From d92c8f1bff9f33487b02d04add7cb05ecabc48df Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Fri, 6 Aug 2021 20:27:04 +0300 Subject: [PATCH] iso mac calculation --- client/src/mifare/desfirecore.c | 5 +-- client/src/mifare/desfiresecurechan.c | 44 +++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 8 deletions(-) diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index 54b486642..6411071d3 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -677,11 +677,12 @@ static int DesfireExchangeISONative(bool activate_field, DesfireContext *ctx, ui } static int DesfireExchangeISO(bool activate_field, DesfireContext *ctx, sAPDU apdu, uint16_t le, uint8_t *resp, size_t *resplen, uint16_t *sw) { + uint8_t r[1050] = {0}; uint32_t rlen = 0; - int res = DESFIRESendApduEx(activate_field, apdu, le, resp, 255, &rlen, sw); + int res = DESFIRESendApduEx(activate_field, apdu, le, r, 255, &rlen, sw); if (res == PM3_SUCCESS) - *resplen = rlen; + DesfireSecureChannelDecode(ctx, r, rlen, 0, resp, resplen); return res; } diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c index d5bc141d0..11067d7fb 100644 --- a/client/src/mifare/desfiresecurechan.c +++ b/client/src/mifare/desfiresecurechan.c @@ -471,8 +471,8 @@ static void DesfireSecureChannelDecodeEV1(DesfireContext *ctx, uint8_t *srcdata, DesfireCryptoCMAC(ctx, data, *dstdatalen + 1, cmac); if (memcmp(&srcdata[*dstdatalen], cmac, DesfireGetMACLength(ctx)) != 0) { PrintAndLogEx(WARNING, "Received MAC is not match with calculated"); - PrintAndLogEx(INFO, " received MAC: %s", sprint_hex(&srcdata[*dstdatalen], desfire_get_key_block_length(ctx->keyType))); - PrintAndLogEx(INFO, " calculated MAC: %s", sprint_hex(cmac, desfire_get_key_block_length(ctx->keyType))); + PrintAndLogEx(INFO, " received MAC: %s", sprint_hex(&srcdata[*dstdatalen], DesfireGetMACLength(ctx))); + PrintAndLogEx(INFO, " calculated MAC: %s", sprint_hex(cmac, DesfireGetMACLength(ctx))); } else { if (GetAPDULogging()) PrintAndLogEx(INFO, "Received MAC OK"); @@ -521,8 +521,8 @@ static void DesfireSecureChannelDecodeEV2(DesfireContext *ctx, uint8_t *srcdata, DesfireEV2CalcCMAC(ctx, 0x00, srcdata, *dstdatalen, cmac); if (memcmp(&srcdata[*dstdatalen], cmac, DesfireGetMACLength(ctx)) != 0) { PrintAndLogEx(WARNING, "Received MAC is not match with calculated"); - PrintAndLogEx(INFO, " received MAC: %s", sprint_hex(&srcdata[*dstdatalen], desfire_get_key_block_length(ctx->keyType))); - PrintAndLogEx(INFO, " calculated MAC: %s", sprint_hex(cmac, desfire_get_key_block_length(ctx->keyType))); + PrintAndLogEx(INFO, " received MAC: %s", sprint_hex(&srcdata[*dstdatalen], DesfireGetMACLength(ctx))); + PrintAndLogEx(INFO, " calculated MAC: %s", sprint_hex(cmac, DesfireGetMACLength(ctx))); } else { if (GetAPDULogging()) PrintAndLogEx(INFO, "Received MAC OK"); @@ -538,8 +538,8 @@ static void DesfireSecureChannelDecodeEV2(DesfireContext *ctx, uint8_t *srcdata, DesfireEV2CalcCMAC(ctx, 0x00, srcdata, *dstdatalen, cmac); if (memcmp(&srcdata[*dstdatalen], cmac, DesfireGetMACLength(ctx)) != 0) { PrintAndLogEx(WARNING, "Received MAC is not match with calculated"); - PrintAndLogEx(INFO, " received MAC: %s", sprint_hex(&srcdata[*dstdatalen], desfire_get_key_block_length(ctx->keyType))); - PrintAndLogEx(INFO, " calculated MAC: %s", sprint_hex(cmac, desfire_get_key_block_length(ctx->keyType))); + PrintAndLogEx(INFO, " received MAC: %s", sprint_hex(&srcdata[*dstdatalen], DesfireGetMACLength(ctx))); + PrintAndLogEx(INFO, " calculated MAC: %s", sprint_hex(cmac, DesfireGetMACLength(ctx))); } else { if (GetAPDULogging()) PrintAndLogEx(INFO, "Received MAC OK"); @@ -559,7 +559,39 @@ static void DesfireSecureChannelDecodeEV2(DesfireContext *ctx, uint8_t *srcdata, } } +static void DesfireISODecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) { + memcpy(dstdata, srcdata, srcdatalen); + *dstdatalen = srcdatalen; + uint8_t data[1050] = {0}; + + if (srcdatalen < DesfireGetMACLength(ctx)) + return; + + uint8_t maclen = DesfireGetMACLength(ctx); + if (DesfireIsAuthenticated(ctx)) { + memcpy(data, srcdata, srcdatalen - maclen); + data[*dstdatalen] = 0x00; // respcode + + uint8_t cmac[DESFIRE_MAX_CRYPTO_BLOCK_SIZE] = {0}; + DesfireCryptoCMAC(ctx, data, srcdatalen - maclen + 1, cmac); + if (memcmp(&srcdata[srcdatalen - maclen], cmac, maclen) != 0) { + PrintAndLogEx(WARNING, "Received MAC is not match with calculated"); + PrintAndLogEx(INFO, " received MAC: %s", sprint_hex(&srcdata[srcdatalen - maclen], maclen)); + PrintAndLogEx(INFO, " calculated MAC: %s", sprint_hex(cmac, maclen)); + } else { + *dstdatalen = srcdatalen - maclen; + if (GetAPDULogging()) + PrintAndLogEx(INFO, "Received MAC OK"); + } + } +} + void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) { + if (ctx->cmdSet == DCCISO) { + DesfireISODecode(ctx, srcdata, srcdatalen, dstdata, dstdatalen); + return; + } + switch (ctx->secureChannel) { case DACd40: DesfireSecureChannelDecodeD40(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);