github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: hf mfdes info - refactored a bit. \nchg: hf mfdes enum - now works again

Browse source
This commit is contained in:
iceman1001 2020-03-19 12:05:29 +01:00
commit 7a1c65d1af
1 changed files with 401 additions and 225 deletions
Download patch file Download diff file Expand all files Collapse all files

626
client/cmdhfmfdes.c
View file

@ -28,6 +28,73 @@ uint8_t key_picc_data[16] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
//ICEMAN: Turn on field method?
//none
static int test_desfire_authenticate() {
uint8_t c[] = {AUTHENTICATE, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x0A, KEY 0
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
DropField();
return PM3_ETIMEOUT;
}
if (resp.length == 13)
return PM3_SUCCESS;
return PM3_ESOFT;
}
// none
static int test_desfire_authenticate_iso() {
uint8_t c[] = {AUTHENTICATE_ISO, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x1A, KEY 0
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
DropField();
return PM3_ETIMEOUT;
}
if (resp.length >= 13)
return PM3_SUCCESS;
return PM3_ESOFT;
}
//none
static int test_desfire_authenticate_aes() {
uint8_t c[] = {AUTHENTICATE_AES, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0xAA, KEY 0
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
DropField();
return PM3_ETIMEOUT;
}
if (resp.length >= 13)
return PM3_SUCCESS;
return PM3_ESOFT;
}
// --- FREE MEM
static int desfire_print_freemem(uint32_t free_mem) {
PrintAndLogEx(SUCCESS, " Available free memory on card : " _GREEN_("%d bytes"), free_mem);
return PM3_SUCCESS;
}
// init / disconnect
static int get_desfire_freemem(uint32_t *free_mem) {
uint8_t c[] = {GET_FREE_MEMORY, 0x00, 0x00, 0x00}; // 0x6E
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, (INIT | DISCONNECT), sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
return PM3_ETIMEOUT;
}
if (resp.length == 8) {
*free_mem = le24toh(resp.data.asBytes + 1);
return PM3_SUCCESS;
}
*free_mem = 0;
return PM3_ESOFT;
}
// --- GET SIGNATURE
static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t signature_len) { static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t signature_len) {
#define PUBLIC_DESFIRE_ECDA_KEYLEN 57 #define PUBLIC_DESFIRE_ECDA_KEYLEN 57
@ -66,12 +133,12 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// init / disconnect
static int get_desfire_signature(uint8_t *signature, size_t *signature_len) { static int get_desfire_signature(uint8_t *signature, size_t *signature_len) {
PacketResponseNG resp;
uint8_t c[] = {MFDES_READSIG, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x3C uint8_t c[] = {MFDES_READSIG, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x3C
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, (INIT | DISCONNECT), sizeof(c), 0, c, sizeof(c)); SendCommandMIX(CMD_HF_DESFIRE_COMMAND, (INIT | DISCONNECT), sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500))
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
@ -85,6 +152,190 @@ static int get_desfire_signature(uint8_t *signature, size_t *signature_len) {
} }
} }
// --- KEY SETTING
static int desfire_print_keysetting(uint8_t key_settings, uint8_t num_keys) {
PrintAndLogEx(SUCCESS, " AID Key settings : %02x", key_settings);
PrintAndLogEx(SUCCESS, " Max number of keys in AID : %d", num_keys);
PrintAndLogEx(INFO, "-------------------------------------------------------------");
PrintAndLogEx(SUCCESS, " Changekey Access rights");
// Access rights.
uint8_t rights = (key_settings >> 4 & 0x0F);
switch (rights) {
case 0x0:
PrintAndLogEx(SUCCESS, " -- AMK authentication is necessary to change any key (default)");
break;
case 0xE:
PrintAndLogEx(SUCCESS, " -- Authentication with the key to be changed (same KeyNo) is necessary to change a key");
break;
case 0xF:
PrintAndLogEx(SUCCESS, " -- All keys (except AMK,see Bit0) within this application are frozen");
break;
default:
PrintAndLogEx(SUCCESS, " -- Authentication with the specified key is necessary to change any key.\nA change key and a PICC master key (CMK) can only be changed after authentication with the master key.\nFor keys other then the master or change key, an authentication with the same key is needed.");
break;
}
PrintAndLogEx(SUCCESS, " [0x08] Configuration changeable : %s", (key_settings & (1 << 3)) ? _GREEN_("YES") : "NO");
PrintAndLogEx(SUCCESS, " [0x04] AMK required for create/delete : %s", (key_settings & (1 << 2)) ? "NO" : "YES");
PrintAndLogEx(SUCCESS, " [0x02] Directory list access with AMK : %s", (key_settings & (1 << 1)) ? "NO" : "YES");
PrintAndLogEx(SUCCESS, " [0x01] AMK is changeable : %s", (key_settings & (1 << 0)) ? _GREEN_("YES") : "NO");
return PM3_SUCCESS;
}
// none
static int get_desfire_keysettings(uint8_t *key_settings, uint8_t *num_keys) {
PacketResponseNG resp;
uint8_t c[] = {MFDES_GET_KEY_SETTINGS, 0x00, 0x00, 0x00}; // 0x45
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xFF;
if (isOK == false) {
return PM3_ESOFT;
}
if (resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0xae) {
PrintAndLogEx(WARNING, _RED_(" authentication error"));
return PM3_ESOFT;
}
// PrintAndLogEx(INFO, "ICE: KEYSETTING resp :: %s", sprint_hex(resp.data.asBytes, resp.length));
*key_settings = resp.data.asBytes[1];
*num_keys = resp.data.asBytes[2];
return PM3_SUCCESS;
}
// --- KEY VERSION
static int desfire_print_keyversion(uint8_t key_idx, uint8_t key_version) {
PrintAndLogEx(SUCCESS, " Key [%u] Version : %d (0x%02x)", key_idx, key_version, key_version);
return PM3_SUCCESS;
}
// none
static int get_desfire_keyversion(uint8_t curr_key, uint8_t *num_versions) {
PacketResponseNG resp;
uint8_t c[] = {MFDES_GET_KEY_VERSION, 0x00, 0x00, 0x01, curr_key, 0x00}; // 0x64
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xFF;
if (isOK == false) {
return PM3_ESOFT;
}
if ( resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0x40) {
return PM3_ESOFT;
}
*num_versions = resp.data.asBytes[1];
return PM3_SUCCESS;
}
// init
static int get_desfire_select_application(uint8_t *aid) {
if (aid == NULL) return PM3_ESOFT;
uint8_t c[] = {SELECT_APPLICATION, 0x00, 0x00, 0x03, aid[0], aid[1], aid[2], 0x00}; // 0x5a
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) {
PrintAndLogEx(WARNING, _RED_(" timed-out"));
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, " Can't select AID: " _RED_("%s"), sprint_hex(aid, 3));
return PM3_ESOFT;
}
if (resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0x00) {
return PM3_SUCCESS;
}
return PM3_ESOFT;
}
// init / disconnect
static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) {
uint8_t c[] = {GET_APPLICATION_IDS, 0x00, 0x00, 0x00}; //0x6a
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | CLEARTRACE | DISCONNECT , sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_("Command unsuccessful"));
return PM3_ESOFT;
}
*app_ids_len = resp.length - 5;
// resp.length - 2crc, 2status, 1pcb...
memcpy(dest, resp.data.asBytes + 1, *app_ids_len);
if (resp.data.asBytes[resp.length - 3] == MFDES_ADDITIONAL_FRAME) {
c[0] = MFDES_ADDITIONAL_FRAME; //0xAF
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
return PM3_ETIMEOUT;
}
isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_("Command unsuccessful"));
return PM3_ESOFT;
}
memcpy(dest + *app_ids_len, resp.data.asBytes + 1, resp.length - 5);
*app_ids_len += (resp.length - 5);
}
return PM3_SUCCESS;
}
// none
static int get_desfire_fileids(uint8_t *dest, uint8_t *file_ids_len) {
uint8_t c[] = {MFDES_GET_FILE_IDS, 0x00, 0x00, 0x00}; // 0x6f
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_("Command unsuccessful"));
return PM3_ESOFT;
}
if (resp.data.asBytes[resp.length - 4] == 0x91 && resp.data.asBytes[resp.length - 3] == 0x00) {
*file_ids_len = resp.length - 5;
memcpy(dest, resp.data.asBytes + 1, *file_ids_len);
return PM3_SUCCESS;
}
return PM3_ESOFT;
}
static int CmdHF14ADesInfo(const char *Cmd) { static int CmdHF14ADesInfo(const char *Cmd) {
(void)Cmd; // Cmd is not used so far (void)Cmd; // Cmd is not used so far
@ -93,6 +344,7 @@ static int CmdHF14ADesInfo(const char *Cmd) {
if (!WaitForResponseTimeout(CMD_HF_DESFIRE_INFO, &resp, 1500)) { if (!WaitForResponseTimeout(CMD_HF_DESFIRE_INFO, &resp, 1500)) {
PrintAndLogEx(WARNING, "Command execute timeout"); PrintAndLogEx(WARNING, "Command execute timeout");
DropField();
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }
@ -147,6 +399,27 @@ static int CmdHF14ADesInfo(const char *Cmd) {
PrintAndLogEx(SUCCESS, " Protocol : %s", getProtocolStr(package->versionSW[6])); PrintAndLogEx(SUCCESS, " Protocol : %s", getProtocolStr(package->versionSW[6]));
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
PrintAndLogEx(INFO, "Card capabilities");
uint8_t major = package->versionSW[3];
uint8_t minor = package->versionSW[4];
if (major == 0 && minor == 4)
PrintAndLogEx(INFO, "\t0.4 - DESFire MF3ICD40, No support for APDU (only native commands)");
if (major == 0 && minor == 5)
PrintAndLogEx(INFO, "\t0.5 - DESFire MF3ICD40, Support for wrapping commands inside ISO 7816 style APDUs");
if (major == 0 && minor == 6)
PrintAndLogEx(INFO, "\t0.6 - DESFire MF3ICD40, Add ISO/IEC 7816 command set compatibility");
if (major == 1 && minor == 3)
PrintAndLogEx(INFO, "\t1.3 - DESFire Ev1, Support extended APDU commands");
if (major == 1 && minor == 4)
PrintAndLogEx(INFO, "\t1.4 - DESFire Ev1, N/A information about this version. report to iceman!");
if (major == 2 && minor == 0)
PrintAndLogEx(INFO, "\t2.0 - DESFire Ev2, Originality check, proximity check");
if (major == 0 && minor == 2)
PrintAndLogEx(INFO, "\t0.2 - DESFire Light, Originality check, ");
PrintAndLogEx(INFO, "-------------------------------------------------------------");
// Signature originality check // Signature originality check
uint8_t signature[56] = {0}; uint8_t signature[56] = {0};
size_t signature_len = 0; size_t signature_len = 0;
@ -155,24 +428,19 @@ static int CmdHF14ADesInfo(const char *Cmd) {
desfire_print_signature(package->uid, signature, signature_len); desfire_print_signature(package->uid, signature, signature_len);
// Master Key settings // Master Key settings
getKeySettings(NULL); uint8_t master_aid[3] = {0x00, 0x00, 0x00};
getKeySettings(master_aid);
// Free memory on card // Free memory on card
uint8_t c[] = {GET_FREE_MEMORY, 0x00, 0x00, 0x00}; // 0x6E PrintAndLogEx(INFO, " Free memory");
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, (INIT | DISCONNECT), sizeof(c), 0, c, sizeof(c)); uint32_t free_mem = 0;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) if (get_desfire_freemem(&free_mem) == PM3_SUCCESS) {
return PM3_ETIMEOUT; desfire_print_freemem(free_mem);
PrintAndLogEx(INFO, " Free memory");
// Desfire Light doesn't support FREEMEM (len = 5)
if (resp.length == 8) {
uint8_t tmp[3];
memcpy(tmp, resp.data.asBytes + 1, 3);
PrintAndLogEx(SUCCESS, " Available free memory on card : " _GREEN_("%d bytes"), le24toh(tmp));
} else { } else {
PrintAndLogEx(SUCCESS, " Card doesn't support 'free mem' cmd"); PrintAndLogEx(SUCCESS, " Card doesn't support 'free mem' cmd");
} }
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
/* /*
Card Master key (CMK) 0x00 AID = 00 00 00 (card level) Card Master key (CMK) 0x00 AID = 00 00 00 (card level)
Application Master Key (AMK) 0x00 AID != 00 00 00 Application Master Key (AMK) 0x00 AID != 00 00 00
@ -187,6 +455,8 @@ static int CmdHF14ADesInfo(const char *Cmd) {
keys 12,13,14,15 R keys 12,13,14,15 R
*/ */
DropField();
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -230,13 +500,13 @@ char *getVersionStr(uint8_t major, uint8_t minor) {
char *retStr = buf; char *retStr = buf;
if (major == 0x00) if (major == 0x00)
sprintf(retStr, "%x.%x ( " _YELLOW_("Desfire MF3ICD40") ")", major, minor); sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire MF3ICD40") ")", major, minor);
else if (major == 0x01 && minor == 0x00) else if (major == 0x01 && minor == 0x00)
sprintf(retStr, "%x.%x ( " _YELLOW_("Desfire EV1") ")", major, minor); sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire EV1") ")", major, minor);
else if (major == 0x12 && minor == 0x00) else if (major == 0x12 && minor == 0x00)
sprintf(retStr, "%x.%x ( " _YELLOW_("Desfire EV2") ")", major, minor); sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire EV2") ")", major, minor);
else if (major == 0x30 && minor == 0x00) else if (major == 0x30 && minor == 0x00)
sprintf(retStr, "%x.%x ( " _YELLOW_("Desfire Light") ")", major, minor); sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire Light") ")", major, minor);
else else
sprintf(retStr, "%x.%x ( " _YELLOW_("Unknown") ")", major, minor); sprintf(retStr, "%x.%x ( " _YELLOW_("Unknown") ")", major, minor);
return buf; return buf;
@ -246,267 +516,162 @@ void getKeySettings(uint8_t *aid) {
char messStr[512] = {0x00}; char messStr[512] = {0x00};
const char *str = messStr; const char *str = messStr;
uint8_t isOK = 0;
PacketResponseNG resp;
if (aid == NULL) { if (memcmp(aid, "\x00\x00\x00", 3) == 0) {
// CARD MASTER KEY // CARD MASTER KEY
PrintAndLogEx(INFO, " CMK - PICC, Card Master Key settings"); PrintAndLogEx(INFO, " CMK - PICC, Card Master Key settings");
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
{
uint8_t data[] = {GET_KEY_SETTINGS, 0x00, 0x00, 0x00}; // 0x45 if (get_desfire_select_application(aid) != PM3_SUCCESS) {
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); PrintAndLogEx(WARNING, _RED_(" Can't select AID"));
} DropField();
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;}
isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_(" Can't select master application"));
return; return;
} }
// Not supported 02 91 1c c4 ca
// OK - 02 0f 01 91 00 7e fe // KEY Settings - AMK
if (resp.length == 7 ) { uint8_t num_keys = 0;
uint8_t key_setting = 0;
if (get_desfire_keysettings(&key_setting, &num_keys) == PM3_SUCCESS) {
// number of Master keys (0x01) // number of Master keys (0x01)
PrintAndLogEx(SUCCESS, " Number of Masterkeys : " _YELLOW_("%u"), resp.data.asBytes[2]); PrintAndLogEx(SUCCESS, " Number of Masterkeys : " _YELLOW_("%u"), (num_keys & 0x3F) );
str = (resp.data.asBytes[1] & (1 << 3)) ? _GREEN_("YES") : "NO";
PrintAndLogEx(SUCCESS, " [0x08] Configuration changeable : %s", str);
str = (resp.data.asBytes[1] & (1 << 2)) ? _GREEN_("YES") : "NO"; PrintAndLogEx(SUCCESS, " [0x08] Configuration changeable : %s", (key_setting & (1 << 3)) ? _GREEN_("YES") : "NO");
PrintAndLogEx(SUCCESS, " [0x04] CMK required for create/delete : %s", str); PrintAndLogEx(SUCCESS, " [0x04] CMK required for create/delete : %s", (key_setting & (1 << 2)) ? _GREEN_("YES") : "NO");
PrintAndLogEx(SUCCESS, " [0x02] Directory list access with CMK : %s", (key_setting & (1 << 1)) ? _GREEN_("YES") : "NO");
str = (resp.data.asBytes[1] & (1 << 1)) ? _GREEN_("YES") : "NO"; PrintAndLogEx(SUCCESS, " [0x01] CMK is changeable : %s", (key_setting & (1 << 0)) ? _GREEN_("YES") : "NO");
PrintAndLogEx(SUCCESS, " [0x02] Directory list access with CMK : %s", str); } else {
PrintAndLogEx(WARNING, _RED_(" Can't read Application Master key settings"));
str = (resp.data.asBytes[1] & (1 << 0)) ? _GREEN_("YES") : "NO";
PrintAndLogEx(SUCCESS, " [0x01] CMK is changeable : %s", str);
} }
{
uint8_t data[] = {GET_KEY_VERSION, 0x00, 0x00, 0x01, 0x0, 0x00}; // 0x64 memset(messStr, 0x00, sizeof(messStr));
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); str = " Operation of PICC master key : " _YELLOW_("%s");
// 2 MSB denotes
switch (num_keys >> 6) {
case 0:
PrintAndLogEx(SUCCESS, str, "(3)DES");
break;
case 1:
PrintAndLogEx(SUCCESS, str, "3K3DES");
break;
case 2:
PrintAndLogEx(SUCCESS, str, "AES");
break;
default:
break;
} }
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { return; }
isOK = resp.oldarg[0] & 0xff; uint8_t cmk_num_versions = 0;
if (!isOK) { if (get_desfire_keyversion(0, &cmk_num_versions) == PM3_SUCCESS) {
PrintAndLogEx(WARNING, _RED_(" Can't read key-version")); PrintAndLogEx(SUCCESS, " PICC Master key Version : " _YELLOW_("%d (0x%02x)"), cmk_num_versions, cmk_num_versions);
return;
}
if (resp.length == 6) {
PrintAndLogEx(SUCCESS, "");
PrintAndLogEx(SUCCESS, " Master key Version : " _YELLOW_("%d (0x%02x)"), resp.data.asBytes[3], resp.data.asBytes[3]);
PrintAndLogEx(INFO, " ----------------------------------------------------------"); PrintAndLogEx(INFO, " ----------------------------------------------------------");
} }
{
// 0x0A
uint8_t data[] = {AUTHENTICATE, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x0A, KEY 0
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data));
}
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;}
PrintAndLogEx(SUCCESS, " [0x0A] Authenticate : %s", (resp.length == 13) ? _YELLOW_("YES") : "NO");
{ // Authentication tests
// 0x1A int res = test_desfire_authenticate();
uint8_t data[] = {AUTHENTICATE_ISO, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x1A, KEY 0 if (res == PM3_ETIMEOUT) return;
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); PrintAndLogEx(SUCCESS, " [0x0A] Authenticate : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO");
}
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;}
PrintAndLogEx(SUCCESS, " [0x1A] Authenticate ISO : %s", (resp.length >= 13) ? _YELLOW_("YES") : "NO");
{ res = test_desfire_authenticate_iso();
// 0xAA if (res == PM3_ETIMEOUT) return;
uint8_t data[] = {AUTHENTICATE_AES, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0xAA, KEY 0 PrintAndLogEx(SUCCESS, " [0x1A] Authenticate ISO : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO");
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data));
} res = test_desfire_authenticate_aes();
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;} if (res == PM3_ETIMEOUT) return;
PrintAndLogEx(SUCCESS, " [0xAA] Authenticate AES : %s", (resp.length >= 13) ? _YELLOW_("YES") : "NO"); PrintAndLogEx(SUCCESS, " [0xAA] Authenticate AES : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO");
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
} else { } else {
// AID - APPLICATION MASTER KEYS // AID - APPLICATION MASTER KEYS
PrintAndLogEx(SUCCESS, " AMK - Application Master Key settings"); PrintAndLogEx(SUCCESS, " AMK - Application Master Key settings");
PrintAndLogEx(INFO, " ----------------------------------------------------------"); PrintAndLogEx(INFO, " ----------------------------------------------------------");
PrintAndLogEx(INFO, " select AID: " _YELLOW_("%s"), sprint_hex(aid, 3) );
// SELECT AID if (get_desfire_select_application(aid) != PM3_SUCCESS) {
{ PrintAndLogEx(WARNING, _RED_(" Can't select AID"));
uint8_t data[] = {SELECT_APPLICATION, 0x00, 0x00, 0x03, aid[0], aid[1], aid[2], 0x00}; // 0x5a DropField();
//memcpy(data + 1, aid, 3);
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT, sizeof(data), 0, data, sizeof(data));
}
if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return;
}
isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, " Can't select AID: " _RED_("%s"), sprint_hex(aid, 3));
return; return;
} }
// KEY SETTINGS // KEY Settings - AMK
{ uint8_t num_keys = 0;
uint8_t data[] = {GET_KEY_SETTINGS, 0x00, 0x00, 0x00}; // 0x45 uint8_t key_setting = 0;
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(data), 0, data, sizeof(data)); if (get_desfire_keysettings(&key_setting, &num_keys) == PM3_SUCCESS) {
} desfire_print_keysetting(key_setting, num_keys);
if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) {
return;
}
isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_(" Can't read Application Master key settings"));
} else { } else {
// Access rights. PrintAndLogEx(WARNING, _RED_(" Can't read Application Master key settings"));
uint8_t rights = (resp.data.asBytes[1] >> 4 & 0x0F);
switch (rights) {
case 0x0:
str = "AMK authentication is necessary to change any key (default)";
break;
case 0xE:
str = "Authentication with the key to be changed (same KeyNo) is necessary to change a key";
break;
case 0xF:
str = "All keys (except AMK,see Bit0) within this application are frozen";
break;
default:
str = "Authentication with the specified key is necessary to change any key. A change key and a PICC master key (CMK) can only be changed after authentication with the master key. For keys other then the master or change key, an authentication with the same key is needed.";
break;
}
PrintAndLogEx(SUCCESS, "Changekey Access rights");
PrintAndLogEx(SUCCESS, "-- " _GREEN_("%s"), str);
PrintAndLogEx(SUCCESS, "");
// same as CMK
str = (resp.data.asBytes[1] & (1 << 3)) ? "YES" : "NO";
PrintAndLogEx(SUCCESS, " 0x08 Configuration changeable : %s", str);
str = (resp.data.asBytes[1] & (1 << 2)) ? "NO" : "YES";
PrintAndLogEx(SUCCESS, " 0x04 AMK required for create/delete : %s", str);
str = (resp.data.asBytes[1] & (1 << 1)) ? "NO" : "YES";
PrintAndLogEx(SUCCESS, " 0x02 Directory list access with AMK : %s", str);
str = (resp.data.asBytes[1] & (1 << 0)) ? "YES" : "NO";
PrintAndLogEx(SUCCESS, " 0x01 AMK is changeable : %s", str);
} }
// KEY VERSION - AMK // KEY VERSION - AMK
{ uint8_t num_version = 0;
uint8_t data[] = {GET_KEY_VERSION, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x64 if (get_desfire_keyversion(0, &num_version) == PM3_SUCCESS) {
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, DISCONNECT, sizeof(data), 0, data, sizeof(data));
}
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return;
}
int numOfKeys;
isOK = resp.oldarg[0] & 0xff;
if (isOK == false) {
PrintAndLogEx(WARNING, " Can't read Application Master key version. Trying all keys");
//numOfKeys = MAX_NUM_KEYS;
} else {
numOfKeys = resp.data.asBytes[1];
PrintAndLogEx(SUCCESS, " Max number of keys : %d", numOfKeys);
PrintAndLogEx(SUCCESS, " Application Master key Version : %d (0x%02x)", resp.data.asBytes[3], resp.data.asBytes[3]);
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
PrintAndLogEx(INFO, " Application keys");
desfire_print_keyversion(0, num_version);
} else {
PrintAndLogEx(WARNING, " Can't read AID master key version. Trying all keys");
} }
// LOOP over numOfKeys that we got before.
// From 0x01 to numOfKeys. We already got 0x00. (AMK) // From 0x01 to numOfKeys. We already got 0x00. (AMK)
// TODO (iceman) num_keys &= 0x3F;
/* if (num_keys > 1) {
for (int i = 0x01; i <= 0x0f; ++i) { for (uint8_t i = 0x01; i < num_keys; ++i) {
if (get_desfire_keyversion(i, &num_version) == PM3_SUCCESS) {
desfire_print_keyversion(i, num_version);
} else {
PrintAndLogEx(WARNING, " Can't read key %d (0x%02x) version", i, i);
} }
*/ }
}
PrintAndLogEx(INFO, "-------------------------------------------------------------");
} }
DropField();
} }
static int CmdHF14ADesEnumApplications(const char *Cmd) { static int CmdHF14ADesEnumApplications(const char *Cmd) {
(void)Cmd; // Cmd is not used so far (void)Cmd; // Cmd is not used so far
uint8_t isOK = 0x00; // uint8_t isOK = 0x00;
uint8_t aid[3]; uint8_t aid[3];
{ uint8_t app_ids[78] = {0};
uint8_t data[] = {GET_APPLICATION_IDS, 0x00, 0x00, 0x00}; //0x6a uint8_t app_ids_len = 0;
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | CLEARTRACE | DISCONNECT, sizeof(data), 0, data, sizeof(data));
} uint8_t file_ids[33] = {0};
PacketResponseNG resp; uint8_t file_ids_len = 0;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { if (get_desfire_appids(app_ids, &app_ids_len) != PM3_SUCCESS) {
return PM3_ETIMEOUT; PrintAndLogEx(ERR, "Can't get list of applications on tag");
}
isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_("Command unsuccessful"));
return PM3_ESOFT; return PM3_ESOFT;
} }
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "-- Desfire Enumerate Applications ---------------------------"); PrintAndLogEx(INFO, "-- Mifare DESFire Enumerate applications --------------------");
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
PrintAndLogEx(SUCCESS, " Tag report " _GREEN_("%d") "application%c", app_ids_len / 3, (app_ids_len == 3) ? ' ' : 's');
for (int i = 0; i < app_ids_len; i += 3) {
// PacketResponseNG respAid; aid[0] = app_ids[i];
// PacketResponseNG respFiles; aid[1] = app_ids[i + 1];
aid[2] = app_ids[i + 2];
PrintAndLogEx(SUCCESS, " AID %d : " _GREEN_("%02X %02X %02X"), i, app_ids[i], app_ids[i+1], app_ids[i+2]);
uint8_t num = 0;
int max = resp.oldarg[1] - 3 - 2;
PrintAndLogEx(INFO," MAX %d", max);
for (int i = 1; i < max; i += 3) {
PrintAndLogEx(SUCCESS, " Aid %d : %02X %02X %02X ", num, resp.data.asBytes[i], resp.data.asBytes[i+1], resp.data.asBytes[i+2]);
num++;
aid[0] = resp.data.asBytes[i];
aid[1] = resp.data.asBytes[i + 1];
aid[2] = resp.data.asBytes[i + 2];
getKeySettings(aid); getKeySettings(aid);
/*
// Select Application
{
uint8_t data[] = {SELECT_APPLICATION, 0x00, 0x00, 0x03, aid[0], aid[1], aid[2], 0x00}; // 0x5a
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(data), 0, data, sizeof(data));
}
if (!WaitForResponseTimeout(CMD_ACK, &respAid, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
continue;
}
isOK = respAid.data.asBytes[2] & 0xff;
if (isOK != 0x00) {
PrintAndLogEx(WARNING, " Can't select AID: " _RED_("%s"), sprint_hex(resp.data.asBytes + i, 3));
continue;
}
// Get File IDs // Get File IDs
{ if (get_desfire_fileids(file_ids, &file_ids_len) == PM3_SUCCESS) {
uint8_t data[] = {GET_FILE_IDS, 0x00, 0x00, 0x00}; // 0x6f PrintAndLogEx(SUCCESS, " Tag report " _GREEN_("%d") "file%c", file_ids_len, (file_ids_len == 1) ? ' ' : 's');
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(data), 0, data, sizeof(data)); for (int i = 0; i < file_ids_len; ++i) {
} PrintAndLogEx(SUCCESS, " Fileid %d (0x%02x)", file_ids[i], file_ids[i]);
if (!WaitForResponseTimeout(CMD_ACK, &respFiles, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
continue;
} else {
isOK = respFiles.data.asBytes[2] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_(" Can't get file ids "));
} else {
int respfileLen = resp.oldarg[1] - 3 - 2;
for (int j = 0; j < respfileLen; ++j) {
PrintAndLogEx(SUCCESS, " Fileid %d :", resp.data.asBytes[j + 3]);
}
} }
} }
/*
// Get ISO File IDs // Get ISO File IDs
{ {
uint8_t data[] = {GET_ISOFILE_IDS, 0x00, 0x00, 0x00}; // 0x61 uint8_t data[] = {GET_ISOFILE_IDS, 0x00, 0x00, 0x00}; // 0x61
@ -530,11 +695,22 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
*/ */
} }
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");
DropField();
return PM3_SUCCESS; return PM3_SUCCESS;
} }
/*
uint8_t cmd[3 + 16] = {0xa8, 0x90, 0x90, 0x00};
int res = ExchangeRAW14a(cmd, sizeof(cmd), false, false, data, sizeof(data), &datalen, false);
if (!res && datalen > 1 && data[0] == 0x09) {
SLmode = 0;
}
*/
// MIAFRE DesFire Authentication
// MIAFRE DESFire Authentication
// //
#define BUFSIZE 256 #define BUFSIZE 256
static int CmdHF14ADesAuth(const char *Cmd) { static int CmdHF14ADesAuth(const char *Cmd) {