github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #1379 from merlokk/desf_filesettings

Browse source 
Desfire get/set  file settings
This commit is contained in:
Oleg Moiseenko 2021-07-22 00:36:24 +03:00 committed by GitHub
commit 9625369fe0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 477 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

254
client/src/cmdhfmfdes.c
View file

@ -6114,6 +6114,252 @@ static int CmdHF14ADesGetFileISOIDs(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int CmdHF14ADesGetFileSettings(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf mfdes getfilesettings",
"Get File Settings from file from application. Master key needs to be provided or flag --no-auth set (depend on cards settings).",
"hf mfdes getfilesettings --aid 123456 --fid 01 -> execute with defaults from `default` command\n"
"hf mfdes getfilesettings -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup");
void *argtable[] = {
arg_param_begin,
arg_lit0("a", "apdu", "show APDU requests and responses"),
arg_lit0("v", "verbose", "show technical data"),
arg_int0("n", "keyno", "<keyno>", "Key number"),
arg_str0("t", "algo", "<DES/2TDEA/3TDEA/AES>", "Crypt algo: DES, 2TDEA, 3TDEA, AES"),
arg_str0("k", "key", "<Key>", "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"),
arg_str0("f", "kdf", "<none/AN10922/gallagher>", "Key Derivation Function (KDF): None, AN10922, Gallagher"),
arg_str0("i", "kdfi", "<kdfi>", "KDF input (HEX 1-31 bytes)"),
arg_str0("m", "cmode", "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
arg_str0("c", "ccset", "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
arg_str0("s", "schann", "<d40/ev1/ev2>", "Secure channel: d40/ev1/ev2"),
arg_str0(NULL, "aid", "<app id hex>", "Application ID (3 hex bytes, big endian)"),
arg_str0(NULL, "fid", "<file id hex>", "File ID (1 hex byte). default: 1"),
arg_lit0(NULL, "no-auth", "execute without authentication"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
bool APDULogging = arg_get_lit(ctx, 1);
bool verbose = arg_get_lit(ctx, 2);
bool noauth = arg_get_lit(ctx, 13);
DesfireContext dctx;
int securechann = defaultSecureChannel;
uint32_t appid = 0x000000;
int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMPlain, &appid);
if (res) {
CLIParserFree(ctx);
return res;
}
uint32_t fileid = 1;
res = arg_get_u32_hexstr_def_nlen(ctx, 12, 1, &fileid, 1, true);
if (res == 2) {
PrintAndLogEx(ERR, "File ID must have 1 byte length");
return PM3_EINVARG;
}
SetAPDULogging(APDULogging);
CLIParserFree(ctx);
if (noauth) {
res = DesfireSelectAIDHex(&dctx, appid, false, 0);
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
DropField();
return res;
}
} else {
res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose);
if (res != PM3_SUCCESS) {
DropField();
return res;
}
}
uint8_t buf[APDU_RES_LEN] = {0};
size_t buflen = 0;
res = DesfireGetFileSettings(&dctx, fileid, buf, &buflen);
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire GetFileSettings command " _RED_("error") ". Result: %d", res);
DropField();
return PM3_ESOFT;
}
if (verbose)
PrintAndLogEx(INFO, "app %06x file %02x settings[%d]: %s", appid, fileid, buflen, sprint_hex(buf, buflen));
DesfirePrintFileSettings(buf, buflen);
DropField();
return PM3_SUCCESS;
}
static int CmdHF14ADesChFileSettings(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf mfdes chfilesettings",
"Get File Settings from file from application. Master key needs to be provided or flag --no-auth set (depend on cards settings).",
"hf mfdes chfilesettings --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 -> change file settings app=123456, file=01 with defaults from `default` command\n"
"hf mfdes chfilesettings -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -rawdata 00EEEE -> execute with default factory setup\n"
"hf mfdes chfilesettings --aid 123456 --fid 01 --rawdata 810000021f112f22 -> change file settings with additional rights for keys 1 and 2");
void *argtable[] = {
arg_param_begin,
arg_lit0("a", "apdu", "show APDU requests and responses"),
arg_lit0("v", "verbose", "show technical data"),
arg_int0("n", "keyno", "<keyno>", "Key number"),
arg_str0("t", "algo", "<DES/2TDEA/3TDEA/AES>", "Crypt algo: DES, 2TDEA, 3TDEA, AES"),
arg_str0("k", "key", "<Key>", "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"),
arg_str0("f", "kdf", "<none/AN10922/gallagher>", "Key Derivation Function (KDF): None, AN10922, Gallagher"),
arg_str0("i", "kdfi", "<kdfi>", "KDF input (HEX 1-31 bytes)"),
arg_str0("m", "cmode", "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
arg_str0("c", "ccset", "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
arg_str0("s", "schann", "<d40/ev1/ev2>", "Secure channel: d40/ev1/ev2"),
arg_str0(NULL, "aid", "<app id hex>", "Application ID (3 hex bytes, big endian)"),
arg_str0(NULL, "fid", "<file id hex>", "File ID (1 hex byte)"),
arg_str0(NULL, "rawdata", "<file settings HEX>", "File settings (HEX > 5 bytes)"),
arg_str0(NULL, "amode", "<plain/mac/encrypt>", "File access mode: plain/mac/encrypt"),
arg_str0(NULL, "rrights", "<key0/../key13/free/deny>", "Read file access mode: the specified key, free, deny"),
arg_str0(NULL, "wrights", "<key0/../key13/free/deny>", "Write file access mode: the specified key, free, deny"),
arg_str0(NULL, "rwrights","<key0/../key13/free/deny>", "Read/Write file access mode: the specified key, free, deny"),
arg_str0(NULL, "chrights","<key0/../key13/free/deny>", "Change file settings access mode: the specified key, free, deny"),
arg_lit0(NULL, "no-auth", "execute without authentication"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
bool APDULogging = arg_get_lit(ctx, 1);
bool verbose = arg_get_lit(ctx, 2);
bool noauth = arg_get_lit(ctx, 19);
DesfireContext dctx;
int securechann = defaultSecureChannel;
uint32_t appid = 0x000000;
int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMEncrypted, &appid);
if (res) {
CLIParserFree(ctx);
return res;
}
uint32_t fileid = 1;
res = arg_get_u32_hexstr_def_nlen(ctx, 12, 1, &fileid, 1, true);
if (res == 2) {
PrintAndLogEx(ERR, "File ID must have 1 byte length");
return PM3_EINVARG;
}
uint8_t data[250] = {0x01, 0x00, 0xee, 0xee};
uint8_t *settings = &data[1];
int settingslen = 3;
uint8_t sdata[250] = {0};
int sdatalen = sizeof(sdata);
CLIGetHexWithReturn(ctx, 13, sdata, &sdatalen);
if (sdatalen > 18) {
PrintAndLogEx(ERR, "File settings length must be less than 18 instead of %d.", settingslen);
return PM3_EINVARG;
}
// rawdata have priority over all the rest methods
if (sdatalen > 0) {
memcpy(settings, sdata, sdatalen);
settingslen = sdatalen;
} else {
int cmode = DCMNone;
if (CLIGetOptionList(arg_get_str(ctx, 14), DesfireCommunicationModeOpts, &cmode))
return PM3_ESOFT;
if (cmode == DCMPlain)
settings[0] = 0x00;
if (cmode == DCMMACed)
settings[0] = 0x01;
if (cmode == DCMEncrypted)
settings[0] = 0x03;
int r_mode = 0x0e;
if (CLIGetOptionList(arg_get_str(ctx, 15), DesfireFileAccessModeOpts, &r_mode))
return PM3_ESOFT;
int w_mode = 0x0e;
if (CLIGetOptionList(arg_get_str(ctx, 16), DesfireFileAccessModeOpts, &w_mode))
return PM3_ESOFT;
int rw_mode = 0x0e;
if (CLIGetOptionList(arg_get_str(ctx, 17), DesfireFileAccessModeOpts, &rw_mode))
return PM3_ESOFT;
int ch_mode = 0x0e;
if (CLIGetOptionList(arg_get_str(ctx, 18), DesfireFileAccessModeOpts, &ch_mode))
return PM3_ESOFT;
settings[1] = ((rw_mode & 0x0f) << 4) | (ch_mode & 0x0f);
settings[2] = ((r_mode & 0x0f) << 4) | (w_mode & 0x0f);
}
SetAPDULogging(APDULogging);
CLIParserFree(ctx);
if (noauth) {
res = DesfireSelectAIDHex(&dctx, appid, false, 0);
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
DropField();
return res;
}
} else {
res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose);
if (res != PM3_SUCCESS) {
DropField();
return res;
}
}
uint8_t buf[APDU_RES_LEN] = {0};
size_t buflen = 0;
// check current file settings
DesfireCommunicationMode commMode = dctx.commMode;
DesfireSetCommMode(&dctx, DCMPlain);
res = DesfireGetFileSettings(&dctx, fileid, buf, &buflen);
if (res == PM3_SUCCESS && buflen > 5) {
uint8_t chright = buf[2] & 0x0f;
if (verbose)
PrintAndLogEx(INFO, "Current access right for change file settings: %s", GetDesfireAccessRightStr(chright));
if (chright == 0x0f)
PrintAndLogEx(WARNING, "Change file settings disabled");
if (chright == 0x0e && (!(commMode == DCMPlain || commMode == DCMMACed || noauth)))
PrintAndLogEx(WARNING, "File settings have free access for change. Change command must be sent via plain communications mode or without authentication (--no-auth option)");
if (chright < 0x0e && dctx.keyNum != chright)
PrintAndLogEx(WARNING, "File settings must be changed with auth key=0x%02x but current auth with key 0x%02x", chright, dctx.keyNum);
if (chright < 0x0e && commMode != DCMEncrypted)
PrintAndLogEx(WARNING, "File settings must be changed via encryted (full) communication mode");
}
DesfireSetCommMode(&dctx, commMode);
// print the new file settings
if (verbose)
PrintAndLogEx(INFO, "app %06x file %02x settings[%d]: %s", appid, fileid, settingslen, sprint_hex(settings, settingslen));
DesfirePrintSetFileSettings(settings, settingslen);
// set file settings
data[0] = fileid;
res = DesfireChangeFileSettings(&dctx, data, settingslen + 1);
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire ChangeFileSettings command " _RED_("error") ". Result: %d", res);
DropField();
return PM3_ESOFT;
}
PrintAndLogEx(SUCCESS, "File settings changed " _GREEN_("successfully"));
DropField();
return PM3_SUCCESS;
}
static int CmdHF14ADesTest(const char *Cmd) { static int CmdHF14ADesTest(const char *Cmd) {
DesfireTest(true); DesfireTest(true);
return PM3_SUCCESS; return PM3_SUCCESS;
@ -6149,12 +6395,14 @@ static command_t CommandTable[] = {
{"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("Files") " -----------------------"}, {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("Files") " -----------------------"},
{"getfileids", CmdHF14ADesGetFileIDs, IfPm3Iso14443a, "[new]Get File IDs list"}, {"getfileids", CmdHF14ADesGetFileIDs, IfPm3Iso14443a, "[new]Get File IDs list"},
{"getfileisoids", CmdHF14ADesGetFileISOIDs, IfPm3Iso14443a, "[new]Get File ISO IDs list"}, {"getfileisoids", CmdHF14ADesGetFileISOIDs, IfPm3Iso14443a, "[new]Get File ISO IDs list"},
{"getfilesettings", CmdHF14ADesGetFileSettings, IfPm3Iso14443a, "[new]Get file settings"},
{"chfilesettings", CmdHF14ADesChFileSettings, IfPm3Iso14443a, "[new]Change file settings"},
{"changevalue", CmdHF14ADesChangeValue, IfPm3Iso14443a, "Write value of a value file (credit/debit/clear)"}, {"changevalue", CmdHF14ADesChangeValue, IfPm3Iso14443a, "Write value of a value file (credit/debit/clear)"},
{"clearfile", CmdHF14ADesClearRecordFile, IfPm3Iso14443a, "Clear record File"}, {"clearfile", CmdHF14ADesClearRecordFile, IfPm3Iso14443a, "Clear record File"},
{"createfile", CmdHF14ADesCreateFile, IfPm3Iso14443a, "Create Standard/Backup File"}, {"createfile", CmdHF14ADesCreateFile, IfPm3Iso14443a, "Create Standard/Backup File"},
{"createvaluefile", CmdHF14ADesCreateValueFile, IfPm3Iso14443a, "Create Value File"}, {"createvaluefile", CmdHF14ADesCreateValueFile, IfPm3Iso14443a, "Create Value File"},
{"createrecordfile", CmdHF14ADesCreateRecordFile, IfPm3Iso14443a, "Create Linear/Cyclic Record File"}, {"createrecordfile", CmdHF14ADesCreateRecordFile, IfPm3Iso14443a, "Create Linear/Cyclic Record File"},
{"deletefile", CmdHF14ADesDeleteFile, IfPm3Iso14443a, "Create Delete File"}, {"deletefile", CmdHF14ADesDeleteFile, IfPm3Iso14443a, "Delete File"},
{"dump", CmdHF14ADesDump, IfPm3Iso14443a, "Dump all files"}, {"dump", CmdHF14ADesDump, IfPm3Iso14443a, "Dump all files"},
{"getvalue", CmdHF14ADesGetValueData, IfPm3Iso14443a, "Get value of file"}, {"getvalue", CmdHF14ADesGetValueData, IfPm3Iso14443a, "Get value of file"},
{"read", CmdHF14ADesReadData, IfPm3Iso14443a, "Read data from standard/backup/record file"}, {"read", CmdHF14ADesReadData, IfPm3Iso14443a, "Read data from standard/backup/record file"},
@ -6178,10 +6426,6 @@ int CmdHFMFDes(const char *Cmd) {
/* /*
ToDo: ToDo:
Native Cmds
-----------
ChangeFileSettings
ISO/IEC 7816 Cmds ISO/IEC 7816 Cmds
----------------- -----------------
'A4' Select 'A4' Select

195
client/src/mifare/desfirecore.c
View file

@ -74,6 +74,27 @@ const CLIParserOption DesfireSecureChannelOpts[] = {
}; };
const size_t DesfireSecureChannelOptsLen = ARRAY_LENGTH(DesfireSecureChannelOpts); const size_t DesfireSecureChannelOptsLen = ARRAY_LENGTH(DesfireSecureChannelOpts);
const CLIParserOption DesfireFileAccessModeOpts[] = {
{0x00, "key0"},
{0x01, "key1"},
{0x02, "key2"},
{0x03, "key3"},
{0x04, "key4"},
{0x05, "key5"},
{0x06, "key6"},
{0x07, "key7"},
{0x08, "key8"},
{0x09, "key9"},
{0x0a, "key10"},
{0x0b, "key11"},
{0x0c, "key12"},
{0x0d, "key13"},
{0x0e, "free"},
{0x0f, "deny"},
{0, NULL},
};
static const char *getstatus(uint16_t *sw) { static const char *getstatus(uint16_t *sw) {
if (sw == NULL) return "--> sw argument error. This should never happen !"; if (sw == NULL) return "--> sw argument error. This should never happen !";
if (((*sw >> 8) & 0xFF) == 0x91) { if (((*sw >> 8) & 0xFF) == 0x91) {
@ -1013,6 +1034,10 @@ int DesfireSetConfigurationCmd(DesfireContext *dctx, uint8_t *data, size_t len,
return DesfireCommand(dctx, MFDES_CHANGE_CONFIGURATION, data, len, resp, resplen, -1); return DesfireCommand(dctx, MFDES_CHANGE_CONFIGURATION, data, len, resp, resplen, -1);
} }
int DesfireChangeFileSettings(DesfireContext *dctx, uint8_t *data, size_t datalen) {
return DesfireCommandTxData(dctx, MFDES_CHANGE_FILE_SETTINGS, data, datalen);
}
int DesfireGetFileIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen) { int DesfireGetFileIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen) {
return DesfireCommandRxData(dctx, MFDES_GET_FILE_IDS, resp, resplen, -1); return DesfireCommandRxData(dctx, MFDES_GET_FILE_IDS, resp, resplen, -1);
} }
@ -1021,6 +1046,9 @@ int DesfireGetFileISOIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen
return DesfireCommandRxData(dctx, MFDES_GET_ISOFILE_IDS, resp, resplen, -1); return DesfireCommandRxData(dctx, MFDES_GET_ISOFILE_IDS, resp, resplen, -1);
} }
int DesfireGetFileSettings(DesfireContext *dctx, uint8_t fileid, uint8_t *resp, size_t *resplen) {
return DesfireCommand(dctx, MFDES_GET_FILE_SETTINGS, &fileid, 1, resp, resplen, -1);
}
int DesfireCreateFile(DesfireContext *dctx, uint8_t *fdata, size_t fdatalen) { int DesfireCreateFile(DesfireContext *dctx, uint8_t *fdata, size_t fdatalen) {
return DesfireCommandTxData(dctx, MFDES_CREATE_STD_DATA_FILE, fdata, fdatalen); return DesfireCommandTxData(dctx, MFDES_CREATE_STD_DATA_FILE, fdata, fdatalen);
} }
@ -1117,6 +1145,173 @@ void PrintKeySettings(uint8_t keysettings, uint8_t numkeys, bool applevel, bool
PrintKeySettingsPICC(keysettings, numkeys, print2ndbyte); PrintKeySettingsPICC(keysettings, numkeys, print2ndbyte);
} }
static const char *DesfireUnknownStr = "unknown";
static const char *DesfireDisabledStr = "disabled";
static const char *DesfireFreeStr = "free";
static const char *DesfireFileTypes[] = {
"Standard data",
"Backup data",
"Value",
"Linear Record",
"Cyclic Record",
"Transaction MAC",
};
static const char *GetDesfireFileType(uint8_t type) {
if (type < ARRAYLEN(DesfireFileTypes))
return DesfireFileTypes[type];
else
return DesfireUnknownStr;
}
static const char *DesfireCommunicationModes[] = {
"Plain",
"MAC",
"Plain rfu",
"Full",
};
static const char *GetDesfireCommunicationMode(uint8_t mode) {
if (mode < ARRAYLEN(DesfireCommunicationModes))
return DesfireCommunicationModes[mode];
else
return DesfireUnknownStr;
}
static const char *DesfireKeyTypeStr[] = {
"2tdea",
"3tdea",
"aes",
"rfu",
};
static const char *GetDesfireKeyType(uint8_t keytype) {
if (keytype < ARRAYLEN(DesfireKeyTypeStr))
return DesfireKeyTypeStr[keytype];
else
return DesfireUnknownStr;
}
const char *GetDesfireAccessRightStr(uint8_t right) {
static char int_access_str[200];
memset(int_access_str, 0, sizeof(int_access_str));
if (right > 0x0f)
return DesfireUnknownStr;
if (right <= 0x0d) {
sprintf(int_access_str, "key 0x%02x", right);
return int_access_str;
}
if (right == 0x0e)
return DesfireFreeStr;
if (right == 0x0f)
return DesfireDisabledStr;
return DesfireUnknownStr;
}
void DesfirePrintAccessRight(uint8_t *data) {
PrintAndLogEx(SUCCESS, "read : %s", GetDesfireAccessRightStr((data[1] >> 4) & 0x0f)); // hi 2b
PrintAndLogEx(SUCCESS, "write : %s", GetDesfireAccessRightStr(data[1] & 0x0f));
PrintAndLogEx(SUCCESS, "readwrite: %s", GetDesfireAccessRightStr((data[0] >> 4) & 0x0f)); // low 2b
PrintAndLogEx(SUCCESS, "change : %s", GetDesfireAccessRightStr(data[0] & 0x0f));
}
void DesfirePrintFileSettings(uint8_t *data, size_t len) {
if (len < 6) {
PrintAndLogEx(ERR, "Wrong file settings length: %d", len);
return;
}
uint8_t filetype = data[0];
PrintAndLogEx(INFO, "---- " _CYAN_("File settings") " ----");
PrintAndLogEx(SUCCESS, "File type [0x%02x] : %s file", filetype, GetDesfireFileType(filetype));
PrintAndLogEx(SUCCESS, "File comm mode : %s", GetDesfireCommunicationMode(data[1] & 0x03));
bool addaccess = false;
if (filetype != 0x05) {
addaccess = ((data[1] & 0x80) != 0);
PrintAndLogEx(SUCCESS, "Additional access: %s", (addaccess) ? "Yes" : "No");
}
PrintAndLogEx(SUCCESS, "Access rights : %02x%02x", data[2], data[3]);
DesfirePrintAccessRight(&data[2]); //2 bytes
uint8_t reclen = 0;
switch (filetype) {
case 0x00:
case 0x01: {
int filesize = (data[6] << 16) + (data[5] << 8) + data[4];
PrintAndLogEx(INFO, "File size : %d (0x%X) bytes", filesize, filesize);
reclen = 7;
break;
}
case 0x02: {
int lowerlimit = (data[7] << 24) + (data[6] << 16) + (data[5] << 8) + data[4];
int upperlimit = (data[11] << 24) + (data[10] << 16) + (data[9] << 8) + data[8];
int limitcredvalue = (data[15] << 24) + (data[14] << 16) + (data[13] << 8) + data[12];
uint8_t limited_credit_enabled = data[16];
PrintAndLogEx(INFO, "Lower limit : %d (0x%X)", lowerlimit, lowerlimit);
PrintAndLogEx(INFO, "Upper limit : %d (0x%X)", upperlimit, upperlimit);
PrintAndLogEx(INFO, "Limited credit : [%d - %s] %d (0x%X)", limited_credit_enabled, (limited_credit_enabled == 1) ? "enabled" : "disabled", limitcredvalue, limitcredvalue);
reclen = 17;
break;
}
case 0x03:
case 0x04: {
uint32_t recordsize = (data[6] << 16) + (data[5] << 8) + data[4];
uint32_t maxrecords = (data[9] << 16) + (data[8] << 8) + data[7];
uint32_t currentrecord = (data[12] << 16) + (data[11] << 8) + data[10];
PrintAndLogEx(INFO, "Record size : %d (0x%X) bytes", recordsize, recordsize);
PrintAndLogEx(INFO, "Max num records : %d (0x%X)", maxrecords, maxrecords);
PrintAndLogEx(INFO, "Curr num records : %d (0x%X)", currentrecord, currentrecord);
reclen = 13;
break;
}
case 0x05: {
PrintAndLogEx(INFO, "Key type [0x%02x] : %s", data[4], GetDesfireKeyType(data[4]));
PrintAndLogEx(INFO, "Key version : %d (0x%X)", data[5], data[5]);
break;
}
default: {
break;
}
}
if (addaccess && reclen > 0 && len > reclen && len == reclen + data[reclen] * 2) {
PrintAndLogEx(SUCCESS, "Add access records: %d", data[reclen]);
for (int i = 0; i < data[reclen] * 2; i += 2) {
PrintAndLogEx(SUCCESS, "Add access rights : [%d] %02x%02x", i / 2, data[reclen + 1 + i], data[reclen + 2 + i]);
DesfirePrintAccessRight(&data[reclen + 1 + i]);
}
}
}
void DesfirePrintSetFileSettings(uint8_t *data, size_t len) {
PrintAndLogEx(INFO, "---- " _CYAN_("Set file settings") " ----");
PrintAndLogEx(SUCCESS, "File comm mode : %s", GetDesfireCommunicationMode(data[0] & 0x03));
bool addaccess = ((data[0] & 0x80) != 0);
PrintAndLogEx(SUCCESS, "Additional access: %s", (addaccess) ? "Yes" : "No");
PrintAndLogEx(SUCCESS, "Access rights : %02x%02x", data[1], data[2]);
DesfirePrintAccessRight(&data[1]); //2 bytes
if (addaccess && len > 3 && len == 4 + data[3] * 2) {
PrintAndLogEx(SUCCESS, "Add access records: %d", data[3]);
for (int i = 0; i < data[3] * 2; i += 2) {
PrintAndLogEx(SUCCESS, "Add access rights : [%d] %02x%02x", i / 2, data[4 + i], data[5 + i]);
DesfirePrintAccessRight(&data[4 + i]);
}
}
}
int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newkeynum, DesfireCryptoAlgorythm newkeytype, uint32_t newkeyver, uint8_t *newkey, DesfireCryptoAlgorythm oldkeytype, uint8_t *oldkey, bool verbose) { int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newkeynum, DesfireCryptoAlgorythm newkeytype, uint32_t newkeyver, uint8_t *newkey, DesfireCryptoAlgorythm oldkeytype, uint8_t *oldkey, bool verbose) {
uint8_t okeybuf[DESFIRE_MAX_KEY_SIZE] = {0}; uint8_t okeybuf[DESFIRE_MAX_KEY_SIZE] = {0};

7
client/src/mifare/desfirecore.h
View file

@ -24,6 +24,7 @@ extern const CLIParserOption DesfireKDFAlgoOpts[];
extern const CLIParserOption DesfireCommunicationModeOpts[]; extern const CLIParserOption DesfireCommunicationModeOpts[];
extern const CLIParserOption DesfireCommandSetOpts[]; extern const CLIParserOption DesfireCommandSetOpts[];
extern const CLIParserOption DesfireSecureChannelOpts[]; extern const CLIParserOption DesfireSecureChannelOpts[];
extern const CLIParserOption DesfireFileAccessModeOpts[];
const char *DesfireGetErrorString(int res, uint16_t *sw); const char *DesfireGetErrorString(int res, uint16_t *sw);
uint32_t DesfireAIDByteToUint(uint8_t *data); uint32_t DesfireAIDByteToUint(uint8_t *data);
@ -63,6 +64,12 @@ int DesfireSetConfiguration(DesfireContext *dctx, uint8_t paramid, uint8_t *para
int DesfireGetFileIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen); int DesfireGetFileIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen);
int DesfireGetFileISOIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen); int DesfireGetFileISOIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen);
int DesfireGetFileSettings(DesfireContext *dctx, uint8_t fileid, uint8_t *resp, size_t *resplen);
int DesfireChangeFileSettings(DesfireContext *dctx, uint8_t *data, size_t datalen);
const char *GetDesfireAccessRightStr(uint8_t right);
void DesfirePrintAccessRight(uint8_t *data);
void DesfirePrintFileSettings(uint8_t *data, size_t len);
void DesfirePrintSetFileSettings(uint8_t *data, size_t len);
int DesfireCreateFile(DesfireContext *dctx, uint8_t *fdata, size_t fdatalen); int DesfireCreateFile(DesfireContext *dctx, uint8_t *fdata, size_t fdatalen);
int DesfireDeleteFile(DesfireContext *dctx, uint8_t fid); int DesfireDeleteFile(DesfireContext *dctx, uint8_t fid);

30
client/src/mifare/desfiresecurechan.c
View file

@ -52,6 +52,7 @@ AllowedChannelModesS AllowedChannelModes[] = {
{MFDES_GET_UID, DACd40, DCCNative, DCMEncrypted}, {MFDES_GET_UID, DACd40, DCCNative, DCMEncrypted},
{MFDES_CHANGE_KEY_SETTINGS, DACd40, DCCNative, DCMEncrypted}, {MFDES_CHANGE_KEY_SETTINGS, DACd40, DCCNative, DCMEncrypted},
{MFDES_CHANGE_FILE_SETTINGS, DACd40, DCCNative, DCMEncrypted},
{MFDES_READ_DATA, DACd40, DCCNative, DCMEncrypted}, {MFDES_READ_DATA, DACd40, DCCNative, DCMEncrypted},
{MFDES_WRITE_DATA, DACd40, DCCNative, DCMEncrypted}, {MFDES_WRITE_DATA, DACd40, DCCNative, DCMEncrypted},
@ -69,20 +70,30 @@ AllowedChannelModesS AllowedChannelModes[] = {
{MFDES_FORMAT_PICC, DACEV1, DCCNative, DCMMACed}, {MFDES_FORMAT_PICC, DACEV1, DCCNative, DCMMACed},
{MFDES_GET_FILE_IDS, DACEV1, DCCNative, DCMMACed}, {MFDES_GET_FILE_IDS, DACEV1, DCCNative, DCMMACed},
{MFDES_GET_ISOFILE_IDS, DACEV1, DCCNative, DCMMACed}, {MFDES_GET_ISOFILE_IDS, DACEV1, DCCNative, DCMMACed},
{MFDES_GET_FILE_SETTINGS, DACEV1, DCCNative, DCMMACed},
{MFDES_GET_UID, DACEV1, DCCNative, DCMEncrypted}, {MFDES_GET_UID, DACEV1, DCCNative, DCMEncrypted},
{MFDES_CHANGE_KEY_SETTINGS, DACEV1, DCCNative, DCMEncrypted}, {MFDES_CHANGE_KEY_SETTINGS, DACEV1, DCCNative, DCMEncrypted},
{MFDES_CHANGE_FILE_SETTINGS, DACEV1, DCCNative, DCMEncrypted},
{MFDES_CHANGE_KEY, DACEV1, DCCNative, DCMEncryptedPlain}, {MFDES_CHANGE_KEY, DACEV1, DCCNative, DCMEncryptedPlain},
{MFDES_CHANGE_KEY_EV2, DACEV1, DCCNative, DCMEncryptedPlain}, {MFDES_CHANGE_KEY_EV2, DACEV1, DCCNative, DCMEncryptedPlain},
}; };
static uint8_t DesfireGetCmdHeaderLen(uint8_t cmd) { #define CMD_HEADER_LEN_ALL 0xffff
if (cmd == MFDES_CHANGE_KEY || cmd == MFDES_CHANGE_CONFIGURATION) CmdHeaderLengthsS CmdHeaderLengths[] = {
return 1; {MFDES_CREATE_APPLICATION, CMD_HEADER_LEN_ALL},
{MFDES_DELETE_APPLICATION, CMD_HEADER_LEN_ALL},
{MFDES_CHANGE_KEY, 1},
{MFDES_CHANGE_KEY_EV2, 2},
{MFDES_CHANGE_CONFIGURATION, 1},
{MFDES_CHANGE_FILE_SETTINGS, 1},
};
if (cmd == MFDES_CHANGE_KEY_EV2) static uint8_t DesfireGetCmdHeaderLen(uint8_t cmd) {
return 2; for (int i = 0; i < ARRAY_LENGTH(CmdHeaderLengths); i++)
if (CmdHeaderLengths[i].cmd == cmd)
return CmdHeaderLengths[i].len;
return 0; return 0;
} }
@ -160,19 +171,20 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint
*dstdatalen = srcdatalen + DesfireGetMACLength(ctx); *dstdatalen = srcdatalen + DesfireGetMACLength(ctx);
} }
} else if (ctx->commMode == DCMEncrypted) { } else if (ctx->commMode == DCMEncrypted) {
rlen = padded_data_length(srcdatalen + 4, desfire_get_key_block_length(ctx->keyType)); rlen = padded_data_length(srcdatalen + 4 - hdrlen, desfire_get_key_block_length(ctx->keyType));
data[0] = cmd; data[0] = cmd;
memcpy(&data[1], srcdata, srcdatalen); memcpy(&data[1], srcdata, srcdatalen);
desfire_crc32_append(data, srcdatalen + 1); desfire_crc32_append(data, srcdatalen + 1);
DesfireCryptoEncDec(ctx, true, &data[1], rlen, dstdata, true); memcpy(dstdata, srcdata, hdrlen);
DesfireCryptoEncDec(ctx, true, &data[1 + hdrlen], rlen, &dstdata[hdrlen], true);
*dstdatalen = rlen; *dstdatalen = hdrlen + rlen;
} else if (ctx->commMode == DCMEncryptedPlain) { } else if (ctx->commMode == DCMEncryptedPlain) {
if (srcdatalen == 0 || srcdatalen <= hdrlen) if (srcdatalen == 0 || srcdatalen <= hdrlen)
return; return;
memcpy(&dstdata[0], srcdata, hdrlen); memcpy(dstdata, srcdata, hdrlen);
memcpy(data, &srcdata[hdrlen], srcdatalen); memcpy(data, &srcdata[hdrlen], srcdatalen);
rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType)); rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType));
DesfireCryptoEncDec(ctx, true, data, rlen, &dstdata[hdrlen], true); DesfireCryptoEncDec(ctx, true, data, rlen, &dstdata[hdrlen], true);

5
client/src/mifare/desfiresecurechan.h
View file

@ -26,6 +26,11 @@ typedef struct {
DesfireCommunicationMode commMode; DesfireCommunicationMode commMode;
} AllowedChannelModesS; } AllowedChannelModesS;
typedef struct {
uint8_t cmd;
uint32_t len;
} CmdHeaderLengthsS;
void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen); void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen);
void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen); void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen);