From a04d67e82866fe5775467071d6c236312b9fecc0 Mon Sep 17 00:00:00 2001 From: Ave Date: Thu, 17 Dec 2020 23:23:31 +0300 Subject: [PATCH] emrtd: Dump image when dumping EF_DG2 --- client/src/cmdhfemrtd.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 299f3e7c7..390b95866 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -704,6 +704,33 @@ static bool emrtd_select_and_read(uint8_t *dataout, int *dataoutlen, const char return true; } +static bool emrtd_dump_ef_dg2(uint8_t *file_contents, int file_length) { + uint8_t data[EMRTD_MAX_FILE_SIZE]; + int datalen = 0; + + // This is a hacky impl that just looks for the image header. I'll improve it eventually. + // based on mrpkey.py + // FF D8 FF E0 -> JPEG + // 00 00 00 0C 6A 50 -> JPEG 2000 + for (int i = 0; i < file_length - 6; i++) { + if ((file_contents[i] == 0xFF && file_contents[i + 1] == 0xD8 && file_contents[i + 2] == 0xFF && file_contents[i + 3] == 0xE0) || + (file_contents[i] == 0x00 && file_contents[i + 1] == 0x00 && file_contents[i + 2] == 0x00 && file_contents[i + 3] == 0x0C && file_contents[i + 4] == 0x6A && file_contents[i + 5] == 0x50)) { + datalen = file_length - i; + memcpy(data, file_contents + i, datalen); + break; + } + } + + // If we didn't get any data, return false. + if (datalen == 0) { + return false; + } + + saveFile("EF_DG2", ".jpg", data, datalen); + return true; +} + + static bool emrtd_dump_ef_dg5(uint8_t *file_contents, int file_length) { uint8_t data[EMRTD_MAX_FILE_SIZE]; int datalen = 0; @@ -741,7 +768,9 @@ static bool emrtd_dump_file(uint8_t *ks_enc, uint8_t *ks_mac, uint8_t *ssc, cons PrintAndLogEx(DEBUG, "Contents (may be incomplete over 2k chars): %s", sprint_hex_inrow(response, resplen)); saveFile(name, ".BIN", response, resplen); - if (strcmp(file, EMRTD_EF_DG5) == 0) { + if (strcmp(file, EMRTD_EF_DG2) == 0) { + emrtd_dump_ef_dg2(response, resplen); + } else if (strcmp(file, EMRTD_EF_DG5) == 0) { emrtd_dump_ef_dg5(response, resplen); } else if (strcmp(file, EMRTD_EF_SOD) == 0) { emrtd_dump_ef_sod(response, resplen);