mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-21 13:53:55 -07:00
Merge pull request #1356 from merlokk/desf_update2
desfire coverity + crypto refactoring
This commit is contained in:
Oleg Moiseenko
GitHub
commit
f74e5db6f0
18 changed files with 495 additions and 352 deletions
|
|
@ -226,6 +226,7 @@ set (TARGET_SOURCES
|
|||
${PM3_ROOT}/client/src/mifare/mifarehost.c
|
||||
${PM3_ROOT}/client/src/nfc/ndef.c
|
||||
${PM3_ROOT}/client/src/mifare/desfire_crypto.c
|
||||
${PM3_ROOT}/client/src/mifare/desfiresecurechan.c
|
||||
${PM3_ROOT}/client/src/mifare/desfirecore.c
|
||||
${PM3_ROOT}/client/src/uart/uart_posix.c
|
||||
${PM3_ROOT}/client/src/uart/uart_win32.c
|
||||
|
|
|
|||
|
|
@ -590,6 +590,7 @@ SRCS = aiddesfire.c \
|
|||
loclass/ikeys.c \
|
||||
mifare/desfire_crypto.c \
|
||||
mifare/desfirecore.c \
|
||||
mifare/desfiresecurechan.c \
|
||||
mifare/mad.c \
|
||||
mifare/mfkey.c \
|
||||
mifare/mifare4.c \
|
||||
|
|
|
|||
|
|
@ -40,11 +40,6 @@ uint8_t CipurseCSecurityLevelEnc(CipurseChannelSecurityLevel lvl) {
|
|||
}
|
||||
}
|
||||
|
||||
static void bin_xor(uint8_t *d1, uint8_t *d2, size_t len) {
|
||||
for (size_t i = 0; i < len; i++)
|
||||
d1[i] = d1[i] ^ d2[i];
|
||||
}
|
||||
|
||||
static void bin_ext(uint8_t *dst, size_t dstlen, uint8_t *src, size_t srclen) {
|
||||
if (srclen > dstlen)
|
||||
memcpy(dst, &src[srclen - dstlen], dstlen);
|
||||
|
|
@ -218,24 +213,6 @@ bool CipurseCCheckCT(CipurseContext *ctx, uint8_t *CT) {
|
|||
return (memcmp(CT, ctx->CT, CIPURSE_AES_KEY_LENGTH) == 0);
|
||||
}
|
||||
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen) {
|
||||
*ddatalen = sdatalen + 1;
|
||||
*ddatalen += blocklen - *ddatalen % blocklen;
|
||||
memset(ddata, 0, *ddatalen);
|
||||
memcpy(ddata, sdata, sdatalen);
|
||||
ddata[sdatalen] = ISO9797_M2_PAD_BYTE;
|
||||
}
|
||||
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen) {
|
||||
for (int i = datalen; i > 0; i--) {
|
||||
if (data[i - 1] == 0x80)
|
||||
return i - 1;
|
||||
if (data[i - 1] != 0x00)
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static uint16_t CipurseCComputeMICCRC(uint8_t *data, size_t len) {
|
||||
uint16_t initCRC = 0x6363;
|
||||
for (size_t i = 0; i < len; i++) {
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
#define CIPURSE_MAC_LENGTH 8
|
||||
#define CIPURSE_MIC_LENGTH 4
|
||||
#define CIPURSE_POLY 0x35b088cce172UL
|
||||
#define ISO9797_M2_PAD_BYTE 0x80
|
||||
|
||||
#define member_size(type, member) sizeof(((type *)0)->member)
|
||||
|
||||
|
|
@ -66,9 +65,6 @@ bool CipurseCCheckCT(CipurseContext *ctx, uint8_t *CT);
|
|||
void CipurseCChannelSetSecurityLevels(CipurseContext *ctx, CipurseChannelSecurityLevel req, CipurseChannelSecurityLevel resp);
|
||||
bool isCipurseCChannelSecuritySet(CipurseContext *ctx);
|
||||
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen);
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen);
|
||||
|
||||
void CipurseCGenerateMAC(CipurseContext *ctx, uint8_t *data, size_t datalen, uint8_t *mac);
|
||||
void CipurseCCalcMACPadded(CipurseContext *ctx, uint8_t *data, size_t datalen, uint8_t *mac);
|
||||
bool CipurseCCheckMACPadded(CipurseContext *ctx, uint8_t *data, size_t datalen, uint8_t *mac);
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
#include <string.h> // memcpy memset
|
||||
#include "fileutils.h"
|
||||
|
||||
#include "crypto/libpcrypto.h"
|
||||
#include "cipurse/cipursecrypto.h"
|
||||
#include "cipurse/cipursecore.h"
|
||||
|
||||
|
|
|
|||
|
|
@ -5198,7 +5198,7 @@ static int CmdHF14ADesGetAIDs(const char *Cmd) {
|
|||
|
||||
if (DesfireIsAuthenticated(&dctx)) {
|
||||
if (verbose)
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated") , res);
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated"));
|
||||
} else {
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
|
@ -5278,7 +5278,7 @@ static int CmdHF14ADesGetAppNames(const char *Cmd) {
|
|||
|
||||
if (DesfireIsAuthenticated(&dctx)) {
|
||||
if (verbose)
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated") , res);
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated"));
|
||||
} else {
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
|
@ -5297,7 +5297,7 @@ static int CmdHF14ADesGetAppNames(const char *Cmd) {
|
|||
if (buflen > 0) {
|
||||
PrintAndLogEx(INFO, "----------------------- " _CYAN_("File list") " -----------------------");
|
||||
for (int i = 0; i < buflen; i++)
|
||||
PrintAndLogEx(INFO, "AID: %06x ISO file id: %02x%02x ISO DF name[%d]: %s",
|
||||
PrintAndLogEx(INFO, "AID: %06x ISO file id: %02x%02x ISO DF name[%" PRIu32 "]: %s",
|
||||
DesfireAIDByteToUint(&buf[i * 24 + 1]),
|
||||
buf[i * 24 + 1 + 3], buf[i * 24 + 1 + 4],
|
||||
strlen((char *)&buf[i * 24 + 1 + 5]),
|
||||
|
|
|
|||
|
|
@ -536,3 +536,26 @@ exit:
|
|||
PrintAndLogEx(NORMAL, _RED_("failed\n"));
|
||||
return res;
|
||||
}
|
||||
|
||||
void bin_xor(uint8_t *d1, uint8_t *d2, size_t len) {
|
||||
for (size_t i = 0; i < len; i++)
|
||||
d1[i] = d1[i] ^ d2[i];
|
||||
}
|
||||
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen) {
|
||||
*ddatalen = sdatalen + 1;
|
||||
*ddatalen += blocklen - *ddatalen % blocklen;
|
||||
memset(ddata, 0, *ddatalen);
|
||||
memcpy(ddata, sdata, sdatalen);
|
||||
ddata[sdatalen] = ISO9797_M2_PAD_BYTE;
|
||||
}
|
||||
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen) {
|
||||
for (int i = datalen; i > 0; i--) {
|
||||
if (data[i - 1] == 0x80)
|
||||
return i - 1;
|
||||
if (data[i - 1] != 0x00)
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,4 +42,11 @@ char *ecdsa_get_error(int ret);
|
|||
|
||||
int ecdsa_nist_test(bool verbose);
|
||||
|
||||
void bin_xor(uint8_t *d1, uint8_t *d2, size_t len);
|
||||
|
||||
#define ISO9797_M2_PAD_BYTE 0x80
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen);
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen);
|
||||
|
||||
|
||||
#endif /* libpcrypto.h */
|
||||
|
|
|
|||
|
|
@ -55,10 +55,14 @@ static inline void update_key_schedules(desfirekey_t key) {
|
|||
|
||||
int desfire_get_key_length(enum DESFIRE_CRYPTOALGO key_type) {
|
||||
switch (key_type) {
|
||||
case T_DES: return 8;
|
||||
case T_3DES: return 16;
|
||||
case T_3K3DES: return 24;
|
||||
case T_AES: return 16;
|
||||
case T_DES:
|
||||
return 8;
|
||||
case T_3DES:
|
||||
return 16;
|
||||
case T_3K3DES:
|
||||
return 24;
|
||||
case T_AES:
|
||||
return 16;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@
|
|||
#include "iso7816/iso7816core.h" // APDU logging
|
||||
#include "util_posix.h" // msleep
|
||||
#include "mifare/desfire_crypto.h"
|
||||
#include "desfiresecurechan.h"
|
||||
|
||||
const CLIParserOption DesfireAlgoOpts[] = {
|
||||
{T_DES, "des"},
|
||||
|
|
@ -543,162 +544,6 @@ static int DesfireExchangeISO(bool activate_field, DesfireContext *ctx, uint8_t
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static void DesfireCryptoEncDec(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, bool encode) {
|
||||
uint8_t data[1024] = {0};
|
||||
|
||||
switch(ctx->keyType) {
|
||||
case T_DES:
|
||||
if (ctx->secureChannel == DACd40) {
|
||||
if (encode)
|
||||
des_encrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
else
|
||||
des_decrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
} if (ctx->secureChannel == DACEV1) {
|
||||
if (encode)
|
||||
des_encrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
else
|
||||
des_decrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
}
|
||||
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
case T_3DES:
|
||||
break;
|
||||
case T_3K3DES:
|
||||
break;
|
||||
case T_AES:
|
||||
if (encode)
|
||||
aes_encode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
else
|
||||
aes_decode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
uint8_t data[1024] = {0};
|
||||
size_t rlen = 0;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMPlain:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
case DCMMACed:
|
||||
if (srcdatalen == 0)
|
||||
break;
|
||||
|
||||
rlen = padded_data_length(srcdatalen, desfire_get_key_block_length(ctx->keyType));
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, NULL, true);
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
memcpy(&dstdata[srcdatalen], ctx->IV, desfire_get_key_block_length(ctx->keyType));
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
rlen = padded_data_length(srcdatalen + 2, desfire_get_key_block_length(ctx->keyType)); // 2 - crc16
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
compute_crc(CRC_14443_A, data, srcdatalen, &data[srcdatalen], &data[srcdatalen + 1]);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, dstdata, true);
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMNone:;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMNone:;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch(ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelEncodeD40(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelEncodeEV1(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeD40(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMMACed:
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMPlain:
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeEV1(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
memcpy(dstdata, srcdata, srcdatalen - 8);
|
||||
*dstdatalen = srcdatalen - 8;
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch(ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelDecodeD40(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelDecodeEV1(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// move data from blockdata [format: <length, data><length, data>...] to single data block
|
||||
static void DesfireJoinBlockToBytes(uint8_t *blockdata, size_t blockdatacount, size_t blockdatasize, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
*dstdatalen = 0;
|
||||
|
|
|
|||
194
client/src/mifare/desfiresecurechan.c
Normal file
194
client/src/mifare/desfiresecurechan.c
Normal file
|
|
@ -0,0 +1,194 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2010 Romain Tartiere.
|
||||
// Copyright (C) 2014 Iceman
|
||||
// Copyright (C) 2021 Merlok
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// High frequency Desfire secure channel functions
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#include "desfiresecurechan.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <util.h>
|
||||
#include "ui.h"
|
||||
#include "crc.h"
|
||||
#include "crc16.h" // crc16 ccitt
|
||||
#include "crc32.h"
|
||||
#include "commonutil.h"
|
||||
#include "mifare/desfire_crypto.h"
|
||||
|
||||
void DesfireCryptoEncDec(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, bool encode) {
|
||||
uint8_t data[1024] = {0};
|
||||
|
||||
switch (ctx->keyType) {
|
||||
case T_DES:
|
||||
if (ctx->secureChannel == DACd40) {
|
||||
if (encode)
|
||||
des_encrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
else
|
||||
des_decrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
}
|
||||
if (ctx->secureChannel == DACEV1) {
|
||||
if (encode)
|
||||
des_encrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
else
|
||||
des_decrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
}
|
||||
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
case T_3DES:
|
||||
break;
|
||||
case T_3K3DES:
|
||||
break;
|
||||
case T_AES:
|
||||
if (encode)
|
||||
aes_encode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
else
|
||||
aes_decode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
uint8_t data[1024] = {0};
|
||||
size_t rlen = 0;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMPlain:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
case DCMMACed:
|
||||
if (srcdatalen == 0)
|
||||
break;
|
||||
|
||||
rlen = padded_data_length(srcdatalen, desfire_get_key_block_length(ctx->keyType));
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, NULL, true);
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
memcpy(&dstdata[srcdatalen], ctx->IV, 4);
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
rlen = padded_data_length(srcdatalen + 2, desfire_get_key_block_length(ctx->keyType)); // 2 - crc16
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
compute_crc(CRC_14443_A, data, srcdatalen, &data[srcdatalen], &data[srcdatalen + 1]);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, dstdata, true);
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMNone:
|
||||
;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
uint8_t data[1024] = {0};
|
||||
size_t rlen = 0;
|
||||
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
data[0] = cmd;
|
||||
rlen = padded_data_length(srcdatalen + 1, desfire_get_key_block_length(ctx->keyType));
|
||||
memcpy(&data[1], srcdata, srcdatalen);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, NULL, true);
|
||||
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
if (srcdatalen != 0 && ctx->commMode == DCMMACed) {
|
||||
memcpy(&dstdata[srcdatalen], ctx->IV, 4);
|
||||
*dstdatalen = rlen;
|
||||
}
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMNone:
|
||||
;
|
||||
}
|
||||
}
|
||||
|
||||
void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch (ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelEncodeD40(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelEncodeEV1(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeD40(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMMACed:
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMPlain:
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeEV1(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
memcpy(dstdata, srcdata, srcdatalen - 8);
|
||||
*dstdatalen = srcdatalen - 8;
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch (ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelDecodeD40(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelDecodeEV1(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
27
client/src/mifare/desfiresecurechan.h
Normal file
27
client/src/mifare/desfiresecurechan.h
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2010 Romain Tartiere.
|
||||
// Copyright (C) 2014 Iceman
|
||||
// Copyright (C) 2021 Merlok
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// High frequency Desfire secure channel functions
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef __DESFIRESECURECHAN_H
|
||||
#define __DESFIRESECURECHAN_H
|
||||
|
||||
#include "common.h"
|
||||
#include "mifare/desfirecore.h"
|
||||
#include "mifare/desfire_crypto.h"
|
||||
#include "mifare/mifare4.h"
|
||||
|
||||
void DesfireCryptoEncDec(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, bool encode);
|
||||
|
||||
void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen);
|
||||
void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen);
|
||||
|
||||
|
||||
#endif // __DESFIRESECURECHAN_H
|
||||
|
|
@ -973,7 +973,7 @@
|
|||
},
|
||||
"help": {
|
||||
"command": "help",
|
||||
"description": "help use `<command> help` for details of a command prefs { edit client/device preferences... } -------- ----------------------- technology ----------------------- analyse { analyse utils... } data { plot window / data buffer manipulation... } emv { emv iso-14443 / iso-7816... } hf { high frequency commands... } hw { hardware commands... } lf { low frequency commands... } nfc { nfc commands... } reveng { crc calculations from reveng software... } smart { smart card iso-7816 commands... } script { scripting commands... } trace { trace manipulation... } wiegand { wiegand format manipulation... } -------- ----------------------- general ----------------------- clear clear screen hints turn hints on / off msleep add a pause in milliseconds rem add a text line in log file quit exit exit program [=] session log e:\\proxspace\\pm3/.proxmark3/logs/log_20210630.txt --------------------------------------------------------------------------------------- auto available offline: no run lf search / hf search / data plot / data save",
|
||||
"description": "help use `<command> help` for details of a command prefs { edit client/device preferences... } -------- ----------------------- technology ----------------------- analyse { analyse utils... } data { plot window / data buffer manipulation... } emv { emv iso-14443 / iso-7816... } hf { high frequency commands... } hw { hardware commands... } lf { low frequency commands... } nfc { nfc commands... } reveng { crc calculations from reveng software... } smart { smart card iso-7816 commands... } script { scripting commands... } trace { trace manipulation... } wiegand { wiegand format manipulation... } -------- ----------------------- general ----------------------- clear clear screen hints turn hints on / off msleep add a pause in milliseconds rem add a text line in log file quit exit exit program [=] session log e:\\proxspace\\pm3/.proxmark3/logs/log_20210706.txt --------------------------------------------------------------------------------------- auto available offline: no run lf search / hf search / data plot / data save",
|
||||
"notes": [
|
||||
"auto"
|
||||
],
|
||||
|
|
@ -3938,6 +3938,31 @@
|
|||
],
|
||||
"usage": "hf mf wrbl [-hab] --blk <dec> [-k <hex>] [-d <hex>]"
|
||||
},
|
||||
"hf mfdes auth": {
|
||||
"command": "hf mfdes auth",
|
||||
"description": "authenticates mifare desfire using key",
|
||||
"notes": [
|
||||
"hf mfdes auth -m 3 -t 4 -a 808301 -n 0 -k 00000000000000000000000000000000 -> aes,keynumber 0, aid 0x803201",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 1 -k 00000000000000000000000000000000 -> 3des,keynumber 1, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 2 -k 0000000000000000 -> des,keynumber 2, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 0 -> des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 0 -> 3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> 3k3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> aes, defaultkey, aid 0x000000"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-m, --type <type> auth type (1=normal, 2=iso, 3=aes)",
|
||||
"-t, --algo <algo> crypt algo (1=des, 2=3des(2k2des), 3=3k3des, 4=aes)",
|
||||
"-a, --aid <aid> aid used for authentification (hex 3 bytes)",
|
||||
"-n, --keyno <keyno> key number used for authentification",
|
||||
"-k, --key <key> key for checking (hex 8-24 bytes)",
|
||||
"-d, --kdf <kdf> key derivation function (kdf) (0=none, 1=an10922, 2=gallagher)",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)"
|
||||
],
|
||||
"usage": "hf mfdes auth [-h] [-m <type>] [-t <algo>] [-a <aid>]... [-n <keyno>] [-k <key>] [-d <kdf>] [-i <kdfi>]"
|
||||
},
|
||||
"hf mfdes bruteaid": {
|
||||
"command": "hf mfdes bruteaid",
|
||||
"description": "recover aids by bruteforce. warning: this command takes a long time",
|
||||
|
|
@ -4168,6 +4193,50 @@
|
|||
],
|
||||
"usage": "hf mfdes formatpicc [-h]"
|
||||
},
|
||||
"hf mfdes getaids": {
|
||||
"command": "hf mfdes getaids",
|
||||
"description": "get application ids list from card. master key needs to be provided.",
|
||||
"notes": [
|
||||
"hf mfdes getaids -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-a, --apdu show apdu requests and responses",
|
||||
"-v, --verbose show technical data",
|
||||
"-n, --keyno <keyno> key number",
|
||||
"-t, --algo <des/2tdea/3tdea/aes> crypt algo: des, 2tdea, 3tdea, aes",
|
||||
"-k, --key <key> key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)",
|
||||
"-f, --kdf <none/an10922/gallagher> key derivation function (kdf): none, an10922, gallagher",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)",
|
||||
"-m, --cmode <plain/mac/encrypt> communicaton mode: plain/mac/encrypt",
|
||||
"-c, --ccset <native/niso/iso> communicaton command set: native/niso/iso",
|
||||
"-s, --schann <d40/ev1/ev2> secure channel: d40/ev1/ev2"
|
||||
],
|
||||
"usage": "hf mfdes getaids [-hav] [-n <keyno>] [-t <des/2tdea/3tdea/aes>] [-k <key>] [-f <none/an10922/gallagher>] [-i <kdfi>] [-m <plain/mac/encrypt>] [-c <native/niso/iso>] [-s <d40/ev1/ev2>]"
|
||||
},
|
||||
"hf mfdes getappnames": {
|
||||
"command": "hf mfdes getappnames",
|
||||
"description": "get application ids, iso ids and df names from card. master key needs to be provided.",
|
||||
"notes": [
|
||||
"hf mfdes getappnames -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-a, --apdu show apdu requests and responses",
|
||||
"-v, --verbose show technical data",
|
||||
"-n, --keyno <keyno> key number",
|
||||
"-t, --algo <des/2tdea/3tdea/aes> crypt algo: des, 2tdea, 3tdea, aes",
|
||||
"-k, --key <key> key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)",
|
||||
"-f, --kdf <none/an10922/gallagher> key derivation function (kdf): none, an10922, gallagher",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)",
|
||||
"-m, --cmode <plain/mac/encrypt> communicaton mode: plain/mac/encrypt",
|
||||
"-c, --ccset <native/niso/iso> communicaton command set: native/niso/iso",
|
||||
"-s, --schann <d40/ev1/ev2> secure channel: d40/ev1/ev2"
|
||||
],
|
||||
"usage": "hf mfdes getappnames [-hav] [-n <keyno>] [-t <des/2tdea/3tdea/aes>] [-k <key>] [-f <none/an10922/gallagher>] [-i <kdfi>] [-m <plain/mac/encrypt>] [-c <native/niso/iso>] [-s <d40/ev1/ev2>]"
|
||||
},
|
||||
"hf mfdes getuid": {
|
||||
"command": "hf mfdes getuid",
|
||||
"description": "get uid from a mifare desfire tag",
|
||||
|
|
@ -4196,28 +4265,23 @@
|
|||
},
|
||||
"hf mfdes help": {
|
||||
"command": "hf mfdes help",
|
||||
"description": "help this help list list desfire (iso 14443a) history --------------------------------------------------------------------------------------- hf mfdes auth available offline: no authenticates mifare desfire using key",
|
||||
"description": "help this help list list desfire (iso 14443a) history --------------------------------------------------------------------------------------- hf mfdes default available offline: no get application ids, iso ids and df names from card. master key needs to be provided.",
|
||||
"notes": [
|
||||
"hf mfdes auth -m 3 -t 4 -a 808301 -n 0 -k 00000000000000000000000000000000 -> aes,keynumber 0, aid 0x803201",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 1 -k 00000000000000000000000000000000 -> 3des,keynumber 1, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 2 -k 0000000000000000 -> des,keynumber 2, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 0 -> des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 0 -> 3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> 3k3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> aes, defaultkey, aid 0x000000"
|
||||
"hf mfdes getappnames -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup"
|
||||
],
|
||||
"offline": true,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-m, --type <type> auth type (1=normal, 2=iso, 3=aes)",
|
||||
"-t, --algo <algo> crypt algo (1=des, 2=3des(2k2des), 3=3k3des, 4=aes)",
|
||||
"-a, --aid <aid> aid used for authentification (hex 3 bytes)",
|
||||
"-n, --keyno <keyno> key number used for authentification",
|
||||
"-k, --key <key> key for checking (hex 8-24 bytes)",
|
||||
"-d, --kdf <kdf> key derivation function (kdf) (0=none, 1=an10922, 2=gallagher)",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)"
|
||||
"-n, --keyno <keyno> key number",
|
||||
"-t, --algo <des/2tdea/3tdea/aes> crypt algo: des, 2tdea, 3tdea, aes",
|
||||
"-k, --key <key> key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)",
|
||||
"-f, --kdf <none/an10922/gallagher> key derivation function (kdf): none, an10922, gallagher",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)",
|
||||
"-m, --cmode <plain/mac/encrypt> communicaton mode: plain/mac/encrypt",
|
||||
"-c, --ccset <native/niso/iso> communicaton command set: native/niso/iso",
|
||||
"-s, --schann <d40/ev1/ev2> secure channel: d40/ev1/ev2"
|
||||
],
|
||||
"usage": "hf mfdes auth [-h] [-m <type>] [-t <algo>] [-a <aid>]... [-n <keyno>] [-k <key>] [-d <kdf>] [-i <kdfi>]"
|
||||
"usage": "hf mfdes default [-h] [-n <keyno>] [-t <des/2tdea/3tdea/aes>] [-k <key>] [-f <none/an10922/gallagher>] [-i <kdfi>] [-m <plain/mac/encrypt>] [-c <native/niso/iso>] [-s <d40/ev1/ev2>]"
|
||||
},
|
||||
"hf mfdes info": {
|
||||
"command": "hf mfdes info",
|
||||
|
|
@ -9217,8 +9281,8 @@
|
|||
}
|
||||
},
|
||||
"metadata": {
|
||||
"commands_extracted": 572,
|
||||
"commands_extracted": 575,
|
||||
"extracted_by": "PM3Help2JSON v1.00",
|
||||
"extracted_on": "2021-06-30T09:30:39"
|
||||
"extracted_on": "2021-07-06T09:14:57"
|
||||
}
|
||||
}
|
||||
|
|
@ -501,6 +501,7 @@ Check column "offline" for their availability.
|
|||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf mfdes help `|Y |`This help`
|
||||
|`hf mfdes default `|N |`[new]Set defaults for all the commands`
|
||||
|`hf mfdes auth `|N |`Tries a MIFARE DesFire Authentication`
|
||||
|`hf mfdes changekey `|N |`Change Key`
|
||||
|`hf mfdes chk `|N |`Check keys`
|
||||
|
|
@ -513,6 +514,8 @@ Check column "offline" for their availability.
|
|||
|`hf mfdes createaid `|N |`Create Application ID`
|
||||
|`hf mfdes deleteaid `|N |`Delete Application ID`
|
||||
|`hf mfdes selectaid `|N |`Select Application ID`
|
||||
|`hf mfdes getaids `|N |`[new]Get Application IDs list`
|
||||
|`hf mfdes getappnames `|N |`[new]Get Applications list`
|
||||
|`hf mfdes changevalue `|N |`Write value of a value file (credit/debit/clear)`
|
||||
|`hf mfdes clearfile `|N |`Clear record File`
|
||||
|`hf mfdes createfile `|N |`Create Standard/Backup File`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue