2MB", + }, + 0x16: { + "part": "P25Q32H", + "size": "32mbits", + "sizeB": "4MB", + }, + 0x17: { + "part": "P25Q64H", + "size": "64mbits", + "sizeB": "8MB", + }, }, }, }, 0xEF:{ "manufacturer": "Winbond", - 0x30: { - 0x11: { - "part": "W25X10BV", - "size": "1mbits", - "sizeB": "128KB", + "jedec" : { + 0x30: { + 0x11: { + "part": "W25X10BV", + "size": "1mbits", + "sizeB": "128KB", + }, + 0x12: { + "part": "W25X20BV", + "size": "2mbits", + "sizeB": "256KB", + }, + 0x13: { + "part": "W25X40BV", + "size": "4mbits", + "sizeB": "512KB", + }, }, - 0x12: { - "part": "W25X20BV", - "size": "2mbits", - "sizeB": "256KB", + 0x40: { + 0x12: { + "part": "W25Q20BV", + "size": "2mbits", + "sizeB": "256KB", + }, + 0x13: { + "part": "W25Q40BV", + "size": "4mbits", + "sizeB": "512KB", + }, + 0x14: { + "part": "W25Q80BV", + "size": "8mbits", + "sizeB": "1MB", + }, + 0x15: { + "part": "W25Q16BV", + "size": "16mbits", + "sizeB": "2MB", + }, + 0x16: { + "part": "W25Q32BV", + "size": "32mbits", + "sizeB": "4MB", + }, + 0x17: { + "part": "W25Q64BV", + "size": "64mbits", + "sizeB": "8MB", + }, }, - 0x13: { - "part": "W25X40BV", - "size": "4mbits", - "sizeB": "512KB", - }, - }, - 0x40: { - 0x13: { - "part": "W25Q40BV", - "size": "4mbits", - "sizeB": "512KB", - }, - 0x14: { - "part": "W25Q80BV", - "size": "8mbits", - "sizeB": "1MB", - }, - 0x15: { - "part": "W25Q16BV", - "size": "16mbits", - "sizeB": "2MB", - }, - 0x16: { - "part": "W25Q32BV", - "size": "32mbits", - "sizeB": "4MB", - }, - }, - 0x70: { - 0x22: { - "part": "W25Q02JV-IM", - "size": "2mbits", - "sizeB": "256KB", + 0x70: { + 0x14: { + "part": "W25Q80JV", + "size": "8mbits", + "sizeB": "1MB", + }, + 0x15: { + "part": "W25Q16JV", + "size": "16mbits", + "sizeB": "2MB", + }, + 0x16: { + "part": "W25Q32JV", + "size": "32mbits", + "sizeB": "4MB", + }, + 0x17: { + "part": "W25Q64JV", + "size": "64mbits", + "sizeB": "8MB", + }, + 0x22: { + "part": "W25Q02JV-IM", + "size": "2mbits", + "sizeB": "256KB", + }, }, }, }, @@ -90,16 +146,16 @@ for line in p.grabbed_output.split('\n'): did_h = did >> 8 did_l = did & 0xff t = None - + print(f"\n JEDEC ID....... 0x{mid:X} / 0x{did:X}") if mid in spi: mfr = spi[mid]['manufacturer'] - if did_h in spi[mid]: + if did_h in spi[mid]['jedec']: - if did_l in spi[mid][did_h]: + if did_l in spi[mid]['jedec'][did_h]: - t = spi[mid][did_h][did_l] + t = spi[mid]['jedec'][did_h][did_l] print("\n Manufacturer... " + color(f"{mfr}", fg="green") + "\n Device......... " + color(f"{t['part']}", fg="green") + "\n Size........... " + color(f"{t['size']} ({t['sizeB']})", fg="yellow") diff --git a/common_arm/flashmem.c b/common_arm/flashmem.c index 5aa88b0eb..76b475e9c 100644 --- a/common_arm/flashmem.c +++ b/common_arm/flashmem.c @@ -366,7 +366,6 @@ void Flashmem_print_status(void) { ); } - Dbprintf(" Device.................. " _YELLOW_("%s"), spi_flash_data.device); Dbprintf(" Memory size............. " _YELLOW_("%d kB (%d pages * 64k)"), spi_flash_pages64k * 64, spi_flash_pages64k); uint8_t uid[8] = {0, 0, 0, 0, 0, 0, 0, 0}; @@ -442,21 +441,13 @@ bool FlashDetect(void) { } else { if (g_dbglevel > 3) Dbprintf("Flash_ReadID failed reading Mfr/Dev (0x90)"); } - // default device is 'unknown' - spi_flash_data.device = SpiFlashTable[0].device; - + // Check JEDEC data is valid, compare the reported device types and then calculate the number of pages + // It is covering the most (known) cases of devices but probably there are vendors with different data + // They will be handled when there is such cases if (ret) { - for (int i = 0; i < ARRAYLEN(SpiFlashTable); i++) { - if (SpiFlashTable[i].manufacturer_id == spi_flash_data.manufacturer_id) { - if (SpiFlashTable[i].jedec_id == spi_flash_data.jedec_id) { - spi_flash_pages64k = SpiFlashTable[i].pages64k; - spi_flash_data.device = SpiFlashTable[i].device; - break; - } - if (SpiFlashTable[i].device_id == spi_flash_data.device_id) { - spi_flash_data.device = SpiFlashTable[i].device; - break; - } + if (spi_flash_data.jedec_id > 0 && spi_flash_data.jedec_id < 0xFFFF) { + if (((spi_flash_data.device_id + 1) & 0x0F) == (spi_flash_data.jedec_id & 0x000F)) { + spi_flash_pages64k = 1 << (spi_flash_data.jedec_id & 0x000F); } } } diff --git a/common_arm/flashmem.h b/common_arm/flashmem.h index 616575e49..f20dd0bff 100644 --- a/common_arm/flashmem.h +++ b/common_arm/flashmem.h @@ -140,41 +140,8 @@ typedef struct { uint8_t manufacturer_id; uint8_t device_id; uint16_t jedec_id; - uint8_t pages64k; - char *device; } spi_flash_t; -static const spi_flash_t SpiFlashTable[] = { - // first element is the default of 4 * 64kB pages (256kB) - { 0x00, 0x00, 0x0000, 4, "unknown" }, // 256k - // Manufacturer: Puya - { 0x85, 0x14, 0x6015, 32, "P25Q16H" }, // 2048k - // Manufacturer: Winbond - { 0xEF, 0x00, 0x3012, 4, "W25X20BV" }, // 256k - { 0xEF, 0x00, 0x3013, 8, "W25X40BV" }, // 512k - - { 0xEF, 0x00, 0x4013, 8, "W25Q40BV" }, // 512k - { 0xEF, 0x00, 0x4014, 16, "W25Q80BV" }, // 1024k - { 0xEF, 0x14, 0x4015, 32, "W25Q16BV" }, // 2048k - { 0xEF, 0x15, 0x4016, 64, "W25Q32BV" }, // 4096k - - { 0xEF, 0x16, 0x7017, 128, "W25Q64JV" }, // 8192k - { 0xEF, 0x21, 0x7022, 4, "W25Q02JV" }, - - // identified by Manufacturer /Device ID only - /// Manufacturer: Renesas - { 0x1F, 0x46, 0x0000, 32, "AT25XE161D" }, // 2048k - { 0x1F, 0x47, 0x0000, 64, "AT25XE321D" }, // 4096k -// { 0xEF, 0x05, 0x0000, 1, "Winbond!!!" }, // 64k (too small !!!) - { 0xEF, 0x10, 0x0000, 2, "W25*10BV!" }, // 128k (small !!!) - { 0xEF, 0x11, 0x0000, 4, "W25*20BV" }, // 256k - { 0xEF, 0x12, 0x0000, 8, "W25*40BV" }, // 512k - { 0xEF, 0x13, 0x0000, 16, "W25*80BV" }, // 1024k - { 0xEF, 0x14, 0x0000, 32, "W25*16*" }, // 2048k - { 0xEF, 0x15, 0x0000, 64, "W25*32*" }, // 4096k - { 0xEF, 0x16, 0x0000, 128, "W25*64*" } // 8192k -}; - extern uint8_t spi_flash_pages64k; bool FlashDetect(void); From 2950d7870317eb4924fb329b98ad2db7ee2c02ff Mon Sep 17 00:00:00 2001 From: ry4000 <154689120+ry4000@users.noreply.github.com> Date: Tue, 3 Dec 2024 22:51:29 +1100 Subject: [PATCH 040/150] R&Y: Updated DEN MyRide AID in aid_desfire.json - Updated Vendor to its legal name (Masabi Ltd) - Added a standardised description to identify the AID as being issued by Masabi Ltd for its Justride platform. Thank you. -R&Y. Signed-off-by: ry4000 <154689120+ry4000@users.noreply.github.com> --- client/resources/aid_desfire.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 53cb47992..8ecd18a6e 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -1065,10 +1065,10 @@ }, { "AID": "DD00DD", - "Vendor": "Regional Transporation District (RTD) via masabi justride", + "Vendor": "Regional Transporation District (RTD) via Masabi Ltd", "Country": "US", "Name": "MyRide Card (DEN)", - "Description": "DEN MyRide Card", + "Description": "DEN MyRide Card; Masabi Justride Tap and Ride DESFire Smartcard", "Type": "transport" }, { From 537a9f0171ed9fdafd52d1ba7a98fcf098da836b Mon Sep 17 00:00:00 2001 From: libin-ka <46210417+libin-ka@users.noreply.github.com> Date: Tue, 3 Dec 2024 21:04:50 +0800 Subject: [PATCH 041/150] Add files via upload Add Proxmark3 Ultimate FPGA xc2s50-5-tq144.ucf files Signed-off-by: libin-ka <46210417+libin-ka@users.noreply.github.com> --- fpga/xc2s50-5-tq144.ucf | 45 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 fpga/xc2s50-5-tq144.ucf diff --git a/fpga/xc2s50-5-tq144.ucf b/fpga/xc2s50-5-tq144.ucf new file mode 100644 index 000000000..0964e1acf --- /dev/null +++ b/fpga/xc2s50-5-tq144.ucf @@ -0,0 +1,45 @@ +# See the schematic for the pin assignment. + +NET "adc_d<0>" LOC = "P54" ; +NET "adc_d<1>" LOC = "P57" ; +NET "adc_d<2>" LOC = "P59" ; +NET "adc_d<3>" LOC = "P60" ; +NET "adc_d<4>" LOC = "P62" ; +NET "adc_d<5>" LOC = "P63" ; +NET "adc_d<6>" LOC = "P65" ; +NET "adc_d<7>" LOC = "P67" ; +#NET "cross_hi" LOC = "P88" ; +#NET "miso" LOC = "P40" ; +NET "adc_clk" LOC = "P75" ; +NET "adc_noe" LOC = "P74" ; +NET "ck_1356meg" LOC = "P15" ; +NET "ck_1356megb" LOC = "P12" ; +NET "cross_lo" LOC = "P19" ; +NET "dbg" LOC = "P112" ; +NET "mosi" LOC = "P80" ; +NET "ncs" LOC = "P79" ; +NET "pck0" LOC = "P91" ; +NET "pwr_hi" LOC = "P31" ; +NET "pwr_lo" LOC = "P30" ; +NET "pwr_oe1" LOC = "P28" ; +NET "pwr_oe2" LOC = "P27" ; +NET "pwr_oe3" LOC = "P26" ; +NET "pwr_oe4" LOC = "P21" ; +NET "spck" LOC = "P88" ; +NET "ssp_clk" LOC = "P43" ; +NET "ssp_din" LOC = "P99" ; +NET "ssp_dout" LOC = "P94" ; +NET "ssp_frame" LOC = "P100" ; + +# definition of Clock nets: +NET "ck_1356meg" TNM_NET = "clk_net_1356" ; +NET "ck_1356megb" TNM_NET = "clk_net_1356b"; +NET "pck0" TNM_NET = "clk_net_pck0" ; +NET "spck" TNM_NET = "clk_net_spck" ; + +# Timing specs of clock nets: +TIMEGRP "clk_net_1356_all" = "clk_net_1356" "clk_net_1356b" ; +TIMESPEC "TS_1356MHz" = PERIOD "clk_net_1356_all" 74 ns HIGH 37 ns ; +TIMESPEC "TS_24MHz" = PERIOD "clk_net_pck0" 42 ns HIGH 21 ns ; +TIMESPEC "TS_4MHz" = PERIOD "clk_net_spck" 250 ns HIGH 125 ns ; + From 87266654f7a1731c8ea8445549f0d6387c0af4d3 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 4 Dec 2024 08:16:55 +0100 Subject: [PATCH 042/150] MIFARE Plus 4b UID: fix signature check --- CHANGELOG.md | 1 + client/src/cmdhfmfp.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4553467a..86df97e12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Fixed `hf mfp info` fix signature check on 4b UID cards (@doegox) - Automatically set maximum read/write block when using predefined types in `hf_mf_ultimatecard` script (@piotrva) - Changed SPI flash detection to calculate the size instead of table lookup, updated spi_flash_decode.py script with more ICs (@ANTodorov) - Fixed `hf/lf tune` segfault when called from script (@doegox) diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index 9d9ecb880..ab5ce8f46 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -333,10 +333,12 @@ static int CmdHFMFPInfo(const char *Cmd) { // version check uint8_t version[30] = {0}; + uint8_t uid7b[7] = {0}; int version_len = sizeof(version); if (get_plus_version(version, &version_len) == PM3_SUCCESS) { plus_print_version(version); supportVersion = true; + memcpy(uid7b, version + 14, 7); } else { // info about 14a part, historical bytes. infoHF14A(false, false, false); @@ -346,7 +348,11 @@ static int CmdHFMFPInfo(const char *Cmd) { uint8_t signature[56] = {0}; int signature_len = sizeof(signature); if (get_plus_signature(signature, &signature_len) == PM3_SUCCESS) { - plus_print_signature(card.uid, card.uidlen, signature, signature_len); + if (supportVersion) { + plus_print_signature(uid7b, 7, signature, signature_len); + } else { + plus_print_signature(card.uid, card.uidlen, signature, signature_len); + } supportSignature = true; } From 34b2a3175f05a8e0bb8b3ff2f030472e9d3b53a4 Mon Sep 17 00:00:00 2001 From: nvx Date: Wed, 4 Dec 2024 22:20:18 +1000 Subject: [PATCH 043/150] fis MF3ICD40 (D40) secure channel crypto --- CHANGELOG.md | 1 + client/src/mifare/desfirecore.c | 7 +++++-- client/src/mifare/desfiresecurechan.c | 5 ++++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86df97e12..78c36987e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Fixed DESFire D40 secure channel crypto (@nvx) - Fixed `hf mfp info` fix signature check on 4b UID cards (@doegox) - Automatically set maximum read/write block when using predefined types in `hf_mf_ultimatecard` script (@piotrva) - Changed SPI flash detection to calculate the size instead of table lookup, updated spi_flash_decode.py script with more ICs (@ANTodorov) diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index 7bf692184..ac44508f2 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -1222,14 +1222,17 @@ static int DesfireAuthenticateEV1(DesfireContext_t *dctx, DesfireSecureChannel s // - Encrypt our response if (secureChannel == DACd40) { + // Original DESFire (MF3ICD40) silicon can only do encryption operations, so all PCD + // side operations must be decrypt, even when encrypting when doing D40 compatible + // secure channel operations memset(IV, 0, DESFIRE_MAX_CRYPTO_BLOCK_SIZE); - DesfireCryptoEncDecEx(dctx, DCOMainKey, RndA, rndlen, encRndA, true, true, IV); + DesfireCryptoEncDecEx(dctx, DCOMainKey, RndA, rndlen, encRndA, true, false, IV); memcpy(both, encRndA, rndlen); bin_xor(rotRndB, encRndA, rndlen); memset(IV, 0, DESFIRE_MAX_CRYPTO_BLOCK_SIZE); - DesfireCryptoEncDecEx(dctx, DCOMainKey, rotRndB, rndlen, encRndB, true, true, IV); + DesfireCryptoEncDecEx(dctx, DCOMainKey, rotRndB, rndlen, encRndB, true, false, IV); memcpy(both + rndlen, encRndB, rndlen); } else if (secureChannel == DACEV1) { diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c index d35833b4d..85e2d7d94 100644 --- a/client/src/mifare/desfiresecurechan.c +++ b/client/src/mifare/desfiresecurechan.c @@ -313,6 +313,10 @@ static void DesfireSecureChannelEncodeD40(DesfireContext_t *ctx, uint8_t cmd, ui size_t srcmaclen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType)); uint8_t mac[32] = {0}; + PrintAndLogEx(DEBUG, "MACing"); + // Even though original DESFire (MF3ICD40) silicon can only encrypt which means normally + // every PCD operation must be decrypt, verifying a MAC involves the same operation on both + // sides so this is still encrypt here DesfireCryptoEncDecEx(ctx, DCOSessionKeyMac, data, srcmaclen, NULL, true, true, mac); if (DesfireEV1D40TransmitMAC(ctx, cmd)) { @@ -889,4 +893,3 @@ bool PrintChannelModeWarning(uint8_t cmd, DesfireSecureChannel secureChannel, De return found; } - From 5bfd1239ae6d96ea36e99faeb4b4566f0a419a36 Mon Sep 17 00:00:00 2001 From: Lucifer Voeltner Date: Thu, 5 Dec 2024 10:41:26 +0700 Subject: [PATCH 044/150] Add new facility static hotel key --- client/dictionaries/mfc_default_keys.dic | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index f3a339c93..8ad4d8f6e 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2758,8 +2758,10 @@ D37C8F1793F7 # # BW Kantine 56cf3acd90ca -542089792be2 +542089792be2 5420aeada758 #CSC Laundry 212223242555 717273747555 +# Hotel cards, BETECH brand, Vietnam +AAC34D9A4E65 \ No newline at end of file From b1a5df53d3431064bff2430cebd1ee113443812d Mon Sep 17 00:00:00 2001 From: Chris Simon Date: Thu, 5 Dec 2024 10:45:49 +0100 Subject: [PATCH 045/150] Update mfc_default_keys.dic Added Dutch Statistics Agency Signed-off-by: Chris Simon --- client/dictionaries/mfc_default_keys.dic | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 8ad4d8f6e..04b092ea4 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2764,4 +2764,6 @@ D37C8F1793F7 212223242555 717273747555 # Hotel cards, BETECH brand, Vietnam -AAC34D9A4E65 \ No newline at end of file +AAC34D9A4E65 +# Dutch Statistics Agency (CBS) +DC7B15AA0938 From 2850d2aa0fe9236ddd0db178eb2cef3d1fbc3743 Mon Sep 17 00:00:00 2001 From: Chris Simon Date: Thu, 5 Dec 2024 10:48:52 +0100 Subject: [PATCH 046/150] Update CHANGELOG.md Signed-off-by: Chris Simon --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78c36987e..6e07c4c9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) - Added simulation function to `hf iclass legrec` (@antiklesys) +- Added Dutch Statistics Agency default key (@eagle00789) ## [Orca.4.19552][2024-11-22] - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) From 565f3f1feb3a82752cd6c7481959ff55de675729 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 00:34:29 +0100 Subject: [PATCH 047/150] Extend storage allocated for Mifare keys to 4095 keys. Update documentation on the feature and memory map --- CHANGELOG.md | 1 + doc/ext_flash_notes.md | 4 ++-- include/pmflash.h | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e07c4c9c..5462c11be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva) - Fixed DESFire D40 secure channel crypto (@nvx) - Fixed `hf mfp info` fix signature check on 4b UID cards (@doegox) - Automatically set maximum read/write block when using predefined types in `hf_mf_ultimatecard` script (@piotrva) diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index 96b968bc7..6e5fd4e02 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -63,8 +63,8 @@ Page 3: Page3 is used as follows by the Proxmark3 RDV4 firmware: * **MF_KEYS** - * offset: page 3 sector 9 (0x9) @ 3*0x10000+9*0x1000=0x39000 - * length: 2 sectors + * offset: page 3 sector 5 (0x5) @ 3*0x10000+5*0x1000=0x35000 + * length: 6 sectors * **ICLASS_KEYS** * offset: page 3 sector 11 (0xB) @ 3*0x10000+11*0x1000=0x3B000 diff --git a/include/pmflash.h b/include/pmflash.h index bbed4b12e..8f9f9c741 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -28,7 +28,7 @@ // 0x3E000 - 1 4kb sector = settings // 0x3D000 - 1 4kb sector = default T55XX keys dictionary // 0x3B000 - 1 4kb sector = default ICLASS keys dictionary -// 0x38000 - 3 4kb sectors = default MFC keys dictionary +// 0x35000 - 6 4kb sectors = default MFC keys dictionary // #ifndef FLASH_MEM_BLOCK_SIZE # define FLASH_MEM_BLOCK_SIZE 256 @@ -95,9 +95,9 @@ # define DEFAULT_ICLASS_KEYS_OFFSET_P(p64k) (DEFAULT_T55XX_KEYS_OFFSET_P(p64k) - DEFAULT_ICLASS_KEYS_LEN) #endif -// Reserved space for MIFARE Keys = 12 kb +// Reserved space for MIFARE Keys = 24 kb #ifndef DEFAULT_MF_KEYS_OFFSET -# define DEFAULT_MF_KEYS_LEN (0x3000) +# define DEFAULT_MF_KEYS_LEN (0x6000) # define DEFAULT_MF_KEYS_OFFSET (DEFAULT_ICLASS_KEYS_OFFSET - DEFAULT_MF_KEYS_LEN) # define DEFAULT_MF_KEYS_MAX ((DEFAULT_MF_KEYS_LEN - 2) / 6) #endif From 1b781aae9ff02dd8ae6c36abb5f0eac612d33d2c Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 00:35:37 +0100 Subject: [PATCH 048/150] Update documentation on SPI flash memory to use modern client function calls with dashes. --- doc/ext_flash_notes.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index 6e5fd4e02..6a86c7778 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -36,22 +36,22 @@ Therefore a flash address can be interpreted as such: Page 0: * available for user data -* to dump it: `mem dump f page0_dump o 0 l 65536` +* to dump it: `mem dump -f page0_dump -o 0 -l 65536` * to erase it: `mem wipe p 0` Page 1: * available for user data -* to dump it: `mem dump f page1_dump o 65536 l 65536` +* to dump it: `mem dump -f page1_dump -o 65536 -l 65536` * to erase it: `mem wipe p 1` Page 2: * available for user data -* to dump it: `mem dump f page2_dump o 131072 l 65536` +* to dump it: `mem dump -f page2_dump -o 131072 -l 65536` * to erase it: `mem wipe p 2` Page 3: * used by Proxmark3 RDV4 specific functions: flash signature and keys dictionaries, see below for details -* to dump it: `mem dump f page3_dump o 196608 l 65536` +* to dump it: `mem dump -f page3_dump -o 196608 -l 65536` * to erase it: * **Beware** it will erase your flash signature so better to back it up first as you won't be able to regenerate it by yourself! * edit the source code to enable Page 3 as a valid input in the `mem wipe` command. From b1b10c2bea49121d5afe8fcdd311dcb75b78e030 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 00:36:52 +0100 Subject: [PATCH 049/150] As extending SPI flash storage for Mifare need to run init_rdv4 script for a proper operation add a note under compilation instructions --- doc/md/Use_of_Proxmark/0_Compilation-Instructions.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md b/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md index 63076e720..1a291e9cd 100644 --- a/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md +++ b/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md @@ -117,6 +117,17 @@ or proxmark3 /dev/ttyACM0 --flash --unlock-bootloader --image /tmp/my-bootrom.elf --image /tmp/my-fullimage.elf ``` +## Updating SPI flash structure and contents (RDV4.x, some PM3 Easy variants) +^[Top](#top) + +For the devices equipped with external SPI flash memory chip in some cases it might be essential to update the memory structure as well as to upload new keys from the dictionaries. To do so execute following command inside the client: + +``` +[usb] pm3 --> script run init_rdv4 +``` + +For more details prease refer to [this doc](./2_Configuration-and-Verification.md). + ### The button trick ^[Top](#top) From 88d9345bc7d74b5488b52c61d04f7c6e7a6b155e Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 13:12:01 +0100 Subject: [PATCH 050/150] Correct list of flash pages to be erased after extenging Mifare flash dictionary area --- armsrc/appmain.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index ff38906c5..56bf68326 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2753,6 +2753,15 @@ static void PacketReceived(PacketCommandNG *packet) { Flash_WriteEnable(); Flash_Erase4k(3, 0xC); } else if (payload->startidx == DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k)) { + Flash_CheckBusy(BUSY_TIMEOUT); + Flash_WriteEnable(); + Flash_Erase4k(3, 0x5); + Flash_CheckBusy(BUSY_TIMEOUT); + Flash_WriteEnable(); + Flash_Erase4k(3, 0x6); + Flash_CheckBusy(BUSY_TIMEOUT); + Flash_WriteEnable(); + Flash_Erase4k(3, 0x7); Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); Flash_Erase4k(3, 0x8); From a516c2e857aafcb0c5098016d3d9d095b702168b Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 13:14:46 +0100 Subject: [PATCH 051/150] Correct list of flash pages to be erased after extenging Mifare flash dictionary area - update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5462c11be..1fba56039 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Fixed `mem load --mfc` not erasing all SPI flash blocks after extending to 4095 keys (@piotrva) - Extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva) - Fixed DESFire D40 secure channel crypto (@nvx) - Fixed `hf mfp info` fix signature check on 4b UID cards (@doegox) @@ -13,6 +14,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) - Added simulation function to `hf iclass legrec` (@antiklesys) +- Added keys from Momentum firmware projects. (@onovy) - Added Dutch Statistics Agency default key (@eagle00789) ## [Orca.4.19552][2024-11-22] From d46bff75824463735237c1f1ecaa50083a3c86f3 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 13:30:32 +0100 Subject: [PATCH 052/150] Reverting change in Changelog.md commited by repo missynchronization. --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fba56039..5c673bbcd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,6 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) - Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) - Added simulation function to `hf iclass legrec` (@antiklesys) -- Added keys from Momentum firmware projects. (@onovy) - Added Dutch Statistics Agency default key (@eagle00789) ## [Orca.4.19552][2024-11-22] From 0e0dcf4f4ed38604a47f966a094cd941b577d0d1 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 16:48:59 +0100 Subject: [PATCH 053/150] Fix memory erase before writing keys dictionaries for SPI flash with different page number than 4 - always erase on the last page. --- armsrc/appmain.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 56bf68326..2422db883 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2751,34 +2751,34 @@ static void PacketReceived(PacketCommandNG *packet) { if (payload->startidx == DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k)) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0xC); + Flash_Erase4k(spi_flash_pages64k - 1, 0xC); } else if (payload->startidx == DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k)) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0x5); + Flash_Erase4k(spi_flash_pages64k - 1, 0x5); Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0x6); + Flash_Erase4k(spi_flash_pages64k - 1, 0x6); Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0x7); + Flash_Erase4k(spi_flash_pages64k - 1, 0x7); Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0x8); + Flash_Erase4k(spi_flash_pages64k - 1, 0x8); Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0x9); + Flash_Erase4k(spi_flash_pages64k - 1, 0x9); Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0xA); + Flash_Erase4k(spi_flash_pages64k - 1, 0xA); } else if (payload->startidx == DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k)) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0xB); + Flash_Erase4k(spi_flash_pages64k - 1, 0xB); } else if (payload->startidx == FLASH_MEM_SIGNATURE_OFFSET_P(spi_flash_pages64k)) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0xF); + Flash_Erase4k(spi_flash_pages64k - 1, 0xF); } uint16_t res = Flash_Write(payload->startidx, payload->data, payload->len); From 6de7bd2cbac9f8c0205655c6a1210a583fb67631 Mon Sep 17 00:00:00 2001 From: ry4000 <154689120+ry4000@users.noreply.github.com> Date: Sun, 8 Dec 2024 15:14:05 +1100 Subject: [PATCH 054/150] R&Y: Added BDL Go CT and CMH COTA Smartcard AIDs to aid_desfire.json Added with thanks to TheDingo8MyBaby: - BDL Go CT AID - CMH COTA Smartcard AID Signed-off-by: ry4000 <154689120+ry4000@users.noreply.github.com> --- client/resources/aid_desfire.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 8ecd18a6e..489496127 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -1063,6 +1063,14 @@ "Description": "SOF Sofia City Card", "Type": "transport" }, + { + "AID": "CC00CC", + "Vendor": "Central Ohio Transit Authority (COTA) via Masabi Ltd", + "Country": "US", + "Name": "COTA Smartcard (CMH)", + "Description": "CMH COTA Smartcard; Masabi Justride Tap and Ride DESFire Smartcard", + "Type": "transport" + }, { "AID": "DD00DD", "Vendor": "Regional Transporation District (RTD) via Masabi Ltd", @@ -1167,6 +1175,14 @@ "Description": "GRB Tap-N-Go Card", "Type": "transport" }, + { + "AID": "F212A0", + "Vendor": "CTtransit", + "Country": "US", + "Name": "Go CT Card (BDL)", + "Description": "BDL Go CT Card", + "Type": "transport" + }, { "AID": "F21360", "Vendor": "INIT", From 09b31b5978c2c349e975f7d561ec52d84ec1971e Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 9 Dec 2024 14:41:51 +0100 Subject: [PATCH 055/150] hf mfp info: fix support for real 4b cards --- client/src/cmdhfmfp.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index ab5ce8f46..d0d230e1f 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -262,9 +262,15 @@ static int get_plus_signature(uint8_t *signature, int *signature_len) { // GET VERSION static int plus_print_version(uint8_t *version) { - PrintAndLogEx(SUCCESS, "UID: " _GREEN_("%s"), sprint_hex(version + 14, 7)); - PrintAndLogEx(SUCCESS, "Batch number: " _GREEN_("%s"), sprint_hex(version + 21, 5)); - PrintAndLogEx(SUCCESS, "Production date: week " _GREEN_("%02x") " / " _GREEN_("20%02x"), version[7 + 7 + 7 + 5], version[7 + 7 + 7 + 5 + 1]); + if ((version[14] == 0x00) && (version[15] == 0x04)) { + PrintAndLogEx(SUCCESS, "UID: " _GREEN_("%s"), sprint_hex(version + 16, 4)); + PrintAndLogEx(SUCCESS, "Batch number: " _GREEN_("%s"), sprint_hex(version + 20, 5)); + PrintAndLogEx(SUCCESS, "Production date: week " _GREEN_("%02x") " / " _GREEN_("20%02x"), version[7 + 7 + 6 + 5], version[7 + 7 + 7 + 4 + 1]); + } else { + PrintAndLogEx(SUCCESS, "UID: " _GREEN_("%s"), sprint_hex(version + 14, 7)); + PrintAndLogEx(SUCCESS, "Batch number: " _GREEN_("%s"), sprint_hex(version + 21, 5)); + PrintAndLogEx(SUCCESS, "Production date: week " _GREEN_("%02x") " / " _GREEN_("20%02x"), version[7 + 7 + 7 + 5], version[7 + 7 + 7 + 5 + 1]); + } PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Hardware Information")); PrintAndLogEx(INFO, " Raw : %s", sprint_hex(version, 7)); @@ -328,17 +334,24 @@ static int CmdHFMFPInfo(const char *Cmd) { uint64_t select_status = resp.oldarg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + bool Version4BUID = false; bool supportVersion = false; bool supportSignature = false; // version check uint8_t version[30] = {0}; + uint8_t uid4b[4] = {0}; uint8_t uid7b[7] = {0}; int version_len = sizeof(version); if (get_plus_version(version, &version_len) == PM3_SUCCESS) { plus_print_version(version); supportVersion = true; - memcpy(uid7b, version + 14, 7); + if ((version[14] == 0x00) && (version[15] == 0x04)) { + Version4BUID = true; + memcpy(uid4b, version + 16, 4); + } else { + memcpy(uid7b, version + 14, 7); + } } else { // info about 14a part, historical bytes. infoHF14A(false, false, false); @@ -349,7 +362,11 @@ static int CmdHFMFPInfo(const char *Cmd) { int signature_len = sizeof(signature); if (get_plus_signature(signature, &signature_len) == PM3_SUCCESS) { if (supportVersion) { - plus_print_signature(uid7b, 7, signature, signature_len); + if (Version4BUID) { + plus_print_signature(uid4b, 4, signature, signature_len); + } else { + plus_print_signature(uid7b, 7, signature, signature_len); + } } else { plus_print_signature(card.uid, card.uidlen, signature, signature_len); } From a13b1db49f4f0c209bbbce83cbcb3f8865b9d1e2 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 9 Dec 2024 15:16:46 +0100 Subject: [PATCH 056/150] make style --- client/pyscripts/spi_flash_decode.py | 2 +- client/src/cmdhficlass.c | 28 +++++++-------- client/src/cmdhfmfu.c | 38 ++++++++++---------- client/src/cmdlfhitaghts.c | 2 +- client/src/pm3line_vocabulary.h | 2 ++ doc/commands.json | 52 ++++++++++++++++++++++++---- doc/commands.md | 2 ++ 7 files changed, 85 insertions(+), 41 deletions(-) diff --git a/client/pyscripts/spi_flash_decode.py b/client/pyscripts/spi_flash_decode.py index 2a89f57af..1e3aab578 100644 --- a/client/pyscripts/spi_flash_decode.py +++ b/client/pyscripts/spi_flash_decode.py @@ -21,7 +21,7 @@ spi = { "size": "16mbits", "sizeB": "2MB", }, - }, + }, }, }, 0x85:{ diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index b701aeb19..42d23d0f1 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -305,7 +305,7 @@ static iclass_config_card_item_t iclass_config_options[33] = { //Sets block 3 of card 0 presented to the reader to 0, sets block 3 of card 1 presented to the reader to the original value of card 0's block 3 //Continues setting block 3 of presented cards to block 3 of the previous card the reader scanned //This renders cards unreadable and hardly recoverable unless the order of the scanned cards is known. - {"(ELITE Bugger) - Renders cards unusable." , {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x02, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, + {"(ELITE Bugger) - Renders cards unusable.", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x02, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, //Reset Operations {"(RESET) - Reset READER to defaults", {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, {"(RESET) - Reset ENROLLER to defaults", {0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF}}, @@ -4181,7 +4181,7 @@ static void generate_single_key_block_inverted_opt(const uint8_t *startingKey, u 0x95, 0x96, 0x99, 0x9A, 0x9C, 0xA3, 0xA5, 0xA6, 0xA9, 0xAA, 0xAC, 0xB1, 0xB2, 0xB4, 0xB8, 0xC3, 0xC5, 0xC6, 0xC9, 0xCA, 0xCC, 0xD1, 0xD2, 0xD4, 0xD8, 0xE1, 0xE2, 0xE4, 0xE8, 0xF0 - }; + }; uint8_t binary_endings[8]; // Array to store binary values for each ending bit // Extract each bit from the ending_bits[k] and store it in binary_endings @@ -4226,25 +4226,25 @@ static int CmdHFiClassLegacyRecSim(void) { return PM3_ESOFT; } HFiClassCalcDivKey(csn, iClass_Key_Table[0], new_div_key, false); - memcpy(key,new_div_key,PICOPASS_BLOCK_SIZE); + memcpy(key, new_div_key, PICOPASS_BLOCK_SIZE); memcpy(original_key, key, PICOPASS_BLOCK_SIZE); uint8_t zero_key[PICOPASS_BLOCK_SIZE] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; uint8_t zero_key_two[PICOPASS_BLOCK_SIZE] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; int bits_found = -1; uint32_t index = 0; - #define MAX_UPDATES 16777216 +#define MAX_UPDATES 16777216 while (bits_found == -1 && index < MAX_UPDATES) { uint8_t genkeyblock[PICOPASS_BLOCK_SIZE]; uint8_t xorkeyblock[PICOPASS_BLOCK_SIZE] = {0}; - generate_single_key_block_inverted_opt(zero_key, index, genkeyblock); - memcpy(xorkeyblock, genkeyblock, PICOPASS_BLOCK_SIZE); + generate_single_key_block_inverted_opt(zero_key, index, genkeyblock); + memcpy(xorkeyblock, genkeyblock, PICOPASS_BLOCK_SIZE); - for (int i = 0; i < 8 ; i++) { - key[i] = xorkeyblock[i] ^ original_key[i]; - memcpy(zero_key_two, xorkeyblock, PICOPASS_BLOCK_SIZE); - } + for (int i = 0; i < 8 ; i++) { + key[i] = xorkeyblock[i] ^ original_key[i]; + memcpy(zero_key_two, xorkeyblock, PICOPASS_BLOCK_SIZE); + } // Extract the last 3 bits of the first byte uint8_t last_three_bits = key[0] & 0x07; // 0x07 is 00000111 in binary - bitmask @@ -4255,15 +4255,15 @@ static int CmdHFiClassLegacyRecSim(void) { same_bits = false; } } - if (same_bits){ + if (same_bits) { bits_found = index; PrintAndLogEx(SUCCESS, "Original Key: " _GREEN_("%s"), sprint_hex(original_key, sizeof(original_key))); PrintAndLogEx(SUCCESS, "Weak Key: " _GREEN_("%s"), sprint_hex(key, sizeof(key))); PrintAndLogEx(SUCCESS, "Key Updates Required to Weak Key: " _GREEN_("%d"), index); - PrintAndLogEx(SUCCESS, "Estimated Time: ~" _GREEN_("%d")" hours", index/6545); + PrintAndLogEx(SUCCESS, "Estimated Time: ~" _GREEN_("%d")" hours", index / 6545); } - index++; + index++; }//end while PrintAndLogEx(NORMAL, ""); @@ -4305,7 +4305,7 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) { bool allnight = arg_get_lit(ctx, 6); bool sim = arg_get_lit(ctx, 7); - if (sim){ + if (sim) { CmdHFiClassLegacyRecSim(); return PM3_SUCCESS; } diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 68869a6fb..8e0259e2f 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -5828,10 +5828,10 @@ out: static int CmdHF14AMfUIncr(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf mfu incr", - "Increment a MIFARE Ultralight Ev1 counter\n" - "Will read but not increment counter if NTAG is detected", - "hf mfu incr -c 0 -v 1337\n" - "hf mfu incr -c 2 -v 0 -p FFFFFFFF"); + "Increment a MIFARE Ultralight Ev1 counter\n" + "Will read but not increment counter if NTAG is detected", + "hf mfu incr -c 0 -v 1337\n" + "hf mfu incr -c 2 -v 0 -p FFFFFFFF"); void *argtable[] = { arg_param_begin, arg_int1("c", "cnt", "", "Counter index from 0"), @@ -5840,10 +5840,10 @@ static int CmdHF14AMfUIncr(const char *Cmd) { arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); - + uint8_t counter = arg_get_int_def(ctx, 1, 3); uint32_t value = arg_get_u32_def(ctx, 2, 16777216); - + int pwd_len; uint8_t pwd[4] = { 0x00 }; CLIGetHexWithReturn(ctx, 3, pwd, &pwd_len); @@ -5855,9 +5855,9 @@ static int CmdHF14AMfUIncr(const char *Cmd) { return PM3_EINVARG; } } - + CLIParserFree(ctx); - + if (counter > 2) { PrintAndLogEx(WARNING, "Counter index must be in range 0-2"); return PM3_EINVARG; @@ -5866,19 +5866,19 @@ static int CmdHF14AMfUIncr(const char *Cmd) { PrintAndLogEx(WARNING, "Value to increment must be in range 0-16777215"); return PM3_EINVARG; } - + uint8_t increment_cmd[6] = { MIFARE_ULEV1_INCR_CNT, counter, 0x00, 0x00, 0x00, 0x00 }; - + for (uint8_t i = 0; i < 3; i++) { increment_cmd[i + 2] = (value >> (8 * i)) & 0xff; } - + iso14a_card_select_t card; if (ul_select(&card) == false) { PrintAndLogEx(FAILED, "failed to select card, exiting..."); return PM3_ESOFT; } - + uint64_t tagtype = GetHF14AMfU_Type(); uint64_t tags_with_counter_ul = MFU_TT_UL_EV1_48 | MFU_TT_UL_EV1_128 | MFU_TT_UL_EV1; uint64_t tags_with_counter_ntag = MFU_TT_NTAG_213 | MFU_TT_NTAG_213_F | MFU_TT_NTAG_213_C | MFU_TT_NTAG_213_TT | MFU_TT_NTAG_215 | MFU_TT_NTAG_216; @@ -5887,14 +5887,14 @@ static int CmdHF14AMfUIncr(const char *Cmd) { DropField(); return PM3_ESOFT; } - + bool is_ntag = (tagtype & tags_with_counter_ntag) != 0; if (is_ntag && (counter != 2)) { PrintAndLogEx(WARNING, "NTAG only has one counter at index 2"); DropField(); return PM3_EINVARG; } - + uint8_t pack[4] = { 0, 0, 0, 0 }; if (has_key) { if (ulev1_requestAuthentication(pwd, pack, sizeof(pack)) == PM3_EWRONGANSWER) { @@ -5903,7 +5903,7 @@ static int CmdHF14AMfUIncr(const char *Cmd) { return PM3_ESOFT; } } - + uint8_t current_counter[3] = { 0, 0, 0 }; int len = ulev1_readCounter(counter, current_counter, sizeof(current_counter)); if (len != sizeof(current_counter)) { @@ -5914,7 +5914,7 @@ static int CmdHF14AMfUIncr(const char *Cmd) { DropField(); return PM3_ESOFT; } - + uint32_t current_counter_num = current_counter[0] | (current_counter[1] << 8) | (current_counter[2] << 16); PrintAndLogEx(INFO, "Current counter... " _GREEN_("%8d") " - " _GREEN_("%s"), current_counter_num, sprint_hex(current_counter, 3)); @@ -5930,7 +5930,7 @@ static int CmdHF14AMfUIncr(const char *Cmd) { DropField(); return PM3_ESOFT; } - + uint8_t new_counter[3] = { 0, 0, 0 }; int new_len = ulev1_readCounter(counter, new_counter, sizeof(new_counter)); if (new_len != sizeof(current_counter)) { @@ -5938,10 +5938,10 @@ static int CmdHF14AMfUIncr(const char *Cmd) { DropField(); return PM3_ESOFT; } - + uint32_t new_counter_num = new_counter[0] | (new_counter[1] << 8) | (new_counter[2] << 16); PrintAndLogEx(INFO, "New counter....... " _GREEN_("%8d") " - " _GREEN_("%s"), new_counter_num, sprint_hex(new_counter, 3)); - + DropField(); return PM3_SUCCESS; } diff --git a/client/src/cmdlfhitaghts.c b/client/src/cmdlfhitaghts.c index 933427ec8..d3a8932a5 100644 --- a/client/src/cmdlfhitaghts.c +++ b/client/src/cmdlfhitaghts.c @@ -490,7 +490,7 @@ static int CmdLFHitagSDump(const char *Cmd) { // read all pages packet.page = 0; - packet.page_count = 0; + packet.page_count = 0; clearCommandBuffer(); SendCommandNG(CMD_LF_HITAGS_READ, (uint8_t *) &packet, sizeof(packet)); diff --git a/client/src/pm3line_vocabulary.h b/client/src/pm3line_vocabulary.h index bd7fdbc45..14c69c97c 100644 --- a/client/src/pm3line_vocabulary.h +++ b/client/src/pm3line_vocabulary.h @@ -428,6 +428,7 @@ const static vocabulary_t vocabulary[] = { { 0, "hf mfu cauth" }, { 0, "hf mfu setpwd" }, { 0, "hf mfu dump" }, + { 0, "hf mfu incr" }, { 0, "hf mfu info" }, { 0, "hf mfu ndefread" }, { 0, "hf mfu rdbl" }, @@ -677,6 +678,7 @@ const static vocabulary_t vocabulary[] = { { 1, "lf hitag hts list" }, { 0, "lf hitag hts reader" }, { 0, "lf hitag hts rdbl" }, + { 0, "lf hitag hts dump" }, { 0, "lf hitag hts wrbl" }, { 0, "lf hitag hts sim" }, { 1, "lf idteck help" }, diff --git a/doc/commands.json b/doc/commands.json index 2b38642f6..d5f9ca438 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -3500,9 +3500,10 @@ "--loop The number of key retrieval cycles to perform, max 10000, default 100", "--debug Re-enables tracing for debugging. Limits cycles to 1.", "--notest Perform real writes on the card!", - "--allnight Loops the loop for 10 times, recommended loop value of 5000." + "--allnight Loops the loop for 10 times, recommended loop value of 5000.", + "--est Estimates the key updates based on the card's CSN assuming standard key." ], - "usage": "hf iclass legrec [-h] --macs [--index ] [--loop ] [--debug] [--notest] [--allnight]" + "usage": "hf iclass legrec [-h] --macs [--index ] [--loop ] [--debug] [--notest] [--allnight] [--est]" }, "hf iclass loclass": { "command": "hf iclass loclass", @@ -4881,7 +4882,7 @@ }, "hf mf gen3blk": { "command": "hf mf gen3blk", - "description": "Overwrite full manufacturer block for magic Gen3 card - You can specify part of manufacturer block as 4/7-bytes for UID change only NOTE: BCC, SAK, ATQA will be calculated automatically", + "description": "Overwrite full manufacturer block for magic Gen3 card - You can specify part of manufacturer block as 4/7-bytes for UID change only NOTE: BCC and ATQA will be calculated automatically SAK will be automatically set to default values if not specified", "notes": [ "hf mf gen3blk -> print current data", "hf mf gen3blk -d 01020304 -> set 4 byte uid", @@ -5151,9 +5152,10 @@ "FM11RF08S specific options: Incompatible with above options, except -k; output in JSON", "--collect_fm11rf08s collect all nT/{nT}/par_err.", "--collect_fm11rf08s_with_data collect all nT/{nT}/par_err and data blocks.", + "--collect_fm11rf08s_without_backdoor collect all nT/{nT}/par_err without backdoor. Requires first auth keytype and block", "-f, --file Specify a filename for collected data" ], - "usage": "hf mf isen [-hab] [--blk ] [-c ] [-k ] [--blk2 ] [--a2] [--b2] [--c2 ] [--key2 ] [-n ] [--reset] [--hardreset] [--addread] [--addauth] [--incblk2] [--corruptnrar] [--corruptnrarparity] FM11RF08S specific options: [--collect_fm11rf08s] [--collect_fm11rf08s_with_data] [-f ]" + "usage": "hf mf isen [-hab] [--blk ] [-c ] [-k ] [--blk2 ] [--a2] [--b2] [--c2 ] [--key2 ] [-n ] [--reset] [--hardreset] [--addread] [--addauth] [--incblk2] [--corruptnrar] [--corruptnrarparity] FM11RF08S specific options: [--collect_fm11rf08s] [--collect_fm11rf08s_with_data] [--collect_fm11rf08s_without_backdoor] [-f ]" }, "hf mf mad": { "command": "hf mf mad", @@ -7116,6 +7118,22 @@ ], "usage": "hf 14a list [-h1crux] [--frame] [-f ]" }, + "hf mfu incr": { + "command": "hf mfu incr", + "description": "Increment a MIFARE Ultralight Ev1 counter Will read but not increment counter if NTAG is detected", + "notes": [ + "hf mfu incr -c 0 -v 1337", + "hf mfu incr -c 2 -v 0 -p FFFFFFFF" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-c, --cnt Counter index from 0", + "-v, --val Value to increment by (0-16777215)", + "-p, --pwd PWD to authenticate with" + ], + "usage": "hf mfu incr [-h] -c -v [-p ]" + }, "hf mfu info": { "command": "hf mfu info", "description": "Get info about MIFARE Ultralight Family styled tag. Sometimes the tags are locked down, and you may need a key to be able to read the information", @@ -9798,6 +9816,28 @@ ], "usage": "lf hitag list [-h1crux] [--frame] [-f ]" }, + "lf hitag hts dump": { + "command": "lf hitag hts dump", + "description": "Read all Hitag S memory and save to file Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", + "notes": [ + "lf hitag hts dump --82xx -k BBDD3399 -> pwd mode", + "lf hitag hts dump --crypto -> use def crypto", + "lf hitag hts dump -k 4F4E4D494B52 -> crypto mode", + "lf hitag hts dump --nrar 0102030411223344" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-8, --82xx 8268/8310 mode", + "--nrar nonce / answer writer, 8 hex bytes", + "--crypto crypto mode", + "-k, --key pwd or key, 4 or 6 hex bytes", + "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", + "-f, --file specify file name", + "--ns no save to file" + ], + "usage": "lf hitag hts dump [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ] [--ns]" + }, "lf hitag hts help": { "command": "lf hitag hts help", "description": "help This help list List Hitag S trace history --------------------------------------------------------------------------------------- lf hitag hts list available offline: yes Alias of `trace list -t hitags` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", @@ -13001,8 +13041,8 @@ } }, "metadata": { - "commands_extracted": 749, + "commands_extracted": 751, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2024-11-22T02:17:04" + "extracted_on": "2024-12-09T14:16:07" } } diff --git a/doc/commands.md b/doc/commands.md index bf9b82edc..9cd60a66a 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -615,6 +615,7 @@ Check column "offline" for their availability. |`hf mfu cauth `|N |`Ultralight-C - Authentication` |`hf mfu setpwd `|N |`Ultralight-C - Set 3DES key` |`hf mfu dump `|N |`Dump MIFARE Ultralight family tag to binary file` +|`hf mfu incr `|N |`Increments Ev1/NTAG counter` |`hf mfu info `|N |`Tag information` |`hf mfu ndefread `|N |`Prints NDEF records from card` |`hf mfu rdbl `|N |`Read block` @@ -1081,6 +1082,7 @@ Check column "offline" for their availability. |`lf hitag hts list `|Y |`List Hitag S trace history` |`lf hitag hts reader `|N |`Act like a Hitag S reader` |`lf hitag hts rdbl `|N |`Read Hitag S page` +|`lf hitag hts dump `|N |`Dump Hitag S pages to a file` |`lf hitag hts wrbl `|N |`Write Hitag S page` |`lf hitag hts sim `|N |`Simulate Hitag S transponder` From 11848a521ecc7487de7f954684b739b4a3b7d78b Mon Sep 17 00:00:00 2001 From: WillyJL <49810075+Willy-JL@users.noreply.github.com> Date: Tue, 10 Dec 2024 05:20:26 +0100 Subject: [PATCH 057/150] Remove duplicate keys Signed-off-by: WillyJL <49810075+Willy-JL@users.noreply.github.com> --- client/dictionaries/mfc_default_keys.dic | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 913ef99f2..68a95d1c6 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2506,8 +2506,6 @@ AA034F342A55 456776908C48 # BusFacil - Brazilian public transport card for some cities -7b296f353c6b -3fa7217ec575 fae9b14365a9 c567dd4a6004 c567dd4a6005 @@ -2598,10 +2596,6 @@ b1ea40b2caa6 3abf8431003b # Sector 15 - see above # SKGT personalised subscription card -# Sector 0, 2, 16, key A -a0a1a2a3a4a5 -# Sector 8-14, 17-39, key A -ffffffffffff # Sector 1, key A # blue f1df0ca8948b @@ -3037,4 +3031,4 @@ F833E24C3F1C AAC34D9A4E65 # # Dutch Statistics Agency (CBS) -DC7B15AA0938 \ No newline at end of file +DC7B15AA0938 From 9cdef9ceb4a8db209611f801dc0884ac58a589c8 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 11 Dec 2024 10:09:00 +0100 Subject: [PATCH 058/150] updated the uniq.yaml workflow to be case insensitive --- .github/workflows/uniq.yaml | 4 ++-- CHANGELOG.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/uniq.yaml b/.github/workflows/uniq.yaml index e7223aaa8..3c114f844 100644 --- a/.github/workflows/uniq.yaml +++ b/.github/workflows/uniq.yaml @@ -18,5 +18,5 @@ jobs: - name: check unique keys in dic files shell: bash run: | - find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sort | uniq -i -d -c | sort -n -r " - if [[ $(find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sort | uniq -i -d -c | sort -n -r " | grep -v '^\./' | wc -l) -gt 0 ]]; then exit 1; fi + find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sed 's/\(.*\)/\U\1/' | sort | uniq -i -d -c | sort -n -r " + if [[ $(find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sed 's/\(.*\)/\U\1/' | sort | uniq -i -d -c | sort -n -r " | grep -v '^\./' | wc -l) -gt 0 ]]; then exit 1; fi diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fba56039..2aed8d508 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed `uniq.yaml` workflow to be case-insensitive (@iceman1001) - Fixed `mem load --mfc` not erasing all SPI flash blocks after extending to 4095 keys (@piotrva) - Extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva) - Fixed DESFire D40 secure channel crypto (@nvx) From d965d5064edfdecce2f8705c0efd3b64d5112fb6 Mon Sep 17 00:00:00 2001 From: Nathan N Date: Thu, 12 Dec 2024 00:25:44 -0500 Subject: [PATCH 059/150] Remove duplicated condition Signed-off-by: Nathan N --- client/deps/hardnested/hardnested_bf_core.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/client/deps/hardnested/hardnested_bf_core.c b/client/deps/hardnested/hardnested_bf_core.c index c91df187c..22a476999 100644 --- a/client/deps/hardnested/hardnested_bf_core.c +++ b/client/deps/hardnested/hardnested_bf_core.c @@ -442,9 +442,6 @@ uint64_t CRACK_STATES_BITSLICED(uint32_t cuid, uint8_t *best_first_bytes, statel #if MAX_BITSLICES > 64 && results.bytes64[1] == 0 #endif -#if MAX_BITSLICES > 64 - && results.bytes64[1] == 0 -#endif #if MAX_BITSLICES > 128 && results.bytes64[2] == 0 && results.bytes64[3] == 0 From afed67ca2ccf43ad406c45f7957112d017029a42 Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Thu, 12 Dec 2024 18:54:56 +0800 Subject: [PATCH 060/150] Added hf iclass trbl --- CHANGELOG.md | 1 + client/src/cmdhficlass.c | 195 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2aed8d508..fa298c52c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added `hf iclass trbl` to perform tear-off attacks on iClass (@antiklesys) - Changed `uniq.yaml` workflow to be case-insensitive (@iceman1001) - Fixed `mem load --mfc` not erasing all SPI flash blocks after extending to 4095 keys (@piotrva) - Extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 42d23d0f1..18ade8ad4 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -41,6 +41,7 @@ #include "preferences.h" #include "generator.h" #include "cmdhf14b.h" +#include "cmdhw.h" #define NUM_CSNS 9 @@ -2927,6 +2928,199 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) { return PM3_SUCCESS; } +static int CmdHFiClass_TearBlock(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf iclass trbl", + "Tear off an iCLASS tag block", + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA -k 001122334455667B --tdb 100 --tde 150\n" + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA --ki 0 --tdb 100 --tde 150"); + + void *argtable[] = { + arg_param_begin, + arg_str0("k", "key", "", "Access key as 8 hex bytes"), + arg_int0(NULL, "ki", "", "Key index to select key from memory 'hf iclass managekeys'"), + arg_int1(NULL, "blk", "", "block number"), + arg_str1("d", "data", "", "data to write as 8 hex bytes"), + arg_str0("m", "mac", "", "replay mac data (4 hex bytes)"), + arg_lit0(NULL, "credit", "key is assumed to be the credit key"), + arg_lit0(NULL, "elite", "elite computations applied to key"), + arg_lit0(NULL, "raw", "no computations applied to key"), + arg_lit0(NULL, "nr", "replay of NR/MAC"), + arg_lit0("v", "verbose", "verbose output"), + arg_lit0(NULL, "shallow", "use shallow (ASK) reader modulation instead of OOK"), + arg_int1(NULL, "tdb", "", "tearoff delay start in ms"), + arg_int1(NULL, "tde", "", "tearoff delay end in ms"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int key_len = 0; + uint8_t key[8] = {0}; + + CLIGetHexWithReturn(ctx, 1, key, &key_len); + + int key_nr = arg_get_int_def(ctx, 2, -1); + + if (key_len > 0 && key_nr >= 0) { + PrintAndLogEx(ERR, "Please specify key or index, not both"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + + bool auth = false; + + if (key_len > 0) { + auth = true; + if (key_len != 8) { + PrintAndLogEx(ERR, "Key is incorrect length"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } else if (key_nr >= 0) { + if (key_nr < ICLASS_KEYS_MAX) { + auth = true; + memcpy(key, iClass_Key_Table[key_nr], 8); + PrintAndLogEx(SUCCESS, "Using key[%d] " _GREEN_("%s"), key_nr, sprint_hex(iClass_Key_Table[key_nr], 8)); + } else { + PrintAndLogEx(ERR, "Key number is invalid"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } + + int blockno = arg_get_int_def(ctx, 3, 0); + + int data_len = 0; + uint8_t data[8] = {0}; + CLIGetHexWithReturn(ctx, 4, data, &data_len); + + if (data_len != 8) { + PrintAndLogEx(ERR, "Data must be 8 hex bytes (16 hex symbols)"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + + int mac_len = 0; + uint8_t mac[4] = {0}; + CLIGetHexWithReturn(ctx, 5, mac, &mac_len); + + if (mac_len) { + if (mac_len != 4) { + PrintAndLogEx(ERR, "MAC must be 4 hex bytes (8 hex symbols)"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } + + + bool use_credit_key = arg_get_lit(ctx, 6); + bool elite = arg_get_lit(ctx, 7); + bool rawkey = arg_get_lit(ctx, 8); + bool use_replay = arg_get_lit(ctx, 9); + bool verbose = arg_get_lit(ctx, 10); + bool shallow_mod = arg_get_lit(ctx, 11); + int tearoff_start = arg_get_int_def(ctx, 12, 100); + int tearoff_end = arg_get_int_def(ctx, 13, 200); + + if(tearoff_end <= tearoff_start){ + PrintAndLogEx(ERR, "Tearoff end delay must be bigger than the start delay."); + return PM3_EINVARG; + } + + if(tearoff_start < 0 || tearoff_end <= 0){ + PrintAndLogEx(ERR, "Tearoff start/end delays should be bigger than 0."); + return PM3_EINVARG; + } + + CLIParserFree(ctx); + + if ((use_replay + rawkey + elite) > 1) { + PrintAndLogEx(ERR, "Can not use a combo of 'elite', 'raw', 'nr'"); + return PM3_EINVARG; + } + int isok = 0; + tearoff_params_t params; + bool read_ok = false; + while(tearoff_start < tearoff_end && !read_ok){ + //perform read here, repeat if failed or 00s + + uint8_t data_read_orig[8] = {0}; + bool first_read = false; + bool reread = false; + while(!first_read){ + int res_orig = iclass_read_block_ex(key, blockno, 0x88, elite, rawkey, use_replay, verbose, auth, shallow_mod, data_read_orig, false); + if (res_orig == PM3_SUCCESS && !reread){ + if (memcmp(data_read_orig, zeros, 8) == 0){ + reread = true; + }else{ + first_read = true; + reread = false; + } + } else if (res_orig == PM3_SUCCESS && reread){ + first_read = true; + reread = false; + } + } + + params.on = true; + params.delay_us = tearoff_start; + handle_tearoff(¶ms, false); + PrintAndLogEx(INFO, "Tear off delay: "_YELLOW_("%d")" ms", tearoff_start); + isok = iclass_write_block(blockno, data, mac, key, use_credit_key, elite, rawkey, use_replay, verbose, auth, shallow_mod); + switch (isok) { + case PM3_SUCCESS: + PrintAndLogEx(SUCCESS, "Wrote block " _YELLOW_("%d") " / " _YELLOW_("0x%02X") " ( " _GREEN_("ok") " )", blockno, blockno); + break; + case PM3_ETEAROFF: + break; + default: + PrintAndLogEx(FAILED, "Writing failed"); + break; + } + //read the data back + uint8_t data_read[8] = {0}; + first_read = false; + reread = false; + bool decrease = false; + while(!first_read){ + int res = iclass_read_block_ex(key, blockno, 0x88, elite, rawkey, use_replay, verbose, auth, shallow_mod, data_read, false); + if (res == PM3_SUCCESS && !reread){ + if (memcmp(data_read, zeros, 8) == 0){ + reread = true; + }else{ + first_read = true; + reread = false; + } + } else if (res == PM3_SUCCESS && reread){ + first_read = true; + reread = false; + } else if (res != PM3_SUCCESS){ + decrease = true; + } + } + if (decrease && tearoff_start > 0){ //if there was an error reading repeat the tearoff with the same delay + tearoff_start--; + } + bool tear_success = true; + for (int i=0; i Date: Fri, 13 Dec 2024 16:03:45 +0800 Subject: [PATCH 061/150] Update cmdhficlass.c Signed-off-by: Antiklesys --- client/src/cmdhficlass.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 18ade8ad4..fbe8a88bc 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -3012,13 +3012,6 @@ static int CmdHFiClass_TearBlock(const char *Cmd) { } } - - bool use_credit_key = arg_get_lit(ctx, 6); - bool elite = arg_get_lit(ctx, 7); - bool rawkey = arg_get_lit(ctx, 8); - bool use_replay = arg_get_lit(ctx, 9); - bool verbose = arg_get_lit(ctx, 10); - bool shallow_mod = arg_get_lit(ctx, 11); int tearoff_start = arg_get_int_def(ctx, 12, 100); int tearoff_end = arg_get_int_def(ctx, 13, 200); @@ -3032,6 +3025,13 @@ static int CmdHFiClass_TearBlock(const char *Cmd) { return PM3_EINVARG; } + bool use_credit_key = arg_get_lit(ctx, 6); + bool elite = arg_get_lit(ctx, 7); + bool rawkey = arg_get_lit(ctx, 8); + bool use_replay = arg_get_lit(ctx, 9); + bool verbose = arg_get_lit(ctx, 10); + bool shallow_mod = arg_get_lit(ctx, 11); + CLIParserFree(ctx); if ((use_replay + rawkey + elite) > 1) { From 0e819f75a44abbf87146fc63a9f43ec5feae36cb Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 13 Dec 2024 10:22:17 +0100 Subject: [PATCH 062/150] UL AES alt pk --- client/src/cmdhfmfu.c | 4 +++- tools/recover_pk.py | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 8e0259e2f..0b3554a62 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -1416,9 +1416,11 @@ static int ulev1_print_signature(uint64_t tagtype, uint8_t *uid, uint8_t *signat {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, }; - // https://www.nxp.com/docs/en/application-note/AN13452.pdf const ecdsa_publickey_t nxp_mfu_192_public_keys[] = { + // https://www.nxp.com/docs/en/application-note/AN13452.pdf {"NXP Ultralight AES", "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, + // TagInfo + {"NXP Ultralight AES (alt key)", "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, }; /* diff --git a/tools/recover_pk.py b/tools/recover_pk.py index a1dffc9eb..3752ec4ff 100755 --- a/tools/recover_pk.py +++ b/tools/recover_pk.py @@ -172,7 +172,11 @@ def selftests(): 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, - + {'name': "MIFARE Ultralight AES (alt key)", + # uses prime192v1, None, + # TODO more samples + 'samples': ["04A31232241C90", "057595DCC601CA7E21341F1F978FA134F0204D87A33749C56DDB4ABD6F1F26194341DB10093B34C42F524A30DCC5CE54"], + 'pk': "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, {'name': "MIFARE Classic / QL88", 'samples': ["30933C61", "AEA4DD0B800FAC63D4DE08EE91F4650ED825FD6B4D7DEEE98DBC9BAE10BE003E", "20593261", "F762CDD59EEDC075F4DDBA7ECD529FEEE5135C65A84D12EF0A250A321B2012F5"], From 16424a83c9752b6bce0385f116cbfea0312f943b Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 13 Dec 2024 11:47:38 +0100 Subject: [PATCH 063/150] recover_pk Flake8 ignore E501 --- tools/recover_pk.py | 66 ++++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/tools/recover_pk.py b/tools/recover_pk.py index 3752ec4ff..0e5e11eca 100755 --- a/tools/recover_pk.py +++ b/tools/recover_pk.py @@ -106,42 +106,42 @@ def selftests(): 'pk': "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, {'name': "DESFire Light", - 'samples': ["0439556ACB6480", "D5BD0978106E1E38B513642335966AB21E9F950DCFCFAB45FF13D0DC3CA4C2AE7E0D671DF1240937D040DAC4601C5F66ED62C546EE03ED08", - "043B156ACB6480", "76B46932BF2FCF4931A24C755F5CB1686B914F1856177686B864BDAD58EFA6A7493E5C2232F3ADDAA434EA4647BFD1D385BDA6115E77D74C"], - 'pk': "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, + 'samples': ["0439556ACB6480", "D5BD0978106E1E38B513642335966AB21E9F950DCFCFAB45FF13D0DC3CA4C2AE7E0D671DF1240937D040DAC4601C5F66ED62C546EE03ED08", # noqa: E501 + "043B156ACB6480", "76B46932BF2FCF4931A24C755F5CB1686B914F1856177686B864BDAD58EFA6A7493E5C2232F3ADDAA434EA4647BFD1D385BDA6115E77D74C"], # noqa: E501 + 'pk': "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, # noqa: E501 {'name': "DESFire EV2", - 'samples': ["042A41CAE45380", "B2769F8DDB575AEA2A680ADCA8FFED4FAB81A1E9908E2B82FE0FABB697BBD9B23835C416970E75768F12902ACA491349E94E6589EAF4F508", - "045640CAE45380", "D34B53A8C2C100D700DEA1C4C0D0DE4409F3A418CD8D57C4F41F146E42AD9A55F014199ABBF5CA259C7799DB0AE20D5E77D4950AC7E95D33", - "040D259A965B80","B158073A7100C88C3726F4299FA58311FC3CB18744686DE3F234928AD74578F5CAD7FCEC1DCB962ECC7CC000B8557B37F45B76DC6573A58F"], - 'pk': "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, + 'samples': ["042A41CAE45380", "B2769F8DDB575AEA2A680ADCA8FFED4FAB81A1E9908E2B82FE0FABB697BBD9B23835C416970E75768F12902ACA491349E94E6589EAF4F508", # noqa: E501 + "045640CAE45380", "D34B53A8C2C100D700DEA1C4C0D0DE4409F3A418CD8D57C4F41F146E42AD9A55F014199ABBF5CA259C7799DB0AE20D5E77D4950AC7E95D33", # noqa: E501 + "040D259A965B80","B158073A7100C88C3726F4299FA58311FC3CB18744686DE3F234928AD74578F5CAD7FCEC1DCB962ECC7CC000B8557B37F45B76DC6573A58F"], # noqa: E501 + 'pk': "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, # noqa: E501 {'name': "DESFire EV2 XL", - 'samples': ["044ca092806480","9d86dacd3866058b1cf122ff5fc80e997251d99179bc1f996acf6ed7d495da5c39dde699e2760c08d747ef08487b9897d48957e5afd755e2", - "045793d28a6380","e509576a484b4f93b5b97ffa04cb297cae97cff1071bdefd23d5054513e3036203fdd1cdd2cdead0aead88df24ffe7cdaafee1e58a55a745", - "044ba492806480","517b2931355bd9b9f35d72ed90bdab6212d05853abcf9dd45a79d5ceb91d8939c2c90d3a630a4d18a33903a3e23950a7580cf4ca34d03a90"], - 'pk': "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, + 'samples': ["044ca092806480","9d86dacd3866058b1cf122ff5fc80e997251d99179bc1f996acf6ed7d495da5c39dde699e2760c08d747ef08487b9897d48957e5afd755e2", # noqa: E501 + "045793d28a6380","e509576a484b4f93b5b97ffa04cb297cae97cff1071bdefd23d5054513e3036203fdd1cdd2cdead0aead88df24ffe7cdaafee1e58a55a745", # noqa: E501 + "044ba492806480","517b2931355bd9b9f35d72ed90bdab6212d05853abcf9dd45a79d5ceb91d8939c2c90d3a630a4d18a33903a3e23950a7580cf4ca34d03a90"], # noqa: E501 + 'pk': "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, # noqa: E501 {'name': "DESFire EV3", - 'samples': ["04448BD2DB6B80", "5CBB5632795C8F15263FEFB095B51C7B541AFD914A1AE44EF6FB8AF605EDF13DBFEE6C3A2DB372245E671DFE0D42CB1F0D0B8FE67A89D2F6", - "04445DD2DB6B80", "166BFD9F9BFAA451172566101580DF9894F582C4A4E258C15037AD2F35A475CF1D7FB817618623A6569F991931AFB2766984E21A18512A6D"], - 'pk': "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, + 'samples': ["04448BD2DB6B80", "5CBB5632795C8F15263FEFB095B51C7B541AFD914A1AE44EF6FB8AF605EDF13DBFEE6C3A2DB372245E671DFE0D42CB1F0D0B8FE67A89D2F6", # noqa: E501 + "04445DD2DB6B80", "166BFD9F9BFAA451172566101580DF9894F582C4A4E258C15037AD2F35A475CF1D7FB817618623A6569F991931AFB2766984E21A18512A6D"], # noqa: E501 + 'pk': "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, # noqa: E501 {'name': "Mifare Plus EV1", - 'samples': ["042A2B221C5080", "BAC40CD88E9193C58ADA5055350C4F648EB5A7AEC4FCF9BD4CDD7B1C558DE5F59C6636F26286ED48622AAA2331D4DF1CEE23B57B94BDA631", - "04505082346B80", "78B2FCF6769F60B165F5BDEB3A6D0C26967BB165E65A3B400A01C711356FF0A0807AB1A2706FCA419702AC67211287E31D71927BA25AB235", - "12817C48", "3351979A3449CACD9EE113A75B862917F03EFAE68DA399C06342BF8583C88DFE769DF49754A96F7C28B57189FB05B9C10E2305D41423A6EB"], - 'pk': "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, + 'samples': ["042A2B221C5080", "BAC40CD88E9193C58ADA5055350C4F648EB5A7AEC4FCF9BD4CDD7B1C558DE5F59C6636F26286ED48622AAA2331D4DF1CEE23B57B94BDA631", # noqa: E501 + "04505082346B80", "78B2FCF6769F60B165F5BDEB3A6D0C26967BB165E65A3B400A01C711356FF0A0807AB1A2706FCA419702AC67211287E31D71927BA25AB235", # noqa: E501 + "12817C48", "3351979A3449CACD9EE113A75B862917F03EFAE68DA399C06342BF8583C88DFE769DF49754A96F7C28B57189FB05B9C10E2305D41423A6EB"], # noqa: E501 + 'pk': "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, # noqa: E501 {'name': "NTAG413DNA", - 'samples': ["042468222F5C80", "B9211E320F321BD1D0E158E10FF15109B389638BAE15D9909D7725BF1250ED236D66F1AF75C94D60330E4E92535F5E6997675281A5687173", - "042938222F5C80", "18B642797D1FD71806146A7A6EC778D3FDD04F39C4A3B36A592BD1A114DC44E5528380FA766C0B7EA32B284AFBE84300B620369F0686D8CC"], - 'pk': "04bb5d514f7050025c7d0f397310360eec91eaf792e96fc7e0f496cb4e669d414f877b7b27901fe67c2e3b33cd39d1c797715189ac951c2add"}, + 'samples': ["042468222F5C80", "B9211E320F321BD1D0E158E10FF15109B389638BAE15D9909D7725BF1250ED236D66F1AF75C94D60330E4E92535F5E6997675281A5687173", # noqa: E501 + "042938222F5C80", "18B642797D1FD71806146A7A6EC778D3FDD04F39C4A3B36A592BD1A114DC44E5528380FA766C0B7EA32B284AFBE84300B620369F0686D8CC"], # noqa: E501 + 'pk': "04bb5d514f7050025c7d0f397310360eec91eaf792e96fc7e0f496cb4e669d414f877b7b27901fe67c2e3b33cd39d1c797715189ac951c2add"}, # noqa: E501 {'name': "NTAG424DNA", - 'samples': ["0463474AA26A80", "27E9A50E6CA4BA9037C02F7D20A80D0284D0C1D83C67F5A5AC1D8A4EF86C9508417E4E9C6F85AA7920F0ABDED984CAF20467D66EA54BBF08", - "04C46C222A6380", "344A806EBF704C05C19215D2F840529CE365AAD2D08A469A95896D75D477D9FAB02A0C827E9F215BD8EB0E56A3A9A008FB75D706AABBD4DA"], - 'pk': "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, + 'samples': ["0463474AA26A80", "27E9A50E6CA4BA9037C02F7D20A80D0284D0C1D83C67F5A5AC1D8A4EF86C9508417E4E9C6F85AA7920F0ABDED984CAF20467D66EA54BBF08", # noqa: E501 + "04C46C222A6380", "344A806EBF704C05C19215D2F840529CE365AAD2D08A469A95896D75D477D9FAB02A0C827E9F215BD8EB0E56A3A9A008FB75D706AABBD4DA"], # noqa: E501 + 'pk': "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, # noqa: E501 {'name': "Vivokey Spark1", # ! tag signature bytes output by pm3 must be read right to left: @@ -159,24 +159,24 @@ def selftests(): 'pk': "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, # {'name': "Minecraft Earth", # # uses secp256r1?, SHA-256, - # 'samples': ["aa", "DF0E506DFF8FCFC4B7B979D917644445F1230D2C7CDC342AFA842CA240C210BE7275F62073A9670F2DCEFC602CBEE771C2B4CD4A04F3D1EA11F49ABDF7E8B721"], + # 'samples': ["aa", "DF0E506DFF8FCFC4B7B979D917644445F1230D2C7CDC342AFA842CA240C210BE7275F62073A9670F2DCEFC602CBEE771C2B4CD4A04F3D1EA11F49ABDF7E8B721"], # noqa: E501 # 'pk': ""}, {'name': "MIFARE Plus Trojka", # uses secp224r1, None, - 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", - "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], - 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, + 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", # noqa: E501 + "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], # noqa: E501 + 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, # noqa: E501 {'name': "MIFARE Ultralight AES", # uses prime192v1, None, - 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", - "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], - 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, + 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", # noqa: E501 + "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], # noqa: E501 + 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, # noqa: E501 {'name': "MIFARE Ultralight AES (alt key)", # uses prime192v1, None, # TODO more samples - 'samples': ["04A31232241C90", "057595DCC601CA7E21341F1F978FA134F0204D87A33749C56DDB4ABD6F1F26194341DB10093B34C42F524A30DCC5CE54"], - 'pk': "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, + 'samples': ["04A31232241C90", "057595DCC601CA7E21341F1F978FA134F0204D87A33749C56DDB4ABD6F1F26194341DB10093B34C42F524A30DCC5CE54"], # noqa: E501 + 'pk': "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, # noqa: E501 {'name': "MIFARE Classic / QL88", 'samples': ["30933C61", "AEA4DD0B800FAC63D4DE08EE91F4650ED825FD6B4D7DEEE98DBC9BAE10BE003E", "20593261", "F762CDD59EEDC075F4DDBA7ECD529FEEE5135C65A84D12EF0A250A321B2012F5"], From 93639e16a55058133aa10bf132ebfde4c2c78088 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 14 Dec 2024 00:51:58 +0100 Subject: [PATCH 064/150] recover_pk selftests: show curve & hash --- tools/recover_pk.py | 94 +++++++++++++++++++++++---------------------- 1 file changed, 49 insertions(+), 45 deletions(-) diff --git a/tools/recover_pk.py b/tools/recover_pk.py index 0e5e11eca..0024ae44b 100755 --- a/tools/recover_pk.py +++ b/tools/recover_pk.py @@ -106,42 +106,42 @@ def selftests(): 'pk': "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, {'name': "DESFire Light", - 'samples': ["0439556ACB6480", "D5BD0978106E1E38B513642335966AB21E9F950DCFCFAB45FF13D0DC3CA4C2AE7E0D671DF1240937D040DAC4601C5F66ED62C546EE03ED08", # noqa: E501 - "043B156ACB6480", "76B46932BF2FCF4931A24C755F5CB1686B914F1856177686B864BDAD58EFA6A7493E5C2232F3ADDAA434EA4647BFD1D385BDA6115E77D74C"], # noqa: E501 - 'pk': "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, # noqa: E501 + 'samples': ["0439556ACB6480", "D5BD0978106E1E38B513642335966AB21E9F950DCFCFAB45FF13D0DC3CA4C2AE7E0D671DF1240937D040DAC4601C5F66ED62C546EE03ED08", # noqa: E501 + "043B156ACB6480", "76B46932BF2FCF4931A24C755F5CB1686B914F1856177686B864BDAD58EFA6A7493E5C2232F3ADDAA434EA4647BFD1D385BDA6115E77D74C"], # noqa: E501 + 'pk': "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, # noqa: E501 {'name': "DESFire EV2", - 'samples': ["042A41CAE45380", "B2769F8DDB575AEA2A680ADCA8FFED4FAB81A1E9908E2B82FE0FABB697BBD9B23835C416970E75768F12902ACA491349E94E6589EAF4F508", # noqa: E501 - "045640CAE45380", "D34B53A8C2C100D700DEA1C4C0D0DE4409F3A418CD8D57C4F41F146E42AD9A55F014199ABBF5CA259C7799DB0AE20D5E77D4950AC7E95D33", # noqa: E501 - "040D259A965B80","B158073A7100C88C3726F4299FA58311FC3CB18744686DE3F234928AD74578F5CAD7FCEC1DCB962ECC7CC000B8557B37F45B76DC6573A58F"], # noqa: E501 - 'pk': "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, # noqa: E501 + 'samples': ["042A41CAE45380", "B2769F8DDB575AEA2A680ADCA8FFED4FAB81A1E9908E2B82FE0FABB697BBD9B23835C416970E75768F12902ACA491349E94E6589EAF4F508", # noqa: E501 + "045640CAE45380", "D34B53A8C2C100D700DEA1C4C0D0DE4409F3A418CD8D57C4F41F146E42AD9A55F014199ABBF5CA259C7799DB0AE20D5E77D4950AC7E95D33", # noqa: E501 + "040D259A965B80", "B158073A7100C88C3726F4299FA58311FC3CB18744686DE3F234928AD74578F5CAD7FCEC1DCB962ECC7CC000B8557B37F45B76DC6573A58F"], # noqa: E501 + 'pk': "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, # noqa: E501 {'name': "DESFire EV2 XL", - 'samples': ["044ca092806480","9d86dacd3866058b1cf122ff5fc80e997251d99179bc1f996acf6ed7d495da5c39dde699e2760c08d747ef08487b9897d48957e5afd755e2", # noqa: E501 - "045793d28a6380","e509576a484b4f93b5b97ffa04cb297cae97cff1071bdefd23d5054513e3036203fdd1cdd2cdead0aead88df24ffe7cdaafee1e58a55a745", # noqa: E501 - "044ba492806480","517b2931355bd9b9f35d72ed90bdab6212d05853abcf9dd45a79d5ceb91d8939c2c90d3a630a4d18a33903a3e23950a7580cf4ca34d03a90"], # noqa: E501 - 'pk': "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, # noqa: E501 + 'samples': ["044ca092806480", "9d86dacd3866058b1cf122ff5fc80e997251d99179bc1f996acf6ed7d495da5c39dde699e2760c08d747ef08487b9897d48957e5afd755e2", # noqa: E501 + "045793d28a6380", "e509576a484b4f93b5b97ffa04cb297cae97cff1071bdefd23d5054513e3036203fdd1cdd2cdead0aead88df24ffe7cdaafee1e58a55a745", # noqa: E501 + "044ba492806480", "517b2931355bd9b9f35d72ed90bdab6212d05853abcf9dd45a79d5ceb91d8939c2c90d3a630a4d18a33903a3e23950a7580cf4ca34d03a90"], # noqa: E501 + 'pk': "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, # noqa: E501 {'name': "DESFire EV3", - 'samples': ["04448BD2DB6B80", "5CBB5632795C8F15263FEFB095B51C7B541AFD914A1AE44EF6FB8AF605EDF13DBFEE6C3A2DB372245E671DFE0D42CB1F0D0B8FE67A89D2F6", # noqa: E501 - "04445DD2DB6B80", "166BFD9F9BFAA451172566101580DF9894F582C4A4E258C15037AD2F35A475CF1D7FB817618623A6569F991931AFB2766984E21A18512A6D"], # noqa: E501 - 'pk': "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, # noqa: E501 + 'samples': ["04448BD2DB6B80", "5CBB5632795C8F15263FEFB095B51C7B541AFD914A1AE44EF6FB8AF605EDF13DBFEE6C3A2DB372245E671DFE0D42CB1F0D0B8FE67A89D2F6", # noqa: E501 + "04445DD2DB6B80", "166BFD9F9BFAA451172566101580DF9894F582C4A4E258C15037AD2F35A475CF1D7FB817618623A6569F991931AFB2766984E21A18512A6D"], # noqa: E501 + 'pk': "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, # noqa: E501 {'name': "Mifare Plus EV1", - 'samples': ["042A2B221C5080", "BAC40CD88E9193C58ADA5055350C4F648EB5A7AEC4FCF9BD4CDD7B1C558DE5F59C6636F26286ED48622AAA2331D4DF1CEE23B57B94BDA631", # noqa: E501 - "04505082346B80", "78B2FCF6769F60B165F5BDEB3A6D0C26967BB165E65A3B400A01C711356FF0A0807AB1A2706FCA419702AC67211287E31D71927BA25AB235", # noqa: E501 - "12817C48", "3351979A3449CACD9EE113A75B862917F03EFAE68DA399C06342BF8583C88DFE769DF49754A96F7C28B57189FB05B9C10E2305D41423A6EB"], # noqa: E501 - 'pk': "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, # noqa: E501 + 'samples': ["042A2B221C5080", "BAC40CD88E9193C58ADA5055350C4F648EB5A7AEC4FCF9BD4CDD7B1C558DE5F59C6636F26286ED48622AAA2331D4DF1CEE23B57B94BDA631", # noqa: E501 + "04505082346B80", "78B2FCF6769F60B165F5BDEB3A6D0C26967BB165E65A3B400A01C711356FF0A0807AB1A2706FCA419702AC67211287E31D71927BA25AB235", # noqa: E501 + "12817C48", "3351979A3449CACD9EE113A75B862917F03EFAE68DA399C06342BF8583C88DFE769DF49754A96F7C28B57189FB05B9C10E2305D41423A6EB"], # noqa: E501 + 'pk': "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, # noqa: E501 - {'name': "NTAG413DNA", - 'samples': ["042468222F5C80", "B9211E320F321BD1D0E158E10FF15109B389638BAE15D9909D7725BF1250ED236D66F1AF75C94D60330E4E92535F5E6997675281A5687173", # noqa: E501 - "042938222F5C80", "18B642797D1FD71806146A7A6EC778D3FDD04F39C4A3B36A592BD1A114DC44E5528380FA766C0B7EA32B284AFBE84300B620369F0686D8CC"], # noqa: E501 - 'pk': "04bb5d514f7050025c7d0f397310360eec91eaf792e96fc7e0f496cb4e669d414f877b7b27901fe67c2e3b33cd39d1c797715189ac951c2add"}, # noqa: E501 + {'name': "NTAG413DNA, DESFire EV1", + 'samples': ["042468222F5C80", "B9211E320F321BD1D0E158E10FF15109B389638BAE15D9909D7725BF1250ED236D66F1AF75C94D60330E4E92535F5E6997675281A5687173", # noqa: E501 + "042938222F5C80", "18B642797D1FD71806146A7A6EC778D3FDD04F39C4A3B36A592BD1A114DC44E5528380FA766C0B7EA32B284AFBE84300B620369F0686D8CC"], # noqa: E501 + 'pk': "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD"}, # noqa: E501 {'name': "NTAG424DNA", - 'samples': ["0463474AA26A80", "27E9A50E6CA4BA9037C02F7D20A80D0284D0C1D83C67F5A5AC1D8A4EF86C9508417E4E9C6F85AA7920F0ABDED984CAF20467D66EA54BBF08", # noqa: E501 - "04C46C222A6380", "344A806EBF704C05C19215D2F840529CE365AAD2D08A469A95896D75D477D9FAB02A0C827E9F215BD8EB0E56A3A9A008FB75D706AABBD4DA"], # noqa: E501 - 'pk': "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, # noqa: E501 + 'samples': ["0463474AA26A80", "27E9A50E6CA4BA9037C02F7D20A80D0284D0C1D83C67F5A5AC1D8A4EF86C9508417E4E9C6F85AA7920F0ABDED984CAF20467D66EA54BBF08", # noqa: E501 + "04C46C222A6380", "344A806EBF704C05C19215D2F840529CE365AAD2D08A469A95896D75D477D9FAB02A0C827E9F215BD8EB0E56A3A9A008FB75D706AABBD4DA"], # noqa: E501 + 'pk': "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, # noqa: E501 {'name': "Vivokey Spark1", # ! tag signature bytes output by pm3 must be read right to left: @@ -163,20 +163,20 @@ def selftests(): # 'pk': ""}, {'name': "MIFARE Plus Trojka", # uses secp224r1, None, - 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", # noqa: E501 - "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], # noqa: E501 - 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, # noqa: E501 + 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", # noqa: E501 + "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], # noqa: E501 + 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, # noqa: E501 {'name': "MIFARE Ultralight AES", # uses prime192v1, None, - 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", # noqa: E501 - "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], # noqa: E501 - 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, # noqa: E501 + 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", # noqa: E501 + "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], # noqa: E501 + 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, # noqa: E501 {'name': "MIFARE Ultralight AES (alt key)", # uses prime192v1, None, # TODO more samples - 'samples': ["04A31232241C90", "057595DCC601CA7E21341F1F978FA134F0204D87A33749C56DDB4ABD6F1F26194341DB10093B34C42F524A30DCC5CE54"], # noqa: E501 - 'pk': "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, # noqa: E501 + 'samples': ["04A31232241C90", "057595DCC601CA7E21341F1F978FA134F0204D87A33749C56DDB4ABD6F1F26194341DB10093B34C42F524A30DCC5CE54"], # noqa: E501 + 'pk': "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, # noqa: E501 {'name': "MIFARE Classic / QL88", 'samples': ["30933C61", "AEA4DD0B800FAC63D4DE08EE91F4650ED825FD6B4D7DEEE98DBC9BAE10BE003E", "20593261", "F762CDD59EEDC075F4DDBA7ECD529FEEE5135C65A84D12EF0A250A321B2012F5"], @@ -208,38 +208,42 @@ def selftests(): succeeded = True for t in tests: - print("Testing %-38s" % (t['name']+":"), end="") + print("Testing %-40s" % (t['name']+":"), end="") curvenames = guess_curvename(t['samples'][1]) recovered = set() for c in curvenames: for h in [None, "md5", "sha1", "sha256", "sha512"]: - recovered |= recover_multiple(t['samples'][::2], t['samples'][1::2], c, alghash=h) + recovered |= set([(c, h, pk) for pk in + recover_multiple(t['samples'][::2], t['samples'][1::2], c, alghash=h)]) if (len(recovered) == 1): - pk = recovered.pop() + c, h, pk = recovered.pop() pk = binascii.hexlify(pk).decode('utf8') if pk.lower() == t['pk'].lower(): - print("( %s )" % color('ok', fg='green')) + print("%15s/%-8s ( %s )" % (c, h, color('ok', fg='green'))) else: succeeded = False - print("( FAIL ) got %s" % pk.lower()) + print("%15s/%-8s ( %s ) got %s" % (c, h, color('fail', fg='red'), pk.lower())) elif len(t['samples'])//2 == 1: - pks = [binascii.hexlify(pk).decode('utf8').lower() for pk in list(recovered)] - if t['pk'].lower() in pks: - print("( %s ) partial" % color('ok', fg='green')) + recovereds = [(c, h) for c, h, pk in list(recovered) + if t['pk'].lower() == binascii.hexlify(pk).decode('utf8').lower()] + if len(recovereds) > 0: + print("%15s/%-8s ( %s ) partial" % (c, h, color('ok', fg='green'))) else: succeeded = False - print("( %s ), got %s" % color('fail', fg='red'), pks) + print(" ( %s ), got" % color('fail', fg='red')) + for c, h, pk in list(recovered): + print(c, h, binascii.hexlify(pk).decode('utf8').lower()) else: - print("( %s )" % color('fail', fg='red')) + print(" ( %s )" % color('fail', fg='red')) succeeded = False - print("=====================================================") + print("===============================================================================") fail = color('fail', fg='red') ok = color('ok', fg='green') - print("Tests: ( %s )" % [fail, ok][succeeded]) + print("Tests: ( %s )" % [fail, ok][succeeded]) print("") From f26727eb28ff48afd2dd747a04270cd122846222 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 14 Dec 2024 02:18:38 +0100 Subject: [PATCH 065/150] Refactor originality checks. Notes: - removed pk "NTAG424DNA, NTAG424DNATT, DESFire Light Ev2", "04B304...3B" which is a typo of "DESFire Ev2", "04B3...3A"}, - MIKRON pk currently not used because I don't know if it's for MFC, MFUL or sth else - ST25TN pk added but currently not used, need to be implemented/tested - ST25TV pk currently not used, need to be implemented/tested --- CHANGELOG.md | 1 + client/CMakeLists.txt | 1 + client/Makefile | 1 + client/experimental_lib/CMakeLists.txt | 1 + client/src/cmdhf15.c | 131 ++++--------------- client/src/cmdhfmf.c | 50 +------- client/src/cmdhfmfdes.c | 58 +-------- client/src/cmdhfmfp.c | 51 +------- client/src/cmdhfmfu.c | 131 +------------------ client/src/cmdhfst25ta.c | 46 +------ client/src/crypto/originality.c | 171 +++++++++++++++++++++++++ client/src/crypto/originality.h | 42 ++++++ 12 files changed, 261 insertions(+), 423 deletions(-) create mode 100644 client/src/crypto/originality.c create mode 100644 client/src/crypto/originality.h diff --git a/CHANGELOG.md b/CHANGELOG.md index 2aed8d508..b6d3ca1da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed originality checks handling to refactor code and pk data (@doegox) - Changed `uniq.yaml` workflow to be case-insensitive (@iceman1001) - Fixed `mem load --mfc` not erasing all SPI flash blocks after extending to 4095 keys (@piotrva) - Extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 544fe5395..2a74b1500 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -270,6 +270,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/crypto/asn1dump.c ${PM3_ROOT}/client/src/crypto/asn1utils.c ${PM3_ROOT}/client/src/crypto/libpcrypto.c + ${PM3_ROOT}/client/src/crypto/originality.c ${PM3_ROOT}/client/src/emv/test/cda_test.c ${PM3_ROOT}/client/src/emv/test/crypto_test.c ${PM3_ROOT}/client/src/emv/test/cryptotest.c diff --git a/client/Makefile b/client/Makefile index f7a59ed3f..d01e08af0 100644 --- a/client/Makefile +++ b/client/Makefile @@ -693,6 +693,7 @@ SRCS = mifare/aiddesfire.c \ crypto/asn1dump.c \ crypto/asn1utils.c\ crypto/libpcrypto.c\ + crypto/originality.c\ emv/cmdemv.c \ emv/crypto.c\ emv/crypto_polarssl.c\ diff --git a/client/experimental_lib/CMakeLists.txt b/client/experimental_lib/CMakeLists.txt index e9ac8bb33..87e653c11 100644 --- a/client/experimental_lib/CMakeLists.txt +++ b/client/experimental_lib/CMakeLists.txt @@ -271,6 +271,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/crypto/asn1dump.c ${PM3_ROOT}/client/src/crypto/asn1utils.c ${PM3_ROOT}/client/src/crypto/libpcrypto.c + ${PM3_ROOT}/client/src/crypto/originality.c ${PM3_ROOT}/client/src/emv/test/cda_test.c ${PM3_ROOT}/client/src/emv/test/crypto_test.c ${PM3_ROOT}/client/src/emv/test/cryptotest.c diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index b5d886382..86a326341 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -43,6 +43,7 @@ #include "cliparser.h" #include "util_posix.h" // msleep #include "iso15.h" // typedef structs / enum +#include "crypto/originality.h" #define FrameSOF Iso15693FrameSOF #define Logic0 Iso15693Logic0 @@ -281,121 +282,35 @@ static const productName_t uidmapping[] = { static int CmdHF15Help(const char *Cmd); static int nxp_15693_print_signature(uint8_t *uid, uint8_t *signature) { - -#define PUBLIC_ECDA_KEYLEN 33 - const ecdsa_publickey_t nxp_15693_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - /* - uint8_t nxp_15693_public_keys[][PUBLIC_ECDA_KEYLEN] = { - // ICODE SLIX2 / DNA - { - 0x04, 0x88, 0x78, 0xA2, 0xA2, 0xD3, 0xEE, 0xC3, - 0x36, 0xB4, 0xF2, 0x61, 0xA0, 0x82, 0xBD, 0x71, - 0xF9, 0xBE, 0x11, 0xC4, 0xE2, 0xE8, 0x96, 0x64, - 0x8B, 0x32, 0xEF, 0xA5, 0x9C, 0xEA, 0x6E, 0x59, 0xF0 - }, - // unknown. Needs identification - { - 0x04, 0x4F, 0x6D, 0x3F, 0x29, 0x4D, 0xEA, 0x57, - 0x37, 0xF0, 0xF4, 0x6F, 0xFE, 0xE8, 0x8A, 0x35, - 0x6E, 0xED, 0x95, 0x69, 0x5D, 0xD7, 0xE0, 0xC2, - 0x7A, 0x59, 0x1E, 0x6F, 0x6F, 0x65, 0x96, 0x2B, 0xAF - }, - // unknown. Needs identification - { - 0x04, 0xA7, 0x48, 0xB6, 0xA6, 0x32, 0xFB, 0xEE, - 0x2C, 0x08, 0x97, 0x70, 0x2B, 0x33, 0xBE, 0xA1, - 0xC0, 0x74, 0x99, 0x8E, 0x17, 0xB8, 0x4A, 0xCA, - 0x04, 0xFF, 0x26, 0x7E, 0x5D, 0x2C, 0x91, 0xF6, 0xDC - }, - // manufacturer public key - { - 0x04, 0x6F, 0x70, 0xAC, 0x55, 0x7F, 0x54, 0x61, - 0xCE, 0x50, 0x52, 0xC8, 0xE4, 0xA7, 0x83, 0x8C, - 0x11, 0xC7, 0xA2, 0x36, 0x79, 0x7E, 0x8A, 0x07, - 0x30, 0xA1, 0x01, 0x83, 0x7C, 0x00, 0x40, 0x39, 0xC2 - }, - // MIKRON public key. - { - 0x04, 0xf9, 0x71, 0xed, 0xa7, 0x42, 0xa4, 0xa8, - 0x0d, 0x32, 0xdc, 0xf6, 0xa8, 0x14, 0xa7, 0x07, - 0xcc, 0x3d, 0xc3, 0x96, 0xd3, 0x59, 0x02, 0xf7, - 0x29, 0x29, 0xfd, 0xcd, 0x69, 0x8b, 0x34, 0x68, 0xf2 - } - }; - */ - - uint8_t revuid[HF15_UID_LENGTH] = {0}; - reverse_array_copy(uid, sizeof(revuid), revuid); - - uint8_t revsign[32] = {0}; - reverse_array_copy(signature, sizeof(revsign), revsign); - - uint8_t i; int reason = 0; - bool is_valid = false; - for (i = 0; i < ARRAYLEN(nxp_15693_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_15693_public_keys[i].value, 0, key, PUBLIC_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 8, signature, 32, false); - is_valid = (res == 0); - if (is_valid) { - reason = 1; - break; - } - + int index = -1; + index = originality_check_verify(uid, 8, signature, 32, PK_MFC); + if (index >= 0) { + reason = 1; + } else { // try with sha256 - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 8, signature, 32, true); - is_valid = (res == 0); - if (is_valid) { + index = originality_check_verify_ex(uid, 8, signature, 32, PK_MFC, false, true); + if (index >= 0) { reason = 2; - break; - } - - // try with reversed uid / signature - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, revuid, sizeof(revuid), revsign, sizeof(revsign), false); - is_valid = (res == 0); - if (is_valid) { - reason = 3; - break; - } - - // try with sha256 - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, revuid, sizeof(revuid), revsign, sizeof(revsign), true); - is_valid = (res == 0); - if (is_valid) { - reason = 4; - break; + } else { + // try with reversed uid / signature + index = originality_check_verify_ex(uid, 8, signature, 32, PK_MFC, true, false); + if (index >= 0) { + reason = 3; + } else { + // try with sha256 and reversed uid / signature + index = originality_check_verify_ex(uid, 8, signature, 32, PK_MFC, true, true); + if (index >= 0) { + reason = 3; + } + } } } - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_valid == false || i == ARRAYLEN(nxp_15693_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; + int ret = originality_check_print(signature, 32, index); + if (ret != PM3_SUCCESS) { + return ret; } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_15693_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_15693_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); switch (reason) { case 1: PrintAndLogEx(INFO, " Params used: UID and signature, plain"); diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index e61a6a7e9..1dedaafca 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -46,6 +46,7 @@ #include "generator.h" // keygens. #include "fpga.h" #include "mifare/mifarehost.h" +#include "crypto/originality.h" static int CmdHelp(const char *Cmd); @@ -68,52 +69,9 @@ static int usage_hf14_keybrute(void) { */ int mfc_ev1_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len) { - - // ref: MIFARE Classic EV1 Originality Signature Validation -#define PUBLIC_MFCEV1_ECDA_KEYLEN 33 - const ecdsa_publickey_t nxp_mfc_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - - uint8_t i; - bool is_valid = false; - - for (i = 0; i < ARRAYLEN(nxp_mfc_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_MFCEV1_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_mfc_public_keys[i].value, 0, key, PUBLIC_MFCEV1_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, uidlen, signature, signature_len, false); - is_valid = (res == 0); - if (is_valid) - break; - } - - PrintAndLogEx(INFO, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_valid == false || i == ARRAYLEN(nxp_mfc_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; - } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfc_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfc_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); - return PM3_SUCCESS; + int index = originality_check_verify(uid, uidlen, signature, signature_len, PK_MFC); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, signature_len, index); } static int mf_read_uid(uint8_t *uid, int *uidlen, int *nxptype) { diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 245fae293..ee8b537c9 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -45,6 +45,7 @@ #include "generator.h" #include "mifare/aiddesfire.h" #include "util.h" +#include "crypto/originality.h" #define MAX_KEY_LEN 24 #define MAX_KEYS_LIST_LEN 1024 @@ -442,61 +443,10 @@ int desfire_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, si PrintAndLogEx(DEBUG, "SIGNATURE=NULL"); return PM3_EINVARG; } - // ref: MIFARE Desfire Originality Signature Validation - // See tools/recover_pk.py to recover Pk from UIDs and signatures -#define PUBLIC_DESFIRE_ECDA_KEYLEN 57 - const ecdsa_publickey_t nxp_desfire_public_keys[] = { - {"NTAG424DNA, DESFire Ev2", "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, - {"NTAG413DNA, DESFire Ev1", "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD"}, - {"DESFire Ev2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, - {"DESFire Ev3", "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, - {"NTAG424DNA, NTAG424DNATT, DESFire Light Ev2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3B"}, - {"DESFire Light", "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, - {"MIFARE Plus Ev1", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, - {"MIFARE Plus Ev2", "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607"}, - {"DESFire Ev2 XL", "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, - {"MIFARE Plus Troika", "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, - }; - - uint32_t i; - bool is_valid = false; - - for (i = 0; i < ARRAYLEN(nxp_desfire_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_DESFIRE_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_desfire_public_keys[i].value, 0, key, PUBLIC_DESFIRE_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false); - is_valid = (res == 0); - if (is_valid) - break; - } -// PrintAndLogEx(NORMAL, ""); -// PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_valid == false || i == ARRAYLEN(nxp_desfire_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; - } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_desfire_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %.32s", nxp_desfire_public_keys[i].value); - PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 32); - PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 64); - PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 96); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); - return PM3_SUCCESS; + int index = originality_check_verify(uid, uidlen, signature, signature_len, PK_MFDES); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, signature_len, index); } static void swap24(uint8_t *data) { diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index d0d230e1f..218b87504 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -35,6 +35,7 @@ #include "crypto/libpcrypto.h" #include "cmdhfmf.h" // printblock, header #include "cmdtrace.h" +#include "crypto/originality.h" static const uint8_t mfp_default_key[16] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; static uint16_t mfp_card_adresses[] = {0x9000, 0x9001, 0x9002, 0x9003, 0x9004, 0x9006, 0x9007, 0xA000, 0xA001, 0xA080, 0xA081, 0xC000, 0xC001}; @@ -190,55 +191,9 @@ static nxp_cardtype_t getCardType(uint8_t type, uint8_t major, uint8_t minor) { // --- GET SIGNATURE static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len) { - - // ref: MIFARE Plus EV1 Originality Signature Validation -#define PUBLIC_PLUS_ECDA_KEYLEN 57 - const ecdsa_publickey_t nxp_plus_public_keys[] = { - {"MIFARE Plus EV1", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, - {"MIFARE Plus Ev2", "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607"}, - {"MIFARE Plus Troika", "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"} - }; - - uint8_t i; - bool is_valid = false; - - for (i = 0; i < ARRAYLEN(nxp_plus_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_PLUS_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_plus_public_keys[i].value, 0, key, PUBLIC_PLUS_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false); - is_valid = (res == 0); - if (is_valid) - break; - } - + int index = originality_check_verify(uid, uidlen, signature, signature_len, PK_MFP); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - - if (is_valid == false || i == ARRAYLEN(nxp_plus_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; - } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_plus_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %.32s", nxp_plus_public_keys[i].value); - PrintAndLogEx(INFO, " : %.32s", nxp_plus_public_keys[i].value + 32); - PrintAndLogEx(INFO, " : %.32s", nxp_plus_public_keys[i].value + 64); - PrintAndLogEx(INFO, " : %.32s", nxp_plus_public_keys[i].value + 96); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); - return PM3_SUCCESS; + return originality_check_print(signature, signature_len, index); } static int get_plus_signature(uint8_t *signature, int *signature_len) { diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 0b3554a62..fafcf2b78 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -35,6 +35,7 @@ #include "fileutils.h" // saveFile #include "cmdtrace.h" // trace list #include "preferences.h" // setDeviceDebugLevel +#include "crypto/originality.h" #define MAX_UL_BLOCKS 0x0F #define MAX_ULC_BLOCKS 0x2F @@ -1397,134 +1398,14 @@ static int ulev1_print_counters(void) { } static int ulev1_print_signature(uint64_t tagtype, uint8_t *uid, uint8_t *signature, size_t signature_len) { - -#define PUBLIC_ECDA_KEYLEN 33 -#define PUBLIC_ECDA_192_KEYLEN 49 - // known public keys for the originality check (source: https://github.com/alexbatalov/node-nxp-originality-verifier) - // ref: AN11350 NTAG 21x Originality Signature Validation - // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation - const ecdsa_publickey_t nxp_mfu_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - - const ecdsa_publickey_t nxp_mfu_192_public_keys[] = { - // https://www.nxp.com/docs/en/application-note/AN13452.pdf - {"NXP Ultralight AES", "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, - // TagInfo - {"NXP Ultralight AES (alt key)", "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, - }; - - /* - uint8_t nxp_mfu_public_keys[6][PUBLIC_ECDA_KEYLEN] = { - // UL, NTAG21x and NDEF - { - 0x04, 0x49, 0x4e, 0x1a, 0x38, 0x6d, 0x3d, 0x3c, - 0xfe, 0x3d, 0xc1, 0x0e, 0x5d, 0xe6, 0x8a, 0x49, - 0x9b, 0x1c, 0x20, 0x2d, 0xb5, 0xb1, 0x32, 0x39, - 0x3e, 0x89, 0xed, 0x19, 0xfe, 0x5b, 0xe8, 0xbc, 0x61 - }, - // UL EV1 - { - 0x04, 0x90, 0x93, 0x3b, 0xdc, 0xd6, 0xe9, 0x9b, - 0x4e, 0x25, 0x5e, 0x3d, 0xa5, 0x53, 0x89, 0xa8, - 0x27, 0x56, 0x4e, 0x11, 0x71, 0x8e, 0x01, 0x72, - 0x92, 0xfa, 0xf2, 0x32, 0x26, 0xa9, 0x66, 0x14, 0xb8 - }, - // unknown. Needs identification - { - 0x04, 0x4F, 0x6D, 0x3F, 0x29, 0x4D, 0xEA, 0x57, - 0x37, 0xF0, 0xF4, 0x6F, 0xFE, 0xE8, 0x8A, 0x35, - 0x6E, 0xED, 0x95, 0x69, 0x5D, 0xD7, 0xE0, 0xC2, - 0x7A, 0x59, 0x1E, 0x6F, 0x6F, 0x65, 0x96, 0x2B, 0xAF - }, - // unknown. Needs identification - { - 0x04, 0xA7, 0x48, 0xB6, 0xA6, 0x32, 0xFB, 0xEE, - 0x2C, 0x08, 0x97, 0x70, 0x2B, 0x33, 0xBE, 0xA1, - 0xC0, 0x74, 0x99, 0x8E, 0x17, 0xB8, 0x4A, 0xCA, - 0x04, 0xFF, 0x26, 0x7E, 0x5D, 0x2C, 0x91, 0xF6, 0xDC - }, - // manufacturer public key - { - 0x04, 0x6F, 0x70, 0xAC, 0x55, 0x7F, 0x54, 0x61, - 0xCE, 0x50, 0x52, 0xC8, 0xE4, 0xA7, 0x83, 0x8C, - 0x11, 0xC7, 0xA2, 0x36, 0x79, 0x7E, 0x8A, 0x07, - 0x30, 0xA1, 0x01, 0x83, 0x7C, 0x00, 0x40, 0x39, 0xC2 - }, - // MIKRON public key. - { - 0x04, 0xf9, 0x71, 0xed, 0xa7, 0x42, 0xa4, 0xa8, - 0x0d, 0x32, 0xdc, 0xf6, 0xa8, 0x14, 0xa7, 0x07, - 0xcc, 0x3d, 0xc3, 0x96, 0xd3, 0x59, 0x02, 0xf7, - 0x29, 0x29, 0xfd, 0xcd, 0x69, 0x8b, 0x34, 0x68, 0xf2 - } - }; - */ - uint8_t i; - bool is_valid = false; + int index = -1; if (signature_len == 32) { - for (i = 0; i < ARRAYLEN(nxp_mfu_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_ECDA_KEYLEN] = {0}; - param_gethex_to_eol(nxp_mfu_public_keys[i].value, 0, key, PUBLIC_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 7, signature, signature_len, false); - - is_valid = (res == 0); - if (is_valid) - break; - } + index = originality_check_verify(uid, 7, signature, signature_len, PK_MFUL); + } else if (signature_len == 48) { + index = originality_check_verify(uid, 7, signature, signature_len, PK_MFULAES); } - - bool is_192_valid = false; - if (signature_len == 48) { - for (i = 0; i < ARRAYLEN(nxp_mfu_192_public_keys); i++) { - int dl = 0; - uint8_t key[PUBLIC_ECDA_192_KEYLEN] = {0}; - param_gethex_to_eol(nxp_mfu_192_public_keys[i].value, 0, key, PUBLIC_ECDA_192_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP192R1, key, uid, 7, signature, signature_len, false); - - is_192_valid = (res == 0); - if (is_192_valid) - break; - } - } - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_192_valid) { - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfu_192_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfu_192_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp192r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, signature_len)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _GREEN_("successful") " )"); - return PM3_SUCCESS; - } - - if (is_valid) { - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfu_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfu_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, signature_len)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _GREEN_("successful") " )"); - return PM3_SUCCESS; - } - - PrintAndLogEx(INFO, " Elliptic curve parameters: %s", (signature_len == 48) ? "NID_secp192r1" : "NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, signature_len)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _RED_("fail") " )"); - return PM3_ESOFT; + return originality_check_print(signature, signature_len, index); } static int ulev1_print_version(uint8_t *data) { diff --git a/client/src/cmdhfst25ta.c b/client/src/cmdhfst25ta.c index 668d3d00d..fcf5791d0 100644 --- a/client/src/cmdhfst25ta.c +++ b/client/src/cmdhfst25ta.c @@ -33,6 +33,7 @@ #include "commonutil.h" // get_sw #include "protocols.h" // ISO7816 APDU return codes #include "crypto/libpcrypto.h" // ecdsa +#include "crypto/originality.h" #define TIMEOUT 2000 @@ -148,48 +149,9 @@ static void print_st25ta_system_info(uint8_t *d, uint8_t n) { } static int print_st25ta_signature(uint8_t *uid, uint8_t *signature) { - -#define PUBLIC_ECDA_KEYLEN 33 - // known public keys for the originality check (source: https://github.com/alexbatalov/node-nxp-originality-verifier) - // ref: AN11350 NTAG 21x Originality Signature Validation - // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation - const ecdsa_publickey_t nxp_mfu_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - - for (uint8_t i = 0; i < ARRAYLEN(nxp_mfu_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_ECDA_KEYLEN] = {0}; - param_gethex_to_eol(nxp_mfu_public_keys[i].value, 0, key, PUBLIC_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 7, signature, 32, true); - - if (res == 0) { - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfu_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfu_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _GREEN_("successful") " )"); - return PM3_SUCCESS; - } - } - - return PM3_ESOFT; + int index = originality_check_verify_ex(uid, 7, signature, 32, PK_ST25, false, true); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, 32, index); } static int st25ta_get_signature(uint8_t *signature) { diff --git a/client/src/crypto/originality.c b/client/src/crypto/originality.c new file mode 100644 index 000000000..e3afa1f47 --- /dev/null +++ b/client/src/crypto/originality.c @@ -0,0 +1,171 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// originality checks with known pk +//----------------------------------------------------------------------------- + +#include "originality.h" +#include // memcpy +#include "ui.h" + +// See tools/recover_pk.py to recover Pk from UIDs and signatures +const ecdsa_publickey_ng_t manufacturer_public_keys[] = { + {PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP MIFARE Classic MFC1C14_x", + "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, + {PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "MIFARE Classic / QL88", + "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, + + // ref: TagInfo + // NTAG 210/212 ? not present in recover_pk + {PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Public key", + "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, + // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation + {PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Ultralight EV1", + "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, + // ref: AN11350 NTAG 21x Originality Signature Validation + {PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP NTAG21x (2013)", + "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, + + // ref: AN13452 MIFARE Ultralight AES features and hints + {PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES", + "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, + // ref: TagInfo + {PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES (alt key)", + "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, + + {PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV1", + "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, + // not present in recover_pk + {PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV2", + "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607"}, + {PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus Troika", + "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, + + // ref: AN12343 MIFARE DESFire Light Features and Hints + // not present in recover_pk + {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire Light", + "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, + {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG413DNA, DESFire EV1", + "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD"}, + {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, NTAG424DNATT, DESFire EV2, DESFire Light EV2", + "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, + // ref: AN12196 NTAG 424 DNA and NTAG 424 DNA TagTamper features and hints + {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, DESFire EV2", + "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, + {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV2 XL", + "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, + {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV3", + "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, + + {PK_ST25, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TA TruST25 (ST) key 01?", + "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, +// FIXME: need to implement support for ST25TN signature check. hash=sha256 - from block 52, followed by ascii UID + {PK_ST25, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TN TruST25 (ST) key 05?", + "0440004F974F7C76BC8718E523D85FA7B354A9A992BFA966CB8219242F9D274FD6"}, +// FIXME: need to implement support for ST25TV signature check. hash=sha256 - from block 63, starting with KeyID ? + {PK_ST25, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) key 04?", + "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, + + {PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP ICODE DNA, ICODE SLIX2", + "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, + {PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "VivoKey Spark1 Public key", + "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, + +// FIXME: what type(s) of card exactly? MFC? MFUL? not present in recover_pk + {PK_MIK, MBEDTLS_ECP_DP_SECP128R1, 33, "MIKRON Public key", + "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, +}; + + +// return pk if match index else -1 +int originality_check_verify(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type) { + return originality_check_verify_ex(data, data_len, signature, signature_len, type, false, false); +} + +int originality_check_verify_ex(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type, bool reverse, bool hash) { + // test if signature is null + bool is_zero = true; + for (uint8_t i = 0; i < signature_len; i++) { + if (signature[i] != 0) { + is_zero = false; + } + } + if (is_zero) { + return -1; + } + + uint8_t tmp_data[data_len]; + uint8_t tmp_signature[signature_len]; + if (reverse) { + reverse_array_copy(data, data_len, tmp_data); + reverse_array_copy(signature, signature_len, tmp_signature); + } else { + memcpy(tmp_data, data, data_len); + memcpy(tmp_signature, signature, signature_len); + } + + for (uint8_t i = 0; i < ARRAYLEN(manufacturer_public_keys); i++) { + if ((type != PK_ALL) && (type != manufacturer_public_keys[i].type)) + continue; + int dl = 0; + uint8_t key[manufacturer_public_keys[i].keylen]; + param_gethex_to_eol(manufacturer_public_keys[i].value, 0, key, manufacturer_public_keys[i].keylen, &dl); + if (ecdsa_signature_r_s_verify(manufacturer_public_keys[i].grp_id, key, tmp_data, data_len, tmp_signature, signature_len, hash) == 0) + return i; + } + return -1; +} + +int originality_check_print(uint8_t *signature, int signature_len, int index) { + if ((index < 0) || (index >= ARRAYLEN(manufacturer_public_keys))) { + PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); + if (signature_len > 16) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); + } + if (signature_len > 32) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); + } + if (signature_len > 48) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); + } + PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); + return PM3_ESOFT; + } + + PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), manufacturer_public_keys[index].desc); + PrintAndLogEx(INFO, "IC signature public key value: %.32s", manufacturer_public_keys[index].value); + if (manufacturer_public_keys[index].keylen > 16) { + PrintAndLogEx(INFO, " : %.32s", manufacturer_public_keys[index].value + 32); + } + if (manufacturer_public_keys[index].keylen > 32) { + PrintAndLogEx(INFO, " : %.32s", manufacturer_public_keys[index].value + 64); + } + if (manufacturer_public_keys[index].keylen > 48) { + PrintAndLogEx(INFO, " : %.32s", manufacturer_public_keys[index].value + 96); + } + PrintAndLogEx(INFO, " Elliptic curve parameters: %s", mbedtls_ecp_curve_info_from_grp_id(manufacturer_public_keys[index].grp_id)->name); + PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); + if (signature_len > 16) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); + } + if (signature_len > 32) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); + } + if (signature_len > 48) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); + } + PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); + return PM3_SUCCESS; +} diff --git a/client/src/crypto/originality.h b/client/src/crypto/originality.h new file mode 100644 index 000000000..e6e8e5b4b --- /dev/null +++ b/client/src/crypto/originality.h @@ -0,0 +1,42 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// originality checks with known pk +//----------------------------------------------------------------------------- + +#ifndef ORIGINALITY_H +#define ORIGINALITY_H + +#include "common.h" +#include "commonutil.h" +#include "libpcrypto.h" +#include +#include + +typedef enum {PK_MFC, PK_MFUL, PK_MFULAES, PK_MFP, PK_MFDES, PK_ST25, PK_15, PK_MIK, PK_ALL} pk_type_t; + +typedef struct { + const pk_type_t type; + const mbedtls_ecp_group_id grp_id; + const uint8_t keylen; + const char *desc; + const char *value; +} PACKED ecdsa_publickey_ng_t; + +int originality_check_verify(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type); +int originality_check_verify_ex(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type, bool reverse, bool hash); +int originality_check_print(uint8_t *signature, int signature_len, int index); + +#endif /* originality.h */ From 86de7f512c354148b24f34e5020fddbbf9622a7a Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 14 Dec 2024 14:39:34 +0100 Subject: [PATCH 066/150] rcovered_pk: fix c/h for partial in selftests --- tools/recover_pk.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/recover_pk.py b/tools/recover_pk.py index 0024ae44b..32fd01587 100755 --- a/tools/recover_pk.py +++ b/tools/recover_pk.py @@ -229,7 +229,8 @@ def selftests(): elif len(t['samples'])//2 == 1: recovereds = [(c, h) for c, h, pk in list(recovered) if t['pk'].lower() == binascii.hexlify(pk).decode('utf8').lower()] - if len(recovereds) > 0: + if len(recovereds) == 1: + c, h = recovereds[0] print("%15s/%-8s ( %s ) partial" % (c, h, color('ok', fg='green'))) else: succeeded = False From c9f2c178418d9d28c20d13213ccf11d630ac2a0b Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 14 Dec 2024 14:53:08 +0100 Subject: [PATCH 067/150] relax ecdsa_publickey_ng_t, should help MacOS compilation --- client/src/crypto/originality.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/crypto/originality.h b/client/src/crypto/originality.h index e6e8e5b4b..25c95f6eb 100644 --- a/client/src/crypto/originality.h +++ b/client/src/crypto/originality.h @@ -33,7 +33,7 @@ typedef struct { const uint8_t keylen; const char *desc; const char *value; -} PACKED ecdsa_publickey_ng_t; +} ecdsa_publickey_ng_t; int originality_check_verify(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type); int originality_check_verify_ex(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type, bool reverse, bool hash); From 571ac282297954f945412740404a7a70912db31f Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Dec 2024 14:02:52 +0100 Subject: [PATCH 068/150] st25ta02kb getsignature: handle locked tags --- client/src/cmdhfst25ta.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhfst25ta.c b/client/src/cmdhfst25ta.c index fcf5791d0..9656d8146 100644 --- a/client/src/cmdhfst25ta.c +++ b/client/src/cmdhfst25ta.c @@ -183,7 +183,13 @@ static int st25ta_get_signature(uint8_t *signature) { } activate_field = false; } - + if (resplen != 32) { + if ((resplen == 2) && (resp[0] == 0x69) && (resp[1] == 0x82)) { + PrintAndLogEx(WARNING, "GetSignature: Security status not satisfied"); + } + DropField(); + return PM3_ESOFT; + } if (signature) { memcpy(signature, resp, 32); } From a4b595c79b42c014eebf58701310997716cd4f07 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Dec 2024 15:14:17 +0100 Subject: [PATCH 069/150] got DESFire Light with that pk... --- client/src/crypto/originality.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/crypto/originality.c b/client/src/crypto/originality.c index e3afa1f47..0fe7c9676 100644 --- a/client/src/crypto/originality.c +++ b/client/src/crypto/originality.c @@ -62,7 +62,7 @@ const ecdsa_publickey_ng_t manufacturer_public_keys[] = { {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, NTAG424DNATT, DESFire EV2, DESFire Light EV2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, // ref: AN12196 NTAG 424 DNA and NTAG 424 DNA TagTamper features and hints - {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, DESFire EV2", + {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, DESFire EV2, DESFire Light", "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV2 XL", "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, From 67ee460137f4b577600ff7bf40ebe1916bdabfd8 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Dec 2024 15:15:36 +0100 Subject: [PATCH 070/150] limit hf st suggstion to st25ta, if STA --- client/src/cmdhf14a.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index d5fbf2633..08d723d8d 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -2680,8 +2680,8 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf mfdes info") "`"); } - if (isST) { - PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf st info") "`"); + if ((isST) && (card.ats_len >= 0)) { + PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf st25ta info") "`"); } if (isEMV) { From be79654eb9252dba8f5e962e6f61bc1c61a51401 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Dec 2024 17:09:23 +0100 Subject: [PATCH 071/150] Add initial support for ST25TN and its signature verification --- CHANGELOG.md | 1 + client/src/cmdhf14a.c | 8 ++- client/src/cmdhfmfu.c | 121 +++++++++++++++++++++++++------- client/src/cmdhfmfu.h | 2 + client/src/cmdhfst25ta.c | 2 +- client/src/crypto/originality.c | 11 +-- client/src/crypto/originality.h | 2 +- 7 files changed, 112 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6d3ca1da..eee8ddc9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added initial support for ST25TN and its signature verification (@doegox) - Changed originality checks handling to refactor code and pk data (@doegox) - Changed `uniq.yaml` workflow to be case-insensitive (@iceman1001) - Fixed `mem load --mfc` not erasing all SPI flash blocks after extending to 4095 keys (@piotrva) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 08d723d8d..cd1db3e08 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -2680,8 +2680,12 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf mfdes info") "`"); } - if ((isST) && (card.ats_len >= 0)) { - PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf st25ta info") "`"); + if (isST) { + if (card.ats_len > 0) { + PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf st25ta info") "`"); + } else { + PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf mfu info") "`"); + } } if (isEMV) { diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index fafcf2b78..5094d40a3 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -54,6 +54,8 @@ #define MAX_MY_D_MOVE_LEAN 0x0F #define MAX_UL_NANO_40 0x0A #define MAX_UL_AES 0x37 +#define MAX_ST25TN512 0x3F +#define MAX_ST25TN01K 0x3F static int CmdHelp(const char *Cmd); @@ -104,7 +106,9 @@ static uint64_t UL_TYPES_ARRAY[] = { MFU_TT_MAGIC_1A, MFU_TT_MAGIC_1B, MFU_TT_MAGIC_NTAG, MFU_TT_NTAG_210u, MFU_TT_UL_MAGIC, MFU_TT_UL_C_MAGIC, - MFU_TT_UL_AES + MFU_TT_UL_AES, + MFU_TT_ST25TN512, MFU_TT_ST25TN01K, + }; static uint8_t UL_MEMORY_ARRAY[ARRAYLEN(UL_TYPES_ARRAY)] = { @@ -125,7 +129,9 @@ static uint8_t UL_MEMORY_ARRAY[ARRAYLEN(UL_TYPES_ARRAY)] = { // MAGIC_1A, MAGIC_1B, MAGIC_NTAG, MAX_UL_BLOCKS, MAX_UL_BLOCKS, MAX_NTAG_216, // NTAG_210u, UL_MAGIC, UL_C_MAGIC - MAX_NTAG_210, MAX_UL_BLOCKS, MAX_ULC_BLOCKS, MAX_UL_AES + MAX_NTAG_210, MAX_UL_BLOCKS, MAX_ULC_BLOCKS, MAX_UL_AES, +// ST25TN512, ST25TN01K, + MAX_ST25TN512, MAX_ST25TN01K, }; static const ul_family_t ul_family[] = { @@ -790,7 +796,13 @@ static int ul_print_default(uint8_t *data, uint8_t *real_uid) { PrintAndLogEx(SUCCESS, " BCC1: %02X ( " _GREEN_("ok") " )", data[8]); else PrintAndLogEx(NORMAL, " BCC1: %02X, crc should be %02X", data[8], crc1); - PrintAndLogEx(SUCCESS, " Internal: %02X ( %s )", data[9], (data[9] == 0x48) ? _GREEN_("default") : _RED_("not default")); + if (uid[0] == 0x04) { + PrintAndLogEx(SUCCESS, " Internal: %02X ( %s )", data[9], (data[9] == 0x48) ? _GREEN_("default") : _RED_("not default")); + } else if (uid[0] == 0x02) { + PrintAndLogEx(SUCCESS, " Sysblock: %02X ( %s )", data[9], (data[9] == 0x2C) ? _GREEN_("default") : _RED_("not default")); + } else { + PrintAndLogEx(SUCCESS, " Internal: %02X", data[9]); + } } else { PrintAndLogEx(SUCCESS, "Blocks 0-2: %s", sprint_hex(data + 0, 12)); } @@ -1012,6 +1024,10 @@ int ul_print_type(uint64_t tagtype, uint8_t spaces) { snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("INFINEON my-d\x99 move lean (SLE 66R01L)"), spaces, ""); else if (tagtype & MFU_TT_FUDAN_UL) snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("FUDAN Ultralight Compatible (or other compatible)"), spaces, ""); + else if (tagtype & MFU_TT_ST25TN512) + snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("ST ST25TN512 64bytes"), spaces, ""); + else if (tagtype & MFU_TT_ST25TN01K) + snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("ST ST25TN01K 160bytes"), spaces, ""); else snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("Unknown %06" PRIx64), spaces, "", tagtype); @@ -1998,17 +2014,55 @@ uint64_t GetHF14AMfU_Type(void) { // Ultralight - ATQA / SAK if (card.atqa[1] != 0x00 || card.atqa[0] != 0x44 || card.sak != 0x00) { - //PrintAndLogEx(NORMAL, "Tag is not Ultralight | NTAG | MY-D [ATQA: %02X %02X SAK: %02X]\n", card.atqa[1], card.atqa[0], card.sak); + //PrintAndLogEx(NORMAL, "Tag is not Ultralight | NTAG | MY-D |ST25TN [ATQA: %02X %02X SAK: %02X]\n", card.atqa[1], card.atqa[0], card.sak); DropField(); return MFU_TT_UL_ERROR; } - - if (card.uid[0] != 0x05) { + if (card.uid[0] == 0x02) { + // ST25TN + // read SYSBLOCK + uint8_t data[4] = {0x00}; + int status = ul_read(0x02, data, sizeof(data)); + if (status <= 1) { + tagtype = MFU_TT_UL; + } else { + status = ul_read(data[1] + 1, data, sizeof(data)); + if (status <= 1) { + tagtype = MFU_TT_UL; + } else { + // data[3] == KID == 0x05 Key ID + // data[2] == REV == 0x13 Product version + if ((data[1]==0x90) && (data[0]==0x90)) { + tagtype = MFU_TT_ST25TN01K; + } else if ((data[1]==0x90) && (data[0]==0x91)) { + tagtype = MFU_TT_ST25TN512; + } + } + } + } else if (card.uid[0] == 0x05) { + // Infineon MY-D tests Exam high nibble + DropField(); + uint8_t nib = (card.uid[1] & 0xf0) >> 4; + switch (nib) { + // case 0: tagtype = SLE66R35E7; break; //or SLE 66R35E7 - mifare compat... should have different sak/atqa for mf 1k + case 1: + tagtype = MFU_TT_MY_D; + break; // or SLE 66RxxS ... up to 512 pages of 8 user bytes... + case 2: + tagtype = MFU_TT_MY_D_NFC; + break; // or SLE 66RxxP ... up to 512 pages of 8 user bytes... (or in nfc mode FF pages of 4 bytes) + case 3: + tagtype = (MFU_TT_MY_D_MOVE | MFU_TT_MY_D_MOVE_NFC); + break; // or SLE 66R01P // 38 pages of 4 bytes //notice: we can not currently distinguish between these two + case 7: + tagtype = MFU_TT_MY_D_MOVE_LEAN; + break; // or SLE 66R01L // 16 pages of 4 bytes + } + } else { uint8_t version[10] = {0x00}; int len = ulev1_getVersion(version, sizeof(version)); DropField(); - switch (len) { case 0x0A: { /* @@ -2096,7 +2150,6 @@ uint64_t GetHF14AMfU_Type(void) { tagtype = MFU_TT_UNKNOWN; break; } - // This is a test from cards that doesn't answer to GET_VERSION command // UL vs UL-C vs NTAG203 vs FUDAN FM11NT021 (which is NTAG213 compatiable) if (tagtype & (MFU_TT_UL | MFU_TT_UL_C | MFU_TT_NTAG_203)) { @@ -2150,25 +2203,6 @@ uint64_t GetHF14AMfU_Type(void) { tagtype = ul_fudan_check(); DropField(); } - } else { - DropField(); - // Infinition MY-D tests Exam high nibble - uint8_t nib = (card.uid[1] & 0xf0) >> 4; - switch (nib) { - // case 0: tagtype = SLE66R35E7; break; //or SLE 66R35E7 - mifare compat... should have different sak/atqa for mf 1k - case 1: - tagtype = MFU_TT_MY_D; - break; // or SLE 66RxxS ... up to 512 pages of 8 user bytes... - case 2: - tagtype = MFU_TT_MY_D_NFC; - break; // or SLE 66RxxP ... up to 512 pages of 8 user bytes... (or in nfc mode FF pages of 4 bytes) - case 3: - tagtype = (MFU_TT_MY_D_MOVE | MFU_TT_MY_D_MOVE_NFC); - break; // or SLE 66R01P // 38 pages of 4 bytes //notice: we can not currently distinguish between these two - case 7: - tagtype = MFU_TT_MY_D_MOVE_LEAN; - break; // or SLE 66R01L // 16 pages of 4 bytes - } } tagtype |= ul_magic_test(); @@ -2378,6 +2412,39 @@ static int CmdHF14AMfUInfo(const char *Cmd) { } } + // ST25TN info & signature + if (tagtype & (MFU_TT_ST25TN512 | MFU_TT_ST25TN01K)) { + status = ul_read(0x02, data, sizeof(data)); + if (status <= 1) { + PrintAndLogEx(ERR, "Error: tag didn't answer to READ SYSBLOCK"); + DropField(); + return PM3_ESOFT; + } + status = ul_read(data[1] + 1, data, sizeof(data)); + if (status <= 1) { + PrintAndLogEx(ERR, "Error: tag didn't answer to READ SYSBLOCK"); + DropField(); + return PM3_ESOFT; + } + PrintAndLogEx(INFO, "--- " _CYAN_("Tag System Information")); + PrintAndLogEx(INFO, " Key ID: %02x", data[3]); + PrintAndLogEx(INFO, " Product Version: %02x", data[2]); + PrintAndLogEx(INFO, " Product Code: %02x%02x", data[1], data[0]); + uint8_t signature[32] = {0}; + for (int blkoff=0; blkoff<8; blkoff++) { + status = ul_read(0x34 + blkoff, signature + (blkoff * 4), 4); + if (status <= 1) { + PrintAndLogEx(ERR, "Error: tag didn't answer to READ SYSBLOCK"); + DropField(); + return PM3_ESOFT; + } + } + // check signature + int index = originality_check_verify_ex(card.uid, 7, signature, sizeof(signature), PK_ST25TN, false, true); + PrintAndLogEx(NORMAL, ""); + originality_check_print(signature, sizeof(signature), index); + } + // Read signature if ((tagtype & (MFU_TT_UL_EV1_48 | MFU_TT_UL_EV1_128 | MFU_TT_UL_EV1 | MFU_TT_UL_NANO_40 | MFU_TT_NTAG_210u | MFU_TT_NTAG_213 | MFU_TT_NTAG_213_F | MFU_TT_NTAG_213_C | diff --git a/client/src/cmdhfmfu.h b/client/src/cmdhfmfu.h index 37dbff558..a365e76d3 100644 --- a/client/src/cmdhfmfu.h +++ b/client/src/cmdhfmfu.h @@ -96,6 +96,8 @@ int CmdHF14MfUTamper(const char *Cmd); #define MFU_TT_MAGIC_4 0x400000000ULL #define MFU_TT_MAGIC_4_GDM 0x800000000ULL #define MFU_TT_MAGIC_NTAG21X 0x1000000000ULL +#define MFU_TT_ST25TN512 0x2000000000ULL +#define MFU_TT_ST25TN01K 0x4000000000ULL #define MFU_TT_UL_MAGIC (MFU_TT_UL | MFU_TT_MAGIC) #define MFU_TT_UL_C_MAGIC (MFU_TT_UL_C | MFU_TT_MAGIC) // Don't forget to fill UL_TYPES_ARRAY and UL_MEMORY_ARRAY if new types are added diff --git a/client/src/cmdhfst25ta.c b/client/src/cmdhfst25ta.c index 9656d8146..7dff65067 100644 --- a/client/src/cmdhfst25ta.c +++ b/client/src/cmdhfst25ta.c @@ -149,7 +149,7 @@ static void print_st25ta_system_info(uint8_t *d, uint8_t n) { } static int print_st25ta_signature(uint8_t *uid, uint8_t *signature) { - int index = originality_check_verify_ex(uid, 7, signature, 32, PK_ST25, false, true); + int index = originality_check_verify_ex(uid, 7, signature, 32, PK_ST25TA, false, true); PrintAndLogEx(NORMAL, ""); return originality_check_print(signature, 32, index); } diff --git a/client/src/crypto/originality.c b/client/src/crypto/originality.c index 0fe7c9676..2dbda1471 100644 --- a/client/src/crypto/originality.c +++ b/client/src/crypto/originality.c @@ -69,13 +69,16 @@ const ecdsa_publickey_ng_t manufacturer_public_keys[] = { {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV3", "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, - {PK_ST25, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TA TruST25 (ST) key 01?", + // ref: AN5101 TruST25 digital signature for ST25TA512B, ST25TA02KB, ST25TA02KB-D and ST25TA02KB-P devices + {PK_ST25TA, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TA TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, -// FIXME: need to implement support for ST25TN signature check. hash=sha256 - from block 52, followed by ascii UID - {PK_ST25, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TN TruST25 (ST) key 05?", + // ref: AN5660 TruST25 digital signature for ST25TN512 and ST25TN01K devices + {PK_ST25TN, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TN TruST25 (ST) KeyID 05", "0440004F974F7C76BC8718E523D85FA7B354A9A992BFA966CB8219242F9D274FD6"}, // FIXME: need to implement support for ST25TV signature check. hash=sha256 - from block 63, starting with KeyID ? - {PK_ST25, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) key 04?", + // ref: AN5104 TruST25 digital signature for ST25TV512 and ST25TV02K devices ? + // ref: AN5580 TruST25 digital signature for ST25TV512C and ST25TV02KC devices + {PK_ST25TV, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, {PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP ICODE DNA, ICODE SLIX2", diff --git a/client/src/crypto/originality.h b/client/src/crypto/originality.h index 25c95f6eb..c6aab57fb 100644 --- a/client/src/crypto/originality.h +++ b/client/src/crypto/originality.h @@ -25,7 +25,7 @@ #include #include -typedef enum {PK_MFC, PK_MFUL, PK_MFULAES, PK_MFP, PK_MFDES, PK_ST25, PK_15, PK_MIK, PK_ALL} pk_type_t; +typedef enum {PK_MFC, PK_MFUL, PK_MFULAES, PK_MFP, PK_MFDES, PK_ST25TA, PK_ST25TN, PK_ST25TV, PK_15, PK_MIK, PK_ALL} pk_type_t; typedef struct { const pk_type_t type; From 59ae5d22850542892bdde4af0b844543268604e0 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Dec 2024 20:53:27 +0100 Subject: [PATCH 072/150] hf 15 info: show all type matches and check ST25TVxC signature --- CHANGELOG.md | 1 + client/src/cmdhf15.c | 128 ++++++++++++++++++++++++++------ client/src/crypto/originality.c | 4 +- 3 files changed, 109 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eee8ddc9f..82cd3f004 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed `hf 15 info` to show all type matches and check ST25TVxC signature (@doegox) - Added initial support for ST25TN and its signature verification (@doegox) - Changed originality checks handling to refactor code and pk data (@doegox) - Changed `uniq.yaml` workflow to be case-insensitive (@iceman1001) diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index 86a326341..b93cf0191 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -331,14 +331,15 @@ static int nxp_15693_print_signature(uint8_t *uid, uint8_t *signature) { // get a product description based on the UID // uid[8] tag uid // returns description of the best match -static const char *getTagInfo_15(const uint8_t *uid) { +static void printTagInfo_15(const uint8_t *uid) { if (uid == NULL) { - return ""; + return; } uint64_t myuid, mask; int i = 0, best = -1; memcpy(&myuid, uid, sizeof(uint64_t)); + // find first best match while (uidmapping[i].mask > 0) { if (uidmapping[i].mask > 64) { mask = uidmapping[i].mask; @@ -356,10 +357,23 @@ static const char *getTagInfo_15(const uint8_t *uid) { } i++; } + if (best >= 0) { + i = 0; + while (uidmapping[i].mask > 0) { + if (uidmapping[i].mask > 64) { + mask = uidmapping[i].mask; + } else { + mask = (~0ULL) << (64 - uidmapping[i].mask); + } + if (((myuid & mask) == uidmapping[i].uid) && (uidmapping[i].mask == uidmapping[best].mask)) { + PrintAndLogEx(SUCCESS, "TYPE MATCH " _YELLOW_("%s"), uidmapping[i].desc); + } + i++; + } + } else { + PrintAndLogEx(SUCCESS, "TYPE...... " _YELLOW_("%s"), uidmapping[i].desc); + } - if (best >= 0) - return uidmapping[best].desc; - return uidmapping[i].desc; } // return a clear-text message to an errorcode @@ -446,7 +460,7 @@ static int getUID(bool verbose, bool loop, uint8_t *buf) { if (verbose) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(SUCCESS, "UID.... " _GREEN_("%s"), iso15693_sprintUID(NULL, buf)); - PrintAndLogEx(SUCCESS, "TYPE... " _YELLOW_("%s"), getTagInfo_15(buf)); + printTagInfo_15(buf); PrintAndLogEx(NORMAL, ""); } res = PM3_SUCCESS; @@ -878,6 +892,66 @@ static int NxpSysInfo(uint8_t *uid) { return PM3_SUCCESS; } +static int StCheckSig(uint8_t *uid) { + // request to be sent to device/card + uint8_t approxlen = 2 + 8 + 1 + 2; + iso15_raw_cmd_t *packet = (iso15_raw_cmd_t *)calloc(1, sizeof(iso15_raw_cmd_t) + approxlen); + if (packet == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return PM3_EMALLOC; + } + + // ISO15693 Protocol params + packet->raw[packet->rawlen++] = arg_get_raw_flag(HF15_UID_LENGTH, false, false, false); + packet->raw[packet->rawlen++] = ISO15693_READBLOCK; + // add UID (scan, uid) + memcpy(packet->raw + packet->rawlen, uid, HF15_UID_LENGTH); + packet->rawlen += HF15_UID_LENGTH; + packet->flags = (ISO15_CONNECT| ISO15_READ_RESPONSE | ISO15_NO_DISCONNECT); + uint16_t blkoff = packet->rawlen; + char signature_hex[65] = {0}; + for (int j=0; j<17; j++) { + packet->rawlen = blkoff; + // block no + packet->raw[packet->rawlen++] = 0x3F + j; + // crc + AddCrc15(packet->raw, packet->rawlen); + packet->rawlen += 2; + clearCommandBuffer(); + SendCommandNG(CMD_HF_ISO15693_COMMAND, (uint8_t *)packet, ISO15_RAW_LEN(packet->rawlen)); + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) { + PrintAndLogEx(DEBUG, "iso15693 timeout"); + free(packet); + DropField(); + return PM3_ETIMEOUT; + } + ISO15_ERROR_HANDLING_RESPONSE + uint8_t *d = resp.data.asBytes; + ISO15_ERROR_HANDLING_CARD_RESPONSE(d, resp.length) + if (j==0) { + if (memcmp(d + 1, "K04S", 4) != 0) { + // No signature + free(packet); + return PM3_ESOFT; + } + } else { + memcpy(signature_hex + ((j - 1) * 4), d + 1, 4); + } + packet->flags = (ISO15_READ_RESPONSE | ISO15_NO_DISCONNECT); + } + free(packet); + DropField(); + uint8_t signature[16]; + size_t signature_len; + hexstr_to_byte_array(signature_hex, signature, &signature_len); + uint8_t uid_swap[HF15_UID_LENGTH]; + reverse_array_copy(uid, HF15_UID_LENGTH, uid_swap); + int index = originality_check_verify_ex(uid_swap, HF15_UID_LENGTH, signature, signature_len, PK_ST25TV, false, true); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, signature_len, index); +} + /** * Commandline handling: HF15 CMD SYSINFO * get system information from tag/VICC @@ -986,7 +1060,7 @@ static int CmdHF15Info(const char *Cmd) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); PrintAndLogEx(SUCCESS, "UID....... " _GREEN_("%s"), iso15693_sprintUID(NULL, uid)); - PrintAndLogEx(SUCCESS, "TYPE...... " _YELLOW_("%s"), getTagInfo_15(d + 2)); + printTagInfo_15(d + 2); PrintAndLogEx(SUCCESS, "SYSINFO... %s", sprint_hex(d, resp.length - 2)); // DSFID @@ -1024,19 +1098,29 @@ static int CmdHF15Info(const char *Cmd) { uint8_t nxp_version = d[6] & 0x18; PrintAndLogEx(DEBUG, "NXP Version: %02x", nxp_version); - if (d[8] == 0x04 && d[7] == 0x01 && nxp_version == 0x08) { - PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info"); - return NxpSysInfo(uid); - - } else if (d[8] == 0x04 && d[7] == 0x01 && nxp_version == 0x18) { // If it is an NTAG 5 - PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info"); - return NxpSysInfo(uid); - - } else if (d[8] == 0x04 && (d[7] == 0x01 || d[7] == 0x02 || d[7] == 0x03)) { // If SLI, SLIX, SLIX-l, or SLIX-S check EAS status - PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status"); - return NxpTestEAS(uid); + if (d[8] == 0x04) { + // NXP + if (d[7] == 0x01 && nxp_version == 0x08) { + PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info"); + return NxpSysInfo(uid); + } else if (d[7] == 0x01 && nxp_version == 0x18) { // If it is an NTAG 5 + PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info"); + return NxpSysInfo(uid); + } else if ((d[7] == 0x01 || d[7] == 0x02 || d[7] == 0x03)) { // If SLI, SLIX, SLIX-l, or SLIX-S check EAS status + PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status"); + return NxpTestEAS(uid); + } + } else if (d[8] == 0x02) { + // ST, check d[7]: + // ST25TV512C/ST25TV02KC 0x08 + // ST25TV512/ST25TV02K 0x23 + // ST25TV04K-P 0x35 + // ST25TV16K/ST25TV64K 0x48 + if (d[7] == 0x08) { + PrintAndLogEx(DEBUG, "ST25TVxC Detected, getting ST Signature"); + return StCheckSig(uid); + } } - PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -1320,7 +1404,7 @@ static void print_tag_15693(iso15_tag_t *tag, bool dense_output, bool verbose) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " --%.*s", (tag->bytesPerPage * 3), dashes); PrintAndLogEx(SUCCESS, "UID....... " _GREEN_("%s"), iso15693_sprintUID(NULL, tag->uid)); - PrintAndLogEx(SUCCESS, "TYPE...... " _YELLOW_("%s"), getTagInfo_15(tag->uid)); + printTagInfo_15(tag->uid); PrintAndLogEx(SUCCESS, "DSFID..... 0x%02X", tag->dsfid); PrintAndLogEx(SUCCESS, "AFI....... 0x%02X", tag->afi); PrintAndLogEx(SUCCESS, "IC ref.... 0x%02X", tag->ic); @@ -1849,7 +1933,7 @@ static int CmdHF15Dump(const char *Cmd) { tag->pagesCount = d[dCpt++] + 1; tag->bytesPerPage = d[dCpt++] + 1; } else { - // Set tag memory layout values (if can't be readed in SYSINFO) + // Set tag memory layout values (if can't be read in SYSINFO) tag->bytesPerPage = blocksize; tag->pagesCount = 128; } @@ -1858,7 +1942,7 @@ static int CmdHF15Dump(const char *Cmd) { tag->ic = d[dCpt++]; } - // add lenght for blockno (1) + // add length for blockno (1) packet->rawlen++; packet->raw[0] |= ISO15_REQ_OPTION; // Add option to dump lock status packet->raw[1] = ISO15693_READBLOCK; diff --git a/client/src/crypto/originality.c b/client/src/crypto/originality.c index 2dbda1471..0f2f43e35 100644 --- a/client/src/crypto/originality.c +++ b/client/src/crypto/originality.c @@ -75,10 +75,10 @@ const ecdsa_publickey_ng_t manufacturer_public_keys[] = { // ref: AN5660 TruST25 digital signature for ST25TN512 and ST25TN01K devices {PK_ST25TN, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TN TruST25 (ST) KeyID 05", "0440004F974F7C76BC8718E523D85FA7B354A9A992BFA966CB8219242F9D274FD6"}, -// FIXME: need to implement support for ST25TV signature check. hash=sha256 - from block 63, starting with KeyID ? // ref: AN5104 TruST25 digital signature for ST25TV512 and ST25TV02K devices ? + // ref: AN5149 TruST25 digital signature for ST25DV02K-W1, ST25DV02K-W2 devices ? // ref: AN5580 TruST25 digital signature for ST25TV512C and ST25TV02KC devices - {PK_ST25TV, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) key 04?", + {PK_ST25TV, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) KeyID 04", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, {PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP ICODE DNA, ICODE SLIX2", From 5bd33df7085477615cc917f125dd9197d9a247c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=B8=E5=AD=90?= Date: Tue, 17 Dec 2024 10:57:35 +0800 Subject: [PATCH 073/150] Update macOS-Homebrew-Installation-Instructions.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apple Silicons are already supported Signed-off-by: 丸子 --- .../macOS-Homebrew-Installation-Instructions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md b/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md index 6c1ac3eca..68fe1e899 100644 --- a/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md +++ b/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md @@ -41,7 +41,7 @@ Alternatively, and only if the issue still persists after following the steps ab ## Apple Silicon (M1) Notes ^[Top](#top) -Ensure Rosetta 2 is installed as it's currently needed to run `arm-none-eabi-gcc` as it's delivered as a precombiled x86_64 binary. +Ensure Rosetta 2 is installed as it's currently needed to run `arm-none-eabi-gcc` as it's delivered as a precombiled x86_64 binary. **Note: Starting from v4.19552, it is no longer necessary to install Rosetta 2, Apple Silicons are already supported** If you see an error like: From cab81f4c916a7bdc17d3317286fdfef8700722e0 Mon Sep 17 00:00:00 2001 From: Jonathan Lassoff Date: Wed, 18 Dec 2024 11:26:53 +0000 Subject: [PATCH 074/150] Fix `hf 15 view` command examples --- client/src/cmdhf15.c | 2 +- doc/commands.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index b93cf0191..b9014fe35 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -3337,7 +3337,7 @@ static int CmdHF15View(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf 15 view", "Print a ISO-15693 tag dump file (bin/eml/json)", - "hf 15 view -f hf-iclass-AA162D30F8FF12F1-dump.bin\n" + "hf 15 view -f hf-15-1122334455667788-dump.bin\n" ); void *argtable[] = { arg_param_begin, diff --git a/doc/commands.json b/doc/commands.json index d5f9ca438..aca2de7f7 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -2081,7 +2081,7 @@ "command": "hf 15 view", "description": "Print a ISO-15693 tag dump file (bin/eml/json)", "notes": [ - "hf 15 view -f hf-iclass-AA162D30F8FF12F1-dump.bin" + "hf 15 view -f hf-15-1122334455667788-dump.bin" ], "offline": true, "options": [ From f09705868ad21a98006f92f4572075d884ab3c35 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 18 Dec 2024 13:29:50 +0100 Subject: [PATCH 075/150] all Docker envs: add support for connection to host device --- CHANGELOG.md | 1 + docker/archlinux/Dockerfile | 4 ++++ docker/archlinux/docker_build.sh | 5 ++++- docker/archlinux/docker_conf | 2 ++ docker/archlinux/docker_rm.sh | 5 +++-- docker/archlinux/docker_run.sh | 9 ++++++++- docker/debian-11-bullseye/Dockerfile | 4 ++++ docker/debian-11-bullseye/docker_build.sh | 5 ++++- docker/debian-11-bullseye/docker_conf | 2 ++ docker/debian-11-bullseye/docker_rm.sh | 5 +++-- docker/debian-11-bullseye/docker_run.sh | 9 ++++++++- docker/debian-12-bookworm/Dockerfile | 4 ++++ docker/debian-12-bookworm/docker_build.sh | 5 ++++- docker/debian-12-bookworm/docker_conf | 2 ++ docker/debian-12-bookworm/docker_rm.sh | 5 +++-- docker/debian-12-bookworm/docker_run.sh | 9 ++++++++- docker/debian-13-trixie/Dockerfile | 4 ++++ docker/debian-13-trixie/docker_build.sh | 5 ++++- docker/debian-13-trixie/docker_conf | 2 ++ docker/debian-13-trixie/docker_rm.sh | 5 +++-- docker/debian-13-trixie/docker_run.sh | 9 ++++++++- docker/fedora-36/Dockerfile | 4 ++++ docker/fedora-36/docker_build.sh | 5 ++++- docker/fedora-36/docker_conf | 2 ++ docker/fedora-36/docker_rm.sh | 5 +++-- docker/fedora-36/docker_run.sh | 9 ++++++++- docker/fedora-37/Dockerfile | 4 ++++ docker/fedora-37/docker_build.sh | 5 ++++- docker/fedora-37/docker_conf | 2 ++ docker/fedora-37/docker_rm.sh | 5 +++-- docker/fedora-37/docker_run.sh | 9 ++++++++- docker/homebrew/Dockerfile | 5 +++++ docker/homebrew/README.md | 7 ++++--- docker/homebrew/docker_build.sh | 5 ++++- docker/homebrew/docker_conf | 2 ++ docker/homebrew/docker_rm.sh | 5 +++-- docker/homebrew/docker_run.sh | 9 ++++++++- docker/kali/Dockerfile | 10 ++++++---- docker/kali/docker_build.sh | 5 ++++- docker/kali/docker_conf | 2 ++ docker/kali/docker_rm.sh | 5 +++-- docker/kali/docker_run.sh | 9 ++++++++- docker/kali/run_tests.sh | 5 +++++ docker/opensuse-leap/Dockerfile | 4 ++++ docker/opensuse-leap/docker_build.sh | 5 ++++- docker/opensuse-leap/docker_conf | 2 ++ docker/opensuse-leap/docker_rm.sh | 5 +++-- docker/opensuse-leap/docker_run.sh | 9 ++++++++- docker/opensuse-tumbleweed/Dockerfile | 4 ++++ docker/opensuse-tumbleweed/docker_build.sh | 5 ++++- docker/opensuse-tumbleweed/docker_conf | 2 ++ docker/opensuse-tumbleweed/docker_rm.sh | 5 +++-- docker/opensuse-tumbleweed/docker_run.sh | 9 ++++++++- docker/parrot-core-latest/Dockerfile | 4 ++++ docker/parrot-core-latest/docker_build.sh | 5 ++++- docker/parrot-core-latest/docker_conf | 2 ++ docker/parrot-core-latest/docker_rm.sh | 5 +++-- docker/parrot-core-latest/docker_run.sh | 9 ++++++++- docker/ubuntu-18.04/Dockerfile | 4 ++++ docker/ubuntu-18.04/docker_build.sh | 5 ++++- docker/ubuntu-18.04/docker_conf | 2 ++ docker/ubuntu-18.04/docker_rm.sh | 5 +++-- docker/ubuntu-18.04/docker_run.sh | 9 ++++++++- docker/ubuntu-20.04/Dockerfile | 4 ++++ docker/ubuntu-20.04/docker_build.sh | 5 ++++- docker/ubuntu-20.04/docker_conf | 2 ++ docker/ubuntu-20.04/docker_rm.sh | 5 +++-- docker/ubuntu-20.04/docker_run.sh | 9 ++++++++- docker/ubuntu-22.04/Dockerfile | 4 ++++ docker/ubuntu-22.04/docker_build.sh | 5 ++++- docker/ubuntu-22.04/docker_conf | 2 ++ docker/ubuntu-22.04/docker_rm.sh | 5 +++-- docker/ubuntu-22.04/docker_run.sh | 9 ++++++++- 73 files changed, 307 insertions(+), 63 deletions(-) create mode 100644 docker/archlinux/docker_conf create mode 100644 docker/debian-11-bullseye/docker_conf create mode 100644 docker/debian-12-bookworm/docker_conf create mode 100644 docker/debian-13-trixie/docker_conf create mode 100644 docker/fedora-36/docker_conf create mode 100644 docker/fedora-37/docker_conf create mode 100644 docker/homebrew/docker_conf create mode 100644 docker/kali/docker_conf create mode 100644 docker/opensuse-leap/docker_conf create mode 100644 docker/opensuse-tumbleweed/docker_conf create mode 100644 docker/parrot-core-latest/docker_conf create mode 100644 docker/ubuntu-18.04/docker_conf create mode 100644 docker/ubuntu-20.04/docker_conf create mode 100644 docker/ubuntu-22.04/docker_conf diff --git a/CHANGELOG.md b/CHANGELOG.md index 82cd3f004..97acdd258 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added support for connection to host device in all Docker envs (@doegox) - Changed `hf 15 info` to show all type matches and check ST25TVxC signature (@doegox) - Added initial support for ST25TN and its signature verification (@doegox) - Changed originality checks handling to refactor code and pk data (@doegox) diff --git a/docker/archlinux/Dockerfile b/docker/archlinux/Dockerfile index d020b7052..029f7d088 100644 --- a/docker/archlinux/Dockerfile +++ b/docker/archlinux/Dockerfile @@ -15,6 +15,10 @@ RUN pacman -S --noconfirm ocl-icd # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/archlinux/docker_build.sh b/docker/archlinux/docker_build.sh index be92402d6..d662c5874 100755 --- a/docker/archlinux/docker_build.sh +++ b/docker/archlinux/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-arch:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/archlinux/docker_conf b/docker/archlinux/docker_conf new file mode 100644 index 000000000..b17f6e93d --- /dev/null +++ b/docker/archlinux/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-arch:1.0 diff --git a/docker/archlinux/docker_rm.sh b/docker/archlinux/docker_rm.sh index 0c2d24f4e..3705c37bb 100644 --- a/docker/archlinux/docker_rm.sh +++ b/docker/archlinux/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-arch:1.0) -docker image rm pm3-arch:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/archlinux/docker_run.sh b/docker/archlinux/docker_run.sh index f379c5307..fe28c846d 100755 --- a/docker/archlinux/docker_run.sh +++ b/docker/archlinux/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-arch:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/debian-11-bullseye/Dockerfile b/docker/debian-11-bullseye/Dockerfile index 41c8b448e..dd114fa23 100644 --- a/docker/debian-11-bullseye/Dockerfile +++ b/docker/debian-11-bullseye/Dockerfile @@ -20,6 +20,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-11-bullseye/docker_build.sh b/docker/debian-11-bullseye/docker_build.sh index 3b44dd72c..d662c5874 100755 --- a/docker/debian-11-bullseye/docker_build.sh +++ b/docker/debian-11-bullseye/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-debian-bullseye:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/debian-11-bullseye/docker_conf b/docker/debian-11-bullseye/docker_conf new file mode 100644 index 000000000..fa951cd04 --- /dev/null +++ b/docker/debian-11-bullseye/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-debian-bullseye:1.0 diff --git a/docker/debian-11-bullseye/docker_rm.sh b/docker/debian-11-bullseye/docker_rm.sh index b8ce5b834..3705c37bb 100644 --- a/docker/debian-11-bullseye/docker_rm.sh +++ b/docker/debian-11-bullseye/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-debian-bullseye:1.0) -docker image rm pm3-debian-bullseye:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-11-bullseye/docker_run.sh b/docker/debian-11-bullseye/docker_run.sh index 1216f54cd..fe28c846d 100755 --- a/docker/debian-11-bullseye/docker_run.sh +++ b/docker/debian-11-bullseye/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-debian-bullseye:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm/Dockerfile b/docker/debian-12-bookworm/Dockerfile index f2878701e..076730ea6 100644 --- a/docker/debian-12-bookworm/Dockerfile +++ b/docker/debian-12-bookworm/Dockerfile @@ -18,6 +18,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-12-bookworm/docker_build.sh b/docker/debian-12-bookworm/docker_build.sh index 0059348cf..d662c5874 100755 --- a/docker/debian-12-bookworm/docker_build.sh +++ b/docker/debian-12-bookworm/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-debian-bookworm:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/debian-12-bookworm/docker_conf b/docker/debian-12-bookworm/docker_conf new file mode 100644 index 000000000..965092c9b --- /dev/null +++ b/docker/debian-12-bookworm/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-debian-bookworm:1.0 diff --git a/docker/debian-12-bookworm/docker_rm.sh b/docker/debian-12-bookworm/docker_rm.sh index 5818564e0..3705c37bb 100644 --- a/docker/debian-12-bookworm/docker_rm.sh +++ b/docker/debian-12-bookworm/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-debian-bookworm:1.0) -docker image rm pm3-debian-bookworm:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm/docker_run.sh b/docker/debian-12-bookworm/docker_run.sh index ae264581a..fe28c846d 100755 --- a/docker/debian-12-bookworm/docker_run.sh +++ b/docker/debian-12-bookworm/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-debian-bookworm:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/debian-13-trixie/Dockerfile b/docker/debian-13-trixie/Dockerfile index 120c0c706..9cabb209f 100644 --- a/docker/debian-13-trixie/Dockerfile +++ b/docker/debian-13-trixie/Dockerfile @@ -18,6 +18,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-13-trixie/docker_build.sh b/docker/debian-13-trixie/docker_build.sh index 22a5bdbc3..d662c5874 100755 --- a/docker/debian-13-trixie/docker_build.sh +++ b/docker/debian-13-trixie/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-debian-trixie:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/debian-13-trixie/docker_conf b/docker/debian-13-trixie/docker_conf new file mode 100644 index 000000000..5360f9255 --- /dev/null +++ b/docker/debian-13-trixie/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-debian-trixie:1.0 diff --git a/docker/debian-13-trixie/docker_rm.sh b/docker/debian-13-trixie/docker_rm.sh index 0afb68014..3705c37bb 100644 --- a/docker/debian-13-trixie/docker_rm.sh +++ b/docker/debian-13-trixie/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-debian-trixie:1.0) -docker image rm pm3-debian-trixie:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-13-trixie/docker_run.sh b/docker/debian-13-trixie/docker_run.sh index bc81286fc..fe28c846d 100755 --- a/docker/debian-13-trixie/docker_run.sh +++ b/docker/debian-13-trixie/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-debian-trixie:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/fedora-36/Dockerfile b/docker/fedora-36/Dockerfile index 610738207..a67964f80 100644 --- a/docker/fedora-36/Dockerfile +++ b/docker/fedora-36/Dockerfile @@ -13,6 +13,10 @@ RUN yum -y install mesa-libOpenCL ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/fedora-36/docker_build.sh b/docker/fedora-36/docker_build.sh index 1a2e2d392..d662c5874 100755 --- a/docker/fedora-36/docker_build.sh +++ b/docker/fedora-36/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-fedora-36:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/fedora-36/docker_conf b/docker/fedora-36/docker_conf new file mode 100644 index 000000000..3d4b629b7 --- /dev/null +++ b/docker/fedora-36/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-fedora-36:1.0 diff --git a/docker/fedora-36/docker_rm.sh b/docker/fedora-36/docker_rm.sh index a14c31e80..3705c37bb 100644 --- a/docker/fedora-36/docker_rm.sh +++ b/docker/fedora-36/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-fedora-36:1.0) -docker image rm pm3-fedora-36:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/fedora-36/docker_run.sh b/docker/fedora-36/docker_run.sh index 0e6e69925..fe28c846d 100755 --- a/docker/fedora-36/docker_run.sh +++ b/docker/fedora-36/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-fedora-36:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/fedora-37/Dockerfile b/docker/fedora-37/Dockerfile index 06462c721..3742290fc 100644 --- a/docker/fedora-37/Dockerfile +++ b/docker/fedora-37/Dockerfile @@ -13,6 +13,10 @@ RUN yum -y install mesa-libOpenCL ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/fedora-37/docker_build.sh b/docker/fedora-37/docker_build.sh index 5e3049b68..d662c5874 100755 --- a/docker/fedora-37/docker_build.sh +++ b/docker/fedora-37/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-fedora-37:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/fedora-37/docker_conf b/docker/fedora-37/docker_conf new file mode 100644 index 000000000..66bb5e1c0 --- /dev/null +++ b/docker/fedora-37/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-fedora-37:1.0 diff --git a/docker/fedora-37/docker_rm.sh b/docker/fedora-37/docker_rm.sh index 6f0bd7e56..3705c37bb 100644 --- a/docker/fedora-37/docker_rm.sh +++ b/docker/fedora-37/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-fedora-37:1.0) -docker image rm pm3-fedora-37:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/fedora-37/docker_run.sh b/docker/fedora-37/docker_run.sh index eb51525b7..fe28c846d 100755 --- a/docker/fedora-37/docker_run.sh +++ b/docker/fedora-37/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-fedora-37:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/homebrew/Dockerfile b/docker/homebrew/Dockerfile index 0a432fc18..e44687075 100644 --- a/docker/homebrew/Dockerfile +++ b/docker/homebrew/Dockerfile @@ -2,6 +2,11 @@ FROM homebrew/brew ENV LANG=C +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN sudo groupadd -g ${UART_GID} mydialout || true +RUN sudo usermod -aG ${UART_GID} linuxbrew + USER linuxbrew WORKDIR "/home/linuxbrew" RUN brew install cmake pkg-config bzip2 lz4 && rm -rf ~/.cache/Homebrew diff --git a/docker/homebrew/README.md b/docker/homebrew/README.md index 549896b33..3ebc5a9ed 100644 --- a/docker/homebrew/README.md +++ b/docker/homebrew/README.md @@ -8,9 +8,10 @@ So only host bins can be built (except tools/hitag2crack/crack5opencl which need ```sh make -j client USE_BREW=1 SKIPREADLINE=1 -make -j mfkey -make -j nonce2key -make -j mf_nonce_brute +make -j cryptorf +make -j mfc_card_only +make -j mfc_card_reader +make -j mfd_aes_brute make -j hitag2crack SKIPOPENCL=1 make -j fpga_compress ``` diff --git a/docker/homebrew/docker_build.sh b/docker/homebrew/docker_build.sh index 466106d36..d662c5874 100755 --- a/docker/homebrew/docker_build.sh +++ b/docker/homebrew/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-brew:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/homebrew/docker_conf b/docker/homebrew/docker_conf new file mode 100644 index 000000000..2488be8d6 --- /dev/null +++ b/docker/homebrew/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-brew:1.0 diff --git a/docker/homebrew/docker_rm.sh b/docker/homebrew/docker_rm.sh index aa782d4a3..3705c37bb 100644 --- a/docker/homebrew/docker_rm.sh +++ b/docker/homebrew/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-brew:1.0) -docker image rm pm3-brew:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/homebrew/docker_run.sh b/docker/homebrew/docker_run.sh index efde1649b..0fec9fd33 100755 --- a/docker/homebrew/docker_run.sh +++ b/docker/homebrew/docker_run.sh @@ -1,4 +1,11 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/linuxbrew/proxmark3 -w /home/linuxbrew/proxmark3 -it pm3-brew:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" # if needed, run brew as user linuxbrew diff --git a/docker/kali/Dockerfile b/docker/kali/Dockerfile index 3f1946e29..1bd2c2fb6 100644 --- a/docker/kali/Dockerfile +++ b/docker/kali/Dockerfile @@ -9,10 +9,8 @@ RUN apt-get update && \ apt-get install -y --no-install-recommends git ca-certificates build-essential cmake pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev libbz2-dev liblz4-dev libbluetooth-dev libpython3-dev libssl-dev libgd-dev sudo && \ apt-get clean -RUN apt-get install -y python3-minimal && \ - apt-get install -y python3-pip && \ - apt-get clean && \ - python3 -m pip install ansicolors sslcrypto +RUN apt-get install -y --no-install-recommends python3-minimal python3-pip python3-venv && \ + apt-get clean RUN apt-get install -y opencl-dev && \ apt-get clean @@ -20,6 +18,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/kali/docker_build.sh b/docker/kali/docker_build.sh index 59a8a207b..d662c5874 100755 --- a/docker/kali/docker_build.sh +++ b/docker/kali/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-kali:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/kali/docker_conf b/docker/kali/docker_conf new file mode 100644 index 000000000..866db4d67 --- /dev/null +++ b/docker/kali/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-kali:1.0 diff --git a/docker/kali/docker_rm.sh b/docker/kali/docker_rm.sh index fee4f07cf..3705c37bb 100644 --- a/docker/kali/docker_rm.sh +++ b/docker/kali/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-kali:1.0) -docker image rm pm3-kali:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/kali/docker_run.sh b/docker/kali/docker_run.sh index 7124fe5b5..fe28c846d 100755 --- a/docker/kali/docker_run.sh +++ b/docker/kali/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-kali:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/kali/run_tests.sh b/docker/kali/run_tests.sh index dec20763b..3fc747191 100755 --- a/docker/kali/run_tests.sh +++ b/docker/kali/run_tests.sh @@ -5,4 +5,9 @@ # docker/kali/run_tests.sh; sudo apt update && sudo apt upgrade -y +python3 -m venv /tmp/venv +source /tmp/venv/bin/activate +python3 -m pip install --use-pep517 pyaes +python3 -m pip install ansicolors sslcrypto tools/release_tests.sh +deactivate diff --git a/docker/opensuse-leap/Dockerfile b/docker/opensuse-leap/Dockerfile index 99d608b76..fb452be09 100644 --- a/docker/opensuse-leap/Dockerfile +++ b/docker/opensuse-leap/Dockerfile @@ -16,6 +16,10 @@ RUN zypper --non-interactive install ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) NOPASSWD: ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/opensuse-leap/docker_build.sh b/docker/opensuse-leap/docker_build.sh index d7e8a8873..d662c5874 100755 --- a/docker/opensuse-leap/docker_build.sh +++ b/docker/opensuse-leap/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-suse-leap:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/opensuse-leap/docker_conf b/docker/opensuse-leap/docker_conf new file mode 100644 index 000000000..6c7e804e5 --- /dev/null +++ b/docker/opensuse-leap/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-suse-leap:1.0 diff --git a/docker/opensuse-leap/docker_rm.sh b/docker/opensuse-leap/docker_rm.sh index 12302b6f7..3705c37bb 100644 --- a/docker/opensuse-leap/docker_rm.sh +++ b/docker/opensuse-leap/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-suse-leap:1.0) -docker image rm pm3-suse-leap:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/opensuse-leap/docker_run.sh b/docker/opensuse-leap/docker_run.sh index f3c830626..fe28c846d 100755 --- a/docker/opensuse-leap/docker_run.sh +++ b/docker/opensuse-leap/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-suse-leap:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/opensuse-tumbleweed/Dockerfile b/docker/opensuse-tumbleweed/Dockerfile index 81dcf331c..37ebb44fb 100644 --- a/docker/opensuse-tumbleweed/Dockerfile +++ b/docker/opensuse-tumbleweed/Dockerfile @@ -15,6 +15,10 @@ RUN zypper --non-interactive install ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) NOPASSWD: ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/opensuse-tumbleweed/docker_build.sh b/docker/opensuse-tumbleweed/docker_build.sh index b93549831..d662c5874 100755 --- a/docker/opensuse-tumbleweed/docker_build.sh +++ b/docker/opensuse-tumbleweed/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-suse-tumbleweed:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/opensuse-tumbleweed/docker_conf b/docker/opensuse-tumbleweed/docker_conf new file mode 100644 index 000000000..c40603d93 --- /dev/null +++ b/docker/opensuse-tumbleweed/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-suse-tumbleweed:1.0 diff --git a/docker/opensuse-tumbleweed/docker_rm.sh b/docker/opensuse-tumbleweed/docker_rm.sh index c4b1b1d53..3705c37bb 100644 --- a/docker/opensuse-tumbleweed/docker_rm.sh +++ b/docker/opensuse-tumbleweed/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-suse-tumbleweed:1.0) -docker image rm pm3-suse-tumbleweed:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/opensuse-tumbleweed/docker_run.sh b/docker/opensuse-tumbleweed/docker_run.sh index 79ef74d5c..fe28c846d 100755 --- a/docker/opensuse-tumbleweed/docker_run.sh +++ b/docker/opensuse-tumbleweed/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-suse-tumbleweed:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/parrot-core-latest/Dockerfile b/docker/parrot-core-latest/Dockerfile index df3952d9d..8db8d8fee 100644 --- a/docker/parrot-core-latest/Dockerfile +++ b/docker/parrot-core-latest/Dockerfile @@ -18,6 +18,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/parrot-core-latest/docker_build.sh b/docker/parrot-core-latest/docker_build.sh index 3e052143d..d662c5874 100755 --- a/docker/parrot-core-latest/docker_build.sh +++ b/docker/parrot-core-latest/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-parrotsec-core-latest:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/parrot-core-latest/docker_conf b/docker/parrot-core-latest/docker_conf new file mode 100644 index 000000000..3fc87ccab --- /dev/null +++ b/docker/parrot-core-latest/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-parrotsec-core-latest:1.0 diff --git a/docker/parrot-core-latest/docker_rm.sh b/docker/parrot-core-latest/docker_rm.sh index 9bf1605e5..3705c37bb 100644 --- a/docker/parrot-core-latest/docker_rm.sh +++ b/docker/parrot-core-latest/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-parrotsec-core-latest:1.0) -docker image rm pm3-parrotsec-core-latest:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/parrot-core-latest/docker_run.sh b/docker/parrot-core-latest/docker_run.sh index 509df4461..fe28c846d 100755 --- a/docker/parrot-core-latest/docker_run.sh +++ b/docker/parrot-core-latest/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-parrotsec-core-latest:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/ubuntu-18.04/Dockerfile b/docker/ubuntu-18.04/Dockerfile index ecf8c60a3..166c9beca 100644 --- a/docker/ubuntu-18.04/Dockerfile +++ b/docker/ubuntu-18.04/Dockerfile @@ -21,6 +21,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-18.04/docker_build.sh b/docker/ubuntu-18.04/docker_build.sh index 252b8792f..d662c5874 100755 --- a/docker/ubuntu-18.04/docker_build.sh +++ b/docker/ubuntu-18.04/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-ubuntu-18.04:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-18.04/docker_conf b/docker/ubuntu-18.04/docker_conf new file mode 100644 index 000000000..1a9a20ae8 --- /dev/null +++ b/docker/ubuntu-18.04/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-ubuntu-18.04:1.0 diff --git a/docker/ubuntu-18.04/docker_rm.sh b/docker/ubuntu-18.04/docker_rm.sh index 20dcb80b2..3705c37bb 100644 --- a/docker/ubuntu-18.04/docker_rm.sh +++ b/docker/ubuntu-18.04/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-ubuntu-18.04:1.0) -docker image rm pm3-ubuntu-18.04:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/ubuntu-18.04/docker_run.sh b/docker/ubuntu-18.04/docker_run.sh index 01d133712..fe28c846d 100755 --- a/docker/ubuntu-18.04/docker_run.sh +++ b/docker/ubuntu-18.04/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-ubuntu-18.04:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/ubuntu-20.04/Dockerfile b/docker/ubuntu-20.04/Dockerfile index 4b9bed06f..a33caf3f8 100644 --- a/docker/ubuntu-20.04/Dockerfile +++ b/docker/ubuntu-20.04/Dockerfile @@ -20,6 +20,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-20.04/docker_build.sh b/docker/ubuntu-20.04/docker_build.sh index 58dfa2906..d662c5874 100755 --- a/docker/ubuntu-20.04/docker_build.sh +++ b/docker/ubuntu-20.04/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-ubuntu-20.04:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-20.04/docker_conf b/docker/ubuntu-20.04/docker_conf new file mode 100644 index 000000000..65ae052b1 --- /dev/null +++ b/docker/ubuntu-20.04/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-ubuntu-20.04:1.0 diff --git a/docker/ubuntu-20.04/docker_rm.sh b/docker/ubuntu-20.04/docker_rm.sh index d71954339..3705c37bb 100644 --- a/docker/ubuntu-20.04/docker_rm.sh +++ b/docker/ubuntu-20.04/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-ubuntu-20.04:1.0) -docker image rm pm3-ubuntu-20.04:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/ubuntu-20.04/docker_run.sh b/docker/ubuntu-20.04/docker_run.sh index dd05c9f79..fe28c846d 100755 --- a/docker/ubuntu-20.04/docker_run.sh +++ b/docker/ubuntu-20.04/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-ubuntu-20.04:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/ubuntu-22.04/Dockerfile b/docker/ubuntu-22.04/Dockerfile index 44dd0919e..55ec91514 100644 --- a/docker/ubuntu-22.04/Dockerfile +++ b/docker/ubuntu-22.04/Dockerfile @@ -20,6 +20,10 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN groupadd -g ${UART_GID} mydialout || true +RUN usermod -aG ${UART_GID} rrg RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-22.04/docker_build.sh b/docker/ubuntu-22.04/docker_build.sh index 1cfd6c10a..d662c5874 100755 --- a/docker/ubuntu-22.04/docker_build.sh +++ b/docker/ubuntu-22.04/docker_build.sh @@ -1,3 +1,6 @@ #!/bin/bash -docker build -t "pm3-ubuntu-22.04:1.0" . +. docker_conf +UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" +UART_GID="$(stat -c '%g' $UART_PORT)" +docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-22.04/docker_conf b/docker/ubuntu-22.04/docker_conf new file mode 100644 index 000000000..b5d8532d8 --- /dev/null +++ b/docker/ubuntu-22.04/docker_conf @@ -0,0 +1,2 @@ +# sourceme +DOCKER_IMAGE=pm3-ubuntu-22.04:1.0 diff --git a/docker/ubuntu-22.04/docker_rm.sh b/docker/ubuntu-22.04/docker_rm.sh index d1b82948b..3705c37bb 100644 --- a/docker/ubuntu-22.04/docker_rm.sh +++ b/docker/ubuntu-22.04/docker_rm.sh @@ -1,4 +1,5 @@ #!/bin/bash -docker rm $(docker ps -aq --filter ancestor=pm3-ubuntu-22.04:1.0) -docker image rm pm3-ubuntu-22.04:1.0 +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/ubuntu-22.04/docker_run.sh b/docker/ubuntu-22.04/docker_run.sh index 04f8d99a0..fe28c846d 100755 --- a/docker/ubuntu-22.04/docker_run.sh +++ b/docker/ubuntu-22.04/docker_run.sh @@ -1,3 +1,10 @@ #!/bin/bash -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-ubuntu-22.04:1.0 +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" From a1a9b50d241f5e768c64ff9eafdb71689206fdc7 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 18 Dec 2024 15:29:26 +0100 Subject: [PATCH 076/150] Docker: fix test for pm3 when building images --- docker/archlinux/Dockerfile | 6 ++++-- docker/archlinux/docker_build.sh | 12 +++++++++--- docker/debian-11-bullseye/Dockerfile | 6 ++++-- docker/debian-11-bullseye/docker_build.sh | 12 +++++++++--- docker/debian-12-bookworm/Dockerfile | 6 ++++-- docker/debian-12-bookworm/docker_build.sh | 12 +++++++++--- docker/debian-13-trixie/Dockerfile | 6 ++++-- docker/debian-13-trixie/docker_build.sh | 12 +++++++++--- docker/fedora-36/Dockerfile | 6 ++++-- docker/fedora-36/docker_build.sh | 12 +++++++++--- docker/fedora-37/Dockerfile | 6 ++++-- docker/fedora-37/docker_build.sh | 12 +++++++++--- docker/homebrew/Dockerfile | 6 ++++-- docker/homebrew/docker_build.sh | 12 +++++++++--- docker/kali/Dockerfile | 6 ++++-- docker/kali/docker_build.sh | 12 +++++++++--- docker/opensuse-leap/Dockerfile | 6 ++++-- docker/opensuse-leap/docker_build.sh | 12 +++++++++--- docker/opensuse-tumbleweed/Dockerfile | 6 ++++-- docker/opensuse-tumbleweed/docker_build.sh | 12 +++++++++--- docker/parrot-core-latest/Dockerfile | 6 ++++-- docker/parrot-core-latest/docker_build.sh | 12 +++++++++--- docker/ubuntu-18.04/Dockerfile | 6 ++++-- docker/ubuntu-18.04/docker_build.sh | 12 +++++++++--- docker/ubuntu-20.04/Dockerfile | 6 ++++-- docker/ubuntu-20.04/docker_build.sh | 12 +++++++++--- docker/ubuntu-22.04/Dockerfile | 6 ++++-- docker/ubuntu-22.04/docker_build.sh | 12 +++++++++--- 28 files changed, 182 insertions(+), 70 deletions(-) diff --git a/docker/archlinux/Dockerfile b/docker/archlinux/Dockerfile index 029f7d088..900b9d04c 100644 --- a/docker/archlinux/Dockerfile +++ b/docker/archlinux/Dockerfile @@ -17,8 +17,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/archlinux/docker_build.sh b/docker/archlinux/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/archlinux/docker_build.sh +++ b/docker/archlinux/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-11-bullseye/Dockerfile b/docker/debian-11-bullseye/Dockerfile index dd114fa23..c32710dda 100644 --- a/docker/debian-11-bullseye/Dockerfile +++ b/docker/debian-11-bullseye/Dockerfile @@ -22,8 +22,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-11-bullseye/docker_build.sh b/docker/debian-11-bullseye/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/debian-11-bullseye/docker_build.sh +++ b/docker/debian-11-bullseye/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-12-bookworm/Dockerfile b/docker/debian-12-bookworm/Dockerfile index 076730ea6..6c883746d 100644 --- a/docker/debian-12-bookworm/Dockerfile +++ b/docker/debian-12-bookworm/Dockerfile @@ -20,8 +20,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-12-bookworm/docker_build.sh b/docker/debian-12-bookworm/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/debian-12-bookworm/docker_build.sh +++ b/docker/debian-12-bookworm/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-13-trixie/Dockerfile b/docker/debian-13-trixie/Dockerfile index 9cabb209f..607c5bba5 100644 --- a/docker/debian-13-trixie/Dockerfile +++ b/docker/debian-13-trixie/Dockerfile @@ -20,8 +20,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-13-trixie/docker_build.sh b/docker/debian-13-trixie/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/debian-13-trixie/docker_build.sh +++ b/docker/debian-13-trixie/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/fedora-36/Dockerfile b/docker/fedora-36/Dockerfile index a67964f80..1041b799a 100644 --- a/docker/fedora-36/Dockerfile +++ b/docker/fedora-36/Dockerfile @@ -15,8 +15,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/fedora-36/docker_build.sh b/docker/fedora-36/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/fedora-36/docker_build.sh +++ b/docker/fedora-36/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/fedora-37/Dockerfile b/docker/fedora-37/Dockerfile index 3742290fc..bb3118fd2 100644 --- a/docker/fedora-37/Dockerfile +++ b/docker/fedora-37/Dockerfile @@ -15,8 +15,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/fedora-37/docker_build.sh b/docker/fedora-37/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/fedora-37/docker_build.sh +++ b/docker/fedora-37/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/homebrew/Dockerfile b/docker/homebrew/Dockerfile index e44687075..d4893d154 100644 --- a/docker/homebrew/Dockerfile +++ b/docker/homebrew/Dockerfile @@ -4,8 +4,10 @@ ENV LANG=C ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN sudo groupadd -g ${UART_GID} mydialout || true -RUN sudo usermod -aG ${UART_GID} linuxbrew +RUN if [ -n "${UART_GID}" ]; then \ + sudo groupadd -g ${UART_GID} mydialout || true; \ + sudo usermod -aG ${UART_GID} linuxbrew; \ + fi USER linuxbrew WORKDIR "/home/linuxbrew" diff --git a/docker/homebrew/docker_build.sh b/docker/homebrew/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/homebrew/docker_build.sh +++ b/docker/homebrew/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/kali/Dockerfile b/docker/kali/Dockerfile index 1bd2c2fb6..90349c69d 100644 --- a/docker/kali/Dockerfile +++ b/docker/kali/Dockerfile @@ -20,8 +20,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/kali/docker_build.sh b/docker/kali/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/kali/docker_build.sh +++ b/docker/kali/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/opensuse-leap/Dockerfile b/docker/opensuse-leap/Dockerfile index fb452be09..f381bfd9e 100644 --- a/docker/opensuse-leap/Dockerfile +++ b/docker/opensuse-leap/Dockerfile @@ -18,8 +18,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) NOPASSWD: ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/opensuse-leap/docker_build.sh b/docker/opensuse-leap/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/opensuse-leap/docker_build.sh +++ b/docker/opensuse-leap/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/opensuse-tumbleweed/Dockerfile b/docker/opensuse-tumbleweed/Dockerfile index 37ebb44fb..a0faf50c2 100644 --- a/docker/opensuse-tumbleweed/Dockerfile +++ b/docker/opensuse-tumbleweed/Dockerfile @@ -17,8 +17,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) NOPASSWD: ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/opensuse-tumbleweed/docker_build.sh b/docker/opensuse-tumbleweed/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/opensuse-tumbleweed/docker_build.sh +++ b/docker/opensuse-tumbleweed/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/parrot-core-latest/Dockerfile b/docker/parrot-core-latest/Dockerfile index 8db8d8fee..044acdff4 100644 --- a/docker/parrot-core-latest/Dockerfile +++ b/docker/parrot-core-latest/Dockerfile @@ -20,8 +20,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/parrot-core-latest/docker_build.sh b/docker/parrot-core-latest/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/parrot-core-latest/docker_build.sh +++ b/docker/parrot-core-latest/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-18.04/Dockerfile b/docker/ubuntu-18.04/Dockerfile index 166c9beca..f287c344e 100644 --- a/docker/ubuntu-18.04/Dockerfile +++ b/docker/ubuntu-18.04/Dockerfile @@ -23,8 +23,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-18.04/docker_build.sh b/docker/ubuntu-18.04/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/ubuntu-18.04/docker_build.sh +++ b/docker/ubuntu-18.04/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-20.04/Dockerfile b/docker/ubuntu-20.04/Dockerfile index a33caf3f8..c02544234 100644 --- a/docker/ubuntu-20.04/Dockerfile +++ b/docker/ubuntu-20.04/Dockerfile @@ -22,8 +22,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-20.04/docker_build.sh b/docker/ubuntu-20.04/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/ubuntu-20.04/docker_build.sh +++ b/docker/ubuntu-20.04/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-22.04/Dockerfile b/docker/ubuntu-22.04/Dockerfile index 55ec91514..d182d893e 100644 --- a/docker/ubuntu-22.04/Dockerfile +++ b/docker/ubuntu-22.04/Dockerfile @@ -22,8 +22,10 @@ RUN useradd -ms /bin/bash rrg RUN passwd -d rrg ARG UART_GID # dialout group may already exist on another numeric ID than on host -RUN groupadd -g ${UART_GID} mydialout || true -RUN usermod -aG ${UART_GID} rrg +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-22.04/docker_build.sh b/docker/ubuntu-22.04/docker_build.sh index d662c5874..d0c94091e 100755 --- a/docker/ubuntu-22.04/docker_build.sh +++ b/docker/ubuntu-22.04/docker_build.sh @@ -1,6 +1,12 @@ #!/bin/bash . docker_conf -UART_PORT="$(../../pm3 --list|head -n1|cut -d' ' -f2)" -UART_GID="$(stat -c '%g' $UART_PORT)" -docker build --build-arg UART_GID="$UART_GID" -t "$DOCKER_IMAGE" . +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi +docker build $BUILDARG -t "$DOCKER_IMAGE" . From 8e99b792b2b6604ed00e6363c54b289a5f46ac7d Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 18 Dec 2024 21:53:12 +0100 Subject: [PATCH 077/150] Add cross-platform docker images for armv7 and arm64 --- docker/build-all.sh | 2 +- docker/debian-12-bookworm-arm64/Dockerfile | 25 +++++++++++++++++++ docker/debian-12-bookworm-arm64/README.md | 17 +++++++++++++ .../debian-12-bookworm-arm64/docker_build.sh | 19 ++++++++++++++ docker/debian-12-bookworm-arm64/docker_conf | 3 +++ docker/debian-12-bookworm-arm64/docker_rm.sh | 5 ++++ docker/debian-12-bookworm-arm64/docker_run.sh | 10 ++++++++ docker/debian-12-bookworm-armhf/Dockerfile | 25 +++++++++++++++++++ docker/debian-12-bookworm-armhf/README.md | 17 +++++++++++++ .../debian-12-bookworm-armhf/docker_build.sh | 19 ++++++++++++++ docker/debian-12-bookworm-armhf/docker_conf | 3 +++ docker/debian-12-bookworm-armhf/docker_rm.sh | 5 ++++ docker/debian-12-bookworm-armhf/docker_run.sh | 10 ++++++++ 13 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 docker/debian-12-bookworm-arm64/Dockerfile create mode 100644 docker/debian-12-bookworm-arm64/README.md create mode 100755 docker/debian-12-bookworm-arm64/docker_build.sh create mode 100644 docker/debian-12-bookworm-arm64/docker_conf create mode 100644 docker/debian-12-bookworm-arm64/docker_rm.sh create mode 100755 docker/debian-12-bookworm-arm64/docker_run.sh create mode 100644 docker/debian-12-bookworm-armhf/Dockerfile create mode 100644 docker/debian-12-bookworm-armhf/README.md create mode 100755 docker/debian-12-bookworm-armhf/docker_build.sh create mode 100644 docker/debian-12-bookworm-armhf/docker_conf create mode 100644 docker/debian-12-bookworm-armhf/docker_rm.sh create mode 100755 docker/debian-12-bookworm-armhf/docker_run.sh diff --git a/docker/build-all.sh b/docker/build-all.sh index ed56a0972..b3c7a9905 100755 --- a/docker/build-all.sh +++ b/docker/build-all.sh @@ -1,5 +1,5 @@ #!/bin/bash -for os in archlinux debian-12-bookworm fedora-36 fedora-37 homebrew kali opensuse-leap opensuse-tumbleweed parrot-core-latest ubuntu-20.04 ubuntu-22.04; do +for os in archlinux debian-12-bookworm debian-12-bookworm-arm64 debian-12-bookworm-armhf debian-13-trixie fedora-36 fedora-37 homebrew kali opensuse-leap opensuse-tumbleweed parrot-core-latest ubuntu-20.04 ubuntu-22.04; do ( cd $os && ./docker_build.sh ) done diff --git a/docker/debian-12-bookworm-arm64/Dockerfile b/docker/debian-12-bookworm-arm64/Dockerfile new file mode 100644 index 000000000..6f1ab5226 --- /dev/null +++ b/docker/debian-12-bookworm-arm64/Dockerfile @@ -0,0 +1,25 @@ +FROM arm64v8/debian:bookworm-slim + +ENV LANG=C +ENV DEBIAN_FRONTEND=noninteractive +# qtbase5-dev skipped +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends git ca-certificates build-essential cmake pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev libbz2-dev liblz4-dev libbluetooth-dev libpython3-dev libssl-dev libgd-dev sudo && \ + apt-get clean + +# Create rrg user +RUN useradd -ms /bin/bash rrg +RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi +RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +#USER rrg +WORKDIR "/home/rrg" + +CMD ["/bin/bash"] diff --git a/docker/debian-12-bookworm-arm64/README.md b/docker/debian-12-bookworm-arm64/README.md new file mode 100644 index 000000000..2ffa42d1a --- /dev/null +++ b/docker/debian-12-bookworm-arm64/README.md @@ -0,0 +1,17 @@ +# Notes to run tests + +``` +sudo apt update +sudo apt install -y python3-minimal +sudo apt install -y python3-pip +sudo apt install python3.11-venv +python3 -m venv /tmp/venv +source /tmp/venv/bin/activate +python3 -m pip install --use-pep517 pyaes +python3 -m pip install ansicolors sslcrypto +git config --global --add safe.directory /home/rrg/proxmark3 +cd proxmark3 +make clean +make -j +tools/pm3_tests.sh --long +``` diff --git a/docker/debian-12-bookworm-arm64/docker_build.sh b/docker/debian-12-bookworm-arm64/docker_build.sh new file mode 100755 index 000000000..de56acca7 --- /dev/null +++ b/docker/debian-12-bookworm-arm64/docker_build.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +. docker_conf +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi + +# cf https://github.com/multiarch/qemu-user-static +#sudo apt install qemu-user-static +#docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +#docker buildx create --use +#docker buildx inspect --bootstrap +#docker buildx build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" --load . +docker build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-12-bookworm-arm64/docker_conf b/docker/debian-12-bookworm-arm64/docker_conf new file mode 100644 index 000000000..67627ddaf --- /dev/null +++ b/docker/debian-12-bookworm-arm64/docker_conf @@ -0,0 +1,3 @@ +# sourceme +DOCKER_IMAGE=pm3-debian-bookworm-arm64:1.0 +DOCKER_PLATFORM="--platform linux/arm64" diff --git a/docker/debian-12-bookworm-arm64/docker_rm.sh b/docker/debian-12-bookworm-arm64/docker_rm.sh new file mode 100644 index 000000000..3705c37bb --- /dev/null +++ b/docker/debian-12-bookworm-arm64/docker_rm.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm-arm64/docker_run.sh b/docker/debian-12-bookworm-arm64/docker_run.sh new file mode 100755 index 000000000..a62889fa0 --- /dev/null +++ b/docker/debian-12-bookworm-arm64/docker_run.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV $DOCKER_PLATFORM --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm-armhf/Dockerfile b/docker/debian-12-bookworm-armhf/Dockerfile new file mode 100644 index 000000000..c17e66926 --- /dev/null +++ b/docker/debian-12-bookworm-armhf/Dockerfile @@ -0,0 +1,25 @@ +FROM arm32v7/debian:bookworm-slim + +ENV LANG=C +ENV DEBIAN_FRONTEND=noninteractive +# qtbase5-dev skipped +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends git ca-certificates build-essential cmake pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev libbz2-dev liblz4-dev libbluetooth-dev libpython3-dev libssl-dev libgd-dev sudo && \ + apt-get clean + +# Create rrg user +RUN useradd -ms /bin/bash rrg +RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi +RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +#USER rrg +WORKDIR "/home/rrg" + +CMD ["/bin/bash"] diff --git a/docker/debian-12-bookworm-armhf/README.md b/docker/debian-12-bookworm-armhf/README.md new file mode 100644 index 000000000..2ffa42d1a --- /dev/null +++ b/docker/debian-12-bookworm-armhf/README.md @@ -0,0 +1,17 @@ +# Notes to run tests + +``` +sudo apt update +sudo apt install -y python3-minimal +sudo apt install -y python3-pip +sudo apt install python3.11-venv +python3 -m venv /tmp/venv +source /tmp/venv/bin/activate +python3 -m pip install --use-pep517 pyaes +python3 -m pip install ansicolors sslcrypto +git config --global --add safe.directory /home/rrg/proxmark3 +cd proxmark3 +make clean +make -j +tools/pm3_tests.sh --long +``` diff --git a/docker/debian-12-bookworm-armhf/docker_build.sh b/docker/debian-12-bookworm-armhf/docker_build.sh new file mode 100755 index 000000000..de56acca7 --- /dev/null +++ b/docker/debian-12-bookworm-armhf/docker_build.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +. docker_conf +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi + +# cf https://github.com/multiarch/qemu-user-static +#sudo apt install qemu-user-static +#docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +#docker buildx create --use +#docker buildx inspect --bootstrap +#docker buildx build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" --load . +docker build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-12-bookworm-armhf/docker_conf b/docker/debian-12-bookworm-armhf/docker_conf new file mode 100644 index 000000000..55bb22582 --- /dev/null +++ b/docker/debian-12-bookworm-armhf/docker_conf @@ -0,0 +1,3 @@ +# sourceme +DOCKER_IMAGE=pm3-debian-bookworm-armhf:1.0 +DOCKER_PLATFORM="--platform linux/arm/v7" diff --git a/docker/debian-12-bookworm-armhf/docker_rm.sh b/docker/debian-12-bookworm-armhf/docker_rm.sh new file mode 100644 index 000000000..3705c37bb --- /dev/null +++ b/docker/debian-12-bookworm-armhf/docker_rm.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +. docker_conf +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm-armhf/docker_run.sh b/docker/debian-12-bookworm-armhf/docker_run.sh new file mode 100755 index 000000000..a62889fa0 --- /dev/null +++ b/docker/debian-12-bookworm-armhf/docker_run.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +. docker_conf +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV $DOCKER_PLATFORM --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" From 12775960dc5780cdf4bb8e039cf2cd973f93ccb8 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 18 Dec 2024 22:18:05 +0100 Subject: [PATCH 078/150] Refactor Docker scripts --- docker/archlinux/docker_build.sh | 12 ------------ docker/archlinux/docker_conf | 2 -- docker/archlinux/docker_rm.sh | 5 ----- docker/archlinux/docker_run.sh | 10 ---------- docker/build-all.sh | 2 +- .../docker_build.sh => build.sh} | 8 +++++++- docker/debian-11-bullseye/docker_build.sh | 12 ------------ docker/debian-11-bullseye/docker_conf | 2 -- docker/debian-11-bullseye/docker_rm.sh | 5 ----- docker/debian-11-bullseye/docker_run.sh | 10 ---------- docker/debian-12-bookworm-arm64/Dockerfile | 2 +- docker/debian-12-bookworm-arm64/docker_conf | 3 --- docker/debian-12-bookworm-arm64/docker_rm.sh | 5 ----- docker/debian-12-bookworm-armhf/Dockerfile | 2 +- .../debian-12-bookworm-armhf/docker_build.sh | 19 ------------------- docker/debian-12-bookworm-armhf/docker_conf | 3 --- docker/debian-12-bookworm-armhf/docker_rm.sh | 5 ----- docker/debian-12-bookworm-armhf/docker_run.sh | 10 ---------- docker/debian-12-bookworm/docker_build.sh | 12 ------------ docker/debian-12-bookworm/docker_conf | 2 -- docker/debian-12-bookworm/docker_rm.sh | 5 ----- docker/debian-12-bookworm/docker_run.sh | 10 ---------- docker/debian-13-trixie/docker_build.sh | 12 ------------ docker/debian-13-trixie/docker_conf | 2 -- docker/debian-13-trixie/docker_rm.sh | 5 ----- docker/debian-13-trixie/docker_run.sh | 10 ---------- docker/fedora-36/docker_build.sh | 12 ------------ docker/fedora-36/docker_conf | 2 -- docker/fedora-36/docker_rm.sh | 5 ----- docker/fedora-36/docker_run.sh | 10 ---------- docker/fedora-37/docker_build.sh | 12 ------------ docker/fedora-37/docker_conf | 2 -- docker/fedora-37/docker_rm.sh | 5 ----- docker/fedora-37/docker_run.sh | 10 ---------- docker/homebrew/README.md | 2 ++ docker/homebrew/docker_build.sh | 12 ------------ docker/homebrew/docker_conf | 2 -- docker/homebrew/docker_rm.sh | 5 ----- docker/homebrew/docker_run.sh | 11 ----------- docker/kali/docker_build.sh | 12 ------------ docker/kali/docker_conf | 2 -- docker/kali/docker_rm.sh | 5 ----- docker/kali/docker_run.sh | 10 ---------- docker/opensuse-leap/docker_build.sh | 12 ------------ docker/opensuse-leap/docker_conf | 2 -- docker/opensuse-leap/docker_rm.sh | 5 ----- docker/opensuse-leap/docker_run.sh | 10 ---------- docker/opensuse-tumbleweed/docker_build.sh | 12 ------------ docker/opensuse-tumbleweed/docker_conf | 2 -- docker/opensuse-tumbleweed/docker_rm.sh | 5 ----- docker/opensuse-tumbleweed/docker_run.sh | 10 ---------- docker/parrot-core-latest/docker_build.sh | 12 ------------ docker/parrot-core-latest/docker_conf | 2 -- docker/parrot-core-latest/docker_rm.sh | 5 ----- docker/parrot-core-latest/docker_run.sh | 10 ---------- docker/rm.sh | 9 +++++++++ .../docker_run.sh => run.sh} | 6 +++++- docker/ubuntu-18.04/docker_build.sh | 12 ------------ docker/ubuntu-18.04/docker_conf | 2 -- docker/ubuntu-18.04/docker_rm.sh | 5 ----- docker/ubuntu-18.04/docker_run.sh | 10 ---------- docker/ubuntu-20.04/docker_build.sh | 12 ------------ docker/ubuntu-20.04/docker_conf | 2 -- docker/ubuntu-20.04/docker_rm.sh | 5 ----- docker/ubuntu-20.04/docker_run.sh | 10 ---------- docker/ubuntu-22.04/docker_build.sh | 12 ------------ docker/ubuntu-22.04/docker_conf | 2 -- docker/ubuntu-22.04/docker_rm.sh | 5 ----- docker/ubuntu-22.04/docker_run.sh | 10 ---------- 69 files changed, 26 insertions(+), 457 deletions(-) delete mode 100755 docker/archlinux/docker_build.sh delete mode 100644 docker/archlinux/docker_conf delete mode 100644 docker/archlinux/docker_rm.sh delete mode 100755 docker/archlinux/docker_run.sh rename docker/{debian-12-bookworm-arm64/docker_build.sh => build.sh} (77%) delete mode 100755 docker/debian-11-bullseye/docker_build.sh delete mode 100644 docker/debian-11-bullseye/docker_conf delete mode 100644 docker/debian-11-bullseye/docker_rm.sh delete mode 100755 docker/debian-11-bullseye/docker_run.sh delete mode 100644 docker/debian-12-bookworm-arm64/docker_conf delete mode 100644 docker/debian-12-bookworm-arm64/docker_rm.sh delete mode 100755 docker/debian-12-bookworm-armhf/docker_build.sh delete mode 100644 docker/debian-12-bookworm-armhf/docker_conf delete mode 100644 docker/debian-12-bookworm-armhf/docker_rm.sh delete mode 100755 docker/debian-12-bookworm-armhf/docker_run.sh delete mode 100755 docker/debian-12-bookworm/docker_build.sh delete mode 100644 docker/debian-12-bookworm/docker_conf delete mode 100644 docker/debian-12-bookworm/docker_rm.sh delete mode 100755 docker/debian-12-bookworm/docker_run.sh delete mode 100755 docker/debian-13-trixie/docker_build.sh delete mode 100644 docker/debian-13-trixie/docker_conf delete mode 100644 docker/debian-13-trixie/docker_rm.sh delete mode 100755 docker/debian-13-trixie/docker_run.sh delete mode 100755 docker/fedora-36/docker_build.sh delete mode 100644 docker/fedora-36/docker_conf delete mode 100644 docker/fedora-36/docker_rm.sh delete mode 100755 docker/fedora-36/docker_run.sh delete mode 100755 docker/fedora-37/docker_build.sh delete mode 100644 docker/fedora-37/docker_conf delete mode 100644 docker/fedora-37/docker_rm.sh delete mode 100755 docker/fedora-37/docker_run.sh delete mode 100755 docker/homebrew/docker_build.sh delete mode 100644 docker/homebrew/docker_conf delete mode 100644 docker/homebrew/docker_rm.sh delete mode 100755 docker/homebrew/docker_run.sh delete mode 100755 docker/kali/docker_build.sh delete mode 100644 docker/kali/docker_conf delete mode 100644 docker/kali/docker_rm.sh delete mode 100755 docker/kali/docker_run.sh delete mode 100755 docker/opensuse-leap/docker_build.sh delete mode 100644 docker/opensuse-leap/docker_conf delete mode 100644 docker/opensuse-leap/docker_rm.sh delete mode 100755 docker/opensuse-leap/docker_run.sh delete mode 100755 docker/opensuse-tumbleweed/docker_build.sh delete mode 100644 docker/opensuse-tumbleweed/docker_conf delete mode 100644 docker/opensuse-tumbleweed/docker_rm.sh delete mode 100755 docker/opensuse-tumbleweed/docker_run.sh delete mode 100755 docker/parrot-core-latest/docker_build.sh delete mode 100644 docker/parrot-core-latest/docker_conf delete mode 100644 docker/parrot-core-latest/docker_rm.sh delete mode 100755 docker/parrot-core-latest/docker_run.sh create mode 100755 docker/rm.sh rename docker/{debian-12-bookworm-arm64/docker_run.sh => run.sh} (68%) delete mode 100755 docker/ubuntu-18.04/docker_build.sh delete mode 100644 docker/ubuntu-18.04/docker_conf delete mode 100644 docker/ubuntu-18.04/docker_rm.sh delete mode 100755 docker/ubuntu-18.04/docker_run.sh delete mode 100755 docker/ubuntu-20.04/docker_build.sh delete mode 100644 docker/ubuntu-20.04/docker_conf delete mode 100644 docker/ubuntu-20.04/docker_rm.sh delete mode 100755 docker/ubuntu-20.04/docker_run.sh delete mode 100755 docker/ubuntu-22.04/docker_build.sh delete mode 100644 docker/ubuntu-22.04/docker_conf delete mode 100644 docker/ubuntu-22.04/docker_rm.sh delete mode 100755 docker/ubuntu-22.04/docker_run.sh diff --git a/docker/archlinux/docker_build.sh b/docker/archlinux/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/archlinux/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/archlinux/docker_conf b/docker/archlinux/docker_conf deleted file mode 100644 index b17f6e93d..000000000 --- a/docker/archlinux/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-arch:1.0 diff --git a/docker/archlinux/docker_rm.sh b/docker/archlinux/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/archlinux/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/archlinux/docker_run.sh b/docker/archlinux/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/archlinux/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/build-all.sh b/docker/build-all.sh index b3c7a9905..a71727ee6 100755 --- a/docker/build-all.sh +++ b/docker/build-all.sh @@ -1,5 +1,5 @@ #!/bin/bash for os in archlinux debian-12-bookworm debian-12-bookworm-arm64 debian-12-bookworm-armhf debian-13-trixie fedora-36 fedora-37 homebrew kali opensuse-leap opensuse-tumbleweed parrot-core-latest ubuntu-20.04 ubuntu-22.04; do - ( cd $os && ./docker_build.sh ) + ( cd $os && ../build.sh ) done diff --git a/docker/debian-12-bookworm-arm64/docker_build.sh b/docker/build.sh similarity index 77% rename from docker/debian-12-bookworm-arm64/docker_build.sh rename to docker/build.sh index de56acca7..dc2b12bf4 100755 --- a/docker/debian-12-bookworm-arm64/docker_build.sh +++ b/docker/build.sh @@ -1,6 +1,10 @@ #!/bin/bash -. docker_conf +if [ ! -e docker_conf.inc ]; then + echo "This script must be run from within one of the subfolders" + exit 1 +fi +. docker_conf.inc # Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" if [ -n "$UART_PORT" ]; then @@ -10,10 +14,12 @@ else BUILDARG="" fi +# For cross-platform support: # cf https://github.com/multiarch/qemu-user-static #sudo apt install qemu-user-static #docker run --rm --privileged multiarch/qemu-user-static --reset -p yes #docker buildx create --use #docker buildx inspect --bootstrap #docker buildx build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" --load . +# Seems to work without buildx: docker build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-11-bullseye/docker_build.sh b/docker/debian-11-bullseye/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/debian-11-bullseye/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-11-bullseye/docker_conf b/docker/debian-11-bullseye/docker_conf deleted file mode 100644 index fa951cd04..000000000 --- a/docker/debian-11-bullseye/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-debian-bullseye:1.0 diff --git a/docker/debian-11-bullseye/docker_rm.sh b/docker/debian-11-bullseye/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/debian-11-bullseye/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-11-bullseye/docker_run.sh b/docker/debian-11-bullseye/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/debian-11-bullseye/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm-arm64/Dockerfile b/docker/debian-12-bookworm-arm64/Dockerfile index 6f1ab5226..792014812 100644 --- a/docker/debian-12-bookworm-arm64/Dockerfile +++ b/docker/debian-12-bookworm-arm64/Dockerfile @@ -19,7 +19,7 @@ RUN if [ -n "${UART_GID}" ]; then \ fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers -#USER rrg +USER rrg WORKDIR "/home/rrg" CMD ["/bin/bash"] diff --git a/docker/debian-12-bookworm-arm64/docker_conf b/docker/debian-12-bookworm-arm64/docker_conf deleted file mode 100644 index 67627ddaf..000000000 --- a/docker/debian-12-bookworm-arm64/docker_conf +++ /dev/null @@ -1,3 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-debian-bookworm-arm64:1.0 -DOCKER_PLATFORM="--platform linux/arm64" diff --git a/docker/debian-12-bookworm-arm64/docker_rm.sh b/docker/debian-12-bookworm-arm64/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/debian-12-bookworm-arm64/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm-armhf/Dockerfile b/docker/debian-12-bookworm-armhf/Dockerfile index c17e66926..e5d5acf2b 100644 --- a/docker/debian-12-bookworm-armhf/Dockerfile +++ b/docker/debian-12-bookworm-armhf/Dockerfile @@ -19,7 +19,7 @@ RUN if [ -n "${UART_GID}" ]; then \ fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers -#USER rrg +USER rrg WORKDIR "/home/rrg" CMD ["/bin/bash"] diff --git a/docker/debian-12-bookworm-armhf/docker_build.sh b/docker/debian-12-bookworm-armhf/docker_build.sh deleted file mode 100755 index de56acca7..000000000 --- a/docker/debian-12-bookworm-armhf/docker_build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi - -# cf https://github.com/multiarch/qemu-user-static -#sudo apt install qemu-user-static -#docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -#docker buildx create --use -#docker buildx inspect --bootstrap -#docker buildx build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" --load . -docker build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-12-bookworm-armhf/docker_conf b/docker/debian-12-bookworm-armhf/docker_conf deleted file mode 100644 index 55bb22582..000000000 --- a/docker/debian-12-bookworm-armhf/docker_conf +++ /dev/null @@ -1,3 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-debian-bookworm-armhf:1.0 -DOCKER_PLATFORM="--platform linux/arm/v7" diff --git a/docker/debian-12-bookworm-armhf/docker_rm.sh b/docker/debian-12-bookworm-armhf/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/debian-12-bookworm-armhf/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm-armhf/docker_run.sh b/docker/debian-12-bookworm-armhf/docker_run.sh deleted file mode 100755 index a62889fa0..000000000 --- a/docker/debian-12-bookworm-armhf/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV $DOCKER_PLATFORM --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm/docker_build.sh b/docker/debian-12-bookworm/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/debian-12-bookworm/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-12-bookworm/docker_conf b/docker/debian-12-bookworm/docker_conf deleted file mode 100644 index 965092c9b..000000000 --- a/docker/debian-12-bookworm/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-debian-bookworm:1.0 diff --git a/docker/debian-12-bookworm/docker_rm.sh b/docker/debian-12-bookworm/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/debian-12-bookworm/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm/docker_run.sh b/docker/debian-12-bookworm/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/debian-12-bookworm/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/debian-13-trixie/docker_build.sh b/docker/debian-13-trixie/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/debian-13-trixie/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-13-trixie/docker_conf b/docker/debian-13-trixie/docker_conf deleted file mode 100644 index 5360f9255..000000000 --- a/docker/debian-13-trixie/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-debian-trixie:1.0 diff --git a/docker/debian-13-trixie/docker_rm.sh b/docker/debian-13-trixie/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/debian-13-trixie/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-13-trixie/docker_run.sh b/docker/debian-13-trixie/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/debian-13-trixie/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/fedora-36/docker_build.sh b/docker/fedora-36/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/fedora-36/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/fedora-36/docker_conf b/docker/fedora-36/docker_conf deleted file mode 100644 index 3d4b629b7..000000000 --- a/docker/fedora-36/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-fedora-36:1.0 diff --git a/docker/fedora-36/docker_rm.sh b/docker/fedora-36/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/fedora-36/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/fedora-36/docker_run.sh b/docker/fedora-36/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/fedora-36/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/fedora-37/docker_build.sh b/docker/fedora-37/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/fedora-37/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/fedora-37/docker_conf b/docker/fedora-37/docker_conf deleted file mode 100644 index 66bb5e1c0..000000000 --- a/docker/fedora-37/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-fedora-37:1.0 diff --git a/docker/fedora-37/docker_rm.sh b/docker/fedora-37/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/fedora-37/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/fedora-37/docker_run.sh b/docker/fedora-37/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/fedora-37/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/homebrew/README.md b/docker/homebrew/README.md index 3ebc5a9ed..664db5de3 100644 --- a/docker/homebrew/README.md +++ b/docker/homebrew/README.md @@ -1,5 +1,7 @@ # Notes on linux homebrew +If needed to install sth, run brew as user linuxbrew + Do not `brew install arm-none-eabi-gcc`, it's a Mach-O executable. So only host bins can be built (except tools/hitag2crack/crack5opencl which needs OpenCL) diff --git a/docker/homebrew/docker_build.sh b/docker/homebrew/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/homebrew/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/homebrew/docker_conf b/docker/homebrew/docker_conf deleted file mode 100644 index 2488be8d6..000000000 --- a/docker/homebrew/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-brew:1.0 diff --git a/docker/homebrew/docker_rm.sh b/docker/homebrew/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/homebrew/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/homebrew/docker_run.sh b/docker/homebrew/docker_run.sh deleted file mode 100755 index 0fec9fd33..000000000 --- a/docker/homebrew/docker_run.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" -# if needed, run brew as user linuxbrew diff --git a/docker/kali/docker_build.sh b/docker/kali/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/kali/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/kali/docker_conf b/docker/kali/docker_conf deleted file mode 100644 index 866db4d67..000000000 --- a/docker/kali/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-kali:1.0 diff --git a/docker/kali/docker_rm.sh b/docker/kali/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/kali/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/kali/docker_run.sh b/docker/kali/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/kali/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/opensuse-leap/docker_build.sh b/docker/opensuse-leap/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/opensuse-leap/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/opensuse-leap/docker_conf b/docker/opensuse-leap/docker_conf deleted file mode 100644 index 6c7e804e5..000000000 --- a/docker/opensuse-leap/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-suse-leap:1.0 diff --git a/docker/opensuse-leap/docker_rm.sh b/docker/opensuse-leap/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/opensuse-leap/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/opensuse-leap/docker_run.sh b/docker/opensuse-leap/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/opensuse-leap/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/opensuse-tumbleweed/docker_build.sh b/docker/opensuse-tumbleweed/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/opensuse-tumbleweed/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/opensuse-tumbleweed/docker_conf b/docker/opensuse-tumbleweed/docker_conf deleted file mode 100644 index c40603d93..000000000 --- a/docker/opensuse-tumbleweed/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-suse-tumbleweed:1.0 diff --git a/docker/opensuse-tumbleweed/docker_rm.sh b/docker/opensuse-tumbleweed/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/opensuse-tumbleweed/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/opensuse-tumbleweed/docker_run.sh b/docker/opensuse-tumbleweed/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/opensuse-tumbleweed/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/parrot-core-latest/docker_build.sh b/docker/parrot-core-latest/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/parrot-core-latest/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/parrot-core-latest/docker_conf b/docker/parrot-core-latest/docker_conf deleted file mode 100644 index 3fc87ccab..000000000 --- a/docker/parrot-core-latest/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-parrotsec-core-latest:1.0 diff --git a/docker/parrot-core-latest/docker_rm.sh b/docker/parrot-core-latest/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/parrot-core-latest/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/parrot-core-latest/docker_run.sh b/docker/parrot-core-latest/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/parrot-core-latest/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/rm.sh b/docker/rm.sh new file mode 100755 index 000000000..32a3b1b16 --- /dev/null +++ b/docker/rm.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ ! -e docker_conf.inc ]; then + echo "This script must be run from within one of the subfolders" + exit 1 +fi +. docker_conf.inc +docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +docker image rm "$DOCKER_IMAGE" diff --git a/docker/debian-12-bookworm-arm64/docker_run.sh b/docker/run.sh similarity index 68% rename from docker/debian-12-bookworm-arm64/docker_run.sh rename to docker/run.sh index a62889fa0..34d8fd106 100755 --- a/docker/debian-12-bookworm-arm64/docker_run.sh +++ b/docker/run.sh @@ -1,6 +1,10 @@ #!/bin/bash -. docker_conf +if [ ! -e docker_conf.inc ]; then + echo "This script must be run from within one of the subfolders" + exit 1 +fi +. docker_conf.inc UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" if [ -n "$UART_PORT" ]; then DEV="--device=/dev/tty0 --device=$UART_PORT" diff --git a/docker/ubuntu-18.04/docker_build.sh b/docker/ubuntu-18.04/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/ubuntu-18.04/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-18.04/docker_conf b/docker/ubuntu-18.04/docker_conf deleted file mode 100644 index 1a9a20ae8..000000000 --- a/docker/ubuntu-18.04/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-ubuntu-18.04:1.0 diff --git a/docker/ubuntu-18.04/docker_rm.sh b/docker/ubuntu-18.04/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/ubuntu-18.04/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/ubuntu-18.04/docker_run.sh b/docker/ubuntu-18.04/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/ubuntu-18.04/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/ubuntu-20.04/docker_build.sh b/docker/ubuntu-20.04/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/ubuntu-20.04/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-20.04/docker_conf b/docker/ubuntu-20.04/docker_conf deleted file mode 100644 index 65ae052b1..000000000 --- a/docker/ubuntu-20.04/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-ubuntu-20.04:1.0 diff --git a/docker/ubuntu-20.04/docker_rm.sh b/docker/ubuntu-20.04/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/ubuntu-20.04/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/ubuntu-20.04/docker_run.sh b/docker/ubuntu-20.04/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/ubuntu-20.04/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" diff --git a/docker/ubuntu-22.04/docker_build.sh b/docker/ubuntu-22.04/docker_build.sh deleted file mode 100755 index d0c94091e..000000000 --- a/docker/ubuntu-22.04/docker_build.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -. docker_conf -# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance -UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - UART_GID="$(stat -c '%g' $UART_PORT)" - BUILDARG="--build-arg UART_GID=$UART_GID" -else - BUILDARG="" -fi -docker build $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/ubuntu-22.04/docker_conf b/docker/ubuntu-22.04/docker_conf deleted file mode 100644 index b5d8532d8..000000000 --- a/docker/ubuntu-22.04/docker_conf +++ /dev/null @@ -1,2 +0,0 @@ -# sourceme -DOCKER_IMAGE=pm3-ubuntu-22.04:1.0 diff --git a/docker/ubuntu-22.04/docker_rm.sh b/docker/ubuntu-22.04/docker_rm.sh deleted file mode 100644 index 3705c37bb..000000000 --- a/docker/ubuntu-22.04/docker_rm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -. docker_conf -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") -docker image rm "$DOCKER_IMAGE" diff --git a/docker/ubuntu-22.04/docker_run.sh b/docker/ubuntu-22.04/docker_run.sh deleted file mode 100755 index fe28c846d..000000000 --- a/docker/ubuntu-22.04/docker_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. docker_conf -UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" -if [ -n "$UART_PORT" ]; then - DEV="--device=/dev/tty0 --device=$UART_PORT" -else - DEV="" -fi -docker run $DEV --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" From fbf03b9e8cc5b74bf71256927eba59d5f4c699b3 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 18 Dec 2024 22:51:27 +0100 Subject: [PATCH 079/150] fix sudo support in cross-platform Docker instances --- docker/build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/build.sh b/docker/build.sh index dc2b12bf4..499100942 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -17,7 +17,8 @@ fi # For cross-platform support: # cf https://github.com/multiarch/qemu-user-static #sudo apt install qemu-user-static -#docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +# credential=yes needed to get proper sudo support in cross-platform Docker instances +#docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes #docker buildx create --use #docker buildx inspect --bootstrap #docker buildx build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" --load . From e5bee8dd6fdaf82c5822d1d9e9d5f85fbc5d997c Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 18 Dec 2024 23:36:37 +0100 Subject: [PATCH 080/150] Docker images: supports TCP & BT connections --- docker/rm.sh | 5 ++++- docker/run.sh | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docker/rm.sh b/docker/rm.sh index 32a3b1b16..72aab077b 100755 --- a/docker/rm.sh +++ b/docker/rm.sh @@ -5,5 +5,8 @@ if [ ! -e docker_conf.inc ]; then exit 1 fi . docker_conf.inc -docker rm $(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +CONTAINER=$(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +if [ -n "$CONTAINER" ]; then + docker rm $CONTAINER +fi docker image rm "$DOCKER_IMAGE" diff --git a/docker/run.sh b/docker/run.sh index 34d8fd106..df178fb6c 100755 --- a/docker/run.sh +++ b/docker/run.sh @@ -11,4 +11,4 @@ if [ -n "$UART_PORT" ]; then else DEV="" fi -docker run $DEV $DOCKER_PLATFORM --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 -it "$DOCKER_IMAGE" +docker run $DEV $DOCKER_PLATFORM --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 --net=host --rm -it "$DOCKER_IMAGE" From df3916c7b6fad4493ff76abba52541a1dbff0ca2 Mon Sep 17 00:00:00 2001 From: klks Date: Fri, 20 Dec 2024 22:50:20 +0800 Subject: [PATCH 081/150] Add annotations for FMCOS2.0 CPU Card Adding annotations for the FMCOS 2.0 CPU Card that is used/sold in China. --- client/src/cmdhflist.c | 164 +++++++++++++++++++++++++++++++++++++++++ client/src/cmdhflist.h | 2 + client/src/cmdtrace.c | 10 +++ doc/commands.json | 1 + include/protocols.h | 39 ++++++++++ 5 files changed, 216 insertions(+) diff --git a/client/src/cmdhflist.c b/client/src/cmdhflist.c index f9016a29a..1db7fd95a 100644 --- a/client/src/cmdhflist.c +++ b/client/src/cmdhflist.c @@ -2373,3 +2373,167 @@ uint64_t GetCrypto1ProbableKey(AuthData_t *ad) { crypto1_destroy(revstate); return key; } + +// FMCOS 2.0 +void annotateFMCOS20(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { + + if (cmdsize < 2) + return; + + int pos = 0; + switch (cmd[0]) { + case 2: + case 3: + pos = 2; + break; + case 0: + pos = 1; + break; + default: + pos = 3; + break; + } + switch (cmd[pos]) { + case FMCOS20_CMD_EXTERNAL_AUTHENTICATION: + snprintf(exp, size, "EXT. AUTH"); + break; + case FMCOS20_CMD_GET_CHALLENGE: + snprintf(exp, size, "GET CHALLENGE"); + break; + case FMCOS20_CMD_INTERNAL_AUTHENTICATION: + snprintf(exp, size, "INT. AUTH"); + break; + case FMCOS20_CMD_SELECT: + snprintf(exp, size, "SELECT"); + break; + case FMCOS20_CMD_VERIFY_PIN: + snprintf(exp, size, "VERIFY PIN"); + break; + case FMCOS20_CMD_READ_BINARY: + snprintf(exp, size, "READ BINARY"); + break; + case FMCOS20_CMD_READ_RECORD: + snprintf(exp, size, "READ RECORD"); + break; + case FMCOS20_CMD_UPDATE_BINARY: + snprintf(exp, size, "UPDATE BINARY"); + break; + case FMCOS20_CMD_UPDATE_RECORD: + snprintf(exp, size, "UPDATE RECORD"); + break; + case FMCOS20_CMD_APPEND_RECORD: + snprintf(exp, size, "APPEND RECORD"); + break; + case FMCOS20_CMD_ERASE_DF: + snprintf(exp, size, "ERASE DF"); + break; + case FMCOS20_CMD_WRITE_KEY: + snprintf(exp, size, "WRITE KEY"); + break; + case FMCOS20_CMD_CREATE_FILE: + snprintf(exp, size, "CREATE FILE"); + break; + case FMCOS20_CMD_CARD_BLOCK: + snprintf(exp, size, "CARD BLOCK"); + break; + case FMCOS20_CMD_APP_UNBLOCK: + snprintf(exp, size, "APP UNBLOCK"); + break; + case FMCOS20_CMD_APP_BLOCK: + if (cmd[pos+1] == 0) + snprintf(exp, size, "APP BLOCK (TEMP)"); + else if(cmd[pos+1] == 1) + snprintf(exp, size, "APP BLOCK (PERM)"); + else + snprintf(exp, size, "APP BLOCK"); + break; + case FMCOS20_CMD_PIN_UNBLOCK: + snprintf(exp, size, "PIN UNBLOCK"); + break; + case FMCOS20_CMD_CHANGE_PIN: + if (cmd[pos+1] == 0) + snprintf(exp, size, "RESET PIN"); + else if (cmd[pos+1] == 1) + snprintf(exp, size, "CHANGE PIN"); + break; + case FMCOS20_CMD_INITIALIZE_TRANSACTION: + if (cmd[pos+1] == 0) + snprintf(exp, size, "INIT. TRANSACTION (CREDIT)"); + else if (cmd[pos+1] == 1) + snprintf(exp, size, "INIT. TRANSACTION (PURCHASE)"); + else if (cmd[pos+1] == 2) + snprintf(exp, size, "INIT. TRANSACTION (CASH WITHDRAW)"); + else if (cmd[pos+1] == 3) + snprintf(exp, size, "INIT. TRANSACTION (CAPP PURCHASE)"); + else if (cmd[pos+1] == 4) + snprintf(exp, size, "INIT. TRANSACTION (OVERDRAFT)"); + else if (cmd[pos+1] == 5) + snprintf(exp, size, "INIT. TRANSACTION (WITHDRAW)"); + break; + case FMCOS20_CMD_CREDIT_LOAD: + snprintf(exp, size, "CREDIT LOAD"); + break; + case FMCOS20_CMD_PURCHASE: + if(cmd[pos+1] == 0) + snprintf(exp, size, "PURCHASE"); + else if (cmd[pos+1] == 1) + snprintf(exp, size, "CAPP PURCHASE / CASH WITHDRAW"); + else if (cmd[pos+1] == 3) + snprintf(exp, size, "WITHDRAW"); + break; + case FMCOS20_CMD_UPDATE_OVERDRAW_LIMIT: + snprintf(exp, size, "UPDATE OVERDRAFT"); + break; + case FMCOS20_CMD_GET_TRANSACTION_PROOF: + snprintf(exp, size, "TRANSACTION RECORD"); + break; + case FMCOS20_CMD_GET_BALANCE: + snprintf(exp, size, "GET BALANCE"); + break; + case FMCOS20_CMD_INITIALIZE_GREY_LOCK_UNLOCK: + if (cmd[pos+1] == 8) + snprintf(exp, size, "INIT. GRAY LOCK"); + else if (cmd[pos+1] == 9) + snprintf(exp, size, "INIT. GRAY UNLOCK"); + break; + case FMCOS20_CMD_GREY_LOCK_UNLOCK: + if (cmd[pos+1] == 8) + snprintf(exp, size, "GRAY LOCK"); + else if (cmd[pos+1] == 9) + snprintf(exp, size, "GRAY UNLOCK"); + break; + case FMCOS20_CMD_DEBIT_UNLOCK: + snprintf(exp, size, "DEBIT UNLOCK"); + break; + case FMCOS20_CMD_CALCULATE_ROM_CRC: + snprintf(exp, size, "CALC. ROM CRC"); + break; + case FMCOS20_CMD_GET_RESPONSE: + snprintf(exp, size, "GET RESPONSE"); + break; + case FMCOS20_CMD_UNBLOCK: + snprintf(exp, size, "UNBLOCK"); + break; + case FMCOS20_CMD_PULL: + snprintf(exp, size, "PULL"); + break; + case FMCOS20_CMD_CHARGE: + snprintf(exp, size, "CHARGE"); + break; + case FMCOS20_CMD_WRITE_EEPROM: + snprintf(exp, size, "WRITE EEPROM"); + break; + case FMCOS20_CMD_READ_EEPROM: + snprintf(exp, size, "READ EEPROM"); + break; + case FMCOS20_CMD_INITIALIZE_EEPROM: + snprintf(exp, size, "INIT. EEPROM"); + break; + case FMCOS20_CMD_READ_ROM: + snprintf(exp, size, "READ ROM"); + break; + default: + //snprintf(exp, size, "?"); + break; + } +} \ No newline at end of file diff --git a/client/src/cmdhflist.h b/client/src/cmdhflist.h index cbe18e92c..92f54e4af 100644 --- a/client/src/cmdhflist.h +++ b/client/src/cmdhflist.h @@ -76,4 +76,6 @@ bool NestedCheckKey(uint64_t key, AuthData_t *ad, uint8_t *cmd, uint8_t cmdsize, bool CheckCrypto1Parity(const uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, const uint8_t *parity_enc); uint64_t GetCrypto1ProbableKey(AuthData_t *ad); +void annotateFMCOS20(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize); + #endif // CMDHFLIST diff --git a/client/src/cmdtrace.c b/client/src/cmdtrace.c index 8e19c3bb5..569e13e23 100644 --- a/client/src/cmdtrace.c +++ b/client/src/cmdtrace.c @@ -779,6 +779,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr switch (protocol) { case ISO_14443A: case ISO_7816_4: + case PROTO_FMCOS20: annotateIso14443a(explanation, sizeof(explanation), frame, data_len, hdr->isResponse); break; case PROTO_MIFARE: @@ -836,6 +837,9 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr case SEOS: annotateSeos(explanation, sizeof(explanation), frame, data_len); break; + case PROTO_FMCOS20: + annotateFMCOS20(explanation, sizeof(explanation), frame, data_len); + break; default: break; } @@ -1310,6 +1314,7 @@ int CmdTraceList(const char *Cmd) { "trace list -t thinfilm -> interpret as " _YELLOW_("Thinfilm") "\n" "trace list -t topaz -> interpret as " _YELLOW_("Topaz") "\n" "trace list -t mfp -> interpret as " _YELLOW_("MIFARE Plus") "\n" + "trace list -t fmcos20 -> interpret as " _YELLOW_("FMCOS 2.0") "\n" "\n" "trace list -t mf -f mfc_default_keys.dic -> use default dictionary file\n" "trace list -t 14a --frame -> show frame delay times\n" @@ -1377,6 +1382,7 @@ int CmdTraceList(const char *Cmd) { else if (strcmp(type, "thinfilm") == 0) protocol = THINFILM; else if (strcmp(type, "topaz") == 0) protocol = TOPAZ; else if (strcmp(type, "mfp") == 0) protocol = PROTO_MFPLUS; + else if (strcmp(type, "fmcos20") == 0) protocol = PROTO_FMCOS20; else if (strcmp(type, "") == 0) protocol = -1; else { PrintAndLogEx(FAILED, "Unknown protocol \"%s\"", type); @@ -1460,6 +1466,10 @@ int CmdTraceList(const char *Cmd) { PrintAndLogEx(INFO, _YELLOW_("Hitag 1 / Hitag 2 / Hitag S") " - Timings in ETU (8us)"); } + if (protocol == PROTO_FMCOS20) { + PrintAndLogEx(INFO, _YELLOW_("FMCOS 2.0 / CPU Card") " - Timings n/a"); + } + if (protocol == FELICA) { if (use_us) PrintAndLogEx(INFO, _YELLOW_("ISO18092 / FeliCa") " - all times are in microseconds"); diff --git a/doc/commands.json b/doc/commands.json index aca2de7f7..0bfc7059d 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -12837,6 +12837,7 @@ "trace list -t thinfilm -> interpret as Thinfilm", "trace list -t topaz -> interpret as Topaz", "trace list -t mfp -> interpret as MIFARE Plus", + "trace list -t fmcos20 -> interpret as FMCOS 2.0", "", "trace list -t mf -f mfc_default_keys.dic -> use default dictionary file", "trace list -t 14a --frame -> show frame delay times", diff --git a/include/protocols.h b/include/protocols.h index 3aa40ea79..3591a8dc2 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -453,6 +453,7 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define PROTO_MFPLUS 17 #define PROTO_TEXKOM 18 #define PROTO_XEROX 19 +#define PROTO_FMCOS20 20 // Picopass fuses #define FUSE_FPERS 0x80 @@ -950,5 +951,43 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. // 0x0A = ACK // 0x05 = NACK +//FMCOS2.0 +#define FMCOS20_CMD_VERIFY_PIN 0x20 +#define FMCOS20_CMD_EXTERNAL_AUTHENTICATION 0x82 +#define FMCOS20_CMD_GET_CHALLENGE 0x84 +#define FMCOS20_CMD_INTERNAL_AUTHENTICATION 0x88 +#define FMCOS20_CMD_SELECT 0xA4 +#define FMCOS20_CMD_READ_BINARY 0xB0 +#define FMCOS20_CMD_READ_RECORD 0xB2 +#define FMCOS20_CMD_GET_RESPONSE 0xC0 +#define FMCOS20_CMD_UPDATE_BINARY 0xD6 +#define FMCOS20_CMD_UPDATE_RECORD 0xDC +#define FMCOS20_CMD_APPEND_RECORD 0xE2 +#define FMCOS20_CMD_CARD_BLOCK 0x16 +#define FMCOS20_CMD_APP_UNBLOCK 0x18 +#define FMCOS20_CMD_APP_BLOCK 0x1E +#define FMCOS20_CMD_PIN_UNBLOCK 0x24 +#define FMCOS20_CMD_UNBLOCK 0x2C +#define FMCOS20_CMD_INITIALIZE_TRANSACTION 0x50 +#define FMCOS20_CMD_CREDIT_LOAD 0x52 +#define FMCOS20_CMD_PURCHASE 0x54 +#define FMCOS20_CMD_UPDATE_OVERDRAW_LIMIT 0x58 +#define FMCOS20_CMD_GET_TRANSACTION_PROOF 0x5A +#define FMCOS20_CMD_GET_BALANCE 0x5C +#define FMCOS20_CMD_CHANGE_PIN 0x5E +#define FMCOS20_CMD_ERASE_DF 0x0E +#define FMCOS20_CMD_PULL 0x30 +#define FMCOS20_CMD_CHARGE 0x32 +#define FMCOS20_CMD_WRITE_KEY 0xD4 +#define FMCOS20_CMD_CREATE_FILE 0xE0 +#define FMCOS20_CMD_WRITE_EEPROM 0x00 +#define FMCOS20_CMD_READ_EEPROM 0x04 +#define FMCOS20_CMD_INITIALIZE_EEPROM 0x02 +#define FMCOS20_CMD_READ_ROM 0x0C +#define FMCOS20_CMD_INITIALIZE_GREY_LOCK_UNLOCK 0x7A +#define FMCOS20_CMD_GREY_LOCK_UNLOCK 0x7C +#define FMCOS20_CMD_DEBIT_UNLOCK 0x7E +#define FMCOS20_CMD_CALCULATE_ROM_CRC 0x0A + #endif // PROTOCOLS_H From b275895e2174c9c1b6a7bf1d0cd2a396ed9e8754 Mon Sep 17 00:00:00 2001 From: ry4000 <154689120+ry4000@users.noreply.github.com> Date: Sat, 21 Dec 2024 11:41:04 +1100 Subject: [PATCH 082/150] R&Y: Added DAY RTA Tapp Card and Additional BKK BEM Stored Value Card AIDs to `aid_desfire.json` Added to `aid_desfire.json` - DAY RTA Tapp Card AID - Additional BKK BEM Stored Value Card AIDs Signed-off-by: ry4000 <154689120+ry4000@users.noreply.github.com> --- client/resources/aid_desfire.json | 136 ++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 489496127..89f8db62f 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -879,6 +879,14 @@ "Description": "DEL Delhi Metro App 2", "Type": "transport" }, + { + "AID": "025342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "034D44", "Vendor": "Delhi Metro Rail Corporation Limited", @@ -887,6 +895,14 @@ "Description": "DEL Delhi Metro App 3", "Type": "transport" }, + { + "AID": "035342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "044D44", "Vendor": "Delhi Metro Rail Corporation Limited", @@ -895,6 +911,14 @@ "Description": "DEL Delhi Metro App 4", "Type": "transport" }, + { + "AID": "045342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "052242", "Vendor": "Belbim", @@ -911,6 +935,14 @@ "Description": "DEL Delhi Metro App 5", "Type": "transport" }, + { + "AID": "055342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "062242", "Vendor": "Belbim", @@ -927,6 +959,14 @@ "Description": "DEL Delhi Metro App 6", "Type": "transport" }, + { + "AID": "065342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "074D44", "Vendor": "Delhi Metro Rail Corporation Limited", @@ -935,6 +975,22 @@ "Description": "DEL Delhi Metro App 7", "Type": "transport" }, + { + "AID": "075342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "085342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "087522", "Vendor": "Umo Mobility via Cubic Transportation Systems", @@ -943,6 +999,78 @@ "Description": "Umo Mobility Card", "Type": "transport" }, + { + "AID": "095342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0A5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0B5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0C5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0D5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0E5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0F5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "105342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "115342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "2211AF", "Vendor": "National Transport Authority", @@ -1071,6 +1199,14 @@ "Description": "CMH COTA Smartcard; Masabi Justride Tap and Ride DESFire Smartcard", "Type": "transport" }, + { + "AID": "D000D0", + "Vendor": "Greater Dayton Regional Transit Authority (RTA) via Masabi Ltd", + "Country": "US", + "Name": "RTA Tapp Pay Card (DAY)", + "Description": "DAY RTA Tapp Pay Card; Masabi Justride Tap and Ride DESFire Smartcard", + "Type": "transport" + }, { "AID": "DD00DD", "Vendor": "Regional Transporation District (RTD) via Masabi Ltd", From 825dea27a0b1631b1325a86f9c0bc110b440f907 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Tue, 24 Dec 2024 23:56:04 +0100 Subject: [PATCH 083/150] hf mf isen: fix timeout when used over slow link (tcp/bt) --- client/src/cmdhfmf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 1dedaafca..6c72bccbf 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -9976,10 +9976,13 @@ static int CmdHF14AMfISEN(const char *Cmd) { uint64_t t1 = msclock(); uint32_t flags = collect_fm11rf08s_with_data | (collect_fm11rf08s_without_backdoor << 1); SendCommandMIX(CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES, flags, blockn, keytype, key, sizeof(key)); - if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { if (resp.oldarg[0] != PM3_SUCCESS) { return NONCE_FAIL; } + } else { + PrintAndLogEx(WARNING, "Fail, transfer from device time-out"); + return PM3_ETIMEOUT; } uint8_t num_sectors = MIFARE_1K_MAXSECTOR + 1; iso14a_fm11rf08s_nonces_with_data_t nonces_dump = {0}; From d7ab949d1f1dfc5f99c1047af334b50daca9664e Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Wed, 25 Dec 2024 19:14:05 +0100 Subject: [PATCH 084/150] Change hf mf fchk --mem to read dictionary from spiffs file --- armsrc/mifarecmd.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 9820d19a2..928b64cb4 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -38,6 +38,8 @@ #include "spiffs.h" // spiffs #include "appmain.h" // print_stack_usage +#define MF_KEYS_FILE "dict_mf.bin" + #ifndef HARDNESTED_AUTHENTICATION_TIMEOUT # define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation) #endif @@ -1900,13 +1902,12 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da #ifdef WITH_FLASH if (use_flashmem) { BigBuf_free(); - uint16_t isok = 0; - uint8_t size[2] = {0x00, 0x00}; - isok = Flash_ReadData(DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k), size, 2); - if (isok != 2) + uint32_t size = 0; + size = size_in_spiffs(MF_KEYS_FILE); + if (size <= 0) goto OUT; - keyCount = size[1] << 8 | size[0]; + keyCount = size / 6; if (keyCount == 0) goto OUT; @@ -1921,10 +1922,8 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da if (datain == NULL) goto OUT; - isok = Flash_ReadData(DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k) + 2, datain, key_mem_available); - if (isok != key_mem_available) - goto OUT; - + rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, datain, keyCount * 6, RDV40_SPIFFS_SAFETY_SAFE); + if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u keys from spiffs file: %s", keyCount, MF_KEYS_FILE); } #endif From 5af815f2713c2f6572db65f6bcd41ca1f509f6e8 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Wed, 25 Dec 2024 21:08:44 +0100 Subject: [PATCH 085/150] Mifare dictionary uploaded to spiffs using legacy function --- armsrc/appmain.c | 19 -------- armsrc/mifarecmd.c | 2 - client/src/cmdflashmem.c | 94 ++++++++++++++++++++++------------------ include/pmflash.h | 2 + 4 files changed, 53 insertions(+), 64 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 2422db883..fbadeafad 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2752,25 +2752,6 @@ static void PacketReceived(PacketCommandNG *packet) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); Flash_Erase4k(spi_flash_pages64k - 1, 0xC); - } else if (payload->startidx == DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k)) { - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0x5); - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0x6); - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0x7); - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0x8); - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0x9); - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0xA); } else if (payload->startidx == DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k)) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 928b64cb4..170d209e6 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -38,8 +38,6 @@ #include "spiffs.h" // spiffs #include "appmain.h" // print_stack_usage -#define MF_KEYS_FILE "dict_mf.bin" - #ifndef HARDNESTED_AUTHENTICATION_TIMEOUT # define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation) #endif diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index d1e9ab672..23a43fe57 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -192,7 +192,7 @@ static int CmdFlashMemLoad(const char *Cmd) { CLIParserInit(&ctx, "mem load", "Loads binary file into flash memory on device\n" "Warning: mem area to be written must have been wiped first\n" - "( this is already taken care when loading dictionaries )", + "( dictionaries are serviced as files in spiffs so no wipe is needed )", "mem load -f myfile -> upload file myfile values at default offset 0\n" "mem load -f myfile -o 1024 -> upload file myfile values at offset 1024\n" "mem load -f mfc_default_keys -m -> upload MFC keys\n" @@ -217,6 +217,7 @@ static int CmdFlashMemLoad(const char *Cmd) { bool is_t55xx = arg_get_lit(ctx, 4); int fnlen = 0; char filename[FILE_PATH_SIZE] = {0}; + char spiffsDest[32] = {0}; CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParserFree(ctx); @@ -246,22 +247,18 @@ static int CmdFlashMemLoad(const char *Cmd) { switch (d) { case DICTIONARY_MIFARE: - offset = DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages); keylen = 6; - res = loadFileDICTIONARY(filename, data + 2, &datalen, keylen, &keycount); + res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount); if (res || !keycount) { free(data); return PM3_EFILE; } - // limited space on flash mem - if (keycount > DEFAULT_MF_KEYS_MAX) { - keycount = DEFAULT_MF_KEYS_MAX; - datalen = keycount * keylen; + if (datalen > FLASH_MEM_MAX_SIZE_P(spi_flash_pages)) { + PrintAndLogEx(ERR, "error, filesize is larger than available memory"); + free(data); + return PM3_EOVFLOW; } - - data[0] = (keycount >> 0) & 0xFF; - data[1] = (keycount >> 8) & 0xFF; - datalen += 2; + strcpy_s(spiffsDest, 32, MF_KEYS_FILE); break; case DICTIONARY_T55XX: offset = DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages); @@ -326,44 +323,55 @@ static int CmdFlashMemLoad(const char *Cmd) { uint32_t bytes_sent = 0; uint32_t bytes_remaining = datalen; - - // fast push mode - g_conn.block_after_ACK = true; - - while (bytes_remaining > 0) { - uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining); - - clearCommandBuffer(); - - flashmem_old_write_t payload = { - .startidx = offset + bytes_sent, - .len = bytes_in_packet, - }; - memcpy(payload.data, data + bytes_sent, bytes_in_packet); - SendCommandNG(CMD_FLASHMEM_WRITE, (uint8_t *)&payload, sizeof(payload)); - - bytes_remaining -= bytes_in_packet; - bytes_sent += bytes_in_packet; - - PacketResponseNG resp; - if (WaitForResponseTimeout(CMD_FLASHMEM_WRITE, &resp, 2000) == false) { - PrintAndLogEx(WARNING, "timeout while waiting for reply."); - g_conn.block_after_ACK = false; + // we will treat dictionary files as spiffs files, so we need to handle this here + if (d == DICTIONARY_MIFARE) { + res = flashmem_spiffs_load(spiffsDest, data, datalen); + if (res != PM3_SUCCESS) { + PrintAndLogEx(FAILED, "Failed writing passwrods to file %s", spiffsDest); free(data); - return PM3_ETIMEOUT; + return res; + } + PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%u")" passwords to file "_GREEN_("%s"), keycount, spiffsDest); + } else { + // fast push mode + g_conn.block_after_ACK = true; + + while (bytes_remaining > 0) { + uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining); + + clearCommandBuffer(); + + flashmem_old_write_t payload = { + .startidx = offset + bytes_sent, + .len = bytes_in_packet, + }; + memcpy(payload.data, data + bytes_sent, bytes_in_packet); + SendCommandNG(CMD_FLASHMEM_WRITE, (uint8_t *)&payload, sizeof(payload)); + + bytes_remaining -= bytes_in_packet; + bytes_sent += bytes_in_packet; + + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_FLASHMEM_WRITE, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + g_conn.block_after_ACK = false; + free(data); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + g_conn.block_after_ACK = false; + PrintAndLogEx(FAILED, "Flash write fail [offset %u]", bytes_sent); + free(data); + return PM3_EFLASH; + } } - if (resp.status != PM3_SUCCESS) { - g_conn.block_after_ACK = false; - PrintAndLogEx(FAILED, "Flash write fail [offset %u]", bytes_sent); - free(data); - return PM3_EFLASH; - } + g_conn.block_after_ACK = false; + PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%zu")" bytes to offset "_GREEN_("%u"), datalen, offset); } - g_conn.block_after_ACK = false; free(data); - PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%zu")" bytes to offset "_GREEN_("%u"), datalen, offset); return PM3_SUCCESS; } diff --git a/include/pmflash.h b/include/pmflash.h index 8f9f9c741..1e2cdcc52 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -96,6 +96,8 @@ #endif // Reserved space for MIFARE Keys = 24 kb +#define MF_KEYS_FILE "dict_mf.bin" + #ifndef DEFAULT_MF_KEYS_OFFSET # define DEFAULT_MF_KEYS_LEN (0x6000) # define DEFAULT_MF_KEYS_OFFSET (DEFAULT_ICLASS_KEYS_OFFSET - DEFAULT_MF_KEYS_LEN) From 9242d2f956d120152595dc8e605bef62fcb2850d Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Wed, 25 Dec 2024 23:51:54 +0100 Subject: [PATCH 086/150] Increase timeout to about 1400s in hf mf fchk to be able to run much more than 2100 keys check --- client/src/mifare/mifarehost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 7048173b4..e9a8232e8 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -273,7 +273,7 @@ int mf_check_keys_fast_ex(uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastCh // max timeout for one chunk of 85keys, 60*3sec = 180seconds // s70 with 40*2 keys to check, 80*85 = 6800 auth. // takes about 97s, still some margin before abort - if (timeout > 180) { + if (timeout > 60*6) { PrintAndLogEx(WARNING, "\nNo response from Proxmark3. Aborting..."); return PM3_ETIMEOUT; } From 3b9ba0ffe5eb1310c4abc81f28f98a874af29741 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 00:16:21 +0100 Subject: [PATCH 087/150] Increase timeout to about 1400s in hf mf fchk to be able to run much more than 2100 keys check --- client/src/mifare/mifarehost.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index e9a8232e8..453a3b447 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -273,7 +273,9 @@ int mf_check_keys_fast_ex(uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastCh // max timeout for one chunk of 85keys, 60*3sec = 180seconds // s70 with 40*2 keys to check, 80*85 = 6800 auth. // takes about 97s, still some margin before abort - if (timeout > 60*6) { + // timeout = 180 => ~360s @ Mifare Classic 1k @ ~2300 keys in dict + // ~2300 keys @ Mifare Classic 1k => ~620s + if (timeout > 60*12) { PrintAndLogEx(WARNING, "\nNo response from Proxmark3. Aborting..."); return PM3_ETIMEOUT; } From d9a3e4f05074455590ae78b6066aee5c233c4a35 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 01:11:46 +0100 Subject: [PATCH 088/150] Refactor keys in flash statistics to check for files --- armsrc/appmain.c | 23 ++++++++++++++++++++++- armsrc/mifarecmd.c | 8 ++++---- client/src/cmdflashmem.c | 2 +- common_arm/flashmem.c | 37 ------------------------------------- common_arm/flashmem.h | 1 - include/pmflash.h | 7 +++++++ 6 files changed, 34 insertions(+), 44 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index fbadeafad..bec1de61a 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -440,7 +440,28 @@ static void SendStatus(uint32_t wait) { ModInfo(); #ifdef WITH_FLASH - Flashmem_print_info(); + DbpString(_CYAN_("Flash memory dictionary loaded")); + + uint32_t num = size_in_spiffs(MF_KEYS_FILE) / MF_KEY_LENGTH; + if (num > 0) { + Dbprintf(" Mifare.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, MF_KEYS_FILE); + } else { + Dbprintf(" Mifare.................. "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, MF_KEYS_FILE); + } + + num = size_in_spiffs(T55XX_KEYS_FILE) / T55XX_KEY_LENGTH; + if (num > 0) { + Dbprintf(" T55xx................... "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, T55XX_KEYS_FILE); + } else { + Dbprintf(" T55xx................... "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, T55XX_KEYS_FILE); + } + + num = size_in_spiffs(ICLASS_KEYS_FILE) / ICLASS_KEY_LENGTH; + if (num > 0) { + Dbprintf(" iClass.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, ICLASS_KEYS_FILE); + } else { + Dbprintf(" iClass.................. "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, ICLASS_KEYS_FILE); + } #endif DbpString(""); reply_ng(CMD_STATUS, PM3_SUCCESS, NULL, 0); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 170d209e6..984937c4f 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1905,22 +1905,22 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da if (size <= 0) goto OUT; - keyCount = size / 6; + keyCount = size / MF_KEY_LENGTH; if (keyCount == 0) goto OUT; // limit size of available for keys in bigbuff // a key is 6bytes - uint16_t key_mem_available = MIN(BigBuf_get_size(), keyCount * 6); + uint16_t key_mem_available = MIN(BigBuf_get_size(), keyCount * MF_KEY_LENGTH); - keyCount = key_mem_available / 6; + keyCount = key_mem_available / MF_KEY_LENGTH; datain = BigBuf_malloc(key_mem_available); if (datain == NULL) goto OUT; - rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, datain, keyCount * 6, RDV40_SPIFFS_SAFETY_SAFE); + rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, datain, keyCount * MF_KEY_LENGTH, RDV40_SPIFFS_SAFETY_SAFE); if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u keys from spiffs file: %s", keyCount, MF_KEYS_FILE); } #endif diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index 23a43fe57..ea5a7436d 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -247,7 +247,7 @@ static int CmdFlashMemLoad(const char *Cmd) { switch (d) { case DICTIONARY_MIFARE: - keylen = 6; + keylen = MF_KEY_LENGTH; res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount); if (res || !keycount) { free(data); diff --git a/common_arm/flashmem.c b/common_arm/flashmem.c index 76b475e9c..f515fe994 100644 --- a/common_arm/flashmem.c +++ b/common_arm/flashmem.c @@ -383,43 +383,6 @@ void Flashmem_print_status(void) { FlashStop(); } -void Flashmem_print_info(void) { - - if (!FlashInit()) return; - - DbpString(_CYAN_("Flash memory dictionary loaded")); - - // load dictionary offsets. - uint8_t keysum[2]; - uint16_t num; - - Flash_CheckBusy(BUSY_TIMEOUT); - uint16_t isok = Flash_ReadDataCont(DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k), keysum, 2); - if (isok == 2) { - num = ((keysum[1] << 8) | keysum[0]); - if (num != 0xFFFF && num != 0x0) - Dbprintf(" Mifare.................. "_YELLOW_("%u")" / "_GREEN_("%u")" keys", num, DEFAULT_MF_KEYS_MAX); - } - - Flash_CheckBusy(BUSY_TIMEOUT); - isok = Flash_ReadDataCont(DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k), keysum, 2); - if (isok == 2) { - num = ((keysum[1] << 8) | keysum[0]); - if (num != 0xFFFF && num != 0x0) - Dbprintf(" T55x7................... "_YELLOW_("%u")" / "_GREEN_("%u")" keys", num, DEFAULT_T55XX_KEYS_MAX); - } - - Flash_CheckBusy(BUSY_TIMEOUT); - isok = Flash_ReadDataCont(DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k), keysum, 2); - if (isok == 2) { - num = ((keysum[1] << 8) | keysum[0]); - if (num != 0xFFFF && num != 0x0) - Dbprintf(" iClass.................. "_YELLOW_("%u")" / "_GREEN_("%u")" keys", num, DEFAULT_ICLASS_KEYS_MAX); - } - - FlashStop(); -} - bool FlashDetect(void) { flash_device_type_t flash_data = {0}; bool ret = false; diff --git a/common_arm/flashmem.h b/common_arm/flashmem.h index f20dd0bff..45b8e67c2 100644 --- a/common_arm/flashmem.h +++ b/common_arm/flashmem.h @@ -134,7 +134,6 @@ uint16_t Flash_Write(uint32_t address, uint8_t *in, uint16_t len); uint16_t Flash_WriteData(uint32_t address, uint8_t *in, uint16_t len); uint16_t Flash_WriteDataCont(uint32_t address, uint8_t *in, uint16_t len); void Flashmem_print_status(void); -void Flashmem_print_info(void); typedef struct { uint8_t manufacturer_id; diff --git a/include/pmflash.h b/include/pmflash.h index 1e2cdcc52..027e2fa80 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -76,6 +76,9 @@ #endif // Reserved space for T55XX PWD = 4 kb +#define T55XX_KEYS_FILE "dict_t55xx.bin" +#define T55XX_KEY_LENGTH 4 + #ifndef DEFAULT_T55XX_KEYS_OFFSET # define DEFAULT_T55XX_KEYS_LEN (0x1000) # define DEFAULT_T55XX_KEYS_OFFSET (T55XX_CONFIG_OFFSET - DEFAULT_T55XX_KEYS_LEN) @@ -86,6 +89,9 @@ #endif // Reserved space for iClass keys = 4 kb +#define ICLASS_KEYS_FILE "dict_iclass.bin" +#define ICLASS_KEY_LENGTH 8 + #ifndef DEFAULT_ICLASS_KEYS_OFFSET # define DEFAULT_ICLASS_KEYS_LEN (0x1000) # define DEFAULT_ICLASS_KEYS_OFFSET (DEFAULT_T55XX_KEYS_OFFSET - DEFAULT_ICLASS_KEYS_LEN) @@ -97,6 +103,7 @@ // Reserved space for MIFARE Keys = 24 kb #define MF_KEYS_FILE "dict_mf.bin" +#define MF_KEY_LENGTH 6 #ifndef DEFAULT_MF_KEYS_OFFSET # define DEFAULT_MF_KEYS_LEN (0x6000) From dd646a64a688a403dc15f0710cb7cdfdb601f28e Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 01:25:54 +0100 Subject: [PATCH 089/150] Add additional file exists check to remove errors --- armsrc/appmain.c | 19 ++++++++++++++++--- armsrc/mifarecmd.c | 8 ++++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index bec1de61a..b9314a0a3 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -441,22 +441,35 @@ static void SendStatus(uint32_t wait) { #ifdef WITH_FLASH DbpString(_CYAN_("Flash memory dictionary loaded")); + uint32_t num = 0; - uint32_t num = size_in_spiffs(MF_KEYS_FILE) / MF_KEY_LENGTH; + if (exists_in_spiffs(MF_KEYS_FILE)) { + num = size_in_spiffs(MF_KEYS_FILE) / MF_KEY_LENGTH; + } else { + num = 0; + } if (num > 0) { Dbprintf(" Mifare.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, MF_KEYS_FILE); } else { Dbprintf(" Mifare.................. "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, MF_KEYS_FILE); } - num = size_in_spiffs(T55XX_KEYS_FILE) / T55XX_KEY_LENGTH; + if (exists_in_spiffs(T55XX_KEYS_FILE)) { + num = size_in_spiffs(T55XX_KEYS_FILE) / T55XX_KEY_LENGTH; + } else { + num = 0; + } if (num > 0) { Dbprintf(" T55xx................... "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, T55XX_KEYS_FILE); } else { Dbprintf(" T55xx................... "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, T55XX_KEYS_FILE); } - num = size_in_spiffs(ICLASS_KEYS_FILE) / ICLASS_KEY_LENGTH; + if (exists_in_spiffs(ICLASS_KEYS_FILE)) { + num = size_in_spiffs(ICLASS_KEYS_FILE) / ICLASS_KEY_LENGTH; + } else { + num = 0; + } if (num > 0) { Dbprintf(" iClass.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, ICLASS_KEYS_FILE); } else { diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 984937c4f..271d87cc4 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1901,9 +1901,13 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da if (use_flashmem) { BigBuf_free(); uint32_t size = 0; - size = size_in_spiffs(MF_KEYS_FILE); - if (size <= 0) + if (exists_in_spiffs(MF_KEYS_FILE)) { + size = size_in_spiffs(MF_KEYS_FILE); + } + if (size == 0) { + Dbprintf("Spiffs file: %s does not exists or empty.", MF_KEYS_FILE); goto OUT; + } keyCount = size / MF_KEY_LENGTH; From 470536f0fdaf59c6f89c50dbc868c82b9a49e316 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 02:10:49 +0100 Subject: [PATCH 090/150] Upload also iClass and T55XX keys to spiffs files --- client/src/cmdflashmem.c | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index ea5a7436d..3489813ef 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -261,39 +261,32 @@ static int CmdFlashMemLoad(const char *Cmd) { strcpy_s(spiffsDest, 32, MF_KEYS_FILE); break; case DICTIONARY_T55XX: - offset = DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages); - keylen = 4; - res = loadFileDICTIONARY(filename, data + 2, &datalen, keylen, &keycount); + keylen = T55XX_KEY_LENGTH; + res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount); if (res || !keycount) { free(data); return PM3_EFILE; } - // limited space on flash mem - if (keycount > DEFAULT_T55XX_KEYS_MAX) { - keycount = DEFAULT_T55XX_KEYS_MAX; - datalen = keycount * keylen; + if (datalen > FLASH_MEM_MAX_SIZE_P(spi_flash_pages)) { + PrintAndLogEx(ERR, "error, filesize is larger than available memory"); + free(data); + return PM3_EOVFLOW; } - - data[0] = (keycount >> 0) & 0xFF; - data[1] = (keycount >> 8) & 0xFF; - datalen += 2; + strcpy_s(spiffsDest, 32, T55XX_KEYS_FILE); break; case DICTIONARY_ICLASS: - offset = DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages); - res = loadFileDICTIONARY(filename, data + 2, &datalen, keylen, &keycount); + keylen = ICLASS_KEY_LENGTH; + res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount); if (res || !keycount) { free(data); return PM3_EFILE; } - // limited space on flash mem - if (keycount > DEFAULT_ICLASS_KEYS_MAX) { - keycount = DEFAULT_ICLASS_KEYS_MAX; - datalen = keycount * keylen; + if (datalen > FLASH_MEM_MAX_SIZE_P(spi_flash_pages)) { + PrintAndLogEx(ERR, "error, filesize is larger than available memory"); + free(data); + return PM3_EOVFLOW; } - - data[0] = (keycount >> 0) & 0xFF; - data[1] = (keycount >> 8) & 0xFF; - datalen += 2; + strcpy_s(spiffsDest, 32, ICLASS_KEYS_FILE); break; case DICTIONARY_NONE: res = loadFile_safe(filename, ".bin", (void **)&data, &datalen); @@ -324,7 +317,7 @@ static int CmdFlashMemLoad(const char *Cmd) { uint32_t bytes_remaining = datalen; // we will treat dictionary files as spiffs files, so we need to handle this here - if (d == DICTIONARY_MIFARE) { + if (d != DICTIONARY_NONE) { res = flashmem_spiffs_load(spiffsDest, data, datalen); if (res != PM3_SUCCESS) { PrintAndLogEx(FAILED, "Failed writing passwrods to file %s", spiffsDest); @@ -332,6 +325,8 @@ static int CmdFlashMemLoad(const char *Cmd) { return res; } PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%u")" passwords to file "_GREEN_("%s"), keycount, spiffsDest); + SendCommandNG(CMD_SPIFFS_UNMOUNT, NULL, 0); + SendCommandNG(CMD_SPIFFS_MOUNT, NULL, 0); } else { // fast push mode g_conn.block_after_ACK = true; From 2fe0ba57b2ac80950cdd21a3c241ee89094ede53 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 02:52:59 +0100 Subject: [PATCH 091/150] Change lf t55xx chk -m to read dictionary from spiffs file --- armsrc/appmain.c | 10 +--------- armsrc/lfops.c | 27 +++++++++++++++------------ armsrc/mifarecmd.c | 1 + 3 files changed, 17 insertions(+), 21 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index b9314a0a3..6d42a0e0c 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2782,15 +2782,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } - if (payload->startidx == DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k)) { - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0xC); - } else if (payload->startidx == DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k)) { - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(spi_flash_pages64k - 1, 0xB); - } else if (payload->startidx == FLASH_MEM_SIGNATURE_OFFSET_P(spi_flash_pages64k)) { + if (payload->startidx == FLASH_MEM_SIGNATURE_OFFSET_P(spi_flash_pages64k)) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); Flash_Erase4k(spi_flash_pages64k - 1, 0xF); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 263905466..a0d3ff09c 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -37,7 +37,8 @@ #include "protocols.h" #include "pmflash.h" #include "flashmem.h" // persistence on flash -#include "appmain.h" // print stack +#include "spiffs.h" // spiffs +#include "appmain.h" // print stack /* Notes about EM4xxx timings. @@ -2146,29 +2147,31 @@ void T55xx_ChkPwds(uint8_t flags, bool ledcontrol) { #ifdef WITH_FLASH BigBuf_Clear_EM(); - uint16_t isok = 0; - uint8_t counter[2] = {0x00, 0x00}; - isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k), counter, sizeof(counter)); - if (isok != sizeof(counter)) + uint32_t size = 0; + + if (exists_in_spiffs(T55XX_KEYS_FILE)) { + size = size_in_spiffs(T55XX_KEYS_FILE); + } + if (size == 0) { + Dbprintf("Spiffs file: %s does not exists or empty.", T55XX_KEYS_FILE); goto OUT; + } - pwd_count = (uint16_t)(counter[1] << 8 | counter[0]); + pwd_count = size / T55XX_KEY_LENGTH; if (pwd_count == 0) goto OUT; // since flash can report way too many pwds, we need to limit it. // bigbuff EM size is determined by CARD_MEMORY_SIZE // a password is 4bytes. - uint16_t pwd_size_available = MIN(CARD_MEMORY_SIZE, pwd_count * 4); + uint16_t pwd_size_available = MIN(CARD_MEMORY_SIZE, pwd_count * T55XX_KEY_LENGTH); // adjust available pwd_count - pwd_count = pwd_size_available / 4; + pwd_count = pwd_size_available / T55XX_KEY_LENGTH; - isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k) + 2, pwds, pwd_size_available); - if (isok != pwd_size_available) - goto OUT; + rdv40_spiffs_read_as_filetype(T55XX_KEYS_FILE, pwds, pwd_size_available, RDV40_SPIFFS_SAFETY_SAFE); - Dbprintf("Password dictionary count " _YELLOW_("%d"), pwd_count); + if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u passwords from spiffs file: %s", pwd_count, T55XX_KEYS_FILE); #endif diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 271d87cc4..b59b17a79 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1925,6 +1925,7 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da goto OUT; rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, datain, keyCount * MF_KEY_LENGTH, RDV40_SPIFFS_SAFETY_SAFE); + if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u keys from spiffs file: %s", keyCount, MF_KEYS_FILE); } #endif From 34883cf91ff6b383474cb25fb04f56e00d720788 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 03:03:48 +0100 Subject: [PATCH 092/150] Remove unused pointers to statically alocated storage for keys from pmflash.h. iClass flash-stores password dictionary seem not to be used anywhere. --- include/pmflash.h | 36 +++--------------------------------- 1 file changed, 3 insertions(+), 33 deletions(-) diff --git a/include/pmflash.h b/include/pmflash.h index 027e2fa80..435099fa0 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -26,9 +26,6 @@ // // 0x3F000 - 1 4kb sector = signature // 0x3E000 - 1 4kb sector = settings -// 0x3D000 - 1 4kb sector = default T55XX keys dictionary -// 0x3B000 - 1 4kb sector = default ICLASS keys dictionary -// 0x35000 - 6 4kb sectors = default MFC keys dictionary // #ifndef FLASH_MEM_BLOCK_SIZE # define FLASH_MEM_BLOCK_SIZE 256 @@ -75,45 +72,18 @@ # define T55XX_CONFIG_OFFSET_P(p64k) (FLASH_MEM_MAX_4K_SECTOR_P(p64k) - 0x2000) #endif -// Reserved space for T55XX PWD = 4 kb +// T55XX PWD stored in spiffs #define T55XX_KEYS_FILE "dict_t55xx.bin" #define T55XX_KEY_LENGTH 4 -#ifndef DEFAULT_T55XX_KEYS_OFFSET -# define DEFAULT_T55XX_KEYS_LEN (0x1000) -# define DEFAULT_T55XX_KEYS_OFFSET (T55XX_CONFIG_OFFSET - DEFAULT_T55XX_KEYS_LEN) -# define DEFAULT_T55XX_KEYS_MAX ((DEFAULT_T55XX_KEYS_LEN - 2) / 4) -#endif -#ifndef DEFAULT_T55XX_KEYS_OFFSET_P -# define DEFAULT_T55XX_KEYS_OFFSET_P(p64k) (T55XX_CONFIG_OFFSET_P(p64k) - DEFAULT_T55XX_KEYS_LEN) -#endif - -// Reserved space for iClass keys = 4 kb +// iClass keys stored in spiffs #define ICLASS_KEYS_FILE "dict_iclass.bin" #define ICLASS_KEY_LENGTH 8 -#ifndef DEFAULT_ICLASS_KEYS_OFFSET -# define DEFAULT_ICLASS_KEYS_LEN (0x1000) -# define DEFAULT_ICLASS_KEYS_OFFSET (DEFAULT_T55XX_KEYS_OFFSET - DEFAULT_ICLASS_KEYS_LEN) -# define DEFAULT_ICLASS_KEYS_MAX ((DEFAULT_ICLASS_KEYS_LEN - 2) / 8) -#endif -#ifndef DEFAULT_ICLASS_KEYS_OFFSET_P -# define DEFAULT_ICLASS_KEYS_OFFSET_P(p64k) (DEFAULT_T55XX_KEYS_OFFSET_P(p64k) - DEFAULT_ICLASS_KEYS_LEN) -#endif - -// Reserved space for MIFARE Keys = 24 kb +// Mifare keys stored in spiffs #define MF_KEYS_FILE "dict_mf.bin" #define MF_KEY_LENGTH 6 -#ifndef DEFAULT_MF_KEYS_OFFSET -# define DEFAULT_MF_KEYS_LEN (0x6000) -# define DEFAULT_MF_KEYS_OFFSET (DEFAULT_ICLASS_KEYS_OFFSET - DEFAULT_MF_KEYS_LEN) -# define DEFAULT_MF_KEYS_MAX ((DEFAULT_MF_KEYS_LEN - 2) / 6) -#endif -#ifndef DEFAULT_MF_KEYS_OFFSET_P -# define DEFAULT_MF_KEYS_OFFSET_P(p64k) (DEFAULT_ICLASS_KEYS_OFFSET_P(p64k) - DEFAULT_MF_KEYS_LEN) -#endif - // RDV40, validation structure to help identifying that client/firmware is talking with RDV40 typedef struct { uint8_t magic[4]; From 90b8c1d39ee0549d5d6af4c87ef5550481856c07 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 03:08:17 +0100 Subject: [PATCH 093/150] Update documentation & changelog to reflect key dictionaries moved to SPIFFS from statically allocated memory --- CHANGELOG.md | 1 + doc/ext_flash_notes.md | 14 +------------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97acdd258..ab665b504 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- move flash-stored key dictionaries (Mifare, iClass, T55XX) to SPIFFS files (@piotrva) - Added support for connection to host device in all Docker envs (@doegox) - Changed `hf 15 info` to show all type matches and check ST25TVxC signature (@doegox) - Added initial support for ST25TN and its signature verification (@doegox) diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index 6a86c7778..42a5d0829 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -50,7 +50,7 @@ Page 2: * to erase it: `mem wipe p 2` Page 3: -* used by Proxmark3 RDV4 specific functions: flash signature and keys dictionaries, see below for details +* used by Proxmark3 RDV4 specific functions: flash signature and configurations, see below for details * to dump it: `mem dump -f page3_dump -o 196608 -l 65536` * to erase it: * **Beware** it will erase your flash signature so better to back it up first as you won't be able to regenerate it by yourself! @@ -62,18 +62,6 @@ Page 3: Page3 is used as follows by the Proxmark3 RDV4 firmware: -* **MF_KEYS** - * offset: page 3 sector 5 (0x5) @ 3*0x10000+5*0x1000=0x35000 - * length: 6 sectors - -* **ICLASS_KEYS** - * offset: page 3 sector 11 (0xB) @ 3*0x10000+11*0x1000=0x3B000 - * length: 1 sector - -* **T55XX_KEYS** - * offset: page 3 sector 12 (0xC) @ 3*0x10000+12*0x1000=0x3C000 - * length: 1 sector - * **T55XX_CONFIG** * offset: page 3 sector 13 (0xD) @ 3*0x10000+13*0x1000=0x3D000 * length: 1 sector (actually only a few bytes are used to store `t55xx_config` structure) From 5ed4804044d6b4ee58ddd9905221b3d7fa381c9e Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 04:10:10 +0100 Subject: [PATCH 094/150] Fix missing header file for strcpy_s --- client/src/cmdflashmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index 3489813ef..fbc8c1fc7 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -17,6 +17,7 @@ //----------------------------------------------------------------------------- #include "cmdflashmem.h" #include +#include #include "cmdparser.h" // command_t #include "cliparser.h" #include "pmflash.h" // rdv40validation_t From 4b5d532c9ad4843b0ce94c40dbd1ef8a406c0134 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 04:13:03 +0100 Subject: [PATCH 095/150] Revert to strcpy instead of strcpy_s for compatibility. --- client/src/cmdflashmem.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index fbc8c1fc7..dbb030bf8 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -259,7 +259,7 @@ static int CmdFlashMemLoad(const char *Cmd) { free(data); return PM3_EOVFLOW; } - strcpy_s(spiffsDest, 32, MF_KEYS_FILE); + strcpy(spiffsDest, MF_KEYS_FILE); break; case DICTIONARY_T55XX: keylen = T55XX_KEY_LENGTH; @@ -273,7 +273,7 @@ static int CmdFlashMemLoad(const char *Cmd) { free(data); return PM3_EOVFLOW; } - strcpy_s(spiffsDest, 32, T55XX_KEYS_FILE); + strcpy(spiffsDest, T55XX_KEYS_FILE); break; case DICTIONARY_ICLASS: keylen = ICLASS_KEY_LENGTH; @@ -287,7 +287,7 @@ static int CmdFlashMemLoad(const char *Cmd) { free(data); return PM3_EOVFLOW; } - strcpy_s(spiffsDest, 32, ICLASS_KEYS_FILE); + strcpy(spiffsDest, ICLASS_KEYS_FILE); break; case DICTIONARY_NONE: res = loadFile_safe(filename, ".bin", (void **)&data, &datalen); From d1db0aa799a3a2abba4d59208d31d81ede84a5ee Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 15:04:05 +0100 Subject: [PATCH 096/150] Extending SPIFFS into last page of the SPI FLASH --- armsrc/spiffs_config.h | 3 ++- include/pmflash.h | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/armsrc/spiffs_config.h b/armsrc/spiffs_config.h index 4f8a5dd26..d0d4eb1d7 100644 --- a/armsrc/spiffs_config.h +++ b/armsrc/spiffs_config.h @@ -28,6 +28,7 @@ #include "printf.h" #include "string.h" #include "flashmem.h" +#include "pmflash.h" //#include //#include @@ -236,7 +237,7 @@ typedef uint8_t u8_t; // Instead of giving parameters in config struct, singleton build must // give parameters in defines below. #ifndef SPIFFS_CFG_PHYS_SZ -#define SPIFFS_CFG_PHYS_SZ(ignore) (1024 * 64 * (spi_flash_pages64k - 1)) +#define SPIFFS_CFG_PHYS_SZ(ignore) ((1024 * 64 * spi_flash_pages64k) - (1024 * 4 * (FLASH_RESERVED_TRAILING_4K_SECTORS + 1))) #endif #ifndef SPIFFS_CFG_PHYS_ERASE_SZ #define SPIFFS_CFG_PHYS_ERASE_SZ(ignore) (4*1024) diff --git a/include/pmflash.h b/include/pmflash.h index 8f9f9c741..3a6b361b6 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -48,6 +48,8 @@ # define FLASH_MEM_MAX_4K_SECTOR_P(p64k) (FLASH_MEM_MAX_SIZE_P(p64k) - 4096) #endif +#define FLASH_RESERVED_TRAILING_4K_SECTORS 10 + #ifndef FLASH_MEM_ID_LEN # define FLASH_MEM_ID_LEN 8 #endif From dd17effaab630110204181dca7a7c58602957c20 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 19:46:55 +0100 Subject: [PATCH 097/150] Move T55XX config to spiffs file --- armsrc/lfops.c | 47 +++++++++++++---------------------------------- include/pmflash.h | 7 +------ 2 files changed, 14 insertions(+), 40 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index a0d3ff09c..6731cba86 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -325,33 +325,9 @@ void setT55xxConfig(uint8_t arg0, const t55xx_configurations_t *c) { return; } - if (!FlashInit()) { - BigBuf_free(); - return; - } + rdv40_spiffs_write(T55XX_CONFIG_FILE, (uint8_t*)&T55xx_Timing, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE); - uint8_t *buf = BigBuf_malloc(T55XX_CONFIG_LEN); - Flash_CheckBusy(BUSY_TIMEOUT); - uint16_t res = Flash_ReadDataCont(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN); - if (res == 0) { - FlashStop(); - BigBuf_free(); - return; - } - - memcpy(buf, &T55xx_Timing, T55XX_CONFIG_LEN); - - // delete old configuration - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(3, 0xD); - - // write new - res = Flash_Write(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN); - - if (res == T55XX_CONFIG_LEN && g_dbglevel > 1) { - DbpString("T55XX Config save " _GREEN_("success")); - } + DbpString("T55XX Config save " _GREEN_("success")); BigBuf_free(); #endif @@ -364,15 +340,17 @@ t55xx_configurations_t *getT55xxConfig(void) { void loadT55xxConfig(void) { #ifdef WITH_FLASH - if (!FlashInit()) { - return; - } - uint8_t *buf = BigBuf_malloc(T55XX_CONFIG_LEN); - Flash_CheckBusy(BUSY_TIMEOUT); - uint16_t isok = Flash_ReadDataCont(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN); - FlashStop(); + uint32_t size = 0; + if (exists_in_spiffs(T55XX_CONFIG_FILE)) { + size = size_in_spiffs(T55XX_CONFIG_FILE); + } + if (size == 0) { + Dbprintf("Spiffs file: %s does not exists or empty.", T55XX_CONFIG_FILE); + BigBuf_free(); + return; + } // verify read mem is actual data. uint8_t cntA = T55XX_CONFIG_LEN, cntB = T55XX_CONFIG_LEN; @@ -381,6 +359,7 @@ void loadT55xxConfig(void) { if (buf[i] == 0x00) cntB--; } if (!cntA || !cntB) { + Dbprintf("Spiffs file: %s does not malformed or empty.", T55XX_CONFIG_FILE); BigBuf_free(); return; } @@ -388,7 +367,7 @@ void loadT55xxConfig(void) { if (buf[0] != 0xFF) // if not set for clear memcpy((uint8_t *)&T55xx_Timing, buf, T55XX_CONFIG_LEN); - if (isok == T55XX_CONFIG_LEN) { + if (size == T55XX_CONFIG_LEN) { if (g_dbglevel > 1) DbpString("T55XX Config load success"); } diff --git a/include/pmflash.h b/include/pmflash.h index 435099fa0..67f5b350a 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -65,12 +65,7 @@ # define T55XX_CONFIG_LEN sizeof( t55xx_configurations_t ) #endif -#ifndef T55XX_CONFIG_OFFSET -# define T55XX_CONFIG_OFFSET (FLASH_MEM_MAX_4K_SECTOR - 0x2000) -#endif -#ifndef T55XX_CONFIG_OFFSET_P -# define T55XX_CONFIG_OFFSET_P(p64k) (FLASH_MEM_MAX_4K_SECTOR_P(p64k) - 0x2000) -#endif +#define T55XX_CONFIG_FILE "cfg_t55xx.bin" // T55XX PWD stored in spiffs #define T55XX_KEYS_FILE "dict_t55xx.bin" From 526110609836a90040dfd303bad9edf629fc1988 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Thu, 26 Dec 2024 21:58:30 +0100 Subject: [PATCH 098/150] Add spiffs operation checks, update changelog and documentation after moving t55xx configurations --- CHANGELOG.md | 2 +- armsrc/lfops.c | 21 +++++++++++++++------ armsrc/mifarecmd.c | 9 ++++++--- doc/ext_flash_notes.md | 12 ++++-------- 4 files changed, 26 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86aa37671..ff0985fd4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] -- Changed flash-stored key dictionaries (Mifare, iClass, T55XX) to SPIFFS files (@piotrva) +- Changed flash-stored key dictionaries (Mifare, iClass, T55XX) and T55XX configurations to SPIFFS files (@piotrva) - Added `hf iclass trbl` to perform tear-off attacks on iClass (@antiklesys) - Added support for connection to host device in all Docker envs (@doegox) - Changed `hf 15 info` to show all type matches and check ST25TVxC signature (@doegox) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 6731cba86..c93880944 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -325,9 +325,9 @@ void setT55xxConfig(uint8_t arg0, const t55xx_configurations_t *c) { return; } - rdv40_spiffs_write(T55XX_CONFIG_FILE, (uint8_t*)&T55xx_Timing, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE); - - DbpString("T55XX Config save " _GREEN_("success")); + if (SPIFFS_OK == rdv40_spiffs_write(T55XX_CONFIG_FILE, (uint8_t*)&T55xx_Timing, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE)) { + DbpString("T55XX Config save " _GREEN_("success")); + } BigBuf_free(); #endif @@ -352,6 +352,12 @@ void loadT55xxConfig(void) { return; } + if (SPIFFS_OK != rdv40_spiffs_read(T55XX_CONFIG_FILE, buf, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE)) { + Dbprintf("Spiffs file: %s cannot be read.", T55XX_CONFIG_FILE); + BigBuf_free(); + return; + } + // verify read mem is actual data. uint8_t cntA = T55XX_CONFIG_LEN, cntB = T55XX_CONFIG_LEN; for (int i = 0; i < T55XX_CONFIG_LEN; i++) { @@ -2148,9 +2154,12 @@ void T55xx_ChkPwds(uint8_t flags, bool ledcontrol) { // adjust available pwd_count pwd_count = pwd_size_available / T55XX_KEY_LENGTH; - rdv40_spiffs_read_as_filetype(T55XX_KEYS_FILE, pwds, pwd_size_available, RDV40_SPIFFS_SAFETY_SAFE); - - if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u passwords from spiffs file: %s", pwd_count, T55XX_KEYS_FILE); + if (SPIFFS_OK == rdv40_spiffs_read_as_filetype(T55XX_KEYS_FILE, pwds, pwd_size_available, RDV40_SPIFFS_SAFETY_SAFE)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u passwords from spiffs file: %s", pwd_count, T55XX_KEYS_FILE); + } else { + Dbprintf("Spiffs file: %s cannot be read.", T55XX_KEYS_FILE); + goto OUT; + } #endif diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index b59b17a79..bf308364d 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1924,9 +1924,12 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da if (datain == NULL) goto OUT; - rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, datain, keyCount * MF_KEY_LENGTH, RDV40_SPIFFS_SAFETY_SAFE); - - if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u keys from spiffs file: %s", keyCount, MF_KEYS_FILE); + if (SPIFFS_OK == rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, datain, keyCount * MF_KEY_LENGTH, RDV40_SPIFFS_SAFETY_SAFE)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u keys from spiffs file: %s", keyCount, MF_KEYS_FILE); + } else { + Dbprintf("Spiffs file: %s cannot be read.", MF_KEYS_FILE); + goto OUT; + } } #endif diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index 42a5d0829..d54c2be53 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -37,20 +37,20 @@ Therefore a flash address can be interpreted as such: Page 0: * available for user data * to dump it: `mem dump -f page0_dump -o 0 -l 65536` -* to erase it: `mem wipe p 0` +* to erase it: `mem wipe -p 0` Page 1: * available for user data * to dump it: `mem dump -f page1_dump -o 65536 -l 65536` -* to erase it: `mem wipe p 1` +* to erase it: `mem wipe -p 1` Page 2: * available for user data * to dump it: `mem dump -f page2_dump -o 131072 -l 65536` -* to erase it: `mem wipe p 2` +* to erase it: `mem wipe -p 2` Page 3: -* used by Proxmark3 RDV4 specific functions: flash signature and configurations, see below for details +* used by Proxmark3 RDV4 specific functions: flash signature, see below for details * to dump it: `mem dump -f page3_dump -o 196608 -l 65536` * to erase it: * **Beware** it will erase your flash signature so better to back it up first as you won't be able to regenerate it by yourself! @@ -62,10 +62,6 @@ Page 3: Page3 is used as follows by the Proxmark3 RDV4 firmware: -* **T55XX_CONFIG** - * offset: page 3 sector 13 (0xD) @ 3*0x10000+13*0x1000=0x3D000 - * length: 1 sector (actually only a few bytes are used to store `t55xx_config` structure) - * **RSA SIGNATURE**, see below for details * offset: page 3 sector 15 (0xF) offset 0xF7F @ 3*0x10000+15*0x1000+0xF7F=0x3FF7F (decimal 262015) * length: 128 bytes From 69606aeb0720b98a730fa56a9471f8cfe3469211 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Fri, 27 Dec 2024 00:28:07 +0100 Subject: [PATCH 099/150] Changed `lf em 410x sim` to use default gap value of 0 and extended help, addressing #2197 --- CHANGELOG.md | 1 + client/src/cmdlfem410x.c | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ebbd7529f..8e4086b8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed `lf em 410x sim` to use default gap value of 0 and extended help (@piotrva) - Added `hf iclass trbl` to perform tear-off attacks on iClass (@antiklesys) - Added support for connection to host device in all Docker envs (@doegox) - Changed `hf 15 info` to show all type matches and check ST25TVxC signature (@doegox) diff --git a/client/src/cmdlfem410x.c b/client/src/cmdlfem410x.c index 10ad41369..5abbbd4d3 100644 --- a/client/src/cmdlfem410x.c +++ b/client/src/cmdlfem410x.c @@ -449,17 +449,19 @@ static int CmdEM410xSim(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf em 410x sim", "Enables simulation of EM 410x card.\n" - "Simulation runs until the button is pressed or another USB command is issued.", + "Simulation runs until the button is pressed or another USB command is issued.\n" + "Most common readers expects the code to be sent in loop without a break (i.e. --gap 0).\n" + "For other, more advanced readers there might be a need to set a non-zero gap value.", "lf em 410x sim --id 0F0368568B\n" "lf em 410x sim --id 0F0368568B --clk 32\n" - "lf em 410x sim --id 0F0368568B --gap 0" + "lf em 410x sim --id 0F0368568B --gap 20" ); void *argtable[] = { arg_param_begin, arg_u64_0(NULL, "clk", "", "<32|64> clock (default 64)"), arg_str1(NULL, "id", "", "EM Tag ID number (5 hex bytes)"), - arg_u64_0(NULL, "gap", "", "gap (0's) between ID repeats (default 20)"), + arg_u64_0(NULL, "gap", "", "gap (0's) between ID repeats (default 0)"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -467,7 +469,7 @@ static int CmdEM410xSim(const char *Cmd) { // clock is 64 in EM410x tags int clk = arg_get_u32_def(ctx, 1, 64); int uid_len = 0; - int gap = arg_get_u32_def(ctx, 3, 20); + int gap = arg_get_u32_def(ctx, 3, 0); uint8_t uid[5] = {0}; CLIGetHexWithReturn(ctx, 2, uid, &uid_len); CLIParserFree(ctx); From e72b51e1f74e561a9c6619fd0ae08def0e0b62ed Mon Sep 17 00:00:00 2001 From: Nya0 Date: Fri, 27 Dec 2024 19:15:45 +0300 Subject: [PATCH 100/150] lf hitag hts restore --- client/src/cmdlfhitaghts.c | 226 ++++++++++++++++++++++++++++++++++++- 1 file changed, 225 insertions(+), 1 deletion(-) diff --git a/client/src/cmdlfhitaghts.c b/client/src/cmdlfhitaghts.c index d3a8932a5..ad8a57b7d 100644 --- a/client/src/cmdlfhitaghts.c +++ b/client/src/cmdlfhitaghts.c @@ -357,6 +357,8 @@ static int CmdLFHitagSRead(const char *Cmd) { // access right if (page_addr == HITAGS_UID_PADR) { + PrintAndLogEx(NORMAL, _RED_("RO ")NOLF);\ + } else if (packet.cmd == HTSF_82xx && page_addr > 40) { // using an 82xx (pages>40 are RO) PrintAndLogEx(NORMAL, _RED_("RO ")NOLF); } else if (page_addr == HITAGS_CONFIG_PADR) { if (card->config_page.s.LCON) @@ -454,6 +456,7 @@ static int CmdLFHitagSDump(const char *Cmd) { " - default key 4F4E4D494B52 (ONMIKR)\n\n" " 8268/8310 password mode: \n" " - default password BBDD3399\n", + "lf hitag hts dump --82xx -k -> use def pwd\n" "lf hitag hts dump --82xx -k BBDD3399 -> pwd mode\n" "lf hitag hts dump --crypto -> use def crypto\n" "lf hitag hts dump -k 4F4E4D494B52 -> crypto mode\n" @@ -534,6 +537,225 @@ static int CmdLFHitagSDump(const char *Cmd) { return PM3_SUCCESS; } +static int CmdLFHitagSRestore(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag hts restore", + "Restore a dump file onto Hitag S tag\n" + " Crypto mode: \n" + " - key format ISK high + ISK low\n" + " - default key 4F4E4D494B52 (ONMIKR)\n\n" + " 8268/8310 password mode: \n" + " - default password BBDD3399\n", + "lf hitag hts restore -f myfile --82xx -> use def pwd\n" + "lf hitag hts restore -f myfile --82xx -k BBDD3399 -> pwd mode\n" + "lf hitag hts restore -f myfile --crypto -> use def crypto\n" + "lf hitag hts restore -f myfile -k 4F4E4D494B52 -> crypto mode\n" + "lf hitag hts restore -f myfile --nrar 0102030411223344\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_lit0("8", "82xx", "8268/8310 mode"), + arg_str0(NULL, "nrar", "", "nonce / answer writer, 8 hex bytes"), + arg_lit0(NULL, "crypto", "crypto mode"), + arg_str0("k", "key", "", "pwd or key, 4 or 6 hex bytes"), + arg_int0("m", "mode", "", "response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)"), + arg_str0("f", "file", "", "specify file name"), + arg_param_end + }; + + CLIExecWithReturn(ctx, Cmd, argtable, false); + + lf_hitag_data_t packet; + memset(&packet, 0, sizeof(packet)); + + if (process_hitags_common_args(ctx, &packet) < 0) { + CLIParserFree(ctx); + return PM3_EINVARG; + } + + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + + if (fnlen == 0) { + PrintAndLogEx(ERR, "Must specify a file"); + return PM3_EINVARG; + } + + // read dump file + uint32_t *dump = NULL; + size_t bytes_read = 0; + if (pm3_load_dump(filename, (void **)&dump, &bytes_read, jsfHitag) != PM3_SUCCESS) { + return PM3_EFILE; + } + + // read config to determine memory size and other stuff + packet.page = HITAGS_CONFIG_PADR; + packet.page_count = 1; + + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_READ, (uint8_t *)&packet, sizeof(packet)); + + PacketResponseNG resp; + + if (WaitForResponseTimeout(CMD_LF_HITAGS_READ, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + free(dump); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + print_error(resp.reason); + free(dump); + return PM3_ESOFT; + } + + lf_hts_read_response_t *config = (lf_hts_read_response_t *)resp.data.asBytes; + hitags_config_t tag_config = config->config_page.s; + + const int hts_mem_sizes[] = {1, 8, 64, 64}; + int mem_size = hts_mem_sizes[tag_config.MEMT] * HITAGS_PAGE_SIZE; + + if (bytes_read != mem_size) { + free(dump); + PrintAndLogEx(FAILED, "Wrong length of dump file. Expected %zu bytes, got %zu", mem_size, bytes_read); + return PM3_EFILE; + } + + uint8_t* dump_bytes = (uint8_t*)dump; + bool auth_changed = false; + + for (int page = packet.page_count + 1; page < hts_mem_sizes[tag_config.MEMT]; page++) { // skip config page + + if (packet.cmd == HTSF_82xx && page > 40) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(WARNING, "Using " _YELLOW_("82xx") ", Pages " _YELLOW_("41-63") " will be skipped"); + PrintAndLogEx(NORMAL, ""); + break; + } + + size_t offset = page * HITAGS_PAGE_SIZE; + + packet.page = page; + memcpy(packet.data, &dump_bytes[offset], HITAGS_PAGE_SIZE); + + PrintAndLogEx(INPLACE, " Writing page "_YELLOW_("%d")", data: " _GREEN_("%02X %02X %02X %02X"), page, + dump_bytes[offset], + dump_bytes[offset + 1], + dump_bytes[offset + 2], + dump_bytes[offset + 3]); + + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); + + if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + free(dump); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(ERROR, "Write failed for page %d", page); + print_error(resp.reason); + free(dump); + return PM3_ESOFT; + } + + switch (page) { + case 2: // auth first page + if (packet.cmd == HTSF_82xx) { + if (memcmp(packet.pwd, &dump_bytes[offset], HITAGS_PAGE_SIZE) == 0) { + break; + } + auth_changed = true; + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(WARNING, "Password Changed! Old: " _BACK_BLUE_("%02X %02X %02X %02X") ", New: "_BACK_BLUE_("%02X %02X %02X %02X"), + packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3], + dump_bytes[offset], dump_bytes[offset + 1], + dump_bytes[offset + 2], dump_bytes[offset + 3]); + + + memcpy(packet.pwd, &dump_bytes[offset], HITAGS_PAGE_SIZE); + + + PrintAndLogEx(SUCCESS, "Using new password for subsequent writes"); + } + break; + case 3: // crypto mode + if (packet.cmd == HTSF_KEY) { + + if (memcmp(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAGS_PAGE_SIZE * 2) == 0) { + break; + } + auth_changed = true; + + memcpy(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAGS_PAGE_SIZE * 2); + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(WARNING, "New key detected: " _BACK_BLUE_("%02X %02X %02X %02X %02X %02X"), + packet.key[0], packet.key[1], packet.key[2], + packet.key[3], packet.key[4], packet.key[5]); + + PrintAndLogEx(SUCCESS, "Using new key for subsequent writes"); + } + break; + } + } + + // restore config page at end + size_t config_offset = HITAGS_PAGE_SIZE * 1; // page 1 + packet.page = HITAGS_CONFIG_PADR; + memcpy(packet.data, &dump_bytes[HITAGS_PAGE_SIZE], HITAGS_PAGE_SIZE); + + + PrintAndLogEx(SUCCESS, "Applying "_YELLOW_("restored config: ") _GREEN_("%02X %02X %02X %02X"), + dump_bytes[config_offset], + dump_bytes[config_offset + 1], + dump_bytes[config_offset + 2], + dump_bytes[config_offset + 3]); + + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); + + if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + free(dump); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(ERROR, "Failed to apply config"); + print_error(resp.reason); + free(dump); + return PM3_ESOFT; + } + + PrintAndLogEx(INFO, "Write process completed"); + + if (auth_changed) { + if (packet.cmd == HTSF_82xx) { + PrintAndLogEx(SUCCESS, "New Password: " _BACK_BLUE_("%02X %02X %02X %02X"), + packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3]); + } else if (packet.cmd == HTSF_KEY) { + PrintAndLogEx(SUCCESS, "New Key: " _BACK_BLUE_("%02X %02X %02X %02X %02X %02X"), + packet.key[0], packet.key[1], packet.key[2], + packet.key[3], packet.key[4], packet.key[5]); + } + } + + return PM3_SUCCESS; +} + static int CmdLFHitagSWrite(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf hitag hts wrbl", @@ -544,6 +766,7 @@ static int CmdLFHitagSWrite(const char *Cmd) { " 8268/8310 password mode: \n" " - default password BBDD3399\n", " lf hitag hts wrbl -p 6 -d 01020304 -> Hitag S/8211, plain mode\n" + " lf hitag hts wrbl -p 6 -d 01020304 --82xx -> use def pwd\n" " lf hitag hts wrbl -p 6 -d 01020304 --82xx -k BBDD3399 -> 8268/8310, password mode\n" " lf hitag hts wrbl -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag S, challenge mode\n" " lf hitag hts wrbl -p 6 -d 01020304 --crypto -> Hitag S, crypto mode, default key\n" @@ -705,7 +928,8 @@ static command_t CommandTable[] = { {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("General") " ------------------------"}, {"reader", CmdLFHitagSReader, IfPm3Hitag, "Act like a Hitag S reader"}, {"rdbl", CmdLFHitagSRead, IfPm3Hitag, "Read Hitag S page"}, - {"dump", CmdLFHitagSDump, IfPm3Hitag, "Dump Hitag S pages to a file"}, + {"dump", CmdLFHitagSDump, IfPm3Hitag, "Dump Hitag S pages to a file"}, + {"restore", CmdLFHitagSRestore,IfPm3Hitag, "Restore Hitag S memory from dump file"}, {"wrbl", CmdLFHitagSWrite, IfPm3Hitag, "Write Hitag S page"}, {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("Simulation") " -----------------------"}, {"sim", CmdLFHitagSSim, IfPm3Hitag, "Simulate Hitag S transponder"}, From 6b46a91896bdffce2cdfb56e5bd2fdca605e9061 Mon Sep 17 00:00:00 2001 From: Nya0 Date: Sat, 28 Dec 2024 00:09:04 +0300 Subject: [PATCH 101/150] tiny oopsie --- client/src/cmdlfhitaghts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdlfhitaghts.c b/client/src/cmdlfhitaghts.c index ad8a57b7d..713f54aff 100644 --- a/client/src/cmdlfhitaghts.c +++ b/client/src/cmdlfhitaghts.c @@ -661,7 +661,7 @@ static int CmdLFHitagSRestore(const char *Cmd) { if (resp.status != PM3_SUCCESS) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(ERROR, "Write failed for page %d", page); + PrintAndLogEx(FAILED, "Write failed for page %d", page); print_error(resp.reason); free(dump); return PM3_ESOFT; From 86dc2e427c251f58c63b1353c6c8a709069f144a Mon Sep 17 00:00:00 2001 From: Nya0 Date: Sat, 28 Dec 2024 00:20:36 +0300 Subject: [PATCH 102/150] added to command files --- client/src/cmdlfhitaghts.c | 2 +- doc/commands.json | 21 +++++++++++++++++++++ doc/commands.md | 1 + 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/client/src/cmdlfhitaghts.c b/client/src/cmdlfhitaghts.c index 713f54aff..390fffe12 100644 --- a/client/src/cmdlfhitaghts.c +++ b/client/src/cmdlfhitaghts.c @@ -734,7 +734,7 @@ static int CmdLFHitagSRestore(const char *Cmd) { if (resp.status != PM3_SUCCESS) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(ERROR, "Failed to apply config"); + PrintAndLogEx(FAILED, "Failed to apply config"); print_error(resp.reason); free(dump); return PM3_ESOFT; diff --git a/doc/commands.json b/doc/commands.json index 0bfc7059d..0bc3bfc4a 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -9838,6 +9838,27 @@ ], "usage": "lf hitag hts dump [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ] [--ns]" }, + "lf hitag hts restore": { + "command": "lf hitag hts restore", + "description": "Restore a dump file onto Hitag S tag Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", + "notes": [ + "lf hitag hts restore -f myfile --82xx -k BBDD3399 -> pwd mode", + "lf hitag hts restore -f myfile --crypto -> use def crypto", + "lf hitag hts restore -f myfile -k 4F4E4D494B52 -> crypto mode", + "lf hitag hts restore -f myfile --nrar 0102030411223344" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-8, --82xx 8268/8310 mode", + "--nrar nonce / answer writer, 8 hex bytes", + "--crypto crypto mode", + "-k, --key pwd or key, 4 or 6 hex bytes", + "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", + "-f, --file specify file name" + ], + "usage": "lf hitag hts restore [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ]" + }, "lf hitag hts help": { "command": "lf hitag hts help", "description": "help This help list List Hitag S trace history --------------------------------------------------------------------------------------- lf hitag hts list available offline: yes Alias of `trace list -t hitags` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", diff --git a/doc/commands.md b/doc/commands.md index 9cd60a66a..139eb9e3b 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -1084,6 +1084,7 @@ Check column "offline" for their availability. |`lf hitag hts rdbl `|N |`Read Hitag S page` |`lf hitag hts dump `|N |`Dump Hitag S pages to a file` |`lf hitag hts wrbl `|N |`Write Hitag S page` +|`lf hitag hts restore `|N |`Restore Hitag S memory from a dump file` |`lf hitag hts sim `|N |`Simulate Hitag S transponder` From afcd57b1a18e05f7afdb2fd10a95f5c99a94acd3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 28 Dec 2024 19:18:27 +0100 Subject: [PATCH 103/150] identify MIFARE Duox --- CHANGELOG.md | 1 + client/src/cmdhf14a.c | 1 + client/src/cmdhfmfdes.c | 14 +++++++++++++- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ebbd7529f..72b39ac84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed `hf 14a info` - now identifies MIAFRE Duox (@iceman1001) - Added `hf iclass trbl` to perform tear-off attacks on iClass (@antiklesys) - Added support for connection to host device in all Docker envs (@doegox) - Changed `hf 15 info` to show all type matches and check ST25TVxC signature (@doegox) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index cd1db3e08..03e8585e1 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -1884,6 +1884,7 @@ static int detect_nxp_card_print(uint8_t sak, uint16_t atqa, uint64_t select_sta printTag("MIFARE DESFire EV2 2K/4K/8K/16K/32K"); printTag("MIFARE DESFire EV3 2K/4K/8K"); printTag("MIFARE DESFire Light 640B"); + printTag("MIFARE Duox"); type |= MTDESFIRE; } else { printTag("MIFARE Plus EV1 2K/4K CL2 in SL3"); diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index ee8b537c9..d0fcbf112 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -148,6 +148,7 @@ typedef enum { PLUS_EV2, NTAG413DNA, NTAG424, + DUOX, } nxp_cardtype_t; typedef enum { @@ -272,6 +273,10 @@ static char *getVersionStr(uint8_t type, uint8_t major, uint8_t minor) { snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("Plus EV1") " )", major, minor); else if (type == 0x02 && major == 0x22 && minor == 0x00) snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("Plus EV2") " )", major, minor); + else if (type == 0x01 && major == 0xA0 && minor == 0x00) + snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("DUOX") " )", major, minor); + else if ((type & 0x08) == 0x08) + snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("DESFire Light") " )", major, minor); else snprintf(retStr, sizeof(buf), "%x.%x ( " _YELLOW_("Unknown") " )", major, minor); return buf; @@ -338,6 +343,10 @@ static nxp_cardtype_t getCardType(uint8_t type, uint8_t major, uint8_t minor) { if (type == 0x01 && major == 0x33 && minor == 0x00) return DESFIRE_EV3; + // Duox + if (type == 0x01 && major == 0xA0 && minor == 0x00) + return DUOX; + // DESFire Light if (type == 0x08 && major == 0x30 && minor == 0x00) return DESFIRE_LIGHT; @@ -744,6 +753,8 @@ static int CmdHF14ADesInfo(const char *Cmd) { PrintAndLogEx(INFO, "\t2.2 - DESFire Ev2 XL, Originality check, proximity check, EAL5"); if (major == 3 && minor == 0) PrintAndLogEx(INFO, "\t3.0 - DESFire Ev3, Originality check, proximity check, badass EAL6 ?"); + if (major == 0xA0 && minor == 0) + PrintAndLogEx(INFO, "\tx.x - DUOX, Originality check, proximity check, EAL6++"); if (major == 0 && minor == 2) PrintAndLogEx(INFO, "\t0.2 - DESFire Light, Originality check, "); @@ -761,7 +772,8 @@ static int CmdHF14ADesInfo(const char *Cmd) { if (cardtype == DESFIRE_EV2 || cardtype == DESFIRE_EV2_XL || cardtype == DESFIRE_LIGHT || cardtype == DESFIRE_EV3 || - cardtype == NTAG413DNA) { + cardtype == NTAG413DNA || + cardtype == DUOX) { // Signature originality check uint8_t signature[250] = {0}; // must be 56 size_t signature_len = 0; From 6bce80f52013b3f2a431819d955f884f53233ab4 Mon Sep 17 00:00:00 2001 From: Nya0 Date: Sun, 29 Dec 2024 14:01:30 +0300 Subject: [PATCH 104/150] fixed comments --- client/src/cmdlfhitaghts.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/client/src/cmdlfhitaghts.c b/client/src/cmdlfhitaghts.c index 390fffe12..88e7b91b5 100644 --- a/client/src/cmdlfhitaghts.c +++ b/client/src/cmdlfhitaghts.c @@ -456,7 +456,7 @@ static int CmdLFHitagSDump(const char *Cmd) { " - default key 4F4E4D494B52 (ONMIKR)\n\n" " 8268/8310 password mode: \n" " - default password BBDD3399\n", - "lf hitag hts dump --82xx -k -> use def pwd\n" + "lf hitag hts dump --82xx -> use def pwd\n" "lf hitag hts dump --82xx -k BBDD3399 -> pwd mode\n" "lf hitag hts dump --crypto -> use def crypto\n" "lf hitag hts dump -k 4F4E4D494B52 -> crypto mode\n" @@ -621,7 +621,7 @@ static int CmdLFHitagSRestore(const char *Cmd) { if (bytes_read != mem_size) { free(dump); - PrintAndLogEx(FAILED, "Wrong length of dump file. Expected %zu bytes, got %zu", mem_size, bytes_read); + PrintAndLogEx(FAILED, "Wrong length of dump file. Expected %d bytes, got %zu", mem_size, bytes_read); return PM3_EFILE; } @@ -682,7 +682,7 @@ static int CmdLFHitagSRestore(const char *Cmd) { dump_bytes[offset + 2], dump_bytes[offset + 3]); - memcpy(packet.pwd, &dump_bytes[offset], HITAGS_PAGE_SIZE); + memcpy(packet.pwd, &dump_bytes[offset], HITAG_PASSWORD_SIZE); PrintAndLogEx(SUCCESS, "Using new password for subsequent writes"); @@ -691,12 +691,12 @@ static int CmdLFHitagSRestore(const char *Cmd) { case 3: // crypto mode if (packet.cmd == HTSF_KEY) { - if (memcmp(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAGS_PAGE_SIZE * 2) == 0) { + if (memcmp(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAG_CRYPTOKEY_SIZE) == 0) { break; } auth_changed = true; - memcpy(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAGS_PAGE_SIZE * 2); + memcpy(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAG_CRYPTOKEY_SIZE); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(WARNING, "New key detected: " _BACK_BLUE_("%02X %02X %02X %02X %02X %02X"), From 2ccfa187abd732b6a473c35c43158601d966e91f Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sun, 29 Dec 2024 22:19:32 +0100 Subject: [PATCH 105/150] Remove unused definitions related to fixed-size SPI flash, improve comments for documentation --- client/src/scripting.c | 2 +- include/pmflash.h | 22 ++++++++++------------ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/client/src/scripting.c b/client/src/scripting.c index 0657ae8d6..1a368f48c 100644 --- a/client/src/scripting.c +++ b/client/src/scripting.c @@ -283,7 +283,7 @@ static int l_GetFromFlashMemSpiffs(lua_State *L) { return returnToLuaWithError(L, "No FLASH MEM support"); } - uint32_t start_index = 0, len = 0x40000; //FLASH_MEM_MAX_SIZE + uint32_t start_index = 0, len = 0x40000; // 256kb FLASH_MEM_MAX_SIZE as default value char destfilename[32] = {0}; size_t size; diff --git a/include/pmflash.h b/include/pmflash.h index d40caa725..49e5bd9a0 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -23,24 +23,25 @@ // RDV40 Section // 256kb divided into 4k sectors. +// +--------+-------------+---------+--------------------------+ +// | Sector | 256kb addr* | Size | Description | +// +--------+-------------+---------+--------------------------+ +// | N | 0x3F000 | 1 * 4kb | signature | +// | N-1 | 0x3E000 | 1 * 4kb | reserved for future use | +// +--------+-------------+---------+--------------------------+ // -// 0x3F000 - 1 4kb sector = signature -// 0x3E000 - 1 4kb sector = settings -// +// * For different memory size than 256kb the address is not valid. +// Please instead refer to Sector number, where N is the last +// 4kb secotr of the memory in question. + #ifndef FLASH_MEM_BLOCK_SIZE # define FLASH_MEM_BLOCK_SIZE 256 #endif -#ifndef FLASH_MEM_MAX_SIZE -# define FLASH_MEM_MAX_SIZE 0x40000 // (262144) -#endif #ifndef FLASH_MEM_MAX_SIZE_P # define FLASH_MEM_MAX_SIZE_P(p64k) (1024 * 64 * (p64k)) #endif -#ifndef FLASH_MEM_MAX_4K_SECTOR -# define FLASH_MEM_MAX_4K_SECTOR 0x3F000 -#endif #ifndef FLASH_MEM_MAX_4K_SECTOR_P # define FLASH_MEM_MAX_4K_SECTOR_P(p64k) (FLASH_MEM_MAX_SIZE_P(p64k) - 4096) #endif @@ -55,10 +56,7 @@ # define FLASH_MEM_SIGNATURE_LEN 128 #endif -#ifndef FLASH_MEM_SIGNATURE_OFFSET // -1 for historical compatibility with already released Proxmark3 RDV4.0 devices -# define FLASH_MEM_SIGNATURE_OFFSET (FLASH_MEM_MAX_SIZE - FLASH_MEM_SIGNATURE_LEN - 1) -#endif #ifndef FLASH_MEM_SIGNATURE_OFFSET_P # define FLASH_MEM_SIGNATURE_OFFSET_P(p64k) (FLASH_MEM_MAX_SIZE_P(p64k) - FLASH_MEM_SIGNATURE_LEN - 1) #endif From e3486e57b1b90ad59480df9fa8ef3ea1bce8d8af Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sun, 29 Dec 2024 22:20:49 +0100 Subject: [PATCH 106/150] Extend spiffs area to full FLASH array except last two sectors (signature and reserve one for future use) --- CHANGELOG.md | 1 + include/pmflash.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e1c60b98..75318a55e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva) - Changed flash-stored key dictionaries (Mifare, iClass, T55XX) and T55XX configurations to SPIFFS files (@piotrva) - Changed `lf em 410x sim` to use default gap value of 0 and extended help (@piotrva) - Changed `hf 14a info` - now identifies MIAFRE Duox (@iceman1001) diff --git a/include/pmflash.h b/include/pmflash.h index 49e5bd9a0..79488ba5c 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -46,7 +46,7 @@ # define FLASH_MEM_MAX_4K_SECTOR_P(p64k) (FLASH_MEM_MAX_SIZE_P(p64k) - 4096) #endif -#define FLASH_RESERVED_TRAILING_4K_SECTORS 10 +#define FLASH_RESERVED_TRAILING_4K_SECTORS 2 #ifndef FLASH_MEM_ID_LEN # define FLASH_MEM_ID_LEN 8 From adadfb7fad704b3e7ce1a01c9fec687138ce8d37 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sun, 29 Dec 2024 22:45:50 +0100 Subject: [PATCH 107/150] Corrected documentation on SPI FLASH memory usage after SPIFFS area extension. --- client/src/scripting.c | 2 +- doc/ext_flash_notes.md | 14 +++++++++++--- include/pmflash.h | 12 ++++++------ 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/client/src/scripting.c b/client/src/scripting.c index 1a368f48c..4f7705eb3 100644 --- a/client/src/scripting.c +++ b/client/src/scripting.c @@ -283,7 +283,7 @@ static int l_GetFromFlashMemSpiffs(lua_State *L) { return returnToLuaWithError(L, "No FLASH MEM support"); } - uint32_t start_index = 0, len = 0x40000; // 256kb FLASH_MEM_MAX_SIZE as default value + uint32_t start_index = 0, len = 0x40000; // 256KB FLASH_MEM_MAX_SIZE as default value char destfilename[32] = {0}; size_t size; diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index d54c2be53..25ba2be14 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -19,7 +19,7 @@ External 256kbytes flash is a unique feature of the RDV4 edition. Flash memory is -* 256KB (0x40000= 262144) +* 256KB (0x40000 = 262144) * divided into 4 pages of 64KB (0x10000 = 65536) * 4 pages divided into 16 sectors of 4KB (0x1000 = 4096), so last sector is at 0x3F000 @@ -31,6 +31,8 @@ Therefore a flash address can be interpreted as such: ^^^ offset ^^^ offset 0xF7F ``` +Please note that for other flash memory sizes than 256KB a "Page 3" will be the last page of the memory, and address offsets would be dependant on the memory size. + ## Layout ^[Top](#top) @@ -49,7 +51,7 @@ Page 2: * to dump it: `mem dump -f page2_dump -o 131072 -l 65536` * to erase it: `mem wipe -p 2` -Page 3: +Page 3 (or the last page for memories other than 256KB): * used by Proxmark3 RDV4 specific functions: flash signature, see below for details * to dump it: `mem dump -f page3_dump -o 196608 -l 65536` * to erase it: @@ -60,13 +62,19 @@ Page 3: ## Page3 Layout ^[Top](#top) -Page3 is used as follows by the Proxmark3 RDV4 firmware: +Page3 (or the last page for memories other than 256KB) is used as follows by the Proxmark3 RDV4 firmware: * **RSA SIGNATURE**, see below for details * offset: page 3 sector 15 (0xF) offset 0xF7F @ 3*0x10000+15*0x1000+0xF7F=0x3FF7F (decimal 262015) * length: 128 bytes * offset should have been 0x3FF80 but historically it's one byte off and therefore the last byte of the flash is unused +* **Reserved for future use** + * offset: page 3 sector 14 (0xE) + +* **SPIFFS sectors** + * offset: page 3 sectors 13..0 (0xD..0x0) + ## RSA signature ^[Top](#top) diff --git a/include/pmflash.h b/include/pmflash.h index 79488ba5c..7820ad4e2 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -22,17 +22,17 @@ #include "common.h" // RDV40 Section -// 256kb divided into 4k sectors. +// 256KB divided into 4K sectors. // +--------+-------------+---------+--------------------------+ -// | Sector | 256kb addr* | Size | Description | +// | Sector | 256KB addr* | Size | Description | // +--------+-------------+---------+--------------------------+ -// | N | 0x3F000 | 1 * 4kb | signature | -// | N-1 | 0x3E000 | 1 * 4kb | reserved for future use | +// | N | 0x3F000 | 1 * 4KB | signature | +// | N-1 | 0x3E000 | 1 * 4KB | reserved for future use | // +--------+-------------+---------+--------------------------+ // -// * For different memory size than 256kb the address is not valid. +// * For different memory size than 256KB the address is not valid. // Please instead refer to Sector number, where N is the last -// 4kb secotr of the memory in question. +// 4KB secotr of the memory in question. #ifndef FLASH_MEM_BLOCK_SIZE # define FLASH_MEM_BLOCK_SIZE 256 From 17338e2a5fdcc7a4a214003f86ceae846c66e6e4 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 31 Dec 2024 23:35:16 +0100 Subject: [PATCH 108/150] style --- armsrc/lfops.c | 4 +- client/src/cmdhf15.c | 6 +- client/src/cmdhficlass.c | 38 ++++----- client/src/cmdhflist.c | 36 ++++----- client/src/cmdhfmfu.c | 6 +- client/src/cmdlfhitaghts.c | 85 ++++++++++---------- client/src/crypto/originality.c | 134 +++++++++++++++++++++----------- client/src/mifare/mifarehost.c | 2 +- 8 files changed, 178 insertions(+), 133 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index c93880944..01eae38a4 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -325,7 +325,7 @@ void setT55xxConfig(uint8_t arg0, const t55xx_configurations_t *c) { return; } - if (SPIFFS_OK == rdv40_spiffs_write(T55XX_CONFIG_FILE, (uint8_t*)&T55xx_Timing, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE)) { + if (SPIFFS_OK == rdv40_spiffs_write(T55XX_CONFIG_FILE, (uint8_t *)&T55xx_Timing, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE)) { DbpString("T55XX Config save " _GREEN_("success")); } @@ -2133,7 +2133,7 @@ void T55xx_ChkPwds(uint8_t flags, bool ledcontrol) { BigBuf_Clear_EM(); uint32_t size = 0; - + if (exists_in_spiffs(T55XX_KEYS_FILE)) { size = size_in_spiffs(T55XX_KEYS_FILE); } diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index b9014fe35..e2295c697 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -907,10 +907,10 @@ static int StCheckSig(uint8_t *uid) { // add UID (scan, uid) memcpy(packet->raw + packet->rawlen, uid, HF15_UID_LENGTH); packet->rawlen += HF15_UID_LENGTH; - packet->flags = (ISO15_CONNECT| ISO15_READ_RESPONSE | ISO15_NO_DISCONNECT); + packet->flags = (ISO15_CONNECT | ISO15_READ_RESPONSE | ISO15_NO_DISCONNECT); uint16_t blkoff = packet->rawlen; char signature_hex[65] = {0}; - for (int j=0; j<17; j++) { + for (int j = 0; j < 17; j++) { packet->rawlen = blkoff; // block no packet->raw[packet->rawlen++] = 0x3F + j; @@ -929,7 +929,7 @@ static int StCheckSig(uint8_t *uid) { ISO15_ERROR_HANDLING_RESPONSE uint8_t *d = resp.data.asBytes; ISO15_ERROR_HANDLING_CARD_RESPONSE(d, resp.length) - if (j==0) { + if (j == 0) { if (memcmp(d + 1, "K04S", 4) != 0) { // No signature free(packet); diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index fbe8a88bc..29512e192 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -3015,12 +3015,12 @@ static int CmdHFiClass_TearBlock(const char *Cmd) { int tearoff_start = arg_get_int_def(ctx, 12, 100); int tearoff_end = arg_get_int_def(ctx, 13, 200); - if(tearoff_end <= tearoff_start){ + if (tearoff_end <= tearoff_start) { PrintAndLogEx(ERR, "Tearoff end delay must be bigger than the start delay."); return PM3_EINVARG; } - if(tearoff_start < 0 || tearoff_end <= 0){ + if (tearoff_start < 0 || tearoff_end <= 0) { PrintAndLogEx(ERR, "Tearoff start/end delays should be bigger than 0."); return PM3_EINVARG; } @@ -3041,22 +3041,22 @@ static int CmdHFiClass_TearBlock(const char *Cmd) { int isok = 0; tearoff_params_t params; bool read_ok = false; - while(tearoff_start < tearoff_end && !read_ok){ + while (tearoff_start < tearoff_end && !read_ok) { //perform read here, repeat if failed or 00s uint8_t data_read_orig[8] = {0}; bool first_read = false; bool reread = false; - while(!first_read){ + while (!first_read) { int res_orig = iclass_read_block_ex(key, blockno, 0x88, elite, rawkey, use_replay, verbose, auth, shallow_mod, data_read_orig, false); - if (res_orig == PM3_SUCCESS && !reread){ - if (memcmp(data_read_orig, zeros, 8) == 0){ + if (res_orig == PM3_SUCCESS && !reread) { + if (memcmp(data_read_orig, zeros, 8) == 0) { reread = true; - }else{ + } else { first_read = true; reread = false; } - } else if (res_orig == PM3_SUCCESS && reread){ + } else if (res_orig == PM3_SUCCESS && reread) { first_read = true; reread = false; } @@ -3082,36 +3082,36 @@ static int CmdHFiClass_TearBlock(const char *Cmd) { first_read = false; reread = false; bool decrease = false; - while(!first_read){ + while (!first_read) { int res = iclass_read_block_ex(key, blockno, 0x88, elite, rawkey, use_replay, verbose, auth, shallow_mod, data_read, false); - if (res == PM3_SUCCESS && !reread){ - if (memcmp(data_read, zeros, 8) == 0){ + if (res == PM3_SUCCESS && !reread) { + if (memcmp(data_read, zeros, 8) == 0) { reread = true; - }else{ + } else { first_read = true; reread = false; } - } else if (res == PM3_SUCCESS && reread){ + } else if (res == PM3_SUCCESS && reread) { first_read = true; reread = false; - } else if (res != PM3_SUCCESS){ + } else if (res != PM3_SUCCESS) { decrease = true; } } - if (decrease && tearoff_start > 0){ //if there was an error reading repeat the tearoff with the same delay + if (decrease && tearoff_start > 0) { //if there was an error reading repeat the tearoff with the same delay tearoff_start--; } bool tear_success = true; - for (int i=0; i 40) { // using an 82xx (pages>40 are RO) PrintAndLogEx(NORMAL, _RED_("RO ")NOLF); } else if (page_addr == HITAGS_CONFIG_PADR) { @@ -615,7 +616,7 @@ static int CmdLFHitagSRestore(const char *Cmd) { lf_hts_read_response_t *config = (lf_hts_read_response_t *)resp.data.asBytes; hitags_config_t tag_config = config->config_page.s; - + const int hts_mem_sizes[] = {1, 8, 64, 64}; int mem_size = hts_mem_sizes[tag_config.MEMT] * HITAGS_PAGE_SIZE; @@ -625,30 +626,30 @@ static int CmdLFHitagSRestore(const char *Cmd) { return PM3_EFILE; } - uint8_t* dump_bytes = (uint8_t*)dump; + uint8_t *dump_bytes = (uint8_t *)dump; bool auth_changed = false; for (int page = packet.page_count + 1; page < hts_mem_sizes[tag_config.MEMT]; page++) { // skip config page - + if (packet.cmd == HTSF_82xx && page > 40) { - PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, ""); PrintAndLogEx(WARNING, "Using " _YELLOW_("82xx") ", Pages " _YELLOW_("41-63") " will be skipped"); - PrintAndLogEx(NORMAL, ""); - break; + PrintAndLogEx(NORMAL, ""); + break; } size_t offset = page * HITAGS_PAGE_SIZE; - + packet.page = page; memcpy(packet.data, &dump_bytes[offset], HITAGS_PAGE_SIZE); - - PrintAndLogEx(INPLACE, " Writing page "_YELLOW_("%d")", data: " _GREEN_("%02X %02X %02X %02X"), page, - dump_bytes[offset], - dump_bytes[offset + 1], - dump_bytes[offset + 2], - dump_bytes[offset + 3]); - + PrintAndLogEx(INPLACE, " Writing page "_YELLOW_("%d")", data: " _GREEN_("%02X %02X %02X %02X"), page, + dump_bytes[offset], + dump_bytes[offset + 1], + dump_bytes[offset + 2], + dump_bytes[offset + 3]); + + clearCommandBuffer(); SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); @@ -671,26 +672,26 @@ static int CmdLFHitagSRestore(const char *Cmd) { case 2: // auth first page if (packet.cmd == HTSF_82xx) { if (memcmp(packet.pwd, &dump_bytes[offset], HITAGS_PAGE_SIZE) == 0) { - break; + break; } auth_changed = true; - + PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(WARNING, "Password Changed! Old: " _BACK_BLUE_("%02X %02X %02X %02X") ", New: "_BACK_BLUE_("%02X %02X %02X %02X"), - packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3], - dump_bytes[offset], dump_bytes[offset + 1], - dump_bytes[offset + 2], dump_bytes[offset + 3]); - + PrintAndLogEx(WARNING, "Password Changed! Old: " _BACK_BLUE_("%02X %02X %02X %02X") ", New: "_BACK_BLUE_("%02X %02X %02X %02X"), + packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3], + dump_bytes[offset], dump_bytes[offset + 1], + dump_bytes[offset + 2], dump_bytes[offset + 3]); + memcpy(packet.pwd, &dump_bytes[offset], HITAG_PASSWORD_SIZE); PrintAndLogEx(SUCCESS, "Using new password for subsequent writes"); } - break; - case 3: // crypto mode + break; + case 3: // crypto mode if (packet.cmd == HTSF_KEY) { - + if (memcmp(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAG_CRYPTOKEY_SIZE) == 0) { break; } @@ -700,28 +701,28 @@ static int CmdLFHitagSRestore(const char *Cmd) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(WARNING, "New key detected: " _BACK_BLUE_("%02X %02X %02X %02X %02X %02X"), - packet.key[0], packet.key[1], packet.key[2], - packet.key[3], packet.key[4], packet.key[5]); - + packet.key[0], packet.key[1], packet.key[2], + packet.key[3], packet.key[4], packet.key[5]); + PrintAndLogEx(SUCCESS, "Using new key for subsequent writes"); } - break; + break; } } - + // restore config page at end - size_t config_offset = HITAGS_PAGE_SIZE * 1; // page 1 + size_t config_offset = HITAGS_PAGE_SIZE * 1; // page 1 packet.page = HITAGS_CONFIG_PADR; memcpy(packet.data, &dump_bytes[HITAGS_PAGE_SIZE], HITAGS_PAGE_SIZE); PrintAndLogEx(SUCCESS, "Applying "_YELLOW_("restored config: ") _GREEN_("%02X %02X %02X %02X"), - dump_bytes[config_offset], - dump_bytes[config_offset + 1], - dump_bytes[config_offset + 2], - dump_bytes[config_offset + 3]); + dump_bytes[config_offset], + dump_bytes[config_offset + 1], + dump_bytes[config_offset + 2], + dump_bytes[config_offset + 3]); + - clearCommandBuffer(); SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); @@ -741,15 +742,15 @@ static int CmdLFHitagSRestore(const char *Cmd) { } PrintAndLogEx(INFO, "Write process completed"); - + if (auth_changed) { if (packet.cmd == HTSF_82xx) { - PrintAndLogEx(SUCCESS, "New Password: " _BACK_BLUE_("%02X %02X %02X %02X"), - packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3]); + PrintAndLogEx(SUCCESS, "New Password: " _BACK_BLUE_("%02X %02X %02X %02X"), + packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3]); } else if (packet.cmd == HTSF_KEY) { PrintAndLogEx(SUCCESS, "New Key: " _BACK_BLUE_("%02X %02X %02X %02X %02X %02X"), - packet.key[0], packet.key[1], packet.key[2], - packet.key[3], packet.key[4], packet.key[5]); + packet.key[0], packet.key[1], packet.key[2], + packet.key[3], packet.key[4], packet.key[5]); } } @@ -929,7 +930,7 @@ static command_t CommandTable[] = { {"reader", CmdLFHitagSReader, IfPm3Hitag, "Act like a Hitag S reader"}, {"rdbl", CmdLFHitagSRead, IfPm3Hitag, "Read Hitag S page"}, {"dump", CmdLFHitagSDump, IfPm3Hitag, "Dump Hitag S pages to a file"}, - {"restore", CmdLFHitagSRestore,IfPm3Hitag, "Restore Hitag S memory from dump file"}, + {"restore", CmdLFHitagSRestore, IfPm3Hitag, "Restore Hitag S memory from dump file"}, {"wrbl", CmdLFHitagSWrite, IfPm3Hitag, "Write Hitag S page"}, {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("Simulation") " -----------------------"}, {"sim", CmdLFHitagSSim, IfPm3Hitag, "Simulate Hitag S transponder"}, diff --git a/client/src/crypto/originality.c b/client/src/crypto/originality.c index 0f2f43e35..66dc3efb0 100644 --- a/client/src/crypto/originality.c +++ b/client/src/crypto/originality.c @@ -22,73 +22,117 @@ // See tools/recover_pk.py to recover Pk from UIDs and signatures const ecdsa_publickey_ng_t manufacturer_public_keys[] = { - {PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP MIFARE Classic MFC1C14_x", - "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "MIFARE Classic / QL88", - "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, + { + PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP MIFARE Classic MFC1C14_x", + "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF" + }, + { + PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "MIFARE Classic / QL88", + "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2" + }, // ref: TagInfo // NTAG 210/212 ? not present in recover_pk - {PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Public key", - "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, + { + PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Public key", + "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC" + }, // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation - {PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Ultralight EV1", - "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, + { + PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Ultralight EV1", + "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8" + }, // ref: AN11350 NTAG 21x Originality Signature Validation - {PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP NTAG21x (2013)", - "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, + { + PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP NTAG21x (2013)", + "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61" + }, // ref: AN13452 MIFARE Ultralight AES features and hints - {PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES", - "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, + { + PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES", + "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86" + }, // ref: TagInfo - {PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES (alt key)", - "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, + { + PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES (alt key)", + "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74" + }, - {PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV1", - "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, - // not present in recover_pk - {PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV2", - "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607"}, - {PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus Troika", - "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, + { + PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV1", + "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E" + }, + // not present in recover_pk + { + PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV2", + "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607" + }, + { + PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus Troika", + "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF" + }, // ref: AN12343 MIFARE DESFire Light Features and Hints // not present in recover_pk - {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire Light", - "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, - {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG413DNA, DESFire EV1", - "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD"}, - {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, NTAG424DNATT, DESFire EV2, DESFire Light EV2", - "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire Light", + "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG413DNA, DESFire EV1", + "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, NTAG424DNATT, DESFire EV2, DESFire Light EV2", + "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A" + }, // ref: AN12196 NTAG 424 DNA and NTAG 424 DNA TagTamper features and hints - {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, DESFire EV2, DESFire Light", - "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, - {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV2 XL", - "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, - {PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV3", - "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, DESFire EV2, DESFire Light", + "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV2 XL", + "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV3", + "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743" + }, // ref: AN5101 TruST25 digital signature for ST25TA512B, ST25TA02KB, ST25TA02KB-D and ST25TA02KB-P devices - {PK_ST25TA, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TA TruST25 (ST) key 01?", - "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, + { + PK_ST25TA, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TA TruST25 (ST) key 01?", + "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA" + }, // ref: AN5660 TruST25 digital signature for ST25TN512 and ST25TN01K devices - {PK_ST25TN, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TN TruST25 (ST) KeyID 05", - "0440004F974F7C76BC8718E523D85FA7B354A9A992BFA966CB8219242F9D274FD6"}, + { + PK_ST25TN, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TN TruST25 (ST) KeyID 05", + "0440004F974F7C76BC8718E523D85FA7B354A9A992BFA966CB8219242F9D274FD6" + }, // ref: AN5104 TruST25 digital signature for ST25TV512 and ST25TV02K devices ? // ref: AN5149 TruST25 digital signature for ST25DV02K-W1, ST25DV02K-W2 devices ? // ref: AN5580 TruST25 digital signature for ST25TV512C and ST25TV02KC devices - {PK_ST25TV, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) KeyID 04", - "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, + { + PK_ST25TV, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) KeyID 04", + "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC" + }, - {PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP ICODE DNA, ICODE SLIX2", - "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "VivoKey Spark1 Public key", - "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, + { + PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP ICODE DNA, ICODE SLIX2", + "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0" + }, + { + PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "VivoKey Spark1 Public key", + "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A" + }, // FIXME: what type(s) of card exactly? MFC? MFUL? not present in recover_pk - {PK_MIK, MBEDTLS_ECP_DP_SECP128R1, 33, "MIKRON Public key", - "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, + { + PK_MIK, MBEDTLS_ECP_DP_SECP128R1, 33, "MIKRON Public key", + "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2" + }, }; diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 453a3b447..7e44df14a 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -275,7 +275,7 @@ int mf_check_keys_fast_ex(uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastCh // takes about 97s, still some margin before abort // timeout = 180 => ~360s @ Mifare Classic 1k @ ~2300 keys in dict // ~2300 keys @ Mifare Classic 1k => ~620s - if (timeout > 60*12) { + if (timeout > 60 * 12) { PrintAndLogEx(WARNING, "\nNo response from Proxmark3. Aborting..."); return PM3_ETIMEOUT; } From 8f2b48a778ebfc9822cccf8b30c77a822ed03a17 Mon Sep 17 00:00:00 2001 From: zxkmm Date: Sat, 4 Jan 2025 21:14:20 +0800 Subject: [PATCH 109/150] add -o argument for hf mf autopwn --- client/src/cmdhfmf.c | 52 +++++++++++++++++++++++++++++--------------- doc/cheatsheet.md | 1 + 2 files changed, 36 insertions(+), 17 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 6c72bccbf..15a4d17f5 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -2454,6 +2454,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { arg_lit0("a", NULL, "Input key A (def)"), arg_lit0("b", NULL, "Input key B"), arg_str0("f", "file", "", "filename of dictionary"), + arg_str0("o", "output", "", "filename suffix for dump and key files"), arg_lit0(NULL, "slow", "Slower acquisition (required by some non standard cards)"), arg_lit0("l", "legacy", "legacy mode (use the slow `hf mf chk`)"), arg_lit0("v", "verbose", "verbose output"), @@ -2501,29 +2502,34 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { char filename[FILE_PATH_SIZE] = {0}; CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); - bool slow = arg_get_lit(ctx, 6); - bool legacy_mfchk = arg_get_lit(ctx, 7); - bool verbose = arg_get_lit(ctx, 8); + int outfnlen = 0; + char outfilename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)outfilename, FILE_PATH_SIZE, &outfnlen); - bool no_save = arg_get_lit(ctx, 9); - bool m0 = arg_get_lit(ctx, 10); - bool m1 = arg_get_lit(ctx, 11); - bool m2 = arg_get_lit(ctx, 12); - bool m4 = arg_get_lit(ctx, 13); + bool slow = arg_get_lit(ctx, 7); + bool legacy_mfchk = arg_get_lit(ctx, 8); + bool verbose = arg_get_lit(ctx, 9); - bool in = arg_get_lit(ctx, 14); + bool no_save = arg_get_lit(ctx, 10); + + bool m0 = arg_get_lit(ctx, 11); + bool m1 = arg_get_lit(ctx, 12); + bool m2 = arg_get_lit(ctx, 13); + bool m4 = arg_get_lit(ctx, 14); + + bool in = arg_get_lit(ctx, 15); #if defined(COMPILER_HAS_SIMD_X86) - bool im = arg_get_lit(ctx, 15); - bool is = arg_get_lit(ctx, 16); - bool ia = arg_get_lit(ctx, 17); - bool i2 = arg_get_lit(ctx, 18); + bool im = arg_get_lit(ctx, 16); + bool is = arg_get_lit(ctx, 17); + bool ia = arg_get_lit(ctx, 18); + bool i2 = arg_get_lit(ctx, 19); #endif #if defined(COMPILER_HAS_SIMD_AVX512) - bool i5 = arg_get_lit(ctx, 19); + bool i5 = arg_get_lit(ctx, 20); #endif #if defined(COMPILER_HAS_SIMD_NEON) - bool ie = arg_get_lit(ctx, 15); + bool ie = arg_get_lit(ctx, 16); #endif CLIParserFree(ctx); @@ -2691,7 +2697,13 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { } // read uid to generate a filename for the key file - char *fptr = GenerateFilename("hf-mf-", "-key.bin"); + char suffix[FILE_PATH_SIZE]; + if (outfilename[0] != '\0') { + snprintf(suffix, sizeof(suffix), "-key-%s.bin", outfilename); + } else { + snprintf(suffix, sizeof(suffix), "-key.bin"); + } + char *fptr = GenerateFilename("hf-mf-", suffix); // check if tag doesn't have static nonce int has_staticnonce = detect_classic_static_nonce(); @@ -3219,7 +3231,13 @@ all_found: } free(fptr); - fptr = GenerateFilename("hf-mf-", "-dump"); + + if (outfilename[0] != '\0') { + snprintf(suffix, sizeof(suffix), "-dump-%s", outfilename); + } else { + snprintf(suffix, sizeof(suffix), "-dump"); + } + fptr = GenerateFilename("hf-mf-", suffix); if (fptr == NULL) { free(dump); free(e_sector); diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index 0dd86c2a0..1d11df0be 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -294,6 +294,7 @@ Options: -a Input key A (def) -b Input key B -f, --file filename of dictionary +-o, --output filename for dump and key files -s, --slow Slower acquisition (required by some non standard cards) -l, --legacy legacy mode (use the slow `hf mf chk`) -v, --verbose verbose output (statistics) From 8f724b1f410ae7eb875e43643ffb0400ff25458b Mon Sep 17 00:00:00 2001 From: zxkmm Date: Sat, 4 Jan 2025 21:16:35 +0800 Subject: [PATCH 110/150] document - textual --- doc/cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index 1d11df0be..98a0e0c61 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -294,7 +294,7 @@ Options: -a Input key A (def) -b Input key B -f, --file filename of dictionary --o, --output filename for dump and key files +-o, --output filename suffix for dump and key files -s, --slow Slower acquisition (required by some non standard cards) -l, --legacy legacy mode (use the slow `hf mf chk`) -v, --verbose verbose output (statistics) From be766fbe3b3440fb73603d0e961aa9b71ff4926b Mon Sep 17 00:00:00 2001 From: zxkmm Date: Sat, 4 Jan 2025 21:24:10 +0800 Subject: [PATCH 111/150] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75318a55e..e3096e763 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added simulation function to `hf iclass legrec` (@antiklesys) - Added keys from Momentum firmware projects. (@onovy) - Added Dutch Statistics Agency default key (@eagle00789) +- Added cuxtom suffix for `hf mf autopwn` command. (@zxkmm) ## [Orca.4.19552][2024-11-22] - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) From 964d011b22e4c14354f7dba232ba7e5b5e5083c4 Mon Sep 17 00:00:00 2001 From: zxkmm Date: Sat, 4 Jan 2025 22:49:25 +0800 Subject: [PATCH 112/150] edit changelog per iceman request --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3096e763..5ebebd9c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,7 +26,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added simulation function to `hf iclass legrec` (@antiklesys) - Added keys from Momentum firmware projects. (@onovy) - Added Dutch Statistics Agency default key (@eagle00789) -- Added cuxtom suffix for `hf mf autopwn` command. (@zxkmm) +- Changed hf mf autopwn - now allows for custom suffix (@zxkmm) ## [Orca.4.19552][2024-11-22] - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) From 4b5913cc7c558afff5cc39569a132acac70f3d0c Mon Sep 17 00:00:00 2001 From: zxkmm Date: Sat, 4 Jan 2025 22:52:05 +0800 Subject: [PATCH 113/150] check len instead of the actual buffer as per iceman request --- client/src/cmdhfmf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 15a4d17f5..0c94f0f68 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -2698,7 +2698,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { // read uid to generate a filename for the key file char suffix[FILE_PATH_SIZE]; - if (outfilename[0] != '\0') { + if (outfnlen) { snprintf(suffix, sizeof(suffix), "-key-%s.bin", outfilename); } else { snprintf(suffix, sizeof(suffix), "-key.bin"); @@ -3232,7 +3232,7 @@ all_found: free(fptr); - if (outfilename[0] != '\0') { + if (outfnlen) { snprintf(suffix, sizeof(suffix), "-dump-%s", outfilename); } else { snprintf(suffix, sizeof(suffix), "-dump"); From 4f6bcb2198606a4f8b822f20795ad43f847a1744 Mon Sep 17 00:00:00 2001 From: zxkmm Date: Sat, 4 Jan 2025 22:56:11 +0800 Subject: [PATCH 114/150] not use long argument --- client/src/cmdhfmf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 0c94f0f68..0676d0578 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -2454,7 +2454,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { arg_lit0("a", NULL, "Input key A (def)"), arg_lit0("b", NULL, "Input key B"), arg_str0("f", "file", "", "filename of dictionary"), - arg_str0("o", "output", "", "filename suffix for dump and key files"), + arg_str0("o", NULL, "", "filename suffix for dump and key files"), arg_lit0(NULL, "slow", "Slower acquisition (required by some non standard cards)"), arg_lit0("l", "legacy", "legacy mode (use the slow `hf mf chk`)"), arg_lit0("v", "verbose", "verbose output"), From b997a91cd5a385ebcb41a7c51848a806515b3a6f Mon Sep 17 00:00:00 2001 From: zxkmm Date: Sat, 4 Jan 2025 23:00:18 +0800 Subject: [PATCH 115/150] remove long name from sheet --- doc/cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index 98a0e0c61..d9e7efcbb 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -294,7 +294,7 @@ Options: -a Input key A (def) -b Input key B -f, --file filename of dictionary --o, --output filename suffix for dump and key files +-o filename suffix for dump and key files -s, --slow Slower acquisition (required by some non standard cards) -l, --legacy legacy mode (use the slow `hf mf chk`) -v, --verbose verbose output (statistics) From 45b3929b20f39963263586dbfbdb8a863d7ff7b9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 4 Jan 2025 22:57:53 +0100 Subject: [PATCH 116/150] maur --- client/dictionaries/mfc_default_keys.dic | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 68a95d1c6..fabc7ec52 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -47,6 +47,10 @@ AABBCCDDEEFF 4D3A99C351DD 1A982C7E459A # +# Gym +FAFAFAFAFAFA +FBFBFBFBFBFB +# # key A Wien D3F7D3F7D3F7 # From 2585a7740317f32f3b568ec78cca9dd45230b43f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 5 Jan 2025 13:12:34 +0100 Subject: [PATCH 117/150] fixed buffer overflow and swapped parameter to "suffix" since its not a output file name --- client/src/cmdhfmf.c | 31 ++++++------ client/src/cmdhfmfdes.c | 2 +- client/src/pm3line_vocabulary.h | 2 + doc/commands.json | 88 ++++++++++++++++++++++----------- doc/commands.md | 3 +- 5 files changed, 81 insertions(+), 45 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 0676d0578..36ebaf3c4 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -2439,7 +2439,10 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { CLIParserInit(&ctx, "hf mf autopwn", "This command automates the key recovery process on MIFARE Classic cards.\n" "It uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys.\n" - "If all keys are found, it try dumping card content both to file and emulator memory.", + "If all keys are found, it try dumping card content both to file and emulator memory.\n" + "\n" + "default file name template is `hf-mf--.`\n" + "using suffix the template becomes `hf-mf---.` \n", "hf mf autopwn\n" "hf mf autopwn -s 0 -a -k FFFFFFFFFFFF --> target MFC 1K card, Sector 0 with known key A 'FFFFFFFFFFFF'\n" "hf mf autopwn --1k -f mfc_default_keys --> target MFC 1K card, default dictionary\n" @@ -2449,15 +2452,15 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { void *argtable[] = { arg_param_begin, - arg_strx0("k", "key", "", "Known key, 12 hex bytes"), - arg_int0("s", "sector", "", "Input sector number"), - arg_lit0("a", NULL, "Input key A (def)"), - arg_lit0("b", NULL, "Input key B"), - arg_str0("f", "file", "", "filename of dictionary"), - arg_str0("o", NULL, "", "filename suffix for dump and key files"), - arg_lit0(NULL, "slow", "Slower acquisition (required by some non standard cards)"), - arg_lit0("l", "legacy", "legacy mode (use the slow `hf mf chk`)"), - arg_lit0("v", "verbose", "verbose output"), + arg_strx0("k", "key", "", "Known key, 12 hex bytes"), + arg_int0("s", "sector", "", "Input sector number"), + arg_lit0("a", NULL, "Input key A (def)"), + arg_lit0("b", NULL, "Input key B"), + arg_str0("f", "file", "", "filename of dictionary"), + arg_str0(NULL, "suffix", "", "Add this suffix to generated files"), + arg_lit0(NULL, "slow", "Slower acquisition (required by some non standard cards)"), + arg_lit0("l", "legacy", "legacy mode (use the slow `hf mf chk`)"), + arg_lit0("v", "verbose", "verbose output"), arg_lit0(NULL, "ns", "No save to file"), @@ -2503,8 +2506,8 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); int outfnlen = 0; - char outfilename[FILE_PATH_SIZE] = {0}; - CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)outfilename, FILE_PATH_SIZE, &outfnlen); + char outfilename[127] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)outfilename, 127, &outfnlen); bool slow = arg_get_lit(ctx, 7); @@ -2699,7 +2702,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { // read uid to generate a filename for the key file char suffix[FILE_PATH_SIZE]; if (outfnlen) { - snprintf(suffix, sizeof(suffix), "-key-%s.bin", outfilename); + snprintf(suffix, sizeof(suffix) - strlen(outfilename), "-key-%s.bin", outfilename); } else { snprintf(suffix, sizeof(suffix), "-key.bin"); } @@ -3231,7 +3234,7 @@ all_found: } free(fptr); - + if (outfnlen) { snprintf(suffix, sizeof(suffix), "-dump-%s", outfilename); } else { diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index d0fcbf112..6483cf9c9 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -772,7 +772,7 @@ static int CmdHF14ADesInfo(const char *Cmd) { if (cardtype == DESFIRE_EV2 || cardtype == DESFIRE_EV2_XL || cardtype == DESFIRE_LIGHT || cardtype == DESFIRE_EV3 || - cardtype == NTAG413DNA || + cardtype == NTAG413DNA || cardtype == DUOX) { // Signature originality check uint8_t signature[250] = {0}; // must be 56 diff --git a/client/src/pm3line_vocabulary.h b/client/src/pm3line_vocabulary.h index 14c69c97c..f4155935e 100644 --- a/client/src/pm3line_vocabulary.h +++ b/client/src/pm3line_vocabulary.h @@ -279,6 +279,7 @@ const static vocabulary_t vocabulary[] = { { 1, "hf iclass view" }, { 0, "hf iclass wrbl" }, { 0, "hf iclass creditepurse" }, + { 0, "hf iclass trbl" }, { 0, "hf iclass chk" }, { 1, "hf iclass loclass" }, { 1, "hf iclass lookup" }, @@ -679,6 +680,7 @@ const static vocabulary_t vocabulary[] = { { 0, "lf hitag hts reader" }, { 0, "lf hitag hts rdbl" }, { 0, "lf hitag hts dump" }, + { 0, "lf hitag hts restore" }, { 0, "lf hitag hts wrbl" }, { 0, "lf hitag hts sim" }, { 1, "lf idteck help" }, diff --git a/doc/commands.json b/doc/commands.json index 0bc3bfc4a..157451109 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -3684,6 +3684,32 @@ ], "usage": "hf iclass sniff [-hj]" }, + "hf iclass trbl": { + "command": "hf iclass trbl", + "description": "Tear off an iCLASS tag block", + "notes": [ + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA -k 001122334455667B --tdb 100 --tde 150", + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA --ki 0 --tdb 100 --tde 150" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-k, --key Access key as 8 hex bytes", + "--ki Key index to select key from memory 'hf iclass managekeys'", + "--blk block number", + "-d, --data data to write as 8 hex bytes", + "-m, --mac replay mac data (4 hex bytes)", + "--credit key is assumed to be the credit key", + "--elite elite computations applied to key", + "--raw no computations applied to key", + "--nr replay of NR/MAC", + "-v, --verbose verbose output", + "--shallow use shallow (ASK) reader modulation instead of OOK", + "--tdb tearoff delay start in ms", + "--tde tearoff delay end in ms" + ], + "usage": "hf iclass trbl [-hv] [-k ] [--ki ] --blk -d [-m ] [--credit] [--elite] [--raw] [--nr] [--shallow] --tdb --tde " + }, "hf iclass unhash": { "command": "hf iclass unhash", "description": "Reverses the hash0 function used generate iclass diversified keys after DES encryption, Function returns the DES crypted CSN. Next step bruteforcing.", @@ -4314,7 +4340,7 @@ }, "hf mf autopwn": { "command": "hf mf autopwn", - "description": "This command automates the key recovery process on MIFARE Classic cards. It uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys. If all keys are found, it try dumping card content both to file and emulator memory.", + "description": "This command automates the key recovery process on MIFARE Classic cards. It uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys. If all keys are found, it try dumping card content both to file and emulator memory. default file name template is `hf-mf--.` using suffix the template becomes `hf-mf---.`", "notes": [ "hf mf autopwn", "hf mf autopwn -s 0 -a -k FFFFFFFFFFFF -> target MFC 1K card, Sector 0 with known key A 'FFFFFFFFFFFF'", @@ -4330,6 +4356,7 @@ "-a Input key A (def)", "-b Input key B", "-f, --file filename of dictionary", + "--suffix Add this suffix to generated files", "--slow Slower acquisition (required by some non standard cards)", "-l, --legacy legacy mode (use the slow `hf mf chk`)", "-v, --verbose verbose output", @@ -4345,7 +4372,7 @@ "--i2 AVX2", "--i5 AVX512" ], - "usage": "hf mf autopwn [-hablv] [-k ]... [-s ] [-f ] [--slow] [--ns] [--mini] [--1k] [--2k] [--4k] [--in] [--im] [--is] [--ia] [--i2] [--i5]" + "usage": "hf mf autopwn [-hablv] [-k ]... [-s ] [-f ] [--suffix ] [--slow] [--ns] [--mini] [--1k] [--2k] [--4k] [--in] [--im] [--is] [--ia] [--i2] [--i5]" }, "hf mf brute": { "command": "hf mf brute", @@ -8709,18 +8736,18 @@ }, "lf em 410x sim": { "command": "lf em 410x sim", - "description": "Enables simulation of EM 410x card. Simulation runs until the button is pressed or another USB command is issued.", + "description": "Enables simulation of EM 410x card. Simulation runs until the button is pressed or another USB command is issued. Most common readers expects the code to be sent in loop without a break (i.e. --gap 0). For other, more advanced readers there might be a need to set a non-zero gap value.", "notes": [ "lf em 410x sim --id 0F0368568B", "lf em 410x sim --id 0F0368568B --clk 32", - "lf em 410x sim --id 0F0368568B --gap 0" + "lf em 410x sim --id 0F0368568B --gap 20" ], "offline": false, "options": [ "-h, --help This help", "--clk <32|64> clock (default 64)", "--id EM Tag ID number (5 hex bytes)", - "--gap gap (0's) between ID repeats (default 20)" + "--gap gap (0's) between ID repeats (default 0)" ], "usage": "lf em 410x sim [-h] [--clk ] --id [--gap ]" }, @@ -9820,6 +9847,7 @@ "command": "lf hitag hts dump", "description": "Read all Hitag S memory and save to file Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", "notes": [ + "lf hitag hts dump --82xx -> use def pwd", "lf hitag hts dump --82xx -k BBDD3399 -> pwd mode", "lf hitag hts dump --crypto -> use def crypto", "lf hitag hts dump -k 4F4E4D494B52 -> crypto mode", @@ -9838,27 +9866,6 @@ ], "usage": "lf hitag hts dump [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ] [--ns]" }, - "lf hitag hts restore": { - "command": "lf hitag hts restore", - "description": "Restore a dump file onto Hitag S tag Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", - "notes": [ - "lf hitag hts restore -f myfile --82xx -k BBDD3399 -> pwd mode", - "lf hitag hts restore -f myfile --crypto -> use def crypto", - "lf hitag hts restore -f myfile -k 4F4E4D494B52 -> crypto mode", - "lf hitag hts restore -f myfile --nrar 0102030411223344" - ], - "offline": false, - "options": [ - "-h, --help This help", - "-8, --82xx 8268/8310 mode", - "--nrar nonce / answer writer, 8 hex bytes", - "--crypto crypto mode", - "-k, --key pwd or key, 4 or 6 hex bytes", - "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", - "-f, --file specify file name" - ], - "usage": "lf hitag hts restore [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ]" - }, "lf hitag hts help": { "command": "lf hitag hts help", "description": "help This help list List Hitag S trace history --------------------------------------------------------------------------------------- lf hitag hts list available offline: yes Alias of `trace list -t hitags` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", @@ -9917,6 +9924,28 @@ ], "usage": "lf hitag hts reader [-h@]" }, + "lf hitag hts restore": { + "command": "lf hitag hts restore", + "description": "Restore a dump file onto Hitag S tag Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", + "notes": [ + "lf hitag hts restore -f myfile --82xx -> use def pwd", + "lf hitag hts restore -f myfile --82xx -k BBDD3399 -> pwd mode", + "lf hitag hts restore -f myfile --crypto -> use def crypto", + "lf hitag hts restore -f myfile -k 4F4E4D494B52 -> crypto mode", + "lf hitag hts restore -f myfile --nrar 0102030411223344" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-8, --82xx 8268/8310 mode", + "--nrar nonce / answer writer, 8 hex bytes", + "--crypto crypto mode", + "-k, --key pwd or key, 4 or 6 hex bytes", + "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", + "-f, --file specify file name" + ], + "usage": "lf hitag hts restore [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ]" + }, "lf hitag hts sim": { "command": "lf hitag hts sim", "description": "Simulate Hitag S transponder You need to `lf hitag hts eload` first", @@ -9936,6 +9965,7 @@ "description": "Write a page in Hitag S memory. Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", "notes": [ "lf hitag hts wrbl -p 6 -d 01020304 -> Hitag S/8211, plain mode", + "lf hitag hts wrbl -p 6 -d 01020304 --82xx -> use def pwd", "lf hitag hts wrbl -p 6 -d 01020304 --82xx -k BBDD3399 -> 8268/8310, password mode", "lf hitag hts wrbl -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag S, challenge mode", "lf hitag hts wrbl -p 6 -d 01020304 --crypto -> Hitag S, crypto mode, default key", @@ -11819,7 +11849,7 @@ }, "mem load": { "command": "mem load", - "description": "Loads binary file into flash memory on device Warning: mem area to be written must have been wiped first ( this is already taken care when loading dictionaries )", + "description": "Loads binary file into flash memory on device Warning: mem area to be written must have been wiped first ( dictionaries are serviced as files in spiffs so no wipe is needed )", "notes": [ "mem load -f myfile -> upload file myfile values at default offset 0", "mem load -f myfile -o 1024 -> upload file myfile values at offset 1024", @@ -13063,8 +13093,8 @@ } }, "metadata": { - "commands_extracted": 751, + "commands_extracted": 753, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2024-12-09T14:16:07" + "extracted_on": "2025-01-05T12:10:45" } } diff --git a/doc/commands.md b/doc/commands.md index 139eb9e3b..fbee31f49 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -402,6 +402,7 @@ Check column "offline" for their availability. |`hf iclass view `|Y |`Display content from tag dump file` |`hf iclass wrbl `|N |`Write Picopass / iCLASS block` |`hf iclass creditepurse `|N |`Credit epurse value` +|`hf iclass trbl `|N |`Performs tearoff attack on iClass block` |`hf iclass chk `|N |`Check keys` |`hf iclass loclass `|Y |`Use loclass to perform bruteforce reader attack` |`hf iclass lookup `|Y |`Uses authentication trace to check for key in dictionary file` @@ -1083,8 +1084,8 @@ Check column "offline" for their availability. |`lf hitag hts reader `|N |`Act like a Hitag S reader` |`lf hitag hts rdbl `|N |`Read Hitag S page` |`lf hitag hts dump `|N |`Dump Hitag S pages to a file` +|`lf hitag hts restore `|N |`Restore Hitag S memory from dump file` |`lf hitag hts wrbl `|N |`Write Hitag S page` -|`lf hitag hts restore `|N |`Restore Hitag S memory from a dump file` |`lf hitag hts sim `|N |`Simulate Hitag S transponder` From c07b9f740d0bbc6d5422d5938cd6c584f8f4744c Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 27 Dec 2024 20:21:17 +0100 Subject: [PATCH 118/150] Add SLIX2 sample to recover_pk.py --- tools/recover_pk.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/recover_pk.py b/tools/recover_pk.py index 32fd01587..1e6bc33f7 100755 --- a/tools/recover_pk.py +++ b/tools/recover_pk.py @@ -153,9 +153,10 @@ def selftests(): {'name': "ICODE DNA, ICODE SLIX2", # ! tag UID is considered inverted: E0040118009B5FEE => EE5F9B00180104E0 - # TODO one more ICODE-DNA... + # uses secp128r1, None, 'samples': ["EE5F9B00180104E0", "32D9E7579CD77E6F1FA11419231E874826984C5F189FDE1421684563A9663377", - "838ED22A080104E0", "CAE8183CB4823C765AFDEB78C9D66C959990FD52A5820E76E1D6E025D76EAD79"], + "838ED22A080104E0", "CAE8183CB4823C765AFDEB78C9D66C959990FD52A5820E76E1D6E025D76EAD79", + "1F62C26F080104E0", "9F47BF33D9ED62A62AFEF5685BC4006CFB290C344EAD5C5B49BF976804A9EE62"], 'pk': "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, # {'name': "Minecraft Earth", # # uses secp256r1?, SHA-256, From 917be92afcaac379c04b5d07bc1dc6f97b048683 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 5 Jan 2025 14:27:14 +0100 Subject: [PATCH 119/150] typos --- client/src/cmdhfmf.c | 6 +++--- client/src/cmdlft55xx.c | 2 +- client/src/cmdtrace.c | 2 +- doc/ndef_type4a.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 36ebaf3c4..5a0724c8d 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -1117,7 +1117,7 @@ static int CmdHF14AMfRdSc(const char *Cmd) { } if (s >= MIFARE_4K_MAXSECTOR) { - PrintAndLogEx(WARNING, "Sector number must be less then 40"); + PrintAndLogEx(WARNING, "Sector number must be less than 40"); return PM3_EINVARG; } @@ -4492,7 +4492,7 @@ static int CmdHF14AMfEGetSc(const char *Cmd) { CLIParserFree(ctx); if (s >= MIFARE_4K_MAXSECTOR) { - PrintAndLogEx(WARNING, "Sector number must be less then 40"); + PrintAndLogEx(WARNING, "Sector number must be less than 40"); return PM3_EINVARG; } @@ -5556,7 +5556,7 @@ static int CmdHF14AMfCGetSc(const char *Cmd) { CLIParserFree(ctx); if (s >= MIFARE_4K_MAXSECTOR) { - PrintAndLogEx(WARNING, "Sector number must be less then 40"); + PrintAndLogEx(WARNING, "Sector number must be less than 40"); return PM3_EINVARG; } diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 48c2fa7a7..4f5f6c3ca 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -4266,7 +4266,7 @@ static int CmdT55xxProtect(const char *Cmd) { return PM3_SUCCESS; } -// if the difference between a and b is less then or eq to d i.e. does a = b +/- d +// if the difference between a and b is less than or eq to d i.e. does a = b +/- d #define APPROX_EQ(a, b, d) ((abs(a - b) <= d) ? true : false) static uint8_t t55sniff_get_packet(const int *pulseBuffer, char *data, uint8_t width0, uint8_t width1, uint8_t tolerance) { diff --git a/client/src/cmdtrace.c b/client/src/cmdtrace.c index 569e13e23..c91f6a31b 100644 --- a/client/src/cmdtrace.c +++ b/client/src/cmdtrace.c @@ -146,7 +146,7 @@ static uint16_t extractChallenges(uint16_t tracepos, uint16_t traceLen, uint8_t uint16_t data_len = hdr->data_len; uint8_t *frame = hdr->frame; - // sanity check tracking position is less then available trace size + // sanity check tracking position is less than available trace size if (tracepos + TRACELOG_HDR_LEN + data_len + TRACELOG_PARITY_LEN(hdr) > traceLen) { PrintAndLogEx(DEBUG, "trace pos offset %"PRIu64 " larger than reported tracelen %u", tracepos + TRACELOG_HDR_LEN + data_len + TRACELOG_PARITY_LEN(hdr), diff --git a/doc/ndef_type4a.md b/doc/ndef_type4a.md index 5a5c2c1a1..3a76a3150 100644 --- a/doc/ndef_type4a.md +++ b/doc/ndef_type4a.md @@ -50,7 +50,7 @@ Result ### Step 2 Create the Compatibility Container file (CC File) The CC File is a standard file to store the needed NDEF information to find your NDEF records. This example will contrain the setup for a single NDEF record. -Note: You can define more then one NDEF data file if needed (not covered in this example) +Note: You can define more than one NDEF data file if needed (not covered in this example) Type : Standard data file FID : 01 <- File ID can be any uniqure File ID for this AID From 86a7f8b495a982e2e51eed7e17be284f1778628e Mon Sep 17 00:00:00 2001 From: BlueChip Date: Sun, 5 Jan 2025 16:18:06 +0000 Subject: [PATCH 120/150] Revise 'RF08S_full' script to NOT attempt to recover a card it does not support (v1.4) --- .../{fm11rf08_full.py => fm11rf08s_full.py} | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) rename client/pyscripts/{fm11rf08_full.py => fm11rf08s_full.py} (98%) diff --git a/client/pyscripts/fm11rf08_full.py b/client/pyscripts/fm11rf08s_full.py similarity index 98% rename from client/pyscripts/fm11rf08_full.py rename to client/pyscripts/fm11rf08s_full.py index f5261dd0f..6f3dbc93e 100644 --- a/client/pyscripts/fm11rf08_full.py +++ b/client/pyscripts/fm11rf08s_full.py @@ -14,7 +14,7 @@ import json from fm11rf08s_recovery import recovery author = "@csBlueChip" -script_ver = "1.2.0" +script_ver = "1.4.0" # Copyright @csBlueChip @@ -33,7 +33,7 @@ script_ver = "1.2.0" # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The original version of this script can be found at: -# https://github.com/csBlueChip/Proxmark_Stuff/tree/main/MiFare_Docs/Fudan_RF08(S)/PM3_Script +# https://github.com/csBlueChip/Proxmark_Stuff/tree/main/MiFare_Docs/Fudan_RF08S/PM3_Script # The original version is released with an MIT Licence. # Or please reach out to me [BlueChip] personally for alternative licenses. @@ -117,7 +117,7 @@ globals: args = parseCli() # No logfile name yet - lprint("Fudan FM11RF08[S] full card recovery") + lprint("Fudan FM11RF08S full card recovery") lprint("\nDump folder... " + color(f"{dpath}", fg="yellow")) # FIXME: script is announced as for RF08 and for RF08S but it comprises RF32N key @@ -204,7 +204,7 @@ def checkVer(): def parseCli(): """Parse the CLi arguments""" - parser = argparse.ArgumentParser(description='Full recovery of Fudan FM11RF08* cards.') + parser = argparse.ArgumentParser(description='Full recovery of Fudan FM11RF08S cards.') parser.add_argument('-n', '--nokeys', action='store_true', help='extract data even if keys are missing') parser.add_argument('-r', '--recover', action='store_true', help='run key recovery script if required') @@ -268,7 +268,7 @@ def getUIDfromBlock0(blk0): def decodeBlock0(blk0): """Extract data from block 0""" lprint() - lprint(" UID BCC ++----- RF08 ID -----++") + lprint(" UID BCC ++---- RF08* ID -----++") lprint(" ! ! SAK !! !!") lprint(" ! ! ! ATQA !! Fudan Sig !!") lprint(" !---------. !. !. !---. VV .---------------. VV") @@ -294,10 +294,13 @@ def decodeBlock0(blk0): hash = blk0[27:44] # Fudan hash "99 AA BB CC DD EE" + is08S = False + type = f"[{fida:02X}:{fidb:02X}]" # type/name if fidb == 0x90: if fida == 0x01 or fida == 0x03 or fida == 0x04: type += " - Fudan FM11RF08S" + is08S = True elif fidb == 0x1D: if fida == 0x01 or fida == 0x02 or fida == 0x03: @@ -336,6 +339,11 @@ def decodeBlock0(blk0): lprint(f" Fudan ID : {type}") # show type lprint(f" Fudan Sig: {hash}") # show ?Partial HMAC? + if not is08S: + lprint("\n This script is only for the RF08S cards") + lprint(" Other cards can be cracked with `hf mf autopwn`") + sys.exit(13) + def fudanValidate(blk0, live=False): """Fudan validation""" From 5b5f1722b0d465d6dfd10d902438dfa48c0a93a9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jan 2025 17:56:01 +0100 Subject: [PATCH 121/150] minor changes with init and doubleing the EMRTD_MAX_FILE_SIZE to 70 000 bytes. Which might help for some files --- client/src/cmdhfemrtd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 27392240e..af480c5f0 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -39,7 +39,7 @@ // Average EF_DG2 seems to be around 20-25kB or so, but ICAO doesn't set an upper limit // Iris data seems to be suggested to be around 35kB per eye (Presumably bumping up the file size to around 70kB) // but as we cannot read that until we implement PACE, 35k seems to be a safe point. -#define EMRTD_MAX_FILE_SIZE 35000 +#define EMRTD_MAX_FILE_SIZE 70000 // ISO7816 commands #define EMRTD_P1_SELECT_BY_EF 0x02 @@ -411,13 +411,13 @@ static void emrtd_deskey(uint8_t *seed, const uint8_t *type, int length, uint8_t PrintAndLogEx(DEBUG, "seed.............. %s", sprint_hex_inrow(seed, 16)); // combine seed and type - uint8_t data[50]; + uint8_t data[50] = { 0x00 }; memcpy(data, seed, length); memcpy(data + length, type, 4); PrintAndLogEx(DEBUG, "data.............. %s", sprint_hex_inrow(data, length + 4)); // SHA1 the key - unsigned char key[64]; + unsigned char key[64] = { 0x00 }; sha1hash(data, length + 4, key); PrintAndLogEx(DEBUG, "key............... %s", sprint_hex_inrow(key, length + 4)); @@ -945,7 +945,7 @@ static bool emrtd_do_bac(char *documentnumber, char *dob, char *expiry, uint8_t char dobcd = emrtd_calculate_check_digit(dob); char expirycd = emrtd_calculate_check_digit(expiry); - char kmrz[25]; + char kmrz[25] = { 0x00 }; snprintf(kmrz, sizeof(kmrz), "%s%i%s%i%s%i", documentnumber, documentnumbercd, dob, dobcd, expiry, expirycd); PrintAndLogEx(DEBUG, "kmrz.............. " _GREEN_("%s"), kmrz); From df2cf0a9484258a855c610087aeda60659bfe5e5 Mon Sep 17 00:00:00 2001 From: Adam Jon Foster Date: Tue, 7 Jan 2025 06:17:37 +0800 Subject: [PATCH 122/150] Added SEOS Support Added generic SEOS Support with the following commands; - `hf seos info` (slightly improved from the original - `hf seos pacs` (return the SIO value from the default ADF and default tag) - `hf seos adf ` (send a get data request to an ADF with a custom tag list) - `hf seos gdf` (make a request for a GDF based upon a command found in their docs) - `hf seos managekeys` (manage your own keys used for SEOS commands) You still need keys to use this commandset, this does not have any keys and is theoretical at this stage until someone tests it with the keys. Signed-off-by: Adam Jon Foster --- client/src/cmdhfseos.c | 1588 +++++++++++++++++++++++++++++++++++++++- client/src/cmdhfseos.h | 3 +- 2 files changed, 1559 insertions(+), 32 deletions(-) diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index 4ab7c1b15..fe57b7c76 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -23,85 +23,1303 @@ #include "cmdparser.h" // command_t #include "comms.h" // clearCommandBuffer #include "cmdtrace.h" +#include +#include +#include "fileutils.h" #include "crc16.h" #include "ui.h" #include "cmdhf14a.h" // manufacture #include "protocols.h" // definitions of ISO14A/7816 protocol #include "iso7816/apduinfo.h" // GetAPDUCodeDescription #include "crypto/asn1utils.h" // ASN1 decode / print +#include "crypto/libpcrypto.h" // AES decrypt #include "commonutil.h" // get_sw #include "protocols.h" // ISO7816 APDU return codes +static uint8_t zeros[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + static int CmdHelp(const char *Cmd); -static int seos_select(void) { - bool activate_field = true; - bool keep_field_on = true; +typedef struct { + uint8_t nonce[8]; + uint8_t privEncKey[16]; + uint8_t privMacKey[16]; + uint8_t readKey[16]; + uint8_t writeKey[16]; + uint8_t adminKey[16]; +} keyset_t; + +keyset_t keys[] = { + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, +}; + +typedef struct { + const int value; + const char* name; +} known_algo_t; + +static const known_algo_t known_algorithm_map[] = { + {2, "2K3DES_CBC_MODE"}, + {4, "3K3DES_CBC_MODE"}, + {6, "SHA-1"}, + {7, "SHA-256"}, + {9, "AES-128_CBC_MODE"}, +}; + +static int create_cmac (uint8_t* key, uint8_t* input, uint8_t* out, int input_len, int encryption_algorithm) { + uint8_t iv[16] = {0x00}; + + if (encryption_algorithm == 0x09) { + // Working as expected + aes_cmac(iv, key, input, out, input_len); + } + else if (encryption_algorithm == 0x02) { + // CMAC Requires a 24 byte key, but the 2k3DES uses the 1st part for the 3rd part of the key + memcpy(&key[16], &key[0], 8); + + const mbedtls_cipher_info_t* ctx; + ctx = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB); + mbedtls_cipher_cmac(ctx, key, 192, input, input_len, out); + } else { + PrintAndLogEx(ERR, _RED_("Unknown Encryption Algorithm")); + return PM3_ESOFT; + } + return PM3_SUCCESS; +} + +static int create_cryptogram (uint8_t* key, uint8_t* input, uint8_t* out, int input_len, int encryption_algorithm) { + uint8_t iv[16] = {}; + + if (encryption_algorithm == 0x09) { + aes_encode(iv, key, input, out, input_len); + } else if (encryption_algorithm == 0x02) { + mbedtls_des3_context ctx3; + mbedtls_des3_set2key_enc(&ctx3, key); + mbedtls_des3_crypt_cbc(&ctx3, MBEDTLS_DES_ENCRYPT, input_len, iv, input, out); + mbedtls_des3_free(&ctx3); + } else { + PrintAndLogEx(ERR, _RED_("Unknown Encryption Algorithm")); + return PM3_ESOFT; + } + + return PM3_SUCCESS; +} + +static int decrypt_cryptogram (uint8_t* key, uint8_t* input, uint8_t* out, int input_len, int encryption_algorithm) { + uint8_t iv[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + + if (encryption_algorithm == 0x09) { + aes_decode(iv, key, input, out, input_len); + } else if (encryption_algorithm == 0x02) { + mbedtls_des3_context ctx3; + mbedtls_des3_set2key_dec(&ctx3, key); + mbedtls_des3_crypt_cbc(&ctx3, MBEDTLS_DES_DECRYPT, input_len, iv, input, out); + mbedtls_des3_free(&ctx3); + } else { + PrintAndLogEx(ERR, "Unknown Encryption Algorithm"); + return PM3_ESOFT; + } + + return PM3_SUCCESS; +} + +static void increment_command_wrapper(uint8_t* input, int input_len) { + input[input_len-1]++; // Increment the last element of the header by 1 +} + +static void padToBlockSize(const uint8_t* input, int inputSize, int blockSize, uint8_t* output) { + int paddingSize = blockSize - (inputSize % blockSize); + memcpy(output, input, inputSize); + memset(output + inputSize, 0x80, 1); + memset(output + inputSize + 1, 0x00, paddingSize - 1); +} + +static void generate_command_wrapping(uint8_t *command_Header, int command_header_len, uint8_t *unencrypted_Command, int unencrypted_command_len ,uint8_t *rndICC, uint8_t *rndIFD, uint8_t *diversified_enc_key, uint8_t *diversified_mac_key, int encryption_algorithm, uint8_t *command, int *command_len) { + int block_size = 0; + + if (encryption_algorithm == 0x02) { + block_size = 8; + } + else if (encryption_algorithm == 0x09) { + block_size = 16; + } + else { + PrintAndLogEx(ERR, _RED_("Unknown Encryption Algorithm")); + return; + } + + uint8_t rndCounter[block_size]; + memcpy (rndCounter, rndICC, block_size / 2); + memcpy (rndCounter + block_size / 2, rndIFD, block_size/2); + increment_command_wrapper(rndCounter, block_size); + + // Command Header is for the APDU Command to be sent + uint8_t padded_Command_Header[block_size]; + padToBlockSize(command_Header, command_header_len, block_size, padded_Command_Header); + + // Unencrypted Command is our actual command data + uint8_t padded_unencrypted_Command[block_size]; + padToBlockSize(unencrypted_Command, unencrypted_command_len, block_size, padded_unencrypted_Command); + + uint8_t padded_encrypted_Command[block_size]; + create_cryptogram(diversified_enc_key, padded_unencrypted_Command, padded_encrypted_Command, sizeof(padded_unencrypted_Command), encryption_algorithm); + + uint8_t asn1_tag_cryptograph[2] = {0x85,ARRAYLEN(padded_encrypted_Command)}; + uint8_t asn1_tag_mac[2] = {0x8e,0x08}; + uint8_t command_trailer[2] = {0x97,0x00}; + uint8_t padded_command_trailer[block_size - ARRAYLEN(command_trailer)]; + padToBlockSize(command_trailer, sizeof(command_trailer), block_size, padded_command_trailer); + + uint8_t toEncrypt[ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(padded_command_trailer)]; + + memcpy(toEncrypt, rndCounter, ARRAYLEN(rndCounter)); + memcpy(toEncrypt + ARRAYLEN(rndCounter), padded_Command_Header, ARRAYLEN(padded_Command_Header)); + memcpy(toEncrypt + ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header), asn1_tag_cryptograph, ARRAYLEN(asn1_tag_cryptograph)); + memcpy(toEncrypt + ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header) + ARRAYLEN(asn1_tag_cryptograph), padded_encrypted_Command, ARRAYLEN(padded_encrypted_Command)); + memcpy(toEncrypt + ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command), padded_command_trailer, ARRAYLEN(padded_command_trailer)); + + // Breakdown + // 0181e43801010201 + 0000000000000001 + 0CCB3FFF800000000000000000000000 + 8510EB54DA90CB43AEE7FBFE816ECA25A10D + 9700 + 800000000000000000000000 + + uint8_t mac[8]; + create_cmac(diversified_mac_key, toEncrypt, mac, sizeof(toEncrypt), encryption_algorithm); + + // PrintAndLogEx(SUCCESS, "Encryption Key................... " _YELLOW_("%s"), sprint_hex_inrow(diversified_enc_key, 24)); + // PrintAndLogEx(SUCCESS, "MAC Key.......................... " _YELLOW_("%s"), sprint_hex_inrow(diversified_mac_key, 24)); + // PrintAndLogEx(SUCCESS, "rndCounter....................... " _YELLOW_("%s"), sprint_hex_inrow(rndCounter,sizeof(rndCounter))); + // PrintAndLogEx(SUCCESS, "padded_encrypted_Command......... " _YELLOW_("%s"), sprint_hex_inrow(padded_encrypted_Command,sizeof(padded_encrypted_Command))); + // PrintAndLogEx(SUCCESS, "toEncrypt........................ " _YELLOW_("%s"), sprint_hex_inrow(toEncrypt,sizeof(toEncrypt))); + // PrintAndLogEx(SUCCESS, "MAC.............................. " _YELLOW_("%s"), sprint_hex_inrow(mac,sizeof(mac))); + + uint8_t sizeofcommand[1] = {ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac)+ ARRAYLEN(mac)}; + uint8_t respondTo[1] = {0x00}; + + uint8_t completedCommand[command_header_len + 1 + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac)+ ARRAYLEN(mac) + 1]; + memcpy(completedCommand, command_Header, command_header_len); + memcpy(completedCommand + command_header_len, sizeofcommand, ARRAYLEN(sizeofcommand)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand), asn1_tag_cryptograph, ARRAYLEN(asn1_tag_cryptograph)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph), padded_encrypted_Command, ARRAYLEN(padded_encrypted_Command)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command), command_trailer, ARRAYLEN(command_trailer)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer), asn1_tag_mac, ARRAYLEN(asn1_tag_mac)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac), mac, ARRAYLEN(mac)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac) + ARRAYLEN(mac), respondTo, 1); + + // PrintAndLogEx(INFO, "--- " _CYAN_("Command Generation") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Command Header................... " _YELLOW_("%s"), sprint_hex_inrow(command_Header,sizeof(command_Header))); + // PrintAndLogEx(SUCCESS, "Payload.......................... " _YELLOW_("%s"), sprint_hex_inrow(unencrypted_Command,sizeof(unencrypted_Command))); + // PrintAndLogEx(SUCCESS, "completedCommand................. " _YELLOW_("%s"), sprint_hex_inrow(completedCommand,sizeof(completedCommand))); + + memcpy(command, completedCommand, ARRAYLEN(completedCommand)); + *command_len = ARRAYLEN(completedCommand); + //return; +} + +static int seos_get_data(uint8_t *rndICC, uint8_t *rndIFD, uint8_t *diversified_enc_key, uint8_t *diversified_mac_key, uint8_t *sioOutput, int* sio_size, int encryption_algorithm, uint8_t* get_data_tlv, int get_data_tlv_len) { + // Intergrating our command generation with the GetData request to make my life easier in the future + + // Command Header is for the Get Data Command using + // `0C` - Secure messaging – ISO/IEC 7816 standard, command header authenticated (C-MAC) + // `CB` - GET DATA + // uint8_t command_header[4] = {0x0c,0xcb,0x3f,0xff}; + uint8_t cla[1] = {0x0c}; // Secure Messaging Command Header + uint8_t ins[1] = {0xcb}; // GET DATA Instruction + uint8_t p1[1] = {0x3f}; // High order tag value (accoring to NIST.SP.800-73pt2-5.pdf, this is the hardcoded tag value) + uint8_t p2[1] = {0xff}; // Low order tag value + + // command builder + uint8_t command_header[ARRAYLEN(cla) + ARRAYLEN(ins) + ARRAYLEN(p1) + ARRAYLEN(p2)]; + memcpy(command_header, cla, ARRAYLEN(cla)); + memcpy(command_header + ARRAYLEN(cla), ins, ARRAYLEN(ins)); + memcpy(command_header + ARRAYLEN(cla) + ARRAYLEN(ins), p1, ARRAYLEN(p1)); + memcpy(command_header + ARRAYLEN(cla) + ARRAYLEN(ins) + ARRAYLEN(p1), p2, ARRAYLEN(p2)); + + int command_header_len = ARRAYLEN(command_header); + + // Command to be sent + // 5c [02] ff 00 + // 5c = tag list data object + // BER-TLV tag of the data object to be retrieved + // uint8_t unencrypted_command[4] = {0x5c,0x02,0xff,0x00}; + // Modification of the tags 2nd place from 00 can return other data + + uint8_t unencrypted_command[get_data_tlv_len]; + memcpy(unencrypted_command, get_data_tlv, get_data_tlv_len); + + int unencrypted_command_len = ARRAYLEN(unencrypted_command); + + uint8_t command_buffer[254]; + int command_len = 0; + + // PrintAndLogEx(SUCCESS, "Raw Command...................... " _YELLOW_("%s"), sprint_hex_inrow(unencrypted_command, get_data_tlv_len)); + generate_command_wrapping(command_header, command_header_len, unencrypted_command, unencrypted_command_len, rndICC, rndIFD, diversified_enc_key, diversified_mac_key, encryption_algorithm, command_buffer, &command_len); + + // Convert command from buffer to stream + uint8_t command_convert[command_len]; + memcpy(command_convert, command_buffer, command_len); + char completedCommandChar[sizeof(command_len) * 2 + 1]; + for (int i = 0; i < sizeof(command_convert); i++) { + snprintf(&completedCommandChar[i * 2], 3, "%02X", command_convert[i]); + } + // PrintAndLogEx(SUCCESS, "Command.......................... " _YELLOW_("%s"), completedCommandChar); + + // ------------------- Send Command ------------------- uint8_t response[PM3_CMD_DATA_SIZE]; int resplen = 0; - // --------------- Select SEOS applet ---------------- - uint8_t aSELECT_AID[80]; - int aSELECT_AID_n = 0; - param_gethex_to_eol("00a404000aa000000440000101000100", 0, aSELECT_AID, sizeof(aSELECT_AID), &aSELECT_AID_n); - int res = ExchangeAPDU14a(aSELECT_AID, aSELECT_AID_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + bool activate_field = false; + bool keep_field_on = true; + + uint8_t aGET_CHALLENGE[100]; + int aGET_CHALLENGE_n = command_len; + param_gethex_to_eol(completedCommandChar, 0, aGET_CHALLENGE, sizeof(aGET_CHALLENGE), &aGET_CHALLENGE_n); + int res = ExchangeAPDU14a(aGET_CHALLENGE, aGET_CHALLENGE_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Get Data Failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + + PrintAndLogEx(INFO, "--- " _CYAN_("Get Data") " ---------------------------"); + // Raw response contains a few values + // 85 is our cryptogram response (64 bytes) + // 99 is our status word response (2 bytes) + // 8E is our MAC response (8 bytes) + // PrintAndLogEx(SUCCESS, "Raw Response..................... " _YELLOW_("%s"), sprint_hex_inrow(response, (resplen - 2))); + + uint8_t cryptogram[64]; + uint8_t responseCode[2]; + uint8_t tag[2] = {0x00,0x00}; + int getDataSize = 0; + + // ------------------- Cryptogram Response ------------------- + if (resplen >= 2 && response[0] == 0x85 && response[1] == 0x40) { + uint8_t decrypted[64]; + memcpy(cryptogram, response + 2, 64); + memcpy(responseCode, response + 68, 2); + + // Decrypt the response + decrypt_cryptogram(diversified_enc_key, cryptogram, decrypted, sizeof(cryptogram), encryption_algorithm); + + // Response Format + // FF0038302F8102578CA5020500A6088101010403030008A7178515D65ED945996AB9107CD6D3E6011F56FFDD9CFFC780A9020500050000000000008000000000 + + // FF00 is our inputed tag value + // 38 is our len + + // PrintAndLogEx(SUCCESS, "Cryptogram....................... " _YELLOW_("%s"), sprint_hex_inrow(cryptogram, sizeof(cryptogram))); + // PrintAndLogEx(SUCCESS, "Decrypted........................ " _YELLOW_("%s"), sprint_hex_inrow(decrypted, sizeof(decrypted))); + + getDataSize = decrypted[2]; + memcpy(tag, decrypted, ARRAYLEN(tag)); + memmove(decrypted, decrypted + 1, sizeof(decrypted) - 1); + memmove(sioOutput, decrypted + 2, getDataSize); + *sio_size = getDataSize; + memcpy(responseCode, response + 68, 2); + + PrintAndLogEx(SUCCESS, "Response Code.................... " _YELLOW_("%s"), sprint_hex_inrow(responseCode, (ARRAYLEN(responseCode)))); + PrintAndLogEx(SUCCESS, "Output........................... " _YELLOW_("%s"), sprint_hex_inrow(sioOutput, getDataSize)); + } + else if (resplen >= 2 && response[0] == 0x99) { + memcpy(responseCode, response + 2, 2); + // PrintAndLogEx(SUCCESS, "Raw Response..................... " _YELLOW_("%s"), sprint_hex_inrow(response, (resplen - 2))); + PrintAndLogEx(SUCCESS, "Response Code.................... " _YELLOW_("%s"), sprint_hex_inrow(responseCode, (ARRAYLEN(responseCode)))); + } + + return PM3_SUCCESS; +}; + +static void set_counter_big_endian(uint8_t *buffer, uint32_t counter) { + buffer[0] = (counter >> 24) & 0xFF; + buffer[1] = (counter >> 16) & 0xFF; + buffer[2] = (counter >> 8) & 0xFF; + buffer[3] = counter & 0xFF; +} + +static void create_mutual_auth_key(uint8_t* KEYIFD, uint8_t* KEYICC, uint8_t* RNDICC, uint8_t* RNDIFD, uint8_t* EncryptionKey, uint8_t* MACKey, int encryptionAlgorithm ,int HashingAlgorithm) { + // Creating Mutual Authentication Keys + // Structure + // Prefix = 00000000 + // keyIFD.substring(16) = 0000000000000000 IFD = Interface Device + // keyICC.substring(16) = 0000000000000000 ICC = Integrated Circuit Card + // hashing algorithm x2 = 09 09 + // randomICC = 0000000000000000 ICC = Integrated Circuit Card + // RandomIFD = 0000000000000000 IFD = Interface Device + // Will always be 38 bytes + // + // 00000000 E0EC1F2D7B000000 F0EC1F2D7B000000 09 09 B0EC1F2D7B000000B8EC1F2D7B000000 + + uint8_t prefix[4] = {0x00,0x00,0x00,0x00}; + uint8_t aHashingAlgorithm[2] = {encryptionAlgorithm,encryptionAlgorithm}; + uint8_t hash_in[38]; + + memcpy(hash_in, prefix, 4); + memcpy(hash_in + 4, KEYIFD, 8); + memcpy(hash_in + 12, KEYICC, 8); + memcpy(hash_in + 20, aHashingAlgorithm, 2); + memcpy(hash_in + 22, RNDICC, 8); + memcpy(hash_in + 30, RNDIFD, 8); + + // PrintAndLogEx(INFO, "--- " _CYAN_("Mutual Auth Keys") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Prefix........................... " _YELLOW_("%s"), sprint_hex_inrow(prefix, ARRAYLEN(prefix))); + // PrintAndLogEx(SUCCESS, "KeyIFD........................... " _YELLOW_("%s"), sprint_hex_inrow(KEYIFD, 8)); + // PrintAndLogEx(SUCCESS, "KeyICC........................... " _YELLOW_("%s"), sprint_hex_inrow(KEYICC, 8)); + // PrintAndLogEx(SUCCESS, "HashingAlgo...................... " _YELLOW_("%s"), sprint_hex_inrow(aHashingAlgorithm, ARRAYLEN(aHashingAlgorithm))); + // PrintAndLogEx(SUCCESS, "RandomICC........................ " _YELLOW_("%s"), sprint_hex_inrow(RNDICC, 8)); + // PrintAndLogEx(SUCCESS, "RandomIFD........................ " _YELLOW_("%s"), sprint_hex_inrow(RNDIFD, 8)); + // PrintAndLogEx(SUCCESS, "hash Input....................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + + uint8_t output[128]; // Buffer to store the two 32-byte keys + uint8_t hashedOutput[128]; + uint32_t counter = 1; + + // Generate the first key + set_counter_big_endian(hash_in, counter); // Set the counter in big-endian format + // PrintAndLogEx(SUCCESS, "key_out_temp..................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + + if (HashingAlgorithm == 0x06) { + sha1hash(hash_in, sizeof(hash_in), hashedOutput); + //PrintAndLogEx(SUCCESS, "key_out_temp..................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + memcpy(output, hashedOutput, 20); + counter++; + set_counter_big_endian(hash_in, counter); + sha1hash(hash_in, sizeof(hash_in), hashedOutput); + memcpy(output + 20, hashedOutput, 20); + //PrintAndLogEx(SUCCESS, "key_out_temp..................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + } + else if (HashingAlgorithm == 0x07) { + sha256hash(hash_in, sizeof(hash_in), hashedOutput); + memcpy(output, hashedOutput, 32); + } + else { + // Yes they generate their encryption keys and mac keys in a weird way for no fucking reason, the 2nd cycle isn't required. + PrintAndLogEx(ERR, _RED_("Unknown Hashing Algorithm")); + return; + } + + + memcpy(EncryptionKey, output, 16); + memcpy(MACKey, output + 16, 16); + + + // PrintAndLogEx(INFO, "--- " _CYAN_("New Key Generation") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Hash Output...................... " _YELLOW_("%s"), sprint_hex_inrow(output,ARRAYLEN(output))); + // PrintAndLogEx(SUCCESS, "Encryption Key................... " _YELLOW_("%s"), sprint_hex_inrow(EncryptionKey, 16)); + // PrintAndLogEx(SUCCESS, "MAC Key.......................... " _YELLOW_("%s"), sprint_hex_inrow(MACKey, 16)); +} + +static int seos_challenge_get(uint8_t* RNDICC, uint8_t RNDICC_len) { + uint8_t response[PM3_CMD_DATA_SIZE]; + int resplen = 0; + + bool activate_field = false; + bool keep_field_on = true; + + // The Get Challenge seems to be static across all tested cards + // 00870001047c02810000 + + char getChallengePre[21]; + strcpy(getChallengePre, "008700"); + const char keyslot_str[3] = "01"; + //snprintf(keyslot_str, sizeof(keyslot_str), "%02X", keyslot); + strcat(getChallengePre, keyslot_str); + strcat(getChallengePre, "047c02810000"); + + uint8_t aGET_CHALLENGE[12]; + int aGET_CHALLENGE_n = 0; + param_gethex_to_eol(getChallengePre, 0, aGET_CHALLENGE, sizeof(aGET_CHALLENGE), &aGET_CHALLENGE_n); + int res = ExchangeAPDU14a(aGET_CHALLENGE, aGET_CHALLENGE_n, activate_field, keep_field_on, response, sizeof(response), &resplen); if (res != PM3_SUCCESS) { DropField(); return res; } - if (resplen < 2) { + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Get Challenge Failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + memcpy(RNDICC, &response[4], 8); + + // Response looks like + // 7C0A810897460AC7535731F8 + // |----------|------------------| + // | 7C0A8108 | 97460AC7535731F8 | + // | Static | RND.ICC | + // |----------|------------------| + // 7C 0A 81 08 18 1E 43 80 10 10 20 11 + // 81 is the ASN.1 tag + + uint8_t staticResponse[8] = {0x01,0x81,0xE4,0x38,0x01,0x01,0x02,0x01}; + + PrintAndLogEx(INFO, "--- " _CYAN_("Get Challenge") " ---------------------------"); + //PrintAndLogEx(SUCCESS, "Challenge Input: " _YELLOW_("%s"), getChallengePre); + if (memcmp(RNDICC, staticResponse, 8) == 0) { + PrintAndLogEx(SUCCESS, "Static Response Detected......... " _GREEN_("%s"), sprint_hex_inrow(RNDICC, sizeof(RNDICC))); + } else { + PrintAndLogEx(SUCCESS, "RND.ICC.......................... " _YELLOW_("%s"), sprint_hex_inrow(RNDICC, sizeof(RNDICC))); + } + + return PM3_SUCCESS; +}; + +int seos_kdf(bool encryption, uint8_t* masterKey, uint8_t keyslot, + uint8_t* adfOid, size_t adfoid_len, uint8_t* diversifier, uint8_t diversifier_len, uint8_t* out, int encryption_algorithm, int hash_algorithm) { + + // Encryption key = 04 + // KEK Encryption key = 05 + // MAC key = 06 + // KEK MAC key = 07 + + uint8_t typeOfKey = 0x06; + if (encryption == true) { + typeOfKey = 0x04; + } + + uint8_t inputPre[] = { + // Padding + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, typeOfKey, 0x00, 0x00, 0x80, 0x01, + encryption_algorithm, hash_algorithm, keyslot + }; + + // 00000000000000000000000600008001 09 07 00 06112B0601040181E438010102011801010202 EFB08A28B0529F + // 00000000000000000000000400008001 09 07 00 06112B0601040181E438010102011801010202 EFB08A28B0529F + // 06112B0601040181E438010102011801010202 CF 07 EFB08A28B0529F DBA240413B0969B7111F4B6133A3DEFAD934B6DC + + + uint8_t input[sizeof(inputPre) + adfoid_len + diversifier_len]; + + memset(input, 0, sizeof(input)); + + memcpy(input, inputPre, sizeof(inputPre)); + memcpy(input + sizeof(inputPre), adfOid, adfoid_len); + memcpy(input + sizeof(inputPre) + adfoid_len, diversifier, diversifier_len); + + // PrintAndLogEx(SUCCESS, "adfOid: " _YELLOW_("%s"), sprint_hex_inrow(adfOid, 16)); + // PrintAndLogEx(SUCCESS, "diversifier: " _YELLOW_("%s"), sprint_hex_inrow(diversifier, 7)); + // PrintAndLogEx(SUCCESS, "Input: " _YELLOW_("%s"), sprint_hex_inrow(input, (sizeof(input)))); + + // ----------------- AES Key Generation ----------------- + uint8_t AES_iv[16] = {}; + + aes_cmac(AES_iv, masterKey, input, out, sizeof(input)); + return PM3_SUCCESS; +}; + +static int select_DF_verify(uint8_t* response, uint8_t response_length, uint8_t* MAC_value, size_t MAC_value_len, int encryption_algorithm, int key_index) { + uint8_t input[response_length - 10]; + // Response is an ASN.1 encoded structure + // Extract everything before the 8E tag + for (int i = 0; i < response_length; i++) { + // extract MAC + if (response[i] == 0x8E) { + memcpy(input, response, i); + memcpy(MAC_value, response + (i + 2), MAC_value_len); + } + } + + // ----------------- MAC Key Generation ----------------- + uint8_t cmac[8]; + uint8_t MAC_key[24] = {0x00}; + memcpy(MAC_key, keys[key_index].privMacKey, 16); + create_cmac(MAC_key, input, cmac, sizeof(input), encryption_algorithm); + + // PrintAndLogEx(INFO, "--- " _CYAN_("MAC") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "MAC Key: "_YELLOW_("%s"), sprint_hex_inrow(MAC_key,sizeof(MAC_key))); + // PrintAndLogEx(SUCCESS, "Message: " _YELLOW_("%s"), sprint_hex_inrow(input,sizeof(input))); + + if (memcmp(cmac, MAC_value, MAC_value_len) == 0) { + // PrintAndLogEx(SUCCESS, _GREEN_("MAC Verification successful")); + return PM3_SUCCESS; + } + // PrintAndLogEx(INFO, "MAC Type......................... " _YELLOW_("%s"), algorithm_name1); + // PrintAndLogEx(INFO, "Supp MAC......................... " _YELLOW_("%s"), sprint_hex_inrow(MAC_value, MAC_value_len)); + // PrintAndLogEx(INFO, "Calc MAC......................... " _YELLOW_("%s"), sprint_hex_inrow(cmac, sizeof(cmac))); + PrintAndLogEx(INFO, "--- " _CYAN_("MAC") " ---------------------------"); + PrintAndLogEx(ERR, _RED_("MAC Verification Failed")); + + return PM3_ESOFT; +} + +static int select_df_decode(uint8_t* response, uint8_t response_length, int* ALGORITHM_INFO_value1, int* ALGORITHM_INFO_value2, uint8_t* CRYPTOGRAM_encrypted_data, uint8_t* MAC_value) { + // Response is an ASN.1 encoded structure + // ASN.1 Information + // CF = Diversifier + // + // CD = ALGORITHM_INFO + // 02 = 3DES 2K (TWO_KEY_3DES_CBC_MODE) + // 04 = 3K3DES (THREE_KEY_3DES_CBC_MODE) + // 06 = SHA-1 (hash assigned to RSA-1024) + // 07 = SHA-256 + // 09 = AES-128 (AES_128_CBC) + // 85 = CRYPTOGRAM + // First 16 bytes what I guess is a nonce + // Followed with the ADF selected, then the diversifier + // 8E = MAC + + /* + [+] Raw ADF Response: CD0209078540EAA1E1966D666D1FBA14098700071D1DEE24B74CAC87D182EF1700B9946D697E60F87B0FB703C12AE0F83F579A9BF4888DF6B7691BBA6A404C797356F8457E488E088149C86A535EF86A + [=] -- CD [02] 'elem' + [=] 00: 09 07 | .. + [=] -- 85 [40] 'elem' + [=] 00: EA A1 E1 96 6D 66 6D 1F BA 14 09 87 00 07 1D 1D | ....mfm......... + [=] 10: EE 24 B7 4C AC 87 D1 82 EF 17 00 B9 94 6D 69 7E | .$.L.........mi~ + [=] 20: 60 F8 7B 0F B7 03 C1 2A E0 F8 3F 57 9A 9B F4 88 | `.{....*..?W.... + [=] 30: 8D F6 B7 69 1B BA 6A 40 4C 79 73 56 F8 45 7E 48 | ...i..j@LysV.E~H + [=] -- 8E [08] 'elem' + [=] 00: 81 49 C8 6A 53 5E F8 6A | .I.jS^.j + */ + int ALGORITHM_INFO_value1_n = 0; + int ALGORITHM_INFO_value2_n = 0; + int bufferPoint = 0; + + for (int i = 0; i < response_length; i++) { + // ALGORITHM_INFO + if (response[i] == 0xCD) { + *ALGORITHM_INFO_value1 = (int)response[i + 2]; + ALGORITHM_INFO_value1_n = response[i + 2]; + *ALGORITHM_INFO_value2 = (int)response[i + 3]; + ALGORITHM_INFO_value2_n = response[i + 3]; + bufferPoint = i + (i + 1); + break; + } + } + + for (int i = bufferPoint ; i < response_length; i++) { + // CRYPTOGRAM + if (response[i] == 0x85) { + memcpy(CRYPTOGRAM_encrypted_data, &response[i + 2], 64); + bufferPoint = i + (i + 1); + break; + } + } + + for (int i = bufferPoint; i < response_length; i++) { + // MAC + if (response[i] == 0x8E) { + memcpy(MAC_value, &response[i + 2], 8); + } + } + + const char* algorithm_name1 = NULL; + for (int i = 0; i < ARRAYLEN(known_algorithm_map); i++) { + if ((known_algorithm_map[i].value) == ALGORITHM_INFO_value1_n) { + algorithm_name1 = known_algorithm_map[i].name; + break; + } + } + + const char* algorithm_name2 = NULL; + for (int i = 0; i < ARRAYLEN(known_algorithm_map); i++) { + if (known_algorithm_map[i].value == ALGORITHM_INFO_value2_n) { + algorithm_name2 = known_algorithm_map[i].name; + break; + } + } + + PrintAndLogEx(INFO, "--- " _CYAN_("Raw ADF Information") " ---------------------------"); + if (algorithm_name1 != NULL) { + PrintAndLogEx(SUCCESS, "algoIdCipher (Encryption)........ "_YELLOW_("%i (%s)"), ALGORITHM_INFO_value1_n, algorithm_name1); + } else { + PrintAndLogEx(ERR, "algoIdCipher (Encryption)........ %d (Unknown)", ALGORITHM_INFO_value1_n); + } + + if (algorithm_name2 != NULL) { + PrintAndLogEx(SUCCESS, "algoIdHash (MAC)................. "_YELLOW_("%i (%s)"),ALGORITHM_INFO_value2_n, algorithm_name2); + } else { + PrintAndLogEx(ERR, "algoIdHash (MAC)............... %d (Unknown)", ALGORITHM_INFO_value2_n); + } + + // PrintAndLogEx(SUCCESS, "Raw Data......................... " _YELLOW_("%s"), sprint_hex_inrow(response, 80)); + PrintAndLogEx(SUCCESS, "CRYPTOGRAM Encrypted Data........ " _YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_encrypted_data, 64)); + // PrintAndLogEx(SUCCESS, "MAC.............................. " _YELLOW_("%s"), sprint_hex_inrow(MAC_value, 8)); + + return PM3_SUCCESS; +} + +static int select_ADF_decrypt(const char* selectADFOID, uint8_t* CRYPTOGRAM_encrypted_data_raw, uint8_t* CRYPTOGRAM_Diversifier, int encryption_algorithm, int key_index) { + // --------------- Decrypt ---------------- + + // 1. MAC Verify - AES/CBC-decrypt (IV || cryptogram || 16 bytes after 8e 08) with the MAC key & keep the last block + // 2. Decrypt the CRYPTOGRAM_encrypted_data - AES/CBC-decrypt with the encryption key & IV (the previous 16 bytes) + // 3. Verify the Decryption + // 3.1 - CF tag for diversifier at 44 chars in + // 4. Extract the data + // 4.1 Selected ADF + // 4.2 Diversifier + // 4.3 Nonce + uint8_t privEncKey[16] = {}; + memcpy(privEncKey, keys[key_index].privEncKey, 16); + uint8_t CRYPTOGRAM_decrypted_data[64]; + + decrypt_cryptogram(privEncKey, CRYPTOGRAM_encrypted_data_raw, CRYPTOGRAM_decrypted_data, ARRAYLEN(CRYPTOGRAM_decrypted_data), encryption_algorithm); + + // PrintAndLogEx(SUCCESS, "CRYPTOGRAM_encrypted_data_raw: " _YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_encrypted_data_raw, 64)); + // PrintAndLogEx(SUCCESS, "Raw Decrypted Data............... "_YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_decrypted_data,sizeof(CRYPTOGRAM_decrypted_data))); + + // Rough Output + // 06112B0601040181E438010102011801010202 CF 07 EFB08A28B0529F 5282752803B485BABF8CD88F3DA5515DF7712CF3 + + + // Extract the data + int diversifier_length = 0; + int adf_length = 0; + + int CRYPTOGRAM_decrypted_data_length = sizeof(CRYPTOGRAM_decrypted_data); + + for (int i = 0; i < CRYPTOGRAM_decrypted_data_length; i++) { + // ADF OID tag + if (CRYPTOGRAM_decrypted_data[i] == 0x06 && CRYPTOGRAM_decrypted_data[i + 1] < 20) { + adf_length = ((CRYPTOGRAM_decrypted_data[i + 1])); + diversifier_length = CRYPTOGRAM_decrypted_data[i + adf_length + 3]; + + uint8_t CRYPTOGRAM_ADF[strlen(selectADFOID)/2]; + + memcpy(CRYPTOGRAM_ADF, &CRYPTOGRAM_decrypted_data[i], strlen(selectADFOID)/2); + memcpy(CRYPTOGRAM_Diversifier, &CRYPTOGRAM_decrypted_data[i + adf_length + 4], diversifier_length); + + const char* CRYPTOGRAM_ADF_CMP = (sprint_hex_inrow(CRYPTOGRAM_ADF,ARRAYLEN(CRYPTOGRAM_ADF))); + + char* CRYPTOGRAM_ADF_UPPER = strdup(CRYPTOGRAM_ADF_CMP); + char* selectADFOID_UPPER = strdup(selectADFOID); + + // Convert both strings to uppercase + for (int x = 0; CRYPTOGRAM_ADF_UPPER[x]; x++) { + CRYPTOGRAM_ADF_UPPER[x] = toupper(CRYPTOGRAM_ADF_UPPER[x]); + } + for (int x = 0; selectADFOID_UPPER[x]; x++) { + selectADFOID_UPPER[x] = toupper(selectADFOID_UPPER[x]); + } + + + // Compare the 2 ADF responses, if they don't match then the decryption is wrong + // We do the + 4 to remove the first 4 bytes of the ADF OID ASN.1 Tag (0611) + if (strcmp(CRYPTOGRAM_ADF_UPPER + 4, selectADFOID_UPPER + 4) != 0) { + PrintAndLogEx(ERR, "ADF does not match decrypted ADF"); + PrintAndLogEx(ERR, "Likely wrong Key or IV"); + // PrintAndLogEx(SUCCESS, "Decoded ADF....................... "_YELLOW_("%s"), CRYPTOGRAM_ADF_UPPER); // ADF Selected + // PrintAndLogEx(SUCCESS, "Supplied ADF...................... "_YELLOW_("%s"), selectADFOID_UPPER); // ADF Selected + return PM3_ESOFT; + } + + // PrintAndLogEx(INFO, "--- " _CYAN_("Decrypted Response") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Decoded ADF...................... "_YELLOW_("%s"), sprint_hex_inrow(&CRYPTOGRAM_ADF[2],adf_length)); // ADF Selected + // PrintAndLogEx(SUCCESS, "Diversifier...................... "_YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_Diversifier,diversifier_length)); // ADF Diversifier + return PM3_SUCCESS; + + } + } + return PM3_SUCCESS; +}; + +static int seos_mutual_auth(uint8_t* randomICC, uint8_t* CRYPTOGRAM_Diversifier, uint8_t diversifier_len, uint8_t* mutual_auth_randomIFD, uint8_t* mutual_auth_keyICC, uint8_t* randomIFD, uint8_t randomIFD_len, uint8_t* keyIFD, uint8_t keyIFD_len, int encryption_algorithm, int hash_algorithm, int key_index) { + uint8_t response[PM3_CMD_DATA_SIZE]; + + // ---------------- Diversify Keys ---------------- + uint8_t undiversified_key[16] = { 0x00 }; + memcpy(undiversified_key, keys[key_index].readKey, 16); + + uint8_t keyslot = 0x01; // up to 0x0F + uint8_t AES_key[24] = {0x00}; + uint8_t MAC_key[24] = {0x00}; + uint8_t adfOID[17] = {0x2b,0x06,0x01,0x04,0x01,0x81,0xe4,0x38,0x01,0x01,0x02,0x01,0x18,0x01,0x01,0x02,0x02}; + + // Null AES IV + uint8_t nullDiversifier[7] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + if (memcmp(CRYPTOGRAM_Diversifier, nullDiversifier, sizeof(nullDiversifier)) == 0) { + PrintAndLogEx(ERR, "No Diversifier found"); + return PM3_ESOFT; + } + + seos_kdf(true, undiversified_key, keyslot, adfOID, sizeof(adfOID), CRYPTOGRAM_Diversifier, diversifier_len, AES_key, encryption_algorithm, hash_algorithm); + seos_kdf(false, undiversified_key, keyslot, adfOID, sizeof(adfOID), CRYPTOGRAM_Diversifier, diversifier_len, MAC_key, encryption_algorithm, hash_algorithm); + + memcpy(&MAC_key[16], &MAC_key[0], 8); + memcpy(&AES_key[16], &AES_key[0], 8); + + // PrintAndLogEx(INFO, "--- " _CYAN_("Diversified Keys") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Diversified Enc Key.............. " _YELLOW_("%s"), sprint_hex_inrow(AES_key, (sizeof(AES_key)))); + // PrintAndLogEx(SUCCESS, "Diversified Mac Key.............. " _YELLOW_("%s"), sprint_hex_inrow(MAC_key, (sizeof(MAC_key)))); + // PrintAndLogEx(INFO, "--- " _CYAN_("Mutual Auth") " ---------------------------"); + + // ----------------- Command Generation ----------------- + uint8_t mutual_auth_plain[32]; + memcpy(mutual_auth_plain, randomIFD, 8); + memcpy(mutual_auth_plain + 8, randomICC, 8); + memcpy(mutual_auth_plain + 8 + 8, keyIFD, 16); + + // ----------------- Encryption and MAC Generation ----------------- + uint8_t mac[8]; + uint8_t mutual_auth_enc[32]; + create_cryptogram(AES_key, mutual_auth_plain, mutual_auth_enc, sizeof(mutual_auth_plain), encryption_algorithm); + create_cmac(MAC_key, mutual_auth_enc, mac, sizeof(mutual_auth_enc), encryption_algorithm); + + uint8_t message_authenticated[40]; + memcpy(message_authenticated, mutual_auth_enc, sizeof(mutual_auth_enc)); + memcpy(message_authenticated + sizeof(mutual_auth_enc), mac, sizeof(mac)); + + // ----------------- Debugging ----------------- + // PrintAndLogEx(SUCCESS, "AES IV : "_YELLOW_("%s"), sprint_hex_inrow(AES_iv,sizeof(AES_iv))); + // PrintAndLogEx(SUCCESS, "AES Key: "_YELLOW_("%s"), sprint_hex_inrow(AES_key,sizeof(AES_key))); + // PrintAndLogEx(SUCCESS, "mutual_auth_plain... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_plain, sizeof(mutual_auth_plain))); + // PrintAndLogEx(SUCCESS, "mutual_auth_enc..... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_enc, sizeof(mutual_auth_enc))); + + // PrintAndLogEx(INFO, "--- " _CYAN_("MAC") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "AES IV: "_YELLOW_("%s"), sprint_hex_inrow(AES_iv,sizeof(AES_iv))); + // PrintAndLogEx(SUCCESS, "MAC Key: "_YELLOW_("%s"), sprint_hex_inrow(MAC_key,sizeof(MAC_key))); + // PrintAndLogEx(SUCCESS, "Message.......................... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_enc,sizeof(mutual_auth_enc))); + // PrintAndLogEx(SUCCESS, "MAC.............................. " _YELLOW_("%s"), sprint_hex_inrow(mac,sizeof(mac))); + + // ----------------- Command Generation ----------------- + + const char* prefixLenHex = "2c"; + const char* ASN1_tagAboveLenHex = "2a"; + const char* ASN1_auth_encryptedLenHex = "28"; + + const char* mutual_auth_message = sprint_hex_inrow(message_authenticated, sizeof(message_authenticated)); + + char keyslot_str[3]; + snprintf(keyslot_str, sizeof(keyslot_str), "%02X", keyslot); + + const char* prefix = "008700"; + const char* ASN1_tagAbove = "7c"; + const char* ASN1_auth_encrypted = "82"; + const char* suffix = "00"; + + char mutual_auth[102]; + snprintf(mutual_auth, sizeof(mutual_auth), "%s%s%s%s%s%s%s%s%s", prefix, keyslot_str, prefixLenHex, ASN1_tagAbove, ASN1_tagAboveLenHex,ASN1_auth_encrypted, ASN1_auth_encryptedLenHex, mutual_auth_message, suffix); + // PrintAndLogEx(SUCCESS, "Mutual Auth Encrypted Request.... " _YELLOW_("%s"), mutual_auth); + + // BLOCKS MUTUAL AUTH BEFORE REQUIRED + // return PM3_SUCCESS; + // + + int resplen = 0; + bool activate_field = false; + bool keep_field_on = true; + + uint8_t aMUTUAL_AUTH[102]; + int aMUTUAL_AUTH_n = 0; + param_gethex_to_eol(mutual_auth, 0, aMUTUAL_AUTH, sizeof(aMUTUAL_AUTH), &aMUTUAL_AUTH_n); + int res = ExchangeAPDU14a(aMUTUAL_AUTH, aMUTUAL_AUTH_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Mutual Auth Request Failed"); DropField(); return PM3_ESOFT; } uint16_t sw = get_sw(response, resplen); if (sw != ISO7816_OK) { - PrintAndLogEx(ERR, "Selecting SEOS applet aid failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + PrintAndLogEx(ERR, "Mutual Auth Request Failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); DropField(); return PM3_ESOFT; } - activate_field = false; - keep_field_on = false; - // --------------- CC file reading ---------------- + // PrintAndLogEx(INFO, "--- " _CYAN_("Get Challenge") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Raw Mutual Auth Response: " _YELLOW_("%s"), sprint_hex_inrow(response, (resplen - 2))); + // PrintAndLogEx(SUCCESS, "Mutual Auth Encrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response, sizeof(mutual_auth_response))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Response: " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_mac_response, sizeof(mutual_auth_mac_response))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Input: " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_validate, sizeof(mutual_auth_validate))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Calculated: " _YELLOW_("%s"), sprint_hex_inrow(mac_calculated, sizeof(mac_calculated))); - uint8_t aSELECT_FILE_ADF[30]; + // Process Response + uint8_t iv[16] = {}; + uint8_t mutual_auth_response[32]; + uint8_t mutual_auth_mac_response[8]; + memcpy(mutual_auth_response, &response[4], 32); + memcpy(mutual_auth_mac_response, &response[4 + 32], 8); + + // PrintAndLogEx(SUCCESS, "Mutual Auth Encrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response, sizeof(mutual_auth_response))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Response: " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_mac_response, sizeof(mutual_auth_mac_response))); + + uint8_t mutual_auth_response_decrypted[32]; + if (encryption_algorithm == 0x09) { + aes_decode(iv, AES_key, mutual_auth_response, mutual_auth_response_decrypted, sizeof(mutual_auth_response)); + } else if (encryption_algorithm == 0x02) { + mbedtls_des3_context ctx3; + mbedtls_des3_set2key_dec(&ctx3, AES_key); + mbedtls_des3_crypt_cbc(&ctx3, MBEDTLS_DES_DECRYPT, sizeof(mutual_auth_response), iv, mutual_auth_response, mutual_auth_response_decrypted); + mbedtls_des3_free(&ctx3); + } + + // Validate response with comparison between nonce and randomICC + uint8_t mutual_auth_RandomICC[8]; + memcpy(mutual_auth_RandomICC, &mutual_auth_response_decrypted, 8); + + // PrintAndLogEx(SUCCESS, "Mutual Auth Decrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response_decrypted, sizeof(mutual_auth_response_decrypted))); + + if (memcmp(randomICC, mutual_auth_RandomICC, 8) != 0) { + PrintAndLogEx(ERR, "RandomICC does not match decrypted RandomICC"); + PrintAndLogEx(ERR, "Likely wrong Key or IV"); + return PM3_ESOFT; + } + + memcpy(mutual_auth_randomIFD, &mutual_auth_response_decrypted[8], 8); + memcpy(mutual_auth_keyICC, &mutual_auth_response_decrypted[16], 16); + + // PrintAndLogEx(SUCCESS, _GREEN_("Mutual Auth Completed")); + // PrintAndLogEx(INFO, "--- " _CYAN_("Decrypted Response") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Mutual Auth Decrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response_decrypted, sizeof(mutual_auth_response_decrypted))); + // PrintAndLogEx(SUCCESS, "Mutual Auth RandomICC............ " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_RandomICC, sizeof(mutual_auth_RandomICC))); + // PrintAndLogEx(SUCCESS, "Mutual Auth RandomIFD............ " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_randomIFD, sizeof(mutual_auth_randomIFD))); + // PrintAndLogEx(SUCCESS, "Mutual Auth KeyICC............... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_keyICC, sizeof(mutual_auth_keyICC))); + + return PM3_SUCCESS; +}; + +static int seos_aid_select(void) { + // Working 100%, pulls from live card + bool activate_field = true; + bool keep_field_on = true; + uint8_t response[PM3_CMD_DATA_SIZE]; + int resplen = 0; + + // --------------- Select AID for SEOS Card ---------------- + typedef struct { + const char* name; + const char* value; + } seos_aid_t; + + static const seos_aid_t known_AID_map[] = { + {"STANDARD_SEOS", "A00000044000010100010"}, + {"MOBILE_SEOS_ADMIN_CARD", "A000000382002D0001010"}, + }; + + int i; + int res = PM3_ESOFT; + //PrintAndLogEx(INFO, "--- " _CYAN_("AID Selection") " ---------------------------"); + for (i = 0; i < ARRAYLEN(known_AID_map); i++) { + + const char* selectedAID = known_AID_map[i].value; + + // Select command prefixed with a 00 + const char* prefix = "00A404"; + uint16_t aidlen = strlen(selectedAID) >> 1; + + char aidlenHex[5]; + snprintf(aidlenHex, sizeof(aidlenHex), "%04X", aidlen); + + const char* suffix = "0"; + char combinedString[100]; + + snprintf(combinedString, sizeof(combinedString), "%s%s%s%s", prefix, aidlenHex, selectedAID, suffix); + //PrintAndLogEx(SUCCESS, "AID Selected: " _YELLOW_("%s"), known_AID_map[i].name); + //PrintAndLogEx(SUCCESS, "AID Select Command: " _YELLOW_("%s"), combinedString); + + // --------------- Select AID for SEOS Card ---------------- + uint8_t aSELECT_AID[80]; + int aSELECT_AID_n = 0; + param_gethex_to_eol(combinedString, 0, aSELECT_AID, sizeof(aSELECT_AID), &aSELECT_AID_n); + res = ExchangeAPDU14a(aSELECT_AID, aSELECT_AID_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + continue; + } + + if (resplen < 2) { + DropField(); + continue; + } + + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Selecting SEOS applet aid failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + continue; + } + + // if we made it here, its a success and we break :) + break; + } + + return res; +}; + +static int seos_pacs_adf_select(char* oid, int oid_len, uint8_t* get_data, int get_data_len, int key_index) { + int resplen = 0; + uint8_t response[PM3_CMD_DATA_SIZE]; + bool activate_field = false; + bool keep_field_on = true; + + // --------------- ADF file Selection ---------------- + + // breaks down to + // 06 = ASN.1 Tag + // 11 = Len + // 2b0601040181e438010102011801010202 = ADF-OID + + // --------------- OID Selection ---------------- + const char* ADFprefix = "06"; + char selectedOID[100]; + snprintf(selectedOID, sizeof(selectedOID), "%s", oid); + + uint16_t selectedOIDLen = strlen(selectedOID); + char selectedOIDLenHex[3]; + snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen)/2); + + char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; + snprintf(selectedADF, sizeof(selectedADF), "%s%s%s", ADFprefix, selectedOIDLenHex, selectedOID); + + // --------------- Command Builder Selection ---------------- + // prefix is the APDU command we are sending + const char* prefix = "80A504"; + const char* suffix = "00"; + const char* keyReference = "00"; + + uint16_t selectedADFLen = strlen(selectedADF); + + char adflenHex[3]; + snprintf(adflenHex, sizeof(adflenHex), "%02X", (selectedADFLen >> 1) & 0xFF); + + char selectADF[strlen(prefix) + strlen(adflenHex) + selectedADFLen + strlen(suffix) + 1]; + + // 80 A5 04 00 13 06 11 2B 06 01 04 01 81 E4 38 01 01 02 01 18 01 01 02 02 00 + snprintf(selectADF, sizeof(selectADF), "%s%s%s%s%s", prefix, keyReference, adflenHex, selectedADF, suffix); + + + PrintAndLogEx(INFO, "--- " _CYAN_("Select ADF") " ---------------------------"); + PrintAndLogEx(SUCCESS, "Selected ADF..................... "_YELLOW_("%s"), selectedOID); + + // --------------- Send APDU Command ---------------- + + uint8_t aSELECT_FILE_ADF[124]; int aSELECT_FILE_ADF_n = 0; - param_gethex_to_eol("80a504001306112b0601040181e43801010201180101020200", 0, aSELECT_FILE_ADF, sizeof(aSELECT_FILE_ADF), &aSELECT_FILE_ADF_n); - res = ExchangeAPDU14a(aSELECT_FILE_ADF, aSELECT_FILE_ADF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + // Input into getHextoEOL is a Char string + param_gethex_to_eol(selectADF, 0, aSELECT_FILE_ADF, sizeof(aSELECT_FILE_ADF), &aSELECT_FILE_ADF_n); + int res = ExchangeAPDU14a(aSELECT_FILE_ADF, aSELECT_FILE_ADF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); if (res != PM3_SUCCESS) { DropField(); return res; } - sw = get_sw(response, resplen); + uint16_t sw = get_sw(response, resplen); if (sw != ISO7816_OK) { PrintAndLogEx(ERR, "Selecting ADF file failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); DropField(); return PM3_ESOFT; } - // remove the 2byte SW - asn1_print(response, resplen - 2, " "); + // --------------- Decrypt ADF Response ---------------- + // Information returned from the GetChallenge command + int ALGORITHM_INFO_value1 = 0; // Encryption Algorithm + int ALGORITHM_INFO_value2 = 0; // Hash Algorithm + uint8_t CRYPTOGRAM_encrypted_data[64]; // Encrypted Data + uint8_t MAC_value[8] = {0}; // MAC Value + + uint8_t diversifier[7] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + uint8_t RNDICC[8] = {0}; + uint8_t KeyICC[16] = {0}; + uint8_t RNDIFD[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + uint8_t KeyIFD[16] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + uint8_t Diversified_New_EncryptionKey[24] = {0}; + uint8_t Diversified_New_MACKey[24] = {0}; + + resplen -= 2; + + seos_challenge_get(RNDICC, sizeof(RNDICC)); + select_df_decode(response, resplen, &ALGORITHM_INFO_value1, &ALGORITHM_INFO_value2, CRYPTOGRAM_encrypted_data, MAC_value); + res = select_DF_verify(response, resplen, MAC_value, sizeof(MAC_value), ALGORITHM_INFO_value1, key_index); + + if (res != PM3_SUCCESS) { + return res; + } + + if (ALGORITHM_INFO_value1 == 0x09 || ALGORITHM_INFO_value1 == 0x02) { + + select_ADF_decrypt(selectedADF, CRYPTOGRAM_encrypted_data, diversifier, ALGORITHM_INFO_value1, key_index); + seos_mutual_auth(RNDICC, diversifier, sizeof(diversifier), RNDIFD, KeyICC, RNDIFD, sizeof(RNDIFD), KeyIFD, sizeof(KeyIFD), ALGORITHM_INFO_value1, ALGORITHM_INFO_value2, key_index); + create_mutual_auth_key(KeyIFD, KeyICC, RNDICC, RNDIFD, Diversified_New_EncryptionKey, Diversified_New_MACKey, ALGORITHM_INFO_value1, ALGORITHM_INFO_value2); + + uint8_t sio_buffer_out[PM3_CMD_DATA_SIZE]; + int sio_size = 0; + seos_get_data(RNDICC, RNDIFD, Diversified_New_EncryptionKey, Diversified_New_MACKey, sio_buffer_out, &sio_size, ALGORITHM_INFO_value1, get_data, get_data_len); + + if (sio_size == 0) { + return PM3_ESOFT; + } + + if (sio_buffer_out[0] == 0x30) { + uint8_t sioOutput[sio_size]; + memcpy(sioOutput, sio_buffer_out, sio_size); + + PrintAndLogEx(INFO, "--- " _CYAN_("Key Data") " ---------------------------"); + PrintAndLogEx(SUCCESS, "SIO.............................. "_YELLOW_("%s"), sprint_hex_inrow(sioOutput, sizeof(sioOutput))); // SIO + PrintAndLogEx(SUCCESS, "SIO Size......................... "_YELLOW_("%i"), sio_size); // SIO Size + PrintAndLogEx(SUCCESS, "Diversifier...................... "_YELLOW_("%s"), sprint_hex_inrow(diversifier,ARRAYLEN(diversifier))); // Diversifier + }; + + } else { + PrintAndLogEx(ERR, "Unknown encryption algorithm"); + return PM3_ESOFT; + }; + + return PM3_SUCCESS; +}; + +static int seos_adf_select(char* oid, int oid_len, int key_index) { + int resplen = 0; + uint8_t response[PM3_CMD_DATA_SIZE]; + bool activate_field = false; + bool keep_field_on = true; + + // --------------- OID Selection ---------------- + const char* ADFprefix = "06"; + char selectedOID[100]; + snprintf(selectedOID, sizeof(selectedOID), "%s", oid); + + uint16_t selectedOIDLen = strlen(selectedOID); + char selectedOIDLenHex[3]; + snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen)/2); + + char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; + snprintf(selectedADF, sizeof(selectedADF), "%s%s%s", ADFprefix, selectedOIDLenHex, selectedOID); + + // --------------- Command Builder Selection ---------------- + // prefix is the APDU command we are sending + const char* prefix = "80A504"; + const char* suffix = "00"; + const char* keyReference = "00"; + + uint16_t selectedADFLen = strlen(selectedADF); + char adflenHex[3]; + snprintf(adflenHex, sizeof(adflenHex), "%02X", (selectedADFLen >> 1) & 0xFF); + char selectADF[strlen(prefix) + strlen(adflenHex) + selectedADFLen + strlen(suffix) + 1]; + + // 80 A5 04 00 13 06 11 2B 06 01 04 01 81 E4 38 01 01 02 01 18 01 01 02 02 00 + snprintf(selectADF, sizeof(selectADF), "%s%s%s%s%s", prefix, keyReference, adflenHex, selectedADF, suffix); + PrintAndLogEx(INFO, "--- " _CYAN_("Select ADF") " ---------------------------"); + PrintAndLogEx(SUCCESS, "Selected ADF..................... "_YELLOW_("%s"), selectedADF); + + // --------------- Send APDU Command ---------------- + uint8_t aSELECT_FILE_ADF[124]; + int aSELECT_FILE_ADF_n = 0; + + // Input into getHextoEOL is a Char string + param_gethex_to_eol(selectADF, 0, aSELECT_FILE_ADF, sizeof(aSELECT_FILE_ADF), &aSELECT_FILE_ADF_n); + + int res = ExchangeAPDU14a(aSELECT_FILE_ADF, aSELECT_FILE_ADF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Selecting ADF file failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + + // --------------- Decrypt ADF Response ---------------- + // Information returned from the GetChallenge command + int ALGORITHM_INFO_value1 = 0; // Encryption Algorithm + int ALGORITHM_INFO_value2 = 0; // Hash Algorithm + uint8_t CRYPTOGRAM_encrypted_data[64] = {0}; // Encrypted Data + uint8_t MAC_value[8] = {0}; // MAC Value + uint8_t RNDICC[8] = {0}; + + resplen -= 2; + + seos_challenge_get(RNDICC, sizeof(RNDICC)); + select_df_decode(response, resplen, &ALGORITHM_INFO_value1, &ALGORITHM_INFO_value2, CRYPTOGRAM_encrypted_data, MAC_value); + select_DF_verify(response, resplen, MAC_value, sizeof(MAC_value), ALGORITHM_INFO_value1, key_index); + return PM3_SUCCESS; +}; + +static int seos_gdf_select(int key_index) { + uint8_t response[PM3_CMD_DATA_SIZE]; + int resplen = 0; + + bool activate_field = false; + bool keep_field_on = true; + // --------------- Select Global_df for SEOS Card ---------------- + // SelectGDF = 00A507 + referenceDataQualifier + 00 + // 00A5070600 + // SelectGlobalDF = 00A50000 + + const char* getGDF = "00A5070600"; + + uint8_t agetGDF[10]; + int agetGDF_n = 0; + param_gethex_to_eol(getGDF, 0, agetGDF, sizeof(agetGDF), &agetGDF_n); + int res = ExchangeAPDU14a(agetGDF, agetGDF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Get Global_df failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + + // --------------- Decrypt GDF Response ---------------- + // Information returned from the GetChallenge command + int ALGORITHM_INFO_value1 = 0; // Encryption Algorithm + int ALGORITHM_INFO_value2 = 0; // Hash Algorithm + uint8_t CRYPTOGRAM_encrypted_data[64] = {0}; // Encrypted Data + uint8_t MAC_value[8] = {0}; // MAC Value + uint8_t RNDICC[8] = {0}; + + seos_challenge_get(RNDICC, sizeof(RNDICC)); + select_df_decode(response, (resplen - 2), &ALGORITHM_INFO_value1, &ALGORITHM_INFO_value2, CRYPTOGRAM_encrypted_data, MAC_value); + select_DF_verify(response, resplen, MAC_value, sizeof(MAC_value), ALGORITHM_INFO_value1, key_index); + + return PM3_SUCCESS; +}; + +static int seos_select(void) { + int res = seos_aid_select(); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + const char* oid = "2B0601040181E438010102011801010202"; + int oid_len = strlen(oid); + res = seos_adf_select((char*)oid, oid_len, 0); + DropField(); + return res; +} + +static int seos_pacs(char* oid, int oid_len, uint8_t* get_data, int get_data_len, int key_index) { + int res = seos_aid_select(); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + res = seos_pacs_adf_select(oid, oid_len, get_data, get_data_len, key_index); + DropField(); + return res; +} + +static int seos_global_df(int key_index) { + int res = seos_aid_select(); + if (res == PM3_SUCCESS) { + res = seos_gdf_select(key_index); + } + DropField(); + return res; +} + +static int seos_print_keys(bool verbose) { + PrintAndLogEx(NORMAL, ""); + if (verbose) { + for (int i = 0; i < ARRAYLEN(keys); i++) { + PrintAndLogEx(INFO, "Key Index........................ " _YELLOW_("%u"), i); + PrintAndLogEx(INFO, "Nonce............................ " _YELLOW_("%s"), sprint_hex(keys[i].nonce, 8)); + PrintAndLogEx(INFO, "Privacy Encryption Key........... " _YELLOW_("%s"), sprint_hex(keys[i].privEncKey, 16)); + PrintAndLogEx(INFO, "Privacy MAC Key.................. " _YELLOW_("%s"), sprint_hex(keys[i].privMacKey, 16)); + PrintAndLogEx(INFO, "Read Key......................... " _YELLOW_("%s"), sprint_hex(keys[i].readKey, 16)); + PrintAndLogEx(INFO, "Write Key........................ " _YELLOW_("%s"), sprint_hex(keys[i].writeKey, 16)); + PrintAndLogEx(INFO, "Admin Key........................ " _YELLOW_("%s"), sprint_hex(keys[i].adminKey, 16)); + PrintAndLogEx(INFO, "----------------------------"); + } + } + else { + PrintAndLogEx(INFO, "idx| key"); + PrintAndLogEx(INFO, "---+------------------------"); + for (uint8_t i = 0; i < ARRAYLEN(keys); i++) { + if (memcmp(keys[i].privEncKey, zeros, sizeof(zeros)) == 0) + PrintAndLogEx(INFO, " %u |", i); + else + PrintAndLogEx(INFO, " %u | " _YELLOW_("%s"), i, sprint_hex(keys[i].nonce, 8)); + } + PrintAndLogEx(INFO, "---+------------------------"); + }; + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; +} + +static int seos_load_keys(char *filename) { + uint8_t *dump = NULL; + size_t bytes_read = 0; + if (loadFile_safe(filename, "", (void **)&dump, &bytes_read) != PM3_SUCCESS) { + PrintAndLogEx(FAILED, "File: " _YELLOW_("%s") ": not found or locked.", filename); + return PM3_EFILE; + } + + // 16 = max line size + // 8 = 8 items per keyset + // 4 = 4 keysets + if (bytes_read > 382) { + PrintAndLogEx(WARNING, "File is too long to load - exp: %zu got: %zu", sizeof(keys), bytes_read); + free(dump); + return PM3_EFILE; + } + + size_t kn = sizeof(keyset_t); + + size_t i = 0; + for (; i < bytes_read / kn; i++) { + memcpy(keys[i].nonce, dump + (i * kn), 8); + memcpy(keys[i].privEncKey, dump + ((i * kn) + 8), 16); + memcpy(keys[i].privMacKey, dump + ((i * kn) + 24), 16); + memcpy(keys[i].readKey, dump + ((i * kn) + 40), 16); + memcpy(keys[i].writeKey, dump + ((i * kn) + 56), 16); + memcpy(keys[i].adminKey, dump + ((i * kn) + 72), 16); + } + + free(dump); + PrintAndLogEx(SUCCESS, "Loaded" _GREEN_("%2zd") " keys from %s", i, filename); return PM3_SUCCESS; } int infoSeos(bool verbose) { - int res = seos_select(); - if (res == PM3_SUCCESS) { - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); - } - return PM3_SUCCESS; + return seos_select(); } static int CmdHfSeosInfo(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf seos info", - "Get info from SEOS tags", - "hf seos info"); - + "Requests the unauthenticated information from the default ADF of a SEOS card\n" + "- If the card is a SEOS card\n" + "- Are static RND.ICC keys used (can detect SEOS default keyset)\n" + "- What encryption and hashing algorithm is use\n", + "hf seos info" + ); void *argtable[] = { arg_param_begin, arg_param_end @@ -111,14 +1329,321 @@ static int CmdHfSeosInfo(const char *Cmd) { return infoSeos(true); } +static int CmdHfSeosGDF(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos gdf", + "Get Global Data File (GDF) from SEOS card\n\n" + "By default:\n" + " - Key Index: 0\n", + "hf seos gdf" + "hf seos gdf --ki 0" + ); + void *argtable[] = { + arg_param_begin, + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int key_index = arg_get_int_def(ctx, 1, -1); + + CLIParserFree(ctx); + return seos_global_df(key_index); +} + +static int CmdHfSeosPACS(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos pacs", + "Make a GET DATA request to an ADF of a SEOS card\n\n" + "By default:\n" + " - ADF OID : 2B0601040181E438010102011801010202\n" + " - Key Index: 0\n", + "hf seos pacs\n" + "hf seos pacs --ki 1\n" + "hf seos pacs -o 2B0601040181E438010102011801010202 --ki 0\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_str0("o", "oid", "", "<0-100> hex bytes for OID (Default: 2B0601040181E438010102011801010202)"), + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int get_data_len = 4; + uint8_t get_data[] = {0x5c,0x02,0xff,0x00}; + + int oid_len = 0; + uint8_t oid_hex[256] = {0x2B,0x06,0x01,0x04,0x01,0x81,0xE4,0x38,0x01,0x01,0x02,0x01,0x18,0x01,0x01,0x02}; + CLIGetHexWithReturn(ctx, 1, oid_hex, &oid_len); + + int key_index = arg_get_int_def(ctx, 2, 0); + + CLIParserFree(ctx); + + // Fall back to default OID + if (oid_len == 0) { + oid_len = 16; + } + + // convert OID hex to literal string + + char oid_buffer[256] = ""; + for (int i = 0; i < oid_len; i++) { + sprintf(oid_buffer + (i * 2), "%02X", oid_hex[i]); + } + + const char* oid = oid_buffer; + + if (oid_len == 0) { + PrintAndLogEx(ERR, "OID value must be supplied"); + return PM3_ESOFT; + } + + return seos_pacs((char*)oid, oid_len, get_data, get_data_len, key_index); +} + +static int CmdHfSeosADF(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos adf", + "Make a GET DATA request to an Application Data File (ADF) of a SEOS Tag\n" + "The ADF is meant to be read by an application\n" + "You still need the valid authentication keys to read a card\n\n" + "By default:\n" + " - ADF OID : 2B0601040181E438010102011801010202\n" + " - Key Index: 0\n" + " - Tag List : 5c02ff00\n", + "hf seos adf\n" + "hf seos adf -o 2B0601040181E438010102011801010202\n" + "hf seos adf -o 2B0601040181E438010102011801010202 --ki 0\n" + "hf seos adf -o 2B0601040181E438010102011801010202 -c 5c02ff41\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_str0("c", "getdata", "", "<0-100> hex bytes for the tag list to Get Data request (Default: 5c02ff00)"), + arg_str0("o", "oid", "", "<0-100> hex bytes for OID (Default: 2B0601040181E438010102011801010202)"), + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int get_data_len = 0; + uint8_t get_data[256] = {0x5c,0x02,0xff,0x00}; + CLIGetHexWithReturn(ctx, 1, get_data, &get_data_len); + + int oid_len = 0; + uint8_t oid_hex[256] = {0x2B,0x06,0x01,0x04,0x01,0x81,0xE4,0x38,0x01,0x01,0x02,0x01,0x18,0x01,0x01,0x02}; + CLIGetHexWithReturn(ctx, 2, oid_hex, &oid_len); + + int key_index = arg_get_int_def(ctx, 3, 0); + + CLIParserFree(ctx); + + if (get_data_len == 0) { + get_data_len = 4; + } + + // Catching when the OID value is not supplied + if (oid_len == 0) { + oid_len = 16; + } + + // convert OID hex to literal string + char oid_buffer[256] = ""; + for (int i = 0; i < oid_len; i++) { + sprintf(oid_buffer + (i * 2), "%02X", oid_hex[i]); + } + + const char* oid = oid_buffer; + + if (oid_len == 0) { + PrintAndLogEx(ERR, "OID value must be supplied"); + return PM3_ESOFT; + } + + return seos_pacs((char*)oid, oid_len, get_data, get_data_len, key_index); +} + +static int CmdHfSeosManageKeys(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos managekeys", + "Manage SEOS Keys in client memory, keys are required to authenticate with SEOS cards\n", + "hf seos managekeys -p\n" + "hf seos managekeys -p -v\n" + "hf seos managekeys --ki 0 --nonce 0102030405060708 -> Set nonce value at key index 0\n" + "hf seos managekeys --load -f mykeys.bin -p -> load from file and prints keys\n" + "hf seos managekeys --save -f mykeys.bin -> saves keys to file\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_str0(NULL, "nonce", "", "Nonce value as 8 hex bytes"), + arg_str0(NULL, "privenc", "", "Privacy Encryption key as 16 hex bytes"), + arg_str0(NULL, "privmac", "", "Privacy MAC key as 16 hex bytes"), + arg_str0(NULL, "read", "", "Undiversified Read key as 16 hex bytes"), + arg_str0(NULL, "write", "", "Undiversified Write key as 16 hex bytes"), + arg_str0(NULL, "admin", "", "Undiversified Admin key as 16 hex bytes"), + + arg_str0("f", "file", "", "Specify a filename for load / save operations"), + arg_lit0(NULL, "save", "Save keys in memory to file specified by filename"), + arg_lit0(NULL, "load", "Load keys to memory from file specified by filename"), + + arg_lit0("p", "print", "Print keys loaded into memory"), + arg_lit0("v", "verbose", "verbose (print all key info)"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + uint8_t operation = 0; + + uint8_t nonce[8] = {0}; + uint8_t privenc[16] = {0}; + uint8_t privmac[16] = {0}; + uint8_t read[16] = {0}; + uint8_t write[16] = {0}; + uint8_t admin[16] = {0}; + int nonce_len = 0; + int privenc_len = 0; + int privmac_len = 0; + int read_len = 0; + int write_len = 0; + int admin_len = 0; + + int key_index = arg_get_int_def(ctx, 1, -1); + + CLIGetHexWithReturn(ctx, 2, nonce, &nonce_len); + CLIGetHexWithReturn(ctx, 3, privenc, &privenc_len); + CLIGetHexWithReturn(ctx, 4, privmac, &privmac_len); + CLIGetHexWithReturn(ctx, 5, read, &read_len); + CLIGetHexWithReturn(ctx, 6, write, &write_len); + CLIGetHexWithReturn(ctx, 7, admin, &admin_len); + + CLIParamStrToBuf(arg_get_str(ctx, 8), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + + if (key_index >= 0) { + operation += 3; + if (key_index < 4) { + if (nonce_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for nonce[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].nonce, 8)); + } + if (privenc_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Priv Enc[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privEncKey, 16)); + } + if (privmac_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Priv Mac[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privMacKey, 16)); + } + if (read_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Read Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].readKey, 16)); + } + if (write_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Write Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].writeKey, 16)); + } + if (admin_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Admin Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].adminKey, 16)); + } + } + else { + PrintAndLogEx(ERR, "Key index is out-of-range"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } + + if (arg_get_lit(ctx, 9)) { //save + operation += 6; + } + if (arg_get_lit(ctx, 10)) { //load + operation += 5; + } + if (arg_get_lit(ctx, 11)) { //print + operation += 4; + } + + bool verbose = arg_get_lit(ctx, 12); + + CLIParserFree(ctx); + + if (operation == 0) { + PrintAndLogEx(ERR, "No operation specified (load, save, or print)\n"); + return PM3_EINVARG; + } + if (operation > 6) { + PrintAndLogEx(ERR, "Too many operations specified\n"); + return PM3_EINVARG; + } + if (operation > 4 && fnlen == 0) { + PrintAndLogEx(ERR, "You must enter a filename when loading or saving\n"); + return PM3_EINVARG; + } + if (((nonce_len > 0) || (privenc_len > 0) || (privmac_len > 0) || (read_len > 0) || (write_len > 0) || (admin_len > 0)) && key_index == -1) { + PrintAndLogEx(ERR, "Please specify key index when specifying key"); + return PM3_EINVARG; + } + + switch (operation) { + case 3: + if (nonce_len != 0) { + memcpy(keys[key_index].nonce, nonce, 8); + PrintAndLogEx(SUCCESS, "New value for nonce[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].nonce, 8)); + } + if (privenc_len != 0) { + memcpy(keys[key_index].privEncKey, privenc, 16); + PrintAndLogEx(SUCCESS, "New value for Priv Enc[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privEncKey, 16)); + } + if (privmac_len != 0) { + memcpy(keys[key_index].privMacKey, privmac, 16); + PrintAndLogEx(SUCCESS, "New value for Priv Mac[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privMacKey, 16)); + } + if (read_len != 0) { + memcpy(keys[key_index].readKey, read, 16); + PrintAndLogEx(SUCCESS, "New value for Read Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].readKey, 16)); + } + if (write_len != 0) { + memcpy(keys[key_index].writeKey, write, 16); + PrintAndLogEx(SUCCESS, "New value for Write Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].writeKey, 16)); + } + if (admin_len != 0) { + memcpy(keys[key_index].adminKey, admin, 16); + PrintAndLogEx(SUCCESS, "New value for Admin Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].adminKey, 16)); + } + return PM3_SUCCESS; + case 4: + return seos_print_keys(verbose); + case 5: + return seos_load_keys(filename); + case 6: { + bool isOK = saveFile(filename, ".bin", keys, sizeof(keys)); + if (isOK == false) { + return PM3_EFILE; + } + return PM3_SUCCESS; + } + } + + return PM3_SUCCESS; +} + static int CmdHfSeosList(const char *Cmd) { return CmdTraceListAlias(Cmd, "hf seos", "seos -c"); } static command_t CommandTable[] = { - {"help", CmdHelp, AlwaysAvailable, "This help"}, - {"info", CmdHfSeosInfo, IfPm3NfcBarcode, "Tag information"}, - {"list", CmdHfSeosList, AlwaysAvailable, "List SEOS history"}, + {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("General") " -----------------------"}, + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"list", CmdHfSeosList, AlwaysAvailable, "List SEOS history"}, + {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Operations") " -----------------------"}, + {"info", CmdHfSeosInfo, IfPm3NfcBarcode, "Tag information"}, + {"pacs", CmdHfSeosPACS, AlwaysAvailable, "Extract PACS Information from card"}, + {"adf", CmdHfSeosADF, AlwaysAvailable, "Read an ADF from the card"}, + {"gdf", CmdHfSeosGDF, AlwaysAvailable, "Read an GDF from card"}, + {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Utils") " -----------------------"}, + {"managekeys", CmdHfSeosManageKeys, AlwaysAvailable, "Manage keys to use with SEOS commands"}, + {NULL, NULL, NULL, NULL} }; @@ -132,3 +1657,4 @@ int CmdHFSeos(const char *Cmd) { clearCommandBuffer(); return CmdsParse(CommandTable, Cmd); } + diff --git a/client/src/cmdhfseos.h b/client/src/cmdhfseos.h index 32ffb6510..33e6d45f5 100644 --- a/client/src/cmdhfseos.h +++ b/client/src/cmdhfseos.h @@ -23,5 +23,6 @@ int infoSeos(bool verbose); int CmdHFSeos(const char *Cmd); - +int seos_kdf(bool encryption, uint8_t* masterKey, uint8_t keyslot, + uint8_t* adfOid, size_t adfoid_len, uint8_t* diversifier, uint8_t diversifier_len, uint8_t* out, int encryption_algorithm, int hash_algorithm); #endif From 032619c1f39791810c8b9e0012631b1d17ee5b7c Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Sat, 4 Jan 2025 14:40:51 +0100 Subject: [PATCH 123/150] armsrc/ticks.c: disable TC2 on StopTicks (may be enabled by StartCountSspClk) --- common_arm/ticks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common_arm/ticks.c b/common_arm/ticks.c index 10c3dcb72..c078407ea 100644 --- a/common_arm/ticks.c +++ b/common_arm/ticks.c @@ -305,7 +305,7 @@ uint32_t GetTicks(void) { do { hi = AT91C_BASE_TC1->TC_CV; lo = AT91C_BASE_TC0->TC_CV; - } while (hi != AT91C_BASE_TC1->TC_CV); + } while (hi != AT91C_BASE_TC1->TC_CV); return (hi << 16) | lo; } @@ -336,4 +336,5 @@ void WaitUS(uint32_t us) { void StopTicks(void) { AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; + AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKDIS; } From 661b7bad22ac247acf184635c37591028d94a2b2 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Sat, 4 Jan 2025 14:45:44 +0100 Subject: [PATCH 124/150] armsrc/sam_picopass.c: extract common routines to sam_common.c --- armsrc/Makefile | 2 +- armsrc/sam_common.c | 374 ++++++++++++++++++++++++++++++++++++++++++ armsrc/sam_common.h | 49 ++++++ armsrc/sam_mfc.c | 2 +- armsrc/sam_mfc.h | 1 + armsrc/sam_picopass.c | 175 +++++++++++--------- armsrc/sam_picopass.h | 1 + 7 files changed, 527 insertions(+), 77 deletions(-) create mode 100644 armsrc/sam_common.c create mode 100644 armsrc/sam_common.h diff --git a/armsrc/Makefile b/armsrc/Makefile index dedccd3e0..13a817dc9 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -37,7 +37,7 @@ APP_CFLAGS = $(PLATFORM_DEFS) \ SRC_LF = lfops.c lfsampling.c pcf7931.c lfdemod.c lfadc.c SRC_HF = hfops.c SRC_ISO15693 = iso15693.c iso15693tools.c -SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_mfc.c sam_seos.c +SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_common.c sam_mfc.c sam_seos.c #UNUSED: mifaresniff.c SRC_ISO14443b = iso14443b.c SRC_FELICA = felica.c diff --git a/armsrc/sam_common.c b/armsrc/sam_common.c new file mode 100644 index 000000000..5c0acbe86 --- /dev/null +++ b/armsrc/sam_common.c @@ -0,0 +1,374 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// Routines to support MFC <-> SAM communication +//----------------------------------------------------------------------------- + + +#include +// #include "sam_picopass.h" +#include "sam_common.h" +#include "iclass.h" +// #include "crc16.h" +#include "proxmark3_arm.h" +#include "BigBuf.h" +// #include "cmd.h" +#include "commonutil.h" +#include "ticks.h" +#include "dbprint.h" +#include "i2c.h" +#include "iso15693.h" +#include "protocols.h" +// #include "optimized_cipher.h" +// #include "fpgaloader.h" + +/** + * @brief Transmits data to and receives data from a HID®'s iCLASS® SE™ Processor. + * + * This function sends a specified number of bytes to the SAM and receives a response. + * + * @param data Pointer to the data to be transmitted. + * @param n Number of bytes to be transmitted. + * @param resp Pointer to the buffer where the response will be stored. + * @param resplen Pointer to the variable where the length of the response will be stored. + * @return Status code indicating success or failure of the operation. + */ +int sam_rxtx(const uint8_t *data, uint16_t n, uint8_t *resp, uint16_t *resplen) { + bool res = I2C_BufferWrite(data, n, I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); + if (res == false) { + DbpString("failed to send to SIM CARD"); + goto out; + } + + *resplen = ISO7816_MAX_FRAME; + + res = sc_rx_bytes(resp, resplen, SIM_WAIT_DELAY); + if (res == false) { + DbpString("failed to receive from SIM CARD"); + goto out; + } + + if (*resplen < 2) { + DbpString("received too few bytes from SIM CARD"); + res = false; + goto out; + } + + uint16_t more_len = 0; + + if (resp[*resplen - 2] == 0x61 || resp[*resplen - 2] == 0x9F) { + more_len = resp[*resplen - 1]; + } else { + // we done, return + goto out; + } + + // Don't discard data we already received except the SW code. + // If we only received 1 byte, this is the echo of INS, we discard it. + *resplen -= 2; + if (*resplen == 1) { + *resplen = 0; + } + + uint8_t cmd_getresp[] = {0x00, ISO7816_GET_RESPONSE, 0x00, 0x00, more_len}; + + res = I2C_BufferWrite(cmd_getresp, sizeof(cmd_getresp), I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); + if (res == false) { + DbpString("failed to send to SIM CARD 2"); + goto out; + } + + more_len = 255 - *resplen; + + res = sc_rx_bytes(resp + *resplen, &more_len, SIM_WAIT_DELAY); + if (res == false) { + DbpString("failed to receive from SIM CARD 2"); + goto out; + } + + *resplen += more_len; + + out: + return res; +} + + +static inline void swap_clock_counters(volatile unsigned int * a, unsigned int * b){ + unsigned int c = *a; + *a = *b; + *b = c; +} + +/** + * @brief Swaps the timer counter values. + * + * AT91SAM7S512 has a single Timer-Counter, that is reused in clocks Ticks + * and CountSspClk. This function stops the current clock and restores previous + * values. It is used to switch between different clock sources. + * It probably makes communication timing off, but at least makes it work. + */ +static void swap_clocks(void){ + static unsigned int tc0, tc1, tc2 = 0; + StopTicks(); + swap_clock_counters(&(AT91C_BASE_TC0->TC_CV), &tc0); + swap_clock_counters(&(AT91C_BASE_TC1->TC_CV), &tc1); + swap_clock_counters(&(AT91C_BASE_TC2->TC_CV), &tc2); +} + +void switch_clock_to_ticks(void){ + swap_clocks(); + StartTicks(); +} + +void switch_clock_to_countsspclk(void){ + swap_clocks(); + StartCountSspClk(); +} + + +/** + * @brief Sends a payload to the SAM + * + * This function prepends the payload with the necessary APDU and application + * headers and sends it to the SAM. + * + * @param addr_src 0x14 for command from NFC, 0x44 for command from application + * @param addr_dest 0x0A for command to SAM + * @param addr_reply same as add_src or 0x00 if no reply is expected + * @param payload Pointer to the data to be sent. + * @param payload_len Length of the data to be sent. + * @param response Pointer to the buffer where the response will be stored. + * @param response_len Pointer to the variable where the length of the response will be stored. + * @param length Length of the data to be sent. + * @return Status code indicating success or failure of the operation. + */ +int sam_send_payload( + uint8_t addr_src, + uint8_t addr_dest, + uint8_t addr_reply, + + uint8_t *payload, + uint16_t *payload_len, + + uint8_t *response, + uint16_t *response_len +){ + int res = PM3_SUCCESS; + + uint8_t * buf = response; + + buf[0] = 0xA0; // CLA + buf[1] = 0xDA; // INS (PUT DATA) + buf[2] = 0x02; // P1 (TLV format?) + buf[3] = 0x63; // P2 + buf[4] = SAM_TX_ASN1_PREFIX_LENGTH + (uint8_t) *payload_len; // LEN + + buf[5] = addr_src; + buf[6] = addr_dest; + buf[7] = addr_reply; + + buf[8] = 0x00; + buf[9] = 0x00; + buf[10] = 0x00; + + memcpy( + &buf[11], + payload, + *payload_len + ); + + uint16_t length = SAM_TX_ASN1_PREFIX_LENGTH + SAM_TX_APDU_PREFIX_LENGTH + (uint8_t) *payload_len; + + LogTrace(buf, length, 0, 0, NULL, true); + if (g_dbglevel >= DBG_INFO){ + DbpString("SAM REQUEST APDU: "); + Dbhexdump(length, buf, false); + } + + if (sam_rxtx(buf, length, response, response_len) == false) { + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM ERROR"); + res = PM3_ECARDEXCHANGE; + goto out; + } + + LogTrace(response, *response_len, 0, 0, NULL, false); + if (g_dbglevel >= DBG_INFO){ + DbpString("SAM RESPONSE APDU: "); + Dbhexdump(*response_len, response, false); + } + + out: + return res; +} + + +/** + * @brief Retreives SAM firmware version. + * + * Used just as ping or sanity check here. + * + * @return Status code indicating success or failure of the operation. + */ +int sam_get_version(void){ + int res = PM3_SUCCESS; + + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_get_version"); + + uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; + + uint8_t payload[] = { + 0xa0, 0x02, // <- SAM command + 0x82, 0x00 // <- get version + }; + uint16_t payload_len = sizeof(payload); + + sam_send_payload( + 0x44, 0x0a, 0x44, + payload, + &payload_len, + response, + &response_len + ); + + // resp: + // c1 64 00 00 00 + // bd 11 <- SAM response + // 8a 0f <- get version response + // 80 02 + // 01 29 <- version + // 81 06 + // 68 3d 05 20 26 b6 <- build ID + // 82 01 + // 01 + // 90 00 + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_get_version"); + + if(response[5] != 0xbd){ + Dbprintf("Invalid SAM response"); + goto error; + }else{ + uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); + if(sam_response_an == NULL){ + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM get response failed"); + goto error; + } + uint8_t * sam_version_an = sam_find_asn1_node(sam_response_an, 0x80); + if(sam_version_an == NULL){ + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM get version failed"); + goto error; + } + uint8_t * sam_build_an = sam_find_asn1_node(sam_response_an, 0x81); + if(sam_build_an == NULL){ + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM get firmware ID failed"); + goto error; + } + if (g_dbglevel >= DBG_INFO){ + DbpString("SAM get version successful"); + Dbprintf("Firmware version: %X.%X", sam_version_an[2], sam_version_an[3]); + Dbprintf("Firmware ID: "); + Dbhexdump(sam_build_an[1], sam_build_an+2, false); + } + goto out; + } + + error: + res = PM3_ESOFT; + + out: + BigBuf_free(); + + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_get_version"); + + return res; +} + + + +/** + * @brief Finds an ASN.1 node of a specified type within a given root node. + * + * This function searches through a single level of the ASN.1 structure starting + * from the root node to find a node of the specified type. + * + * @param root Pointer to the root node of the ASN.1 structure. + * @param type The type of the ASN.1 node to find. + * @return Pointer to the ASN.1 node of the specified type if found, otherwise NULL. + */ +uint8_t * sam_find_asn1_node(uint8_t * root, const uint8_t type){ + const uint8_t * end = root + *(root+1); + uint8_t * current = root + 2; + while(current < end){ + if(*current == type){ + return current; + }else{ + current += 2 + *(current+1); + } + } + return NULL; +} + +// /** +// * @brief Appends an ASN.1 node to the end of a given node. +// * +// * This function appends an ASN.1 node of a specified type and length to the end of +// * the ASN.1 structure at specified node level. +// * It would make the code cleaner, but I can't get it to work - it calculates fields lengths incorrectly. +// * +// * @param root Pointer to the root node of the ASN.1 structure. +// * @param root Pointer to the node to be appended of the ASN.1 structure. +// * @param type The type of the ASN.1 node to append. +// * @param data Pointer to the data to be appended. +// * @param len The length of the data to be appended. +// */ +// void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len){ +// uint8_t * end = root + *(root+1); + +// *(end) = type; +// *(end+1) = len; +// memcpy(end+2, data, len); + +// for(uint8_t * current = root; current < node; current += 2){ +// *(current+1) += 2 + len; +// }; +// return; +// } + +void sam_send_ack(void){ + uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; + + uint8_t payload[] = { + 0xa0, 0 + }; + uint16_t payload_len = sizeof(payload); + + sam_send_payload( + 0x44, 0x0a, 0x00, + payload, + &payload_len, + response, + &response_len + ); + + BigBuf_free(); +} diff --git a/armsrc/sam_common.h b/armsrc/sam_common.h new file mode 100644 index 000000000..5aa0fe04d --- /dev/null +++ b/armsrc/sam_common.h @@ -0,0 +1,49 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +#ifndef __SAM_COMMON_H +#define __SAM_COMMON_H + +#include "common.h" + +static const uint8_t SAM_TX_APDU_PREFIX_LENGTH = 5; +static const uint8_t SAM_TX_ASN1_PREFIX_LENGTH = 6; +static const uint8_t SAM_RX_ASN1_PREFIX_LENGTH = 5; + +int sam_rxtx(const uint8_t *data, uint16_t n, uint8_t *resp, uint16_t *resplen); + +void switch_clock_to_ticks(void); +void switch_clock_to_countsspclk(void); + +int sam_send_payload( + uint8_t addr_src, + uint8_t addr_dest, + uint8_t addr_reply, + + uint8_t *payload, + uint16_t *payload_len, + + uint8_t *response, + uint16_t *response_len +); + +int sam_get_version(void); + +uint8_t * sam_find_asn1_node(uint8_t * root, const uint8_t type); +//void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len); + +void sam_send_ack(void); + +#endif diff --git a/armsrc/sam_mfc.c b/armsrc/sam_mfc.c index 090f4a781..5e2309437 100644 --- a/armsrc/sam_mfc.c +++ b/armsrc/sam_mfc.c @@ -16,7 +16,7 @@ // Routines to support MFC <-> SAM communication //----------------------------------------------------------------------------- #include "sam_mfc.h" -#include "sam_seos.h" +#include "sam_common.h" #include "iclass.h" #include "proxmark3_arm.h" diff --git a/armsrc/sam_mfc.h b/armsrc/sam_mfc.h index 5cf55d711..527bc77ff 100644 --- a/armsrc/sam_mfc.h +++ b/armsrc/sam_mfc.h @@ -17,5 +17,6 @@ #define __SAM_MFC_H #include "common.h" +#include "sam_common.h" #endif diff --git a/armsrc/sam_picopass.c b/armsrc/sam_picopass.c index fd465c992..882f03b9d 100644 --- a/armsrc/sam_picopass.c +++ b/armsrc/sam_picopass.c @@ -16,6 +16,7 @@ // Routines to support Picopass <-> SAM communication //----------------------------------------------------------------------------- #include "sam_picopass.h" +#include "sam_common.h" #include "iclass.h" #include "crc16.h" #include "proxmark3_arm.h" @@ -30,66 +31,79 @@ #include "optimized_cipher.h" #include "fpgaloader.h" -static int sam_rxtx(const uint8_t *data, uint16_t n, uint8_t *resp, uint16_t *resplen) { - StartTicks(); +/** + * @brief Sets the card detected status for the SAM (Secure Access Module). + * + * This function informs that a card has been detected by the reader and + * initializes SAM communication with the card. + * + * @param card_select Pointer to the descriptor of the detected card. + * @return Status code indicating success or failure of the operation. + */ +static int sam_set_card_detected(picopass_hdr_t * card_select){ + int res = PM3_SUCCESS; + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_set_card_detected"); - bool res = I2C_BufferWrite(data, n, I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); - if (res == false) { - DbpString("failed to send to SIM CARD"); + uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; + + // a0 12 + // ad 10 + // a0 0e + // 80 02 + // 00 04 <- Picopass + // 81 08 + // 9b fc a4 00 fb ff 12 e0 <- CSN + + uint8_t payload[] = { + 0xa0, 18, // <- SAM command + 0xad, 16, // <- set detected card + 0xa0, 4+10, + 0x80, 2, // <- protocol + 0x00, 0x04, // <- Picopass + 0x81, 8, // <- CSN + card_select->csn[0], card_select->csn[1], card_select->csn[2], card_select->csn[3], + card_select->csn[4], card_select->csn[5], card_select->csn[6], card_select->csn[7] + }; + uint16_t payload_len = sizeof(payload); + + sam_send_payload( + 0x44, 0x0a, 0x44, + payload, + &payload_len, + response, + &response_len + ); + + // resp: + // c1 64 00 00 00 + // bd 02 <- response + // 8a 00 <- empty response (accepted) + // 90 00 + + if(response[5] != 0xbd){ + if (g_dbglevel >= DBG_ERROR) + Dbprintf("Invalid SAM response"); + goto error; + }else{ + // uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); + // if(sam_response_an == NULL){ + // if (g_dbglevel >= DBG_ERROR) + // Dbprintf("Invalid SAM response"); + // goto error; + // } goto out; } + error: + res = PM3_ESOFT; - *resplen = ISO7816_MAX_FRAME; + out: + BigBuf_free(); - res = sc_rx_bytes(resp, resplen, SIM_WAIT_DELAY); - if (res == false) { - DbpString("failed to receive from SIM CARD"); - goto out; - } - - if (*resplen < 2) { - DbpString("received too few bytes from SIM CARD"); - res = false; - goto out; - } - - uint16_t more_len = 0; - - if (resp[*resplen - 2] == 0x61 || resp[*resplen - 2] == 0x9F) { - more_len = resp[*resplen - 1]; - } else { - // we done, return - goto out; - } - - // Don't discard data we already received except the SW code. - // If we only received 1 byte, this is the echo of INS, we discard it. - *resplen -= 2; - if (*resplen == 1) { - *resplen = 0; - } - - uint8_t cmd_getresp[] = {0x00, ISO7816_GET_RESPONSE, 0x00, 0x00, more_len}; - - res = I2C_BufferWrite(cmd_getresp, sizeof(cmd_getresp), I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); - if (res == false) { - DbpString("failed to send to SIM CARD 2"); - goto out; - } - - more_len = 255 - *resplen; - - res = sc_rx_bytes(resp + *resplen, &more_len, SIM_WAIT_DELAY); - if (res == false) { - DbpString("failed to receive from SIM CARD 2"); - goto out; - } - - *resplen += more_len; - -out: - StopTicks(); + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_set_card_detected"); return res; } @@ -218,23 +232,19 @@ int sam_picopass_get_pacs(void) { uint8_t *sam_apdu = BigBuf_calloc(ISO7816_MAX_FRAME); // ----------------------------------------------------------------------------- - // first - // a0 da 02 63 1a 44 0a 44 00 00 00 a0 12 ad 10 a0 0e 80 02 00 04 81 08 9b fc a4 00 fb ff 12 e0 - hexstr_to_byte_array("a0da02631a440a44000000a012ad10a00e800200048108", sam_apdu, &sam_len); - memcpy(sam_apdu + sam_len, hdr.csn, sizeof(hdr.csn)); - sam_len += sizeof(hdr.csn); - - if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { - res = PM3_ECARDEXCHANGE; - goto out; - } - print_dbg("-- 1", resp, resp_len); + // first - set detected card (0xAD) + switch_clock_to_ticks(); + sam_set_card_detected(&hdr); // ----------------------------------------------------------------------------- - // second - // a0 da 02 63 0d 44 0a 44 00 00 00 a0 05 a1 03 80 01 04 - hexstr_to_byte_array("a0da02630d440a44000000a005a103800104", sam_apdu, &sam_len); - if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { + // second - get PACS (0xA1) + + // a0 05 + // a1 03 + // 80 01 + // 04 + hexstr_to_byte_array("a005a103800104", sam_apdu, &sam_len); + if(sam_send_payload(0x44, 0x0a, 0x44, sam_apdu, &sam_len, resp, &resp_len) != PM3_SUCCESS) { res = PM3_ECARDEXCHANGE; goto out; } @@ -245,7 +255,7 @@ int sam_picopass_get_pacs(void) { // Tag|c00a140a000000a110a10e8004 0c05de64 8102 0004 820201f4 // ----------------------------------------------------------------------------- - // third AIA block 5 + // third AIA block 5 (emulated tag <-> SAM exchange starts here) // a0da02631c140a00000000bd14a012a010800a ffffff0006fffffff88e 81020000 // picopass legacy is fixed. wants AIA and crc. ff ff ff ff ff ff ff ff ea f5 // picpoasss SE ff ff ff 00 06 ff ff ff f8 8e @@ -300,7 +310,7 @@ int sam_picopass_get_pacs(void) { } // start ssp clock again... - StartCountSspClk(); + switch_clock_to_countsspclk(); // NOW we auth against tag uint8_t cmd_check[9] = { ICLASS_CMD_CHECK }; @@ -325,6 +335,7 @@ int sam_picopass_get_pacs(void) { hexstr_to_byte_array("A0DA026316140A00000000BD0EA00CA00A8004311E32E981020000", sam_apdu, &sam_len); memcpy(sam_apdu + 19, mac, sizeof(mac)); + switch_clock_to_ticks(); if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { res = PM3_ECARDEXCHANGE; goto out; @@ -355,7 +366,7 @@ int sam_picopass_get_pacs(void) { // c1 61 c1 00 00 a1 10 a1 0e 80 04 0c 06 45 56 81 02 00 04 82 02 01 f4 90 00 // read block 6 - StartCountSspClk(); + switch_clock_to_countsspclk(); start_time = GetCountSspClk(); iclass_send_as_reader(resp + 11, 4, &start_time, &eof_time, shallow_mod); @@ -373,6 +384,7 @@ int sam_picopass_get_pacs(void) { hexstr_to_byte_array("A0DA02631C140A00000000BD14A012A010800A030303030003E017432381020000", sam_apdu, &sam_len); memcpy(sam_apdu + 19, resp, resp_len); + switch_clock_to_ticks(); if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { res = PM3_ECARDEXCHANGE; goto out; @@ -382,7 +394,7 @@ int sam_picopass_get_pacs(void) { // c161c10000a110a10e8004 0606455681020004820201f49000 // read the credential blocks - StartCountSspClk(); + switch_clock_to_countsspclk(); start_time = GetCountSspClk(); iclass_send_as_reader(resp + 11, 4, &start_time, &eof_time, shallow_mod); @@ -400,6 +412,7 @@ int sam_picopass_get_pacs(void) { hexstr_to_byte_array("A0DA026334140A00000000BD2CA02AA0288022030303030003E017769CB4A198E0DEC82AD4C8211F9968712BE7393CF8E71D7E804C81020000", sam_apdu, &sam_len); memcpy(sam_apdu + 19, resp, resp_len); + switch_clock_to_ticks(); if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { res = PM3_ECARDEXCHANGE; goto out; @@ -409,7 +422,13 @@ int sam_picopass_get_pacs(void) { // ----------------------------------------------------------------------------- // TEN ask for PACS data - // A0DA02630C440A00000000BD04A0028200 + // A0 DA 02 63 0C + // 44 0A 00 00 00 00 + // BD 04 + // A0 02 + // 82 00 + + // (emulated tag <-> SAM exchange ends here) hexstr_to_byte_array("A0DA02630C440A00000000BD04A0028200", sam_apdu, &sam_len); memcpy(sam_apdu + 19, resp, resp_len); @@ -424,7 +443,12 @@ int sam_picopass_get_pacs(void) { goto out; } - // c164000000bd098a07 030506951f9a00 9000 + // resp: + // c1 64 00 00 00 + // bd 09 + // 8a 07 + // 03 05 06 95 1f 9a 00 <- decoded PACS data + // 90 00 uint8_t *pacs = BigBuf_calloc(resp[8]); memcpy(pacs, resp + 9, resp[8]); @@ -439,6 +463,7 @@ out: off: switch_off(); + StopTicks(); BigBuf_free(); return res; } diff --git a/armsrc/sam_picopass.h b/armsrc/sam_picopass.h index 7feef0bde..26d734d39 100644 --- a/armsrc/sam_picopass.h +++ b/armsrc/sam_picopass.h @@ -17,6 +17,7 @@ #define __SAM_PICOPASS_H #include "common.h" +#include "sam_common.h" int sam_picopass_get_pacs(void); From c08e6c47c8cc536a807efcb8f383af60f9240b97 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Sat, 4 Jan 2025 14:49:39 +0100 Subject: [PATCH 125/150] sam_seos: add suppport for HID SAM communication with SEOS cards, based on bettse/seader project --- armsrc/appmain.c | 2 +- armsrc/sam_seos.c | 350 +++++++++++++++++++++++++++++++++++++++++ armsrc/sam_seos.h | 2 + client/src/cmdhfseos.c | 123 ++++++++++++++- 4 files changed, 475 insertions(+), 2 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 6d42a0e0c..dbe929159 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2246,7 +2246,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_SAM_SEOS: { -// sam_seos_get_pacs(); + sam_seos_get_pacs(); break; } diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index 00e4da45b..0fe5c8670 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -14,9 +14,359 @@ // See LICENSE.txt for the text of the license. //----------------------------------------------------------------------------- // Routines to support SEOS <-> SAM communication +// communication and ASN.1 messages based on https://github.com/bettse/seader/blob/main/seader.asn1 //----------------------------------------------------------------------------- #include "sam_seos.h" +#include "sam_common.h" #include "iclass.h" #include "proxmark3_arm.h" +#include "iso14443a.h" + +#include "iclass.h" +#include "crc16.h" +#include "proxmark3_arm.h" +#include "BigBuf.h" #include "cmd.h" +#include "commonutil.h" +#include "ticks.h" +#include "dbprint.h" +#include "i2c.h" +#include "protocols.h" +#include "optimized_cipher.h" +#include "fpgaloader.h" + +#include "cmd.h" + + +/** + * @brief Sets the card detected status for the SAM (Secure Access Module). + * + * This function informs that a card has been detected by the reader and + * initializes SAM communication with the card. + * + * @param card_select Pointer to the descriptor of the detected card. + * @return Status code indicating success or failure of the operation. + */ +static int sam_set_card_detected(iso14a_card_select_t * card_select){ + int res = PM3_SUCCESS; + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_set_card_detected"); + + if(card_select ->uidlen != 4) + return PM3_EFAILED; + + uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; + + uint8_t payload[] = { + 0xa0, (2+(2+(4*2 +2+4+2+1))), // <- SAM command + 0xad, (2+(4*2 +2+4+2+1)), // <- set detected card + 0xa0, (4*2 +2+4+2+1), + 0x80, 2, // <- protocol + 0x00, 0x02, // <- ISO14443A + 0x81, card_select->uidlen, // <- CSN + card_select->uid[0], card_select->uid[1], card_select->uid[2], card_select->uid[3], + 0x82, 2, // <- ATQA + card_select->atqa[0], card_select->atqa[1], + 0x83, 1, // <- SAK + card_select->sak + }; + uint16_t payload_len = sizeof(payload); + + sam_send_payload( + 0x44, 0x0a, 0x44, + payload, + &payload_len, + response, + &response_len + ); + + // resp: + // c1 64 00 00 00 + // bd 02 <- response + // 8a 00 <- empty response (accepted) + // 90 00 + + if(response[5] != 0xbd){ + if (g_dbglevel >= DBG_ERROR) + Dbprintf("Invalid SAM response"); + goto error; + }else{ + // uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); + // if(sam_response_an == NULL){ + // if (g_dbglevel >= DBG_ERROR) + // Dbprintf("Invalid SAM response"); + // goto error; + // } + goto out; + } + error: + res = PM3_ESOFT; + + out: + BigBuf_free(); + + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_set_card_detected"); + return res; +} + +/** + * @brief Copies the payload from an NFC buffer to a SAM buffer. + * + * Wraps received data from NFC into an ASN1 tree, so it can be transmitted to the SAM . + * + * @param sam_tx Pointer to the SAM transmit buffer. + * @param nfc_rx Pointer to the NFC receive buffer. + * @param nfc_len Length of the data to be copied from the NFC buffer. + * + * @return Length of SAM APDU to be sent. + */ +inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t * nfc_rx, uint8_t nfc_len){ + // NFC resp: + // 6f 0c 84 0a a0 00 00 04 40 00 01 01 00 01 90 00 fb e3 + + // SAM req: + // bd 1c + // a0 1a + // a0 18 + // 80 12 + // 6f 0c 84 0a a0 00 00 04 40 00 01 01 00 01 90 00 fb e3 + // 81 02 + // 00 00 + + sam_tx[0] = 0xBD; + + sam_tx[2] = 0xA0; + + sam_tx[4] = 0xA0; + + sam_tx[6] = 0x80; + sam_tx[7] = nfc_len; + memcpy(sam_tx+8, nfc_rx, nfc_len); + + sam_tx[8+nfc_len] = 0x81; + sam_tx[9+nfc_len] = 0x02; + sam_tx[10+nfc_len] = 0x00; + sam_tx[11+nfc_len] = 0x00; + + // fix lengths + sam_tx[5] = 2 + nfc_len + 4; + sam_tx[3] = sam_tx[5] + 2; + sam_tx[1] = sam_tx[3] + 2; + return sam_tx[1] + 2; +} + +/** + * @brief Copies the payload from the SAM receive buffer to the NFC transmit buffer. + * + * Unpacks data to be transmitted from ASN1 tree in APDU received from SAM. + * + * @param nfc_tx_buf Pointer to the buffer where the NFC transmit data will be stored. + * @param sam_rx_buf Pointer to the buffer containing the data received from the SAM. + * @return Length of NFC APDU to be sent. + */ +inline static uint16_t sam_seos_copy_payload_sam2nfc(uint8_t * nfc_tx_buf, uint8_t * sam_rx_buf){ + // SAM resp: + // c1 61 c1 00 00 + // a1 21 <- nfc command + // a1 1f <- nfc send + // 80 10 <- data + // 00 a4 04 00 0a a0 00 00 04 40 00 01 01 00 01 00 + // 81 02 <- protocol + // 02 02 + // 82 02 <- timeout + // 01 2e + // 85 03 <- format + // 06 c0 00 + // 90 00 + + // NFC req: + // 00 a4 04 00 0a a0 00 00 04 40 00 01 01 00 01 00 + + // copy data out of c1->a1>->a1->80 node + uint16_t nfc_tx_len = (uint8_t) *(sam_rx_buf + 10); + memcpy(nfc_tx_buf, sam_rx_buf+11, nfc_tx_len); + return nfc_tx_len; +} + +/** + * @brief Copies the payload from the SAM receive buffer to the NFC transmit buffer. + * + * Unpacks data to be transmitted from ASN1 tree in APDU received from SAM. + * + * @param pacs Pointer to the buffer where the decoded PACS data will be stored. + * @param pacs_len Pointer to the variable where the length of the PACS data will be stored. + * @return Status code indicating success or failure of the operation. + */ +static int sam_request_pacs(uint8_t * pacs, uint8_t * pacs_len){ + int res = PM3_SUCCESS; + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_request_pacs"); + + uint8_t buf1[ISO7816_MAX_FRAME] = {0}; + uint8_t buf2[ISO7816_MAX_FRAME] = {0}; + + uint8_t * sam_tx_buf = buf1; + uint16_t sam_tx_len; + + uint8_t * sam_rx_buf = buf2; + uint16_t sam_rx_len; + + uint8_t * nfc_tx_buf = buf1; + uint16_t nfc_tx_len; + + uint8_t * nfc_rx_buf = buf2; + uint16_t nfc_rx_len; + + // send get pacs + static const uint8_t payload[] = { + 0xa0, 5, // <- SAM command + 0xa1, 3, // <- get PACS + 0x80, 1, + 0x04 + }; + sam_tx_len = sizeof(payload); + memcpy(sam_tx_buf, payload, sam_tx_len); + + sam_send_payload( + 0x44, 0x0a, 0x44, + sam_tx_buf, &sam_tx_len, + sam_rx_buf, &sam_rx_len + ); + + // tag <-> SAM exchange starts here + for(int i = 0; i < 20; i++){ + switch_clock_to_countsspclk(); + nfc_tx_len = sam_seos_copy_payload_sam2nfc(nfc_tx_buf, sam_rx_buf); + + nfc_rx_len = iso14_apdu( + nfc_tx_buf, + nfc_tx_len, + false, + nfc_rx_buf, + ISO7816_MAX_FRAME, + NULL + ); + + switch_clock_to_ticks(); + sam_tx_len = sam_seos_copy_payload_nfc2sam(sam_tx_buf, nfc_rx_buf, nfc_rx_len-2); + + sam_send_payload( + 0x14, 0x0a, 0x14, + sam_tx_buf, &sam_tx_len, + sam_rx_buf, &sam_rx_len + ); + + // last SAM->TAG + // c1 61 c1 00 00 a1 02 >>82<< 00 90 00 + if(sam_rx_buf[7] == 0x82){ + // tag <-> SAM exchange ends here + break; + } + + } + + static const uint8_t hfack[] = { + 0xbd, 0x04, 0xa0, 0x02, 0x82, 0x00 + }; + + sam_tx_len = sizeof(hfack); + memcpy(sam_tx_buf, hfack, sam_tx_len); + + sam_send_payload( + 0x14, 0x0a, 0x00, + sam_tx_buf, &sam_tx_len, + sam_rx_buf, &sam_rx_len + ); + + // resp: + // c1 64 00 00 00 + // bd 09 + // 8a 07 + // 03 05 <- include tag for pm3 client + // 06 85 80 6d c0 <- decoded PACS data + // 90 00 + if(sam_rx_buf[5+2] != 0x8a && sam_rx_buf[5+4] != 0x03){ + if (g_dbglevel >= DBG_ERROR) + Dbprintf("Invalid SAM response"); + goto err; + } + *pacs_len = sam_rx_buf[5+5] +2; + memcpy(pacs, sam_rx_buf+5+4, *pacs_len); + res=PM3_SUCCESS; + + goto out; + + err: + res=PM3_ESOFT; + out: + return res; +} + +/** + * @brief Retrieves PACS data from SEOS card using SAM. + * + * This function is called by appmain.c + * It sends a request to the SAM to get the PACS data from the SEOS card. + * The PACS data is then returned to the PM3 client. + * + * @return Status code indicating success or failure of the operation. + */ +int sam_seos_get_pacs(void){ + int res = PM3_EFAILED; + + clear_trace(); + I2C_Reset_EnterMainProgram(); + + set_tracing(true); + StartTicks(); + + // step 1: ping SAM + sam_get_version(); + + // step 2: get card information + iso14a_card_select_t card_a_info; + + // implicit StartSspClk() happens here + iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); + if (!iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)){ + goto err; + } + + switch_clock_to_ticks(); + + // step 3: SamCommand CardDetected + sam_set_card_detected(&card_a_info); + + // step 3: SamCommand RequestPACS, relay NFC communication + + uint8_t pacs[10] = { 0x00 }; + uint8_t pacs_len = 0; + res = sam_request_pacs(pacs, &pacs_len); + if(res != PM3_SUCCESS){ + goto err; + } + if (g_dbglevel >= DBG_INFO) + print_result("PACS data", pacs, pacs_len); + + sam_send_ack(); + + goto out; + goto off; + + err: + res = PM3_ENOPACS; + reply_ng(CMD_HF_SAM_SEOS, res, NULL, 0); + goto off; + out: + reply_ng(CMD_HF_SAM_SEOS, PM3_SUCCESS, pacs, pacs_len); + goto off; + off: + switch_off(); + set_tracing(false); + StopTicks(); + BigBuf_free(); + return res; +} \ No newline at end of file diff --git a/armsrc/sam_seos.h b/armsrc/sam_seos.h index c2100f07e..a1b637c80 100644 --- a/armsrc/sam_seos.h +++ b/armsrc/sam_seos.h @@ -18,4 +18,6 @@ #include "common.h" +int sam_seos_get_pacs(void); + #endif diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index fe57b7c76..74837134e 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -30,6 +30,9 @@ #include "ui.h" #include "cmdhf14a.h" // manufacture #include "protocols.h" // definitions of ISO14A/7816 protocol +#include "cardhelper.h" +#include "wiegand_formats.h" +#include "wiegand_formatutils.h" #include "iso7816/apduinfo.h" // GetAPDUCodeDescription #include "crypto/asn1utils.h" // ASN1 decode / print #include "crypto/libpcrypto.h" // AES decrypt @@ -1632,10 +1635,129 @@ static int CmdHfSeosList(const char *Cmd) { return CmdTraceListAlias(Cmd, "hf seos", "seos -c"); } +static int CmdHfSeosSAM(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos sam", + "Extract PACS via a HID SAM\n", + "hf seos sam\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_lit0("v", "verbose", "verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + bool verbose = arg_get_lit(ctx, 1); + CLIParserFree(ctx); + + if (IsHIDSamPresent(verbose) == false) { + return PM3_ESOFT; + } + + clearCommandBuffer(); + SendCommandNG(CMD_HF_SAM_SEOS, NULL, 0); + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_HF_SAM_SEOS, &resp, 4000) == false) { + PrintAndLogEx(WARNING, "SAM timeout"); + return PM3_ETIMEOUT; + } + + switch (resp.status) { + case PM3_SUCCESS: + break; + case PM3_ENOPACS: + PrintAndLogEx(SUCCESS, "No PACS data found. Card empty?"); + return resp.status; + default: + PrintAndLogEx(WARNING, "SAM select failed"); + return resp.status; + } + + // CSN, config, epurse, NR/MAC, AIA + // PACS + // first byte skip + // second byte length + // third padded + // fourth .. + uint8_t *d = resp.data.asBytes; + uint8_t n = d[1] - 1; // skip length byte + uint8_t pad = d[2]; + char *binstr = (char *)calloc((n * 8) + 1, sizeof(uint8_t)); + if (binstr == NULL) { + return PM3_EMALLOC; + } + + bytes_2_binstr(binstr, d + 3, n); + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(d + 2, resp.length - 2)); + PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + binstr[strlen(binstr) - pad] = '\0'; + PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + size_t hexlen = 0; + uint8_t hex[16] = {0}; + binstr_2_bytes(hex, &hexlen, binstr); + PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); + + uint32_t top = 0, mid = 0, bot = 0; + if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { + PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); + free(binstr); + return PM3_EINVARG; + } + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "Wiegand decode"); + wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); + HIDTryUnpack(&packed); + + PrintAndLogEx(NORMAL, ""); + + if (strlen(binstr) >= 26 && verbose) { + + // iCLASS Legacy + PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); + PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // HID Prox II + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); + PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // MIFARE Classic + char mfcbin[28] = {0}; + mfcbin[0] = '1'; + memcpy(mfcbin + 1, binstr, strlen(binstr)); + binstr_2_bytes(hex, &hexlen, mfcbin); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); + PrintAndLogEx(SUCCESS, " hf mf eclr;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); + PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); + PrintAndLogEx(NORMAL, ""); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); + PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + } + free(binstr); + + return PM3_SUCCESS; +} + static command_t CommandTable[] = { {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("General") " -----------------------"}, {"help", CmdHelp, AlwaysAvailable, "This help"}, {"list", CmdHfSeosList, AlwaysAvailable, "List SEOS history"}, + {"sam", CmdHfSeosSAM, IfPm3Smartcard, "SAM tests"}, {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Operations") " -----------------------"}, {"info", CmdHfSeosInfo, IfPm3NfcBarcode, "Tag information"}, {"pacs", CmdHfSeosPACS, AlwaysAvailable, "Extract PACS Information from card"}, @@ -1643,7 +1765,6 @@ static command_t CommandTable[] = { {"gdf", CmdHfSeosGDF, AlwaysAvailable, "Read an GDF from card"}, {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Utils") " -----------------------"}, {"managekeys", CmdHfSeosManageKeys, AlwaysAvailable, "Manage keys to use with SEOS commands"}, - {NULL, NULL, NULL, NULL} }; From 472d2e933007afb018ec6f541d900da0c0c9aba0 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Sun, 5 Jan 2025 20:42:32 +0100 Subject: [PATCH 126/150] armsrc/sam_common.c: fix sam_append_asn1_node --- armsrc/sam_common.c | 49 ++++++++++++++++++++++++--------------------- armsrc/sam_common.h | 2 +- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/armsrc/sam_common.c b/armsrc/sam_common.c index 5c0acbe86..3efa1574c 100644 --- a/armsrc/sam_common.c +++ b/armsrc/sam_common.c @@ -327,31 +327,34 @@ uint8_t * sam_find_asn1_node(uint8_t * root, const uint8_t type){ return NULL; } -// /** -// * @brief Appends an ASN.1 node to the end of a given node. -// * -// * This function appends an ASN.1 node of a specified type and length to the end of -// * the ASN.1 structure at specified node level. -// * It would make the code cleaner, but I can't get it to work - it calculates fields lengths incorrectly. -// * -// * @param root Pointer to the root node of the ASN.1 structure. -// * @param root Pointer to the node to be appended of the ASN.1 structure. -// * @param type The type of the ASN.1 node to append. -// * @param data Pointer to the data to be appended. -// * @param len The length of the data to be appended. -// */ -// void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len){ -// uint8_t * end = root + *(root+1); +/** + * @brief Appends an ASN.1 node to the end of a given node. + * + * This function appends an ASN.1 node of a specified type and length to the end of + * the ASN.1 structure at specified node level. + * + * It is the most naive solution that does not handle the case where the node to append is + * not the last node at the same level. It also does not also care about proper + * order of the nodes. + * + * @param root Pointer to the root node of the ASN.1 structure. + * @param root Pointer to the node to be appended of the ASN.1 structure. + * @param type The type of the ASN.1 node to append. + * @param data Pointer to the data to be appended. + * @param len The length of the data to be appended. + */ +void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len){ + uint8_t * end = root + *(root+1) + 2; -// *(end) = type; -// *(end+1) = len; -// memcpy(end+2, data, len); + *(end) = type; + *(end+1) = len; + memcpy(end+2, data, len); -// for(uint8_t * current = root; current < node; current += 2){ -// *(current+1) += 2 + len; -// }; -// return; -// } + for(uint8_t * current = root; current <= node; current += 2){ + *(current+1) += 2 + len; + }; + return; +} void sam_send_ack(void){ uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); diff --git a/armsrc/sam_common.h b/armsrc/sam_common.h index 5aa0fe04d..c84189f98 100644 --- a/armsrc/sam_common.h +++ b/armsrc/sam_common.h @@ -42,7 +42,7 @@ int sam_send_payload( int sam_get_version(void); uint8_t * sam_find_asn1_node(uint8_t * root, const uint8_t type); -//void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len); +void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len); void sam_send_ack(void); From 7b5ce7fbeff8f08fd0b9c717b80f1c32bc82186e Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Sun, 5 Jan 2025 20:43:52 +0100 Subject: [PATCH 127/150] armsrc/sam_seos.c: added support for cards with uid of length != 4 --- armsrc/sam_seos.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index 0fe5c8670..8ee112eb0 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -53,31 +53,30 @@ static int sam_set_card_detected(iso14a_card_select_t * card_select){ if (g_dbglevel >= DBG_DEBUG) DbpString("start sam_set_card_detected"); - if(card_select ->uidlen != 4) - return PM3_EFAILED; + uint8_t * request = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t request_len = ISO7816_MAX_FRAME; uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); uint16_t response_len = ISO7816_MAX_FRAME; uint8_t payload[] = { - 0xa0, (2+(2+(4*2 +2+4+2+1))), // <- SAM command - 0xad, (2+(4*2 +2+4+2+1)), // <- set detected card - 0xa0, (4*2 +2+4+2+1), + 0xa0, 8, // <- SAM command + 0xad, 6, // <- set detected card + 0xa0, 4, // <- detected card details 0x80, 2, // <- protocol - 0x00, 0x02, // <- ISO14443A - 0x81, card_select->uidlen, // <- CSN - card_select->uid[0], card_select->uid[1], card_select->uid[2], card_select->uid[3], - 0x82, 2, // <- ATQA - card_select->atqa[0], card_select->atqa[1], - 0x83, 1, // <- SAK - card_select->sak + 0x00, 0x02 // <- ISO14443A }; - uint16_t payload_len = sizeof(payload); + + memcpy(request, payload, sizeof(payload)); + sam_append_asn1_node(request, request+4, 0x81, card_select->uid, card_select->uidlen); + sam_append_asn1_node(request, request+4, 0x82, card_select->atqa, 2); + sam_append_asn1_node(request, request+4, 0x83, &card_select->sak, 1); + request_len = request[1] + 2; sam_send_payload( 0x44, 0x0a, 0x44, - payload, - &payload_len, + request, + &request_len, response, &response_len ); From d8ebec6baab93effd929e7f7a0d5b9864aa10953 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Sun, 5 Jan 2025 20:45:30 +0100 Subject: [PATCH 128/150] armsrc/sam_seos.c: cleanup in sam_seos_copy_payload_nfc2sam --- armsrc/sam_seos.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index 8ee112eb0..e1a968e60 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -135,26 +135,22 @@ inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t * // 81 02 // 00 00 - sam_tx[0] = 0xBD; + const uint8_t payload[] = { + 0xbd, 4, + 0xa0, 2, + 0xa0, 0 + }; - sam_tx[2] = 0xA0; + const uint8_t tag81[] = { + 0x00, 0x00 + }; - sam_tx[4] = 0xA0; + memcpy(sam_tx, payload, sizeof(payload)); - sam_tx[6] = 0x80; - sam_tx[7] = nfc_len; - memcpy(sam_tx+8, nfc_rx, nfc_len); - - sam_tx[8+nfc_len] = 0x81; - sam_tx[9+nfc_len] = 0x02; - sam_tx[10+nfc_len] = 0x00; - sam_tx[11+nfc_len] = 0x00; - - // fix lengths - sam_tx[5] = 2 + nfc_len + 4; - sam_tx[3] = sam_tx[5] + 2; - sam_tx[1] = sam_tx[3] + 2; - return sam_tx[1] + 2; + sam_append_asn1_node(sam_tx, sam_tx+4, 0x80, nfc_rx, nfc_len); + sam_append_asn1_node(sam_tx, sam_tx+4, 0x81, tag81, sizeof(tag81)); + + return sam_tx[1] + 2; // length of the ASN1 tree } /** From c28ddd1d563f90d6e8d81a5c2b8f2885ace23a09 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Sun, 5 Jan 2025 21:21:30 +0100 Subject: [PATCH 129/150] armsrc/sam_common.c: type cleanup --- armsrc/sam_common.c | 28 ++++++++++++---------------- armsrc/sam_common.h | 14 +++++++------- armsrc/sam_picopass.c | 2 +- armsrc/sam_seos.c | 2 +- 4 files changed, 21 insertions(+), 25 deletions(-) diff --git a/armsrc/sam_common.c b/armsrc/sam_common.c index 3efa1574c..835428074 100644 --- a/armsrc/sam_common.c +++ b/armsrc/sam_common.c @@ -18,21 +18,17 @@ #include -// #include "sam_picopass.h" #include "sam_common.h" #include "iclass.h" -// #include "crc16.h" #include "proxmark3_arm.h" #include "BigBuf.h" -// #include "cmd.h" #include "commonutil.h" #include "ticks.h" #include "dbprint.h" #include "i2c.h" #include "iso15693.h" #include "protocols.h" -// #include "optimized_cipher.h" -// #include "fpgaloader.h" + /** * @brief Transmits data to and receives data from a HID®'s iCLASS® SE™ Processor. @@ -155,12 +151,12 @@ void switch_clock_to_countsspclk(void){ * @return Status code indicating success or failure of the operation. */ int sam_send_payload( - uint8_t addr_src, - uint8_t addr_dest, - uint8_t addr_reply, + const uint8_t addr_src, + const uint8_t addr_dest, + const uint8_t addr_reply, - uint8_t *payload, - uint16_t *payload_len, + const uint8_t * const payload, + const uint16_t *payload_len, uint8_t *response, uint16_t *response_len @@ -314,9 +310,9 @@ int sam_get_version(void){ * @param type The type of the ASN.1 node to find. * @return Pointer to the ASN.1 node of the specified type if found, otherwise NULL. */ -uint8_t * sam_find_asn1_node(uint8_t * root, const uint8_t type){ - const uint8_t * end = root + *(root+1); - uint8_t * current = root + 2; +uint8_t * sam_find_asn1_node(const uint8_t * root, const uint8_t type){ + const uint8_t * end = (uint8_t *) root + *(root+1); + uint8_t * current = (uint8_t *) root + 2; while(current < end){ if(*current == type){ return current; @@ -343,14 +339,14 @@ uint8_t * sam_find_asn1_node(uint8_t * root, const uint8_t type){ * @param data Pointer to the data to be appended. * @param len The length of the data to be appended. */ -void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len){ - uint8_t * end = root + *(root+1) + 2; +void sam_append_asn1_node(const uint8_t * root, const uint8_t * node, uint8_t type, const uint8_t * const data, uint8_t len){ + uint8_t * end = (uint8_t *) root + *(root+1) + 2; *(end) = type; *(end+1) = len; memcpy(end+2, data, len); - for(uint8_t * current = root; current <= node; current += 2){ + for(uint8_t * current = (uint8_t *) root; current <= node; current += 2){ *(current+1) += 2 + len; }; return; diff --git a/armsrc/sam_common.h b/armsrc/sam_common.h index c84189f98..5e243346c 100644 --- a/armsrc/sam_common.h +++ b/armsrc/sam_common.h @@ -28,12 +28,12 @@ void switch_clock_to_ticks(void); void switch_clock_to_countsspclk(void); int sam_send_payload( - uint8_t addr_src, - uint8_t addr_dest, - uint8_t addr_reply, + const uint8_t addr_src, + const uint8_t addr_dest, + const uint8_t addr_reply, - uint8_t *payload, - uint16_t *payload_len, + const uint8_t * const payload, + const uint16_t *payload_len, uint8_t *response, uint16_t *response_len @@ -41,8 +41,8 @@ int sam_send_payload( int sam_get_version(void); -uint8_t * sam_find_asn1_node(uint8_t * root, const uint8_t type); -void sam_append_asn1_node(uint8_t * root, uint8_t * node, uint8_t type, uint8_t * data, uint8_t len); +uint8_t * sam_find_asn1_node(const uint8_t * root, const uint8_t type); +void sam_append_asn1_node(const uint8_t * root, const uint8_t * node, uint8_t type, const uint8_t * const data, uint8_t len); void sam_send_ack(void); diff --git a/armsrc/sam_picopass.c b/armsrc/sam_picopass.c index 882f03b9d..055423f41 100644 --- a/armsrc/sam_picopass.c +++ b/armsrc/sam_picopass.c @@ -244,7 +244,7 @@ int sam_picopass_get_pacs(void) { // 80 01 // 04 hexstr_to_byte_array("a005a103800104", sam_apdu, &sam_len); - if(sam_send_payload(0x44, 0x0a, 0x44, sam_apdu, &sam_len, resp, &resp_len) != PM3_SUCCESS) { + if(sam_send_payload(0x44, 0x0a, 0x44, sam_apdu, (uint16_t *) &sam_len, resp, &resp_len) != PM3_SUCCESS) { res = PM3_ECARDEXCHANGE; goto out; } diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index e1a968e60..5ac73ceb9 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -59,7 +59,7 @@ static int sam_set_card_detected(iso14a_card_select_t * card_select){ uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); uint16_t response_len = ISO7816_MAX_FRAME; - uint8_t payload[] = { + const uint8_t payload[] = { 0xa0, 8, // <- SAM command 0xad, 6, // <- set detected card 0xa0, 4, // <- detected card details From dfb5fa3de4a4cf3df60194c3efcc2b24524d80e1 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Mon, 6 Jan 2025 12:15:59 +0100 Subject: [PATCH 130/150] armsrc/sam_seos.c: add SoRootOID in sam_request_pacs As described in 5326-903 OMNIKEY 5326 Software Developer Guide (https://www.hidglobal.com/documents/omnikey-5326-dfr-developers-guide). Seems like it should be here since the beginning, but worked fine without. --- armsrc/sam_seos.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index 5ac73ceb9..f3afd568e 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -217,11 +217,14 @@ static int sam_request_pacs(uint8_t * pacs, uint8_t * pacs_len){ // send get pacs static const uint8_t payload[] = { - 0xa0, 5, // <- SAM command - 0xa1, 3, // <- get PACS + 0xa0, 19, // <- SAM command + 0xA1, 17, // <- SamCommandGetContentElement 0x80, 1, - 0x04 + 0x04, // <- implicitFormatPhysicalAccessBits + 0x84, 12, + 0x2B, 0x06, 0x01, 0x04, 0x01, 0x81, 0xE4, 0x38, 0x01, 0x01, 0x02, 0x04 // <- SoRootOID }; + sam_tx_len = sizeof(payload); memcpy(sam_tx_buf, payload, sam_tx_len); From 0f7574c9822d752c46e166cf1cb6a062f1e7a974 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Mon, 6 Jan 2025 14:21:25 +0100 Subject: [PATCH 131/150] sam_seos: add option to send arbitrary requests --- armsrc/appmain.c | 2 +- armsrc/sam_seos.c | 185 ++++++++++++++++++++++----------------- armsrc/sam_seos.h | 3 +- client/src/cmdhficlass.c | 2 + client/src/cmdhfseos.c | 148 ++++++++++++++++++++----------- 5 files changed, 205 insertions(+), 135 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index dbe929159..359985cc3 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2246,7 +2246,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_SAM_SEOS: { - sam_seos_get_pacs(); + sam_seos_get_pacs(packet); break; } diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index f3afd568e..866f62a63 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -35,6 +35,7 @@ #include "protocols.h" #include "optimized_cipher.h" #include "fpgaloader.h" +#include "pm3_cmd.h" #include "cmd.h" @@ -146,10 +147,10 @@ inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t * }; memcpy(sam_tx, payload, sizeof(payload)); - + sam_append_asn1_node(sam_tx, sam_tx+4, 0x80, nfc_rx, nfc_len); sam_append_asn1_node(sam_tx, sam_tx+4, 0x81, tag81, sizeof(tag81)); - + return sam_tx[1] + 2; // length of the ASN1 tree } @@ -187,18 +188,21 @@ inline static uint16_t sam_seos_copy_payload_sam2nfc(uint8_t * nfc_tx_buf, uint8 } /** - * @brief Copies the payload from the SAM receive buffer to the NFC transmit buffer. + * @brief Sends a request to the SAM and retrieves the response. * - * Unpacks data to be transmitted from ASN1 tree in APDU received from SAM. + * Unpacks request to the SAM and relays ISO14A traffic to the card. + * If no request data provided, sends a request to get PACS data. * - * @param pacs Pointer to the buffer where the decoded PACS data will be stored. - * @param pacs_len Pointer to the variable where the length of the PACS data will be stored. + * @param request Pointer to the buffer containing the request to be sent to the SAM. + * @param request_len Length of the request to be sent to the SAM. + * @param response Pointer to the buffer where the retreived data will be stored. + * @param response_len Pointer to the variable where the length of the retreived data will be stored. * @return Status code indicating success or failure of the operation. */ -static int sam_request_pacs(uint8_t * pacs, uint8_t * pacs_len){ +static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t request_len, uint8_t * response, uint8_t * response_len){ int res = PM3_SUCCESS; if (g_dbglevel >= DBG_DEBUG) - DbpString("start sam_request_pacs"); + DbpString("start sam_send_request_iso14a"); uint8_t buf1[ISO7816_MAX_FRAME] = {0}; uint8_t buf2[ISO7816_MAX_FRAME] = {0}; @@ -215,18 +219,23 @@ static int sam_request_pacs(uint8_t * pacs, uint8_t * pacs_len){ uint8_t * nfc_rx_buf = buf2; uint16_t nfc_rx_len; - // send get pacs - static const uint8_t payload[] = { - 0xa0, 19, // <- SAM command - 0xA1, 17, // <- SamCommandGetContentElement - 0x80, 1, - 0x04, // <- implicitFormatPhysicalAccessBits - 0x84, 12, - 0x2B, 0x06, 0x01, 0x04, 0x01, 0x81, 0xE4, 0x38, 0x01, 0x01, 0x02, 0x04 // <- SoRootOID - }; + if(request_len > 0){ + sam_tx_len = request_len; + memcpy(sam_tx_buf, request, sam_tx_len); + }else{ + // send get pacs + static const uint8_t payload[] = { + 0xa0, 19, // <- SAM command + 0xA1, 17, // <- SamCommandGetContentElement + 0x80, 1, + 0x04, // <- implicitFormatPhysicalAccessBits + 0x84, 12, + 0x2B, 0x06, 0x01, 0x04, 0x01, 0x81, 0xE4, 0x38, 0x01, 0x01, 0x02, 0x04 // <- SoRootOID + }; - sam_tx_len = sizeof(payload); - memcpy(sam_tx_buf, payload, sam_tx_len); + sam_tx_len = sizeof(payload); + memcpy(sam_tx_buf, payload, sam_tx_len); + } sam_send_payload( 0x44, 0x0a, 0x44, @@ -234,51 +243,53 @@ static int sam_request_pacs(uint8_t * pacs, uint8_t * pacs_len){ sam_rx_buf, &sam_rx_len ); - // tag <-> SAM exchange starts here - for(int i = 0; i < 20; i++){ - switch_clock_to_countsspclk(); - nfc_tx_len = sam_seos_copy_payload_sam2nfc(nfc_tx_buf, sam_rx_buf); + if(sam_rx_buf[1] == 0x61){ // commands to be relayed to card starts with 0x61 + // tag <-> SAM exchange starts here + while(sam_rx_buf[1] == 0x61){ + switch_clock_to_countsspclk(); + nfc_tx_len = sam_seos_copy_payload_sam2nfc(nfc_tx_buf, sam_rx_buf); - nfc_rx_len = iso14_apdu( - nfc_tx_buf, - nfc_tx_len, - false, - nfc_rx_buf, - ISO7816_MAX_FRAME, - NULL - ); + nfc_rx_len = iso14_apdu( + nfc_tx_buf, + nfc_tx_len, + false, + nfc_rx_buf, + ISO7816_MAX_FRAME, + NULL + ); - switch_clock_to_ticks(); - sam_tx_len = sam_seos_copy_payload_nfc2sam(sam_tx_buf, nfc_rx_buf, nfc_rx_len-2); + switch_clock_to_ticks(); + sam_tx_len = sam_seos_copy_payload_nfc2sam(sam_tx_buf, nfc_rx_buf, nfc_rx_len-2); + + sam_send_payload( + 0x14, 0x0a, 0x14, + sam_tx_buf, &sam_tx_len, + sam_rx_buf, &sam_rx_len + ); + + // last SAM->TAG + // c1 61 c1 00 00 a1 02 >>82<< 00 90 00 + if(sam_rx_buf[7] == 0x82){ + // tag <-> SAM exchange ends here + break; + } + + } + + static const uint8_t hfack[] = { + 0xbd, 0x04, 0xa0, 0x02, 0x82, 0x00 + }; + + sam_tx_len = sizeof(hfack); + memcpy(sam_tx_buf, hfack, sam_tx_len); sam_send_payload( - 0x14, 0x0a, 0x14, + 0x14, 0x0a, 0x00, sam_tx_buf, &sam_tx_len, sam_rx_buf, &sam_rx_len ); - - // last SAM->TAG - // c1 61 c1 00 00 a1 02 >>82<< 00 90 00 - if(sam_rx_buf[7] == 0x82){ - // tag <-> SAM exchange ends here - break; - } - } - static const uint8_t hfack[] = { - 0xbd, 0x04, 0xa0, 0x02, 0x82, 0x00 - }; - - sam_tx_len = sizeof(hfack); - memcpy(sam_tx_buf, hfack, sam_tx_len); - - sam_send_payload( - 0x14, 0x0a, 0x00, - sam_tx_buf, &sam_tx_len, - sam_rx_buf, &sam_rx_len - ); - // resp: // c1 64 00 00 00 // bd 09 @@ -286,13 +297,16 @@ static int sam_request_pacs(uint8_t * pacs, uint8_t * pacs_len){ // 03 05 <- include tag for pm3 client // 06 85 80 6d c0 <- decoded PACS data // 90 00 - if(sam_rx_buf[5+2] != 0x8a && sam_rx_buf[5+4] != 0x03){ - if (g_dbglevel >= DBG_ERROR) - Dbprintf("Invalid SAM response"); - goto err; + if(request_len == 0){ + if(sam_rx_buf[5] != 0xbd && sam_rx_buf[5+2] != 0x8a && sam_rx_buf[5+4] != 0x03){ + if (g_dbglevel >= DBG_ERROR) + Dbprintf("Invalid SAM response"); + goto err; + } } - *pacs_len = sam_rx_buf[5+5] +2; - memcpy(pacs, sam_rx_buf+5+4, *pacs_len); + + *response_len = sam_rx_buf[5+1] +2; + memcpy(response, sam_rx_buf+5, *response_len); res=PM3_SUCCESS; goto out; @@ -312,7 +326,13 @@ static int sam_request_pacs(uint8_t * pacs, uint8_t * pacs_len){ * * @return Status code indicating success or failure of the operation. */ -int sam_seos_get_pacs(void){ +int sam_seos_get_pacs(PacketCommandNG *c) { + bool disconnectAfter = c->oldarg[0] & 0x01; + bool skipDetect = c->oldarg[1] & 0x01; + + uint8_t *cmd = c->data.asBytes; + uint16_t cmd_len = (uint16_t) c->oldarg[2]; + int res = PM3_EFAILED; clear_trace(); @@ -324,32 +344,31 @@ int sam_seos_get_pacs(void){ // step 1: ping SAM sam_get_version(); - // step 2: get card information - iso14a_card_select_t card_a_info; + if(!skipDetect){ + // step 2: get card information + iso14a_card_select_t card_a_info; - // implicit StartSspClk() happens here - iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); - if (!iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)){ - goto err; + // implicit StartSspClk() happens here + iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); + if (!iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)){ + goto err; + } + + switch_clock_to_ticks(); + + // step 3: SamCommand CardDetected + sam_set_card_detected(&card_a_info); } - switch_clock_to_ticks(); - - // step 3: SamCommand CardDetected - sam_set_card_detected(&card_a_info); - // step 3: SamCommand RequestPACS, relay NFC communication - - uint8_t pacs[10] = { 0x00 }; - uint8_t pacs_len = 0; - res = sam_request_pacs(pacs, &pacs_len); + uint8_t sam_response[ISO7816_MAX_FRAME] = { 0x00 }; + uint8_t sam_response_len = 0; + res = sam_send_request_iso14a(cmd, cmd_len, sam_response, &sam_response_len); if(res != PM3_SUCCESS){ goto err; } if (g_dbglevel >= DBG_INFO) - print_result("PACS data", pacs, pacs_len); - - sam_send_ack(); + print_result("Response data", sam_response, sam_response_len); goto out; goto off; @@ -359,10 +378,12 @@ int sam_seos_get_pacs(void){ reply_ng(CMD_HF_SAM_SEOS, res, NULL, 0); goto off; out: - reply_ng(CMD_HF_SAM_SEOS, PM3_SUCCESS, pacs, pacs_len); + reply_ng(CMD_HF_SAM_SEOS, PM3_SUCCESS, sam_response, sam_response_len); goto off; off: - switch_off(); + if(disconnectAfter){ + switch_off(); + } set_tracing(false); StopTicks(); BigBuf_free(); diff --git a/armsrc/sam_seos.h b/armsrc/sam_seos.h index a1b637c80..8a165f255 100644 --- a/armsrc/sam_seos.h +++ b/armsrc/sam_seos.h @@ -17,7 +17,8 @@ #define __SAM_SEOS_H #include "common.h" +#include "pm3_cmd.h" -int sam_seos_get_pacs(void); +int sam_seos_get_pacs(PacketCommandNG *c); #endif diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 29512e192..6acafb222 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -5434,6 +5434,8 @@ static int CmdHFiClassSAM(const char *Cmd) { // CSN, config, epurse, NR/MAC, AIA // PACS + // 03 05 + // 06 85 80 6d c0 // first byte skip // second byte length // third padded diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index 74837134e..6ef6a2a60 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -1635,63 +1635,18 @@ static int CmdHfSeosList(const char *Cmd) { return CmdTraceListAlias(Cmd, "hf seos", "seos -c"); } -static int CmdHfSeosSAM(const char *Cmd) { - CLIParserContext *ctx; - CLIParserInit(&ctx, "hf seos sam", - "Extract PACS via a HID SAM\n", - "hf seos sam\n" - ); - - void *argtable[] = { - arg_param_begin, - arg_lit0("v", "verbose", "verbose output"), - arg_param_end - }; - CLIExecWithReturn(ctx, Cmd, argtable, true); - bool verbose = arg_get_lit(ctx, 1); - CLIParserFree(ctx); - - if (IsHIDSamPresent(verbose) == false) { - return PM3_ESOFT; - } - - clearCommandBuffer(); - SendCommandNG(CMD_HF_SAM_SEOS, NULL, 0); - PacketResponseNG resp; - if (WaitForResponseTimeout(CMD_HF_SAM_SEOS, &resp, 4000) == false) { - PrintAndLogEx(WARNING, "SAM timeout"); - return PM3_ETIMEOUT; - } - - switch (resp.status) { - case PM3_SUCCESS: - break; - case PM3_ENOPACS: - PrintAndLogEx(SUCCESS, "No PACS data found. Card empty?"); - return resp.status; - default: - PrintAndLogEx(WARNING, "SAM select failed"); - return resp.status; - } - - // CSN, config, epurse, NR/MAC, AIA - // PACS - // first byte skip - // second byte length - // third padded - // fourth .. - uint8_t *d = resp.data.asBytes; - uint8_t n = d[1] - 1; // skip length byte - uint8_t pad = d[2]; - char *binstr = (char *)calloc((n * 8) + 1, sizeof(uint8_t)); +static int dump_PACS_bits(const uint8_t * const data, const uint8_t length, bool verbose){ + uint8_t n = length - 1; + uint8_t pad = data[0]; + char *binstr = (char *)calloc((length * 8) + 1, sizeof(uint8_t)); if (binstr == NULL) { return PM3_EMALLOC; } - bytes_2_binstr(binstr, d + 3, n); + bytes_2_binstr(binstr, data + 1, n); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(d + 2, resp.length - 2)); + PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(data, length)); PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); binstr[strlen(binstr) - pad] = '\0'; @@ -1749,7 +1704,98 @@ static int CmdHfSeosSAM(const char *Cmd) { PrintAndLogEx(NORMAL, ""); } free(binstr); + return PM3_SUCCESS; +} + +static int CmdHfSeosSAM(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos sam", + "Extract PACS via a HID SAM\n", + "hf seos sam\n" + "hd seos sam -d a005a103800104 -> get PACS data\n" + ); + + + + void *argtable[] = { + arg_param_begin, + arg_lit0("v", "verbose", "verbose output"), + arg_lit0("k", "keep", "keep the field active after command executed"), + arg_lit0("n", "nodetect", "skip selecting the card and sending card details to SAM"), + arg_lit0("t", "tlv", "decode TLV"), + arg_strx0("d", "data", "", "DER encoded command to send to SAM"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + bool verbose = false; + if (arg_get_lit(ctx, 1)) { + verbose = true; + } + bool disconnectAfter = true; + if(arg_get_lit(ctx, 2)){ + disconnectAfter = false; + } + bool skipDetect = false; + if(arg_get_lit(ctx, 3)){ + skipDetect = true; + } + bool decodeTLV = false; + if(arg_get_lit(ctx, 4)){ + decodeTLV = true; + } + + uint8_t data[PM3_CMD_DATA_SIZE] = {0}; + int datalen = 0; + CLIGetHexBLessWithReturn(ctx, 5, data, &datalen, 0); + + CLIParserFree(ctx); + + if (IsHIDSamPresent(verbose) == false) { + return PM3_ESOFT; + } + + clearCommandBuffer(); + // void SendCommandMIX(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, const void *data, size_t len) { + SendCommandMIX(CMD_HF_SAM_SEOS, disconnectAfter, skipDetect, datalen, data, datalen); + // SendCommandNG(CMD_HF_SAM_SEOS, NULL, 0); + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_HF_SAM_SEOS, &resp, 4000) == false) { + PrintAndLogEx(WARNING, "SAM timeout"); + return PM3_ETIMEOUT; + } + + switch (resp.status) { + case PM3_SUCCESS: + break; + case PM3_ENOPACS: + PrintAndLogEx(SUCCESS, "No PACS data found. Card empty?"); + return resp.status; + default: + PrintAndLogEx(WARNING, "SAM select failed"); + return resp.status; + } + uint8_t *d = resp.data.asBytes; + // check for standard SamCommandGetContentElement response + // bd 09 + // 8a 07 + // 03 05 <- tag + length + // 06 85 80 6d c0 <- decoded PACS data + if(d[0] == 0xbd && d[2] == 0x8a && d[4] == 0x03){ + uint8_t pacs_length = d[5]; + uint8_t * pacs_data = d + 6; + int res = dump_PACS_bits(pacs_data, pacs_length, verbose); + if(res != PM3_SUCCESS){ + return res; + } + } else { + print_hex(d, resp.length); + } + if (decodeTLV) { + asn1_print(d, d[1] + 2, " "); + } + return PM3_SUCCESS; } From 508b63fd2e3ace526094f36f95dba94396ec42c7 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Mon, 6 Jan 2025 14:59:26 +0100 Subject: [PATCH 132/150] sam_seos: switch to samCommandGetContentElement2 As PLT-03273 OMNIKEY 5023 Software Developer Guide (https://www.hidglobal.com/documents/omnikey-5023-software-developer-guide) describes a command that returns additional information about SIO object containing PACS data, switching to more verbose one. --- armsrc/sam_seos.c | 30 ++++++++++++++++------ client/src/cmdhfseos.c | 58 ++++++++++++++++++++++++++++++++++++++++-- client/src/cmdhfseos.h | 6 +++++ 3 files changed, 84 insertions(+), 10 deletions(-) diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index 866f62a63..37a2da259 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -226,7 +226,7 @@ static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t // send get pacs static const uint8_t payload[] = { 0xa0, 19, // <- SAM command - 0xA1, 17, // <- SamCommandGetContentElement + 0xBE, 17, // <- samCommandGetContentElement2 0x80, 1, 0x04, // <- implicitFormatPhysicalAccessBits 0x84, 12, @@ -290,29 +290,43 @@ static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t ); } - // resp: + // resp for SamCommandGetContentElement: // c1 64 00 00 00 // bd 09 // 8a 07 // 03 05 <- include tag for pm3 client // 06 85 80 6d c0 <- decoded PACS data // 90 00 + + // resp for samCommandGetContentElement2: + // c1 64 00 00 00 + // bd 1e + // b3 1c + // a0 1a + // 80 05 + // 06 85 80 6d c0 + // 81 0e + // 2b 06 01 04 01 81 e4 38 01 01 02 04 3c ff + // 82 01 + // 07 + // 90 00 if(request_len == 0){ - if(sam_rx_buf[5] != 0xbd && sam_rx_buf[5+2] != 0x8a && sam_rx_buf[5+4] != 0x03){ + if( + !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5+2] == 0x8a && sam_rx_buf[5+4] == 0x03) + && + !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5+2] == 0xb3 && sam_rx_buf[5+4] == 0xa0) + ){ if (g_dbglevel >= DBG_ERROR) - Dbprintf("Invalid SAM response"); - goto err; + Dbprintf("No PACS data in SAM response"); + res=PM3_ESOFT; } } *response_len = sam_rx_buf[5+1] +2; memcpy(response, sam_rx_buf+5, *response_len); - res=PM3_SUCCESS; goto out; - err: - res=PM3_ESOFT; out: return res; } diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index 6ef6a2a60..bc96ad7d4 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -100,6 +100,17 @@ static const known_algo_t known_algorithm_map[] = { {9, "AES-128_CBC_MODE"}, }; +static const sioMediaTypeName_t sioMediaTypeMapping[] = { + { 0x00, "Unknown"}, + { 0x01, "DESFire"}, + { 0x02, "MIFARE"}, + { 0x03, "iCLASS (PicoPass)"}, + { 0x04, "ISO14443AL4"}, + { 0x06, "MIFARE Plus"}, + { 0x07, "Seos"}, + { 0xFF, "INVALID VALUE"} +}; + static int create_cmac (uint8_t* key, uint8_t* input, uint8_t* out, int input_len, int encryption_algorithm) { uint8_t iv[16] = {0x00}; @@ -1707,6 +1718,23 @@ static int dump_PACS_bits(const uint8_t * const data, const uint8_t length, bool return PM3_SUCCESS; } + +// get a SIO media type based on the UID +// uid[8] tag uid +// returns description of the best match +static const char *getSioMediaTypeInfo(uint8_t uid) { + + for (int i = 0; i < ARRAYLEN(sioMediaTypeMapping); ++i) { + if (uid == sioMediaTypeMapping[i].uid) { + return sioMediaTypeMapping[i].desc; + } + } + + //No match, return default + return sioMediaTypeMapping[ARRAYLEN(sioMediaTypeMapping) - 1].desc; +} + + static int CmdHfSeosSAM(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf seos sam", @@ -1756,9 +1784,7 @@ static int CmdHfSeosSAM(const char *Cmd) { } clearCommandBuffer(); - // void SendCommandMIX(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, const void *data, size_t len) { SendCommandMIX(CMD_HF_SAM_SEOS, disconnectAfter, skipDetect, datalen, data, datalen); - // SendCommandNG(CMD_HF_SAM_SEOS, NULL, 0); PacketResponseNG resp; if (WaitForResponseTimeout(CMD_HF_SAM_SEOS, &resp, 4000) == false) { PrintAndLogEx(WARNING, "SAM timeout"); @@ -1789,6 +1815,34 @@ static int CmdHfSeosSAM(const char *Cmd) { if(res != PM3_SUCCESS){ return res; } + // check for standard samCommandGetContentElement2: + // bd 1e + // b3 1c + // a0 1a + // 80 05 + // 06 85 80 6d c0 + // 81 0e + // 2b 06 01 04 01 81 e4 38 01 01 02 04 3c ff + // 82 01 + // 07 + } else if(d[0]==0xbd && d[2]==0xb3 && d[4]==0xa0){ + const uint8_t * pacs = d + 6; + const uint8_t pacs_length = pacs[1]; + const uint8_t * pacs_data = pacs + 2; + int res = dump_PACS_bits(pacs_data, pacs_length, verbose); + if(res != PM3_SUCCESS){ + return res; + } + + const uint8_t * oid = pacs + 2 + pacs_length; + const uint8_t oid_length = oid[1]; + const uint8_t * oid_data = oid + 2; + PrintAndLogEx(SUCCESS, "SIO OID.......: " _GREEN_("%s"), sprint_hex_inrow(oid_data, oid_length)); + + const uint8_t * mediaType = oid + 2 + oid_length; + const uint8_t mediaType_data = mediaType[2]; + PrintAndLogEx(SUCCESS, "SIO Media Type: " _GREEN_("%s"), getSioMediaTypeInfo(mediaType_data)); + } else { print_hex(d, resp.length); } diff --git a/client/src/cmdhfseos.h b/client/src/cmdhfseos.h index 33e6d45f5..950346c04 100644 --- a/client/src/cmdhfseos.h +++ b/client/src/cmdhfseos.h @@ -21,6 +21,12 @@ #include "common.h" +// structure and database for uid -> tagtype lookups +typedef struct { + uint8_t uid; + const char *desc; +} sioMediaTypeName_t; + int infoSeos(bool verbose); int CmdHFSeos(const char *Cmd); int seos_kdf(bool encryption, uint8_t* masterKey, uint8_t keyslot, From dd30781608830fe00f4e77f317da614bb167abf1 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Mon, 6 Jan 2025 15:17:34 +0100 Subject: [PATCH 133/150] extract PACS-parsing routines to wiegand_formats.c --- client/src/cmdhficlass.c | 71 +-------------------------------- client/src/cmdhfseos.c | 77 +----------------------------------- client/src/wiegand_formats.c | 72 +++++++++++++++++++++++++++++++++ client/src/wiegand_formats.h | 1 + 4 files changed, 77 insertions(+), 144 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 6acafb222..ea53ebb83 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -5441,75 +5441,8 @@ static int CmdHFiClassSAM(const char *Cmd) { // third padded // fourth .. uint8_t *d = resp.data.asBytes; - uint8_t n = d[1] - 1; // skip length byte - uint8_t pad = d[2]; - char *binstr = (char *)calloc((n * 8) + 1, sizeof(uint8_t)); - if (binstr == NULL) { - return PM3_EMALLOC; - } - - bytes_2_binstr(binstr, d + 3, n); - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(d + 2, resp.length - 2)); - PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - binstr[strlen(binstr) - pad] = '\0'; - PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - size_t hexlen = 0; - uint8_t hex[16] = {0}; - binstr_2_bytes(hex, &hexlen, binstr); - PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); - - uint32_t top = 0, mid = 0, bot = 0; - if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { - PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); - free(binstr); - return PM3_EINVARG; - } - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "Wiegand decode"); - wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); - HIDTryUnpack(&packed); - - PrintAndLogEx(NORMAL, ""); - - if (strlen(binstr) >= 26 && verbose) { - - // iCLASS Legacy - PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); - PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // HID Prox II - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); - PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // MIFARE Classic - char mfcbin[28] = {0}; - mfcbin[0] = '1'; - memcpy(mfcbin + 1, binstr, strlen(binstr)); - binstr_2_bytes(hex, &hexlen, mfcbin); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); - PrintAndLogEx(SUCCESS, " hf mf eclr;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); - PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); - PrintAndLogEx(NORMAL, ""); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); - PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - } - free(binstr); - + HIDDumpPACSBits(d+2, d[1], verbose); + return PM3_SUCCESS; } diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index bc96ad7d4..c0a2891de 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -1646,79 +1646,6 @@ static int CmdHfSeosList(const char *Cmd) { return CmdTraceListAlias(Cmd, "hf seos", "seos -c"); } -static int dump_PACS_bits(const uint8_t * const data, const uint8_t length, bool verbose){ - uint8_t n = length - 1; - uint8_t pad = data[0]; - char *binstr = (char *)calloc((length * 8) + 1, sizeof(uint8_t)); - if (binstr == NULL) { - return PM3_EMALLOC; - } - - bytes_2_binstr(binstr, data + 1, n); - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(data, length)); - PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - binstr[strlen(binstr) - pad] = '\0'; - PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - size_t hexlen = 0; - uint8_t hex[16] = {0}; - binstr_2_bytes(hex, &hexlen, binstr); - PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); - - uint32_t top = 0, mid = 0, bot = 0; - if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { - PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); - free(binstr); - return PM3_EINVARG; - } - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "Wiegand decode"); - wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); - HIDTryUnpack(&packed); - - PrintAndLogEx(NORMAL, ""); - - if (strlen(binstr) >= 26 && verbose) { - - // iCLASS Legacy - PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); - PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // HID Prox II - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); - PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // MIFARE Classic - char mfcbin[28] = {0}; - mfcbin[0] = '1'; - memcpy(mfcbin + 1, binstr, strlen(binstr)); - binstr_2_bytes(hex, &hexlen, mfcbin); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); - PrintAndLogEx(SUCCESS, " hf mf eclr;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); - PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); - PrintAndLogEx(NORMAL, ""); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); - PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - } - free(binstr); - return PM3_SUCCESS; -} - - // get a SIO media type based on the UID // uid[8] tag uid // returns description of the best match @@ -1811,7 +1738,7 @@ static int CmdHfSeosSAM(const char *Cmd) { if(d[0] == 0xbd && d[2] == 0x8a && d[4] == 0x03){ uint8_t pacs_length = d[5]; uint8_t * pacs_data = d + 6; - int res = dump_PACS_bits(pacs_data, pacs_length, verbose); + int res = HIDDumpPACSBits(pacs_data, pacs_length, verbose); if(res != PM3_SUCCESS){ return res; } @@ -1829,7 +1756,7 @@ static int CmdHfSeosSAM(const char *Cmd) { const uint8_t * pacs = d + 6; const uint8_t pacs_length = pacs[1]; const uint8_t * pacs_data = pacs + 2; - int res = dump_PACS_bits(pacs_data, pacs_length, verbose); + int res = HIDDumpPACSBits(pacs_data, pacs_length, verbose); if(res != PM3_SUCCESS){ return res; } diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index bf08e0908..ecbf47000 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -1663,3 +1663,75 @@ void HIDUnpack(int idx, wiegand_message_t *packed) { hid_print_card(&card, FormatTable[idx]); } } + +int HIDDumpPACSBits(const uint8_t * const data, const uint8_t length, bool verbose){ + uint8_t n = length - 1; + uint8_t pad = data[0]; + char *binstr = (char *)calloc((length * 8) + 1, sizeof(uint8_t)); + if (binstr == NULL) { + return PM3_EMALLOC; + } + + bytes_2_binstr(binstr, data + 1, n); + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(data, length)); + PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + binstr[strlen(binstr) - pad] = '\0'; + PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + size_t hexlen = 0; + uint8_t hex[16] = {0}; + binstr_2_bytes(hex, &hexlen, binstr); + PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); + + uint32_t top = 0, mid = 0, bot = 0; + if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { + PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); + free(binstr); + return PM3_EINVARG; + } + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "Wiegand decode"); + wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); + HIDTryUnpack(&packed); + + PrintAndLogEx(NORMAL, ""); + + if (strlen(binstr) >= 26 && verbose) { + + // iCLASS Legacy + PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); + PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // HID Prox II + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); + PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // MIFARE Classic + char mfcbin[28] = {0}; + mfcbin[0] = '1'; + memcpy(mfcbin + 1, binstr, strlen(binstr)); + binstr_2_bytes(hex, &hexlen, mfcbin); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); + PrintAndLogEx(SUCCESS, " hf mf eclr;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); + PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); + PrintAndLogEx(NORMAL, ""); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); + PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + } + free(binstr); + return PM3_SUCCESS; +} \ No newline at end of file diff --git a/client/src/wiegand_formats.h b/client/src/wiegand_formats.h index 671795c9a..763edaba8 100644 --- a/client/src/wiegand_formats.h +++ b/client/src/wiegand_formats.h @@ -54,6 +54,7 @@ bool HIDPack(int format_idx, wiegand_card_t *card, wiegand_message_t *packed, bo bool HIDTryUnpack(wiegand_message_t *packed); void HIDPackTryAll(wiegand_card_t *card, bool preamble); void HIDUnpack(int idx, wiegand_message_t *packed); +int HIDDumpPACSBits(const uint8_t * const data, const uint8_t length, bool verbose); void print_wiegand_code(wiegand_message_t *packed); void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed); #endif From 13e390ad3bd3a8efb19aa08c51578a1c13d2c239 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Mon, 6 Jan 2025 15:37:18 +0100 Subject: [PATCH 134/150] added sam_seos to changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ebebd9c1..7207389e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added `hf seos sam` - Added support for HID SAM SEOS communications (@jkramarz) - Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva) - Changed flash-stored key dictionaries (Mifare, iClass, T55XX) and T55XX configurations to SPIFFS files (@piotrva) - Changed `lf em 410x sim` to use default gap value of 0 and extended help (@piotrva) From 15a37ef9dfc724787932a0ce5805526d1a93c872 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Tue, 7 Jan 2025 00:30:49 +0100 Subject: [PATCH 135/150] seos_sam: ran make style --- armsrc/sam_common.c | 92 ++++++++++----------- armsrc/sam_common.h | 6 +- armsrc/sam_picopass.c | 32 ++++---- armsrc/sam_seos.c | 154 +++++++++++++++++------------------ client/src/cmdhficlass.c | 6 +- client/src/cmdhfseos.c | 48 +++++------ client/src/cmdhfseos.h | 4 +- client/src/wiegand_formats.c | 6 +- client/src/wiegand_formats.h | 2 +- common_arm/ticks.c | 2 +- 10 files changed, 176 insertions(+), 176 deletions(-) diff --git a/armsrc/sam_common.c b/armsrc/sam_common.c index 835428074..76ca269e1 100644 --- a/armsrc/sam_common.c +++ b/armsrc/sam_common.c @@ -96,12 +96,12 @@ int sam_rxtx(const uint8_t *data, uint16_t n, uint8_t *resp, uint16_t *resplen) *resplen += more_len; - out: +out: return res; } -static inline void swap_clock_counters(volatile unsigned int * a, unsigned int * b){ +static inline void swap_clock_counters(volatile unsigned int *a, unsigned int *b) { unsigned int c = *a; *a = *b; *b = c; @@ -113,9 +113,9 @@ static inline void swap_clock_counters(volatile unsigned int * a, unsigned int * * AT91SAM7S512 has a single Timer-Counter, that is reused in clocks Ticks * and CountSspClk. This function stops the current clock and restores previous * values. It is used to switch between different clock sources. - * It probably makes communication timing off, but at least makes it work. + * It probably makes communication timing off, but at least makes it work. */ -static void swap_clocks(void){ +static void swap_clocks(void) { static unsigned int tc0, tc1, tc2 = 0; StopTicks(); swap_clock_counters(&(AT91C_BASE_TC0->TC_CV), &tc0); @@ -123,12 +123,12 @@ static void swap_clocks(void){ swap_clock_counters(&(AT91C_BASE_TC2->TC_CV), &tc2); } -void switch_clock_to_ticks(void){ +void switch_clock_to_ticks(void) { swap_clocks(); StartTicks(); } -void switch_clock_to_countsspclk(void){ +void switch_clock_to_countsspclk(void) { swap_clocks(); StartCountSspClk(); } @@ -155,21 +155,21 @@ int sam_send_payload( const uint8_t addr_dest, const uint8_t addr_reply, - const uint8_t * const payload, + const uint8_t *const payload, const uint16_t *payload_len, uint8_t *response, uint16_t *response_len -){ +) { int res = PM3_SUCCESS; - uint8_t * buf = response; + uint8_t *buf = response; buf[0] = 0xA0; // CLA buf[1] = 0xDA; // INS (PUT DATA) buf[2] = 0x02; // P1 (TLV format?) buf[3] = 0x63; // P2 - buf[4] = SAM_TX_ASN1_PREFIX_LENGTH + (uint8_t) *payload_len; // LEN + buf[4] = SAM_TX_ASN1_PREFIX_LENGTH + (uint8_t) * payload_len; // LEN buf[5] = addr_src; buf[6] = addr_dest; @@ -185,10 +185,10 @@ int sam_send_payload( *payload_len ); - uint16_t length = SAM_TX_ASN1_PREFIX_LENGTH + SAM_TX_APDU_PREFIX_LENGTH + (uint8_t) *payload_len; + uint16_t length = SAM_TX_ASN1_PREFIX_LENGTH + SAM_TX_APDU_PREFIX_LENGTH + (uint8_t) * payload_len; LogTrace(buf, length, 0, 0, NULL, true); - if (g_dbglevel >= DBG_INFO){ + if (g_dbglevel >= DBG_INFO) { DbpString("SAM REQUEST APDU: "); Dbhexdump(length, buf, false); } @@ -201,12 +201,12 @@ int sam_send_payload( } LogTrace(response, *response_len, 0, 0, NULL, false); - if (g_dbglevel >= DBG_INFO){ + if (g_dbglevel >= DBG_INFO) { DbpString("SAM RESPONSE APDU: "); Dbhexdump(*response_len, response, false); } - out: +out: return res; } @@ -218,18 +218,18 @@ int sam_send_payload( * * @return Status code indicating success or failure of the operation. */ -int sam_get_version(void){ +int sam_get_version(void) { int res = PM3_SUCCESS; if (g_dbglevel >= DBG_DEBUG) DbpString("start sam_get_version"); - uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); uint16_t response_len = ISO7816_MAX_FRAME; uint8_t payload[] = { 0xa0, 0x02, // <- SAM command - 0x82, 0x00 // <- get version + 0x82, 0x00 // <- get version }; uint16_t payload_len = sizeof(payload); @@ -255,46 +255,46 @@ int sam_get_version(void){ if (g_dbglevel >= DBG_DEBUG) DbpString("end sam_get_version"); - if(response[5] != 0xbd){ + if (response[5] != 0xbd) { Dbprintf("Invalid SAM response"); goto error; - }else{ - uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); - if(sam_response_an == NULL){ + } else { + uint8_t *sam_response_an = sam_find_asn1_node(response + 5, 0x8a); + if (sam_response_an == NULL) { if (g_dbglevel >= DBG_ERROR) DbpString("SAM get response failed"); goto error; } - uint8_t * sam_version_an = sam_find_asn1_node(sam_response_an, 0x80); - if(sam_version_an == NULL){ + uint8_t *sam_version_an = sam_find_asn1_node(sam_response_an, 0x80); + if (sam_version_an == NULL) { if (g_dbglevel >= DBG_ERROR) DbpString("SAM get version failed"); goto error; } - uint8_t * sam_build_an = sam_find_asn1_node(sam_response_an, 0x81); - if(sam_build_an == NULL){ + uint8_t *sam_build_an = sam_find_asn1_node(sam_response_an, 0x81); + if (sam_build_an == NULL) { if (g_dbglevel >= DBG_ERROR) DbpString("SAM get firmware ID failed"); goto error; } - if (g_dbglevel >= DBG_INFO){ + if (g_dbglevel >= DBG_INFO) { DbpString("SAM get version successful"); Dbprintf("Firmware version: %X.%X", sam_version_an[2], sam_version_an[3]); Dbprintf("Firmware ID: "); - Dbhexdump(sam_build_an[1], sam_build_an+2, false); + Dbhexdump(sam_build_an[1], sam_build_an + 2, false); } goto out; } - error: +error: res = PM3_ESOFT; - out: +out: BigBuf_free(); if (g_dbglevel >= DBG_DEBUG) DbpString("end sam_get_version"); - + return res; } @@ -310,14 +310,14 @@ int sam_get_version(void){ * @param type The type of the ASN.1 node to find. * @return Pointer to the ASN.1 node of the specified type if found, otherwise NULL. */ -uint8_t * sam_find_asn1_node(const uint8_t * root, const uint8_t type){ - const uint8_t * end = (uint8_t *) root + *(root+1); - uint8_t * current = (uint8_t *) root + 2; - while(current < end){ - if(*current == type){ +uint8_t *sam_find_asn1_node(const uint8_t *root, const uint8_t type) { + const uint8_t *end = (uint8_t *) root + *(root + 1); + uint8_t *current = (uint8_t *) root + 2; + while (current < end) { + if (*current == type) { return current; - }else{ - current += 2 + *(current+1); + } else { + current += 2 + *(current + 1); } } return NULL; @@ -328,7 +328,7 @@ uint8_t * sam_find_asn1_node(const uint8_t * root, const uint8_t type){ * * This function appends an ASN.1 node of a specified type and length to the end of * the ASN.1 structure at specified node level. - * + * * It is the most naive solution that does not handle the case where the node to append is * not the last node at the same level. It also does not also care about proper * order of the nodes. @@ -339,21 +339,21 @@ uint8_t * sam_find_asn1_node(const uint8_t * root, const uint8_t type){ * @param data Pointer to the data to be appended. * @param len The length of the data to be appended. */ -void sam_append_asn1_node(const uint8_t * root, const uint8_t * node, uint8_t type, const uint8_t * const data, uint8_t len){ - uint8_t * end = (uint8_t *) root + *(root+1) + 2; +void sam_append_asn1_node(const uint8_t *root, const uint8_t *node, uint8_t type, const uint8_t *const data, uint8_t len) { + uint8_t *end = (uint8_t *) root + *(root + 1) + 2; *(end) = type; - *(end+1) = len; - memcpy(end+2, data, len); + *(end + 1) = len; + memcpy(end + 2, data, len); - for(uint8_t * current = (uint8_t *) root; current <= node; current += 2){ - *(current+1) += 2 + len; + for (uint8_t *current = (uint8_t *) root; current <= node; current += 2) { + *(current + 1) += 2 + len; }; return; } -void sam_send_ack(void){ - uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); +void sam_send_ack(void) { + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); uint16_t response_len = ISO7816_MAX_FRAME; uint8_t payload[] = { diff --git a/armsrc/sam_common.h b/armsrc/sam_common.h index 5e243346c..645957a3c 100644 --- a/armsrc/sam_common.h +++ b/armsrc/sam_common.h @@ -32,7 +32,7 @@ int sam_send_payload( const uint8_t addr_dest, const uint8_t addr_reply, - const uint8_t * const payload, + const uint8_t *const payload, const uint16_t *payload_len, uint8_t *response, @@ -41,8 +41,8 @@ int sam_send_payload( int sam_get_version(void); -uint8_t * sam_find_asn1_node(const uint8_t * root, const uint8_t type); -void sam_append_asn1_node(const uint8_t * root, const uint8_t * node, uint8_t type, const uint8_t * const data, uint8_t len); +uint8_t *sam_find_asn1_node(const uint8_t *root, const uint8_t type); +void sam_append_asn1_node(const uint8_t *root, const uint8_t *node, uint8_t type, const uint8_t *const data, uint8_t len); void sam_send_ack(void); diff --git a/armsrc/sam_picopass.c b/armsrc/sam_picopass.c index 055423f41..d396a31c5 100644 --- a/armsrc/sam_picopass.c +++ b/armsrc/sam_picopass.c @@ -41,12 +41,12 @@ * @param card_select Pointer to the descriptor of the detected card. * @return Status code indicating success or failure of the operation. */ -static int sam_set_card_detected(picopass_hdr_t * card_select){ +static int sam_set_card_detected(picopass_hdr_t *card_select) { int res = PM3_SUCCESS; if (g_dbglevel >= DBG_DEBUG) DbpString("start sam_set_card_detected"); - uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); uint16_t response_len = ISO7816_MAX_FRAME; // a0 12 @@ -59,13 +59,13 @@ static int sam_set_card_detected(picopass_hdr_t * card_select){ uint8_t payload[] = { 0xa0, 18, // <- SAM command - 0xad, 16, // <- set detected card - 0xa0, 4+10, - 0x80, 2, // <- protocol - 0x00, 0x04, // <- Picopass - 0x81, 8, // <- CSN - card_select->csn[0], card_select->csn[1], card_select->csn[2], card_select->csn[3], - card_select->csn[4], card_select->csn[5], card_select->csn[6], card_select->csn[7] + 0xad, 16, // <- set detected card + 0xa0, 4 + 10, + 0x80, 2, // <- protocol + 0x00, 0x04, // <- Picopass + 0x81, 8, // <- CSN + card_select->csn[0], card_select->csn[1], card_select->csn[2], card_select->csn[3], + card_select->csn[4], card_select->csn[5], card_select->csn[6], card_select->csn[7] }; uint16_t payload_len = sizeof(payload); @@ -82,12 +82,12 @@ static int sam_set_card_detected(picopass_hdr_t * card_select){ // bd 02 <- response // 8a 00 <- empty response (accepted) // 90 00 - - if(response[5] != 0xbd){ + + if (response[5] != 0xbd) { if (g_dbglevel >= DBG_ERROR) Dbprintf("Invalid SAM response"); goto error; - }else{ + } else { // uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); // if(sam_response_an == NULL){ // if (g_dbglevel >= DBG_ERROR) @@ -96,10 +96,10 @@ static int sam_set_card_detected(picopass_hdr_t * card_select){ // } goto out; } - error: +error: res = PM3_ESOFT; - out: +out: BigBuf_free(); if (g_dbglevel >= DBG_DEBUG) @@ -240,11 +240,11 @@ int sam_picopass_get_pacs(void) { // second - get PACS (0xA1) // a0 05 - // a1 03 + // a1 03 // 80 01 // 04 hexstr_to_byte_array("a005a103800104", sam_apdu, &sam_len); - if(sam_send_payload(0x44, 0x0a, 0x44, sam_apdu, (uint16_t *) &sam_len, resp, &resp_len) != PM3_SUCCESS) { + if (sam_send_payload(0x44, 0x0a, 0x44, sam_apdu, (uint16_t *) &sam_len, resp, &resp_len) != PM3_SUCCESS) { res = PM3_ECARDEXCHANGE; goto out; } diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index 37a2da259..2e5c09349 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -49,29 +49,29 @@ * @param card_select Pointer to the descriptor of the detected card. * @return Status code indicating success or failure of the operation. */ -static int sam_set_card_detected(iso14a_card_select_t * card_select){ +static int sam_set_card_detected(iso14a_card_select_t *card_select) { int res = PM3_SUCCESS; if (g_dbglevel >= DBG_DEBUG) DbpString("start sam_set_card_detected"); - uint8_t * request = BigBuf_malloc(ISO7816_MAX_FRAME); + uint8_t *request = BigBuf_malloc(ISO7816_MAX_FRAME); uint16_t request_len = ISO7816_MAX_FRAME; - uint8_t * response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); uint16_t response_len = ISO7816_MAX_FRAME; const uint8_t payload[] = { 0xa0, 8, // <- SAM command - 0xad, 6, // <- set detected card - 0xa0, 4, // <- detected card details - 0x80, 2, // <- protocol - 0x00, 0x02 // <- ISO14443A + 0xad, 6, // <- set detected card + 0xa0, 4, // <- detected card details + 0x80, 2, // <- protocol + 0x00, 0x02 // <- ISO14443A }; memcpy(request, payload, sizeof(payload)); - sam_append_asn1_node(request, request+4, 0x81, card_select->uid, card_select->uidlen); - sam_append_asn1_node(request, request+4, 0x82, card_select->atqa, 2); - sam_append_asn1_node(request, request+4, 0x83, &card_select->sak, 1); + sam_append_asn1_node(request, request + 4, 0x81, card_select->uid, card_select->uidlen); + sam_append_asn1_node(request, request + 4, 0x82, card_select->atqa, 2); + sam_append_asn1_node(request, request + 4, 0x83, &card_select->sak, 1); request_len = request[1] + 2; sam_send_payload( @@ -87,12 +87,12 @@ static int sam_set_card_detected(iso14a_card_select_t * card_select){ // bd 02 <- response // 8a 00 <- empty response (accepted) // 90 00 - - if(response[5] != 0xbd){ + + if (response[5] != 0xbd) { if (g_dbglevel >= DBG_ERROR) Dbprintf("Invalid SAM response"); goto error; - }else{ + } else { // uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); // if(sam_response_an == NULL){ // if (g_dbglevel >= DBG_ERROR) @@ -101,10 +101,10 @@ static int sam_set_card_detected(iso14a_card_select_t * card_select){ // } goto out; } - error: +error: res = PM3_ESOFT; - out: +out: BigBuf_free(); if (g_dbglevel >= DBG_DEBUG) @@ -123,7 +123,7 @@ static int sam_set_card_detected(iso14a_card_select_t * card_select){ * * @return Length of SAM APDU to be sent. */ -inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t * nfc_rx, uint8_t nfc_len){ +inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t *nfc_rx, uint8_t nfc_len) { // NFC resp: // 6f 0c 84 0a a0 00 00 04 40 00 01 01 00 01 90 00 fb e3 @@ -138,18 +138,18 @@ inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t * const uint8_t payload[] = { 0xbd, 4, - 0xa0, 2, - 0xa0, 0 + 0xa0, 2, + 0xa0, 0 }; const uint8_t tag81[] = { - 0x00, 0x00 + 0x00, 0x00 }; memcpy(sam_tx, payload, sizeof(payload)); - - sam_append_asn1_node(sam_tx, sam_tx+4, 0x80, nfc_rx, nfc_len); - sam_append_asn1_node(sam_tx, sam_tx+4, 0x81, tag81, sizeof(tag81)); + + sam_append_asn1_node(sam_tx, sam_tx + 4, 0x80, nfc_rx, nfc_len); + sam_append_asn1_node(sam_tx, sam_tx + 4, 0x81, tag81, sizeof(tag81)); return sam_tx[1] + 2; // length of the ASN1 tree } @@ -163,7 +163,7 @@ inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t * * @param sam_rx_buf Pointer to the buffer containing the data received from the SAM. * @return Length of NFC APDU to be sent. */ -inline static uint16_t sam_seos_copy_payload_sam2nfc(uint8_t * nfc_tx_buf, uint8_t * sam_rx_buf){ +inline static uint16_t sam_seos_copy_payload_sam2nfc(uint8_t *nfc_tx_buf, uint8_t *sam_rx_buf) { // SAM resp: // c1 61 c1 00 00 // a1 21 <- nfc command @@ -182,8 +182,8 @@ inline static uint16_t sam_seos_copy_payload_sam2nfc(uint8_t * nfc_tx_buf, uint8 // 00 a4 04 00 0a a0 00 00 04 40 00 01 01 00 01 00 // copy data out of c1->a1>->a1->80 node - uint16_t nfc_tx_len = (uint8_t) *(sam_rx_buf + 10); - memcpy(nfc_tx_buf, sam_rx_buf+11, nfc_tx_len); + uint16_t nfc_tx_len = (uint8_t) * (sam_rx_buf + 10); + memcpy(nfc_tx_buf, sam_rx_buf + 11, nfc_tx_len); return nfc_tx_len; } @@ -193,13 +193,13 @@ inline static uint16_t sam_seos_copy_payload_sam2nfc(uint8_t * nfc_tx_buf, uint8 * Unpacks request to the SAM and relays ISO14A traffic to the card. * If no request data provided, sends a request to get PACS data. * - * @param request Pointer to the buffer containing the request to be sent to the SAM. + * @param request Pointer to the buffer containing the request to be sent to the SAM. * @param request_len Length of the request to be sent to the SAM. * @param response Pointer to the buffer where the retreived data will be stored. * @param response_len Pointer to the variable where the length of the retreived data will be stored. * @return Status code indicating success or failure of the operation. */ -static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t request_len, uint8_t * response, uint8_t * response_len){ +static int sam_send_request_iso14a(const uint8_t *const request, const uint8_t request_len, uint8_t *response, uint8_t *response_len) { int res = PM3_SUCCESS; if (g_dbglevel >= DBG_DEBUG) DbpString("start sam_send_request_iso14a"); @@ -207,22 +207,22 @@ static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t uint8_t buf1[ISO7816_MAX_FRAME] = {0}; uint8_t buf2[ISO7816_MAX_FRAME] = {0}; - uint8_t * sam_tx_buf = buf1; + uint8_t *sam_tx_buf = buf1; uint16_t sam_tx_len; - uint8_t * sam_rx_buf = buf2; + uint8_t *sam_rx_buf = buf2; uint16_t sam_rx_len; - uint8_t * nfc_tx_buf = buf1; + uint8_t *nfc_tx_buf = buf1; uint16_t nfc_tx_len; - uint8_t * nfc_rx_buf = buf2; + uint8_t *nfc_rx_buf = buf2; uint16_t nfc_rx_len; - if(request_len > 0){ + if (request_len > 0) { sam_tx_len = request_len; memcpy(sam_tx_buf, request, sam_tx_len); - }else{ + } else { // send get pacs static const uint8_t payload[] = { 0xa0, 19, // <- SAM command @@ -243,23 +243,23 @@ static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t sam_rx_buf, &sam_rx_len ); - if(sam_rx_buf[1] == 0x61){ // commands to be relayed to card starts with 0x61 + if (sam_rx_buf[1] == 0x61) { // commands to be relayed to card starts with 0x61 // tag <-> SAM exchange starts here - while(sam_rx_buf[1] == 0x61){ + while (sam_rx_buf[1] == 0x61) { switch_clock_to_countsspclk(); nfc_tx_len = sam_seos_copy_payload_sam2nfc(nfc_tx_buf, sam_rx_buf); nfc_rx_len = iso14_apdu( - nfc_tx_buf, - nfc_tx_len, - false, - nfc_rx_buf, - ISO7816_MAX_FRAME, - NULL - ); + nfc_tx_buf, + nfc_tx_len, + false, + nfc_rx_buf, + ISO7816_MAX_FRAME, + NULL + ); switch_clock_to_ticks(); - sam_tx_len = sam_seos_copy_payload_nfc2sam(sam_tx_buf, nfc_rx_buf, nfc_rx_len-2); + sam_tx_len = sam_seos_copy_payload_nfc2sam(sam_tx_buf, nfc_rx_buf, nfc_rx_len - 2); sam_send_payload( 0x14, 0x0a, 0x14, @@ -267,13 +267,13 @@ static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t sam_rx_buf, &sam_rx_len ); - // last SAM->TAG + // last SAM->TAG // c1 61 c1 00 00 a1 02 >>82<< 00 90 00 - if(sam_rx_buf[7] == 0x82){ + if (sam_rx_buf[7] == 0x82) { // tag <-> SAM exchange ends here break; } - + } static const uint8_t hfack[] = { @@ -310,25 +310,25 @@ static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t // 82 01 // 07 // 90 00 - if(request_len == 0){ - if( - !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5+2] == 0x8a && sam_rx_buf[5+4] == 0x03) + if (request_len == 0) { + if ( + !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0x8a && sam_rx_buf[5 + 4] == 0x03) && - !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5+2] == 0xb3 && sam_rx_buf[5+4] == 0xa0) - ){ + !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0xb3 && sam_rx_buf[5 + 4] == 0xa0) + ) { if (g_dbglevel >= DBG_ERROR) Dbprintf("No PACS data in SAM response"); - res=PM3_ESOFT; + res = PM3_ESOFT; } } - *response_len = sam_rx_buf[5+1] +2; - memcpy(response, sam_rx_buf+5, *response_len); + *response_len = sam_rx_buf[5 + 1] + 2; + memcpy(response, sam_rx_buf + 5, *response_len); goto out; - out: - return res; +out: + return res; } /** @@ -337,7 +337,7 @@ static int sam_send_request_iso14a(const uint8_t * const request, const uint8_t * This function is called by appmain.c * It sends a request to the SAM to get the PACS data from the SEOS card. * The PACS data is then returned to the PM3 client. - * + * * @return Status code indicating success or failure of the operation. */ int sam_seos_get_pacs(PacketCommandNG *c) { @@ -346,7 +346,7 @@ int sam_seos_get_pacs(PacketCommandNG *c) { uint8_t *cmd = c->data.asBytes; uint16_t cmd_len = (uint16_t) c->oldarg[2]; - + int res = PM3_EFAILED; clear_trace(); @@ -358,13 +358,13 @@ int sam_seos_get_pacs(PacketCommandNG *c) { // step 1: ping SAM sam_get_version(); - if(!skipDetect){ + if (!skipDetect) { // step 2: get card information iso14a_card_select_t card_a_info; // implicit StartSspClk() happens here iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); - if (!iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)){ + if (!iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)) { goto err; } @@ -378,7 +378,7 @@ int sam_seos_get_pacs(PacketCommandNG *c) { uint8_t sam_response[ISO7816_MAX_FRAME] = { 0x00 }; uint8_t sam_response_len = 0; res = sam_send_request_iso14a(cmd, cmd_len, sam_response, &sam_response_len); - if(res != PM3_SUCCESS){ + if (res != PM3_SUCCESS) { goto err; } if (g_dbglevel >= DBG_INFO) @@ -387,19 +387,19 @@ int sam_seos_get_pacs(PacketCommandNG *c) { goto out; goto off; - err: - res = PM3_ENOPACS; - reply_ng(CMD_HF_SAM_SEOS, res, NULL, 0); - goto off; - out: - reply_ng(CMD_HF_SAM_SEOS, PM3_SUCCESS, sam_response, sam_response_len); - goto off; - off: - if(disconnectAfter){ - switch_off(); - } - set_tracing(false); - StopTicks(); - BigBuf_free(); - return res; -} \ No newline at end of file +err: + res = PM3_ENOPACS; + reply_ng(CMD_HF_SAM_SEOS, res, NULL, 0); + goto off; +out: + reply_ng(CMD_HF_SAM_SEOS, PM3_SUCCESS, sam_response, sam_response_len); + goto off; +off: + if (disconnectAfter) { + switch_off(); + } + set_tracing(false); + StopTicks(); + BigBuf_free(); + return res; +} diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index ea53ebb83..60c24fb49 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -5434,15 +5434,15 @@ static int CmdHFiClassSAM(const char *Cmd) { // CSN, config, epurse, NR/MAC, AIA // PACS - // 03 05 + // 03 05 // 06 85 80 6d c0 // first byte skip // second byte length // third padded // fourth .. uint8_t *d = resp.data.asBytes; - HIDDumpPACSBits(d+2, d[1], verbose); - + HIDDumpPACSBits(d + 2, d[1], verbose); + return PM3_SUCCESS; } diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index c0a2891de..54e0ce550 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -1688,15 +1688,15 @@ static int CmdHfSeosSAM(const char *Cmd) { verbose = true; } bool disconnectAfter = true; - if(arg_get_lit(ctx, 2)){ + if (arg_get_lit(ctx, 2)) { disconnectAfter = false; } bool skipDetect = false; - if(arg_get_lit(ctx, 3)){ + if (arg_get_lit(ctx, 3)) { skipDetect = true; } bool decodeTLV = false; - if(arg_get_lit(ctx, 4)){ + if (arg_get_lit(ctx, 4)) { decodeTLV = true; } @@ -1728,45 +1728,45 @@ static int CmdHfSeosSAM(const char *Cmd) { PrintAndLogEx(WARNING, "SAM select failed"); return resp.status; } - + uint8_t *d = resp.data.asBytes; // check for standard SamCommandGetContentElement response // bd 09 // 8a 07 // 03 05 <- tag + length // 06 85 80 6d c0 <- decoded PACS data - if(d[0] == 0xbd && d[2] == 0x8a && d[4] == 0x03){ + if (d[0] == 0xbd && d[2] == 0x8a && d[4] == 0x03) { uint8_t pacs_length = d[5]; - uint8_t * pacs_data = d + 6; + uint8_t *pacs_data = d + 6; int res = HIDDumpPACSBits(pacs_data, pacs_length, verbose); - if(res != PM3_SUCCESS){ + if (res != PM3_SUCCESS) { return res; } - // check for standard samCommandGetContentElement2: - // bd 1e - // b3 1c - // a0 1a - // 80 05 - // 06 85 80 6d c0 - // 81 0e - // 2b 06 01 04 01 81 e4 38 01 01 02 04 3c ff - // 82 01 - // 07 - } else if(d[0]==0xbd && d[2]==0xb3 && d[4]==0xa0){ - const uint8_t * pacs = d + 6; + // check for standard samCommandGetContentElement2: + // bd 1e + // b3 1c + // a0 1a + // 80 05 + // 06 85 80 6d c0 + // 81 0e + // 2b 06 01 04 01 81 e4 38 01 01 02 04 3c ff + // 82 01 + // 07 + } else if (d[0] == 0xbd && d[2] == 0xb3 && d[4] == 0xa0) { + const uint8_t *pacs = d + 6; const uint8_t pacs_length = pacs[1]; - const uint8_t * pacs_data = pacs + 2; + const uint8_t *pacs_data = pacs + 2; int res = HIDDumpPACSBits(pacs_data, pacs_length, verbose); - if(res != PM3_SUCCESS){ + if (res != PM3_SUCCESS) { return res; } - const uint8_t * oid = pacs + 2 + pacs_length; + const uint8_t *oid = pacs + 2 + pacs_length; const uint8_t oid_length = oid[1]; - const uint8_t * oid_data = oid + 2; + const uint8_t *oid_data = oid + 2; PrintAndLogEx(SUCCESS, "SIO OID.......: " _GREEN_("%s"), sprint_hex_inrow(oid_data, oid_length)); - const uint8_t * mediaType = oid + 2 + oid_length; + const uint8_t *mediaType = oid + 2 + oid_length; const uint8_t mediaType_data = mediaType[2]; PrintAndLogEx(SUCCESS, "SIO Media Type: " _GREEN_("%s"), getSioMediaTypeInfo(mediaType_data)); diff --git a/client/src/cmdhfseos.h b/client/src/cmdhfseos.h index 950346c04..f75e070d5 100644 --- a/client/src/cmdhfseos.h +++ b/client/src/cmdhfseos.h @@ -29,6 +29,6 @@ typedef struct { int infoSeos(bool verbose); int CmdHFSeos(const char *Cmd); -int seos_kdf(bool encryption, uint8_t* masterKey, uint8_t keyslot, - uint8_t* adfOid, size_t adfoid_len, uint8_t* diversifier, uint8_t diversifier_len, uint8_t* out, int encryption_algorithm, int hash_algorithm); +int seos_kdf(bool encryption, uint8_t *masterKey, uint8_t keyslot, + uint8_t *adfOid, size_t adfoid_len, uint8_t *diversifier, uint8_t diversifier_len, uint8_t *out, int encryption_algorithm, int hash_algorithm); #endif diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index ecbf47000..e3e146153 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -1664,7 +1664,7 @@ void HIDUnpack(int idx, wiegand_message_t *packed) { } } -int HIDDumpPACSBits(const uint8_t * const data, const uint8_t length, bool verbose){ +int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose) { uint8_t n = length - 1; uint8_t pad = data[0]; char *binstr = (char *)calloc((length * 8) + 1, sizeof(uint8_t)); @@ -1733,5 +1733,5 @@ int HIDDumpPACSBits(const uint8_t * const data, const uint8_t length, bool verbo PrintAndLogEx(NORMAL, ""); } free(binstr); - return PM3_SUCCESS; -} \ No newline at end of file + return PM3_SUCCESS; +} diff --git a/client/src/wiegand_formats.h b/client/src/wiegand_formats.h index 763edaba8..630d9cbb4 100644 --- a/client/src/wiegand_formats.h +++ b/client/src/wiegand_formats.h @@ -54,7 +54,7 @@ bool HIDPack(int format_idx, wiegand_card_t *card, wiegand_message_t *packed, bo bool HIDTryUnpack(wiegand_message_t *packed); void HIDPackTryAll(wiegand_card_t *card, bool preamble); void HIDUnpack(int idx, wiegand_message_t *packed); -int HIDDumpPACSBits(const uint8_t * const data, const uint8_t length, bool verbose); +int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose); void print_wiegand_code(wiegand_message_t *packed); void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed); #endif diff --git a/common_arm/ticks.c b/common_arm/ticks.c index c078407ea..4abda2689 100644 --- a/common_arm/ticks.c +++ b/common_arm/ticks.c @@ -305,7 +305,7 @@ uint32_t GetTicks(void) { do { hi = AT91C_BASE_TC1->TC_CV; lo = AT91C_BASE_TC0->TC_CV; - } while (hi != AT91C_BASE_TC1->TC_CV); + } while (hi != AT91C_BASE_TC1->TC_CV); return (hi << 16) | lo; } From 72d170b7b686c0ba542502c5db1d17ca199cb2eb Mon Sep 17 00:00:00 2001 From: "g.p" Date: Tue, 7 Jan 2025 18:06:46 +0300 Subject: [PATCH 136/150] add some keys from pastebin --- client/dictionaries/mfc_default_keys.dic | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index fabc7ec52..028a7b9c1 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -3036,3 +3036,17 @@ AAC34D9A4E65 # # Dutch Statistics Agency (CBS) DC7B15AA0938 +# +# keys from https://pastebin.com/tpKwph0h +AAAAAABBBBCC +74ABCB1405DE +A25CDE2F781A +6054AC9541C8 +828DDEEE4D98 +ED2B22929167 +C552C1B92395 +F4A4AA2F63A4 +25ECB7B2BAB1 +8B02EF84CDF1 +23EAFB5DA46D +AB921CF0752C \ No newline at end of file From fe7ba0c7f1f70caa6d89003530d367bca96347da Mon Sep 17 00:00:00 2001 From: ry4000 <154689120+ry4000@users.noreply.github.com> Date: Thu, 9 Jan 2025 07:43:38 +1100 Subject: [PATCH 137/150] R&Y: Updated DEL Delhi Metro AIDs in `aid_desfire.json` **Added** - DEL Delhi Metro AIDs **Updated** - Designated existing DEL Delhi Metro AIDs as `Alternative Endian` Signed-off-by: ry4000 <154689120+ry4000@users.noreply.github.com> --- client/resources/aid_desfire.json | 92 ++++++++++++++++++++++++++----- 1 file changed, 78 insertions(+), 14 deletions(-) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 89f8db62f..9bb14e6ef 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -859,8 +859,8 @@ "AID": "014D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 1", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 1)", "Type": "transport" }, { @@ -875,8 +875,8 @@ "AID": "024D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 2", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 2)", "Type": "transport" }, { @@ -891,8 +891,8 @@ "AID": "034D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 3", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 3)", "Type": "transport" }, { @@ -907,8 +907,8 @@ "AID": "044D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 4", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 4)", "Type": "transport" }, { @@ -931,8 +931,8 @@ "AID": "054D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 5", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 5)", "Type": "transport" }, { @@ -955,8 +955,8 @@ "AID": "064D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 6", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 6)", "Type": "transport" }, { @@ -971,8 +971,8 @@ "AID": "074D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 7", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 7)", "Type": "transport" }, { @@ -1079,6 +1079,70 @@ "Description": "DUB Leap Card // Transport for Ireland // FIDs: 01,1F: Backup Data; 02-0A: Standard Data", "Type": "transport" }, + { + "AID": "444D01", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 1)", + "Type": "transport" + }, + { + "AID": "444D02", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 2)", + "Type": "transport" + }, + { + "AID": "444D03", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 3)", + "Type": "transport" + }, + { + "AID": "444D04", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 4)", + "Type": "transport" + }, + { + "AID": "444D05", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 5)", + "Type": "transport" + }, + { + "AID": "444D05", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 5)", + "Type": "transport" + }, + { + "AID": "444D06", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 6)", + "Type": "transport" + }, + { + "AID": "444D07", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 7)", + "Type": "transport" + }, { "AID": "484000", "Vendor": "Sistema de Tren Elétrico Urbano (SITEUR)", From ac3c1bbf9f09fbf86317d9d720d7a8a59631ca14 Mon Sep 17 00:00:00 2001 From: Emily Astranova Date: Thu, 9 Jan 2025 11:17:14 -0500 Subject: [PATCH 138/150] Fix incorrect header length Signed-off-by: Emily Astranova --- client/src/wiegand_formatutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/wiegand_formatutils.c b/client/src/wiegand_formatutils.c index d279744b9..f77ab5bfe 100644 --- a/client/src/wiegand_formatutils.c +++ b/client/src/wiegand_formatutils.c @@ -165,7 +165,7 @@ static uint8_t get_length_from_header(wiegand_message_t *data) { len = 0; } - while (hfmt > 1) { + while (hfmt > 0) { hfmt >>= 1; len++; } From 776b1afe571476759c943f0ed1e67f6a417303e1 Mon Sep 17 00:00:00 2001 From: Emily Astranova Date: Thu, 9 Jan 2025 16:05:22 -0500 Subject: [PATCH 139/150] Update CHANGELOG.md Signed-off-by: Emily Astranova --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7207389e1..fb080051b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added keys from Momentum firmware projects. (@onovy) - Added Dutch Statistics Agency default key (@eagle00789) - Changed hf mf autopwn - now allows for custom suffix (@zxkmm) +- Fixed Wiegand decode with hex input dropping the first bit (@emilyastranova) ## [Orca.4.19552][2024-11-22] - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) From d668da08bfb421720d81a51ee95aa97c3dd1a86b Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 10 Jan 2025 09:21:29 +0100 Subject: [PATCH 140/150] Fix 'hf mf ginfo': allow offline parsing and fix parsing when ATS len!=16 --- client/src/cmdhfmf.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 5a0724c8d..8c8208235 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -7942,11 +7942,11 @@ static int parse_gtu_cfg(uint8_t *d, size_t n) { uint8_t atslen = d[7]; if (atslen == 0) { - PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _YELLOW_("zero")); + PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _YELLOW_("zero")); } else if (atslen <= 16) { - PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _GREEN_("ok")); + PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _GREEN_("ok")); } else { - PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _RED_("fail")); + PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _RED_("fail")); atslen = 0; } @@ -7955,7 +7955,7 @@ static int parse_gtu_cfg(uint8_t *d, size_t n) { // ATS seems to have 16 bytes reserved PrintAndLogEx(INFO, _CYAN_("Config 2 - ATS")); PrintAndLogEx(INFO, "%s", sprint_hex_inrow(d + 8, 16)); - if (atslen <= 16) { + if ((atslen > 0) && (atslen <= 16)) { PrintAndLogEx(INFO, "%s.............. ATS ( %d bytes )", sprint_hex_inrow(&d[8], d[7]), d[7]); PrintAndLogEx(INFO, "..................%s Reserved for ATS", sprint_hex_inrow(d + 8 + d[7], 16 - d[7])); } else { @@ -8044,15 +8044,23 @@ static int CmdHF14AGen4Info(const char *cmd) { size_t resplen = 0; int res = 0; - if (dlen != 32) { - res = mfG4GetConfig(pwd, resp, &resplen, verbose); - if (res != PM3_SUCCESS || resplen == 0) { - if (res == PM3_ETIMEOUT) - PrintAndLogEx(ERR, "No card in the field or card command timeout."); - else - PrintAndLogEx(ERR, "Error get config. Maybe not a Gen4 card?. error=%d rlen=%zu", res, resplen); + if (dlen == 0) { + if (IfPm3Iso14443a()) { + res = mfG4GetConfig(pwd, resp, &resplen, verbose); + if (res != PM3_SUCCESS || resplen == 0) { + if (res == PM3_ETIMEOUT) + PrintAndLogEx(ERR, "No card in the field or card command timeout."); + else + PrintAndLogEx(ERR, "Error get config. Maybe not a Gen4 card?. error=%d rlen=%zu", res, resplen); + return PM3_ESOFT; + } + } else { + PrintAndLogEx(ERR, "Offline mode, please provide data"); return PM3_ESOFT; } + } else if (dlen != 32) { + PrintAndLogEx(FAILED, "Data must be 32 bytes length, got " _YELLOW_("%u"), dlen); + return PM3_EINVARG; } else { memcpy(resp, data, dlen); resplen = 32; @@ -10139,7 +10147,7 @@ static command_t CommandTable[] = { {"gen3blk", CmdHf14AGen3Block, IfPm3Iso14443a, "Overwrite manufacturer block"}, {"gen3freeze", CmdHf14AGen3Freeze, IfPm3Iso14443a, "Perma lock UID changes. irreversible"}, {"-----------", CmdHelp, IfPm3Iso14443a, "-------------------- " _CYAN_("magic gen4 GTU") " --------------------------"}, - {"ginfo", CmdHF14AGen4Info, IfPm3Iso14443a, "Info about configuration of the card"}, + {"ginfo", CmdHF14AGen4Info, AlwaysAvailable, "Info about configuration of the card"}, {"ggetblk", CmdHF14AGen4GetBlk, IfPm3Iso14443a, "Read block from card"}, {"gload", CmdHF14AGen4Load, IfPm3Iso14443a, "Load dump to card"}, {"gsave", CmdHF14AGen4Save, IfPm3Iso14443a, "Save dump from card into file or emulator"}, From 7637fa01508ddd3bf90aa9b54a52b9d7663e6f94 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 10 Jan 2025 09:36:37 +0100 Subject: [PATCH 141/150] fix offline hf mf ginfo --- client/src/cmdhfmf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 8c8208235..981b2646f 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -8067,6 +8067,9 @@ static int CmdHF14AGen4Info(const char *cmd) { } parse_gtu_cfg(resp, resplen); + if (! IfPm3Iso14443a()) { + return PM3_SUCCESS; + } uint8_t uid_len = resp[1]; From 7eefd358d3def0e1b42b2fb1ba2dcd2e01259e50 Mon Sep 17 00:00:00 2001 From: Henry Gabryjelski Date: Fri, 10 Jan 2025 12:06:49 -0800 Subject: [PATCH 142/150] Allow manual initiation of CodeQL --- .github/workflows/codeql-analysis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index efac3fd69..d9ce0a0de 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -12,6 +12,7 @@ name: "CodeQL" on: + workflow_dispatch: push: branches: [ master ] pull_request: From 4c6ccfedc195efc6c50001a66e42e7a2c0c86f5a Mon Sep 17 00:00:00 2001 From: Henry Gabryjelski Date: Fri, 10 Jan 2025 12:20:17 -0800 Subject: [PATCH 143/150] See if this avoids changelist warnings when building in a fork --- .github/workflows/rebase.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index b1cc0e0c1..f93d60a5a 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -2,6 +2,7 @@ on: pull_request_target name: Changelog Reminder jobs: remind: + if: github.repository_owner = 'RfidResearchGroup' name: Changelog Reminder runs-on: ubuntu-latest steps: From 65b9348ad97096c2d60fc2dd3889b88f1c42ad0a Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 11 Jan 2025 19:18:33 +0100 Subject: [PATCH 144/150] modified lf hitag chk to show progress, added user side abort, and a minor delay since I noticed proxmark timeouts if running unlimited --- CHANGELOG.md | 3 ++- client/src/cmdlfhitag.c | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7207389e1..0d0542268 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed `lf hitag chk` - added key counter, client side abort and minor delay (@iceman1001) - Added `hf seos sam` - Added support for HID SAM SEOS communications (@jkramarz) - Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva) - Changed flash-stored key dictionaries (Mifare, iClass, T55XX) and T55XX configurations to SPIFFS files (@piotrva) @@ -27,7 +28,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added simulation function to `hf iclass legrec` (@antiklesys) - Added keys from Momentum firmware projects. (@onovy) - Added Dutch Statistics Agency default key (@eagle00789) -- Changed hf mf autopwn - now allows for custom suffix (@zxkmm) +- Changed `hf mf autopwn` - now allows for custom suffix (@zxkmm) ## [Orca.4.19552][2024-11-22] - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index 0c8956d75..7fac8fa45 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -488,8 +488,23 @@ static int ht2_check_dictionary(uint32_t key_count, uint8_t *keys, uint8_t keyl uint8_t *pkeys = keys; + uint32_t toti = key_count; + uint32_t cnt = 0; + while (key_count--) { + cnt++; + + if (kbd_enter_pressed()) { + SendCommandNG(CMD_BREAK_LOOP, NULL, 0); + PrintAndLogEx(INFO, "User aborted"); + break; + } + + PrintAndLogEx(INPLACE, "Checking Keys %u / %u", cnt, toti); + + msleep(30); + if (keylen == 4) { packet.cmd = HT2F_PASSWORD; memcpy(packet.pwd, pkeys, keylen); @@ -503,7 +518,7 @@ static int ht2_check_dictionary(uint32_t key_count, uint8_t *keys, uint8_t keyl clearCommandBuffer(); SendCommandNG(CMD_LF_HITAG_READER, (uint8_t *)&packet, sizeof(packet)); PacketResponseNG resp; - if (WaitForResponseTimeout(CMD_LF_HITAG_READER, &resp, 2000) == false) { + if (WaitForResponseTimeout(CMD_LF_HITAG_READER, &resp, 4000) == false) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); SendCommandNG(CMD_BREAK_LOOP, NULL, 0); return PM3_ETIMEOUT; From c4b24d48b90ce2b2c03c850557327d943a1368b8 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 12 Jan 2025 18:08:52 +0100 Subject: [PATCH 145/150] Update manufacturer list with 2022 info --- client/src/cmdhf14a.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 03e8585e1..9203a05ae 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -103,12 +103,12 @@ static const manufactureName_t manufactureMapping[] = { { 0x0F, "Hynix / Hyundai, Korea" }, { 0x10, "LG-Semiconductors Co. Ltd Korea" }, { 0x11, "Emosyn-EM Microelectronics USA" }, - { 0x12, "INSIDE Technology France" }, + { 0x12, "Wisekey Semiconductors (previously INSIDE Technology) France" }, { 0x13, "ORGA Kartensysteme GmbH Germany" }, { 0x14, "SHARP Corporation Japan" }, { 0x15, "ATMEL France" }, { 0x16, "EM Microelectronic-Marin SA Switzerland" }, - { 0x17, "KSW Microtec GmbH Germany" }, + { 0x17, "SMARTRAC TECHNOLOGY GmbH Germany" }, { 0x18, "ZMD AG Germany" }, { 0x19, "XICOR, Inc. USA" }, { 0x1A, "Sony Corporation Japan" }, @@ -124,7 +124,7 @@ static const manufactureName_t manufactureMapping[] = { { 0x24, "Masktech Germany Gmbh Germany" }, { 0x25, "Innovision Research and Technology Plc UK" }, { 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" }, - { 0x27, "Cypak AB Sweden" }, + { 0x27, "Yubico AB Sweden" }, { 0x28, "Ricoh Japan" }, { 0x29, "ASK France" }, { 0x2A, "Unicore Microsystems, LLC Russian Federation" }, @@ -140,7 +140,7 @@ static const manufactureName_t manufactureMapping[] = { { 0x34, "Mikron JSC Russia" }, { 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" }, { 0x36, "IDS Microchip AG Switzerland" }, - { 0x37, "Thinfilm - Kovio USA" }, + { 0x37, "Kovio USA" }, { 0x38, "HMT Microelectronic Ltd Switzerland" }, { 0x39, "Silicon Craft Technology Thailand" }, { 0x3A, "Advanced Film Device Inc. Japan" }, @@ -185,18 +185,34 @@ static const manufactureName_t manufactureMapping[] = { { 0x61, "Wearlinks Technology Inc. China" }, { 0x62, "Userstar Information Systems Co., Ltd Taiwan" }, { 0x63, "Pragmatic Printing Ltd. UK" }, - { 0x64, "Associacao do Laboratorio de Sistemas Integraveis Tecnologico - LSI-TEC Brazil" }, + { 0x64, "Associação do Laboratório de Sistemas Integráveis Tecnológico - LSI-TEC Brazil" }, { 0x65, "Tendyron Corporation China" }, { 0x66, "MUTO Smart Co., Ltd. Korea" }, { 0x67, "ON Semiconductor USA" }, - { 0x68, "TUBITAK BILGEM Turkey" }, + { 0x68, "TÜBİTAK BİLGEM Turkey" }, { 0x69, "Huada Semiconductor Co., Ltd China" }, { 0x6A, "SEVENEY France" }, - { 0x6B, "ISSM France" }, + { 0x6B, "THALES DIS Design Services SAS (previously ISSM) France" }, { 0x6C, "Wisesec Ltd Israel" }, + { 0x6D, "LTD \"NM-Teh\" Russia" }, + { 0x70, "ifm electronic gmbh Germany" }, + { 0x71, "Sichuan Kiloway Technologies Co., Ltd. China" }, + { 0x72, "Ford Motor Company US" }, + { 0x73, "Beijing Tsingteng MicroSystem Co.,Ltd China" }, + { 0x74, "Huada EverCore Co., Ltd China" }, + { 0x75, "Smartchip Microelectronics Corporation Taiwan" }, + { 0x76, "Tongxin Microelectronics Co., Ltd. China" }, + { 0x77, "Ningbo IOT Microelectronics Co Ltd China" }, + { 0x78, "AU Optronics Taiwan" }, + { 0x79, "CUBIC USA" }, + { 0x7A, "Abbott Diabetes Care USA" }, + { 0x7B, "Shenzen Nation RFID Technology Co Ltd China" }, { 0x7C, "DB HiTek Co Ltd Korea" }, { 0x7D, "SATO Vicinity Australia" }, { 0x7E, "Holtek Taiwan" }, + { 0x7F, "Shenzhen Goodix Technology Co., Ltd. China" }, + { 0x80, "Panthronics AG Austria" }, + { 0x81, "Beijing Huada Infosec Technology Co., Ltd China"}, { 0x00, "no tag-info available" } // must be the last entry }; From ab96b74110fa38a78bd2331ab3ea9334aff3bd03 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 12 Jan 2025 18:26:47 +0100 Subject: [PATCH 146/150] ref --- client/src/cmdhf14a.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 9203a05ae..939c2b257 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -84,6 +84,7 @@ static const iso14a_polling_frame_t ECP_FRAME = { }; +// based on ISO/IEC JTC1/SC17 STANDING DOCUMENT 5 (Updated 25 February 2022) Register of IC manufacturers static const manufactureName_t manufactureMapping[] = { // ID, "Vendor Country" { 0x01, "Motorola UK" }, From d481a21e545a900af3c255f9637d98fab7fcbf39 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 12 Jan 2025 18:50:16 +0100 Subject: [PATCH 147/150] Update manufacturer list with 2024 info --- client/src/cmdhf14a.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 939c2b257..49bf3cc05 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -84,7 +84,7 @@ static const iso14a_polling_frame_t ECP_FRAME = { }; -// based on ISO/IEC JTC1/SC17 STANDING DOCUMENT 5 (Updated 25 February 2022) Register of IC manufacturers +// based on ISO/IEC JTC1/SC17 STANDING DOCUMENT 5 (Updated 20 September 2024) Register of IC manufacturers static const manufactureName_t manufactureMapping[] = { // ID, "Vendor Country" { 0x01, "Motorola UK" }, @@ -150,12 +150,12 @@ static const manufactureName_t manufactureMapping[] = { { 0x3D, "HID Global USA" }, { 0x3E, "Productivity Engineering Gmbh Germany" }, { 0x3F, "Austriamicrosystems AG (reserved) Austria" }, - { 0x40, "Gemalto SA France" }, + { 0x40, "Thales DIS (previously Gemalto SA) France" }, { 0x41, "Renesas Electronics Corporation Japan" }, { 0x42, "3Alogics Inc Korea" }, { 0x43, "Top TroniQ Asia Limited Hong Kong" }, { 0x44, "Gentag Inc. USA" }, - { 0x45, "Invengo Information Technology Co.Ltd China" }, + { 0x45, "Invengo Information Technology Co. Ltd China" }, { 0x46, "Guangzhou Sysur Microelectronics, Inc China" }, { 0x47, "CEITEC S.A. Brazil" }, { 0x48, "Shanghai Quanray Electronics Co. Ltd. China" }, @@ -166,7 +166,7 @@ static const manufactureName_t manufactureMapping[] = { { 0x4D, "Balluff GmbH Germany" }, { 0x4E, "Oberthur Technologies France" }, { 0x4F, "Silterra Malaysia Sdn. Bhd. Malaysia" }, - { 0x50, "DELTA Danish Electronics, Light & Acoustics Denmark" }, + { 0x50, "Presto Engineering Denmark" }, { 0x51, "Giesecke & Devrient GmbH Germany" }, { 0x52, "Shenzhen China Vision Microelectronics Co., Ltd. China" }, { 0x53, "Shanghai Feiju Microelectronics Co. Ltd. China" }, @@ -211,9 +211,32 @@ static const manufactureName_t manufactureMapping[] = { { 0x7C, "DB HiTek Co Ltd Korea" }, { 0x7D, "SATO Vicinity Australia" }, { 0x7E, "Holtek Taiwan" }, + // Previously, following entries were listed in the doc as 0x7f, 0x80 etc. + // Now, they are listed as 'FF 00', 'FF 01',... { 0x7F, "Shenzhen Goodix Technology Co., Ltd. China" }, { 0x80, "Panthronics AG Austria" }, - { 0x81, "Beijing Huada Infosec Technology Co., Ltd China"}, + { 0x81, "Beijing Huada Infosec Technology Co., Ltd China" }, + { 0x82, "Shanghai Oriental Magnetic Card Engineering Co Ltd. China" }, + { 0x83, "8ApeX Inc USA" }, + { 0x84, "Abbott Ireland" }, + { 0x85, "Proqure Inc USA" }, + { 0x86, "Schreiner Group GmbH & Co. KG Germany" }, + { 0x87, "Beijing SmartChip Microelectronics Technology Company Limited China" }, + { 0x88, "Datang Microelectronics Technology Co., Ltd. China" }, + { 0x89, "Wise Security Technology (Guangzhou) Co., Ltd. China" }, + { 0x8A, "CEC Huada Electronic Design Co., Ltd. China" }, + { 0x8B, "Shanghai Techsun RFID Technology Co., Ltd. China" }, + { 0x8C, "North China Institute of Computing Technology China" }, + { 0x8D, "Shanghai Huahong Integrated Circuit Co., Ltd. China" }, + { 0x8E, "Shanghai MintSilicon Microelectronics Inc., Ltd. China" }, + { 0x8F, "Xinsheng Technology Co., Ltd. China" }, + { 0x90, "IDEX Biometrics ASA Norway" }, + { 0x91, "Novo Nordisk A/S Denmark" }, + { 0x92, "Shandong Huayi Micro-Electronics Technology Co., Ltd. China" }, + { 0x93, "Abbott Heart Failure USA" }, + { 0x94, "P&M Information Technology (Shenzhen) Co., Ltd. China" }, + { 0x95, "MARS TECHNOLOGY PTE. LTD. Singapore" }, + { 0x96, "Trovan Limited Isle of Man" }, { 0x00, "no tag-info available" } // must be the last entry }; From 52b2c731397a0e557e11014b00cd74717a5e163e Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 12 Jan 2025 19:19:00 +0100 Subject: [PATCH 148/150] trying to fix Proxspace compilation, might need some more trials... --- client/src/cmdhf14a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 49bf3cc05..bdc32077b 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -190,7 +190,7 @@ static const manufactureName_t manufactureMapping[] = { { 0x65, "Tendyron Corporation China" }, { 0x66, "MUTO Smart Co., Ltd. Korea" }, { 0x67, "ON Semiconductor USA" }, - { 0x68, "TÜBİTAK BİLGEM Turkey" }, + { 0x68, "TÜBITAK BILGEM Turkey" }, // Don't use "İ", Proxspace doesn't like it { 0x69, "Huada Semiconductor Co., Ltd China" }, { 0x6A, "SEVENEY France" }, { 0x6B, "THALES DIS Design Services SAS (previously ISSM) France" }, From 97953d1ef336a57abe2d4401a9358c04de316382 Mon Sep 17 00:00:00 2001 From: nvx Date: Tue, 14 Jan 2025 22:00:17 +1000 Subject: [PATCH 149/150] fix hf mf csetuid --gdm --- client/src/mifare/mifarehost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 7e44df14a..28969b1bd 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -1144,7 +1144,7 @@ int mf_chinese_set_uid(uint8_t *uid, uint8_t uidlen, const uint8_t *atqa, const res = mf_chinese_set_block(0, block0, NULL, params); if (res == PM3_SUCCESS) { - params = MAGIC_SINGLE | MAGIC_WUPC; + params = MAGIC_SINGLE | (gdm ? MAGIC_GDM_ALT_WUPC : MAGIC_WUPC); memset(block0, 0, sizeof(block0)); res = mf_chinese_get_block(0, block0, params); if (res == 0) { From 29e0c51393702ca0f32bed1f3a67b35cdedea865 Mon Sep 17 00:00:00 2001 From: nvx Date: Tue, 14 Jan 2025 22:36:59 +1000 Subject: [PATCH 150/150] Changed `hf mf info` - now differentiates between full USCUID and cut down ZUID chips --- CHANGELOG.md | 1 + armsrc/mifarecmd.c | 12 +++++++++++- client/src/cmdhf14a.c | 2 +- client/src/mifare/mifarehost.c | 4 ++++ include/protocols.h | 29 +++++++++++++++-------------- 5 files changed, 32 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d0542268..6d3de96f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Changed `hf mf info` - now differentiates between full USCUID and cut down ZUID chips (@nvx) - Changed `lf hitag chk` - added key counter, client side abort and minor delay (@iceman1001) - Added `hf seos sam` - Added support for HID SAM SEOS communications (@jkramarz) - Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index bf308364d..46c032011 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2927,6 +2927,7 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) { uint8_t rdbl00[4] = {ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8}; uint8_t gen4gdmAuth[4] = {MIFARE_MAGIC_GDM_AUTH_KEY, 0x00, 0x6C, 0x92}; uint8_t gen4gdmGetConf[4] = {MIFARE_MAGIC_GDM_READ_CFG, 0x00, 0x39, 0xF7}; + uint8_t gen4gdmGetMagicBlock[4] = {MIFARE_MAGIC_GDM_READBLOCK, 0x00, 0xC2, 0x66}; uint8_t gen4GetConf[8] = {GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0}; uint8_t superGen1[9] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D}; bool isGen2 = false; @@ -2955,7 +2956,16 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) { ReaderTransmit(gen4gdmGetConf, sizeof(gen4gdmGetConf), NULL); res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par); if (res > 1) { - flag |= MAGIC_FLAG_GDM_WUP_40; + // could be ZUID or full USCUID, the magic blocks don't exist on ZUID so + // a failure here indicates a feature limited chip like ZUID + // check for GDM hidden block read + ReaderTransmit(gen4gdmGetMagicBlock, sizeof(gen4gdmGetMagicBlock), NULL); + res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par); + if (res > 1) { + flag |= MAGIC_FLAG_GDM_WUP_40; + } else { + flag |= MAGIC_FLAG_GDM_WUP_40_ZUID; + } } } diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index bdc32077b..f2d573a8c 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -2761,7 +2761,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf c*") "` magic commands"); // if GEN4 GDM in Gen1a more, hint about it - if ((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) { + if (((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) || ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID)) { PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf gdm* --gen1a") "` magic commands"); } } diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 7e44df14a..849c06f15 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -1614,6 +1614,10 @@ uint16_t detect_mf_magic(bool is_mfc, uint8_t key_type, uint64_t key) { PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( Gen1 Magic Wakeup )"); } + if ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID) { + PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( ZUID Gen1 Magic Wakeup )"); + } + if ((isMagic & MAGIC_FLAG_GEN_UNFUSED) == MAGIC_FLAG_GEN_UNFUSED) { PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Write Once / FUID")); } diff --git a/include/protocols.h b/include/protocols.h index 3591a8dc2..dbb60aa5e 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -263,20 +263,21 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define MAGIC_SINGLE (MAGIC_HALT | MAGIC_INIT | MAGIC_OFF) //0x1E // by CMD_HF_MIFARE_CIDENT / Flags -#define MAGIC_FLAG_NONE 0x0000 -#define MAGIC_FLAG_GEN_1A 0x0001 -#define MAGIC_FLAG_GEN_1B 0x0002 -#define MAGIC_FLAG_GEN_2 0x0004 -#define MAGIC_FLAG_GEN_UNFUSED 0x0008 -#define MAGIC_FLAG_SUPER_GEN1 0x0010 -#define MAGIC_FLAG_SUPER_GEN2 0x0020 -#define MAGIC_FLAG_NTAG21X 0x0040 -#define MAGIC_FLAG_GEN_3 0x0080 -#define MAGIC_FLAG_GEN_4GTU 0x0100 -#define MAGIC_FLAG_GDM_AUTH 0x0200 -#define MAGIC_FLAG_QL88 0x0400 -#define MAGIC_FLAG_GDM_WUP_20 0x0800 -#define MAGIC_FLAG_GDM_WUP_40 0x1000 +#define MAGIC_FLAG_NONE 0x0000 +#define MAGIC_FLAG_GEN_1A 0x0001 +#define MAGIC_FLAG_GEN_1B 0x0002 +#define MAGIC_FLAG_GEN_2 0x0004 +#define MAGIC_FLAG_GEN_UNFUSED 0x0008 +#define MAGIC_FLAG_SUPER_GEN1 0x0010 +#define MAGIC_FLAG_SUPER_GEN2 0x0020 +#define MAGIC_FLAG_NTAG21X 0x0040 +#define MAGIC_FLAG_GEN_3 0x0080 +#define MAGIC_FLAG_GEN_4GTU 0x0100 +#define MAGIC_FLAG_GDM_AUTH 0x0200 +#define MAGIC_FLAG_QL88 0x0400 +#define MAGIC_FLAG_GDM_WUP_20 0x0800 +#define MAGIC_FLAG_GDM_WUP_40 0x1000 +#define MAGIC_FLAG_GDM_WUP_40_ZUID 0x2000 // Commands for configuration of Gen4 GTU cards.