add print keysettings

2025-08-23 06:35:38 -07:00 · 2021-07-09 19:26:15 +03:00 · 2021-07-09 19:26:15 +03:00 · cbffdd7552
commit cbffdd7552
parent d67ea92e2e
3 changed files with 106 additions and 2 deletions
--- a/client/src/mifare/desfirecore.c
+++ b/client/src/mifare/desfirecore.c
@ -909,7 +909,7 @@ int DesfireCreateApplication(DesfireContext *dctx, uint8_t *appdata, size_t appd
    uint8_t respcode = 0xff;
    uint8_t resp[257] = {0};
    size_t resplen = 0;
-    int res = DesfireExchangeEx(false, dctx, MFDES_CREATE_APPLICATION, appdata, appdatalen, &respcode, resp, &resplen, true, 24);
+    int res = DesfireExchangeEx(false, dctx, MFDES_CREATE_APPLICATION, appdata, appdatalen, &respcode, resp, &resplen, true, 0);
    if (res != PM3_SUCCESS)
        return res;
    if (respcode != MFDES_S_OPERATION_OK || resplen != 0)
@ -923,7 +923,7 @@ int DesfireDeleteApplication(DesfireContext *dctx, uint32_t aid) {
    DesfireAIDUintToByte(aid, data);
    uint8_t resp[257] = {0};
    size_t resplen = 0;
-    int res = DesfireExchangeEx(false, dctx, MFDES_DELETE_APPLICATION, data, sizeof(data), &respcode, resp, &resplen, true, 24);
+    int res = DesfireExchangeEx(false, dctx, MFDES_DELETE_APPLICATION, data, sizeof(data), &respcode, resp, &resplen, true, 0);
    if (res != PM3_SUCCESS)
        return res;
    if (respcode != MFDES_S_OPERATION_OK || resplen != 0)
@ -931,3 +931,100 @@ int DesfireDeleteApplication(DesfireContext *dctx, uint32_t aid) {
    return PM3_SUCCESS;
 }

+int DesfireGetKeySettings(DesfireContext *dctx, uint8_t *resp, size_t *resplen) {
+    uint8_t respcode = 0xff;
+    int res = DesfireExchange(dctx, MFDES_GET_KEY_SETTINGS, NULL, 0, &respcode, resp, resplen);
+    if (res != PM3_SUCCESS)
+        return res;
+    if (respcode != MFDES_S_OPERATION_OK)
+        return PM3_EAPDU_FAIL;
+    return PM3_SUCCESS;
+}
+
+int DesfireGetKeyVersion(DesfireContext *dctx, uint8_t *resp, size_t *resplen) {
+    uint8_t respcode = 0xff;
+    int res = DesfireExchange(dctx, MFDES_GET_KEY_VERSION, NULL, 0, &respcode, resp, resplen);
+    if (res != PM3_SUCCESS)
+        return res;
+    if (respcode != MFDES_S_OPERATION_OK)
+        return PM3_EAPDU_FAIL;
+    return PM3_SUCCESS;
+}
+
+int DesfireChangeKeySettings(DesfireContext *dctx, uint8_t *data, size_t len) {
+    uint8_t respcode = 0xff;
+    uint8_t resp[257] = {0};
+    size_t resplen = 0;
+    int res = DesfireExchange(dctx, MFDES_CHANGE_KEY_SETTINGS, data, len, &respcode, resp, &resplen);
+    if (res != PM3_SUCCESS)
+        return res;
+    if (respcode != MFDES_S_OPERATION_OK || resplen != 0)
+        return PM3_EAPDU_FAIL;
+    return PM3_SUCCESS;
+}
+
+static void PrintKeyType(uint8_t keytype) {
+    switch(keytype) {
+    case 00:
+        PrintAndLogEx(SUCCESS, "Key: 2TDEA");
+        break;
+    case 01:
+        PrintAndLogEx(SUCCESS, "Key: 3TDEA");
+        break;
+    case 02:
+        PrintAndLogEx(SUCCESS, "Key: AES");
+        break;
+    default:
+        PrintAndLogEx(SUCCESS, "Key: unknown: 0x%02x", keytype);
+        break;
+    }
+}
+
+static void PrintKeySettingsPICC(uint8_t keysettings, uint8_t numkeys) {
+    PrintAndLogEx(SUCCESS, "PICC level rights:");
+    PrintAndLogEx(SUCCESS, "[%c...] CMK Configuration changeable   : %s", (keysettings & (1 << 3)) ? '1' : '0', (keysettings & (1 << 3)) ? _GREEN_("YES") : "NO (frozen)");
+    PrintAndLogEx(SUCCESS, "[.%c..] CMK required for create/delete : %s", (keysettings & (1 << 2)) ? '1' : '0', (keysettings & (1 << 2)) ? _GREEN_("NO") : "YES");
+    PrintAndLogEx(SUCCESS, "[..%c.] Directory list access with CMK : %s", (keysettings & (1 << 1)) ? '1' : '0', (keysettings & (1 << 1)) ? _GREEN_("NO") : "YES");
+    PrintAndLogEx(SUCCESS, "[...%c] CMK is changeable              : %s", (keysettings & (1 << 0)) ? '1' : '0', (keysettings & (1 << 0)) ? _GREEN_("YES") : "NO (frozen)");
+
+    PrintAndLogEx(SUCCESS, "\nkey count: %d", numkeys & 0x0f);
+}
+
+static void PrintKeySettingsApp(uint8_t keysettings, uint8_t numkeys) {
+    // Access rights.
+    PrintAndLogEx(SUCCESS, "Application level rights:");
+    uint8_t rights = ((keysettings >> 4) & 0x0F);
+    switch (rights) {
+        case 0x0:
+            PrintAndLogEx(SUCCESS, "-- AMK authentication is necessary to change any key (default)");
+            break;
+        case 0xE:
+            PrintAndLogEx(SUCCESS, "-- Authentication with the key to be changed (same KeyNo) is necessary to change a key");
+            break;
+        case 0xF:
+            PrintAndLogEx(SUCCESS, "-- All keys (except AMK,see Bit0) within this application are frozen");
+            break;
+        default:
+            PrintAndLogEx(SUCCESS,
+                          "-- Authentication with the specified key is necessary to change any key.\n"
+                          "A change key and a PICC master key (CMK) can only be changed after authentication with the master key.\n"
+                          "For keys other then the master or change key, an authentication with the same key is needed."
+                         );
+            break;
+    }
+    
+    PrintAndLogEx(SUCCESS, "[%c...] AMK Configuration changeable   : %s", (keysettings & (1 << 3)) ? '1' : '0', (keysettings & (1 << 3)) ? _GREEN_("YES") : "NO (frozen)");
+    PrintAndLogEx(SUCCESS, "[.%c..] AMK required for create/delete : %s", (keysettings & (1 << 2)) ? '1' : '0', (keysettings & (1 << 2)) ? "NO" : "YES");
+    PrintAndLogEx(SUCCESS, "[..%c.] Directory list access with AMK : %s", (keysettings & (1 << 1)) ? '1' : '0', (keysettings & (1 << 1)) ? "NO" : "YES");
+    PrintAndLogEx(SUCCESS, "[...%c] AMK is changeable              : %s", (keysettings & (1 << 0)) ? '1' : '0', (keysettings & (1 << 0)) ? _GREEN_("YES") : "NO (frozen)");
+
+    PrintKeyType(numkeys >> 6);
+    PrintAndLogEx(SUCCESS, "\nkey count: %d", numkeys & 0x0f);
+}
+
+void PrintKeySettings(uint8_t keysettings, uint8_t numkeys, bool applevel) {
+    if (applevel)
+        PrintKeySettingsApp(keysettings, numkeys);
+    else
+        PrintKeySettingsPICC(keysettings, numkeys);
+}
--- a/client/src/mifare/desfirecore.h
+++ b/client/src/mifare/desfirecore.h
@ -46,4 +46,9 @@ int DesfireGetDFList(DesfireContext *dctx, uint8_t *resp, size_t *resplen);
 int DesfireCreateApplication(DesfireContext *dctx, uint8_t *appdata, size_t appdatalen);
 int DesfireDeleteApplication(DesfireContext *dctx, uint32_t aid);

+int DesfireGetKeyVersion(DesfireContext *dctx, uint8_t *resp, size_t *resplen);
+int DesfireGetKeySettings(DesfireContext *dctx, uint8_t *resp, size_t *resplen);
+int DesfireChangeKeySettings(DesfireContext *dctx, uint8_t *data, size_t len);
+void PrintKeySettings(uint8_t keysettings, uint8_t numkeys, bool applevel);
+
 #endif // __DESFIRECORE_H
--- a/client/src/mifare/desfiresecurechan.c
+++ b/client/src/mifare/desfiresecurechan.c
@ -28,6 +28,7 @@ AllowedChannelModesS AllowedChannelModes[] = {
    {MFDES_DELETE_APPLICATION,    DACd40,  DCCNative,    DCMPlain},
    {MFDES_GET_APPLICATION_IDS,   DACd40,  DCCNative,    DCMPlain},
    {MFDES_GET_DF_NAMES,          DACd40,  DCCNative,    DCMPlain},
+    {MFDES_GET_KEY_SETTINGS,      DACd40,  DCCNative,    DCMPlain},

    {MFDES_READ_DATA,             DACd40,  DCCNative,    DCMMACed},
    {MFDES_WRITE_DATA,            DACd40,  DCCNative,    DCMMACed},
@ -52,6 +53,7 @@ AllowedChannelModesS AllowedChannelModes[] = {
    {MFDES_DELETE_APPLICATION,    DACEV1,  DCCNative,    DCMMACed},
    {MFDES_GET_APPLICATION_IDS,   DACEV1,  DCCNative,    DCMMACed},
    {MFDES_GET_DF_NAMES,          DACEV1,  DCCNative,    DCMMACed},
+    {MFDES_GET_KEY_SETTINGS,      DACEV1,  DCCNative,    DCMMACed},

    {MFDES_GET_UID,               DACEV1,  DCCNative,    DCMEncrypted},
 };