github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-22 22:33:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

emrtd: Join secure and insecure reads

Browse source
This commit is contained in:
Ave 2020-12-14 17:45:53 +03:00
commit eaea632eb3
1 changed files with 157 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

85
client/src/cmdhfemrtd.c
View file

@ -269,7 +269,6 @@ static void retail_mac(uint8_t *key, uint8_t *input, int inputlen, uint8_t *outp
memcpy(output, intermediate_des, 8);
}
static void deskey(uint8_t *seed, const uint8_t *type, int length, uint8_t *dataout) {
PrintAndLogEx(DEBUG, "seed: %s", sprint_hex_inrow(seed, 16));
@ -324,42 +323,6 @@ static int _read_binary(int offset, int bytes_to_read, uint8_t *dataout, int *da
return exchange_commands(cmd, dataout, dataoutlen, false, true, use_14b);
}
static int read_file(uint8_t *dataout, int *dataoutlen, bool use_14b) {
uint8_t response[PM3_CMD_DATA_SIZE];
int resplen = 0;
uint8_t tempresponse[PM3_CMD_DATA_SIZE];
int tempresplen = 0;
if (!_read_binary(0, 4, response, &resplen, use_14b)) {
return false;
}
int datalen = asn1datalength(response, resplen, 1);
int readlen = datalen - (3 - asn1fieldlength(response, resplen, 1));
int offset = 4;
int toread;
while (readlen > 0) {
toread = readlen;
if (readlen > 118) {
toread = 118;
}
if (!_read_binary(offset, toread, tempresponse, &tempresplen, use_14b)) {
return false;
}
memcpy(&response[resplen], &tempresponse, tempresplen);
offset += toread;
readlen -= toread;
resplen += tempresplen;
}
memcpy(dataout, &response, resplen);
*dataoutlen = resplen;
return true;
}
static void bump_ssc(uint8_t *ssc) {
PrintAndLogEx(DEBUG, "ssc-b: %s", sprint_hex_inrow(ssc, 8));
for (int i = 7; i > 0; i--) {
@ -553,21 +516,28 @@ static bool _secure_read_binary_decrypt(uint8_t *kenc, uint8_t *kmac, uint8_t *s
return true;
}
static int secure_read_file(uint8_t *kenc, uint8_t *kmac, uint8_t *ssc, uint8_t *dataout, int *dataoutlen, bool use_14b) {
// TODO: join this with regular read file
uint8_t response[25000];
static int read_file(uint8_t *dataout, int *dataoutlen, uint8_t *kenc, uint8_t *kmac, uint8_t *ssc, bool use_14b) {
uint8_t response[35000];
int resplen = 0;
uint8_t tempresponse[500];
int tempresplen = 0;
int toread = 4;
int offset = 0;
if (!_secure_read_binary_decrypt(kenc, kmac, ssc, 0, 4, response, &resplen, use_14b)) {
if (kenc == NULL) {
if (_read_binary(offset, toread, response, &resplen, use_14b) == false) {
return false;
}
} else {
if (_secure_read_binary_decrypt(kenc, kmac, ssc, offset, toread, response, &resplen, use_14b) == false) {
return false;
}
}
int datalen = asn1datalength(response, resplen, 1);
int readlen = datalen - (3 - asn1fieldlength(response, resplen, 1));
int offset = 4;
int toread;
offset = 4;
while (readlen > 0) {
toread = readlen;
@ -575,9 +545,15 @@ static int secure_read_file(uint8_t *kenc, uint8_t *kmac, uint8_t *ssc, uint8_t
toread = 118;
}
if (!_secure_read_binary_decrypt(kenc, kmac, ssc, offset, toread, tempresponse, &tempresplen, use_14b)) {
if (kenc == NULL) {
if (_read_binary(offset, toread, tempresponse, &tempresplen, use_14b) == false) {
return false;
}
} else {
if (_secure_read_binary_decrypt(kenc, kmac, ssc, offset, toread, tempresponse, &tempresplen, use_14b) == false) {
return false;
}
}
memcpy(response + resplen, tempresponse, tempresplen);
offset += toread;
@ -712,7 +688,7 @@ static bool dump_file(uint8_t *ks_enc, uint8_t *ks_mac, uint8_t *ssc, const char
return false;
}
if (secure_read_file(ks_enc, ks_mac, ssc, response, &resplen, use_14b) == false) {
if (read_file(response, &resplen, ks_enc, ks_mac, ssc, use_14b) == false) {
PrintAndLogEx(ERR, "Failed to read %s.", name);
DropField();
return false;
@ -738,7 +714,7 @@ int dumpHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
uint8_t kenc[50];
uint8_t kmac[50];
int resplen = 0;
// bool BAC = true;
bool BAC = false;
uint8_t S[32];
uint8_t rnd_ifd[8], k_ifd[16];
rng(8, rnd_ifd);
@ -775,7 +751,7 @@ int dumpHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
// Select and read EF_CardAccess
if (select_file(P1_SELECT_BY_EF, EF_CARDACCESS, use_14b)) {
read_file(response, &resplen, use_14b);
read_file(response, &resplen, NULL, NULL, NULL, use_14b);
PrintAndLogEx(INFO, "Read EF_CardAccess, len: %i.", resplen);
PrintAndLogEx(DEBUG, "Contents (may be incomplete over 2k chars): %s", sprint_hex_inrow(response, resplen));
} else {
@ -791,21 +767,23 @@ int dumpHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
// Select EF_COM
if (select_file(P1_SELECT_BY_EF, EF_COM, use_14b) == false) {
// BAC = true;
BAC = true;
PrintAndLogEx(INFO, "Basic Access Control is enforced. Will attempt external authentication.");
} else {
// BAC = false;
BAC = false;
// Select EF_DG1
select_file(P1_SELECT_BY_EF, EF_DG1, use_14b);
if (read_file(response, &resplen, use_14b) == false) {
// BAC = true;
if (read_file(response, &resplen, NULL, NULL, NULL, use_14b) == false) {
BAC = true;
PrintAndLogEx(INFO, "Basic Access Control is enforced. Will attempt external authentication.");
} else {
// BAC = false;
BAC = false;
PrintAndLogEx(INFO, "EF_DG1: %s", sprint_hex(response, resplen));
}
}
if (BAC) {
// TODO: account for the case of no BAC
PrintAndLogEx(DEBUG, "doc: %s", documentnumber);
PrintAndLogEx(DEBUG, "dob: %s", dob);
@ -906,7 +884,7 @@ int dumpHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
return PM3_ESOFT;
}
if (secure_read_file(ks_enc, ks_mac, ssc, response, &resplen, use_14b) == false) {
if (read_file(response, &resplen, ks_enc, ks_mac, ssc, use_14b) == false) {
PrintAndLogEx(ERR, "Failed to read EF_COM.");
DropField();
return PM3_ESOFT;
@ -938,6 +916,7 @@ int dumpHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
}
dump_file(ks_enc, ks_mac, ssc, EF_SOD, "EF_SOD", use_14b);
}
DropField();
return PM3_SUCCESS;