github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

plain update key works

Browse source
This commit is contained in:
merlokk 2022-02-08 00:25:52 +02:00
commit bc88040967
2 changed files with 180 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
client/src/cipurse/cipursecore.c
View file

@ -217,7 +217,7 @@ int CIPURSEUpdateKeyAttrib(uint8_t key_num, uint8_t key_attrib, uint8_t *result,
} }
int CIPURSEUpdateKey(uint8_t encrypt_key_num, uint8_t key_num, uint8_t *key, uint16_t key_len, uint8_t *result, size_t max_result_len, size_t *result_len, uint16_t *sw) { int CIPURSEUpdateKey(uint8_t encrypt_key_num, uint8_t key_num, uint8_t *key, uint16_t key_len, uint8_t *result, size_t max_result_len, size_t *result_len, uint16_t *sw) {
return CIPURSEExchangeEx(false, true, (sAPDU_t) {0x80, 0xd6, encrypt_key_num, key_num, key_len, key}, false, 0, result, max_result_len, result_len, sw); return CIPURSEExchangeEx(false, true, (sAPDU_t) {0x80, 0x52, encrypt_key_num, key_num, key_len, key}, false, 0, result, max_result_len, result_len, sw);
} }
int CIPURSECommitTransaction(uint16_t *sw) { int CIPURSECommitTransaction(uint16_t *sw) {

184
client/src/cmdhfcipurse.c
View file

@ -80,6 +80,14 @@ static const APDUSpcCodeDescription_t UAPDpdateKeyAttrCodeDescriptions[] = {
{0x6A88, "Invalid key number (outside the range supported by the current DF)" } {0x6A88, "Invalid key number (outside the range supported by the current DF)" }
}; };
static const APDUSpcCodeDescription_t UAPDpdateKeyCodeDescriptions[] = {
{0x6982, "Key is frozen or only the key itself has the rights to update" },
{0x6984, "key enc key is blocked or invalid" },
{0x6985, "Deactivated file" },
{0x6A80, "invalid algo, key length or kvv" },
{0x6A88, "Invalid key number (outside the range supported by the current DF)" }
};
static uint8_t defaultKeyId = 1; static uint8_t defaultKeyId = 1;
static uint8_t defaultKey[CIPURSE_AES_KEY_LENGTH] = CIPURSE_DEFAULT_KEY; static uint8_t defaultKey[CIPURSE_AES_KEY_LENGTH] = CIPURSE_DEFAULT_KEY;
#define CIPURSE_MAX_AID_LENGTH 16 #define CIPURSE_MAX_AID_LENGTH 16
@ -1436,8 +1444,169 @@ static int CmdHFCipurseDeleteFile(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// {"updkey", CmdHFCipurseUpdateKey, IfPm3Iso14443a, "Update key"},
static int CmdHFCipurseUpdateKey(const char *Cmd) { static int CmdHFCipurseUpdateKey(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf cipurse updakey",
"Update key. ",
"hf cipurse updkey --aid 4144204631 --newkeyn 2 --newkeya 00 --newkey 73737373737373737373737373737373 -> update default application key 2 with default value 73..73\n"
"hf cipurse updkey --newkeyn 1 --newkeya 00 --newkey 0102030405060708090a0b0c0d0e0f10 --commit -> for key 1");
void *argtable[] = {
arg_param_begin,
arg_lit0("a", "apdu", "show APDU requests and responses"),
arg_lit0("v", "verbose", "show technical data"),
arg_int0("n", NULL, "<dec>", "key ID for authentication"),
arg_str0("k", "key", "<hex>", "Auth key"),
arg_str0(NULL, "aid", "<hex 1..16 bytes>", "application ID (AID)"),
arg_str0(NULL, "fid", "<hex 2 bytes>", "file ID (FID)"),
arg_lit0(NULL, "mfd", "select masterfile by empty id"),
arg_int0(NULL, "newkeyn", "<dec>", "target key ID"),
arg_str0(NULL, "newkey", "<hex 16 byte>", "new key"),
arg_str0(NULL, "newkeya", "<hex 1 byte>", "new key additional info. 0x00 by default"),
arg_str0(NULL, "sreq", "<plain|mac(default)|encode>", "communication reader-PICC security level"),
arg_str0(NULL, "sresp", "<plain|mac(default)|encode>", "communication PICC-reader security level"),
arg_lit0(NULL, "no-auth", "execute without authentication"),
arg_lit0(NULL, "commit", "commit "),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
bool APDULogging = arg_get_lit(ctx, 1);
bool verbose = arg_get_lit(ctx, 2);
uint8_t keyId = arg_get_int_def(ctx, 3, defaultKeyId);
CipurseChannelSecurityLevel sreq = CPSMACed;
CipurseChannelSecurityLevel sresp = CPSMACed;
uint8_t key[CIPURSE_AES_KEY_LENGTH] = {0};
uint8_t aid[16] = {0};
size_t aidLen = 0;
bool useAID = false;
uint16_t fileId = defaultFileId;
bool useFID = false;
int res = CLIParseCommandParameters(ctx, 4, 5, 6, 11, 12, key, aid, &aidLen, &useAID, &fileId, &useFID, &sreq, &sresp);
if (res) {
CLIParserFree(ctx);
return PM3_EINVARG;
}
bool selmfd = arg_get_lit(ctx, 7);
uint8_t newKeyId = arg_get_int_def(ctx, 8, 0);
if (newKeyId == 0) {
PrintAndLogEx(ERR, _RED_("ERROR:") " new key id must be specified.");
CLIParserFree(ctx);
return PM3_EINVARG;
}
uint8_t hdata[250] = {0};
int hdatalen = sizeof(hdata);
CLIGetHexWithReturn(ctx, 9, hdata, &hdatalen);
if (hdatalen != 16) {
PrintAndLogEx(ERR, _RED_("ERROR:") " new key must be 16 bytes only and must be specified.");
CLIParserFree(ctx);
return PM3_EINVARG;
}
uint8_t newKey[16] = {0};
memcpy(newKey, hdata, 16);
hdatalen = sizeof(hdata);
CLIGetHexWithReturn(ctx, 10, hdata, &hdatalen);
if (hdatalen && hdatalen != 1) {
PrintAndLogEx(ERR, _RED_("ERROR:") " new key additional info must be 1 byte only.");
CLIParserFree(ctx);
return PM3_EINVARG;
}
uint8_t newKeyAInfo = (hdatalen) ? hdata[0] : 0x00;
bool noauth = arg_get_lit(ctx, 13);
bool needCommit = arg_get_lit(ctx, 14);
CLIParserFree(ctx);
SetAPDULogging(APDULogging);
uint8_t kvv[CIPURSE_KVV_LENGTH] = {0};
CipurseCGetKVV(newKey, kvv);
uint8_t keydata[3 + 16 + 3] = {newKeyAInfo, 0x10, 0x09, 0x00};
memcpy(&keydata[3], newKey, 16);
memcpy(&keydata[3 + 16], kvv, 3);
if (verbose) {
PrintAndLogEx(INFO, "New key number: %d", newKeyId);
PrintAndLogEx(INFO, "New key additional info: 0x%02x", newKeyAInfo);
PrintAndLogEx(INFO, "New key: %s", sprint_hex_inrow(key, 16));
PrintAndLogEx(INFO, "New key kvv: %s", sprint_hex_inrow(kvv, 3));
PrintAndLogEx(INFO, "New key data: %s", sprint_hex_inrow(keydata, sizeof(keydata)));
PrintAndLogEx(NORMAL, "");
}
uint8_t buf[APDU_RES_LEN] = {0};
size_t len = 0;
uint16_t sw = 0;
if (useAID || useFID || selmfd) {
res = SelectCommand(selmfd, useAID, aid, aidLen, useFID, fileId, verbose, buf, sizeof(buf), &len, &sw);
if (res != 0 || sw != 0x9000) {
PrintAndLogEx(ERR, "Select command ( " _RED_("error") " )");
DropField();
return PM3_ESOFT;
}
} else {
res = CIPURSESelectMFEx(true, true, buf, sizeof(buf), &len, &sw);
if (res != 0 || sw != 0x9000) {
PrintAndLogEx(ERR, "Cipurse masterfile select " _RED_("error") ". Card returns 0x%04x", sw);
DropField();
return PM3_ESOFT;
}
if (verbose)
PrintAndLogEx(INFO, "Cipurse masterfile " _GREEN_("selected"));
}
if (verbose) {
if (!noauth)
PrintAndLogEx(INFO, "key id " _YELLOW_("%d") " key " _YELLOW_("%s")
, keyId
, sprint_hex(key, CIPURSE_AES_KEY_LENGTH)
);
}
if (!noauth) {
bool bres = CIPURSEChannelAuthenticate(keyId, key, verbose);
if (bres == false) {
if (verbose)
PrintAndLogEx(ERR, "Authentication ( " _RED_("fail") " )");
DropField();
return PM3_ESOFT;
}
// set channel security levels
CIPURSECSetActChannelSecurityLevels(sreq, sresp);
}
res = CIPURSEUpdateKey(0, newKeyId, keydata, sizeof(keydata), buf, sizeof(buf), &len, &sw);
if (res != 0 || sw != 0x9000) {
PrintAndLogEx(ERR, "Update key command " _RED_("ERROR") ". Card returns:\n 0x%04x - %s", sw,
GetSpecificAPDUCodeDesc(UAPDpdateKeyCodeDescriptions, ARRAYLEN(UAPDpdateKeyCodeDescriptions), sw));
DropField();
return PM3_ESOFT;
}
PrintAndLogEx(INFO, "Key updated " _GREEN_("succesfully"));
if (needCommit) {
sw = 0;
res = CIPURSECommitTransaction(&sw);
if (res != 0 || sw != 0x9000)
PrintAndLogEx(WARNING, "Commit " _YELLOW_("ERROR") ". Card returns 0x%04x", sw);
if (verbose)
PrintAndLogEx(INFO, "Commit " _GREEN_("OK"));
}
DropField(); DropField();
return PM3_SUCCESS; return PM3_SUCCESS;
@ -1451,8 +1620,8 @@ static int CmdHFCipurseUpdateKeyAttr(const char *Cmd) {
"b1 - Change key and rights - 0 frozen\n" "b1 - Change key and rights - 0 frozen\n"
"b2 - Use as key encryption key - 1 blocked\n" "b2 - Use as key encryption key - 1 blocked\n"
"b8 - Key validity - 0 valid", "b8 - Key validity - 0 valid",
"hf cipurse updakey --trgkey 2 --attr 80 -> block key 2 for lifetime (WARNING!)\n" "hf cipurse updakey --trgkeyn 2 --attr 80 -> block key 2 for lifetime (WARNING!)\n"
"hf cipurse updakey --trgkey 1 --attr 02 --commit -> for key 1"); "hf cipurse updakey --trgkeyn 1 --attr 02 --commit -> for key 1");
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -1465,7 +1634,7 @@ static int CmdHFCipurseUpdateKeyAttr(const char *Cmd) {
arg_str0(NULL, "fid", "<hex 2 bytes>", "file ID (FID)"), arg_str0(NULL, "fid", "<hex 2 bytes>", "file ID (FID)"),
arg_lit0(NULL, "mfd", "select masterfile by empty id"), arg_lit0(NULL, "mfd", "select masterfile by empty id"),
arg_int0(NULL, "trgkey", "<dec>", "target key ID"), arg_int0(NULL, "trgkeyn", "<dec>", "target key ID"),
arg_str0(NULL, "attr", "<hex 1 byte>", "key attributes 1 byte"), arg_str0(NULL, "attr", "<hex 1 byte>", "key attributes 1 byte"),
arg_str0(NULL, "sreq", "<plain|mac(default)|encode>", "communication reader-PICC security level"), arg_str0(NULL, "sreq", "<plain|mac(default)|encode>", "communication reader-PICC security level"),
arg_str0(NULL, "sresp", "<plain|mac(default)|encode>", "communication PICC-reader security level"), arg_str0(NULL, "sresp", "<plain|mac(default)|encode>", "communication PICC-reader security level"),
@ -1496,7 +1665,12 @@ static int CmdHFCipurseUpdateKeyAttr(const char *Cmd) {
bool selmfd = arg_get_lit(ctx, 7); bool selmfd = arg_get_lit(ctx, 7);
uint8_t trgKeyId = arg_get_int_def(ctx, 8, defaultKeyId); uint8_t trgKeyId = arg_get_int_def(ctx, 8, 0);
if (trgKeyId == 0) {
PrintAndLogEx(ERR, _RED_("ERROR:") " target key id must be specified.");
CLIParserFree(ctx);
return PM3_EINVARG;
}
uint8_t hdata[250] = {0}; uint8_t hdata[250] = {0};
int hdatalen = sizeof(hdata); int hdatalen = sizeof(hdata);