github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove old code

Browse source
This commit is contained in:
merlokk 2021-08-09 20:07:36 +03:00
commit aca059b06c
1 changed files with 0 additions and 225 deletions
Download patch file Download diff file Expand all files Collapse all files

225
client/src/cmdhfmfdes.c
View file

@ -309,231 +309,6 @@ static int mfdes_get_info(mfdes_info_res_t *info) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
/*static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t new_algo, uint8_t *old_key, uint8_t old_algo, uint8_t aes_version) {
if (new_key == NULL || old_key == NULL) {
return PM3_EINVARG;
}
// AID == 000000 6bits LSB needs to be 0
key_no &= 0x0F;
Desfire treats Des keys as TDes but with the first half = 2nd half
As such, we should be able to convert the Des to TDes then run the code as TDes
if (new_algo == MFDES_ALGO_DES) {
memcpy(&new_key[8], new_key, 8);
new_algo = MFDES_ALGO_3DES;
}
if (old_algo == MFDES_ALGO_DES) {
memcpy(&old_key[8], old_key, 8);
old_algo = MFDES_ALGO_3DES;
}
*
* Because new crypto methods can be setup only at application creation,
* changing the card master key to one of them require a key_no tweak.
*
if (0x000000 == tag->selected_application) {
// PICC master key, 6bits LSB needs to be 0
key_no = 0x00;
// PICC master key, keyalgo specific 2bit MSB
switch (new_algo) {
// case MFDES_ALGO_DES: // not needed as we patched des to 3des above. (coverty deadcode)
case MFDES_ALGO_3DES:
break; // 00xx xxx
case MFDES_ALGO_3K3DES:
key_no |= 0x40; // 01xx xxx
break;
case MFDES_ALGO_AES:
key_no |= 0x80; // 10xx xxx
break;
}
}
*
keyno 1b
key 8b
cpy 8b
crc 2b
padding
*
// Variable length ciphered key data 24-42 bytes plus padding..
uint8_t data[64] = {key_no};
sAPDU apdu = {0x90, MFDES_CHANGE_KEY, 0x00, 0x00, 0x01, data}; // 0xC4
size_t cmdcnt = 0;
uint8_t csPkt[100] = {0x00}; // temp storage for AES/3K3Des packet to calculate checksum (size ????)
uint8_t new_key_length = 16;
switch (new_algo) {
*
// We have converted the DES to 3DES above,so this will never hit
case MFDES_ALGO_DES:
memcpy(data + cmdcnt + 1, new_key, new_key_length);
memcpy(data + cmdcnt + 1 + new_key_length, new_key, new_key_length);
break;
*
case MFDES_ALGO_3DES:
case MFDES_ALGO_AES:
new_key_length = 16;
memcpy(data + cmdcnt + 1, new_key, new_key_length);
break;
case MFDES_ALGO_3K3DES:
new_key_length = 24;
memcpy(data + cmdcnt + 1, new_key, new_key_length);
break;
}
if ((tag->authenticated_key_no & 0x0f) != (key_no & 0x0f)) {
if (old_key) {
for (uint32_t n = 0; n < new_key_length; n++) {
data[cmdcnt + 1 + n] ^= old_key[n];
}
}
}
cmdcnt += new_key_length;
if (new_algo == MFDES_ALGO_AES) {
data[cmdcnt + 1] = aes_version;
cmdcnt += 1;
}
if ((tag->authenticated_key_no & 0x0f) != (key_no & 0x0f)) {
switch (tag->authentication_scheme) {
case AS_LEGACY:
iso14443a_crc_append(data + 1, cmdcnt);
cmdcnt += 2;
// iso14443a_crc(new_key, new_key_length, data + cmdcnt);
// Add offset + 1 for key no. at start
iso14443a_crc(new_key, new_key_length, data + 1 + cmdcnt);
cmdcnt += 2;
break;
case AS_NEW:
if (new_algo == MFDES_ALGO_AES) {
// AES Checksum must cover : C4<KeyNo> <PrevKey XOR Newkey> <NewKeyVer>
// C4 01 A0B08090E0F0C0D02030001060704050 03
// 19 bytes
//uint8_t csPkt[30] = {0x00};
csPkt[0] = MFDES_CHANGE_KEY;
memcpy(&csPkt[1], data, 18);
desfire_crc32(csPkt, 19, data + 1 + cmdcnt);
} else if (new_algo == MFDES_ALGO_3K3DES) {
// 3K3Des checksum must cover : C4 <KeyNo> <PrevKey XOR NewKey>
csPkt[0] = MFDES_CHANGE_KEY;
memcpy(&csPkt[1], data, 25);
desfire_crc32(csPkt, 26, data + 1 + cmdcnt);
} else {
desfire_crc32_append(data + 1, cmdcnt);
}
cmdcnt += 4;
desfire_crc32(new_key, new_key_length, data + 1 + cmdcnt);
cmdcnt += 4;
break;
}
} else {
switch (tag->authentication_scheme) {
case AS_LEGACY:
iso14443a_crc_append(data + 1, cmdcnt);
cmdcnt += 2;
break;
case AS_NEW:
if (new_algo == MFDES_ALGO_AES) {
// AES Checksum must cover : C4<KeyNo> <Newkey data> <NewKeyVer>
// C4 01 A0B08090E0F0C0D02030001060704050 03
csPkt[0] = MFDES_CHANGE_KEY;
memcpy(&csPkt[1], data, 18);
desfire_crc32(csPkt, 19, data + 1 + cmdcnt);
} else if (new_algo == MFDES_ALGO_3K3DES) {
// 3K3Des checksum must cover : C4 <KeyNo> <Newkey Data>
csPkt[0] = MFDES_CHANGE_KEY;
memcpy(&csPkt[1], data, 25);
desfire_crc32(csPkt, 26, data + 1 + cmdcnt);
} else {
desfire_crc32_append(data + 1, cmdcnt);
}
cmdcnt += 4;
// desfire_crc32_append(data, cmdcnt);
// cmdcnt += 4;
break;
}
}
uint8_t *p = mifare_cryto_preprocess_data(tag, data + 1, (size_t *)&cmdcnt, 0, MDCM_ENCIPHERED | ENC_COMMAND | NO_CRC);
apdu.Lc = (uint8_t)cmdcnt + 1;
// apdu.data = p;
// the above data pointed to from p did not have the key no. at the start, so copy preprocessed data after the key no.
memcpy(&data[1], p, cmdcnt);
apdu.data = data;
uint32_t recv_len = 0;
uint16_t sw = 0;
// If we call send_desfire with 2nd option (turn field on), it will turn off then on
// leading to loosing the authentication on the aid, so lets not turn on here.
// int res = send_desfire_cmd(&apdu, true, NULL, &recv_len, &sw, 0, true);
int res = send_desfire_cmd(&apdu, false, NULL, &recv_len, &sw, 0, true);
if (res != PM3_SUCCESS) {
PrintAndLogEx(WARNING, _RED_("can't change key -> %s"), DesfireGetErrorString(res, &sw));
DropFieldDesfire();
return res;
}
size_t sn = recv_len;
if ((new_algo == MFDES_ALGO_AES) || (new_algo == MFDES_ALGO_3K3DES)) {
// AES expects us to Calculate CMAC for status byte : OK 0x00 (0x91 00)
// As such if we get this far without an error, we should be good
// Since we are dropping the field, we dont need to maintain the CMAC etc.
// Setting sn = 1 will allow the post process to just exit (as status only)
// Simular 3K3Des has some work to validate, but as long as the reply code was 00
// e.g. 02 fe ec 77 ca 13 e0 c2 06 [91 00 (OK)] 69 67
sn = 1;
}
p = mifare_cryto_postprocess_data(tag, data, &sn, MDCM_PLAIN | CMAC_COMMAND | CMAC_VERIFY);
// Should be finished processing the changekey so lets ensure the field is dropped.
DropFieldDesfire();
if (!p) {
*
Note in my testing on an EV1, the AES password did change, with the number of returned bytes was 8, expected 9 <status><8 byte cmac>
As such !p is true and the code reports "Error on changing key"; so comment back to user until its fixed.
Note: as at 19 May 2021, with the sn = 1 patch above, this should no longer be reachable!
*
if (new_algo == MFDES_ALGO_AES) {
PrintAndLogEx(WARNING, "AES Key may have been changed, please check new password with the auth command.");
}
return PM3_ESOFT;
}
*
* If we changed the current authenticated key, we are not authenticated
* anymore.
*
if (key_no == tag->authenticated_key_no) {
free(tag->session_key);
tag->session_key = NULL;
}
return PM3_SUCCESS;
}*/
// --- GET SIGNATURE // --- GET SIGNATURE
static int desfire_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, size_t signature_len, nxp_cardtype_t card_type) { static int desfire_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, size_t signature_len, nxp_cardtype_t card_type) {
(void)card_type; (void)card_type;