github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 13:00:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #1819 from toucan12/ksx6924

Browse source 
Add initialization command response interpretation on the ksx6924 (Tmoney) card
This commit is contained in:
Iceman 2022-11-24 03:52:43 +01:00 committed by GitHub
commit f3642c1a6e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 197 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

6
client/src/cmdhffido.c
View file

@ -413,7 +413,7 @@ static int CmdHFFidoAuthenticate(const char *cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("a", "apdu", "Show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_lit0("v", "verbose", "Verbose mode"), arg_lit0("v", "verbose", "Verbose mode"),
arg_rem("default mode:", "dont-enforce-user-presence-and-sign"), arg_rem("default mode:", "dont-enforce-user-presence-and-sign"),
arg_lit0("u", "user", "mode: enforce-user-presence-and-sign"), arg_lit0("u", "user", "mode: enforce-user-presence-and-sign"),
@ -675,7 +675,7 @@ static int CmdHFFido2MakeCredential(const char *cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("a", "apdu", "Show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_litn("v", "verbose", 0, 2, "Verbose mode. vv - show full certificates data"), arg_litn("v", "verbose", 0, 2, "Verbose mode. vv - show full certificates data"),
arg_lit0("t", "tlv", "Show DER certificate contents in TLV representation"), arg_lit0("t", "tlv", "Show DER certificate contents in TLV representation"),
arg_lit0("c", "cbor", "Show CBOR decoded data"), arg_lit0("c", "cbor", "Show CBOR decoded data"),
@ -794,7 +794,7 @@ static int CmdHFFido2GetAssertion(const char *cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("a", "apdu", "Show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_litn("v", "verbose", 0, 2, "Verbose mode. vv - show full certificates data"), arg_litn("v", "verbose", 0, 2, "Verbose mode. vv - show full certificates data"),
arg_lit0("c", "cbor", "Show CBOR decoded data"), arg_lit0("c", "cbor", "Show CBOR decoded data"),
arg_lit0("l", "list", "Add CredentialId from json to allowList"), arg_lit0("l", "list", "Add CredentialId from json to allowList"),

50
client/src/cmdhfksx6924.c
View file

@ -69,7 +69,7 @@ static int CmdHFKSX6924Balance(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("k", "keep", "keep field ON for next command"), arg_lit0("k", "keep", "keep field ON for next command"),
arg_lit0("a", "apdu", "show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
@ -102,7 +102,7 @@ static int CmdHFKSX6924Info(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("k", "keep", "keep field ON for next command"), arg_lit0("k", "keep", "keep field ON for next command"),
arg_lit0("a", "apdu", "show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
@ -224,7 +224,7 @@ static int CmdHFKSX6924Select(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("a", "apdu", "show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
@ -245,15 +245,15 @@ static int CmdHFKSX6924Select(const char *Cmd) {
static int CmdHFKSX6924Initialize(const char *Cmd) { static int CmdHFKSX6924Initialize(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "hf ksx6924 initialize", CLIParserInit(&ctx, "hf ksx6924 init",
"Perform transaction initialization (mpda)", "Perform transaction initialization with Mpda (Money of Purchase Transaction)",
"hf ksx6924 initialize 000003e8 -> mpda\n"); "hf ksx6924 init 000003e8 -> Mpda\n");
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("k", "keep", "keep field ON for next command"), arg_lit0("k", "keep", "keep field ON for next command"),
arg_lit0("a", "apdu", "show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_str1(NULL, NULL, "<mpda 4byte hex>", NULL), arg_str1(NULL, NULL, "<Mpda 4 bytes hex>", NULL),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
@ -269,7 +269,7 @@ static int CmdHFKSX6924Initialize(const char *Cmd) {
SetAPDULogging(APDULogging); SetAPDULogging(APDULogging);
if (datalen != 4) { if (datalen != 4) {
PrintAndLogEx(WARNING, "Mpda parameter must be 4 byte long (eg: 000003e8)"); PrintAndLogEx(WARNING, "Mpda parameter must be 4 bytes long (eg: 000003e8)");
return PM3_EINVARG; return PM3_EINVARG;
} }
@ -278,15 +278,23 @@ static int CmdHFKSX6924Initialize(const char *Cmd) {
goto end; goto end;
} }
PrintAndLogEx(SUCCESS, "Initialize Card : Mpda -> %02X %02X %02X %02X", data[0], data[1], data[2], data[3]); uint8_t resp[APDU_RES_LEN] = {0};
size_t resp_len = 0;
uint8_t response[25] = {0}; if (KSX6924InitializeCard(data[0], data[1], data[2], data[3], resp, &resp_len) == false) {
if (KSX6924InitializeCard(data[0], data[1], data[2], data[3], response)) { goto end;
PrintAndLogEx(SUCCESS, "Response : %s", sprint_hex(response, sizeof(response)));
} else {
PrintAndLogEx(FAILED, "Initialize Card Error");
} }
uint8_t *r = resp;
struct ksx6924_initialize_card_response initCardResponse;
bool ret = KSX6924ParseInitializeCardResponse(r, resp_len, &initCardResponse);
if (!ret) {
PrintAndLogEx(FAILED, "Error parsing KS X 6924 initialize card response");
goto end;
}
KSX6924PrintInitializeCardResponse(&initCardResponse);
end: end:
if (keep == false) { if (keep == false) {
DropField(); DropField();
@ -305,7 +313,7 @@ static int CmdHFKSX6924PRec(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("k", "keep", "keep field ON for next command"), arg_lit0("k", "keep", "keep field ON for next command"),
arg_lit0("a", "apdu", "show APDU reqests and responses"), arg_lit0("a", "apdu", "Show APDU requests and responses"),
arg_str1(NULL, NULL, "<record 1byte HEX>", NULL), arg_str1(NULL, NULL, "<record 1byte HEX>", NULL),
arg_param_end arg_param_end
}; };
@ -348,11 +356,11 @@ end:
static command_t CommandTable[] = { static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"}, {"help", CmdHelp, AlwaysAvailable, "This help"},
{"balance", CmdHFKSX6924Balance, IfPm3Iso14443a, "Get current purse balance"},
{"info", CmdHFKSX6924Info, IfPm3Iso14443a, "Get info about a KS X 6924 (T-Money, Snapper+) transit card"},
{"initialize", CmdHFKSX6924Initialize, IfPm3Iso14443a, "Perform transaction initialization (Mpda)"},
{"prec", CmdHFKSX6924PRec, IfPm3Iso14443a, "Send proprietary get record command (CLA=90, INS=4C)"},
{"select", CmdHFKSX6924Select, IfPm3Iso14443a, "Select application, and leave field up"}, {"select", CmdHFKSX6924Select, IfPm3Iso14443a, "Select application, and leave field up"},
{"info", CmdHFKSX6924Info, IfPm3Iso14443a, "Get info about a KS X 6924 (T-Money, Snapper+) transit card"},
{"balance", CmdHFKSX6924Balance, IfPm3Iso14443a, "Get current purse balance"},
{"init", CmdHFKSX6924Initialize, IfPm3Iso14443a, "Perform transaction initialization with Mpda"},
{"prec", CmdHFKSX6924PRec, IfPm3Iso14443a, "Send proprietary get record command (CLA=90, INS=4C)"},
{NULL, NULL, NULL, NULL} {NULL, NULL, NULL, NULL}
}; };

20
client/src/emv/cmdemv.c
View file

@ -140,7 +140,7 @@ static int CmdEMVSearch(const char *Cmd) {
arg_param_begin, arg_param_begin,
arg_lit0("sS", "select", "Activate field and select card"), arg_lit0("sS", "select", "Activate field and select card"),
arg_lit0("kK", "keep", "Keep field ON for next command"), arg_lit0("kK", "keep", "Keep field ON for next command"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"), arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_param_end arg_param_end
@ -196,7 +196,7 @@ static int CmdEMVPPSE(const char *Cmd) {
arg_lit0("kK", "keep", "Keep field ON for next command"), arg_lit0("kK", "keep", "Keep field ON for next command"),
arg_lit0("1", "pse", "PSE (1PAY.SYS.DDF01) mode"), arg_lit0("1", "pse", "PSE (1PAY.SYS.DDF01) mode"),
arg_lit0("2", "ppse", "PPSE (2PAY.SYS.DDF01) mode (def)"), arg_lit0("2", "ppse", "PPSE (2PAY.SYS.DDF01) mode (def)"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"), arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_param_end arg_param_end
@ -255,7 +255,7 @@ static int CmdEMVGPO(const char *Cmd) {
arg_lit0("kK", "keep", "Keep field ON for next command"), arg_lit0("kK", "keep", "Keep field ON for next command"),
arg_lit0("pP", "params", "Load parameters from `emv_defparams.json` file for PDOLdata making from PDOL and parameters"), arg_lit0("pP", "params", "Load parameters from `emv_defparams.json` file for PDOLdata making from PDOL and parameters"),
arg_lit0("mM", "make", "Make PDOLdata from PDOL (tag 9F38) and parameters (def: uses default parameters)"), arg_lit0("mM", "make", "Make PDOLdata from PDOL (tag 9F38) and parameters (def: uses default parameters)"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"), arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_strx0(NULL, NULL, "<hex>", "PDOLdata/PDOL"), arg_strx0(NULL, NULL, "<hex>", "PDOLdata/PDOL"),
@ -362,7 +362,7 @@ static int CmdEMVReadRecord(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("kK", "keep", "Keep field ON for next command"), arg_lit0("kK", "keep", "Keep field ON for next command"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"), arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_strx1(NULL, NULL, "<hex>", "<SFI 1 byte><SFIrecord 1 byte"), arg_strx1(NULL, NULL, "<hex>", "<SFI 1 byte><SFIrecord 1 byte"),
@ -426,7 +426,7 @@ static int CmdEMVAC(const char *Cmd) {
arg_str0("dD", "decision", "<aac|tc|arqc>", "Terminal decision. aac - declined, tc - approved, arqc - online authorisation requested"), arg_str0("dD", "decision", "<aac|tc|arqc>", "Terminal decision. aac - declined, tc - approved, arqc - online authorisation requested"),
arg_lit0("pP", "params", "Load parameters from `emv_defparams.json` file for CDOLdata making from CDOL and parameters"), arg_lit0("pP", "params", "Load parameters from `emv_defparams.json` file for CDOLdata making from CDOL and parameters"),
arg_lit0("mM", "make", "Make CDOLdata from CDOL (tag 8C and 8D) and parameters (def: use default parameters)"), arg_lit0("mM", "make", "Make CDOLdata from CDOL (tag 8C and 8D) and parameters (def: use default parameters)"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"), arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_strx1(NULL, NULL, "<hex>", "CDOLdata/CDOL"), arg_strx1(NULL, NULL, "<hex>", "CDOLdata/CDOL"),
@ -544,7 +544,7 @@ static int CmdEMVGenerateChallenge(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("kK", "keep", "Keep field ON for next command"), arg_lit0("kK", "keep", "Keep field ON for next command"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_param_end arg_param_end
}; };
@ -598,7 +598,7 @@ static int CmdEMVInternalAuthenticate(const char *Cmd) {
arg_lit0("kK", "keep", "Keep field ON for next command"), arg_lit0("kK", "keep", "Keep field ON for next command"),
arg_lit0("pP", "params", "Load parameters from `emv_defparams.json` file for DDOLdata making from DDOL and parameters"), arg_lit0("pP", "params", "Load parameters from `emv_defparams.json` file for DDOLdata making from DDOL and parameters"),
arg_lit0("mM", "make", "Make DDOLdata from DDOL (tag 9F49) and parameters (def: use default parameters)"), arg_lit0("mM", "make", "Make DDOLdata from DDOL (tag 9F49) and parameters (def: use default parameters)"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"), arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_strx1(NULL, NULL, "<hex>", "DDOLdata/DDOL"), arg_strx1(NULL, NULL, "<hex>", "DDOLdata/DDOL"),
@ -823,7 +823,7 @@ static int CmdEMVExec(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("sS", "select", "Activate field and select card"), arg_lit0("sS", "select", "Activate field and select card"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results"), arg_lit0("tT", "tlv", "TLV decode results"),
arg_lit0("jJ", "jload", "Load transaction parameters from `emv_defparams.json` file"), arg_lit0("jJ", "jload", "Load transaction parameters from `emv_defparams.json` file"),
arg_lit0("fF", "forceaid", "Force search AID. Search AID instead of execute PPSE"), arg_lit0("fF", "forceaid", "Force search AID. Search AID instead of execute PPSE"),
@ -1448,7 +1448,7 @@ static int CmdEMVScan(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("tT", "tlv", "TLV decode results"), arg_lit0("tT", "tlv", "TLV decode results"),
arg_lit0("eE", "extract", "Extract TLV elements and fill Application Data"), arg_lit0("eE", "extract", "Extract TLV elements and fill Application Data"),
arg_lit0("jJ", "jload", "Load transaction parameters from `emv_defparams.json` file"), arg_lit0("jJ", "jload", "Load transaction parameters from `emv_defparams.json` file"),
@ -1872,7 +1872,7 @@ static int CmdEMVRoca(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("tT", "selftest", "Self test"), arg_lit0("tT", "selftest", "Self test"),
arg_lit0("aA", "apdu", "Show APDU reqests and responses"), arg_lit0("aA", "apdu", "Show APDU requests and responses"),
arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. (def: Contactless interface)"),
arg_param_end arg_param_end
}; };

89
client/src/ksx6924/ksx6924core.c
View file

@ -66,6 +66,16 @@ typedef struct {
uint8_t rfu[8]; uint8_t rfu[8];
} PACKED _ksx6924_internal_purse_info_t; } PACKED _ksx6924_internal_purse_info_t;
typedef struct {
uint8_t ALGep;
uint8_t VKep;
uint8_t BALep[4]; // uint32_t big-endian
uint8_t IDcenter;
uint8_t IDep[8]; // bcd
uint8_t NTep[4];
uint8_t Sign1[4];
} PACKED _ksx6924_initialize_card_response_t;
// Declares a structure for simple enums. // Declares a structure for simple enums.
#define MAKE_ENUM_TYPE(KEY_TYPE) \ #define MAKE_ENUM_TYPE(KEY_TYPE) \
struct _ksx6924_enum_ ## KEY_TYPE { \ struct _ksx6924_enum_ ## KEY_TYPE { \
@ -114,17 +124,17 @@ MAKE_ENUM_CONST(Alg, uint8_t,
// KSX6924LookupTMoneyIDCenter // KSX6924LookupTMoneyIDCenter
MAKE_ENUM_CONST(TMoneyIDCenter, uint8_t, MAKE_ENUM_CONST(TMoneyIDCenter, uint8_t,
{ 0x00, "reserved" }, { 0x00, "Reserved" },
{ 0x01, "Korea Financial Telecommunications and Clearings Institute" }, { 0x01, "Korea Financial Telecommunications and Clearings Institute" },
{ 0x02, "A-Cash" }, { 0x02, "A-Cash" },
{ 0x03, "Mybi" }, { 0x03, "Mybi" },
{ 0x04, "Reserved" },
{ 0x05, "V-Cash" }, { 0x05, "V-Cash" },
{ 0x06, "Mondex Korea" }, { 0x06, "Mondex Korea" },
{ 0x07, "Korea Expressway Corporation" }, { 0x07, "Korea Expressway Corporation" },
{ 0x08, "Korea Smart Card Corporation" }, { 0x08, "Tmoney Co., Ltd." },
{ 0x09, "KORAIL Networks" }, { 0x09, "KORAIL Networks" },
{ 0x0a, "Reserved" },
{ 0x0b, "EB Card Corporation" }, { 0x0b, "EB Card Corporation" },
{ 0x0c, "Seoul Bus Transport Association" }, { 0x0c, "Seoul Bus Transport Association" },
{ 0x0d, "Cardnet" }, { 0x0d, "Cardnet" },
@ -165,17 +175,17 @@ MAKE_ENUM_CONST(TMoneyTCode, uint8_t,
// KSX6924LookupTMoneyCCode // KSX6924LookupTMoneyCCode
MAKE_ENUM_CONST(TMoneyCCode, uint8_t, MAKE_ENUM_CONST(TMoneyCCode, uint8_t,
{ 0x00, "None" }, { 0x00, "None" },
{ 0x01, "KB Kookmin Bank" }, { 0x01, "KB Card" },
{ 0x02, "Nonghyup Bank" }, { 0x02, "NH Card" },
{ 0x03, "Lotte Card" }, { 0x03, "Lotte Card" },
{ 0x04, "BC Card" }, { 0x04, "BC Card" },
{ 0x05, "Samsung Card" }, { 0x05, "Samsung Card" },
{ 0x06, "Shinhan Bank" }, { 0x06, "Shinhan Card" },
{ 0x07, "Citibank Korea" }, { 0x07, "Citibank Korea" },
{ 0x08, "Korea Exchange Bank" }, { 0x08, "Korea Exchange Bank" },
{ 0x09, "Woori" }, { 0x09, "Woori Card" },
{ 0x0a, "Hana SK Card" }, { 0x0a, "Hana SK Card" },
{ 0x0b, "Hyundai Capital Services" }, { 0x0b, "Hyundai Card" },
); );
static const char *KSX6924_UNKNOWN = "Unknown"; static const char *KSX6924_UNKNOWN = "Unknown";
@ -446,7 +456,7 @@ bool KSX6924GetBalance(uint32_t *result) {
/** /**
* Perform transaction initialization. * Perform transaction initialization.
*/ */
bool KSX6924InitializeCard(uint8_t mpda1, uint8_t mpda2, uint8_t mpda3, uint8_t mpda4, uint8_t *result) { bool KSX6924InitializeCard(uint8_t mpda1, uint8_t mpda2, uint8_t mpda3, uint8_t mpda4, uint8_t *result, size_t *result_len) {
if (result == NULL) { if (result == NULL) {
return false; return false;
@ -472,9 +482,68 @@ bool KSX6924InitializeCard(uint8_t mpda1, uint8_t mpda2, uint8_t mpda3, uint8_t
//*result = ntohl(*(uint32_t*)(arr)); //*result = ntohl(*(uint32_t*)(arr));
memcpy(result, arr, rlen + 2); // skip 2 sw bytes memcpy(result, arr, rlen + 2); // skip 2 sw bytes
memcpy(result_len, &rlen, sizeof(size_t));
return true; return true;
} }
/**
* Parses Initialize Card response
*/
bool KSX6924ParseInitializeCardResponse(const uint8_t *initCardResponse, size_t resp_len, struct ksx6924_initialize_card_response *ret) {
memset(ret, 0, sizeof(struct ksx6924_initialize_card_response));
if (resp_len != sizeof(_ksx6924_initialize_card_response_t)) {
// Invalid size!
PrintAndLogEx(FAILED, "Expected %ld bytes, got %ld\n", sizeof(_ksx6924_initialize_card_response_t), resp_len);
return false;
}
const _ksx6924_initialize_card_response_t *internalInitCardResponse = (const _ksx6924_initialize_card_response_t *)initCardResponse;
// Simple copies
ret->ALGep = internalInitCardResponse->ALGep;
ret->VKep = internalInitCardResponse->VKep;
ret->IDcenter = internalInitCardResponse->IDcenter;
// Fields that need rewriting
hex_to_buffer(ret->IDep, internalInitCardResponse->IDep,
sizeof(internalInitCardResponse->IDep),
sizeof(ret->IDep) - 1,
0, // min_str_len
0, // spaces_between
false // uppercase
);
ret->BALep = MemBeToUint4byte((uint8_t *)internalInitCardResponse->BALep);
ret->NTep = MemBeToUint4byte((uint8_t *)internalInitCardResponse->NTep);
memcpy(&ret->Sign1, &internalInitCardResponse->Sign1, 4);
// TODO
return true;
};
/**
* Prints out a Initialize Card response
*/
void KSX6924PrintInitializeCardResponse(const struct ksx6924_initialize_card_response *response) {
if (response == NULL) {
return;
}
PrintAndLogEx(INFO, "--- " _CYAN_("KS X 6924 Initialize Card Response") " ---------------------------");
PrintAndLogEx(INFO, "");
PrintAndLogEx(INFO, " ALGep (Algorithm Identifier)........ %02x ( %s )", response->ALGep, KSX6924LookupAlg(response->ALGep, KSX6924_UNKNOWN));
PrintAndLogEx(INFO, " VKep (Version of Key) .............. %02x", response->VKep);
PrintAndLogEx(INFO, " BALep (Balance...................... %" PRIu32, response->BALep);
PrintAndLogEx(INFO, " IDcenter (Issuer ID) ............... %02x ( %s )", response->IDcenter, KSX6924LookupTMoneyIDCenter(response->IDcenter, KSX6924_UNKNOWN));
PrintAndLogEx(INFO, " IDep (Card number) ................. %s", response->IDep);
PrintAndLogEx(INFO, " NTep (Number of Transaction + 1) ... %" PRIu32, response->NTep);
PrintAndLogEx(INFO, " Sign1 .............................. %s", sprint_hex(response->Sign1, sizeof(response->Sign1)));
PrintAndLogEx(INFO, "");
}
/** /**
* Issues a proprietary "get record" command (CLA=90, INS=4C). * Issues a proprietary "get record" command (CLA=90, INS=4C).

20
client/src/ksx6924/ksx6924core.h
View file

@ -53,6 +53,18 @@ struct ksx6924_purse_info {
uint8_t rfu[8]; uint8_t rfu[8];
}; };
// Convenience structure for representing purse information. Actual on-card
// format is in _ksx6924_initialize_card_response_t.
struct ksx6924_initialize_card_response {
uint8_t ALGep;
uint8_t VKep;
uint32_t BALep;
uint8_t IDcenter;
uint8_t IDep[17]; // hex digits + null terminator
uint32_t NTep;
uint8_t Sign1[4];
};
// Get card type description // Get card type description
const char *KSX6924LookupCardType(uint8_t key, const char *defaultValue); const char *KSX6924LookupCardType(uint8_t key, const char *defaultValue);
@ -94,7 +106,13 @@ bool KSX6924TrySelect(void);
bool KSX6924GetBalance(uint32_t *result); bool KSX6924GetBalance(uint32_t *result);
// Perform transaction initialization. // Perform transaction initialization.
bool KSX6924InitializeCard(uint8_t mpda1, uint8_t mpda2, uint8_t mpda3, uint8_t mpda4, uint8_t *result); bool KSX6924InitializeCard(uint8_t mpda1, uint8_t mpda2, uint8_t mpda3, uint8_t mpda4, uint8_t *result, size_t *result_len);
// Parses Initialize Card response
bool KSX6924ParseInitializeCardResponse(const uint8_t *initCardResponse, size_t resp_len, struct ksx6924_initialize_card_response *ret);
// Prints out a Initialize Card response
void KSX6924PrintInitializeCardResponse(const struct ksx6924_initialize_card_response *response);
// Proprietary get record command. Function unknown. // Proprietary get record command. Function unknown.
// result must be 10 bytes long. // result must be 10 bytes long.

8
client/src/pm3line_vocabulory.h
View file

@ -244,11 +244,11 @@ const static vocabulory_t vocabulory[] = {
{ 1, "hf gallagher diversifykey" }, { 1, "hf gallagher diversifykey" },
{ 1, "hf gallagher decode" }, { 1, "hf gallagher decode" },
{ 1, "hf ksx6924 help" }, { 1, "hf ksx6924 help" },
{ 0, "hf ksx6924 balance" },
{ 0, "hf ksx6924 info" },
{ 0, "hf ksx6924 initialize" },
{ 0, "hf ksx6924 prec" },
{ 0, "hf ksx6924 select" }, { 0, "hf ksx6924 select" },
{ 0, "hf ksx6924 info" },
{ 0, "hf ksx6924 balance" },
{ 0, "hf ksx6924 init" },
{ 0, "hf ksx6924 prec" },
{ 1, "hf jooki help" }, { 1, "hf jooki help" },
{ 0, "hf jooki clone" }, { 0, "hf jooki clone" },
{ 1, "hf jooki decode" }, { 1, "hf jooki decode" },

97
doc/commands.json
View file

@ -761,7 +761,7 @@
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-k, -K, --keep Keep field ON for next command", "-k, -K, --keep Keep field ON for next command",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)" "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)"
], ],
"usage": "emv challenge [-hkaw]" "usage": "emv challenge [-hkaw]"
@ -777,7 +777,7 @@
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-s, -S, --select Activate field and select card", "-s, -S, --select Activate field and select card",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results", "-t, -T, --tlv TLV decode results",
"-j, -J, --jload Load transaction parameters from `emv_defparams.json` file", "-j, -J, --jload Load transaction parameters from `emv_defparams.json` file",
"-f, -F, --forceaid Force search AID. Search AID instead of execute PPSE", "-f, -F, --forceaid Force search AID. Search AID instead of execute PPSE",
@ -807,7 +807,7 @@
"-d, -D, --decision <aac|tc|arqc> Terminal decision. aac - declined, tc - approved, arqc - online authorisation requested", "-d, -D, --decision <aac|tc|arqc> Terminal decision. aac - declined, tc - approved, arqc - online authorisation requested",
"-p, -P, --params Load parameters from `emv_defparams.json` file for CDOLdata making from CDOL and parameters", "-p, -P, --params Load parameters from `emv_defparams.json` file for CDOLdata making from CDOL and parameters",
"-m, -M, --make Make CDOLdata from CDOL (tag 8C and 8D) and parameters (def: use default parameters)", "-m, -M, --make Make CDOLdata from CDOL (tag 8C and 8D) and parameters (def: use default parameters)",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results of selected applets", "-t, -T, --tlv TLV decode results of selected applets",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)", "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)",
"<hex> CDOLdata/CDOL" "<hex> CDOLdata/CDOL"
@ -828,7 +828,7 @@
"-k, -K, --keep Keep field ON for next command", "-k, -K, --keep Keep field ON for next command",
"-p, -P, --params Load parameters from `emv_defparams.json` file for PDOLdata making from PDOL and parameters", "-p, -P, --params Load parameters from `emv_defparams.json` file for PDOLdata making from PDOL and parameters",
"-m, -M, --make Make PDOLdata from PDOL (tag 9F38) and parameters (def: uses default parameters)", "-m, -M, --make Make PDOLdata from PDOL (tag 9F38) and parameters (def: uses default parameters)",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results of selected applets", "-t, -T, --tlv TLV decode results of selected applets",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)", "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)",
"<hex> PDOLdata/PDOL" "<hex> PDOLdata/PDOL"
@ -857,7 +857,7 @@
"-k, -K, --keep Keep field ON for next command", "-k, -K, --keep Keep field ON for next command",
"-p, -P, --params Load parameters from `emv_defparams.json` file for DDOLdata making from DDOL and parameters", "-p, -P, --params Load parameters from `emv_defparams.json` file for DDOLdata making from DDOL and parameters",
"-m, -M, --make Make DDOLdata from DDOL (tag 9F49) and parameters (def: use default parameters)", "-m, -M, --make Make DDOLdata from DDOL (tag 9F49) and parameters (def: use default parameters)",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results of selected applets", "-t, -T, --tlv TLV decode results of selected applets",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)", "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)",
"<hex> DDOLdata/DDOL" "<hex> DDOLdata/DDOL"
@ -899,7 +899,7 @@
"-k, -K, --keep Keep field ON for next command", "-k, -K, --keep Keep field ON for next command",
"-1, --pse PSE (1PAY.SYS.DDF01) mode", "-1, --pse PSE (1PAY.SYS.DDF01) mode",
"-2, --ppse PPSE (2PAY.SYS.DDF01) mode (def)", "-2, --ppse PPSE (2PAY.SYS.DDF01) mode (def)",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results of selected applets", "-t, -T, --tlv TLV decode results of selected applets",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)" "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)"
], ],
@ -916,7 +916,7 @@
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-k, -K, --keep Keep field ON for next command", "-k, -K, --keep Keep field ON for next command",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results of selected applets", "-t, -T, --tlv TLV decode results of selected applets",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)", "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)",
"<hex> <SFI 1 byte><SFIrecord 1 byte" "<hex> <SFI 1 byte><SFIrecord 1 byte"
@ -934,7 +934,7 @@
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-t, -T, --selftest Self test", "-t, -T, --selftest Self test",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)" "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)"
], ],
"usage": "emv roca [-htaw]" "usage": "emv roca [-htaw]"
@ -949,7 +949,7 @@
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results", "-t, -T, --tlv TLV decode results",
"-e, -E, --extract Extract TLV elements and fill Application Data", "-e, -E, --extract Extract TLV elements and fill Application Data",
"-j, -J, --jload Load transaction parameters from `emv_defparams.json` file", "-j, -J, --jload Load transaction parameters from `emv_defparams.json` file",
@ -976,7 +976,7 @@
"-h, --help This help", "-h, --help This help",
"-s, -S, --select Activate field and select card", "-s, -S, --select Activate field and select card",
"-k, -K, --keep Keep field ON for next command", "-k, -K, --keep Keep field ON for next command",
"-a, -A, --apdu Show APDU reqests and responses", "-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results of selected applets", "-t, -T, --tlv TLV decode results of selected applets",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)" "-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)"
], ],
@ -2575,7 +2575,7 @@
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-a, --apdu Show APDU reqests and responses", "-a, --apdu Show APDU requests and responses",
"-v, --verbose Verbose mode. vv - show full certificates data", "-v, --verbose Verbose mode. vv - show full certificates data",
"-c, --cbor Show CBOR decoded data", "-c, --cbor Show CBOR decoded data",
"-l, --list Add CredentialId from json to allowList", "-l, --list Add CredentialId from json to allowList",
@ -2596,7 +2596,7 @@
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-a, --apdu Show APDU reqests and responses", "-a, --apdu Show APDU requests and responses",
"-v, --verbose Verbose mode", "-v, --verbose Verbose mode",
"default mode: dont-enforce-user-presence-and-sign", "default mode: dont-enforce-user-presence-and-sign",
"-u, --user mode: enforce-user-presence-and-sign", "-u, --user mode: enforce-user-presence-and-sign",
@ -2662,7 +2662,7 @@
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-a, --apdu Show APDU reqests and responses", "-a, --apdu Show APDU requests and responses",
"-v, --verbose Verbose mode. vv - show full certificates data", "-v, --verbose Verbose mode. vv - show full certificates data",
"-t, --tlv Show DER certificate contents in TLV representation", "-t, --tlv Show DER certificate contents in TLV representation",
"-c, --cbor Show CBOR decoded data", "-c, --cbor Show CBOR decoded data",
@ -3391,20 +3391,6 @@
], ],
"usage": "hf jooki sim [-h] [-b <base64>]" "usage": "hf jooki sim [-h] [-b <base64>]"
}, },
"hf ksx6924 balance": {
"command": "hf ksx6924 balance",
"description": "Gets the current purse balance",
"notes": [
"hf ksx6924 balance"
],
"offline": false,
"options": [
"-h, --help This help",
"-k, --keep keep field ON for next command",
"-a, --apdu show APDU reqests and responses"
],
"usage": "hf ksx6924 balance [-hka]"
},
"hf ksx6924 help": { "hf ksx6924 help": {
"command": "hf ksx6924 help", "command": "hf ksx6924 help",
"description": "help This help", "description": "help This help",
@ -3413,6 +3399,19 @@
"options": [], "options": [],
"usage": "" "usage": ""
}, },
"hf ksx6924 select": {
"command": "hf ksx6924 select",
"description": "Selects KS X 6924 application, and leaves field up",
"notes": [
"hf ksx6924 select"
],
"offline": false,
"options": [
"-h, --help This help",
"-a, --apdu Show APDU requests and responses"
],
"usage": "hf ksx6924 select [-ha]"
},
"hf ksx6924 info": { "hf ksx6924 info": {
"command": "hf ksx6924 info", "command": "hf ksx6924 info",
"description": "Get info about a KS X 6924 transit card. This application is used by T-Money (South Korea) and Snapper+ (Wellington, New Zealand).", "description": "Get info about a KS X 6924 transit card. This application is used by T-Money (South Korea) and Snapper+ (Wellington, New Zealand).",
@ -3423,23 +3422,37 @@
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-k, --keep keep field ON for next command", "-k, --keep keep field ON for next command",
"-a, --apdu show APDU reqests and responses" "-a, --apdu Show APDU requests and responses"
], ],
"usage": "hf ksx6924 info [-hka]" "usage": "hf ksx6924 info [-hka]"
}, },
"hf ksx6924 initialize": { "hf ksx6924 balance": {
"command": "hf ksx6924 initialize", "command": "hf ksx6924 balance",
"description": "Perform transaction initialization (mpda)", "description": "Gets the current purse balance",
"notes": [ "notes": [
"hf ksx6924 initialize 000003e8 -> mpda" "hf ksx6924 balance"
], ],
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-k, --keep keep field ON for next command", "-k, --keep keep field ON for next command",
"-a, --apdu show APDU reqests and responses" "-a, --apdu Show APDU requests and responses"
], ],
"usage": "hf ksx6924 initialize [-hka] <mpda 4byte hex>" "usage": "hf ksx6924 balance [-hka]"
},
"hf ksx6924 init": {
"command": "hf ksx6924 init",
"description": "Perform transaction initialization (mpda)",
"notes": [
"hf ksx6924 init 000003e8 -> Mpda"
],
"offline": false,
"options": [
"-h, --help This help",
"-k, --keep keep field ON for next command",
"-a, --apdu Show APDU requests and responses"
],
"usage": "hf ksx6924 init [-hka] <Mpda 4 bytes hex>"
}, },
"hf ksx6924 prec": { "hf ksx6924 prec": {
"command": "hf ksx6924 prec", "command": "hf ksx6924 prec",
@ -3451,23 +3464,11 @@
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-k, --keep keep field ON for next command", "-k, --keep keep field ON for next command",
"-a, --apdu show APDU reqests and responses" "-a, --apdu Show APDU requests and responses"
], ],
"usage": "hf ksx6924 prec [-hka] <record 1byte HEX>" "usage": "hf ksx6924 prec [-hka] <record 1byte HEX>"
}, },
"hf ksx6924 select": {
"command": "hf ksx6924 select",
"description": "Selects KS X 6924 application, and leaves field up",
"notes": [
"hf ksx6924 select"
],
"offline": false,
"options": [
"-h, --help This help",
"-a, --apdu show APDU reqests and responses"
],
"usage": "hf ksx6924 select [-ha]"
},
"hf legic crc": { "hf legic crc": {
"command": "hf legic crc", "command": "hf legic crc",
"description": "Calculates the legic crc8/crc16 on the given data", "description": "Calculates the legic crc8/crc16 on the given data",

8
doc/commands.md
View file

@ -367,11 +367,11 @@ Check column "offline" for their availability.
|command |offline |description |command |offline |description
|------- |------- |----------- |------- |------- |-----------
|`hf ksx6924 help `|Y |`This help` |`hf ksx6924 help `|Y |`This help`
|`hf ksx6924 balance `|N |`Get current purse balance`
|`hf ksx6924 info `|N |`Get info about a KS X 6924 (T-Money, Snapper+) transit card`
|`hf ksx6924 initialize `|N |`Perform transaction initialization (Mpda)`
|`hf ksx6924 prec `|N |`Send proprietary get record command (CLA=90, INS=4C)`
|`hf ksx6924 select `|N |`Select application, and leave field up` |`hf ksx6924 select `|N |`Select application, and leave field up`
|`hf ksx6924 info `|N |`Get info about a KS X 6924 (T-Money, Snapper+) transit card`
|`hf ksx6924 balance `|N |`Get current purse balance`
|`hf ksx6924 init `|N |`Perform transaction initialization with Mpda (Money of Purchase Transaction)`
|`hf ksx6924 prec `|N |`Send proprietary get record command (CLA=90, INS=4C)`
### hf jooki ### hf jooki