From a5f18cc58b1a53ce338965b5d2eda8694064d2c8 Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Mon, 26 Jul 2021 19:45:37 +0300
Subject: [PATCH] clear record file

---
 client/src/cmdhfmfdes.c         | 159 +++++++++++++++++---------------
 client/src/mifare/desfirecore.c |   4 +
 client/src/mifare/desfirecore.h |   3 +-
 3 files changed, 89 insertions(+), 77 deletions(-)

diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c
index 3a1e77276..8d0af47ee 100644
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@@ -1830,29 +1830,6 @@ static int handler_desfire_writedata(mfdes_data_t *data, MFDES_FILE_TYPE_T type,
     return res;
 }
 
-static int handler_desfire_clear_record_file(uint8_t file_no) {
-    if (file_no > 0x1F)
-        return PM3_EINVARG;
-
-    sAPDU apdu = {0x90, MFDES_CLEAR_RECORD_FILE, 0x00, 0x00, 1, &file_no}; // 0xEB
-    uint16_t sw = 0;
-    uint32_t recvlen = 0;
-    int res = send_desfire_cmd(&apdu, false, NULL, &recvlen, &sw, 0, true);
-    if (res != PM3_SUCCESS) {
-        PrintAndLogEx(WARNING, _RED_("   Can't clear record file -> %s"), DesfireGetErrorString(res, &sw));
-        DropFieldDesfire();
-        return res;
-    } else {
-        res = handler_desfire_commit_transaction();
-        if (res != PM3_SUCCESS) {
-            PrintAndLogEx(WARNING, _RED_("   Can't commit transaction -> %s"), DesfireGetErrorString(res, &sw));
-            DropFieldDesfire();
-            return res;
-        }
-    }
-    return res;
-}
-
 static int getKeySettings(uint8_t *aid) {
     if (aid == NULL) return PM3_EINVARG;
 
@@ -2096,58 +2073,6 @@ static int selectfile(uint8_t *aid, uint8_t fileno, uint8_t *cs) {
     return res;
 }
 
-static int CmdHF14ADesClearRecordFile(const char *Cmd) {
-    CLIParserContext *ctx;
-    CLIParserInit(&ctx, "hf mfdes clearfile",
-                  "Clear record file\nMake sure to select aid or authenticate aid before running this command.",
-                  "hf mfdes clearfile -n 01"
-                 );
-
-    void *argtable[] = {
-        arg_param_begin,
-        arg_int0("n", "fileno", "<dec>", "File Number (0 - 31)"),
-        arg_strx0("a", "aid",   "<hex>", "App ID to select as hex bytes (3 bytes, big endian)"),
-        arg_param_end
-    };
-    CLIExecWithReturn(ctx, Cmd, argtable, false);
-    int fno = arg_get_int_def(ctx, 1, 0);
-    int aidlength = 3;
-    uint8_t aid[3] = {0};
-    CLIGetHexWithReturn(ctx, 2, aid, &aidlength);
-    swap24(aid);
-    CLIParserFree(ctx);
-
-    if (fno > 0x1F) {
-        PrintAndLogEx(ERR, "File number range is invalid (exp 0 - 31), got %d", fno);
-        return PM3_EINVARG;
-    }
-
-    if (aidlength != 3 && aidlength != 0) {
-        PrintAndLogEx(ERR, _RED_("   The given aid must have 3 bytes (big endian)."));
-        return PM3_ESOFT;
-    } else if (aidlength == 0) {
-        if (memcmp(&tag->selected_application, aid, 3) == 0) {
-            PrintAndLogEx(ERR, _RED_("   You need to select an aid first."));
-            return PM3_ESOFT;
-        }
-        memcpy(aid, (uint8_t *)&tag->selected_application, 3);
-    }
-    uint8_t cs = 0;
-    if (selectfile(aid, fno, &cs) != PM3_SUCCESS) {
-        PrintAndLogEx(ERR, _RED_("   Error on selecting file."));
-        return PM3_ESOFT;
-    }
-
-    int res = handler_desfire_clear_record_file(fno);
-    if (res == PM3_SUCCESS) {
-        PrintAndLogEx(SUCCESS, "Successfully cleared record file.");
-    } else {
-        PrintAndLogEx(ERR, "Error on deleting file : %d", res);
-    }
-    DropFieldDesfire();
-    return res;
-}
-
 static int CmdHF14ADesReadData(const char *Cmd) {
     CLIParserContext *ctx;
     CLIParserInit(&ctx, "hf mfdes read",
@@ -6338,6 +6263,88 @@ static int CmdHF14ADesValueOperations(const char *Cmd) {
     return PM3_SUCCESS;
 }
 
+static int CmdHF14ADesClearRecordFile(const char *Cmd) {
+    CLIParserContext *ctx;
+    CLIParserInit(&ctx, "hf mfdes clearrecfile",
+                  "Clear record file. Master key needs to be provided or flag --no-auth set (depend on cards settings).",
+                  "hf mfdes clearrecfile --aid 123456 --fid 01 -> clear record file for: app=123456, file=01 with defaults from `default` command");
+
+    void *argtable[] = {
+        arg_param_begin,
+        arg_lit0("a",  "apdu",    "show APDU requests and responses"),
+        arg_lit0("v",  "verbose", "show technical data"),
+        arg_int0("n",  "keyno",   "<keyno>", "Key number"),
+        arg_str0("t",  "algo",    "<DES/2TDEA/3TDEA/AES>",  "Crypt algo: DES, 2TDEA, 3TDEA, AES"),
+        arg_str0("k",  "key",     "<Key>",   "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"),
+        arg_str0("f",  "kdf",     "<none/AN10922/gallagher>",   "Key Derivation Function (KDF): None, AN10922, Gallagher"),
+        arg_str0("i",  "kdfi",    "<kdfi>",  "KDF input (HEX 1-31 bytes)"),
+        arg_str0("m",  "cmode",   "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
+        arg_str0("c",  "ccset",   "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
+        arg_str0("s",  "schann",  "<d40/ev1/ev2>", "Secure channel: d40/ev1/ev2"),
+        arg_str0(NULL, "aid",     "<app id hex>", "Application ID (3 hex bytes, big endian)"),
+        arg_str0(NULL, "fid",     "<file id hex>", "File ID for clearing (1 hex byte)"),
+        arg_lit0(NULL, "no-auth", "execute without authentication"),
+        arg_param_end
+    };
+    CLIExecWithReturn(ctx, Cmd, argtable, false);
+
+    bool APDULogging = arg_get_lit(ctx, 1);
+    bool verbose = arg_get_lit(ctx, 2);
+    bool noauth = arg_get_lit(ctx, 13);
+
+    DesfireContext dctx;
+    int securechann = defaultSecureChannel;
+    uint32_t appid = 0x000000;
+    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMPlain, &appid);
+    if (res) {
+        CLIParserFree(ctx);
+        return res;
+    }
+
+    uint32_t fnum = 1;
+    res = arg_get_u32_hexstr_def_nlen(ctx, 12, 1, &fnum, 1, true);
+    if (res == 2) {
+        PrintAndLogEx(ERR, "File ID must have 1 byte length");
+        CLIParserFree(ctx);
+        return PM3_EINVARG;
+    }
+
+    SetAPDULogging(APDULogging);
+    CLIParserFree(ctx);
+
+    if (fnum > 0x1F) {
+        PrintAndLogEx(ERR, "File number range is invalid (exp 0 - 31), got %d", fnum);
+        return PM3_EINVARG;
+    }
+
+    if (noauth) {
+        res = DesfireSelectAIDHex(&dctx, appid, false, 0);
+        if (res != PM3_SUCCESS) {
+            PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
+            DropField();
+            return res;
+        }
+    } else {
+        res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose);
+        if (res != PM3_SUCCESS) {
+            DropField();
+            return res;
+        }
+    }
+
+    res = DesfireClearRecordFile(&dctx, fnum);
+    if (res != PM3_SUCCESS) {
+        PrintAndLogEx(ERR, "Desfire ClearRecordFile command " _RED_("error") ". Result: %d", res);
+        DropField();
+        return PM3_ESOFT;
+    }
+
+    PrintAndLogEx(SUCCESS, "File %02x in the app %06x cleared " _GREEN_("successfully"), fnum, appid);
+
+    DropField();
+    return PM3_SUCCESS;
+}
+
 static int CmdHF14ADesTest(const char *Cmd) {
     DesfireTest(true);
     return PM3_SUCCESS;
@@ -6383,7 +6390,7 @@ static command_t CommandTable[] = {
     {"read",             CmdHF14ADesReadData,         IfPm3Iso14443a,  "Read data from standard/backup/record file"},
     {"write",            CmdHF14ADesWriteData,        IfPm3Iso14443a,  "Write data to standard/backup/record file"},
     {"value",            CmdHF14ADesValueOperations,  IfPm3Iso14443a,  "[new]Operations with value file (get/credit/limited credit/debit/clear)"},
-    {"clearfile",        CmdHF14ADesClearRecordFile,  IfPm3Iso14443a,  "Clear record File"},
+    {"clearrecfile",     CmdHF14ADesClearRecordFile,  IfPm3Iso14443a,  "[new]Clear record File"},
     {"-----------",      CmdHelp,                     IfPm3Iso14443a,  "----------------------- " _CYAN_("System") " -----------------------"},
     {"test",             CmdHF14ADesTest,             AlwaysAvailable, "Test crypto"},
     {NULL, NULL, NULL, NULL}
diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c
index d3710dc1e..8003b3096 100644
--- a/client/src/mifare/desfirecore.c
+++ b/client/src/mifare/desfirecore.c
@@ -1072,6 +1072,10 @@ int DesfireDeleteFile(DesfireContext *dctx, uint8_t fnum) {
     return DesfireCommandTxData(dctx, MFDES_DELETE_FILE, &fnum, 1);
 }
 
+int DesfireClearRecordFile(DesfireContext *dctx, uint8_t fnum) {
+    return DesfireCommandTxData(dctx, MFDES_CLEAR_RECORD_FILE, &fnum, 1);
+}
+
 int DesfireCommitTransaction(DesfireContext *dctx, bool enable_options, uint8_t options) {
     if (enable_options)
         return DesfireCommandTxData(dctx, MFDES_COMMIT_TRANSACTION, &options, 1);
diff --git a/client/src/mifare/desfirecore.h b/client/src/mifare/desfirecore.h
index 9f5521a29..14453993b 100644
--- a/client/src/mifare/desfirecore.h
+++ b/client/src/mifare/desfirecore.h
@@ -89,10 +89,11 @@ void DesfirePrintCreateFileSettings(uint8_t filetype, uint8_t *data, size_t len)
 
 const char *GetDesfireFileType(uint8_t type);
 int DesfireCreateFile(DesfireContext *dctx, uint8_t ftype, uint8_t *fdata, size_t fdatalen, bool checklen);
-int DesfireDeleteFile(DesfireContext *dctx, uint8_t fid);
+int DesfireDeleteFile(DesfireContext *dctx, uint8_t fnum);
 int DesfireCommitTransaction(DesfireContext *dctx, bool enable_options, uint8_t options);
 int DesfireAbortTransaction(DesfireContext *dctx);
 
 int DesfireValueFileOperations(DesfireContext *dctx, uint8_t fid, uint8_t operation, uint32_t *value);
+int DesfireClearRecordFile(DesfireContext *dctx, uint8_t fnum);
 
 #endif // __DESFIRECORE_H