github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 10:37:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1390 from merlokk/desf_createmacf

Browse source 
Desfire createmacfile
This commit is contained in:
Oleg Moiseenko 2021-07-27 15:31:56 +03:00 committed by GitHub
commit b0eef72739
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 140 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

129
client/src/cmdhfmfdes.c
View file

@ -5978,6 +5978,134 @@ static int CmdHF14ADesCreateRecordFile(const char *Cmd) {
return PM3_SUCCESS;
}
static int CmdHF14ADesCreateTrMACFile(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf mfdes createmacfile",
"Create Transaction MAC file in the application. Application master key needs to be provided or flag --no-auth set (depend on application settings).",
"--rawrights have priority over the separate rights settings.\n"
"Key/mode/etc of the authentication depends on application settings\n"
"hf mfdes createmacfile --aid 123456 --fid 01 --mackey --rawrights 1F30 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file with parameters. Rights from default. Authentication with defaults from `default` command\n"
"hf mfdes createmacfile --aid 123456 --fid 01 --amode plain --rrights free --wrights deny --rwrights free --chrights key0 --mackey 00112233445566778899aabbccddeeff -> create file app=123456, file=01, with key, and mentioned rights with defaults from `default` command\n"
"hf mfdes createmacfile -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup. key and keyver == 0x00..00");
void *argtable[] = {
arg_param_begin,
arg_lit0("a", "apdu", "show APDU requests and responses"),
arg_lit0("v", "verbose", "show technical data"),
arg_int0("n", "keyno", "<keyno>", "Key number"),
arg_str0("t", "algo", "<DES/2TDEA/3TDEA/AES>", "Crypt algo: DES, 2TDEA, 3TDEA, AES"),
arg_str0("k", "key", "<Key>", "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"),
arg_str0("f", "kdf", "<none/AN10922/gallagher>", "Key Derivation Function (KDF): None, AN10922, Gallagher"),
arg_str0("i", "kdfi", "<kdfi>", "KDF input (HEX 1-31 bytes)"),
arg_str0("m", "cmode", "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
arg_str0("c", "ccset", "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
arg_str0("s", "schann", "<d40/ev1/ev2>", "Secure channel: d40/ev1/ev2"),
arg_str0(NULL, "aid", "<app id hex>", "Application ID (3 hex bytes, big endian)"),
arg_str0(NULL, "fid", "<file id hex>", "File ID (1 hex byte)"),
arg_str0(NULL, "amode", "<plain/mac/encrypt>", "File access mode: plain/mac/encrypt"),
arg_str0(NULL, "rawrights", "<access rights HEX>", "Access rights for file (HEX 2 byte) R/W/RW/Chg, 0x0 - 0xD Key, 0xE Free, 0xF Denied"),
arg_str0(NULL, "rrights", "<key0/../key13/free/deny>", "Read file access mode: the specified key, free, deny"),
arg_str0(NULL, "wrights", "<key0/../key13/free/deny>", "Write file access mode: the specified key, free, deny"),
arg_str0(NULL, "rwrights", "<key0/../key13/free/deny>", "Read/Write file access mode: the specified key, free, deny"),
arg_str0(NULL, "chrights", "<key0/../key13/free/deny>", "Change file settings access mode: the specified key, free, deny"),
arg_lit0(NULL, "no-auth", "execute without authentication"),
arg_str0(NULL, "mackey", "<hex>", "AES-128 key for MAC (16 hex bytes, big endian). Default 0x00..00"),
arg_str0(NULL, "mackeyver", "<ver hex 1b>", "AES key version for MAC (1 hex byte). Default 0x00"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
bool APDULogging = arg_get_lit(ctx, 1);
bool verbose = arg_get_lit(ctx, 2);
bool noauth = arg_get_lit(ctx, 19);
uint8_t filetype = 0x05; // transaction mac file
DesfireContext dctx;
int securechann = defaultSecureChannel;
uint32_t appid = 0x000000;
int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMEncrypted, &appid);
if (res) {
CLIParserFree(ctx);
return res;
}
if (appid == 0x000000) {
PrintAndLogEx(ERR, "Can't create files at card level.");
CLIParserFree(ctx);
return PM3_EINVARG;
}
uint8_t data[250] = {0};
size_t datalen = 0;
res = DesfireCreateFileParameters(ctx, 12, 0, 13, 14, 15, 16, 17, 18, data, &datalen);
if (res) {
CLIParserFree(ctx);
return res;
}
uint8_t sdata[250] = {0};
int sdatalen = sizeof(sdata);
CLIGetHexWithReturn(ctx, 20, sdata, &sdatalen);
if (sdatalen != 0 && sdatalen != 16) {
PrintAndLogEx(ERR, "AES-128 key must be 16 bytes instead of %d.", sdatalen);
CLIParserFree(ctx);
return PM3_EINVARG;
}
uint32_t keyver = 0x00;
res = arg_get_u32_hexstr_def_nlen(ctx, 21, 0x00, &keyver, 1, true);
if (res == 2) {
PrintAndLogEx(ERR, "Key version must be 1 byte length");
CLIParserFree(ctx);
return PM3_EINVARG;
}
SetAPDULogging(APDULogging);
CLIParserFree(ctx);
data[datalen] = 0x02; // AES key
datalen++;
if (sdatalen > 0)
memcpy(&data[datalen], sdata, sdatalen);
datalen += 16;
data[datalen] = keyver & 0xff;
datalen++;
if (noauth) {
res = DesfireSelectAIDHex(&dctx, appid, false, 0);
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
DropField();
return res;
}
} else {
res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose);
if (res != PM3_SUCCESS) {
DropField();
return res;
}
}
if (verbose)
PrintAndLogEx(INFO, "App: %06x. File num: 0x%02x type: 0x%02x data[%zu]: %s", appid, data[0], filetype, datalen, sprint_hex(data, datalen));
DesfirePrintCreateFileSettings(filetype, data, datalen);
res = DesfireCreateFile(&dctx, filetype, data, datalen, true);
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire CreateFile command " _RED_("error") ". Result: %d", res);
DropField();
return PM3_ESOFT;
}
PrintAndLogEx(SUCCESS, "%s file %02x in the app %06x created " _GREEN_("successfully"), GetDesfireFileType(filetype), data[0], appid);
DropField();
return PM3_SUCCESS;
}
static int CmdHF14ADesDeleteFile(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf mfdes deletefile",
@ -6353,6 +6481,7 @@ static command_t CommandTable[] = {
{"createfile", CmdHF14ADesCreateFile, IfPm3Iso14443a, "[new]Create Standard/Backup File"},
{"createvaluefile", CmdHF14ADesCreateValueFile, IfPm3Iso14443a, "[new]Create Value File"},
{"createrecordfile", CmdHF14ADesCreateRecordFile, IfPm3Iso14443a, "[new]Create Linear/Cyclic Record File"},
{"createmacfile", CmdHF14ADesCreateTrMACFile, IfPm3Iso14443a, "[new]Create Transaction MAC File"},
{"deletefile", CmdHF14ADesDeleteFile, IfPm3Iso14443a, "[new]Delete File"},
{"getfilesettings", CmdHF14ADesGetFileSettings, IfPm3Iso14443a, "[new]Get file settings"},
{"chfilesettings", CmdHF14ADesChFileSettings, IfPm3Iso14443a, "[new]Change file settings"},

16
client/src/mifare/desfirecore.c
View file

@ -1202,7 +1202,7 @@ static const DesfireCreateFileCommandsS DesfireFileCommands[] = {
{0x02, "Value", MFDES_CREATE_VALUE_FILE, 16, 16, false},
{0x03, "Linear Record", MFDES_CREATE_LINEAR_RECORD_FILE, 12, 9, true},
{0x04, "Cyclic Record", MFDES_CREATE_CYCLIC_RECORD_FILE, 12, 9, true},
{0x05, "Transaction MAC", MFDES_CREATE_TRANS_MAC_FILE, 5, 22, false},
{0x05, "Transaction MAC", MFDES_CREATE_TRANS_MAC_FILE, 5, 21, false},
};
const DesfireCreateFileCommandsS *GetDesfireFileCmdRec(uint8_t type) {
@ -1346,7 +1346,7 @@ static void DesfirePrintFileSettDynPart(uint8_t filetype, uint8_t *data, size_t
break;
}
case 0x05: {
PrintAndLogEx(INFO, "Key type [0x%02x] : %s", data[0], GetDesfireKeyType(data[0]));
PrintAndLogEx(INFO, "Key type [0x%02x] : %s", data[0], GetDesfireKeyType(data[0]));
*dynlen = 1;
if (create) {
@ -1427,11 +1427,13 @@ void DesfirePrintCreateFileSettings(uint8_t filetype, uint8_t *data, size_t len)
PrintAndLogEx(SUCCESS, "File type : %s", ftyperec->text);
PrintAndLogEx(SUCCESS, "File number : 0x%02x (%d)", data[0], data[0]);
size_t xlen = 1;
if (isoidpresent) {
PrintAndLogEx(SUCCESS, "File ISO number : 0x%04x", MemBeToUint2byte(&data[xlen]));
xlen += 2;
} else {
PrintAndLogEx(SUCCESS, "File ISO number : n/a");
if (ftyperec->mayHaveISOfid) {
if (isoidpresent) {
PrintAndLogEx(SUCCESS, "File ISO number : 0x%04x", MemBeToUint2byte(&data[xlen]));
xlen += 2;
} else {
PrintAndLogEx(SUCCESS, "File ISO number : n/a");
}
}
PrintAndLogEx(SUCCESS, "File comm mode : %s", GetDesfireCommunicationMode(data[xlen] & 0x03));

5
client/src/mifare/desfiresecurechan.c
View file

@ -36,7 +36,6 @@ AllowedChannelModesS AllowedChannelModes[] = {
{MFDES_CREATE_VALUE_FILE, DACd40, DCCNative, DCMPlain},
{MFDES_CREATE_LINEAR_RECORD_FILE, DACd40, DCCNative, DCMPlain},
{MFDES_CREATE_CYCLIC_RECORD_FILE, DACd40, DCCNative, DCMPlain},
{MFDES_CREATE_TRANS_MAC_FILE, DACd40, DCCNative, DCMPlain},
{MFDES_GET_VALUE, DACd40, DCCNative, DCMPlain},
{MFDES_CREDIT, DACd40, DCCNative, DCMPlain},
{MFDES_LIMITED_CREDIT, DACd40, DCCNative, DCMPlain},
@ -88,7 +87,6 @@ AllowedChannelModesS AllowedChannelModes[] = {
{MFDES_CREATE_VALUE_FILE, DACEV1, DCCNative, DCMMACed},
{MFDES_CREATE_LINEAR_RECORD_FILE, DACEV1, DCCNative, DCMMACed},
{MFDES_CREATE_CYCLIC_RECORD_FILE, DACEV1, DCCNative, DCMMACed},
{MFDES_CREATE_TRANS_MAC_FILE, DACEV1, DCCNative, DCMMACed},
{MFDES_GET_VALUE, DACEV1, DCCNative, DCMMACed},
{MFDES_CREDIT, DACEV1, DCCNative, DCMMACed},
{MFDES_LIMITED_CREDIT, DACEV1, DCCNative, DCMMACed},
@ -99,6 +97,7 @@ AllowedChannelModesS AllowedChannelModes[] = {
{MFDES_GET_UID, DACEV1, DCCNative, DCMEncrypted},
{MFDES_CHANGE_KEY_SETTINGS, DACEV1, DCCNative, DCMEncrypted},
{MFDES_CHANGE_FILE_SETTINGS, DACEV1, DCCNative, DCMEncrypted},
{MFDES_CREATE_TRANS_MAC_FILE, DACEV1, DCCNative, DCMEncrypted},
{MFDES_CHANGE_KEY, DACEV1, DCCNative, DCMEncryptedPlain},
{MFDES_CHANGE_KEY_EV2, DACEV1, DCCNative, DCMEncryptedPlain},
@ -112,7 +111,7 @@ CmdHeaderLengthsS CmdHeaderLengths[] = {
{MFDES_CHANGE_KEY_EV2, 2},
{MFDES_CHANGE_CONFIGURATION, 1},
{MFDES_CHANGE_FILE_SETTINGS, 1},
{MFDES_CREATE_TRANS_MAC_FILE, 17},
{MFDES_CREATE_TRANS_MAC_FILE, 5},
};
static uint8_t DesfireGetCmdHeaderLen(uint8_t cmd) {