github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-26 08:05:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

emrtd: Clean up secure select file

Browse source
This commit is contained in:
Ave 2020-12-11 21:14:47 +03:00
commit 831672be20
1 changed files with 11 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

24
client/src/cmdhfemrtd.c
View file

@ -349,13 +349,11 @@ static int secure_select_file(uint8_t *kenc, uint8_t *kmac, uint8_t *ssc, uint8_
uint8_t response[PM3_CMD_DATA_SIZE]; uint8_t response[PM3_CMD_DATA_SIZE];
int resplen = 0; int resplen = 0;
// TODO: fix sizes
uint8_t iv[8] = { 0x00 }; uint8_t iv[8] = { 0x00 };
char command[200]; char command[54];
uint8_t cmd[200]; uint8_t cmd[8];
uint8_t data[100]; uint8_t data[21];
uint8_t temp[100] = {0x0c, 0xa4, 0x02, 0x0c}; uint8_t temp[8] = {0x0c, 0xa4, 0x02, 0x0c};
uint8_t temp_2[100];
PrintAndLogEx(DEBUG, "keyenc: %s", sprint_hex_inrow(kenc, 16)); PrintAndLogEx(DEBUG, "keyenc: %s", sprint_hex_inrow(kenc, 16));
PrintAndLogEx(DEBUG, "keymac: %s", sprint_hex_inrow(kmac, 16)); PrintAndLogEx(DEBUG, "keymac: %s", sprint_hex_inrow(kmac, 16));
@ -365,23 +363,23 @@ static int secure_select_file(uint8_t *kenc, uint8_t *kmac, uint8_t *ssc, uint8_
PrintAndLogEx(DEBUG, "cmd: %s", sprint_hex_inrow(cmd, cmdlen)); PrintAndLogEx(DEBUG, "cmd: %s", sprint_hex_inrow(cmd, cmdlen));
PrintAndLogEx(DEBUG, "data: %s", sprint_hex_inrow(data, datalen)); PrintAndLogEx(DEBUG, "data: %s", sprint_hex_inrow(data, datalen));
des3_encrypt_cbc(iv, kenc, data, datalen, temp_2); des3_encrypt_cbc(iv, kenc, data, datalen, temp);
PrintAndLogEx(DEBUG, "temp_2: %s", sprint_hex_inrow(temp_2, datalen)); PrintAndLogEx(DEBUG, "temp: %s", sprint_hex_inrow(temp, datalen));
uint8_t do87[103] = {0x87, 0x09, 0x01}; uint8_t do87[11] = {0x87, 0x09, 0x01};
memcpy(do87 + 3, temp_2, datalen); memcpy(do87 + 3, temp, datalen);
PrintAndLogEx(DEBUG, "do87: %s", sprint_hex_inrow(do87, datalen + 3)); PrintAndLogEx(DEBUG, "do87: %s", sprint_hex_inrow(do87, datalen + 3));
uint8_t m[153]; uint8_t m[19];
memcpy(m, cmd, cmdlen); memcpy(m, cmd, cmdlen);
memcpy(m + cmdlen, do87, (datalen + 3)); memcpy(m + cmdlen, do87, (datalen + 3));
PrintAndLogEx(DEBUG, "m: %s", sprint_hex_inrow(m, datalen + cmdlen + 3)); PrintAndLogEx(DEBUG, "m: %s", sprint_hex_inrow(m, datalen + cmdlen + 3));
// this is hacky // TODO: this is hacky
PrintAndLogEx(DEBUG, "ssc-b: %s", sprint_hex_inrow(ssc, 8)); PrintAndLogEx(DEBUG, "ssc-b: %s", sprint_hex_inrow(ssc, 8));
(*(ssc + 7)) += 1; (*(ssc + 7)) += 1;
PrintAndLogEx(DEBUG, "ssc-a: %s", sprint_hex_inrow(ssc, 8)); PrintAndLogEx(DEBUG, "ssc-a: %s", sprint_hex_inrow(ssc, 8));
uint8_t n[161]; uint8_t n[27];
memcpy(n, ssc, 8); memcpy(n, ssc, 8);
memcpy(n + 8, m, (cmdlen + datalen + 3)); memcpy(n + 8, m, (cmdlen + datalen + 3));
PrintAndLogEx(DEBUG, "n: %s", sprint_hex_inrow(n, (cmdlen + datalen + 11))); PrintAndLogEx(DEBUG, "n: %s", sprint_hex_inrow(n, (cmdlen + datalen + 11)));