diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 2f13a259a..ceee38f85 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -9,4 +9,4 @@ community_bridge: # Replace with a single Community Bridge project-name e.g., cl liberapay: # Replace with a single Liberapay username issuehunt: # Replace with a single IssueHunt username otechie: # Replace with a single Otechie username -custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] +custom: ["https://www.paypal.me/iceman1001"] diff --git a/CHANGELOG.md b/CHANGELOG.md index c0ef300cb..89a04d651 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fix hf list felica and hf felica sniff (@7homasSutter) + - Added hf felica wrunencrypted (@7homasSutter) - Added hf felica rdunencrypted (@7homasSutter) - Added hf felica rqresponse (@7homasSutter) - Added hf felica rqservice (@7homasSutter) diff --git a/armsrc/Standalone/hf_bog.c b/armsrc/Standalone/hf_bog.c index 5e84d4cc1..d1cc2e202 100644 --- a/armsrc/Standalone/hf_bog.c +++ b/armsrc/Standalone/hf_bog.c @@ -216,13 +216,11 @@ void RAMFUNC SniffAndStore(uint8_t param) { if (auth_attempts > 0) { if (DBGLEVEL > 1) Dbprintf("[!] Authentication attempts = %u", auth_attempts); - size_t size = 4 * auth_attempts; - uint8_t *buf = BigBuf_malloc(size); if (!exists_in_spiffs((char *)HF_BOG_LOGFILE)) { - rdv40_spiffs_write((char *)HF_BOG_LOGFILE, buf, size, RDV40_SPIFFS_SAFETY_SAFE); + rdv40_spiffs_write((char *)HF_BOG_LOGFILE, capturedPwds, 4 * auth_attempts, RDV40_SPIFFS_SAFETY_SAFE); } else { - rdv40_spiffs_append((char *)HF_BOG_LOGFILE, buf, size, RDV40_SPIFFS_SAFETY_SAFE); + rdv40_spiffs_append((char *)HF_BOG_LOGFILE, capturedPwds, 4 * auth_attempts, RDV40_SPIFFS_SAFETY_SAFE); } } @@ -251,5 +249,5 @@ void RunMod() { LEDsoff(); SpinDelay(300); Dbprintf("- [ End ] -> You can take shell back ..."); - Dbprintf("- [ ! ] -> use 'script run read_pwd_mem' to print passwords"); + Dbprintf("- [ ! ] -> use 'script run read_pwd_mem_spiffs' to print passwords"); } diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 5011c1979..ef96d9fef 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -696,10 +696,23 @@ static void PacketReceived(PacketCommandNG *packet) { */ switch (packet->cmd) { - case CMD_QUIT_SESSION: + case CMD_QUIT_SESSION: { reply_via_fpc = false; reply_via_usb = false; break; + } + // emulator + case CMD_SET_DBGMODE: { + DBGLEVEL = packet->data.asBytes[0]; + Dbprintf("Debug level: %d", DBGLEVEL); + reply_ng(CMD_SET_DBGMODE, PM3_SUCCESS, NULL, 0); + break; + } + // always available + case CMD_HF_DROPFIELD: { + hf_field_off(); + break; + } #ifdef WITH_LF case CMD_LF_T55XX_SET_CONFIG: { setT55xxConfig(packet->oldarg[0], (t55xx_configurations_t *) packet->data.asBytes); @@ -1034,12 +1047,6 @@ static void PacketReceived(PacketCommandNG *packet) { } #endif -// always available - case CMD_HF_DROPFIELD: { - hf_field_off(); - break; - } - #ifdef WITH_ISO14443a case CMD_HF_ISO14443A_SNIFF: { SniffIso14443a(packet->data.asBytes[0]); @@ -1155,13 +1162,6 @@ static void PacketReceived(PacketCommandNG *packet) { Mifare1ksim(payload->flags, payload->exitAfter, payload->uid, payload->atqa, payload->sak); break; } - // emulator - case CMD_SET_DBGMODE: { - DBGLEVEL = packet->data.asBytes[0]; - Dbprintf("Debug level: %d", DBGLEVEL); - reply_ng(CMD_SET_DBGMODE, PM3_SUCCESS, NULL, 0); - break; - } case CMD_HF_MIFARE_EML_MEMCLR: { MifareEMemClr(); reply_ng(CMD_HF_MIFARE_EML_MEMCLR, PM3_SUCCESS, NULL, 0); @@ -1245,6 +1245,10 @@ static void PacketReceived(PacketCommandNG *packet) { DetectNACKbug(); break; } + case CMD_HF_MFU_OTP_TEAROFF: { + MifareU_Otp_Tearoff(); + break; + } #endif #ifdef WITH_NFCBARCODE diff --git a/armsrc/felica.c b/armsrc/felica.c index 7ec40efcf..1a3b6f6ac 100644 --- a/armsrc/felica.c +++ b/armsrc/felica.c @@ -410,8 +410,6 @@ bool WaitForFelicaReply(uint16_t maxbytes) { // clear RXRDY: uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; uint32_t timeout = iso18092_get_timeout(); - if (DBGLEVEL >= DBG_DEBUG) - Dbprintf("timeout set: %i", timeout); for (;;) { WDT_HIT(); @@ -420,8 +418,8 @@ bool WaitForFelicaReply(uint16_t maxbytes) { Process18092Byte(b); if (FelicaFrame.state == STATE_FULL) { felica_nexttransfertime = MAX(felica_nexttransfertime, - (GetCountSspClk() & 0xfffffff8) - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 16 + FELICA_FRAME_DELAY_TIME - ); + (GetCountSspClk() & 0xfffffff8) - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 16 + FELICA_FRAME_DELAY_TIME); + LogTrace( FelicaFrame.framebytes, FelicaFrame.len, @@ -453,7 +451,7 @@ static void iso18092_setup(uint8_t fpga_minor_mode) { BigBuf_Clear_ext(false); // Initialize Demod and Uart structs - //DemodInit(BigBuf_malloc(MAX_FRAME_SIZE)); + // DemodInit(BigBuf_malloc(MAX_FRAME_SIZE)); FelicaFrameinit(BigBuf_malloc(FELICA_MAX_FRAME_SIZE)); felica_nexttransfertime = 2 * DELAY_ARM2AIR_AS_READER; @@ -573,69 +571,57 @@ void felica_sendraw(PacketCommandNG *c) { } void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) { - int remFrames = (samplesToSkip) ? samplesToSkip : 0; - - Dbprintf("Sniff FelicaLiteS: Getting first %d frames, Skipping %d triggers.\n", samplesToSkip, triggersToSkip); - + Dbprintf("Sniff Felica: Getting first %d frames, Skipping after %d triggers.\n", samplesToSkip, triggersToSkip); + clear_trace(); + set_tracing(true); iso18092_setup(FPGA_HF_ISO18092_FLAG_NOMOD); - - //the frame bits are slow enough. - int n = BigBuf_max_traceLen() / sizeof(uint8_t); // take all memory - int numbts = 0; - uint8_t *dest = (uint8_t *)BigBuf_get_addr(); - uint8_t *destend = dest + n - 2; - - uint32_t endframe = GetCountSspClk(); - - while (dest <= destend) { + LED_D_ON(); + uint16_t numbts = 0; + int trigger_cnt = 0; + uint32_t timeout = iso18092_get_timeout(); + bool isReaderFrame = true; + while (!BUTTON_PRESS()) { WDT_HIT(); - if (BUTTON_PRESS()) break; - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { uint8_t dist = (uint8_t)(AT91C_BASE_SSC->SSC_RHR); Process18092Byte(dist); - - //to be sure we are in frame - if (FelicaFrame.state == STATE_GET_LENGTH) { - //length is after 48 (PRE)+16 (SYNC) - 64 ticks +maybe offset? not 100% - uint16_t distance = GetCountSspClk() - endframe - 64 + (FelicaFrame.byte_offset > 0 ? (8 - FelicaFrame.byte_offset) : 0); - *dest = distance >> 8; - dest++; - *dest = (distance & 0xff); - dest++; + if ((MAX(dist & 0xff, dist >> 8) >= 178) && (++trigger_cnt > triggersToSkip)) { + Dbprintf("triggersToSkip kicked %d", dist); + break; } - //crc NOT checked if (FelicaFrame.state == STATE_FULL) { - endframe = GetCountSspClk(); - // *dest = FelicaFrame.crc_ok; //kind of wasteful - dest++; - for (int i = 0; i < FelicaFrame.len; i++) { - *dest = FelicaFrame.framebytes[i]; - dest++; - if (dest >= destend) break; - + if ((FelicaFrame.framebytes[3] % 2) == 0) { + isReaderFrame = true; // All Reader Frames are even and all Tag frames are odd + } else { + isReaderFrame = false; } - remFrames--; - if (remFrames <= 0) break; - if (dest >= destend) break; - + if (remFrames <= 0) { + Dbprintf("Stop Sniffing - samplesToSkip reached!"); + break; + } + LogTrace(FelicaFrame.framebytes, + FelicaFrame.len, + ((GetCountSspClk() & 0xfffffff8) << 4) - DELAY_AIR2ARM_AS_READER - timeout, + ((GetCountSspClk() & 0xfffffff8) << 4) - DELAY_AIR2ARM_AS_READER, + NULL, + isReaderFrame + ); numbts += FelicaFrame.len; - FelicaFrameReset(); } } } - switch_off(); - //reset framing AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); set_tracelen(numbts); + set_tracelen(BigBuf_max_traceLen()); Dbprintf("Felica sniffing done, tracelen: %i, use hf list felica for annotations", BigBuf_get_traceLen()); reply_old(CMD_ACK, 1, numbts, 0, 0, 0); + LED_D_OFF(); } #define R_POLL0_LEN 0x16 diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 33ea46e85..9ab2b5013 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -1306,6 +1306,7 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) { AddCrc(csn_data, 8); uint8_t diversified_key[8] = { 0 }; + // e-Purse uint8_t card_challenge_data[8] = { 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; //uint8_t card_challenge_data[8] = { 0 }; @@ -1316,6 +1317,7 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) { //Card challenge, a.k.a e-purse is on block 2 memcpy(card_challenge_data, emulator + (8 * 2), 8); + //Precalculate the cipher state, feeding it the CC cipher_state = opt_doTagMAC_1(card_challenge_data, diversified_key); } @@ -1351,7 +1353,7 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) { uint8_t *resp_csn = BigBuf_malloc(28); int resp_csn_len; - // configuration picopass 2ks + // configuration Picopass 2ks uint8_t *resp_conf = BigBuf_malloc(28); int resp_conf_len; uint8_t conf_data[10] = {0x12, 0xFF, 0xFF, 0xFF, 0x7F, 0x1F, 0xFF, 0x3C, 0x00, 0x00}; @@ -1366,6 +1368,14 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) { uint8_t *resp_aia = BigBuf_malloc(28); int resp_aia_len; uint8_t aia_data[10] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00}; + if (simulationMode == MODE_FULLSIM) { + + // (iceman) this only works for 2KS / 16KS tags. + // Use application data from block 5 + memcpy(aia_data, emulator + (8 * 5), 8); + + // older 2K / 16K tags has its application issuer data on block 2 + } AddCrc(aia_data, 8); // receive command diff --git a/armsrc/lfops.c b/armsrc/lfops.c index f4f3a9e7b..8aa86a43b 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1045,6 +1045,16 @@ static void leadingZeroAskSimBits(int *n, uint8_t clock) { memset(dest + (*n), 0, clock * 8); *n += clock * 8; } +/* +static void leadingZeroBiphaseSimBits(int *n, uint8_t clock, uint8_t *phase) { + uint8_t *dest = BigBuf_get_addr(); + for (uint8_t i = 0; i < 8; i++) { + memset(dest + (*n), 0 ^ *phase, clock); + *phase ^= 1; + *n += clock; + } +} +*/ // args clock, ask/man or askraw, invert, transmission separator @@ -1054,10 +1064,14 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c int n = 0, i = 0; - leadingZeroAskSimBits(&n, clk); - if (encoding == 2) { //biphase uint8_t phase = 0; + +// iceman, if I add this, the demod includes these extra zero and detection fails. +// now, I only need to figure out just to add carrier without modulation +// the old bug, with adding ask zeros messed up the phase variable and deteion failed because of it in LF FDX +// leadingZeroBiphaseSimBits(&n, clk, &phase); + for (i = 0; i < size; i++) { biphaseSimBit(bits[i] ^ invert, &n, clk, &phase); } @@ -1067,6 +1081,9 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c } } } else { // ask/manchester || ask/raw + + leadingZeroAskSimBits(&n, clk); + for (i = 0; i < size; i++) { askSimBit(bits[i] ^ invert, &n, clk, encoding); } @@ -1083,7 +1100,14 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c WDT_HIT(); - Dbprintf("Simulating with clk: %d, invert: %d, encoding: %d, separator: %d, n: %d", clk, invert, encoding, separator, n); + Dbprintf("Simulating with clk: %d, invert: %d, encoding: %s (%d), separator: %d, n: %d" + , clk + , invert + , (encoding == 2) ? "BI" : (encoding == 1) ? "ASK" : "RAW" + , encoding + , separator + , n + ); if (ledcontrol) LED_A_ON(); SimulateTagLowFrequency(n, 0, ledcontrol); @@ -2466,7 +2490,7 @@ void Cotag(uint32_t arg0) { switch (rawsignal) { case 0: - doCotagAcquisition(50000); + doCotagAcquisition(40000); break; case 1: doCotagAcquisitionManchester(); @@ -2478,7 +2502,7 @@ void Cotag(uint32_t arg0) { // Turn the field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off - reply_mix(CMD_ACK, 0, 0, 0, 0, 0); + reply_ng(CMD_LF_COTAG_READ, PM3_SUCCESS, NULL, 0); LEDsoff(); } diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index d168dcc78..48a3f0d97 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -374,8 +374,8 @@ void doT55x7Acquisition(size_t sample_size) { #define COTAG_T1 384 #define COTAG_T2 (COTAG_T1>>1) -#define COTAG_ONE_THRESHOLD 128+30 -#define COTAG_ZERO_THRESHOLD 128-30 +#define COTAG_ONE_THRESHOLD 128+10 +#define COTAG_ZERO_THRESHOLD 128-10 #ifndef COTAG_BITS #define COTAG_BITS 264 #endif @@ -437,6 +437,11 @@ void doCotagAcquisition(size_t sample_size) { dest[i] = dest[i - 1]; } } + + // Ensure that DC offset removal and noise check is performed for any device-side processing + removeSignalOffset(dest, bufsize); + computeSignalProperties(dest, bufsize); + } uint32_t doCotagAcquisitionManchester() { diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index f5e3fe961..bb4fb343d 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2173,3 +2173,70 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain) { LEDsoff(); set_tracing(false); } + +// +// Tear-off attack against MFU. +// - Moebius et al +void MifareU_Otp_Tearoff() { + +// should the +// optional time be configurable via client side? +// optional authentication before? +// optional data to be written? + + if (DBGLEVEL >= DBG_ERROR) DbpString("Preparing OTP tear-off"); + + LEDsoff(); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + clear_trace(); + set_tracing(true); + + StartTicks(); + +#define OTP_TEAR_OFF_TIME 1000 +#define OTP_BLK_NO 3 + + // write cmd to send, include CRC + // 1b write, 1b block, 4b data, 2 crc + uint8_t cmd[] = {MIFARE_ULC_WRITE, OTP_BLK_NO, 0xFF, 0xFF, 0xFF, 0xFF, 0, 0}; + +// User specific data to write? +// memcpy(block + 2, blockData, 4); + + AddCrc14A(cmd, sizeof(cmd) - 2); + + if (DBGLEVEL >= DBG_ERROR) DbpString("Transmitting"); + + // anticollision / select card + if (!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) { + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Can't select card"); + OnError(1); + return; + }; + + /* + // UL-EV1 / NTAG authentication + if (usePwd) { + uint8_t pwd[4] = {0x00}; + memcpy(pwd, datain + 4, 4); + uint8_t pack[4] = {0, 0, 0, 0}; + if (!mifare_ul_ev1_auth(pwd, pack)) { + OnError(1); + return; + } + } + */ + + // send + ReaderTransmit(cmd, sizeof(cmd), NULL); + + // Wait before cutting power. aka tear-off + LED_D_ON(); + WaitUS(OTP_TEAR_OFF_TIME); + switch_off(); + + reply_ng(CMD_HF_MFU_OTP_TEAROFF, PM3_SUCCESS, NULL, 0); + StopTicks(); + + if (DBGLEVEL >= DBG_ERROR) DbpString("Done"); +} diff --git a/armsrc/mifarecmd.h b/armsrc/mifarecmd.h index 0b8e2acd3..6b730fb58 100644 --- a/armsrc/mifarecmd.h +++ b/armsrc/mifarecmd.h @@ -52,4 +52,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype); void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain); void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain); +// Tear-off test for MFU +void MifareU_Otp_Tearoff(); + #endif diff --git a/client/Makefile b/client/Makefile index 1fef2cd9b..a6d987560 100644 --- a/client/Makefile +++ b/client/Makefile @@ -186,6 +186,7 @@ CMDSRCS = crapto1/crapto1.c \ cmdanalyse.c \ cmdhf.c \ cmdhflist.c \ + aidsearch.c \ cmdhf14a.c \ cmdhf14b.c \ cmdhf15.c \ diff --git a/client/aidsearch.c b/client/aidsearch.c new file mode 100644 index 000000000..ecaa6e6c8 --- /dev/null +++ b/client/aidsearch.c @@ -0,0 +1,180 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2019 merlokk +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Proxmark3 RDV40 AID list library +//----------------------------------------------------------------------------- +#include "aidsearch.h" + +#include +#include + +#include "fileutils.h" +#include "pm3_cmd.h" + + +int openAIDFile(json_t **root, bool verbose) { + json_error_t error; + + char *path; + int res = searchFile(&path, RESOURCES_SUBDIR, "aidlist", ".json", false); + if (res != PM3_SUCCESS) { + return PM3_EFILE; + } + + int retval = PM3_SUCCESS; + *root = json_load_file(path, 0, &error); + if (!*root) { + PrintAndLogEx(ERR, "json (%s) error on line %d: %s", path, error.line, error.text); + retval = PM3_ESOFT; + goto out; + } + + if (!json_is_array(*root)) { + PrintAndLogEx(ERR, "Invalid json (%s) format. root must be an array.", path); + retval = PM3_ESOFT; + goto out; + } + + if (verbose) PrintAndLogEx(SUCCESS, "Loaded file (%s) OK. %d records.", path, json_array_size(*root)); +out: + free(path); + return retval; +} + +int closeAIDFile(json_t *root) { + + json_decref(root); + return PM3_SUCCESS; +} + +json_t *AIDSearchInit(bool verbose) { + json_t *root = NULL; + int res = openAIDFile(&root, verbose); + if (res != PM3_SUCCESS) + return NULL; + + return root; +} + +json_t *AIDSearchGetElm(json_t *root, int elmindx) { + json_t *data = json_array_get(root, elmindx); + if (!json_is_object(data)) { + PrintAndLogEx(ERR, "data [%d] is not an object\n", elmindx); + return NULL; + } + return data; +} + +int AIDSearchFree(json_t *root) { + + return closeAIDFile(root); +} + +const char *jsonStrGet(json_t *data, char *name) { + json_t *jstr; + + jstr = json_object_get(data, name); + if (jstr == NULL) + return NULL; + if (!json_is_string(jstr)) { + PrintAndLogEx(ERR, "`%s` is not a string", name); + return NULL; + } + + const char *cstr = json_string_value(jstr); + if (strlen(cstr) == 0) + return NULL; + return cstr; +} + +bool aidCompare(const char *aidlarge, const char *aidsmall) { + if (strcmp(aidlarge, aidsmall) == 0) + return true; + + if (strlen(aidlarge) > strlen(aidsmall)) + if (strncmp(aidlarge, aidsmall, strlen(aidsmall)) == 0) + return true; + + return false; +} + +bool AIDGetFromElm(json_t *data, uint8_t *aid, size_t aidmaxlen, int *aidlen) { + *aidlen = 0; + const char *hexaid = jsonStrGet(data, "AID"); + if (hexaid == NULL || strlen(hexaid) == 0) + return false; + + int res = param_gethex_to_eol(hexaid, 0, aid, aidmaxlen, aidlen); + if (res) + return false; + + return true; +} + +int PrintAIDDescription(json_t *xroot, char *aid, bool verbose) { + int retval = PM3_SUCCESS; + + json_t *root = xroot; + if (root == NULL) + root = AIDSearchInit(verbose); + if (root == NULL) + goto out; + + json_t *elm = NULL; + int maxaidlen = 0; + for (int elmindx = 0; elmindx < json_array_size(root); elmindx++) { + json_t *data = AIDSearchGetElm(root, elmindx); + if (data == NULL) + continue; + const char *dictaid = jsonStrGet(data, "AID"); + if (aidCompare(aid, dictaid)) { // dictaid may be less length than requested aid + if (maxaidlen < strlen(dictaid) && strlen(dictaid) <= strlen(aid)) { + maxaidlen = strlen(dictaid); + elm = data; + } + } + } + + if (elm == NULL) + goto out; + + // print here + const char *vaid = jsonStrGet(elm, "AID"); + const char *vendor = jsonStrGet(elm, "Vendor"); + const char *name = jsonStrGet(elm, "Name"); + const char *country = jsonStrGet(elm, "Country"); + const char *description = jsonStrGet(elm, "Description"); + const char *type = jsonStrGet(elm, "Type"); + + if (!verbose) { + PrintAndLogEx(SUCCESS, "AID %s | %s | %s", vaid, vendor, name); + } else { + PrintAndLogEx(SUCCESS, "Input AID: %s", aid); + if (aid) + PrintAndLogEx(SUCCESS, "Found AID: %s", vaid); + if (vendor) + PrintAndLogEx(SUCCESS, "Vendor: %s", vendor); + if (type) + PrintAndLogEx(SUCCESS, "Type: %s", type); + if (name) + PrintAndLogEx(SUCCESS, "Name: %s", name); + if (country) + PrintAndLogEx(SUCCESS, "Country: %s", country); + if (description) + PrintAndLogEx(SUCCESS, "Description: %s", description); + } + +out: + if (xroot == NULL) + AIDSearchFree(root); + return retval; +} + +int PrintAIDDescriptionBuf(json_t *root, uint8_t *aid, size_t aidlen, bool verbose) { + return PrintAIDDescription(root, sprint_hex_inrow(aid, aidlen), verbose); +} + diff --git a/client/aidsearch.h b/client/aidsearch.h new file mode 100644 index 000000000..9997d3868 --- /dev/null +++ b/client/aidsearch.h @@ -0,0 +1,28 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2019 merlokk +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Proxmark3 RDV40 AID list library +//----------------------------------------------------------------------------- + +#ifndef AIDSEARCH_H__ +#define AIDSEARCH_H__ + +#include "common.h" + +#include +#include + +#include + +int PrintAIDDescription(json_t *root, char *aid, bool verbose); +int PrintAIDDescriptionBuf(json_t *root, uint8_t *aid, size_t aidlen, bool verbose); +json_t *AIDSearchInit(bool verbose); +json_t *AIDSearchGetElm(json_t *root, int elmindx); +bool AIDGetFromElm(json_t *data, uint8_t *aid, size_t aidmaxlen, int *aidlen); +int AIDSearchFree(); + +#endif diff --git a/client/cmddata.c b/client/cmddata.c index 499db7128..d13eee46d 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -812,7 +812,7 @@ int AutoCorrelate(const int *in, int *out, size_t len, size_t window, bool SaveG // sanity check if (window > len) window = len; - if (verbose) PrintAndLogEx(INFO, "performing " _YELLOW_("%zu")" correlations", GraphTraceLen - window); + if (verbose) PrintAndLogEx(INFO, "performing " _YELLOW_("%zu") "correlations", GraphTraceLen - window); //test double autocv = 0.0; // Autocovariance value @@ -868,9 +868,9 @@ int AutoCorrelate(const int *in, int *out, size_t len, size_t window, bool SaveG if (verbose && foo < bar) { distance = idx_1 - idx; - PrintAndLogEx(SUCCESS, "possible visible correlation %4d samples", distance); + PrintAndLogEx(SUCCESS, "possible visible correlation "_YELLOW_("%4d") "samples", distance); } else if (verbose && (correlation > 1)) { - PrintAndLogEx(SUCCESS, "possible correlation %4zu samples", correlation); + PrintAndLogEx(SUCCESS, "possible correlation " _YELLOW_("%4zu") "samples", correlation); } else { PrintAndLogEx(FAILED, "no repeating pattern found, try increasing window size"); } diff --git a/client/cmdhf.c b/client/cmdhf.c index 1960de2ee..dd21c2649 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -91,7 +91,7 @@ int CmdHFSearch(const char *Cmd) { PROMPT_CLEARLINE; PrintAndLogEx(INPLACE, "Searching for ISO14443-A tag..."); if (IfPm3Iso14443a()) { - if (infoHF14A(false, false) > 0) { + if (infoHF14A(false, false, false) > 0) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("ISO14443-A tag") " found\n"); return PM3_SUCCESS; } diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 519a8b0f2..2f8473d1c 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -26,6 +26,7 @@ #include "ui.h" #include "crc16.h" #include "util_posix.h" // msclock +#include "aidsearch.h" bool APDUInFramingEnable = true; @@ -226,13 +227,6 @@ static int usage_hf_14a_reader(void) { PrintAndLogEx(NORMAL, " 3 ISO14443-3 select only (skip RATS)"); return 0; } -static int usage_hf_14a_info(void) { - PrintAndLogEx(NORMAL, "This command makes more extensive tests against a ISO14443a tag in order to collect information"); - PrintAndLogEx(NORMAL, "Usage: hf 14a info [h|s]"); - PrintAndLogEx(NORMAL, " s silent (no messages)"); - PrintAndLogEx(NORMAL, " n test for nack bug"); - return 0; -} static int CmdHF14AList(const char *Cmd) { (void)Cmd; // Cmd is not used so far @@ -367,12 +361,30 @@ static int CmdHF14AReader(const char *Cmd) { } static int CmdHF14AInfo(const char *Cmd) { + bool verbose = false; + bool do_nack_test = false; + bool do_aid_search = false; - if (Cmd[0] == 'h' || Cmd[0] == 'H') return usage_hf_14a_info(); + CLIParserInit("hf 14a info", + "This command makes more extensive tests against a ISO14443a tag in order to collect information", + "Sample:\n\thf 14a info -nsv - shows full information about the card\n"); - bool verbose = !(Cmd[0] == 's' || Cmd[0] == 'S'); - bool do_nack_test = (Cmd[0] == 'n' || Cmd[0] == 'N'); - infoHF14A(verbose, do_nack_test); + void *argtable[] = { + arg_param_begin, + arg_lit0("vV", "verbose", "adds some information to results"), + arg_lit0("nN", "nacktest", "test for nack bug"), + arg_lit0("sS", "aidsearch", "checks if AIDs from aidlist.json is present on the card and prints information about found AIDs"), + arg_param_end + }; + CLIExecWithReturn(Cmd, argtable, true); + + verbose = arg_get_lit(1); + do_nack_test = arg_get_lit(2); + do_aid_search = arg_get_lit(3); + + CLIParserFree(); + + infoHF14A(verbose, do_nack_test, do_aid_search); return 0; } @@ -1225,7 +1237,7 @@ int CmdHF14A(const char *Cmd) { return CmdsParse(CommandTable, Cmd); } -int infoHF14A(bool verbose, bool do_nack_test) { +int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { clearCommandBuffer(); SendCommandMIX(CMD_HF_ISO14443A_READER, ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0, NULL, 0); PacketResponseNG resp; @@ -1493,6 +1505,72 @@ int infoHF14A(bool verbose, bool do_nack_test) { } } } + + if (do_aid_search) { + int elmindx = 0; + json_t *root = AIDSearchInit(verbose); + if (root != NULL) { + bool ActivateField = true; + for (elmindx = 0; elmindx < json_array_size(root); elmindx++) { + json_t *data = AIDSearchGetElm(root, elmindx); + uint8_t vaid[200] = {0}; + int vaidlen = 0; + if (!AIDGetFromElm(data, vaid, sizeof(vaid), &vaidlen) || !vaidlen) + continue; + + uint16_t sw = 0; + uint8_t result[1024] = {0}; + size_t resultlen = 0; + int res = EMVSelect(ECC_CONTACTLESS, ActivateField, true, vaid, vaidlen, result, sizeof(result), &resultlen, &sw, NULL); + ActivateField = false; + if (res) + continue; + + uint8_t dfname[200] = {0}; + size_t dfnamelen = 0; + if (resultlen > 3) { + struct tlvdb *tlv = tlvdb_parse_multi(result, resultlen); + if (tlv) { + // 0x84 Dedicated File (DF) Name + const struct tlv *dfnametlv = tlvdb_get_tlv(tlvdb_find_full(tlv, 0x84)); + if (dfnametlv) { + dfnamelen = dfnametlv->len; + memcpy(dfname, dfnametlv->value, dfnamelen); + } + tlvdb_free(tlv); + } + } + + if (sw == 0x9000 || sw == 0x6283 || sw == 0x6285) { + if (sw == 0x9000) { + if (verbose) PrintAndLogEx(NORMAL, "------------- Application OK -----------"); + } else { + if (verbose) PrintAndLogEx(NORMAL, "----------- Application blocked --------"); + } + + PrintAIDDescriptionBuf(root, vaid, vaidlen, verbose); + + if (dfnamelen) { + if (dfnamelen == vaidlen) { + if (memcmp(dfname, vaid, vaidlen) == 0) { + if (verbose) PrintAndLogEx(INFO, "(DF) Name found and equal to AID"); + } else { + PrintAndLogEx(INFO, "(DF) Name not equal to AID: %s :", sprint_hex(dfname, dfnamelen)); + PrintAIDDescriptionBuf(root, dfname, dfnamelen, verbose); + } + } else { + PrintAndLogEx(INFO, "(DF) Name not equal to AID: %s :", sprint_hex(dfname, dfnamelen)); + PrintAIDDescriptionBuf(root, dfname, dfnamelen, verbose); + } + } else { + if (verbose) PrintAndLogEx(INFO, "(DF) Name not found"); + } + } + + } + DropField(); + } + } } else { PrintAndLogEx(INFO, "proprietary non iso14443-4 card found, RATS not supported"); } diff --git a/client/cmdhf14a.h b/client/cmdhf14a.h index 9c42b9afd..fcea5f5cf 100644 --- a/client/cmdhf14a.h +++ b/client/cmdhf14a.h @@ -26,7 +26,7 @@ int CmdHF14A(const char *Cmd); int CmdHF14ASniff(const char *Cmd); // used by hf topaz sniff int CmdHF14ASim(const char *Cmd); // used by hf mfu sim -int infoHF14A(bool verbose, bool do_nack_test); +int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search); const char *getTagInfo(uint8_t uid); int Hf14443_4aGetCardData(iso14a_card_select_t *card); int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen); diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c index 2afb5f3aa..fe11d4c60 100644 --- a/client/cmdhffelica.c +++ b/client/cmdhffelica.c @@ -47,15 +47,19 @@ static int usage_hf_felica_sim(void) { */ static int usage_hf_felica_sniff(void) { - PrintAndLogEx(NORMAL, "It get data from the field and saves it into command buffer."); - PrintAndLogEx(NORMAL, "Buffer accessible from command 'hf list felica'"); - PrintAndLogEx(NORMAL, "Usage: hf felica sniff "); - PrintAndLogEx(NORMAL, " s samples to skip (decimal)"); - PrintAndLogEx(NORMAL, " t triggers to skip (decimal)"); + PrintAndLogEx(NORMAL, "\nInfo: It get data from the field and saves it into command buffer. "); + PrintAndLogEx(NORMAL, " Buffer accessible from command 'hf list felica'"); + PrintAndLogEx(NORMAL, "\nUsage: hf felica sniff [-h] [-s] [-t]"); + PrintAndLogEx(NORMAL, " -h this help"); + PrintAndLogEx(NORMAL, " -s samples to skip (decimal) max 9999"); + PrintAndLogEx(NORMAL, " -t triggers to skip (decimal) max 9999"); + PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf felica sniff s 1000"); + PrintAndLogEx(NORMAL, " hf felica sniff"); + PrintAndLogEx(NORMAL, " hf felica sniff -s 10 -t 10"); return PM3_SUCCESS; } + static int usage_hf_felica_simlite(void) { PrintAndLogEx(NORMAL, "\n Emulating ISO/18092 FeliCa Lite tag \n"); PrintAndLogEx(NORMAL, "Usage: hf felica litesim [h] u "); @@ -66,6 +70,7 @@ static int usage_hf_felica_simlite(void) { PrintAndLogEx(NORMAL, " hf felica litesim 11223344556677"); return PM3_SUCCESS; } + static int usage_hf_felica_dumplite(void) { PrintAndLogEx(NORMAL, "\n Dump ISO/18092 FeliCa Lite tag \n"); PrintAndLogEx(NORMAL, "press button to abort run, otherwise it will loop for 200sec."); @@ -76,6 +81,7 @@ static int usage_hf_felica_dumplite(void) { PrintAndLogEx(NORMAL, " hf felica litedump"); return PM3_SUCCESS; } + static int usage_hf_felica_raw(void) { PrintAndLogEx(NORMAL, "Usage: hf felica raw [-h] [-r] [-c] [-p] [-a] <0A 0B 0C ... hex>"); PrintAndLogEx(NORMAL, " -h this help"); @@ -218,13 +224,61 @@ static int usage_hf_felica_write_without_encryption() { PrintAndLogEx(NORMAL, " - Un-/Successful read: Card responses with Status Flag1 and Flag2"); print_status_flag1_interpretation(); print_status_flag2_interpration(); - PrintAndLogEx(NORMAL, "\nUsage: hf felica wrunencrypted [-h] <01 Number of Service hex> <0A0B Service Code List (Little Endian) hex> <01 Number of Block hex> <0A0B Block List Element hex> <0A0B0C0D0E0F... Data hex (16-Byte)>"); + PrintAndLogEx(NORMAL, "\nUsage: hf felica wrunencrypted [-h][-i] <01 Number of Service hex> <0A0B Service Code List (Little Endian) hex> <01 Number of Block hex> <0A0B Block List Element hex> <0A0B0C0D0E0F... Data hex (16-Byte)>"); PrintAndLogEx(NORMAL, " -h this help"); PrintAndLogEx(NORMAL, " -i <0A0B0C ... hex> set custom IDm to use\n"); - PrintAndLogEx(NORMAL, " hf felica wrunencrypted 01 CB10 01 8001 0102030405060708090A0B0C0D0E0F10\n\n"); - PrintAndLogEx(NORMAL, "\nExamples: "); - PrintAndLogEx(NORMAL, " hf felica wrunencrypted "); + PrintAndLogEx(NORMAL, " hf felica wrunencrypted 01 CB10 01 8001 0102030405060708090A0B0C0D0E0F10"); + PrintAndLogEx(NORMAL, " hf felica wrunencrypted -i 11100910C11BC407 01 CB10 01 8001 0102030405060708090A0B0C0D0E0F10\n\n"); + return PM3_SUCCESS; +} + +static int usage_hf_felica_request_system_code() { + PrintAndLogEx(NORMAL, "\nInfo: Use this command to acquire System Code registered to the card."); + PrintAndLogEx(NORMAL, " - If a card is divided into more than one System, this command acquires System Code of each System existing in the card."); + PrintAndLogEx(NORMAL, "\nUsage: hf felica rqsyscode [-h] [-i]"); + PrintAndLogEx(NORMAL, " -h this help"); + PrintAndLogEx(NORMAL, " -i <0A0B0C ... hex> set custom IDm to use"); + PrintAndLogEx(NORMAL, "\nExamples: "); + PrintAndLogEx(NORMAL, " hf felica rqsyscode "); + PrintAndLogEx(NORMAL, " hf felica rqsyscode -i 11100910C11BC407\n\n"); + return PM3_SUCCESS; +} + +static int usage_hf_felica_reset_mode() { + PrintAndLogEx(NORMAL, "\nInfo: Use this command to reset Mode to Mode 0."); + print_status_flag1_interpretation(); + print_status_flag2_interpration(); + PrintAndLogEx(NORMAL, "\nUsage: hf felica resetmode [-h][-i][-r]"); + PrintAndLogEx(NORMAL, " -h this help"); + PrintAndLogEx(NORMAL, " -i <0A0B0C ... hex> set custom IDm to use"); + PrintAndLogEx(NORMAL, " -r <0A0B hex> set custom reserve to use"); + PrintAndLogEx(NORMAL, "\nExamples: "); + PrintAndLogEx(NORMAL, " hf felica resetmode "); + PrintAndLogEx(NORMAL, " hf felica resetmode -r 0001"); + PrintAndLogEx(NORMAL, " hf felica resetmode -i 11100910C11BC407\n\n"); + return PM3_SUCCESS; +} + +static int usage_hf_felica_request_specification_version() { + PrintAndLogEx(NORMAL, "\nInfo: Use this command to acquire the version of card OS."); + PrintAndLogEx(NORMAL, " - Response:"); + PrintAndLogEx(NORMAL, " - Format Version: Fixed value 00h. Provided only if Status Flag1 = 00h."); + PrintAndLogEx(NORMAL, " - Basic Version: Each value of version is expressed in BCD notation . Provided only if Status Flag1 = 00h."); + PrintAndLogEx(NORMAL, " - Number of Option: value = 0: AES card, value = 1: AES/DES card. Provided only if Status Flag1 = 00h."); + PrintAndLogEx(NORMAL, " - Option Version List: Provided only if Status Flag1 = 00h."); + PrintAndLogEx(NORMAL, " - For AES card: not added."); + PrintAndLogEx(NORMAL, " - For AES/DES card: DES option version is added - BCD notation ."); + print_status_flag1_interpretation(); + print_status_flag2_interpration(); + PrintAndLogEx(NORMAL, "\nUsage: hf felica rqspecver [-h][-i][-r]"); + PrintAndLogEx(NORMAL, " -h this help"); + PrintAndLogEx(NORMAL, " -i <0A0B0C ... hex> set custom IDm to use"); + PrintAndLogEx(NORMAL, " -r <0A0B hex> set custom reserve to use"); + PrintAndLogEx(NORMAL, "\nExamples: "); + PrintAndLogEx(NORMAL, " hf felica rqspecver "); + PrintAndLogEx(NORMAL, " hf felica rqspecver -r 0001"); + PrintAndLogEx(NORMAL, " hf felica rqspecver -i 11100910C11BC407\n\n"); return PM3_SUCCESS; } @@ -240,6 +294,7 @@ static bool waitCmdFelica(uint8_t iSelect, PacketResponseNG *resp, bool verbose) PrintAndLogEx(NORMAL, "Client Received %i octets", len); if (!len || len < 2) { PrintAndLogEx(ERR, "Could not receive data correctly!"); + return false; } PrintAndLogEx(NORMAL, "%s", sprint_hex(resp->data.asBytes, len)); if (!check_crc(CRC_FELICA, resp->data.asBytes + 2, len - 2)) { @@ -466,7 +521,7 @@ static int CmdHFFelicaWriteWithoutEncryption(const char *Cmd) { switch (Cmd[i + 1]) { case 'H': case 'h': - return usage_hf_felica_request_response(); + return usage_hf_felica_write_without_encryption(); case 'i': paramCount++; custom_IDm = true; @@ -476,6 +531,8 @@ static int CmdHFFelicaWriteWithoutEncryption(const char *Cmd) { paramCount++; i += 16; break; + default: + return usage_hf_felica_write_without_encryption(); } } i++; @@ -535,7 +592,7 @@ static int CmdHFFelicaReadWithoutEncryption(const char *Cmd) { switch (Cmd[i + 1]) { case 'H': case 'h': - return usage_hf_felica_request_response(); + return usage_hf_felica_read_without_encryption(); case 'i': paramCount++; custom_IDm = true; @@ -553,6 +610,8 @@ static int CmdHFFelicaReadWithoutEncryption(const char *Cmd) { paramCount++; long_block_numbers = true; break; + default: + return usage_hf_felica_read_without_encryption(); } } i++; @@ -641,6 +700,8 @@ static int CmdHFFelicaRequestResponse(const char *Cmd) { paramCount++; i += 16; break; + default: + return usage_hf_felica_request_response(); } } i++; @@ -672,6 +733,234 @@ static int CmdHFFelicaRequestResponse(const char *Cmd) { } +/** + * Command parser for rqspecver + * @param Cmd input data of the user. + * @return client result code. + */ +static int CmdHFFelicaRequestSpecificationVersion(const char *Cmd) { + uint8_t data[PM3_CMD_DATA_SIZE]; + bool custom_IDm = false; + bool custom_reserve = false; + strip_cmds(Cmd); + uint16_t datalen = 12; // Length (1), Command ID (1), IDm (8), Reserved (2) + uint8_t paramCount = 0; + uint8_t flags = 0; + int i = 0; + while (Cmd[i] != '\0') { + if (Cmd[i] == '-') { + switch (Cmd[i + 1]) { + case 'H': + case 'h': + return usage_hf_felica_request_specification_version(); + case 'i': + paramCount++; + custom_IDm = true; + if (!add_param(Cmd, paramCount, data, 2, 16)) { + return PM3_EINVARG; + } + paramCount++; + i += 16; + break; + case 'r': + paramCount++; + custom_reserve = true; + if (!add_param(Cmd, paramCount, data, 10, 4)) { + return PM3_EINVARG; + } + paramCount++; + i += 4; + break; + default: + return usage_hf_felica_request_specification_version(); + } + } + i++; + } + data[0] = 0x0C; // Static length + data[1] = 0x3C; // Command ID + if (!custom_reserve) { + data[10] = 0x00; // Reserved Value + data[11] = 0x00; // Reserved Value + } + if (!custom_IDm && !check_last_idm(data, datalen)) { + return PM3_EINVARG; + } + AddCrc(data, datalen); + datalen += 2; + flags |= FELICA_APPEND_CRC; + flags |= FELICA_RAW; + clear_and_send_command(flags, datalen, data, 0); + PacketResponseNG resp; + if (!waitCmdFelica(0, &resp, 1)) { + PrintAndLogEx(ERR, "\nGot no Response from card"); + return PM3_ERFTRANS; + } else { + felica_request_spec_response_t spec_response; + memcpy(&spec_response, (felica_request_spec_response_t *)resp.data.asBytes, sizeof(felica_request_spec_response_t)); + if (spec_response.frame_response.IDm[0] != 0) { + PrintAndLogEx(SUCCESS, "\nGot Request Response:"); + PrintAndLogEx(NORMAL, "\nIDm: %s", sprint_hex(spec_response.frame_response.IDm, sizeof(spec_response.frame_response.IDm))); + PrintAndLogEx(NORMAL, "Status Flag1: %s", sprint_hex(spec_response.status_flags.status_flag1, sizeof(spec_response.status_flags.status_flag1))); + PrintAndLogEx(NORMAL, "Status Flag2: %s", sprint_hex(spec_response.status_flags.status_flag2, sizeof(spec_response.status_flags.status_flag2))); + if (spec_response.status_flags.status_flag1[0] == 0x00) { + PrintAndLogEx(NORMAL, "Format Version: %s", sprint_hex(spec_response.format_version, sizeof(spec_response.format_version))); + PrintAndLogEx(NORMAL, "Basic Version: %s", sprint_hex(spec_response.basic_version, sizeof(spec_response.basic_version))); + PrintAndLogEx(NORMAL, "Number of Option: %s", sprint_hex(spec_response.number_of_option, sizeof(spec_response.number_of_option))); + if (spec_response.number_of_option[0] == 0x01) { + PrintAndLogEx(NORMAL, "Option Version List:"); + for (uint8_t i = 0; i < spec_response.number_of_option[0]; i++) { + PrintAndLogEx(NORMAL, " - %s", sprint_hex(spec_response.option_version_list + i * 2, sizeof(uint8_t) * 2)); + } + } + } + } + } + return PM3_SUCCESS; +} + + +/** + * Command parser for resetmode + * @param Cmd input data of the user. + * @return client result code. + */ +static int CmdHFFelicaResetMode(const char *Cmd) { + uint8_t data[PM3_CMD_DATA_SIZE]; + bool custom_IDm = false; + bool custom_reserve = false; + strip_cmds(Cmd); + uint16_t datalen = 12; // Length (1), Command ID (1), IDm (8), Reserved (2) + uint8_t paramCount = 0; + uint8_t flags = 0; + int i = 0; + while (Cmd[i] != '\0') { + if (Cmd[i] == '-') { + switch (Cmd[i + 1]) { + case 'H': + case 'h': + return usage_hf_felica_reset_mode(); + case 'i': + paramCount++; + custom_IDm = true; + if (!add_param(Cmd, paramCount, data, 2, 16)) { + return PM3_EINVARG; + } + paramCount++; + i += 16; + break; + case 'r': + paramCount++; + custom_reserve = true; + if (!add_param(Cmd, paramCount, data, 10, 4)) { + return PM3_EINVARG; + } + paramCount++; + i += 4; + break; + default: + return usage_hf_felica_reset_mode(); + } + } + i++; + } + data[0] = 0x0C; // Static length + data[1] = 0x3E; // Command ID + if (!custom_reserve) { + data[10] = 0x00; // Reserved Value + data[11] = 0x00; // Reserved Value + } + if (!custom_IDm && !check_last_idm(data, datalen)) { + return PM3_EINVARG; + } + AddCrc(data, datalen); + datalen += 2; + flags |= FELICA_APPEND_CRC; + flags |= FELICA_RAW; + clear_and_send_command(flags, datalen, data, 0); + PacketResponseNG resp; + if (!waitCmdFelica(0, &resp, 1)) { + PrintAndLogEx(ERR, "\nGot no Response from card"); + return PM3_ERFTRANS; + } else { + felica_status_response_t reset_mode_response; + memcpy(&reset_mode_response, (felica_status_response_t *)resp.data.asBytes, sizeof(felica_status_response_t)); + if (reset_mode_response.frame_response.IDm[0] != 0) { + PrintAndLogEx(SUCCESS, "\nGot Request Response:"); + PrintAndLogEx(NORMAL, "\nIDm: %s", sprint_hex(reset_mode_response.frame_response.IDm, sizeof(reset_mode_response.frame_response.IDm))); + PrintAndLogEx(NORMAL, "Status Flag1: %s", sprint_hex(reset_mode_response.status_flags.status_flag1, sizeof(reset_mode_response.status_flags.status_flag1))); + PrintAndLogEx(NORMAL, "Status Flag2: %s\n", sprint_hex(reset_mode_response.status_flags.status_flag2, sizeof(reset_mode_response.status_flags.status_flag2))); + } + } + return PM3_SUCCESS; +} + + + +/** + * Command parser for rqsyscode + * @param Cmd input data of the user. + * @return client result code. + */ +static int CmdHFFelicaRequestSystemCode(const char *Cmd) { + uint8_t data[PM3_CMD_DATA_SIZE]; + bool custom_IDm = false; + strip_cmds(Cmd); + uint16_t datalen = 10; // Length (1), Command ID (1), IDm (8) + uint8_t paramCount = 0; + uint8_t flags = 0; + int i = 0; + while (Cmd[i] != '\0') { + if (Cmd[i] == '-') { + switch (Cmd[i + 1]) { + case 'H': + case 'h': + return usage_hf_felica_request_system_code(); + case 'i': + paramCount++; + custom_IDm = true; + if (!add_param(Cmd, paramCount, data, 2, 16)) { + return PM3_EINVARG; + } + paramCount++; + i += 16; + break; + default: + return usage_hf_felica_request_system_code(); + } + } + i++; + } + data[0] = 0x0A; // Static length + data[1] = 0x0C; // Command ID + if (!custom_IDm && !check_last_idm(data, datalen)) { + return PM3_EINVARG; + } + AddCrc(data, datalen); + datalen += 2; + flags |= FELICA_APPEND_CRC; + flags |= FELICA_RAW; + clear_and_send_command(flags, datalen, data, 0); + PacketResponseNG resp; + if (!waitCmdFelica(0, &resp, 1)) { + PrintAndLogEx(ERR, "\nGot no Response from card"); + return PM3_ERFTRANS; + } else { + felica_syscode_response_t rq_syscode_response; + memcpy(&rq_syscode_response, (felica_syscode_response_t *)resp.data.asBytes, sizeof(felica_syscode_response_t)); + if (rq_syscode_response.frame_response.IDm[0] != 0) { + PrintAndLogEx(SUCCESS, "\nGot Request Response:"); + PrintAndLogEx(NORMAL, "IDm: %s", sprint_hex(rq_syscode_response.frame_response.IDm, sizeof(rq_syscode_response.frame_response.IDm))); + PrintAndLogEx(NORMAL, " - Number of Systems: %s", sprint_hex(rq_syscode_response.number_of_systems, sizeof(rq_syscode_response.number_of_systems))); + PrintAndLogEx(NORMAL, " - System Codes: enumerated in ascending order starting from System 0."); + for (uint8_t i = 0; i < rq_syscode_response.number_of_systems[0]; i++) { + PrintAndLogEx(NORMAL, " - %s", sprint_hex(rq_syscode_response.system_code_list + i * 2, sizeof(uint8_t) * 2)); + } + } + } + return PM3_SUCCESS; +} + /** * Command parser for rqservice. * @param Cmd input data of the user. @@ -766,103 +1055,57 @@ static int CmdHFFelicaNotImplementedYet(const char *Cmd) { return PM3_SUCCESS; } -// simulate iso18092 / FeliCa tag -// Commented, there is no counterpart in ARM at the moment -/* -static int CmdHFFelicaSim(const char *Cmd) { - bool errors = false; - uint8_t flags = 0; - uint8_t tagtype = 1; - uint8_t cmdp = 0; - uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - int uidlen = 0; - bool verbose = false; - - while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { - switch (param_getchar(Cmd, cmdp)) { - case 'h': - case 'H': - return usage_hf_felica_sim(); - case 't': - case 'T': - // Retrieve the tag type - tagtype = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (tagtype == 0) - errors = true; - cmdp += 2; - break; - case 'u': - case 'U': - // Retrieve the full 4,7,10 byte long uid - param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen); - if (!errors) { - PrintAndLogEx(NORMAL, "Emulating ISO18092/FeliCa tag with %d byte UID (%s)", uidlen >> 1, sprint_hex(uid, uidlen >> 1)); - } - cmdp += 2; - break; - case 'v': - case 'V': - verbose = true; - cmdp++; - break; - case 'e': - case 'E': - cmdp++; - break; - default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = true; - break; - } - } - - //Validations - if (errors || cmdp == 0) return usage_hf_felica_sim(); - - clearCommandBuffer(); - SendCommandOLD(CMD_HF_FELICA_SIMULATE, tagtype, flags, 0, uid, uidlen >> 1); - PacketResponseNG resp; - - if (verbose) - PrintAndLogEx(NORMAL, "Press pm3-button to abort simulation"); - - while (!kbd_enter_pressed()) { - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) continue; - } - return PM3_SUCCESS; -} -*/ - static int CmdHFFelicaSniff(const char *Cmd) { - uint8_t cmdp = 0; + uint8_t paramCount = 0; uint64_t samples2skip = 0; uint64_t triggers2skip = 0; - bool errors = false; - - while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { - switch (param_getchar(Cmd, cmdp)) { - case 'h': - case 'H': - return usage_hf_felica_sniff(); - case 's': - case 'S': - samples2skip = param_get32ex(Cmd, cmdp + 1, 0, 10); - cmdp += 2; - break; - case 't': - case 'T': - triggers2skip = param_get32ex(Cmd, cmdp + 1, 0, 10); - cmdp += 2; - break; - default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = true; - break; + strip_cmds(Cmd); + int i = 0; + while (Cmd[i] != '\0') { + if (Cmd[i] == '-') { + switch (Cmd[i + 1]) { + case 'h': + case 'H': + return usage_hf_felica_sniff(); + case 's': + case 'S': + paramCount++; + if (param_getlength(Cmd, paramCount) < 5) { + samples2skip = param_get32ex(Cmd, paramCount++, 0, 10); + } else { + PrintAndLogEx(ERR, "Invalid samples number!"); + return PM3_EINVARG; + } + break; + case 't': + case 'T': + paramCount++; + if (param_getlength(Cmd, paramCount) < 5) { + triggers2skip = param_get32ex(Cmd, paramCount++, 0, 10); + } else { + PrintAndLogEx(ERR, "Invalid triggers number!"); + return PM3_EINVARG; + } + break; + default: + PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, paramCount)); + return usage_hf_felica_sniff(); + } + i += 2; } + i++; + } + if (samples2skip <= 0) { + samples2skip = 10; + PrintAndLogEx(INFO, "Set default samples2skip: %i", samples2skip); + } + if (triggers2skip <= 0) { + triggers2skip = 5000; + PrintAndLogEx(INFO, "Set default triggers2skip: %i", triggers2skip); } - //Validations - if (errors || cmdp == 0) return usage_hf_felica_sniff(); + PrintAndLogEx(INFO, "Start Sniffing now. You can stop sniffing with clicking the PM3 Button"); + PrintAndLogEx(INFO, "During sniffing, other pm3 commands may not response."); clearCommandBuffer(); SendCommandMIX(CMD_HF_FELICA_SNIFF, samples2skip, triggers2skip, 0, NULL, 0); return PM3_SUCCESS; @@ -1277,15 +1520,15 @@ static command_t CommandTable[] = { {"rdunencrypted", CmdHFFelicaReadWithoutEncryption, IfPm3Felica, "read Block Data from authentication-not-required Service."}, {"wrunencrypted", CmdHFFelicaWriteWithoutEncryption, IfPm3Felica, "write Block Data to an authentication-not-required Service."}, {"scsvcode", CmdHFFelicaNotImplementedYet, IfPm3Felica, "acquire Area Code and Service Code."}, - //{"rqsyscode", CmdHFFelicaNotImplementedYet, IfPm3Felica, "acquire System Code registered to the card."}, + {"rqsyscode", CmdHFFelicaRequestSystemCode, IfPm3Felica, "acquire System Code registered to the card."}, //{"auth1", CmdHFFelicaNotImplementedYet, IfPm3Felica, "authenticate a card."}, //{"auth2", CmdHFFelicaNotImplementedYet, IfPm3Felica, "allow a card to authenticate a Reader/Writer."}, //{"read", CmdHFFelicaNotImplementedYet, IfPm3Felica, "read Block Data from authentication-required Service."}, //{"write", CmdHFFelicaNotImplementedYet, IfPm3Felica, "write Block Data to an authentication-required Service."}, //{"scsvcodev2", CmdHFFelicaNotImplementedYet, IfPm3Felica, "verify the existence of Area or Service, and to acquire Key Version."}, //{"getsysstatus", CmdHFFelicaNotImplementedYet, IfPm3Felica, "acquire the setup information in System."}, - //{"rqspecver", CmdHFFelicaNotImplementedYet, IfPm3Felica, "acquire the version of card OS."}, - //{"resetmode", CmdHFFelicaNotImplementedYet, IfPm3Felica, "reset Mode to Mode 0."}, + {"rqspecver", CmdHFFelicaRequestSpecificationVersion, IfPm3Felica, "acquire the version of card OS."}, + {"resetmode", CmdHFFelicaResetMode, IfPm3Felica, "reset Mode to Mode 0."}, //{"auth1v2", CmdHFFelicaNotImplementedYet, IfPm3Felica, "authenticate a card."}, //{"auth2v2", CmdHFFelicaNotImplementedYet, IfPm3Felica, "allow a card to authenticate a Reader/Writer."}, //{"readv2", CmdHFFelicaNotImplementedYet, IfPm3Felica, "read Block Data from authentication-required Service."}, diff --git a/client/cmdhffido.c b/client/cmdhffido.c index 8930e237d..a0a8793c0 100644 --- a/client/cmdhffido.c +++ b/client/cmdhffido.c @@ -47,7 +47,7 @@ static int CmdHFFidoInfo(const char *cmd) { PrintAndLogEx(WARNING, "WARNING: command doesn't have any parameters.\n"); // info about 14a part - infoHF14A(false, false); + infoHF14A(false, false, false); // FIDO info PrintAndLogEx(NORMAL, "--------------------------------------------"); diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 737405787..71ae81926 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -97,6 +97,10 @@ uint8_t iso15693_CRC_check(uint8_t *d, uint8_t n) { return check_crc(CRC_15693, d, n); } +uint8_t felica_CRC_check(uint8_t *d, uint8_t n) { + return check_crc(CRC_FELICA, d, n); +} + /** * @brief iclass_CRC_Ok Checks CRC in command or response * @param isResponse @@ -889,8 +893,7 @@ void annotateLegic(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { } void annotateFelica(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { - - switch (cmd[0]) { + switch (cmd[3]) { case FELICA_POLL_REQ: snprintf(exp, size, "POLLING"); break; diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 0dda4ea17..42ae6e83b 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -31,6 +31,7 @@ void ClearAuthData(void); uint8_t iso14443A_CRC_check(bool isResponse, uint8_t *d, uint8_t n); uint8_t iso14443B_CRC_check(uint8_t *d, uint8_t n); +uint8_t felica_CRC_check(uint8_t *d, uint8_t n); uint8_t mifare_CRC_check(bool isResponse, uint8_t *data, uint8_t len); uint8_t iso15693_CRC_check(uint8_t *d, uint8_t n); uint8_t iclass_CRC_check(bool isResponse, uint8_t *d, uint8_t n); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 16e4029db..23b418599 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -533,7 +533,7 @@ static int CmdHF14AMfWrBl(const char *Cmd) { if (strlen(Cmd) < 3) { PrintAndLogEx(NORMAL, "Usage: hf mf wrbl "); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F"); + PrintAndLogEx(NORMAL, " hf mf wrbl 1 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F"); return 0; } @@ -1967,7 +1967,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { // Store valid credentials for the nested / hardnested attack if none exist if (know_target_key == false) { - num_to_bytes(e_sector[i].Key[j], 6, tmp_key); + num_to_bytes(e_sector[i].Key[j], 6, key); know_target_key = true; blockNo = i; keyType = j; diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index f46384d12..17dd97289 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -24,100 +24,7 @@ uint8_t key_defa_data[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x uint8_t key_picc_data[16] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f }; static int CmdHelp(const char *Cmd); -/* -static int CmdHF14ADesWb(const char *Cmd) { - uint8_t blockNo = 0; - uint8_t keyType = 0; - uint8_t key[6] = {0, 0, 0, 0, 0, 0}; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - char cmdp = 0x00; - - if (strlen(Cmd)<3) { - PrintAndLogEx(NORMAL, "Usage: hf mf wrbl "); - PrintAndLogEx(NORMAL, " sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F"); - return 0; - } - - blockNo = param_get8(Cmd, 0); - cmdp = param_getchar(Cmd, 1); - if (cmdp == 0x00) { - PrintAndLogEx(NORMAL, "Key type must be A or B"); - return 1; - } - if (cmdp != 'A' && cmdp != 'a') keyType = 1; - if (param_gethex(Cmd, 2, key, 12)) { - PrintAndLogEx(NORMAL, "Key must include 12 HEX symbols"); - return 1; - } - if (param_gethex(Cmd, 3, bldata, 32)) { - PrintAndLogEx(NORMAL, "Block data must include 32 HEX symbols"); - return 1; - } - PrintAndLogEx(NORMAL, "--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6)); - PrintAndLogEx(NORMAL, "--data: %s", sprint_hex(bldata, 16)); - - uint8_t data[26]; - memcpy(data, key, 6); - memcpy(data + 10, bldata, 16); - SendCommandOLD(CMD_HF_MIFARE_WRITEBL, blockNo, keyType, 0, data, sizeof(data)); - - PacketResponseNG resp; - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.oldarg[0] & 0xff; - PrintAndLogEx(NORMAL, "isOk:%02x", isOK); - } else { - PrintAndLogEx(NORMAL, "Command execute timeout"); - } - return 0; -} - -static int CmdHF14ADesRb(const char *Cmd) { - uint8_t blockNo = 0; - uint8_t keyType = 0; - uint8_t key[6] = {0, 0, 0, 0, 0, 0}; - - char cmdp = 0x00; - - - if (strlen(Cmd)<3) { - PrintAndLogEx(NORMAL, "Usage: hf mf rdbl "); - PrintAndLogEx(NORMAL, " sample: hf mf rdbl 0 A FFFFFFFFFFFF "); - return 0; - } - - blockNo = param_get8(Cmd, 0); - cmdp = param_getchar(Cmd, 1); - if (cmdp == 0x00) { - PrintAndLogEx(NORMAL, "Key type must be A or B"); - return 1; - } - if (cmdp != 'A' && cmdp != 'a') keyType = 1; - if (param_gethex(Cmd, 2, key, 12)) { - PrintAndLogEx(NORMAL, "Key must include 12 HEX symbols"); - return 1; - } - PrintAndLogEx(NORMAL, "--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6)); - - - mf_readblock_t payload = { blockNo, keyType, key }; - SendCommandNG(CMD_HF_MIFARE_READBL, (uint8_t *)payload, sizeof(mf_readblock_t) ); - - PacketResponseNG resp; - if (WaitForResponseTimeout(CMD_HF_MIFARE_READBL, &resp, 1500)) { - uint8_t * data = resp.data.asBytes; - - if (resp.status == PM3_SUCCESS) - PrintAndLogEx(NORMAL, "isOk:%02x data:%s", isOK, sprint_hex(data, 16)); - else - PrintAndLogEx(NORMAL, "isOk:%02x", isOK); - } else { - PrintAndLogEx(NORMAL, "Command execute timeout"); - } - - return 0; -} -*/ static int CmdHF14ADesInfo(const char *Cmd) { (void)Cmd; // Cmd is not used so far diff --git a/client/cmdhfmfp.c b/client/cmdhfmfp.c index 58eb5db1a..c6af6305a 100644 --- a/client/cmdhfmfp.c +++ b/client/cmdhfmfp.c @@ -36,7 +36,7 @@ static int CmdHFMFPInfo(const char *cmd) { PrintAndLogEx(WARNING, "command don't have any parameters.\n"); // info about 14a part - infoHF14A(false, false); + infoHF14A(false, false, false); // Mifare Plus info SendCommandMIX(CMD_HF_ISO14443A_READER, ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0, NULL, 0); diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index 06f44e35d..d7bdce1fc 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -221,6 +221,16 @@ static int usage_hf_mfu_pwdgen(void) { return PM3_SUCCESS; } +static int usage_hf_mfu_otp_tearoff(void) { + PrintAndLogEx(NORMAL, "Tear-off test against OTP block on MFU tags - More help sooner or later\n"); + PrintAndLogEx(NORMAL, "Usage: hf mfu otptear [h]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h : this help"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " hf mfu otptear"); + return PM3_SUCCESS; +} + uint8_t default_3des_keys[][16] = { { 0x42, 0x52, 0x45, 0x41, 0x4b, 0x4d, 0x45, 0x49, 0x46, 0x59, 0x4f, 0x55, 0x43, 0x41, 0x4e, 0x21 }, // 3des std key @@ -2740,6 +2750,38 @@ static int CmdHF14AMfUPwdGen(const char *Cmd) { PrintAndLogEx(NORMAL, "--------------------"); return PM3_SUCCESS; } + +// +// MFU TearOff against OTP +// Moebius et al +// +static int CmdHF14AMfuOtpTearoff(const char *Cmd) { + uint8_t cmdp = 0; + bool errors = 0; + uint32_t len = strtol(Cmd, NULL, 0); + uint8_t data[PM3_CMD_DATA_SIZE] = {0}; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_hf_mfu_otp_tearoff(); + default: + break; + } + } + + if (errors) return usage_hf_mfu_otp_tearoff(); + + clearCommandBuffer(); + SendCommandNG(CMD_HF_MFU_OTP_TEAROFF, data, len); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_HF_MFU_OTP_TEAROFF, &resp, 4000)) { + PrintAndLogEx(WARNING, "Failed"); + return PM3_ESOFT; + } + return PM3_SUCCESS; +} + //------------------------------------ // Menu Stuff //------------------------------------ @@ -2757,6 +2799,7 @@ static command_t CommandTable[] = { {"sim", CmdHF14AMfUSim, IfPm3Iso14443a, "Simulate Ultralight from emulator memory"}, {"gen", CmdHF14AMfUGenDiverseKeys, AlwaysAvailable, "Generate 3des mifare diversified keys"}, {"pwdgen", CmdHF14AMfUPwdGen, AlwaysAvailable, "Generate pwd from known algos"}, + {"otptear", CmdHF14AMfuOtpTearoff, IfPm3Iso14443a, "Tear-off test on OTP bits"}, {NULL, NULL, NULL, NULL} }; diff --git a/client/cmdlfcotag.c b/client/cmdlfcotag.c index b4e8e96c8..9c55bf453 100644 --- a/client/cmdlfcotag.c +++ b/client/cmdlfcotag.c @@ -86,7 +86,7 @@ static int CmdCOTAGRead(const char *Cmd) { clearCommandBuffer(); SendCommandMIX(CMD_LF_COTAG_READ, rawsignal, 0, 0, NULL, 0); - if (!WaitForResponseTimeout(CMD_ACK, NULL, 7000)) { + if (!WaitForResponseTimeout(CMD_LF_COTAG_READ, NULL, 7000)) { PrintAndLogEx(WARNING, "command execution time out"); return PM3_ETIMEOUT; } diff --git a/client/cmdlffdx.c b/client/cmdlffdx.c index 17dbd2fd0..06e45f515 100644 --- a/client/cmdlffdx.c +++ b/client/cmdlffdx.c @@ -243,7 +243,7 @@ static int CmdFdxDemod(const char *Cmd) { uint8_t c[] = {0, 0}; compute_crc(CRC_11784, raw, sizeof(raw), &c[0], &c[1]); - PrintAndLogEx(SUCCESS, "CRC-16 0x%04X [ %s] ", crc, (crc == (c[1] << 8 | c[0]) ) ? _GREEN_("OK") : _RED_("Fail")); + PrintAndLogEx(SUCCESS, "CRC-16 0x%04X [ %s] ", crc, (crc == (c[1] << 8 | c[0])) ? _GREEN_("OK") : _RED_("Fail")); if (g_debugMode) { PrintAndLogEx(DEBUG, "Start marker %d; Size %zu", preambleIndex, size); @@ -313,7 +313,7 @@ static int CmdFdxSim(const char *Cmd) { countryid = param_get32ex(Cmd, 0, 0, 10); animalid = param_get64ex(Cmd, 1, 0, 10); - extended = param_get32ex(Cmd, 2, 0 , 10); + extended = param_get32ex(Cmd, 2, 0, 10); verify_values(&animalid, &countryid); diff --git a/client/cmdlfgallagher.c b/client/cmdlfgallagher.c index f8d513a13..9704afc60 100644 --- a/client/cmdlfgallagher.c +++ b/client/cmdlfgallagher.c @@ -6,7 +6,8 @@ // the license. //----------------------------------------------------------------------------- // Low frequency GALLAGHER tag commands -// NRZ, RF/32, 128 bits long (unknown cs) +// ASK/MAN, RF/32, 96 bits long (unknown cs) (0x00088060) +// sample Q5 , ASK RF/32, STT, 96 bits (3blocks) ( 0x9000F006) //----------------------------------------------------------------------------- #include "cmdlfgallagher.h" @@ -157,10 +158,11 @@ int detectGallagher(uint8_t *dest, size_t *size) { if (*size < 96) return -1; //make sure buffer has data size_t startIdx = 0; uint8_t preamble[] = { - 0, 0, 0, 0, 1, 1, 1, 1, + //0, 0, 0, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, - 0, 1, 1, 0, 0, 0, 0, 1 + 0, 1, 1, 0, 0, 0 }; if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) return -2; //preamble not found diff --git a/client/cmdlfjablotron.c b/client/cmdlfjablotron.c index a1f5b0592..f2f93c513 100644 --- a/client/cmdlfjablotron.c +++ b/client/cmdlfjablotron.c @@ -26,6 +26,8 @@ #include "lfdemod.h" // parityTest #include "cmdlft55xx.h" // verifywrite +#define JABLOTRON_ARR_LEN 64 + static int CmdHelp(const char *Cmd); static int usage_lf_jablotron_clone(void) { @@ -103,7 +105,7 @@ static int CmdJablotronDemod(const char *Cmd) { return PM3_ESOFT; } - setDemodBuff(DemodBuffer, 64, ans); + setDemodBuff(DemodBuffer, JABLOTRON_ARR_LEN, ans); setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock)); //got a good demod @@ -117,9 +119,12 @@ static int CmdJablotronDemod(const char *Cmd) { PrintAndLogEx(SUCCESS, "Jablotron Tag Found: Card ID: %"PRIx64" :: Raw: %08X%08X", id, raw1, raw2); uint8_t chksum = raw2 & 0xFF; - PrintAndLogEx(INFO, "Checksum: %02X [%s]", + bool isok = (chksum == jablontron_chksum(DemodBuffer)); + + PrintAndLogEx(isok ? SUCCESS : INFO, + "Checksum: %02X [ %s]", chksum, - (chksum == jablontron_chksum(DemodBuffer)) ? _GREEN_("OK") : _RED_("Fail") + isok ? _GREEN_("OK") : _RED_("Fail") ); id = DEC2BCD(id); @@ -142,16 +147,13 @@ static int CmdJablotronClone(const char *Cmd) { uint64_t fullcode = 0; uint32_t blocks[3] = {T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_64 | 2 << T55x7_MAXBLOCK_SHIFT, 0, 0}; - uint8_t bits[64]; - memset(bits, 0, sizeof(bits)); - char cmdp = tolower(param_getchar(Cmd, 0)); if (strlen(Cmd) == 0 || cmdp == 'h') return usage_lf_jablotron_clone(); fullcode = param_get64ex(Cmd, 0, 0, 16); //Q5 - if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') + if (tolower(param_getchar(Cmd, 1)) == 'q') blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | T5555_SET_BITRATE(64) | 2 << T5555_MAXBLOCK_SHIFT; // clearing the topbit needed for the preambl detection. @@ -160,6 +162,12 @@ static int CmdJablotronClone(const char *Cmd) { PrintAndLogEx(INFO, "Card Number Truncated to 39bits: %"PRIx64, fullcode); } + uint8_t *bits = calloc(JABLOTRON_ARR_LEN, sizeof(uint8_t)); + if (bits == NULL) { + PrintAndLogEx(WARNING, "Failed to allocate memory"); + return PM3_EMALLOC; + } + if (getJablotronBits(fullcode, bits) != PM3_SUCCESS) { PrintAndLogEx(ERR, "Error with tag bitstream generation."); return PM3_ESOFT; @@ -168,6 +176,8 @@ static int CmdJablotronClone(const char *Cmd) { blocks[1] = bytebits_to_byte(bits, 32); blocks[2] = bytebits_to_byte(bits + 32, 32); + free(bits); + PrintAndLogEx(INFO, "Preparing to clone Jablotron to T55x7 with FullCode: %"PRIx64, fullcode); print_blocks(blocks, ARRAYLEN(blocks)); @@ -190,18 +200,25 @@ static int CmdJablotronSim(const char *Cmd) { PrintAndLogEx(SUCCESS, "Simulating Jablotron - FullCode: %"PRIx64, fullcode); - uint8_t bs[64]; + uint8_t *bs = calloc(JABLOTRON_ARR_LEN, sizeof(uint8_t)); + if (bs == NULL) { + PrintAndLogEx(WARNING, "Failed to allocate memory"); + return PM3_EMALLOC; + } + getJablotronBits(fullcode, bs); - lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); + lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + JABLOTRON_ARR_LEN); payload->encoding = 2; payload->invert = 1; payload->separator = 0; payload->clock = 64; - memcpy(payload->data, bs, sizeof(bs)); + memcpy(payload->data, bs, JABLOTRON_ARR_LEN); + + free(bs); clearCommandBuffer(); - SendCommandNG(CMD_LF_ASK_SIMULATE, (uint8_t *)payload, sizeof(lf_asksim_t) + sizeof(bs)); + SendCommandNG(CMD_LF_ASK_SIMULATE, (uint8_t *)payload, sizeof(lf_asksim_t) + JABLOTRON_ARR_LEN); free(payload); PacketResponseNG resp; @@ -251,12 +268,12 @@ int getJablotronBits(uint64_t fullcode, uint8_t *bits) { // the parameter *bits needs to be demoded before call // 0xFFFF preamble, 64bits int detectJablotron(uint8_t *bits, size_t *size) { - if (*size < 64 * 2) return -1; //make sure buffer has enough data + if (*size < JABLOTRON_ARR_LEN * 2) return -1; //make sure buffer has enough data size_t startIdx = 0; uint8_t preamble[] = {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0}; if (preambleSearch(bits, preamble, sizeof(preamble), size, &startIdx) == 0) return -2; //preamble not found - if (*size != 64) return -3; // wrong demoded size + if (*size != JABLOTRON_ARR_LEN) return -3; // wrong demoded size uint8_t checkchksum = jablontron_chksum(bits + startIdx); uint8_t crc = bytebits_to_byte(bits + startIdx + 56, 8); diff --git a/client/cmdtrace.c b/client/cmdtrace.c index 63cfa388c..67f15be59 100644 --- a/client/cmdtrace.c +++ b/client/cmdtrace.c @@ -257,7 +257,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr case ISO_14443B: case TOPAZ: case FELICA: - crcStatus = iso14443B_CRC_check(frame, data_len); + crcStatus = !felica_CRC_check(frame + 2, data_len - 4); break; case PROTO_MIFARE: crcStatus = mifare_CRC_check(isResponse, frame, data_len); @@ -301,6 +301,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr && protocol != ISO_7816_4 && protocol != PROTO_HITAG && protocol != THINFILM + && protocol != FELICA && (isResponse || protocol == ISO_14443A) && (oddparity8(frame[j]) != ((parityBits >> (7 - (j & 0x0007))) & 0x01))) { @@ -349,6 +350,9 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr if (protocol == PROTO_MIFARE) annotateMifare(explanation, sizeof(explanation), frame, data_len, parityBytes, parity_len, isResponse); + if (protocol == FELICA) + annotateFelica(explanation, sizeof(explanation), frame, data_len); + if (!isResponse) { switch (protocol) { case ICLASS: @@ -408,7 +412,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr sprint_hex_inrow_spaces(mfData, mfDataLen, 2), (crcc == 0 ? "!crc" : (crcc == 1 ? " ok " : " ")), explanation); - }; + } if (is_last_record(tracepos, trace, traceLen)) return traceLen; @@ -424,195 +428,6 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr return tracepos; } -static void printFelica(uint16_t traceLen, uint8_t *trace) { - - PrintAndLogEx(NORMAL, "ISO18092 / FeliCa - Timings are not as accurate"); - PrintAndLogEx(NORMAL, " Gap | Src | Data | CRC | Annotation |"); - PrintAndLogEx(NORMAL, "--------|-----|---------------------------------|----------|-------------------|"); - uint16_t tracepos = 0; - - while (tracepos < traceLen) { - - if (tracepos + 3 >= traceLen) break; - - - uint16_t gap = *((uint16_t *)(trace + tracepos)); - uint8_t crc_ok = trace[tracepos + 2]; - tracepos += 3; - - if (tracepos + 3 >= traceLen) break; - - uint16_t len = trace[tracepos + 2]; - - //I am stripping SYNC - tracepos += 3; //skip SYNC - - if (tracepos + len + 1 >= traceLen) break; - - uint8_t cmd = trace[tracepos]; - uint8_t isResponse = cmd & 1; - - char line[32][110] = {{0}}; - for (int j = 0; j < len + 1 && j / 8 < 32; j++) { - snprintf(line[j / 8] + ((j % 8) * 4), 110, " %02x ", trace[tracepos + j]); - } - char expbuf[50]; - switch (cmd) { - case FELICA_POLL_REQ: - snprintf(expbuf, 49, "Poll Req"); - break; - case FELICA_POLL_ACK: - snprintf(expbuf, 49, "Poll Resp"); - break; - - case FELICA_REQSRV_REQ: - snprintf(expbuf, 49, "Request Srvc Req"); - break; - case FELICA_REQSRV_ACK: - snprintf(expbuf, 49, "Request Srv Resp"); - break; - - case FELICA_RDBLK_REQ: - snprintf(expbuf, 49, "Read block(s) Req"); - break; - case FELICA_RDBLK_ACK: - snprintf(expbuf, 49, "Read block(s) Resp"); - break; - - case FELICA_WRTBLK_REQ: - snprintf(expbuf, 49, "Write block(s) Req"); - break; - case FELICA_WRTBLK_ACK: - snprintf(expbuf, 49, "Write block(s) Resp"); - break; - case FELICA_SRCHSYSCODE_REQ: - snprintf(expbuf, 49, "Search syscode Req"); - break; - case FELICA_SRCHSYSCODE_ACK: - snprintf(expbuf, 49, "Search syscode Resp"); - break; - - case FELICA_REQSYSCODE_REQ: - snprintf(expbuf, 49, "Request syscode Req"); - break; - case FELICA_REQSYSCODE_ACK: - snprintf(expbuf, 49, "Request syscode Resp"); - break; - - case FELICA_AUTH1_REQ: - snprintf(expbuf, 49, "Auth1 Req"); - break; - case FELICA_AUTH1_ACK: - snprintf(expbuf, 49, "Auth1 Resp"); - break; - - case FELICA_AUTH2_REQ: - snprintf(expbuf, 49, "Auth2 Req"); - break; - case FELICA_AUTH2_ACK: - snprintf(expbuf, 49, "Auth2 Resp"); - break; - - case FELICA_RDSEC_REQ: - snprintf(expbuf, 49, "Secure read Req"); - break; - case FELICA_RDSEC_ACK: - snprintf(expbuf, 49, "Secure read Resp"); - break; - - case FELICA_WRTSEC_REQ: - snprintf(expbuf, 49, "Secure write Req"); - break; - case FELICA_WRTSEC_ACK: - snprintf(expbuf, 49, "Secure write Resp"); - break; - - case FELICA_REQSRV2_REQ: - snprintf(expbuf, 49, "Request Srvc v2 Req"); - break; - case FELICA_REQSRV2_ACK: - snprintf(expbuf, 49, "Request Srvc v2 Resp"); - break; - - case FELICA_GETSTATUS_REQ: - snprintf(expbuf, 49, "Get status Req"); - break; - case FELICA_GETSTATUS_ACK: - snprintf(expbuf, 49, "Get status Resp"); - break; - - case FELICA_OSVER_REQ: - snprintf(expbuf, 49, "Get OS Version Req"); - break; - case FELICA_OSVER_ACK: - snprintf(expbuf, 49, "Get OS Version Resp"); - break; - - case FELICA_RESET_MODE_REQ: - snprintf(expbuf, 49, "Reset mode Req"); - break; - case FELICA_RESET_MODE_ACK: - snprintf(expbuf, 49, "Reset mode Resp"); - break; - - case FELICA_AUTH1V2_REQ: - snprintf(expbuf, 49, "Auth1 v2 Req"); - break; - case FELICA_AUTH1V2_ACK: - snprintf(expbuf, 49, "Auth1 v2 Resp"); - break; - - case FELICA_AUTH2V2_REQ: - snprintf(expbuf, 49, "Auth2 v2 Req"); - break; - case FELICA_AUTH2V2_ACK: - snprintf(expbuf, 49, "Auth2 v2 Resp"); - break; - - case FELICA_RDSECV2_REQ: - snprintf(expbuf, 49, "Secure read v2 Req"); - break; - case FELICA_RDSECV2_ACK: - snprintf(expbuf, 49, "Secure read v2 Resp"); - break; - case FELICA_WRTSECV2_REQ: - snprintf(expbuf, 49, "Secure write v2 Req"); - break; - case FELICA_WRTSECV2_ACK: - snprintf(expbuf, 49, "Secure write v2 Resp"); - break; - - case FELICA_UPDATE_RNDID_REQ: - snprintf(expbuf, 49, "Update IDr Req"); - break; - case FELICA_UPDATE_RNDID_ACK: - snprintf(expbuf, 49, "Update IDr Resp"); - break; - default: - snprintf(expbuf, 49, "Unknown"); - break; - } - - int num_lines = MIN((len) / 16 + 1, 16); - for (int j = 0; j < num_lines ; j++) { - if (j == 0) { - PrintAndLogEx(NORMAL, "%7d | %s |%-32s |%02x %02x %s| %s", - gap, - (isResponse ? "Tag" : "Rdr"), - line[j], - trace[tracepos + len], - trace[tracepos + len + 1], - (crc_ok) ? "OK" : "NG", - expbuf); - } else { - PrintAndLogEx(NORMAL, " | |%-32s | | ", line[j]); - } - } - tracepos += len + 1; - } - PrintAndLogEx(NORMAL, ""); -} - // sanity check. Don't use proxmark if it is offline and you didn't specify useTraceBuffer /* static int SanityOfflineCheck( bool useTraceBuffer ){ @@ -819,9 +634,13 @@ int CmdTraceList(const char *Cmd) { PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = %lu bytes)", traceLen); PrintAndLogEx(INFO, ""); + + /* if (protocol == FELICA) { printFelica(traceLen, trace); - } else if (showHex) { + } */ + + if (showHex) { while (tracepos < traceLen) { tracepos = printHexLine(tracepos, traceLen, trace, protocol); } @@ -844,6 +663,8 @@ int CmdTraceList(const char *Cmd) { PrintAndLogEx(NORMAL, "ISO7816-4 / Smartcard - Timings N/A yet"); if (protocol == PROTO_HITAG) PrintAndLogEx(NORMAL, "Hitag2 / HitagS - Timings in ETU (8us)"); + if (protocol == FELICA) + PrintAndLogEx(NORMAL, "ISO18092 / FeliCa - Timings are not as accurate"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, " Start | End | Src | Data (! denotes parity error) | CRC | Annotation"); diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index ab113b0f5..eeecff9ba 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -22,7 +22,7 @@ a0478cc39091 # d2ece8b9395e # lib # NSCP default key -☻1494E81663D7 +1494E81663D7 # # more Keys from mfc_default_keys.lua 000000000001 @@ -126,6 +126,13 @@ fb0b20df1f34 # S6 B # a9f953def0a3 # +# Data from forum +74a386ad0a6d +3f7a5c2dbd81 +21edf95e7433 +c121ff19f681 +3d5d9996359a +# # Here be BIP keys... 3A42F33AF429 1FC235AC1309 diff --git a/client/libluamiibo.so b/client/libluamiibo.so deleted file mode 100644 index 2cd716aa0..000000000 Binary files a/client/libluamiibo.so and /dev/null differ diff --git a/client/lualibs/amiibolib.lua b/client/lualibs/amiibolib.lua deleted file mode 100644 index c5cccb81c..000000000 --- a/client/lualibs/amiibolib.lua +++ /dev/null @@ -1,90 +0,0 @@ -local luamiibo_open, err = package.loadlib("./libluamiibo.so", "luaopen_luamiibo") - -if err then - print(err) - return -end - -local luamiibo = luamiibo_open() - -local FLAG_SETTINGS_INITIALIZED = 4 -local FLAG_APPDATA_INITIALIZED = 3 - -local Amiibo = {} -Amiibo.__index = Amiibo - -function Amiibo:new (o) - o = o or {} - setmetatable(o, self) - - if o.tag ~= nil then - o:load_tag(o.tag) - end - return o -end - -function Amiibo:load_tag (tag) - self.plain = luamiibo.unpack(tag) - - -- UID - local raw_uid = string.sub(self.plain, 469, 469 + 8) - self.uid = string.sub(raw_uid, 1, 3) .. string.sub(raw_uid, 5, 8) - - -- Settings - local count, flags = bin.unpack('C', string.sub(self.plain, 45, 45)) - self.setting_flags = flags - self.settings_initialized = self:check_flag(FLAG_SETTINGS_INITIALIZED) - self.appdata_initialized = self:check_flag(FLAG_APPDATA_INITIALIZED) - - local _, appdatacounter = bin.unpack('>S', string.sub(self.plain, 49, 50)) - self.appdata_counter = appdatacounter - - self.figure_id = string.sub(self.plain, 477, 477 + 8) - - -- UTF-16 nickname string - self.nickname = string.sub(self.plain, 57, 76) -end - - -function Amiibo:export_tag () - return luamiibo.pack(self.plain) -end - - -function Amiibo:check_flag (power) - local flag = math.pow(2, power) - return flag == bit32.band(self.setting_flags, flag) -end - - -function Amiibo:get_pwd () - local xorkey = "\xaa\x55\xaa\x55" - - local result = '' - for i = 1, 4 do - result = result .. - bin.pack('C', - bit32.bxor(self.uid:byte(i+1), - self.uid:byte(i+3), - xorkey:byte(i))) - end - - return result -end - --- Hack to make UTF-16 nicknames into regular char string --- Only works for ASCII nicknames -function Amiibo:display_nickname() - local nickname_tmp = self.nickname - - local nickname = '' - for i = 1, nickname_tmp:len() do - if i % 2 == 0 then - nickname = nickname .. nickname_tmp:sub(i, i) - end - end - - return nickname -end - -return Amiibo diff --git a/client/lualibs/emulator.lua b/client/lualibs/emulator.lua deleted file mode 100644 index d43f5da92..000000000 --- a/client/lualibs/emulator.lua +++ /dev/null @@ -1,84 +0,0 @@ -local cmds = require('commands') -local utils = require('utils') -local reader = require('read14a') - -local Emulator = { - _VERSION = 'emulator.lua 0.1.0', - _DESCRIPTION = 'emulator memory interface', - BLOCK_SZ = 512, - BLOCK_COUNT = 512 / 16 -} - -function Emulator:set_mem (data, clear_first) - if clear_first then - -- Clear out the emulator memory first - local memclrCmd = Command:newMIX{cmd = cmds.CMD_HF_MIFARE_EML_MEMCLR} - - local _, err = memclrCmd:sendMIX() - if err then - print('Failed to clear emulator memory:', err) - return false - else - print('Cleared emulator memory') - end - end - - -- Can fit 32 16 byte blocks per command (512 total bytes max) - for i = 0, (data:len() / self.BLOCK_SZ) do - local cur_out_block = data:sub((i*self.BLOCK_SZ) + 1, (i*self.BLOCK_SZ) + self.BLOCK_SZ) - print(string.format('Transmission #%u: %u bytes', i, cur_out_block:len())) - - -- arg1: start block number - -- arg2: block count - local memsetCmd = Command:newMIX{cmd = cmds.CMD_HF_MIFARE_EML_MEMSET, - data = utils.hexlify(cur_out_block), - arg1 = i * self.BLOCK_COUNT, - arg2 = self.BLOCK_COUNT} - - -- Send command and wait for response - local _, err = memsetCmd:sendMIX() - if err then - print('Failed setting memory', err) - return false - end - end - - print('Emulator memory set') - return true -end - --- Read bytes from emulator memory -function Emulator:get_mem (size) - local MAX_BLOCKS = 4 - local result = '' - - -- We can request a maximum of 4 blocks (16 bytes each) per command, - -- according to mifarecmd.c - for i = 0, (size / (MAX_BLOCKS * 16)) do - -- arg1: start block number - -- arg2: block count (max 4) - local getmemCmd = Command:newMIX{cmd = cmds.CMD_HF_MIFARE_EML_MEMGET, - arg1 = i * MAX_BLOCKS, - arg2 = MAX_BLOCKS, - arg3 = 0} - - local response, err = getmemCmd:sendMIX() - if err then - print('Failed getting memory:', err) - return false - end - - -- USB data begins after four 64-bit values - local data_begin = ((64/8) * 4) + 1 - response = string.sub(response, data_begin) - - -- Truncate to the received 16 byte blocks - response = string.sub(response, 1, 16 * MAX_BLOCKS) - - result = result .. response - end - - return string.sub(result, 1, size) -end - -return Emulator diff --git a/client/luascripts/amiibo.lua b/client/luascripts/amiibo.lua deleted file mode 100644 index 10ede4008..000000000 --- a/client/luascripts/amiibo.lua +++ /dev/null @@ -1,235 +0,0 @@ -local utils = require('utils') -local cmds = require('commands') -local Amiibo = require('amiibolib') -local reader = require('read14a') -local bin = require('bin') -local emu = require('emulator') -local luamiibo_open, err = package.loadlib("./libluamiibo.so", "luaopen_luamiibo") - -if err then - print(err) - return -end - -local luamiibo = luamiibo_open() - -local function nfc_read_amiibo () - - local command = Command:newMIX{ - cmd = cmds.CMD_HF_MIFAREU_READCARD, - arg1 = 0, - arg2 = 135 - } - - local result, err = command:sendMIX() - if result then - -- Do Mifare Ultralight read - local count, cmd, arg0, data_len, offset = bin.unpack('LLLL', result) - - if arg0 == 0 then - return nil, "Card select failed" - end - - -- Do GetFromBigBuf - local data = core.GetFromBigBuf(offset, data_len) - - return data, err - else - return nil, "Couldn't read Amiibo" - end -end - - -local function emulate_amiibo (amiibo_data) - -- Make UID args - -- Use known ID/sig for known ECDSA signature - REPLACE ME! - local uid_bytes = '\x00\x04\xFF\xFF\xFF\xFF\xFF\xFF' - local ecc_sig = '' - .. '\x00\x00\x00\x00\x00\x00\x00\x00' - .. '\x00\x00\x00\x00\x00\x00\x00\x00' - .. '\x00\x00\x00\x00\x00\x00\x00\x00' - .. '\x00\x00\x00\x00\x00\x00\x00\x00' - - if amiibo_data:len() == 520 then - -- Add common ending bytes - print('Added missing ending bytes') - amiibo_data = amiibo_data - .. '\x01\x00\x0F\xBD\x00\x00\x00\x04' - .. '\x5F\x00\x00\x00\x00\x00\x00\x00' - .. '\x00\x00\x00\x00' - end - - if amiibo_data:len() == 572 then - -- Get ECC signature and use original serial - uid_bytes = '\x00' .. amiibo_data:sub(1,3) .. amiibo_data:sub(5,8) - ecc_sig = amiibo_data:sub(541, 572) - print('Amiibo image contains ECC signature', hexlify(ecc_sig)) - --amiibo_data = amiibo_data:sub(1,540) - elseif amiibo_data:len() == 540 then - if uid_bytes ~= '\x00\x04\xFF\xFF\xFF\xFF\xFF\xFF' then - print('Using known ECC sig pair') - else - print('No known ECC/sig pair; using null signature') - uid_bytes = '\x00' .. amiibo_data:sub(1,3) .. amiibo_data:sub(5,8) - end - amiibo_data = amiibo_data .. ecc_sig - else - print('Unusual Amiibo image size', amiibo_data:len()) - end - - -- Send amiibo data to emulator memory. If the Amiibo was just scanned, this - -- is already set! - if not emu:set_mem(amiibo_data, false) then - print('Failed to set emulator card memory') - return - end - - -- Get UID parts - local count, uid_first, uid_second = bin.unpack('>I>I', uid_bytes) - print(string.format('Simulating with UID: 0x%04x 0x%04x', uid_first, uid_second)) - - -- Begin simulating NTAG215 - local simCmd = Command:newMIX{ - cmd = cmds.CMD_HF_ISO14443A_SIMULATE, - arg1 = 7, - arg2 = uid_first, - arg3 = uid_second - } - local _, err = simCmd:sendMIX() - if err then - print('Failed to start simulator', err) - return - else - print('Starting simulator') - end -end - - -local function test_packing() - -- Load Pikachu dump instead - local dumpfile = io.open("pika.bin", "rb") - local pikachu = dumpfile:read("*all") - - local unpacked_pika = luamiibo.unpack(pikachu) - local packed_data = luamiibo.pack(unpacked_pika) - - print('Original', utils.hexlify(pikachu)) - print('Unpacked', utils.hexlify(unpacked_pika)) - print('Packed', utils.hexlify(packed_data)) -end - - -local function load_sim(argv) - local tag = assert(io.open(argv[2], "rb")) - local data = tag:read("*all") - tag:close() - - emulate_amiibo(data) - return -end - - -local function dump_sim(argv) - local keypath = argv[2] - if keypath == nil then - keypath = 'amiitool_keys.bin' - end - luamiibo.load_keys(keypath) - - -- Read all 135 pages - dump = emu:get_mem(540) - - if dump == false then - print('Failed to read emulator memory') - else - local amiiboData = Amiibo:new{tag = dump} - print('Dumped ' .. dump:len() .. ' bytes') - print(hexlify(dump)) - print('Nickname: ' .. utils.hexlify(amiiboData:display_nickname())) - - -- Write dump to file - local filename = argv[2] - if filename ~= nil then - local outfile = assert(io.open(filename, "wb")) - outfile:write(dump) - outfile:close() - print('Wrote to ' .. filename) - else - print('No output file specified') - end - end -end - - -local function main(args) - argv = {} - for arg in string.gmatch(args, "%S+") do - table.insert(argv, arg) - end - - -- Load and emulate Amiibo from image - if argv[1] == 'help' then - print('read - scan amiibo') - print('load - load and simulate amiibo') - print('dump [output_file] - dump card memory') - print('help - print this help') - return - elseif argv[1] == 'load' then - load_sim(argv) - return - elseif argv[1] == 'dump' then - dump_sim(argv) - return - elseif argv[1] ~= 'read' and argv[1] ~= nil then - print('Unknown command') - end - - local keypath = argv[2] - if keypath == nil then - keypath = 'amiitool_keys.bin' - end - - if luamiibo.load_keys(keypath) then - print('Loaded retail keys from ' .. keypath) - else - print('Failed to load retail keys from ' .. keypath) - return - end - - local tag, err = nfc_read_amiibo() - if err then - print(err) - return - elseif tag:len() ~= 540 then - print('Incorrect tag data size ' .. tag:len()) - return - end - - parsed_tag = reader.parse14443a(tag) - print('Tag type:', parsed_tag.name) - print('Tag UID:', parsed_tag.uid) - print('Tag len:', tag:len()) - --print('Tag data:', utils.hexlify(tag)) - - local amiiboData = Amiibo:new{tag = tag} - - --print('Unpacked:', utils.hexlify(amiiboData.plain)) - --print('Repacked:', utils.hexlify(amiiboData:export_tag())) - - print('Figure ID:', utils.hexlify(amiiboData.figure_id)) - print('Settings init:', amiiboData.settings_initialized) - - if amiiboData.settings_initialized then - print('Nickname:', amiiboData:display_nickname()) - print('Appdata writes:', amiiboData.appdata_counter) - end - - print('UID:', utils.hexlify(amiiboData.uid)) - print('Write key:', utils.hexlify(amiiboData:get_pwd())) - - --print('Attempting emulation...') - --emulate_amiibo(amiiboData:export_tag()) - return -end - -main(args) diff --git a/client/luascripts/read_pwd_mem.lua b/client/luascripts/read_pwd_mem.lua index 4a097d26d..8456fd51f 100644 --- a/client/luascripts/read_pwd_mem.lua +++ b/client/luascripts/read_pwd_mem.lua @@ -3,11 +3,13 @@ local bin = require('bin') copyright = 'Copyright (c) 2018 Bogito. All rights reserved.' author = 'Bogito' -version = 'v1.0.2' +version = 'v1.0.3' desc = [[ -This script will read the flash memory of RDV4 and print the stored passwords. -It was meant to be used as a help tool after using the BogRun standalone mode. +This script will read the flash memory of RDV4 and print the stored passwords/keys. + +It was meant to be used as a help tool after using the BogRun standalone mode before SPIFFS. +You should now use read_pwd_mem_spiffs instead after the updated BogRun standalone mode. (Iceman) script adapted to read and print keys in the default dictionary flashmemory sections. ]] @@ -22,8 +24,14 @@ example = -- This will scan 32 bytes of flash memory at offset 64 for stored passwords script run read_pwd_mem -o 64 -l 32 - -- This will print found - script run read_pwd_mem -o 241664 -k 6 + -- This will print the stored Mifare dictionary keys + script run read_pwd_mem -m + + -- This will print the stored t55xx dictionary passwords + script run read_pwd_mem -t + + -- This will print the stored iClass dictionary keys + script run read_pwd_mem -i ]] usage = [[ @@ -66,7 +74,6 @@ local function main(args) print() local data, err, quadlet - local cnt = 0 local offset = 0 local length = 256 local keylength = 4 diff --git a/client/luascripts/read_pwd_mem_spiffs.lua b/client/luascripts/read_pwd_mem_spiffs.lua new file mode 100644 index 000000000..33afa0fe9 --- /dev/null +++ b/client/luascripts/read_pwd_mem_spiffs.lua @@ -0,0 +1,102 @@ +local getopt = require('getopt') +local bin = require('bin') + +copyright = 'Copyright (c) 2019 Bogito. All rights reserved.' +author = 'Bogito' +version = 'v1.1.1' +desc = +[[ +This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords. +It was meant to be used as a help tool after using the BogRun standalone mode. +]] +example = +[[ + -- This will read the hf_bog.log file in SPIFFS and print the stored passwords + script run read_pwd_mem_spiffs + + -- This will read the other.log file in SPIFFS and print the stored passwords + script run read_pwd_mem_spiffs -f other.log + + -- This will delete the hf_bog.log file from SPIFFS + script run read_pwd_mem_spiffs -r +]] +usage = +[[ +Usage: + script run read_pwd_mem_spiffs -h -f -r + +Arguments: + -h : this help + -f : filename in SPIFFS + -r : delete filename from SPIFFS +]] +--- +-- This is only meant to be used when errors occur +local function oops(err) + print('ERROR:', err) + core.clearCommandBuffer() + return nil, err +end +--- +-- Usage help +local function help() + print(copyright) + print(author) + print(version) + print(desc) + print('Example usage') + print(example) + print(usage) +end +--- +-- The main entry point +local function main(args) + + print( string.rep('--',20) ) + print('Read passwords stored in memory (SPIFFS)') + print( string.rep('--',20) ) + print() + + local data, length, err, removeflag + local filename = 'hf_bog.log' + local keylength = 4 + + for o, a in getopt.getopt(args, 'rf:h') do + + -- help + if o == 'h' then return help() end + + -- offset + if o == 'f' then filename = a end + + -- remove + if o == 'r' then removeflag = true end + + end + + if removeflag then + print('Deleting file '..filename.. ' from SPIFFS if exists') + core.console("mem spiffs remove " ..filename) + return + end + + data, length, err = core.GetFromFlashMemSpiffs(filename) + if data == nil then return oops('Problem while reading file from SPIFFS') end + + --print('Filename', filename) + --print('Filesize (B)', length) + + _, s = bin.unpack('H'..length, data) + + local cnt = 0, i + for i = 1, length/keylength do + key = string.sub(s, (i-1)*8+1, i*8) + print(string.format('[%02d] %s',i, key)) + cnt = cnt + 1 + end + print( string.rep('--',20) ) + print( ('[+] found %d passwords'):format(cnt)) + +end + +main(args) diff --git a/client/resources/aidlist.json b/client/resources/aidlist.json index 7ec139d46..13e140e49 100644 --- a/client/resources/aidlist.json +++ b/client/resources/aidlist.json @@ -1 +1,2154 @@ -[{"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "315041592E5359532E4444463031", "Type": "", "Name": "Visa Payment System Environment - PSE (1PAY.SYS.DDF01)"}, {"Vendor": "Visa International", "Description": "Visa payWave for Mobile", "Country": "United States", "AID": "325041592E5359532E4444463031", "Type": "", "Name": "Visa Proximity Payment System Environment - PPSE (2PAY.SYS.DDF01)"}, {"Vendor": "DeviceFidelity", "Description": "http://www.nfcworld.com/2010/11/24/35207/devicefidelity-adds-nfc-support-for-android-and-mifare/", "Country": "United States", "AID": "44464D46412E44466172653234313031", "Type": "", "Name": "DeviceFidelity In2Pay DFare applet"}, {"Vendor": "PBS Danmnt A/S", "Description": "(Unlicensed use of this RID. Proposal to use A000000323 instead)", "Country": "Denmark", "AID": "A00000000101", "Type": "", "Name": "MUSCLE Card Applet"}, {"Vendor": "Visa International", "Description": "Used by most GP2.1.1 cards / Oberthur OP201 cards. Visa Proprietary Card Manager AID for OpenPlatform cards (visa.openplatform).", "Country": "United States", "AID": "A000000003000000", "Type": "GP", "Name": "(VISA) Card Manager"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A00000000300037561", "Type": "", "Name": "Bonuscard"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A00000000305076010", "Type": "EMV", "Name": "VISA ELO Credit"}, {"Vendor": "Visa International", "Description": "Standard/Gold VISA credit card", "Country": "United States", "AID": "A0000000031010", "Type": "EMV", "Name": "VISA Debit/Credit (Classic)"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A000000003101001", "Type": "EMV", "Name": "VISA Credit"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A000000003101002", "Type": "EMV", "Name": "VISA Debit"}, {"Vendor": "Visa International", "Description": "VISA Electron (Debit)", "Country": "United States", "AID": "A0000000032010", "Type": "EMV", "Name": "VISA Electron"}, {"Vendor": "Visa International", "Description": "V PAY", "Country": "United States", "AID": "A0000000032020", "Type": "EMV", "Name": "VISA"}, {"Vendor": "Visa International", "Description": "VISA Interlink", "Country": "United States", "AID": "A0000000033010", "Type": "EMV", "Name": "VISA Interlink"}, {"Vendor": "Visa International", "Description": "Visa Specific", "Country": "United States", "AID": "A0000000034010", "Type": "EMV", "Name": "VISA Specific"}, {"Vendor": "Visa International", "Description": "Visa Specific", "Country": "United States", "AID": "A0000000035010", "Type": "EMV", "Name": "VISA Specific"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A000000003534441", "Type": "GP", "Name": "Schlumberger Security Domain"}, {"Vendor": "Visa International", "Description": "OCS Oberthur Card System Security Domain Package AID / VGP Card Manager (for ISD and ASD)", "Country": "United States", "AID": "A0000000035350", "Type": "GP", "Name": "Security Domain"}, {"Vendor": "Visa International", "Description": "OCS Oberthur Card System Security Domain Applet AID / VGP Card Manager (for ISD and ASD)", "Country": "United States", "AID": "A000000003535041", "Type": "GP", "Name": "Security Domain"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A0000000036010", "Type": "EMV", "Name": "Domestic Visa Cash Stored Value"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A0000000036020", "Type": "EMV", "Name": "International Visa Cash Stored Value"}, {"Vendor": "Visa International", "Description": "VISA Auth dynamic passcode authentication (DPA). Used by Barclays/HBOS", "Country": "United States", "AID": "A0000000038002", "Type": "EMV", "Name": "VISA Auth, VisaRemAuthen EMV-CAP (DPA)"}, {"Vendor": "Visa International", "Description": "VISA plus", "Country": "United States", "AID": "A0000000038010", "Type": "EMV", "Name": "VISA Plus"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A0000000039010", "Type": "EMV", "Name": "VISA Loyalty"}, {"Vendor": "Visa International", "Description": "", "Country": "United States", "AID": "A000000003999910", "Type": "EMV", "Name": "VISA Proprietary ATM"}, {"Vendor": "Mastercard International", "Description": "Security Domain", "Country": "United States", "AID": "A0000000040000", "Type": "GP", "Name": "MasterCard Card Manager"}, {"Vendor": "Mastercard International", "Description": "AEPM (Association Europenne Payez Mobile)", "Country": "United States", "AID": "A00000000401", "Type": "EMV", "Name": "MasterCard PayPass"}, {"Vendor": "Mastercard International", "Description": "Standard MasterCard", "Country": "United States", "AID": "A0000000041010", "Type": "EMV", "Name": "MasterCard Credit"}, {"Vendor": "Mastercard International", "Description": "Standard MasterCard", "Country": "United States", "AID": "A00000000410101213", "Type": "EMV", "Name": "MasterCard Credit"}, {"Vendor": "Mastercard International", "Description": "Standard MasterCard", "Country": "United States", "AID": "A00000000410101215", "Type": "EMV", "Name": "MasterCard Credit"}, {"Vendor": "Mastercard International", "Description": "Some co-branded card?", "Country": "United States", "AID": "A0000000041010BB5449435301", "Type": "", "Name": "[UNKNOWN]"}, {"Vendor": "Mastercard International", "Description": "MasterCard Specific", "Country": "United States", "AID": "A0000000042010", "Type": "EMV", "Name": "MasterCard Specific"}, {"Vendor": "Mastercard International", "Description": "MasterCard U.S. Maestro", "Country": "United States", "AID": "A0000000042203", "Type": "", "Name": "MasterCard Specific"}, {"Vendor": "Mastercard International", "Description": "MasterCard Specific", "Country": "United States", "AID": "A0000000043010", "Type": "EMV", "Name": "MasterCard Specific"}, {"Vendor": "Mastercard International", "Description": "Maestro (Debit) Card", "Country": "United States", "AID": "A0000000043060", "Type": "EMV", "Name": "Maestro (Debit)"}, {"Vendor": "Mastercard International", "Description": "Maestro (Debit) Card", "Country": "United States", "AID": "A000000004306001", "Type": "EMV", "Name": "Maestro (Debit)"}, {"Vendor": "Mastercard International", "Description": "MasterCard Specific", "Country": "United States", "AID": "A0000000044010", "Type": "EMV", "Name": "MasterCard Specific"}, {"Vendor": "Mastercard International", "Description": "MasterCard Specific", "Country": "United States", "AID": "A0000000045010", "Type": "EMV", "Name": "MasterCard Specific"}, {"Vendor": "Mastercard International", "Description": "AID on Cirrus Test Card", "Country": "United States", "AID": "A0000000045555", "Type": "", "Name": "APDULogger"}, {"Vendor": "Mastercard International", "Description": "Mastercard Cirrus (Interbank Network) ATM card only", "Country": "United States", "AID": "A0000000046000", "Type": "EMV", "Name": "Cirrus"}, {"Vendor": "Mastercard International", "Description": "Chip Authentication Protocol (CAP). Works with NatWest or SecureCode Aut", "Country": "United States", "AID": "A0000000048002", "Type": "EMV", "Name": "SecureCode Auth EMV-CAP"}, {"Vendor": "Mastercard International", "Description": "", "Country": "United States", "AID": "A0000000049999", "Type": "EMV", "Name": "MasterCard PayPass??"}, {"Vendor": "Switch Card Services Ltd.", "Description": "UK Domestic Maestro - Switch (debit card)", "Country": "United Kingdom", "AID": "A0000000050001", "Type": "EMV", "Name": "Maestro UK"}, {"Vendor": "Switch Card Services Ltd.", "Description": "UK Domestic Maestro - Switch (debit card)", "Country": "United Kingdom", "AID": "A0000000050002", "Type": "EMV", "Name": "Solo"}, {"Vendor": "ETSI", "Description": "Orange UK", "Country": "France", "AID": "A0000000090001FF44FF1289", "Type": "", "Name": "Orange"}, {"Vendor": "Europay International", "Description": "", "Country": "Belgium", "AID": "A0000000101030", "Type": "", "Name": "Maestro-CH"}, {"Vendor": "GEMPLUS", "Description": "", "Country": "France", "AID": "A00000001800", "Type": "", "Name": "Gemplus ?"}, {"Vendor": "GEMPLUS", "Description": "", "Country": "France", "AID": "A0000000181001", "Type": "", "Name": "com.gemplus.javacard.util packages"}, {"Vendor": "GEMPLUS", "Description": "434D = CM (ascii). Security domain for some GCX/GXP cards (GemXpresso Pro) (Gemalto)", "Country": "France", "AID": "A000000018434D", "Type": "GP", "Name": "Gemplus card manager"}, {"Vendor": "GEMPLUS", "Description": "(Gemalto)", "Country": "France", "AID": "A000000018434D00", "Type": "GP", "Name": "Gemplus Security Domain"}, {"Vendor": "Midland Bank Plc", "Description": "", "Country": "United Kingdom", "AID": "A00000002401", "Type": "EMV", "Name": "Self Service"}, {"Vendor": "American Express", "Description": "", "Country": "United Kingdom", "AID": "A000000025", "Type": "EMV", "Name": "American Express"}, {"Vendor": "American Express", "Description": "American Express (Credit/Debit)", "Country": "United Kingdom", "AID": "A0000000250000", "Type": "EMV", "Name": "American Express"}, {"Vendor": "American Express", "Description": "AEIPS-compliant (A-E contact EMV) payment application", "Country": "United Kingdom", "AID": "A00000002501", "Type": "EMV", "Name": "American Express"}, {"Vendor": "American Express", "Description": "", "Country": "United Kingdom", "AID": "A000000025010104", "Type": "", "Name": "American Express"}, {"Vendor": "American Express", "Description": "", "Country": "United Kingdom", "AID": "A000000025010402", "Type": "EMV", "Name": "American Express"}, {"Vendor": "American Express", "Description": "", "Country": "United Kingdom", "AID": "A000000025010701", "Type": "EMV", "Name": "ExpressPay"}, {"Vendor": "American Express", "Description": "", "Country": "United Kingdom", "AID": "A000000025010801", "Type": "EMV", "Name": "American Express"}, {"Vendor": "LINK Interchange Network Ltd", "Description": "Link (UK) ATM Network, or AMEX (Portugal?)", "Country": "United Kingdom", "AID": "A0000000291010", "Type": "EMV", "Name": "Link / American Express"}, {"Vendor": "LINK Interchange Network Ltd", "Description": "", "Country": "United Kingdom", "AID": "A00000002945087510100000", "Type": "", "Name": "CO-OP"}, {"Vendor": "LINK Interchange Network Ltd", "Description": "", "Country": "United Kingdom", "AID": "A00000002949034010100001", "Type": "", "Name": "HSBC"}, {"Vendor": "LINK Interchange Network Ltd", "Description": "", "Country": "United Kingdom", "AID": "A00000002949282010100000", "Type": "", "Name": "Barclay"}, {"Vendor": "LINK Interchange Network Ltd", "Description": "", "Country": "United Kingdom", "AID": "A000000029564182", "Type": "", "Name": "HAFX"}, {"Vendor": "Schlumberger Industries Identif d'Encarteur PR050", "Description": "Schlumberger (Gemalto) RID", "Country": "France", "AID": "A00000003029057000AD13100101FF", "Type": "", "Name": "BelPIC (Belgian Personal Identity Card) JavaCard Applet"}, {"Vendor": "Schlumberger Industries Identif d'Encarteur PR050", "Description": "", "Country": "France", "AID": "A0000000308000000000280101", "Type": "", "Name": "Gemalto .NET Card AID"}, {"Vendor": "Groupement des Cartes Bancaires \"CB\"", "Description": "Groupement des Cartes Bancaires (France)", "Country": "France", "AID": "A0000000421010", "Type": "EMV", "Name": "Cartes Bancaire EMV Card"}, {"Vendor": "Groupement des Cartes Bancaires \"CB\"", "Description": "", "Country": "France", "AID": "A0000000422010", "Type": "EMV", "Name": ""}, {"Vendor": "Groupement des Cartes Bancaires \"CB\"", "Description": "", "Country": "France", "AID": "A0000000423010", "Type": "EMV", "Name": ""}, {"Vendor": "Groupement des Cartes Bancaires \"CB\"", "Description": "", "Country": "France", "AID": "A0000000424010", "Type": "EMV", "Name": ""}, {"Vendor": "Groupement des Cartes Bancaires \"CB\"", "Description": "", "Country": "France", "AID": "A0000000425010", "Type": "EMV", "Name": ""}, {"Vendor": "Zentraler Kreditausschuss (ZKA)", "Description": "", "Country": "Germany", "AID": "A00000005945430100", "Type": "", "Name": "Girocard Electronic Cash"}, {"Vendor": "RSA Laboratories", "Description": "RSA PKCS-15 PKI application (Predecessor to ISO7816-15) / ID-card in Finland", "Country": "United States", "AID": "A000000063504B43532D3135", "Type": "", "Name": "PKCS-15"}, {"Vendor": "RSA Laboratories", "Description": "WAP (Wireless Application Protocol) Identity Module / Wireless Identification Module", "Country": "United States", "AID": "A0000000635741502D57494D", "Type": "", "Name": "WAP-WIM"}, {"Vendor": "JCB CO., LTD.", "Description": "Japan Credit Bureau", "Country": "Japan", "AID": "A00000006510", "Type": "EMV", "Name": "JCB"}, {"Vendor": "JCB CO., LTD.", "Description": "Japan Credit Bureau", "Country": "Japan", "AID": "A0000000651010", "Type": "EMV", "Name": "JCB J Smart Credit"}, {"Vendor": "Socit Europenne de Monnaie Electronique SEME", "Description": "", "Country": "France", "AID": "A00000006900", "Type": "EMV", "Name": "Moneo"}, {"Vendor": "Oberthur Technologies", "Description": "", "Country": "France", "AID": "A000000077010000021000000000003B", "Type": "EMV", "Name": "Visa AEPN"}, {"Vendor": "Activcard Europe S.A.", "Description": "Identity Key", "Country": "France", "AID": "A0000000790100", "Type": "", "Name": "CACv2 PKI ID"}, {"Vendor": "Activcard Europe S.A.", "Description": "Digital Signature Key", "Country": "France", "AID": "A0000000790101", "Type": "", "Name": "CACv2 PKI Sign"}, {"Vendor": "Activcard Europe S.A.", "Description": "Key Management Key", "Country": "France", "AID": "A0000000790102", "Type": "", "Name": "CACv2 PKI Enc"}, {"Vendor": "Activcard Europe S.A.", "Description": "Re-directs to CACv2 PKI Identity key", "Country": "France", "AID": "A00000007901F0", "Type": "", "Name": "CACv1 PKI Identity Key"}, {"Vendor": "Activcard Europe S.A.", "Description": "Re-directs to CACv2 Digital Signature key", "Country": "France", "AID": "A00000007901F1", "Type": "", "Name": "CACv1 PKI Digital Signature Key"}, {"Vendor": "Activcard Europe S.A.", "Description": "Re-directs to CACv2 Key Management key", "Country": "France", "AID": "A00000007901F2", "Type": "", "Name": "CACv1 PKI Key Management Key"}, {"Vendor": "Activcard Europe S.A.", "Description": "DoD Demographic", "Country": "France", "AID": "A0000000790200", "Type": "", "Name": "CACv2 DoD Person"}, {"Vendor": "Activcard Europe S.A.", "Description": "DoD Demographic", "Country": "France", "AID": "A0000000790201", "Type": "", "Name": "CACv2 DoD Personnel"}, {"Vendor": "Activcard Europe S.A.", "Description": "General Configuration", "Country": "France", "AID": "A00000007902FB", "Type": "", "Name": "CACv1 BC"}, {"Vendor": "Activcard Europe S.A.", "Description": "PKI Certificate Attributes", "Country": "France", "AID": "A00000007902FD", "Type": "", "Name": "CACv1 BC"}, {"Vendor": "Activcard Europe S.A.", "Description": "PKI Cert", "Country": "France", "AID": "A00000007902FE", "Type": "", "Name": "CACv1 BC"}, {"Vendor": "Activcard Europe S.A.", "Description": "CAC PIN / ID PIN Management Applet", "Country": "France", "AID": "A0000000790300", "Type": "", "Name": "CACv2 Access Control Applet"}, {"Vendor": "Activcard Europe S.A.", "Description": "Joint Data Model. BCAdmin", "Country": "France", "AID": "A0000000791201", "Type": "", "Name": "CAC JDM"}, {"Vendor": "Activcard Europe S.A.", "Description": "Joint Data Model. BCMedical", "Country": "France", "AID": "A0000000791202", "Type": "", "Name": "CAC JDM"}, {"Vendor": "Third Generation Partnership Project (3GPP)", "Description": "", "Country": "France", "AID": "A0000000871002FF49FF0589", "Type": "USIM", "Name": "Telenor USIM"}, {"Vendor": "Buypass AS", "Description": "Used by norwegian public betting company Norsk-Tipping?", "Country": "Norway", "AID": "A00000008810200105C100", "Type": "BuyPass", "Name": "BuyPass BIDA"}, {"Vendor": "Buypass AS", "Description": "", "Country": "Norway", "AID": "A000000088102201034221", "Type": "BuyPass", "Name": "BuyPass BEID (BuyPass Electronic ID?)"}, {"Vendor": "Buypass AS", "Description": "", "Country": "Norway", "AID": "A000000088102201034321", "Type": "BuyPass", "Name": "BuyPass BEID (BuyPass Electronic ID?)"}, {"Vendor": "Sa Proton World International N.V.", "Description": "Proton, which is owned in part by Visa International and American Express Co., is in three other European countries: the original Proton program in Belgium, Chipknip in the Netherlands, and Cash in Switzerland", "Country": "Belgium", "AID": "A0000000960200", "Type": "GP", "Name": "Proton World International Security Domain"}, {"Vendor": "Visa USA", "Description": "Bank of America Debit Card", "Country": "United States", "AID": "A000000098", "Type": "EMV", "Name": "Debit Card"}, {"Vendor": "Visa USA", "Description": "", "Country": "United States", "AID": "A0000000980840", "Type": "", "Name": "Visa Common Debit"}, {"Vendor": "Visa USA", "Description": "Schwab Bank Debit Card", "Country": "United States", "AID": "A0000000980848", "Type": "EMV", "Name": "Debit Card"}, {"Vendor": "Die Post Postfinance", "Description": "", "Country": "Switzerland", "AID": "A0000001110101", "Type": "", "Name": "Postcard"}, {"Vendor": "GSA - TFCS", "Description": "CHUID", "Country": "United States", "AID": "A0000001160300", "Type": "", "Name": "PIV CHUID"}, {"Vendor": "GSA - TFCS", "Description": "Fingerprints", "Country": "United States", "AID": "A0000001166010", "Type": "", "Name": "PIV Fingerprints"}, {"Vendor": "GSA - TFCS", "Description": "Facial Image", "Country": "United States", "AID": "A0000001166030", "Type": "", "Name": "PIV Facial Image"}, {"Vendor": "GSA - TFCS", "Description": "Security Object", "Country": "United States", "AID": "A0000001169000", "Type": "", "Name": "PIV Security Object"}, {"Vendor": "GSA - TFCS", "Description": "PIV Authentication Key", "Country": "United States", "AID": "A000000116A001", "Type": "", "Name": "PIV Authentication Key"}, {"Vendor": "GSA - TFCS", "Description": "Card Capability Container", "Country": "United States", "AID": "A000000116DB00", "Type": "", "Name": "CCC"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 1.3)", "Country": "Austria", "AID": "A000000118010000", "Type": "", "Name": "DF_Verkehr"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 1.3)", "Country": "Austria", "AID": "A000000118020000", "Type": "", "Name": "DF_Partner"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 1.3)", "Country": "Austria", "AID": "A000000118030000", "Type": "", "Name": "DF_Schlerdaten"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 1.32)", "Country": "Austria", "AID": "A000000118040000", "Type": "", "Name": "DF_KEP_SIG"}, {"Vendor": "Austria Card", "Description": "Digital Signature Application", "Country": "Austria", "AID": "A0000001184543", "Type": "", "Name": "Digital Signature (SSCA)"}, {"Vendor": "Austria Card", "Description": "Encryption Application (Version 1.10)", "Country": "Austria", "AID": "A000000118454E", "Type": "", "Name": "Encryption Application"}, {"Vendor": "PBS Danmark A/S", "Description": "Danish domestic debit card", "Country": "Denmark", "AID": "A0000001211010", "Type": "EMV", "Name": "Dankort (VISA GEM Vision)"}, {"Vendor": "Java Card Forum", "Description": "", "Country": "United States", "AID": "A0000001320001", "Type": "", "Name": "org.javacardforum.javacard.biometry"}, {"Vendor": "TDS TODOS DATA SYSTEM AB", "Description": "", "Country": "Sweden", "AID": "A0000001408001", "Type": "", "Name": "eCode"}, {"Vendor": "Associazione Bancaria Italiana", "Description": "CoGeBan Consorzio BANCOMAT (Italian domestic debit card)", "Country": "Italy", "AID": "A0000001410001", "Type": "EMV", "Name": "PagoBANCOMAT"}, {"Vendor": "GlobalPlatform, Inc.", "Description": "GP Card Manager", "Country": "United States", "AID": "A0000001510000", "Type": "GP", "Name": "Global Platform Security Domain AID"}, {"Vendor": "GlobalPlatform, Inc.", "Description": "SPCASD", "Country": "United States", "AID": "A00000015153504341534400", "Type": "GP", "Name": "CASD_AID"}, {"Vendor": "Diners Club International Ltd.", "Description": "Discover Card", "Country": "United States", "AID": "A0000001523010", "Type": "EMV", "Name": "Discover, Pulse D Pas"}, {"Vendor": "Diners Club International Ltd.", "Description": "Discover Debit Common Card", "Country": "United States", "AID": "A0000001524010", "Type": "EMV", "Name": "Discover"}, {"Vendor": "Banrisul - Banco do Estado do Rio Grande do SUL - S.A.", "Description": "Banrisul (Brazil)", "Country": "Brazil", "AID": "A0000001544442", "Type": "EMV", "Name": "Banricompras Debito"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570010", "Type": "", "Name": "AMEX"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570020", "Type": "", "Name": "MasterCard"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570021", "Type": "", "Name": "Maestro"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570022", "Type": "", "Name": "Maestro"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570023", "Type": "", "Name": "CASH"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570030", "Type": "", "Name": "VISA"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570031", "Type": "", "Name": "VISA"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570040", "Type": "", "Name": "JCB"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570050", "Type": "", "Name": "Postcard"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570051", "Type": "", "Name": "Postcard"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570100", "Type": "", "Name": "MCard"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570104", "Type": "", "Name": "MyOne"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001570109", "Type": "", "Name": "Mediamarkt Card"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A000000157010A", "Type": "", "Name": "Gift Card"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A000000157010B", "Type": "", "Name": "Bonuscard"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A000000157010C", "Type": "", "Name": "WIRCard"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A000000157010D", "Type": "", "Name": "Power Card"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001574443", "Type": "", "Name": "DINERS CLUB"}, {"Vendor": "Zhlke Engineering AG", "Description": "", "Country": "Switzerland", "AID": "A0000001574444", "Type": "", "Name": "Supercard Plus"}, {"Vendor": "IBM", "Description": "identify in JCOP-tools returns eg 27 34 01 2E 00 00 00 00 4E 58 37 35 31 41 00 03 28 62 B3 6A 82", "Country": "Germany", "AID": "A000000167413000FF", "Type": "JCOP", "Name": "JCOP Identify Applet"}, {"Vendor": "IBM", "Description": "?", "Country": "Germany", "AID": "A000000167413001", "Type": "", "Name": "FIPS 140-2"}, {"Vendor": "Financial Information Service Co. Ltd.", "Description": "The Bankers Association of the Republic of China", "Country": "Taiwan", "AID": "A000000172950001", "Type": "EMV", "Name": "BAROC Financial Application Taiwan"}, {"Vendor": "Ministre de L'Intrieur", "Description": "", "Country": "Belgium", "AID": "A000000177504B43532D3135", "Type": "", "Name": "BelPIC (Belgian Personal Identity Card)"}, {"Vendor": "Post Office Limited", "Description": "", "Country": "United Kingdom", "AID": "A0000001850002", "Type": "EMV", "Name": "UK Post Office Account card"}, {"Vendor": "Diners Club Switzerland Ltd", "Description": "", "Country": "Switzerland", "AID": "A0000001884443", "Type": "", "Name": "DINERS CLUB"}, {"Vendor": "Association for Payment Clearing Services", "Description": "", "Country": "United Kingdom", "AID": "A0000002040000", "Type": "", "Name": "?"}, {"Vendor": "Saudi Arabian Monetary Agency (SAMA)", "Description": "SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)", "Country": "Kingdom of Saudi Arabia", "AID": "A0000002281010", "Type": "EMV", "Name": "SPAN (M/Chip)"}, {"Vendor": "Saudi Arabian Monetary Agency (SAMA)", "Description": "SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)", "Country": "Kingdom of Saudi Arabia", "AID": "A0000002282010", "Type": "EMV", "Name": "SPAN (VIS)"}, {"Vendor": "Saudi Arabian Monetary Agency (SAMA)", "Description": "SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)", "Country": "Kingdom of Saudi Arabia", "AID": "A00000022820101010", "Type": "", "Name": "SPAN"}, {"Vendor": "ISO JTC1/SC17/WG3", "Description": "Electronic (Biometric) Passport. Issuer stored data application (The last three digits of the PIX shall be used to denote future version levels.)", "Country": "United Kingdom", "AID": "A0000002471001", "Type": "MRTD", "Name": "Machine Readable Travel Documents (MRTD)"}, {"Vendor": "ISO JTC1/SC17/WG3", "Description": "Electronic (Biometric) Passport. Application for hashes, digital signature, and certificate (The last three digits of the PIX shall be used to denote future version levels.)", "Country": "United Kingdom", "AID": "A0000002472001", "Type": "MRTD", "Name": "Machine Readable Travel Documents (MRTD)"}, {"Vendor": "Interac Association", "Description": "Canadian domestic credit/debit card", "Country": "Canada", "AID": "A0000002771010", "Type": "EMV", "Name": "INTERAC"}, {"Vendor": "PS/SC Workgroup", "Description": "Possibly not an application...", "Country": "United States", "AID": "A00000030600000000000000", "Type": "", "Name": "PC/SC Initial access data AID"}, {"Vendor": "National Institute of Standards and Technology", "Description": "PIV End Point Applet. Last 2 bytes designate version?", "Country": "United States", "AID": "A000000308000010000100", "Type": "", "Name": "Personal Identity Verification (PIV) / ID-ONE PIV BIO"}, {"Vendor": "Currence Holding/PIN BV", "Description": "", "Country": "The Netherlands", "AID": "A00000031510100528", "Type": "EMV", "Name": "Currence PuC"}, {"Vendor": "Currence Holding/PIN BV", "Description": "", "Country": "The Netherlands", "AID": "A0000003156020", "Type": "EMV", "Name": "Chipknip"}, {"Vendor": "Identity Alliance", "Description": "http://osdir.com/ml/lib.muscle/2005-12/msg00066.html", "Country": "United States", "AID": "A00000032301", "Type": "", "Name": "MUSCLE Applet Package"}, {"Vendor": "Identity Alliance", "Description": "http://osdir.com/ml/lib.muscle/2005-12/msg00066.html", "Country": "United States", "AID": "A0000003230101", "Type": "", "Name": "MUSCLE Applet Instance"}, {"Vendor": "Discover Financial Services LLC", "Description": "", "Country": "United States", "AID": "A0000003241010", "Type": "", "Name": "Discover Expresspay (ZIP)"}, {"Vendor": "China Unionpay Co. Ltd", "Description": "", "Country": "China", "AID": "A000000333010101", "Type": "", "Name": "UnionPay Debit"}, {"Vendor": "China Unionpay Co. Ltd", "Description": "", "Country": "China", "AID": "A000000333010102", "Type": "", "Name": "UnionPay Credit"}, {"Vendor": "China Unionpay Co. Ltd", "Description": "", "Country": "China", "AID": "A000000333010103", "Type": "", "Name": "UnionPay Quasi Credit"}, {"Vendor": "China Unionpay Co. Ltd", "Description": "", "Country": "China", "AID": "A000000333010106", "Type": "", "Name": "UnionPay Electronic Cash"}, {"Vendor": "China Unionpay Co. Ltd", "Description": "", "Country": "China", "AID": "A000000333010108", "Type": "", "Name": "U.S. UnionPay Common Debit AID"}, {"Vendor": "Euro Alliance of Payment Schemes s.c.r.l. - EAPS", "Description": "Unknown", "Country": "Belgium", "AID": "A0000003591010", "Type": "", "Name": ""}, {"Vendor": "Euro Alliance of Payment Schemes s.c.r.l. - EAPS", "Description": "ZKA (Germany)", "Country": "Belgium", "AID": "A0000003591010028001", "Type": "EMV", "Name": "Girocard EAPS"}, {"Vendor": "Euro Alliance of Payment Schemes s.c.r.l. - EAPS", "Description": "PagoBANCOMAT", "Country": "Belgium", "AID": "A00000035910100380", "Type": "", "Name": ""}, {"Vendor": "Poste Italiane S.P.A", "Description": "", "Country": "Italy", "AID": "A0000003660001", "Type": "", "Name": "Postamat"}, {"Vendor": "Poste Italiane S.P.A", "Description": "", "Country": "Italy", "AID": "A0000003660002", "Type": "", "Name": "Postamat VISA"}, {"Vendor": "Interswitch Limited", "Description": "Nigerian local switch company", "Country": "Nigeria", "AID": "A0000003710001", "Type": "EMV", "Name": "InterSwitch Verve Card"}, {"Vendor": "NXP Semiconductors Germany GmbH", "Description": "NXP Mf4M", "Country": "Germany", "AID": "A0000003964D66344D0002", "Type": "", "Name": "MIFARE4MOBILE"}, {"Vendor": "Microsoft Corporation", "Description": "Identity Device With Microsoft Generic Profile application. 2 bytes can be added at the end. This byte must be set to the IDMP specification revision number which is currently 0x01. The second byte (yy) is reserved for use by the card application.", "Country": "United States", "AID": "A00000039742544659", "Type": "", "Name": "Microsoft IDMP AID"}, {"Vendor": "Microsoft Corporation", "Description": "MS Plug and Play", "Country": "United States", "AID": "A0000003974349445F0100", "Type": "", "Name": "Microsoft PNP AID"}, {"Vendor": "Unibanco (Hipercard)", "Description": "", "Country": "Brazil", "AID": "A0000004271010", "Type": "", "Name": "Hiperchip"}, {"Vendor": "100", "Description": "", "Country": "Russia", "AID": "A0000004320001", "Type": "", "Name": "Universal Electronic Card"}, {"Vendor": "Edenred", "Description": "", "Country": "Belgium", "AID": "A0000004360100", "Type": "", "Name": "Ticket Restaurant"}, {"Vendor": "ACCEL/Exchange", "Description": "The Exchange Network ATM Network", "Country": "United States", "AID": "A0000004391010", "Type": "", "Name": "Exchange ATM card"}, {"Vendor": "eTranzact", "Description": "Nigerian local switch company", "Country": "Nigeria", "AID": "A0000004540010", "Type": "EMV", "Name": "Etranzact Genesis Card"}, {"Vendor": "eTranzact", "Description": "Nigerian local switch company", "Country": "Nigeria", "AID": "A0000004540011", "Type": "EMV", "Name": "Etranzact Genesis Card 2"}, {"Vendor": "Google", "Description": "GOOGLE_LOCKET_AID", "Country": "United States", "AID": "A0000004762010", "Type": "", "Name": "GOOGLE_CONTROLLER_AID"}, {"Vendor": "Google", "Description": "", "Country": "United States", "AID": "A0000004763030", "Type": "", "Name": "GOOGLE_MIFARE_MANAGER_AID"}, {"Vendor": "Google", "Description": "", "Country": "United States", "AID": "A0000004766C", "Type": "EMV", "Name": "GOOGLE_PAYMENT_AID"}, {"Vendor": "Google", "Description": "", "Country": "United States", "AID": "A000000476A010", "Type": "GP", "Name": "GSD_MANAGER_AID"}, {"Vendor": "Google", "Description": "", "Country": "United States", "AID": "A000000476A110", "Type": "GP", "Name": "GSD_MANAGER_AID"}, {"Vendor": "JVL Ventures, LLC (Softcard)", "Description": "", "Country": "United States", "AID": "A000000485", "Type": "", "Name": "Softcard SmartTap"}, {"Vendor": "RuPay", "Description": "RuPay (India)", "Country": "India", "AID": "A0000005241010", "Type": "EMV", "Name": "RuPay"}, {"Vendor": "Yubico", "Description": "Universal 2-Factor Proof-of-concept/Demo", "Country": "Sweden", "AID": "A0000005271002", "Type": "YKNEO", "Name": "Yubikey NEO U2F Demo applet"}, {"Vendor": "Yubico", "Description": "Javacard Applet AID", "Country": "Sweden", "AID": "A000000527200101", "Type": "YKNEO", "Name": "Yubikey NEO Yubikey2 applet interface"}, {"Vendor": "Yubico", "Description": "Javacard Applet AID", "Country": "Sweden", "AID": "A000000527210101", "Type": "YKNEO", "Name": "Yubikey NEO OATH Applet"}, {"Vendor": "GSMA (GSM Association)", "Description": "", "Country": "United Kingdom", "AID": "A0000005591010FFFFFFFF8900000100", "Type": "", "Name": "ISD-R Application. Used as TAR."}, {"Vendor": "GSMA (GSM Association)", "Description": "", "Country": "United Kingdom", "AID": "A0000005591010FFFFFFFF8900000200", "Type": "", "Name": "ECASD Application. Used as TAR."}, {"Vendor": "GSMA (GSM Association)", "Description": "", "Country": "United Kingdom", "AID": "A0000005591010FFFFFFFF8900000D00", "Type": "", "Name": "ISD-P Executable Load File."}, {"Vendor": "GSMA (GSM Association)", "Description": "", "Country": "United Kingdom", "AID": "A0000005591010FFFFFFFF8900000E00", "Type": "", "Name": "ISD-P Executable Module."}, {"Vendor": "GSMA (GSM Association)", "Description": "", "Country": "United Kingdom", "AID": "A0000005591010FFFFFFFF8900000F00", "Type": "", "Name": "Reserved value for the Profile's ISD-P"}, {"Vendor": "GSMA (GSM Association)", "Description": "", "Country": "United Kingdom", "AID": "A0000005591010FFFFFFFF8900001000", "Type": "", "Name": "ISD-P Application ('1010FFFFFFFF89000010' to '1010FFFFFFFF8900FFFF'. Used as TAR. The value is allocated during the 'Profile Download and Installation procedure'"}, {"Vendor": "Fidesmo", "Description": "", "Country": "Sweden", "AID": "A00000061700", "Type": "", "Name": "Fidesmo javacard"}, {"Vendor": "Debit Network Alliance (DNA)", "Description": "Common U.S. Debit", "Country": "United States", "AID": "A0000006200620", "Type": "", "Name": "Debit Network Alliance (DNA)"}, {"Vendor": "MIR", "Description": "", "Country": "Russia", "AID": "A0000006581010", "Type": "", "Name": "MIR Credit"}, {"Vendor": "MIR", "Description": "", "Country": "Russia", "AID": "A0000006582010", "Type": "", "Name": "MIR Debit"}, {"Vendor": "TROY", "Description": "Turkey's Payment Method", "Country": "Turkey", "AID": "A0000006723010", "Type": "EMV", "Name": "TROY chip credit card"}, {"Vendor": "TROY", "Description": "Turkey's Payment Method", "Country": "Turkey", "AID": "A0000006723020", "Type": "EMV", "Name": "TROY chip debit card"}, {"Vendor": "Indian Oil Corporation Limited", "Description": "Indian Oils Pre Paid Program", "Country": "India", "AID": "A0000007705850", "Type": "EMV", "Name": "XTRAPOWER Fleet Card Program"}, {"Vendor": "MasterCard International", "Description": "Used for development", "Country": "United States", "AID": "B012345678", "Type": "EMV", "Name": "Maestro TEST"}, {"Vendor": "Paylife", "Description": "Domestic Payment System (Version 2.1)", "Country": "Austria", "AID": "D040000001000002", "Type": "", "Name": "Paylife Quick (IEP). Preloaded Electronic Purse"}, {"Vendor": "Austria Card", "Description": "Domestic Payment System (Version 2.1)", "Country": "Austria", "AID": "D040000002000002", "Type": "", "Name": "RFU"}, {"Vendor": "Austria Card", "Description": "Domestic Payment System (Version 2.1)", "Country": "Austria", "AID": "D040000003000002", "Type": "", "Name": "POS"}, {"Vendor": "Austria Card", "Description": "Domestic Payment System (Version 2.1)", "Country": "Austria", "AID": "D040000004000002", "Type": "", "Name": "ATM"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 2.1)", "Country": "Austria", "AID": "D04000000B000002", "Type": "", "Name": "Retail"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 2.1)", "Country": "Austria", "AID": "D04000000C000002", "Type": "", "Name": "Bank_Data"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 2.1)", "Country": "Austria", "AID": "D04000000D000002", "Type": "", "Name": "Shopping"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 2.0)", "Country": "Austria", "AID": "D040000013000001", "Type": "", "Name": "DF_UNI_Kepler1"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 1.3)", "Country": "Austria", "AID": "D040000013000001", "Type": "", "Name": "DF_Schler1"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 2.0)", "Country": "Austria", "AID": "D040000013000002", "Type": "", "Name": "DF_UNI_Kepler2"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 1.3)", "Country": "Austria", "AID": "D040000013000002", "Type": "", "Name": "DF_Schler2"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 2.0)", "Country": "Austria", "AID": "D040000014000001", "Type": "", "Name": "DF_Mensa"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 2.0)", "Country": "Austria", "AID": "D040000015000001", "Type": "", "Name": "DF_UNI_Ausweis"}, {"Vendor": "Austria Card", "Description": "Domestic Loyalty Program (Version 1.3)", "Country": "Austria", "AID": "D040000015000001", "Type": "", "Name": "DF_Ausweis"}, {"Vendor": "Austria Card", "Description": "Domestic EMV Application (Version 2.1)", "Country": "Austria", "AID": "D0400000190001", "Type": "", "Name": "EMV ATM Maestro"}, {"Vendor": "Austria Card", "Description": "Domestic EMV Application (Version 2.1)", "Country": "Austria", "AID": "D0400000190002", "Type": "", "Name": "EMV POS Maestro"}, {"Vendor": "Austria Card", "Description": "Domestic EMV Application (Version 2.1)", "Country": "Austria", "AID": "D0400000190003", "Type": "", "Name": "EMV ATM MasterCard"}, {"Vendor": "Austria Card", "Description": "Domestic EMV Application (Version 2.1)", "Country": "Austria", "AID": "D0400000190004", "Type": "", "Name": "EMV POS MasterCard"}, {"Vendor": "Austria Card", "Description": "Domestic Payment System (Version 2.1)", "Country": "Austria", "AID": "D0400000190010", "Type": "", "Name": "Digital ID"}, {"Vendor": "Ministry of Finance of Georgia", "Description": "Georgia Revenue Service application for fiscal cash registers", "Country": "Georgia", "AID": "D268000001", "Type": "", "Name": "Fiscal module application"}, {"Vendor": "Giesecke&Devrient", "Description": "Giesecke & Devrient", "Country": "Germany", "AID": "D276000005", "Type": "", "Name": ""}, {"Vendor": "Giesecke&Devrient", "Description": "", "Country": "Germany", "AID": "D276000005AA040360010410", "Type": "", "Name": "G D App Nokia 6212"}, {"Vendor": "Giesecke&Devrient", "Description": "", "Country": "Germany", "AID": "D276000005AA0503E00401", "Type": "", "Name": "G D App Nokia 6212"}, {"Vendor": "Giesecke&Devrient", "Description": "", "Country": "Germany", "AID": "D276000005AA0503E00501", "Type": "", "Name": "G D App Nokia 6212"}, {"Vendor": "Giesecke&Devrient", "Description": "", "Country": "Germany", "AID": "D276000005AA0503E0050101", "Type": "", "Name": "G D App Nokia 6212"}, {"Vendor": "Giesecke&Devrient", "Description": "", "Country": "Germany", "AID": "D276000005AB0503E0040101", "Type": "", "Name": "G D App Nokia 6212"}, {"Vendor": "IBM Laboratories", "Description": "IBM Test card from the book 'Smart Card Application Development Using Java'", "Country": "Germany", "AID": "D27600002200000001", "Type": "", "Name": "SCT LOYALTY"}, {"Vendor": "IBM Laboratories", "Description": "IBM Test card from the book 'Smart Card Application Development Using Java'", "Country": "Germany", "AID": "D27600002200000002", "Type": "", "Name": "BUSINESS CARD"}, {"Vendor": "IBM Laboratories", "Description": "IBM Test card from the book 'Smart Card Application Development Using Java'", "Country": "Germany", "AID": "D27600002200000060", "Type": "", "Name": "PKCS#11 Token"}, {"Vendor": "ZKA", "Description": "Girocard (Geldkarte) in Germany", "Country": "Germany", "AID": "D276000025", "Type": "", "Name": "Girocard"}, {"Vendor": "ZKA", "Description": "Unknown", "Country": "Germany", "AID": "D27600002545410100", "Type": "", "Name": ""}, {"Vendor": "ZKA", "Description": "ZKA Girocard (Geldkarte) (Germany)", "Country": "Germany", "AID": "D27600002545500100", "Type": "EMV", "Name": "Girocard"}, {"Vendor": "ZKA", "Description": "", "Country": "Germany", "AID": "D27600002547410100", "Type": "", "Name": "Girocard ATM"}, {"Vendor": "Wolfgang Rankl", "Description": "", "Country": "Germany", "AID": "D276000060", "Type": "", "Name": ""}, {"Vendor": "NXP Semiconductors / NFC Forum", "Description": "NFC Forum Type 4 Tag", "Country": "Germany", "AID": "D2760000850100", "Type": "", "Name": "NDEF Tag Application / Mifare DESFire Tag Application"}, {"Vendor": "NXP Semiconductors / NFC Forum", "Description": "NFC Tag type 4 tag", "Country": "Germany", "AID": "D2760000850101", "Type": "", "Name": "NDEF Tag Application"}, {"Vendor": "Giesecke&Devrient Java Card Telecommunikation", "Description": "", "Country": "Germany", "AID": "D276000118", "Type": "", "Name": ""}, {"Vendor": "Giesecke&Devrient Java Card Telecommunikation", "Description": "Devrient Test Applet?", "Country": "Germany", "AID": "D2760001180101", "Type": "", "Name": "Giesecke &"}, {"Vendor": "fsfEurope", "Description": "For selection when not knowing the exact full AID", "Country": "Germany", "AID": "D27600012401", "Type": "OpenPGP", "Name": "OpenPGP Card"}, {"Vendor": "fsfEurope", "Description": "Version 1", "Country": "Germany", "AID": "D276000124010101FFFF000000010000", "Type": "OpenPGP", "Name": "OpenPGP Card"}, {"Vendor": "fsfEurope", "Description": "Version 2", "Country": "Germany", "AID": "D2760001240102000000000000010000", "Type": "OpenPGP", "Name": "OpenPGP Card"}, {"Vendor": "fsfEurope", "Description": "http://smartchess.de/englisch/SmartChess_1.0.pdf", "Country": "Germany", "AID": "D27600012402", "Type": "SmartChess", "Name": "SmartChess"}, {"Vendor": "fsfEurope", "Description": "http://smartchess.de/englisch/SmartChess_1.0.pdf", "Country": "Germany", "AID": "D2760001240200010000000000000000", "Type": "SmartChess", "Name": "SmartChess"}, {"Vendor": "", "Description": "", "Country": "Republic of Korea", "AID": "D4100000011010", "Type": "", "Name": ""}, {"Vendor": "", "Description": "(Netherlands)", "Country": "The Netherlands", "AID": "D5280050218002", "Type": "EMV", "Name": "?"}, {"Vendor": "Bankaxept", "Description": "Norwegian domestic debit card", "Country": "Norway", "AID": "D5780000021010", "Type": "EMV", "Name": "Bankaxept"}, {"Vendor": "Swiss Travel Fund (Reka)", "Description": "prepaid functional debit card", "Country": "Switzerland", "AID": "D7560000010101", "Type": "", "Name": "Reka Card"}, {"Vendor": "Migros (FCM, GE Money Bank and MasterCard)", "Description": "", "Country": "Switzerland", "AID": "D7560000300101", "Type": "", "Name": "M Budget"}, {"Vendor": "", "Description": "German eID", "Country": "", "AID": "E80704007F00070302", "Type": "", "Name": "nPA"}, {"Vendor": "", "Description": "", "Country": "", "AID": "E82881C11702", "Type": "", "Name": "AlphaCard application"}, {"Vendor": "", "Description": "Iso adoption of PKCS-15", "Country": "", "AID": "E828BD080F", "Type": "", "Name": "ISO-7816-15 EF.DIR"}, {"Vendor": "", "Description": "Brazilian Bank Banco Bradesco", "Country": "", "AID": "F0000000030001", "Type": "EMV", "Name": "BRADESCO"}] \ No newline at end of file +[ + { + "AID": "315041592E5359532E4444463031", + "Vendor": "EMV", + "Country": "United States", + "Name": "EMV Payment System Environment - PSE (1PAY.SYS.DDF01)", + "Description": "", + "Type": "" + }, + { + "AID": "325041592E5359532E4444463031", + "Vendor": "EMV", + "Country": "United States", + "Name": "EMV Proximity Payment System Environment - PPSE (2PAY.SYS.DDF01)", + "Description": "Visa payWave for Mobile", + "Type": "" + }, + { + "AID": "44464D46412E44466172653234313031", + "Vendor": "DeviceFidelity", + "Country": "United States", + "Name": "DeviceFidelity In2Pay DFare applet", + "Description": "http://www.nfcworld.com/2010/11/24/35207/devicefidelity-adds-nfc-support-for-android-and-mifare/", + "Type": "" + }, + { + "AID": "A00000000101", + "Vendor": "PBS Danmnt A/S", + "Country": "Denmark", + "Name": "MUSCLE Card Applet", + "Description": "(Unlicensed use of this RID. Proposal to use A000000323 instead)", + "Type": "" + }, + { + "AID": "A000000003000000", + "Vendor": "Visa International", + "Country": "United States", + "Name": "(VISA) Card Manager", + "Description": "Used by most GP2.1.1 cards / Oberthur OP201 cards. Visa Proprietary Card Manager AID for OpenPlatform cards (visa.openplatform).", + "Type": "GP" + }, + { + "AID": "A00000000300037561", + "Vendor": "Visa International", + "Country": "United States", + "Name": "Bonuscard", + "Description": "", + "Type": "" + }, + { + "AID": "A00000000305076010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA ELO Credit", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000031010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Debit/Credit (Classic)", + "Description": "Standard/Gold VISA credit card", + "Type": "EMV" + }, + { + "AID": "A000000003101001", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Credit", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A000000003101002", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Debit", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000032010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Electron", + "Description": "VISA Electron (Debit)", + "Type": "EMV" + }, + { + "AID": "A0000000032020", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA", + "Description": "V PAY", + "Type": "EMV" + }, + { + "AID": "A0000000033010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Interlink", + "Description": "VISA Interlink", + "Type": "EMV" + }, + { + "AID": "A0000000034010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Specific", + "Description": "Visa Specific", + "Type": "EMV" + }, + { + "AID": "A0000000035010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Specific", + "Description": "Visa Specific", + "Type": "EMV" + }, + { + "AID": "A000000003534441", + "Vendor": "Visa International", + "Country": "United States", + "Name": "Schlumberger Security Domain", + "Description": "", + "Type": "GP" + }, + { + "AID": "A0000000035350", + "Vendor": "Visa International", + "Country": "United States", + "Name": "Security Domain", + "Description": "OCS Oberthur Card System Security Domain Package AID / VGP Card Manager (for ISD and ASD)", + "Type": "GP" + }, + { + "AID": "A000000003535041", + "Vendor": "Visa International", + "Country": "United States", + "Name": "Security Domain", + "Description": "OCS Oberthur Card System Security Domain Applet AID / VGP Card Manager (for ISD and ASD)", + "Type": "GP" + }, + { + "AID": "A0000000036010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "Domestic Visa Cash Stored Value", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000036020", + "Vendor": "Visa International", + "Country": "United States", + "Name": "International Visa Cash Stored Value", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000038002", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Auth, VisaRemAuthen EMV-CAP (DPA)", + "Description": "VISA Auth dynamic passcode authentication (DPA). Used by Barclays/HBOS", + "Type": "EMV" + }, + { + "AID": "A0000000038010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Plus", + "Description": "VISA plus", + "Type": "EMV" + }, + { + "AID": "A0000000039010", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Loyalty", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A000000003999910", + "Vendor": "Visa International", + "Country": "United States", + "Name": "VISA Proprietary ATM", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000040000", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Card Manager", + "Description": "Security Domain", + "Type": "GP" + }, + { + "AID": "A00000000401", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard PayPass", + "Description": "AEPM (Association Europenne Payez Mobile)", + "Type": "EMV" + }, + { + "AID": "A0000000041010", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Credit/Debit (Global)", + "Description": "Standard MasterCard", + "Type": "EMV" + }, + { + "AID": "A00000000410101213", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Credit", + "Description": "Standard MasterCard", + "Type": "EMV" + }, + { + "AID": "A00000000410101215", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Credit", + "Description": "Standard MasterCard", + "Type": "EMV" + }, + { + "AID": "A0000000041010BB5449435301", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "[UNKNOWN]", + "Description": "Some co-branded card", + "Type": "" + }, + { + "AID": "A0000000042010", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Specific", + "Description": "MasterCard Specific", + "Type": "EMV" + }, + { + "AID": "A0000000042203", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Specific", + "Description": "MasterCard U.S. Maestro", + "Type": "" + }, + { + "AID": "A0000000043010", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Specific", + "Description": "MasterCard Specific", + "Type": "EMV" + }, + { + "AID": "A0000000043060", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "Maestro (Debit)", + "Description": "Maestro (Debit) Card", + "Type": "EMV" + }, + { + "AID": "A000000004306001", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "Maestro (Debit)", + "Description": "Maestro (Debit) Card", + "Type": "EMV" + }, + { + "AID": "A0000000044010", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Specific", + "Description": "MasterCard Specific", + "Type": "EMV" + }, + { + "AID": "A0000000045010", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard Specific", + "Description": "MasterCard Specific", + "Type": "EMV" + }, + { + "AID": "A0000000045555", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "APDULogger", + "Description": "AID on Cirrus Test Card", + "Type": "" + }, + { + "AID": "A0000000046000", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "Cirrus", + "Description": "Mastercard Cirrus (Interbank Network) ATM card only", + "Type": "EMV" + }, + { + "AID": "A0000000048002", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "SecureCode Auth EMV-CAP", + "Description": "Chip Authentication Protocol (CAP). Works with NatWest or SecureCode Aut", + "Type": "EMV" + }, + { + "AID": "A0000000049999", + "Vendor": "Mastercard International", + "Country": "United States", + "Name": "MasterCard PayPass", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000050001", + "Vendor": "Switch Card Services Ltd.", + "Country": "United Kingdom", + "Name": "Maestro UK", + "Description": "UK Domestic Maestro - Switch (debit card)", + "Type": "EMV" + }, + { + "AID": "A0000000050002", + "Vendor": "Switch Card Services Ltd.", + "Country": "United Kingdom", + "Name": "Solo", + "Description": "UK Domestic Maestro - Switch (debit card)", + "Type": "EMV" + }, + { + "AID": "A0000000090001FF44FF1289", + "Vendor": "ETSI", + "Country": "France", + "Name": "Orange", + "Description": "Orange UK", + "Type": "" + }, + { + "AID": "A0000000101030", + "Vendor": "Europay International", + "Country": "Belgium", + "Name": "Maestro-CH", + "Description": "", + "Type": "" + }, + { + "AID": "A00000001800", + "Vendor": "GEMPLUS", + "Country": "France", + "Name": "Gemplus ", + "Description": "", + "Type": "" + }, + { + "AID": "A0000000181001", + "Vendor": "GEMPLUS", + "Country": "France", + "Name": "com.gemplus.javacard.util packages", + "Description": "", + "Type": "" + }, + { + "AID": "A000000018434D", + "Vendor": "GEMPLUS", + "Country": "France", + "Name": "Gemplus card manager", + "Description": "434D = CM (ascii). Security domain for some GCX/GXP cards (GemXpresso Pro) (Gemalto)", + "Type": "GP" + }, + { + "AID": "A000000018434D00", + "Vendor": "GEMPLUS", + "Country": "France", + "Name": "Gemplus Security Domain", + "Description": "(Gemalto)", + "Type": "GP" + }, + { + "AID": "A00000002401", + "Vendor": "Midland Bank Plc", + "Country": "United Kingdom", + "Name": "Self Service", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A000000025", + "Vendor": "American Express", + "Country": "United Kingdom", + "Name": "American Express", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000250000", + "Vendor": "American Express", + "Country": "United Kingdom", + "Name": "American Express", + "Description": "American Express (Credit/Debit)", + "Type": "EMV" + }, + { + "AID": "A00000002501", + "Vendor": "American Express", + "Country": "United Kingdom", + "Name": "American Express", + "Description": "AEIPS-compliant (A-E contact EMV) payment application", + "Type": "EMV" + }, + { + "AID": "A000000025010104", + "Vendor": "American Express", + "Country": "United Kingdom", + "Name": "American Express", + "Description": "", + "Type": "" + }, + { + "AID": "A000000025010402", + "Vendor": "American Express", + "Country": "United Kingdom", + "Name": "American Express", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A000000025010701", + "Vendor": "American Express", + "Country": "United Kingdom", + "Name": "ExpressPay", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A000000025010801", + "Vendor": "American Express", + "Country": "United Kingdom", + "Name": "American Express", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000291010", + "Vendor": "LINK Interchange Network Ltd", + "Country": "United Kingdom", + "Name": "Link / American Express", + "Description": "Link (UK) ATM Network, or AMEX (Portugal)", + "Type": "EMV" + }, + { + "AID": "A00000002945087510100000", + "Vendor": "LINK Interchange Network Ltd", + "Country": "United Kingdom", + "Name": "CO-OP", + "Description": "", + "Type": "" + }, + { + "AID": "A00000002949034010100001", + "Vendor": "LINK Interchange Network Ltd", + "Country": "United Kingdom", + "Name": "HSBC", + "Description": "", + "Type": "" + }, + { + "AID": "A00000002949282010100000", + "Vendor": "LINK Interchange Network Ltd", + "Country": "United Kingdom", + "Name": "Barclay", + "Description": "", + "Type": "" + }, + { + "AID": "A000000029564182", + "Vendor": "LINK Interchange Network Ltd", + "Country": "United Kingdom", + "Name": "HAFX", + "Description": "", + "Type": "" + }, + { + "AID": "A00000003029057000AD13100101FF", + "Vendor": "Schlumberger Industries Identif d'Encarteur PR050", + "Country": "France", + "Name": "BelPIC (Belgian Personal Identity Card) JavaCard Applet", + "Description": "Schlumberger (Gemalto) RID", + "Type": "" + }, + { + "AID": "A0000000308000000000280101", + "Vendor": "Schlumberger Industries Identif d'Encarteur PR050", + "Country": "France", + "Name": "Gemalto .NET Card AID", + "Description": "", + "Type": "" + }, + { + "AID": "A0000000421010", + "Vendor": "Groupement des Cartes Bancaires 'CB'", + "Country": "France", + "Name": "Cartes Bancaire EMV Card", + "Description": "Groupement des Cartes Bancaires (France)", + "Type": "EMV" + }, + { + "AID": "A0000000422010", + "Vendor": "Groupement des Cartes Bancaires 'CB'", + "Country": "France", + "Name": "", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000423010", + "Vendor": "Groupement des Cartes Bancaires 'CB'", + "Country": "France", + "Name": "", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000424010", + "Vendor": "Groupement des Cartes Bancaires 'CB'", + "Country": "France", + "Name": "", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000425010", + "Vendor": "Groupement des Cartes Bancaires 'CB'", + "Country": "France", + "Name": "", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000426010", + "Vendor": "Groupement des Cartes Bancaires 'CB'", + "Country": "France", + "Name": "Contactless payment using Apple Pay", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A00000005945430100", + "Vendor": "Zentraler Kreditausschuss (ZKA)", + "Country": "Germany", + "Name": "Girocard Electronic Cash", + "Description": "", + "Type": "" + }, + { + "AID": "A000000063504B43532D3135", + "Vendor": "RSA Laboratories", + "Country": "United States", + "Name": "PKCS-15", + "Description": "RSA PKCS-15 PKI application (Predecessor to ISO7816-15) / ID-card in Finland", + "Type": "" + }, + { + "AID": "A0000000635741502D57494D", + "Vendor": "RSA Laboratories", + "Country": "United States", + "Name": "WAP-WIM", + "Description": "WAP (Wireless Application Protocol) Identity Module / Wireless Identification Module", + "Type": "" + }, + { + "AID": "A00000006510", + "Vendor": "JCB CO., LTD.", + "Country": "Japan", + "Name": "JCB", + "Description": "Japan Credit Bureau", + "Type": "EMV" + }, + { + "AID": "A0000000651010", + "Vendor": "JCB CO., LTD.", + "Country": "Japan", + "Name": "JCB J Smart Credit", + "Description": "Japan Credit Bureau", + "Type": "EMV" + }, + { + "AID": "A00000006900", + "Vendor": "Socit Europenne de Monnaie Electronique SEME", + "Country": "France", + "Name": "Moneo", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A000000077010000021000000000003B", + "Vendor": "Oberthur Technologies", + "Country": "France", + "Name": "Visa AEPN", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000000790100", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv2 PKI ID", + "Description": "Identity Key", + "Type": "" + }, + { + "AID": "A0000000790101", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv2 PKI Sign", + "Description": "Digital Signature Key", + "Type": "" + }, + { + "AID": "A0000000790102", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv2 PKI Enc", + "Description": "Key Management Key", + "Type": "" + }, + { + "AID": "A00000007901F0", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv1 PKI Identity Key", + "Description": "Re-directs to CACv2 PKI Identity key", + "Type": "" + }, + { + "AID": "A00000007901F1", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv1 PKI Digital Signature Key", + "Description": "Re-directs to CACv2 Digital Signature key", + "Type": "" + }, + { + "AID": "A00000007901F2", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv1 PKI Key Management Key", + "Description": "Re-directs to CACv2 Key Management key", + "Type": "" + }, + { + "AID": "A0000000790200", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv2 DoD Person", + "Description": "DoD Demographic", + "Type": "" + }, + { + "AID": "A0000000790201", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv2 DoD Personnel", + "Description": "DoD Demographic", + "Type": "" + }, + { + "AID": "A00000007902FB", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv1 BC", + "Description": "General Configuration", + "Type": "" + }, + { + "AID": "A00000007902FD", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv1 BC", + "Description": "PKI Certificate Attributes", + "Type": "" + }, + { + "AID": "A00000007902FE", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv1 BC", + "Description": "PKI Cert", + "Type": "" + }, + { + "AID": "A0000000790300", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CACv2 Access Control Applet", + "Description": "CAC PIN / ID PIN Management Applet", + "Type": "" + }, + { + "AID": "A0000000791201", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CAC JDM", + "Description": "Joint Data Model. BCAdmin", + "Type": "" + }, + { + "AID": "A0000000791202", + "Vendor": "Activcard Europe S.A.", + "Country": "France", + "Name": "CAC JDM", + "Description": "Joint Data Model. BCMedical", + "Type": "" + }, + { + "AID": "A0000000871002FF49FF0589", + "Vendor": "Third Generation Partnership Project (3GPP)", + "Country": "France", + "Name": "Telenor USIM", + "Description": "", + "Type": "USIM" + }, + { + "AID": "A00000008810200105C100", + "Vendor": "Buypass AS", + "Country": "Norway", + "Name": "BuyPass BIDA", + "Description": "Used by norwegian public betting company Norsk-Tipping", + "Type": "BuyPass" + }, + { + "AID": "A000000088102201034221", + "Vendor": "Buypass AS", + "Country": "Norway", + "Name": "BuyPass BEID (BuyPass Electronic ID)", + "Description": "", + "Type": "BuyPass" + }, + { + "AID": "A000000088102201034321", + "Vendor": "Buypass AS", + "Country": "Norway", + "Name": "BuyPass BEID (BuyPass Electronic ID)", + "Description": "", + "Type": "BuyPass" + }, + { + "AID": "A0000000960200", + "Vendor": "Sa Proton World International N.V.", + "Country": "Belgium", + "Name": "Proton World International Security Domain", + "Description": "Proton, which is owned in part by Visa International and American Express Co., is in three other European countries: the original Proton program in Belgium, Chipknip in the Netherlands, and Cash in Switzerland", + "Type": "GP" + }, + { + "AID": "A000000098", + "Vendor": "Visa USA", + "Country": "United States", + "Name": "Debit Card", + "Description": "Bank of America Debit Card", + "Type": "EMV" + }, + { + "AID": "A0000000980840", + "Vendor": "Visa USA", + "Country": "United States", + "Name": "Visa Common Debit", + "Description": "", + "Type": "" + }, + { + "AID": "A0000000980848", + "Vendor": "Visa USA", + "Country": "United States", + "Name": "Debit Card", + "Description": "Schwab Bank Debit Card", + "Type": "EMV" + }, + { + "AID": "A0000001110101", + "Vendor": "Die Post Postfinance", + "Country": "Switzerland", + "Name": "Postcard", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001160300", + "Vendor": "GSA - TFCS", + "Country": "United States", + "Name": "PIV CHUID", + "Description": "CHUID", + "Type": "" + }, + { + "AID": "A0000001166010", + "Vendor": "GSA - TFCS", + "Country": "United States", + "Name": "PIV Fingerprints", + "Description": "Fingerprints", + "Type": "" + }, + { + "AID": "A0000001166030", + "Vendor": "GSA - TFCS", + "Country": "United States", + "Name": "PIV Facial Image", + "Description": "Facial Image", + "Type": "" + }, + { + "AID": "A0000001169000", + "Vendor": "GSA - TFCS", + "Country": "United States", + "Name": "PIV Security Object", + "Description": "Security Object", + "Type": "" + }, + { + "AID": "A000000116A001", + "Vendor": "GSA - TFCS", + "Country": "United States", + "Name": "PIV Authentication Key", + "Description": "PIV Authentication Key", + "Type": "" + }, + { + "AID": "A000000116DB00", + "Vendor": "GSA - TFCS", + "Country": "United States", + "Name": "CCC", + "Description": "Card Capability Container", + "Type": "" + }, + { + "AID": "A000000118010000", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_Verkehr", + "Description": "Domestic Loyalty Program (Version 1.3)", + "Type": "" + }, + { + "AID": "A000000118020000", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_Partner", + "Description": "Domestic Loyalty Program (Version 1.3)", + "Type": "" + }, + { + "AID": "A000000118030000", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_Schlerdaten", + "Description": "Domestic Loyalty Program (Version 1.3)", + "Type": "" + }, + { + "AID": "A000000118040000", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_KEP_SIG", + "Description": "Domestic Loyalty Program (Version 1.32)", + "Type": "" + }, + { + "AID": "A0000001184543", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "Digital Signature (SSCA)", + "Description": "Digital Signature Application", + "Type": "" + }, + { + "AID": "A000000118454E", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "Encryption Application", + "Description": "Encryption Application (Version 1.10)", + "Type": "" + }, + { + "AID": "A0000001211010", + "Vendor": "PBS Danmark A/S", + "Country": "Denmark", + "Name": "Dankort (VISA GEM Vision)", + "Description": "Danish domestic debit card", + "Type": "EMV" + }, + { + "AID": "A0000001320001", + "Vendor": "Java Card Forum", + "Country": "United States", + "Name": "org.javacardforum.javacard.biometry", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001408001", + "Vendor": "TDS TODOS DATA SYSTEM AB", + "Country": "Sweden", + "Name": "eCode", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001410001", + "Vendor": "Associazione Bancaria Italiana", + "Country": "Italy", + "Name": "PagoBANCOMAT", + "Description": "CoGeBan Consorzio BANCOMAT (Italian domestic debit card)", + "Type": "EMV" + }, + { + "AID": "A0000001510000", + "Vendor": "GlobalPlatform, Inc.", + "Country": "United States", + "Name": "Global Platform Security Domain AID", + "Description": "GP Card Manager", + "Type": "GP" + }, + { + "AID": "A00000015153504341534400", + "Vendor": "GlobalPlatform, Inc.", + "Country": "United States", + "Name": "CASD_AID", + "Description": "SPCASD", + "Type": "GP" + }, + { + "AID": "A0000001523010", + "Vendor": "Diners Club International Ltd.", + "Country": "United States", + "Name": "Discover, Pulse D Pas", + "Description": "Discover Card", + "Type": "EMV" + }, + { + "AID": "A0000001524010", + "Vendor": "Diners Club International Ltd.", + "Country": "United States", + "Name": "Discover", + "Description": "Discover Debit Common Card", + "Type": "EMV" + }, + { + "AID": "A0000001544442", + "Vendor": "Banrisul - Banco do Estado do Rio Grande do SUL - S.A.", + "Country": "Brazil", + "Name": "Banricompras Debito", + "Description": "Banrisul (Brazil)", + "Type": "EMV" + }, + { + "AID": "A0000001570010", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "AMEX", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570020", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "MasterCard", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570021", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Maestro", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570022", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Maestro", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570023", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "CASH", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570030", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "VISA", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570031", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "VISA", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570040", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "JCB", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570050", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Postcard", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570051", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Postcard", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570100", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "MCard", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570104", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "MyOne", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001570109", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Mediamarkt Card", + "Description": "", + "Type": "" + }, + { + "AID": "A000000157010A", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Gift Card", + "Description": "", + "Type": "" + }, + { + "AID": "A000000157010B", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Bonuscard", + "Description": "", + "Type": "" + }, + { + "AID": "A000000157010C", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "WIRCard", + "Description": "", + "Type": "" + }, + { + "AID": "A000000157010D", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Power Card", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001574443", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "DINERS CLUB", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001574444", + "Vendor": "Zhlke Engineering AG", + "Country": "Switzerland", + "Name": "Supercard Plus", + "Description": "", + "Type": "" + }, + { + "AID": "A000000167413000FF", + "Vendor": "IBM", + "Country": "Germany", + "Name": "JCOP Identify Applet", + "Description": "identify in JCOP-tools returns eg 27 34 01 2E 00 00 00 00 4E 58 37 35 31 41 00 03 28 62 B3 6A 82", + "Type": "JCOP" + }, + { + "AID": "A000000167413001", + "Vendor": "IBM", + "Country": "Germany", + "Name": "FIPS 140-2", + "Description": "", + "Type": "" + }, + { + "AID": "A000000172950001", + "Vendor": "Financial Information Service Co. Ltd.", + "Country": "Taiwan", + "Name": "BAROC Financial Application Taiwan", + "Description": "The Bankers Association of the Republic of China", + "Type": "EMV" + }, + { + "AID": "A000000177504B43532D3135", + "Vendor": "Ministre de L'Intrieur", + "Country": "Belgium", + "Name": "BelPIC (Belgian Personal Identity Card)", + "Description": "", + "Type": "" + }, + { + "AID": "A0000001850002", + "Vendor": "Post Office Limited", + "Country": "United Kingdom", + "Name": "UK Post Office Account card", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000001884443", + "Vendor": "Diners Club Switzerland Ltd", + "Country": "Switzerland", + "Name": "DINERS CLUB", + "Description": "", + "Type": "" + }, + { + "AID": "A0000002040000", + "Vendor": "Association for Payment Clearing Services", + "Country": "United Kingdom", + "Name": "", + "Description": "", + "Type": "" + }, + { + "AID": "A0000002281010", + "Vendor": "Saudi Arabian Monetary Agency (SAMA)", + "Country": "Kingdom of Saudi Arabia", + "Name": "SPAN (M/Chip)", + "Description": "SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)", + "Type": "EMV" + }, + { + "AID": "A0000002282010", + "Vendor": "Saudi Arabian Monetary Agency (SAMA)", + "Country": "Kingdom of Saudi Arabia", + "Name": "SPAN (VIS)", + "Description": "SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)", + "Type": "EMV" + }, + { + "AID": "A00000022820101010", + "Vendor": "Saudi Arabian Monetary Agency (SAMA)", + "Country": "Kingdom of Saudi Arabia", + "Name": "SPAN", + "Description": "SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)", + "Type": "" + }, + { + "AID": "A0000002471001", + "Vendor": "ISO JTC1/SC17/WG3", + "Country": "United Kingdom", + "Name": "Machine Readable Travel Documents (MRTD)", + "Description": "Electronic (Biometric) Passport. Issuer stored data application (The last three digits of the PIX shall be used to denote future version levels.)", + "Type": "MRTD" + }, + { + "AID": "A0000002472001", + "Vendor": "ISO JTC1/SC17/WG3", + "Country": "United Kingdom", + "Name": "Machine Readable Travel Documents (MRTD)", + "Description": "Electronic (Biometric) Passport. Application for hashes, digital signature, and certificate (The last three digits of the PIX shall be used to denote future version levels.)", + "Type": "MRTD" + }, + { + "AID": "A0000002771010", + "Vendor": "Interac Association", + "Country": "Canada", + "Name": "INTERAC", + "Description": "Canadian domestic credit/debit card", + "Type": "EMV" + }, + { + "AID": "A00000030600000000000000", + "Vendor": "PS/SC Workgroup", + "Country": "United States", + "Name": "PC/SC Initial access data AID", + "Description": "Possibly not an application...", + "Type": "" + }, + { + "AID": "A000000308000010000100", + "Vendor": "National Institute of Standards and Technology", + "Country": "United States", + "Name": "Personal Identity Verification (PIV) / ID-ONE PIV BIO", + "Description": "PIV End Point Applet. Last 2 bytes designate version", + "Type": "" + }, + { + "AID": "A00000031510100528", + "Vendor": "Currence Holding/PIN BV", + "Country": "The Netherlands", + "Name": "Currence PuC", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A0000003156020", + "Vendor": "Currence Holding/PIN BV", + "Country": "The Netherlands", + "Name": "Chipknip", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A00000032301", + "Vendor": "Identity Alliance", + "Country": "United States", + "Name": "MUSCLE Applet Package", + "Description": "http://osdir.com/ml/lib.muscle/2005-12/msg00066.html", + "Type": "" + }, + { + "AID": "A0000003230101", + "Vendor": "Identity Alliance", + "Country": "United States", + "Name": "MUSCLE Applet Instance", + "Description": "http://osdir.com/ml/lib.muscle/2005-12/msg00066.html", + "Type": "" + }, + { + "AID": "A0000003241010", + "Vendor": "Discover Financial Services LLC", + "Country": "United States", + "Name": "Discover Expresspay (ZIP)", + "Description": "", + "Type": "" + }, + { + "AID": "A000000333010101", + "Vendor": "China Unionpay Co. Ltd", + "Country": "China", + "Name": "UnionPay Debit", + "Description": "", + "Type": "" + }, + { + "AID": "A000000333010102", + "Vendor": "China Unionpay Co. Ltd", + "Country": "China", + "Name": "UnionPay Credit", + "Description": "", + "Type": "" + }, + { + "AID": "A000000333010103", + "Vendor": "China Unionpay Co. Ltd", + "Country": "China", + "Name": "UnionPay Quasi Credit", + "Description": "", + "Type": "" + }, + { + "AID": "A000000333010106", + "Vendor": "China Unionpay Co. Ltd", + "Country": "China", + "Name": "UnionPay Electronic Cash", + "Description": "", + "Type": "" + }, + { + "AID": "A000000333010108", + "Vendor": "China Unionpay Co. Ltd", + "Country": "China", + "Name": "U.S. UnionPay Common Debit AID", + "Description": "", + "Type": "" + }, + { + "AID": "A000000337301000", + "Vendor": "Groupment Interbancaire Montique de l' UEMOA", + "Country": "Senegal", + "Name": "Retrait", + "Description": "", + "Type": "" + }, + { + "AID": "A000000337101000", + "Vendor": "Groupment Interbancaire Montique de l' UEMOA", + "Country": "Senegal", + "Name": "Standard", + "Description": "", + "Type": "" + }, + { + "AID": "A000000337102000", + "Vendor": "Groupment Interbancaire Montique de l' UEMOA", + "Country": "Senegal", + "Name": "Classic", + "Description": "", + "Type": "" + }, + { + "AID": "A000000337101001", + "Vendor": "Groupment Interbancaire Montique de l' UEMOA", + "Country": "Senegal", + "Name": "Prepaye Online", + "Description": "", + "Type": "" + }, + { + "AID": "A000000337102001", + "Vendor": "Groupment Interbancaire Montique de l' UEMOA", + "Country": "Senegal", + "Name": "Prepaye Possibile Offiline", + "Description": "", + "Type": "" + }, + { + "AID": "A000000337601001", + "Vendor": "Groupment Interbancaire Montique de l' UEMOA", + "Country": "Senegal", + "Name": "Porte Monnaie Electronique", + "Description": "", + "Type": "" + }, + { + "AID": "A0000003591010", + "Vendor": "Euro Alliance of Payment Schemes s.c.r.l. - EAPS", + "Country": "Belgium", + "Name": "", + "Description": "Unknown", + "Type": "" + }, + { + "AID": "A0000003591010028001", + "Vendor": "Euro Alliance of Payment Schemes s.c.r.l. - EAPS", + "Country": "Belgium", + "Name": "Girocard EAPS", + "Description": "ZKA (Germany)", + "Type": "EMV" + }, + { + "AID": "A00000035910100380", + "Vendor": "Euro Alliance of Payment Schemes s.c.r.l. - EAPS", + "Country": "Belgium", + "Name": "", + "Description": "PagoBANCOMAT", + "Type": "" + }, + { + "AID": "A0000003660001", + "Vendor": "Poste Italiane S.P.A", + "Country": "Italy", + "Name": "Postamat", + "Description": "", + "Type": "" + }, + { + "AID": "A0000003660002", + "Vendor": "Poste Italiane S.P.A", + "Country": "Italy", + "Name": "Postamat VISA", + "Description": "", + "Type": "" + }, + { + "AID": "A0000003710001", + "Vendor": "Verve", + "Country": "Nigeria", + "Name": "InterSwitch Verve Card", + "Description": "Nigerian local switch company", + "Type": "EMV" + }, + { + "AID": "A00000038410", + "Vendor": "eftpos, Australian Payments Clearing Association Ltd", + "Country": "Australia", + "Name": "Savings (debit card)", + "Description": "", + "Type": "" + }, + { + "AID": "A00000038420", + "Vendor": "eftpos, Australian Payments Clearing Association Ltd", + "Country": "Australia", + "Name": "Cheque (debit card)", + "Description": "", + "Type": "" + }, + { + "AID": "A0000003964D66344D0002", + "Vendor": "NXP Semiconductors Germany GmbH", + "Country": "Germany", + "Name": "MIFARE4MOBILE", + "Description": "NXP Mf4M", + "Type": "" + }, + { + "AID": "A00000039742544659", + "Vendor": "Microsoft Corporation", + "Country": "United States", + "Name": "Microsoft IDMP AID", + "Description": "Identity Device With Microsoft Generic Profile application. 2 bytes can be added at the end. This byte must be set to the IDMP specification revision number which is currently 0x01. The second byte (yy) is reserved for use by the card application.", + "Type": "" + }, + { + "AID": "A0000003974349445F0100", + "Vendor": "Microsoft Corporation", + "Country": "United States", + "Name": "Microsoft PNP AID", + "Description": "MS Plug and Play", + "Type": "" + }, + { + "AID": "A0000004271010", + "Vendor": "Unibanco (Hipercard)", + "Country": "Brazil", + "Name": "Hiperchip", + "Description": "", + "Type": "" + }, + { + "AID": "A0000004320001", + "Vendor": "PRO100", + "Country": "Russia", + "Name": "Universal Electronic Card", + "Description": "", + "Type": "" + }, + { + "AID": "A0000004360100", + "Vendor": "Edenred", + "Country": "Belgium", + "Name": "Ticket Restaurant", + "Description": "", + "Type": "" + }, + { + "AID": "A0000004391010", + "Vendor": "ACCEL/Exchange", + "Country": "United States", + "Name": "Exchange ATM card", + "Description": "The Exchange Network ATM Network", + "Type": "" + }, + { + "AID": "A0000004540010", + "Vendor": "eTranzact", + "Country": "Nigeria", + "Name": "Etranzact Genesis Card", + "Description": "Nigerian local switch company", + "Type": "EMV" + }, + { + "AID": "A0000004540011", + "Vendor": "eTranzact", + "Country": "Nigeria", + "Name": "Etranzact Genesis Card 2", + "Description": "Nigerian local switch company", + "Type": "EMV" + }, + { + "AID": "A0000004762010", + "Vendor": "Google", + "Country": "United States", + "Name": "GOOGLE_CONTROLLER_AID", + "Description": "GOOGLE_LOCKET_AID", + "Type": "" + }, + { + "AID": "A0000004763030", + "Vendor": "Google", + "Country": "United States", + "Name": "GOOGLE_MIFARE_MANAGER_AID", + "Description": "", + "Type": "" + }, + { + "AID": "A0000004766C", + "Vendor": "Google", + "Country": "United States", + "Name": "GOOGLE_PAYMENT_AID", + "Description": "", + "Type": "EMV" + }, + { + "AID": "A000000476A010", + "Vendor": "Google", + "Country": "United States", + "Name": "GSD_MANAGER_AID", + "Description": "", + "Type": "GP" + }, + { + "AID": "A000000476A110", + "Vendor": "Google", + "Country": "United States", + "Name": "GSD_MANAGER_AID", + "Description": "", + "Type": "GP" + }, + { + "AID": "A000000485", + "Vendor": "JVL Ventures, LLC (Softcard)", + "Country": "United States", + "Name": "Softcard SmartTap", + "Description": "", + "Type": "" + }, + { + "AID": "A0000005241010", + "Vendor": "RuPay", + "Country": "India", + "Name": "RuPay", + "Description": "RuPay (India)", + "Type": "EMV" + }, + { + "AID": "A0000005271002", + "Vendor": "Yubico", + "Country": "Sweden", + "Name": "Yubikey NEO U2F Demo applet", + "Description": "Universal 2-Factor Proof-of-concept/Demo", + "Type": "YKNEO" + }, + { + "AID": "A000000527200101", + "Vendor": "Yubico", + "Country": "Sweden", + "Name": "Yubikey NEO Yubikey2 applet interface", + "Description": "Javacard Applet AID", + "Type": "YKNEO" + }, + { + "AID": "A000000527210101", + "Vendor": "Yubico", + "Country": "Sweden", + "Name": "Yubikey NEO OATH Applet", + "Description": "Javacard Applet AID", + "Type": "YKNEO" + }, + { + "AID": "A0000005591010FFFFFFFF8900000100", + "Vendor": "GSMA (GSM Association)", + "Country": "United Kingdom", + "Name": "ISD-R Application. Used as TAR.", + "Description": "", + "Type": "" + }, + { + "AID": "A0000005591010FFFFFFFF8900000200", + "Vendor": "GSMA (GSM Association)", + "Country": "United Kingdom", + "Name": "ECASD Application. Used as TAR.", + "Description": "", + "Type": "" + }, + { + "AID": "A0000005591010FFFFFFFF8900000D00", + "Vendor": "GSMA (GSM Association)", + "Country": "United Kingdom", + "Name": "ISD-P Executable Load File.", + "Description": "", + "Type": "" + }, + { + "AID": "A0000005591010FFFFFFFF8900000E00", + "Vendor": "GSMA (GSM Association)", + "Country": "United Kingdom", + "Name": "ISD-P Executable Module.", + "Description": "", + "Type": "" + }, + { + "AID": "A0000005591010FFFFFFFF8900000F00", + "Vendor": "GSMA (GSM Association)", + "Country": "United Kingdom", + "Name": "Reserved value for the Profile's ISD-P", + "Description": "", + "Type": "" + }, + { + "AID": "A0000005591010FFFFFFFF8900001000", + "Vendor": "GSMA (GSM Association)", + "Country": "United Kingdom", + "Name": "ISD-P Application ('1010FFFFFFFF89000010' to '1010FFFFFFFF8900FFFF'. Used as TAR. The value is allocated during the 'Profile Download and Installation procedure'", + "Description": "", + "Type": "" + }, + { + "AID": "A00000061700", + "Vendor": "Fidesmo", + "Country": "Sweden", + "Name": "Fidesmo javacard", + "Description": "", + "Type": "" + }, + { + "AID": "A0000006200620", + "Vendor": "Debit Network Alliance (DNA)", + "Country": "United States", + "Name": "Debit Network Alliance (DNA)", + "Description": "Common U.S. Debit", + "Type": "" + }, + { + "AID": "A0000006581010", + "Vendor": "MIR", + "Country": "Russia", + "Name": "MIR Credit", + "Description": "", + "Type": "" + }, + { + "AID": "A0000006581011", + "Vendor": "MIR", + "Country": "Russia", + "Name": "MIR Credit", + "Description": "", + "Type": "" + }, + { + "AID": "A0000006582010", + "Vendor": "MIR", + "Country": "Russia", + "Name": "MIR Debit", + "Description": "", + "Type": "" + }, + { + "AID": "A0000006723010", + "Vendor": "TROY", + "Country": "Turkey", + "Name": "TROY chip credit card", + "Description": "Turkey's Payment Method", + "Type": "EMV" + }, + { + "AID": "A0000006723020", + "Vendor": "TROY", + "Country": "Turkey", + "Name": "TROY chip debit card", + "Description": "Turkey's Payment Method", + "Type": "EMV" + }, + { + "AID": "A0000007705850", + "Vendor": "Indian Oil Corporation Limited", + "Country": "India", + "Name": "XTRAPOWER Fleet Card Program", + "Description": "Indian Oil's Pre Paid Program", + "Type": "EMV" + }, + { + "AID": "A0000007790000", + "Vendor": "Zimswitch", + "Country": "Zimbabwe", + "Name": "", + "Description": "", + "Type": "" + }, + { + "AID": "B012345678", + "Vendor": "MasterCard International", + "Country": "United States", + "Name": "Maestro TEST", + "Description": "Used for development", + "Type": "EMV" + }, + { + "AID": "D040000001000002", + "Vendor": "Paylife", + "Country": "Austria", + "Name": "Paylife Quick (IEP). Preloaded Electronic Purse", + "Description": "Domestic Payment System (Version 2.1)", + "Type": "" + }, + { + "AID": "D040000002000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "RFU", + "Description": "Domestic Payment System (Version 2.1)", + "Type": "" + }, + { + "AID": "D040000003000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "POS", + "Description": "Domestic Payment System (Version 2.1)", + "Type": "" + }, + { + "AID": "D040000004000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "ATM", + "Description": "Domestic Payment System (Version 2.1)", + "Type": "" + }, + { + "AID": "D04000000B000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "Retail", + "Description": "Domestic Loyalty Program (Version 2.1)", + "Type": "" + }, + { + "AID": "D04000000C000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "Bank_Data", + "Description": "Domestic Loyalty Program (Version 2.1)", + "Type": "" + }, + { + "AID": "D04000000D000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "Shopping", + "Description": "Domestic Loyalty Program (Version 2.1)", + "Type": "" + }, + { + "AID": "D040000013000001", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_UNI_Kepler1", + "Description": "Domestic Loyalty Program (Version 2.0)", + "Type": "" + }, + { + "AID": "D040000013000001", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_Schler1", + "Description": "Domestic Loyalty Program (Version 1.3)", + "Type": "" + }, + { + "AID": "D040000013000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_UNI_Kepler2", + "Description": "Domestic Loyalty Program (Version 2.0)", + "Type": "" + }, + { + "AID": "D040000013000002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_Schler2", + "Description": "Domestic Loyalty Program (Version 1.3)", + "Type": "" + }, + { + "AID": "D040000014000001", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_Mensa", + "Description": "Domestic Loyalty Program (Version 2.0)", + "Type": "" + }, + { + "AID": "D040000015000001", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_UNI_Ausweis", + "Description": "Domestic Loyalty Program (Version 2.0)", + "Type": "" + }, + { + "AID": "D040000015000001", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "DF_Ausweis", + "Description": "Domestic Loyalty Program (Version 1.3)", + "Type": "" + }, + { + "AID": "D0400000190001", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "EMV ATM Maestro", + "Description": "Domestic EMV Application (Version 2.1)", + "Type": "" + }, + { + "AID": "D0400000190002", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "EMV POS Maestro", + "Description": "Domestic EMV Application (Version 2.1)", + "Type": "" + }, + { + "AID": "D0400000190003", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "EMV ATM MasterCard", + "Description": "Domestic EMV Application (Version 2.1)", + "Type": "" + }, + { + "AID": "D0400000190004", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "EMV POS MasterCard", + "Description": "Domestic EMV Application (Version 2.1)", + "Type": "" + }, + { + "AID": "D0400000190010", + "Vendor": "Austria Card", + "Country": "Austria", + "Name": "Digital ID", + "Description": "Domestic Payment System (Version 2.1)", + "Type": "" + }, + { + "AID": "D268000001", + "Vendor": "Ministry of Finance of Georgia", + "Country": "Georgia", + "Name": "Fiscal module application", + "Description": "Georgia Revenue Service application for fiscal cash registers", + "Type": "" + }, + { + "AID": "D276000005", + "Vendor": "Giesecke&Devrient", + "Country": "Germany", + "Name": "", + "Description": "Giesecke & Devrient", + "Type": "" + }, + { + "AID": "D276000005AA040360010410", + "Vendor": "Giesecke&Devrient", + "Country": "Germany", + "Name": "G D App Nokia 6212", + "Description": "", + "Type": "" + }, + { + "AID": "D276000005AA0503E00401", + "Vendor": "Giesecke&Devrient", + "Country": "Germany", + "Name": "G D App Nokia 6212", + "Description": "", + "Type": "" + }, + { + "AID": "D276000005AA0503E00501", + "Vendor": "Giesecke&Devrient", + "Country": "Germany", + "Name": "G D App Nokia 6212", + "Description": "", + "Type": "" + }, + { + "AID": "D276000005AA0503E0050101", + "Vendor": "Giesecke&Devrient", + "Country": "Germany", + "Name": "G D App Nokia 6212", + "Description": "", + "Type": "" + }, + { + "AID": "D276000005AB0503E0040101", + "Vendor": "Giesecke&Devrient", + "Country": "Germany", + "Name": "G D App Nokia 6212", + "Description": "", + "Type": "" + }, + { + "AID": "D27600002200000001", + "Vendor": "IBM Laboratories", + "Country": "Germany", + "Name": "SCT LOYALTY", + "Description": "IBM Test card from the book 'Smart Card Application Development Using Java'", + "Type": "" + }, + { + "AID": "D27600002200000002", + "Vendor": "IBM Laboratories", + "Country": "Germany", + "Name": "BUSINESS CARD", + "Description": "IBM Test card from the book 'Smart Card Application Development Using Java'", + "Type": "" + }, + { + "AID": "D27600002200000060", + "Vendor": "IBM Laboratories", + "Country": "Germany", + "Name": "PKCS#11 Token", + "Description": "IBM Test card from the book 'Smart Card Application Development Using Java'", + "Type": "" + }, + { + "AID": "D276000025", + "Vendor": "ZKA", + "Country": "Germany", + "Name": "Girocard", + "Description": "Girocard (Geldkarte) in Germany", + "Type": "" + }, + { + "AID": "D27600002545410100", + "Vendor": "ZKA", + "Country": "Germany", + "Name": "", + "Description": "Unknown", + "Type": "" + }, + { + "AID": "D27600002545500100", + "Vendor": "ZKA", + "Country": "Germany", + "Name": "Girocard", + "Description": "ZKA Girocard (Geldkarte) (Germany)", + "Type": "EMV" + }, + { + "AID": "D27600002547410100", + "Vendor": "ZKA", + "Country": "Germany", + "Name": "Girocard ATM", + "Description": "", + "Type": "" + }, + { + "AID": "D276000060", + "Vendor": "Wolfgang Rankl", + "Country": "Germany", + "Name": "", + "Description": "", + "Type": "" + }, + { + "AID": "D2760000850100", + "Vendor": "NXP Semiconductors / NFC Forum", + "Country": "Germany", + "Name": "NDEF Tag Application / Mifare DESFire Tag Application", + "Description": "NFC Forum Type 4 Tag", + "Type": "" + }, + { + "AID": "D2760000850101", + "Vendor": "NXP Semiconductors / NFC Forum", + "Country": "Germany", + "Name": "NDEF Tag Application", + "Description": "NFC Tag type 4 tag", + "Type": "" + }, + { + "AID": "D276000118", + "Vendor": "Giesecke&Devrient Java Card Telecommunikation", + "Country": "Germany", + "Name": "", + "Description": "", + "Type": "" + }, + { + "AID": "D2760001180101", + "Vendor": "Giesecke&Devrient Java Card Telecommunikation", + "Country": "Germany", + "Name": "Giesecke &", + "Description": "Devrient Test Applet", + "Type": "" + }, + { + "AID": "D27600012401", + "Vendor": "fsfEurope", + "Country": "Germany", + "Name": "OpenPGP Card", + "Description": "For selection when not knowing the exact full AID", + "Type": "OpenPGP" + }, + { + "AID": "D276000124010101FFFF000000010000", + "Vendor": "fsfEurope", + "Country": "Germany", + "Name": "OpenPGP Card", + "Description": "Version 1", + "Type": "OpenPGP" + }, + { + "AID": "D2760001240102000000000000010000", + "Vendor": "fsfEurope", + "Country": "Germany", + "Name": "OpenPGP Card", + "Description": "Version 2", + "Type": "OpenPGP" + }, + { + "AID": "D27600012402", + "Vendor": "fsfEurope", + "Country": "Germany", + "Name": "SmartChess", + "Description": "http://smartchess.de/englisch/SmartChess_1.0.pdf", + "Type": "SmartChess" + }, + { + "AID": "D2760001240200010000000000000000", + "Vendor": "fsfEurope", + "Country": "Germany", + "Name": "SmartChess", + "Description": "http://smartchess.de/englisch/SmartChess_1.0.pdf", + "Type": "SmartChess" + }, + { + "AID": "D4100000011010", + "Vendor": "", + "Country": "Republic of Korea", + "Name": "", + "Description": "", + "Type": "" + }, + { + "AID": "D5280050218002", + "Vendor": "", + "Country": "The Netherlands", + "Name": "", + "Description": "(Netherlands)", + "Type": "EMV" + }, + { + "AID": "D5780000021010", + "Vendor": "Bankaxept", + "Country": "Norway", + "Name": "Bankaxept", + "Description": "Norwegian domestic debit card", + "Type": "EMV" + }, + { + "AID": "D7560000010101", + "Vendor": "Swiss Travel Fund (Reka)", + "Country": "Switzerland", + "Name": "Reka Card", + "Description": "prepaid functional debit card", + "Type": "" + }, + { + "AID": "D7560000300101", + "Vendor": "Migros (FCM, GE Money Bank and MasterCard)", + "Country": "Switzerland", + "Name": "M Budget", + "Description": "", + "Type": "" + }, + { + "AID": "E80704007F00070302", + "Vendor": "", + "Country": "", + "Name": "nPA", + "Description": "German eID", + "Type": "" + }, + { + "AID": "E82881C11702", + "Vendor": "", + "Country": "", + "Name": "AlphaCard application", + "Description": "", + "Type": "" + }, + { + "AID": "E828BD080F", + "Vendor": "", + "Country": "", + "Name": "ISO-7816-15 EF.DIR", + "Description": "Iso adoption of PKCS-15", + "Type": "" + }, + { + "AID": "F0000000030001", + "Vendor": "", + "Country": "", + "Name": "BRADESCO", + "Description": "Brazilian Bank Banco Bradesco", + "Type": "EMV" + }, + { + "AID": "7465736C6153746F7265303032", + "Vendor": "Tesla", + "Country": "", + "Name": "teslaStore002", + "Description": "Tesla car key", + "Type": "Tesla" + }, + { + "AID": "7465736C614C6F67696330303201", + "Vendor": "Tesla", + "Country": "", + "Name": "teslaLogic002", + "Description": "Tesla car key", + "Type": "Tesla" + }, + { + "AID": "7465736C61", + "Vendor": "Tesla", + "Country": "", + "Name": "tesla", + "Description": "Tesla car key generic AID", + "Type": "Tesla" + } +] \ No newline at end of file diff --git a/client/scripting.c b/client/scripting.c index 43bcbd9c7..45451b241 100644 --- a/client/scripting.c +++ b/client/scripting.c @@ -304,6 +304,61 @@ static int l_GetFromFlashMem(lua_State *L) { } +/** + * @brief The following params expected: + * uint8_t *destfilename + * @param L + * @return + */ +static int l_GetFromFlashMemSpiffs(lua_State *L) { + + if (IfPm3Flash()) { + uint32_t start_index = 0, len = 0x40000; //FLASH_MEM_MAX_SIZE + char destfilename[32] = {0}; + size_t size; + + int n = lua_gettop(L); + if (n == 0) + return returnToLuaWithError(L, "You need to supply the destination filename"); + + if (n >= 1) { + const char *p_filename = luaL_checklstring(L, 1, &size); + if (size != 0) + memcpy(destfilename, p_filename, 31); + } + + if (destfilename[0] == '\0') + return returnToLuaWithError(L, "Filename missing or invalid"); + + // get size from spiffs itself ! + SendCommandMIX(CMD_SPIFFS_STAT, 0, 0, 0, (uint8_t *)destfilename, 32); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) + return returnToLuaWithError(L, "No response from the device"); + + len = resp.oldarg[0]; + + if (len <= 0) + return returnToLuaWithError(L, "Filename invalid or empty"); + + uint8_t *data = calloc(len, sizeof(uint8_t)); + if (!data) + return returnToLuaWithError(L, "Allocating memory failed"); + + if (!GetFromDevice(SPIFFS, data, len, start_index, (uint8_t *)destfilename, 32, NULL, -1, true)) { + free(data); + return returnToLuaWithError(L, "ERROR; downloading from spiffs(flashmemory)"); + } + + lua_pushlstring(L, (const char *)data, len); + lua_pushunsigned(L, len); + free(data); + return 2; + } else { + return returnToLuaWithError(L, "No FLASH MEM support"); + } +} + /** * @brief The following params expected: * uint32_t cmd @@ -1128,6 +1183,7 @@ int set_pm3_libraries(lua_State *L) { {"SendCommandNG", l_SendCommandNG}, {"GetFromBigBuf", l_GetFromBigBuf}, {"GetFromFlashMem", l_GetFromFlashMem}, + {"GetFromFlashMemSpiffs", l_GetFromFlashMemSpiffs}, {"WaitForResponseTimeout", l_WaitForResponseTimeout}, {"mfDarkside", l_mfDarkside}, {"foobar", l_foobar}, diff --git a/doc/md/Installation_Instructions/Windows-Installation-Instructions.md b/doc/md/Installation_Instructions/Windows-Installation-Instructions.md index d77a2dfae..9d94490f5 100644 --- a/doc/md/Installation_Instructions/Windows-Installation-Instructions.md +++ b/doc/md/Installation_Instructions/Windows-Installation-Instructions.md @@ -52,11 +52,7 @@ pacman -S mingw-w64-x86_64-astyle ## Compile and use the project -To use the compiled client, the only differences are that executables end with `.exe` (e.g. `proxmark3.exe`) and that the Proxmark3 port is one of your `comX` ports where "X" is the com port number assigned to proxmark3 under Windows, so commands become: - -```sh -proxmark3 /dev/ttyACM0 => proxmark3.exe comX -``` +To use the compiled client, the only differences are that executables end with `.exe` (e.g. `proxmark3.exe`) and that the Proxmark3 port is one of your `comX` ports where "X" is the com port number assigned to proxmark3 under Windows, so commands like `proxmark3 /dev/ttyACMX` become `proxmark3.exe comX`. Now you're ready to follow the [compilation instructions](/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md). diff --git a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md index 977af704c..3b0599de5 100644 --- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md +++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md @@ -48,6 +48,7 @@ Known issues: * 256kb Arm chip devices: The compiled firmware image from this repo may/will be too large for your device. * PM3 Evo: it has a different led/button pin assignment. It tends to be messed up. +* Proxmark Pro: it has different fpga and unknown pin assignments. Will most certainly mess up ## PLATFORM_EXTRAS diff --git a/include/mifare.h b/include/mifare.h index 4a65357e5..e278b3794 100644 --- a/include/mifare.h +++ b/include/mifare.h @@ -205,6 +205,21 @@ typedef struct { felica_status_flags_t status_flags; } PACKED felica_status_response_t; +typedef struct { + felica_frame_response_t frame_response; + uint8_t number_of_systems[1]; + uint8_t system_code_list[32]; +} PACKED felica_syscode_response_t; + +typedef struct { + felica_frame_response_t frame_response; + felica_status_flags_t status_flags; + uint8_t format_version[1]; + uint8_t basic_version[2]; + uint8_t number_of_option[1]; + uint8_t option_version_list[4]; +} PACKED felica_request_spec_response_t; + typedef enum FELICA_COMMAND { FELICA_CONNECT = (1 << 0), FELICA_NO_DISCONNECT = (1 << 1), diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index 544d5e5c2..0f7212600 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -507,6 +507,9 @@ typedef struct { #define CMD_HF_MIFARE_NACK_DETECT 0x0730 +// MFU OTP TearOff +#define CMD_HF_MFU_OTP_TEAROFF 0x0740 + #define CMD_HF_SNIFF 0x0800 // For ThinFilm Kovio