mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-21 13:53:55 -07:00
Merge pull request #1356 from merlokk/desf_update2
desfire coverity + crypto refactoring
This commit is contained in:
Oleg Moiseenko
GitHub
commit
f74e5db6f0
18 changed files with 495 additions and 352 deletions
|
|
@ -226,6 +226,7 @@ set (TARGET_SOURCES
|
|||
${PM3_ROOT}/client/src/mifare/mifarehost.c
|
||||
${PM3_ROOT}/client/src/nfc/ndef.c
|
||||
${PM3_ROOT}/client/src/mifare/desfire_crypto.c
|
||||
${PM3_ROOT}/client/src/mifare/desfiresecurechan.c
|
||||
${PM3_ROOT}/client/src/mifare/desfirecore.c
|
||||
${PM3_ROOT}/client/src/uart/uart_posix.c
|
||||
${PM3_ROOT}/client/src/uart/uart_win32.c
|
||||
|
|
|
|||
|
|
@ -590,6 +590,7 @@ SRCS = aiddesfire.c \
|
|||
loclass/ikeys.c \
|
||||
mifare/desfire_crypto.c \
|
||||
mifare/desfirecore.c \
|
||||
mifare/desfiresecurechan.c \
|
||||
mifare/mad.c \
|
||||
mifare/mfkey.c \
|
||||
mifare/mifare4.c \
|
||||
|
|
|
|||
|
|
@ -40,11 +40,6 @@ uint8_t CipurseCSecurityLevelEnc(CipurseChannelSecurityLevel lvl) {
|
|||
}
|
||||
}
|
||||
|
||||
static void bin_xor(uint8_t *d1, uint8_t *d2, size_t len) {
|
||||
for (size_t i = 0; i < len; i++)
|
||||
d1[i] = d1[i] ^ d2[i];
|
||||
}
|
||||
|
||||
static void bin_ext(uint8_t *dst, size_t dstlen, uint8_t *src, size_t srclen) {
|
||||
if (srclen > dstlen)
|
||||
memcpy(dst, &src[srclen - dstlen], dstlen);
|
||||
|
|
@ -218,24 +213,6 @@ bool CipurseCCheckCT(CipurseContext *ctx, uint8_t *CT) {
|
|||
return (memcmp(CT, ctx->CT, CIPURSE_AES_KEY_LENGTH) == 0);
|
||||
}
|
||||
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen) {
|
||||
*ddatalen = sdatalen + 1;
|
||||
*ddatalen += blocklen - *ddatalen % blocklen;
|
||||
memset(ddata, 0, *ddatalen);
|
||||
memcpy(ddata, sdata, sdatalen);
|
||||
ddata[sdatalen] = ISO9797_M2_PAD_BYTE;
|
||||
}
|
||||
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen) {
|
||||
for (int i = datalen; i > 0; i--) {
|
||||
if (data[i - 1] == 0x80)
|
||||
return i - 1;
|
||||
if (data[i - 1] != 0x00)
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static uint16_t CipurseCComputeMICCRC(uint8_t *data, size_t len) {
|
||||
uint16_t initCRC = 0x6363;
|
||||
for (size_t i = 0; i < len; i++) {
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
#define CIPURSE_MAC_LENGTH 8
|
||||
#define CIPURSE_MIC_LENGTH 4
|
||||
#define CIPURSE_POLY 0x35b088cce172UL
|
||||
#define ISO9797_M2_PAD_BYTE 0x80
|
||||
|
||||
#define member_size(type, member) sizeof(((type *)0)->member)
|
||||
|
||||
|
|
@ -66,9 +65,6 @@ bool CipurseCCheckCT(CipurseContext *ctx, uint8_t *CT);
|
|||
void CipurseCChannelSetSecurityLevels(CipurseContext *ctx, CipurseChannelSecurityLevel req, CipurseChannelSecurityLevel resp);
|
||||
bool isCipurseCChannelSecuritySet(CipurseContext *ctx);
|
||||
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen);
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen);
|
||||
|
||||
void CipurseCGenerateMAC(CipurseContext *ctx, uint8_t *data, size_t datalen, uint8_t *mac);
|
||||
void CipurseCCalcMACPadded(CipurseContext *ctx, uint8_t *data, size_t datalen, uint8_t *mac);
|
||||
bool CipurseCCheckMACPadded(CipurseContext *ctx, uint8_t *data, size_t datalen, uint8_t *mac);
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
#include <string.h> // memcpy memset
|
||||
#include "fileutils.h"
|
||||
|
||||
#include "crypto/libpcrypto.h"
|
||||
#include "cipurse/cipursecrypto.h"
|
||||
#include "cipurse/cipursecore.h"
|
||||
|
||||
|
|
|
|||
|
|
@ -1424,7 +1424,7 @@ static int emrtd_print_ef_dg2_info(uint8_t *data, size_t datalen) {
|
|||
|
||||
bool is_jpg = (data[offset] == 0xFF);
|
||||
|
||||
char *fn = calloc( strlen(dg_table[EF_DG2].filename) + 4 + 1, sizeof(uint8_t));
|
||||
char *fn = calloc(strlen(dg_table[EF_DG2].filename) + 4 + 1, sizeof(uint8_t));
|
||||
if (fn == NULL)
|
||||
return PM3_EMALLOC;
|
||||
|
||||
|
|
|
|||
|
|
@ -5009,10 +5009,10 @@ static DesfireCommandSet defaultCommSet = DCCNativeISO;
|
|||
static DesfireCommunicationMode defaultCommMode = DCMPlain;
|
||||
|
||||
static int CmdDesGetSessionParameters(CLIParserContext *ctx, DesfireContext *dctx,
|
||||
uint8_t keynoid, uint8_t algoid, uint8_t keyid,
|
||||
uint8_t kdfid, uint8_t kdfiid,
|
||||
uint8_t cmodeid, uint8_t ccsetid, uint8_t schannid,
|
||||
int *securechannel) {
|
||||
uint8_t keynoid, uint8_t algoid, uint8_t keyid,
|
||||
uint8_t kdfid, uint8_t kdfiid,
|
||||
uint8_t cmodeid, uint8_t ccsetid, uint8_t schannid,
|
||||
int *securechannel) {
|
||||
|
||||
uint8_t keynum = defaultKeyNum;
|
||||
int algores = defaultAlgoId;
|
||||
|
|
@ -5032,14 +5032,14 @@ static int CmdDesGetSessionParameters(CLIParserContext *ctx, DesfireContext *dct
|
|||
|
||||
if (algoid) {
|
||||
if (CLIGetOptionList(arg_get_str(ctx, algoid), DesfireAlgoOpts, &algores))
|
||||
return PM3_ESOFT;
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
if (keyid) {
|
||||
int keylen = 0;
|
||||
uint8_t keydata[200] = {0};
|
||||
if (CLIParamHexToBuf(arg_get_str(ctx, keyid), keydata, sizeof(keydata), &keylen))
|
||||
return PM3_ESOFT;
|
||||
return PM3_ESOFT;
|
||||
if (keylen && keylen != desfire_get_key_length(algores)) {
|
||||
PrintAndLogEx(ERR, "%s key must have %d bytes length instead of %d.", CLIGetOptionListStr(DesfireAlgoOpts, algores), desfire_get_key_length(algores), keylen);
|
||||
return PM3_EINVARG;
|
||||
|
|
@ -5050,14 +5050,14 @@ static int CmdDesGetSessionParameters(CLIParserContext *ctx, DesfireContext *dct
|
|||
|
||||
if (kdfid) {
|
||||
if (CLIGetOptionList(arg_get_str(ctx, kdfid), DesfireKDFAlgoOpts, &kdfAlgo))
|
||||
return PM3_ESOFT;
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
if (kdfiid) {
|
||||
int datalen = kdfInputLen;
|
||||
uint8_t data[200] = {0};
|
||||
if (CLIParamHexToBuf(arg_get_str(ctx, kdfiid), data, sizeof(data), &datalen))
|
||||
return PM3_ESOFT;
|
||||
return PM3_ESOFT;
|
||||
if (datalen) {
|
||||
kdfInputLen = datalen;
|
||||
memcpy(kdfInput, data, datalen);
|
||||
|
|
@ -5066,17 +5066,17 @@ static int CmdDesGetSessionParameters(CLIParserContext *ctx, DesfireContext *dct
|
|||
|
||||
if (cmodeid) {
|
||||
if (CLIGetOptionList(arg_get_str(ctx, cmodeid), DesfireCommunicationModeOpts, &commmode))
|
||||
return PM3_ESOFT;
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
if (ccsetid) {
|
||||
if (CLIGetOptionList(arg_get_str(ctx, ccsetid), DesfireCommandSetOpts, &commset))
|
||||
return PM3_ESOFT;
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
if (schannid) {
|
||||
if (CLIGetOptionList(arg_get_str(ctx, schannid), DesfireSecureChannelOpts, &secchann))
|
||||
return PM3_ESOFT;
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
DesfireSetKey(dctx, keynum, algores, key);
|
||||
|
|
@ -5198,7 +5198,7 @@ static int CmdHF14ADesGetAIDs(const char *Cmd) {
|
|||
|
||||
if (DesfireIsAuthenticated(&dctx)) {
|
||||
if (verbose)
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated") , res);
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated"));
|
||||
} else {
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
|
@ -5278,7 +5278,7 @@ static int CmdHF14ADesGetAppNames(const char *Cmd) {
|
|||
|
||||
if (DesfireIsAuthenticated(&dctx)) {
|
||||
if (verbose)
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated") , res);
|
||||
PrintAndLogEx(ERR, "Desfire " _GREEN_("authenticated"));
|
||||
} else {
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
|
@ -5297,11 +5297,11 @@ static int CmdHF14ADesGetAppNames(const char *Cmd) {
|
|||
if (buflen > 0) {
|
||||
PrintAndLogEx(INFO, "----------------------- " _CYAN_("File list") " -----------------------");
|
||||
for (int i = 0; i < buflen; i++)
|
||||
PrintAndLogEx(INFO, "AID: %06x ISO file id: %02x%02x ISO DF name[%d]: %s",
|
||||
DesfireAIDByteToUint(&buf[i * 24 + 1]),
|
||||
buf[i * 24 + 1 + 3], buf[i * 24 + 1 + 4],
|
||||
strlen((char *)&buf[i * 24 + 1 + 5]),
|
||||
&buf[i * 24 + 1 + 5]);
|
||||
PrintAndLogEx(INFO, "AID: %06x ISO file id: %02x%02x ISO DF name[%" PRIu32 "]: %s",
|
||||
DesfireAIDByteToUint(&buf[i * 24 + 1]),
|
||||
buf[i * 24 + 1 + 3], buf[i * 24 + 1 + 4],
|
||||
strlen((char *)&buf[i * 24 + 1 + 5]),
|
||||
&buf[i * 24 + 1 + 5]);
|
||||
}
|
||||
|
||||
DropField();
|
||||
|
|
|
|||
|
|
@ -536,3 +536,26 @@ exit:
|
|||
PrintAndLogEx(NORMAL, _RED_("failed\n"));
|
||||
return res;
|
||||
}
|
||||
|
||||
void bin_xor(uint8_t *d1, uint8_t *d2, size_t len) {
|
||||
for (size_t i = 0; i < len; i++)
|
||||
d1[i] = d1[i] ^ d2[i];
|
||||
}
|
||||
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen) {
|
||||
*ddatalen = sdatalen + 1;
|
||||
*ddatalen += blocklen - *ddatalen % blocklen;
|
||||
memset(ddata, 0, *ddatalen);
|
||||
memcpy(ddata, sdata, sdatalen);
|
||||
ddata[sdatalen] = ISO9797_M2_PAD_BYTE;
|
||||
}
|
||||
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen) {
|
||||
for (int i = datalen; i > 0; i--) {
|
||||
if (data[i - 1] == 0x80)
|
||||
return i - 1;
|
||||
if (data[i - 1] != 0x00)
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,4 +42,11 @@ char *ecdsa_get_error(int ret);
|
|||
|
||||
int ecdsa_nist_test(bool verbose);
|
||||
|
||||
void bin_xor(uint8_t *d1, uint8_t *d2, size_t len);
|
||||
|
||||
#define ISO9797_M2_PAD_BYTE 0x80
|
||||
void AddISO9797M2Padding(uint8_t *ddata, size_t *ddatalen, uint8_t *sdata, size_t sdatalen, size_t blocklen);
|
||||
size_t FindISO9797M2PaddingDataLen(uint8_t *data, size_t datalen);
|
||||
|
||||
|
||||
#endif /* libpcrypto.h */
|
||||
|
|
|
|||
|
|
@ -55,10 +55,14 @@ static inline void update_key_schedules(desfirekey_t key) {
|
|||
|
||||
int desfire_get_key_length(enum DESFIRE_CRYPTOALGO key_type) {
|
||||
switch (key_type) {
|
||||
case T_DES: return 8;
|
||||
case T_3DES: return 16;
|
||||
case T_3K3DES: return 24;
|
||||
case T_AES: return 16;
|
||||
case T_DES:
|
||||
return 8;
|
||||
case T_3DES:
|
||||
return 16;
|
||||
case T_3K3DES:
|
||||
return 24;
|
||||
case T_AES:
|
||||
return 16;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef __DESFIRE_CRYPTO_H
|
||||
#ifndef __DESFIRE_CRYPTO_H
|
||||
#define __DESFIRE_CRYPTO_H
|
||||
|
||||
#include "common.h"
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@
|
|||
#include "iso7816/iso7816core.h" // APDU logging
|
||||
#include "util_posix.h" // msleep
|
||||
#include "mifare/desfire_crypto.h"
|
||||
#include "desfiresecurechan.h"
|
||||
|
||||
const CLIParserOption DesfireAlgoOpts[] = {
|
||||
{T_DES, "des"},
|
||||
|
|
@ -232,30 +233,30 @@ void DesfireClearSession(DesfireContext *ctx) {
|
|||
|
||||
void DesfirePrintContext(DesfireContext *ctx) {
|
||||
PrintAndLogEx(INFO, "Key num: %d Key algo: %s Key[%d]: %s",
|
||||
ctx->keyNum,
|
||||
CLIGetOptionListStr(DesfireAlgoOpts, ctx->keyType),
|
||||
desfire_get_key_length(ctx->keyType),
|
||||
sprint_hex(ctx->key,
|
||||
desfire_get_key_length(ctx->keyType)));
|
||||
ctx->keyNum,
|
||||
CLIGetOptionListStr(DesfireAlgoOpts, ctx->keyType),
|
||||
desfire_get_key_length(ctx->keyType),
|
||||
sprint_hex(ctx->key,
|
||||
desfire_get_key_length(ctx->keyType)));
|
||||
|
||||
if (ctx->kdfAlgo != MFDES_KDF_ALGO_NONE)
|
||||
PrintAndLogEx(INFO, "KDF algo: %s KDF input[%d]: %s", CLIGetOptionListStr(DesfireKDFAlgoOpts, ctx->kdfAlgo), ctx->kdfInputLen, sprint_hex(ctx->kdfInput, ctx->kdfInputLen));
|
||||
|
||||
PrintAndLogEx(INFO, "Secure channel: %s Command set: %s Communication mode: %s",
|
||||
CLIGetOptionListStr(DesfireSecureChannelOpts, ctx->secureChannel),
|
||||
CLIGetOptionListStr(DesfireCommandSetOpts, ctx->cmdSet),
|
||||
CLIGetOptionListStr(DesfireCommunicationModeOpts, ctx->commMode));
|
||||
CLIGetOptionListStr(DesfireSecureChannelOpts, ctx->secureChannel),
|
||||
CLIGetOptionListStr(DesfireCommandSetOpts, ctx->cmdSet),
|
||||
CLIGetOptionListStr(DesfireCommunicationModeOpts, ctx->commMode));
|
||||
|
||||
if (DesfireIsAuthenticated(ctx)) {
|
||||
PrintAndLogEx(INFO, "Session key MAC [%d]: %s ENC: %s IV [%d]: %s",
|
||||
desfire_get_key_length(ctx->keyType),
|
||||
sprint_hex(ctx->sessionKeyMAC, desfire_get_key_length(ctx->keyType)),
|
||||
sprint_hex(ctx->sessionKeyEnc, desfire_get_key_length(ctx->keyType)),
|
||||
desfire_get_key_block_length(ctx->keyType),
|
||||
sprint_hex(ctx->sessionKeyEnc, desfire_get_key_block_length(ctx->keyType)));
|
||||
desfire_get_key_length(ctx->keyType),
|
||||
sprint_hex(ctx->sessionKeyMAC, desfire_get_key_length(ctx->keyType)),
|
||||
sprint_hex(ctx->sessionKeyEnc, desfire_get_key_length(ctx->keyType)),
|
||||
desfire_get_key_block_length(ctx->keyType),
|
||||
sprint_hex(ctx->sessionKeyEnc, desfire_get_key_block_length(ctx->keyType)));
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void DesfireSetKey(DesfireContext *ctx, uint8_t keyNum, enum DESFIRE_CRYPTOALGO keyType, uint8_t *key) {
|
||||
DesfireClearContext(ctx);
|
||||
|
|
@ -322,10 +323,10 @@ static int DESFIRESendApdu(bool activate_field, sAPDU apdu, uint8_t *result, uin
|
|||
*sw = isw;
|
||||
|
||||
if (isw != 0x9000 &&
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_OPERATION_OK) &&
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_SIGNATURE) &&
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_ADDITIONAL_FRAME) &&
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_NO_CHANGES)) {
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_OPERATION_OK) &&
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_SIGNATURE) &&
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_ADDITIONAL_FRAME) &&
|
||||
isw != DESFIRE_GET_ISO_STATUS(MFDES_S_NO_CHANGES)) {
|
||||
if (GetAPDULogging()) {
|
||||
if (isw >> 8 == 0x61) {
|
||||
PrintAndLogEx(ERR, "APDU chaining len: 0x%02x -->", isw & 0xff);
|
||||
|
|
@ -369,11 +370,11 @@ static int DESFIRESendRaw(bool activate_field, uint8_t *data, size_t datalen, ui
|
|||
memmove(&result[0], &result[1], *result_len);
|
||||
|
||||
if (rcode != MFDES_S_OPERATION_OK &&
|
||||
rcode != MFDES_S_SIGNATURE &&
|
||||
rcode != MFDES_S_ADDITIONAL_FRAME &&
|
||||
rcode != MFDES_S_NO_CHANGES) {
|
||||
rcode != MFDES_S_SIGNATURE &&
|
||||
rcode != MFDES_S_ADDITIONAL_FRAME &&
|
||||
rcode != MFDES_S_NO_CHANGES) {
|
||||
if (GetAPDULogging())
|
||||
PrintAndLogEx(ERR, "Command (%02x) ERROR: 0x%02x", data[0], rcode);
|
||||
PrintAndLogEx(ERR, "Command (%02x) ERROR: 0x%02x", data[0], rcode);
|
||||
return PM3_EAPDU_FAIL;
|
||||
}
|
||||
return PM3_SUCCESS;
|
||||
|
|
@ -418,7 +419,7 @@ static int DesfireExchangeNative(bool activate_field, DesfireContext *ctx, uint8
|
|||
pos += buflen;
|
||||
if (!enable_chaining) {
|
||||
if (rcode == MFDES_S_OPERATION_OK ||
|
||||
rcode == MFDES_ADDITIONAL_FRAME) {
|
||||
rcode == MFDES_ADDITIONAL_FRAME) {
|
||||
if (resplen)
|
||||
*resplen = pos;
|
||||
}
|
||||
|
|
@ -499,7 +500,7 @@ static int DesfireExchangeISO(bool activate_field, DesfireContext *ctx, uint8_t
|
|||
pos += buflen;
|
||||
if (!enable_chaining) {
|
||||
if (sw == DESFIRE_GET_ISO_STATUS(MFDES_S_OPERATION_OK) ||
|
||||
sw == DESFIRE_GET_ISO_STATUS(MFDES_ADDITIONAL_FRAME)) {
|
||||
sw == DESFIRE_GET_ISO_STATUS(MFDES_ADDITIONAL_FRAME)) {
|
||||
if (resplen)
|
||||
*resplen = pos;
|
||||
}
|
||||
|
|
@ -543,166 +544,10 @@ static int DesfireExchangeISO(bool activate_field, DesfireContext *ctx, uint8_t
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static void DesfireCryptoEncDec(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, bool encode) {
|
||||
uint8_t data[1024] = {0};
|
||||
|
||||
switch(ctx->keyType) {
|
||||
case T_DES:
|
||||
if (ctx->secureChannel == DACd40) {
|
||||
if (encode)
|
||||
des_encrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
else
|
||||
des_decrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
} if (ctx->secureChannel == DACEV1) {
|
||||
if (encode)
|
||||
des_encrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
else
|
||||
des_decrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
}
|
||||
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
case T_3DES:
|
||||
break;
|
||||
case T_3K3DES:
|
||||
break;
|
||||
case T_AES:
|
||||
if (encode)
|
||||
aes_encode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
else
|
||||
aes_decode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
uint8_t data[1024] = {0};
|
||||
size_t rlen = 0;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMPlain:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
case DCMMACed:
|
||||
if (srcdatalen == 0)
|
||||
break;
|
||||
|
||||
rlen = padded_data_length(srcdatalen, desfire_get_key_block_length(ctx->keyType));
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, NULL, true);
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
memcpy(&dstdata[srcdatalen], ctx->IV, desfire_get_key_block_length(ctx->keyType));
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
rlen = padded_data_length(srcdatalen + 2, desfire_get_key_block_length(ctx->keyType)); // 2 - crc16
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
compute_crc(CRC_14443_A, data, srcdatalen, &data[srcdatalen], &data[srcdatalen + 1]);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, dstdata, true);
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMNone:;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMNone:;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch(ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelEncodeD40(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelEncodeEV1(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeD40(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMMACed:
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMPlain:
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeEV1(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch(ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
memcpy(dstdata, srcdata, srcdatalen - 8);
|
||||
*dstdatalen = srcdatalen - 8;
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch(ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelDecodeD40(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelDecodeEV1(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// move data from blockdata [format: <length, data><length, data>...] to single data block
|
||||
static void DesfireJoinBlockToBytes(uint8_t *blockdata, size_t blockdatacount, size_t blockdatasize, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
*dstdatalen = 0;
|
||||
for(int i = 0; i < blockdatacount; i++) {
|
||||
for (int i = 0; i < blockdatacount; i++) {
|
||||
memcpy(&dstdata[*dstdatalen], &blockdata[i * blockdatasize + 1], blockdata[i * blockdatasize]);
|
||||
*dstdatalen += blockdata[i * blockdatasize];
|
||||
}
|
||||
|
|
@ -712,7 +557,7 @@ static void DesfireJoinBlockToBytes(uint8_t *blockdata, size_t blockdatacount, s
|
|||
// lengths in the blockdata is not changed. result - in the blockdata
|
||||
static void DesfireSplitBytesToBlock(uint8_t *blockdata, size_t *blockdatacount, size_t blockdatasize, uint8_t *dstdata, size_t dstdatalen) {
|
||||
size_t len = 0;
|
||||
for(int i = 0; i < *blockdatacount; i++) {
|
||||
for (int i = 0; i < *blockdatacount; i++) {
|
||||
size_t tlen = len + blockdata[i * blockdatasize];
|
||||
if (tlen > dstdatalen)
|
||||
tlen = dstdatalen;
|
||||
|
|
@ -731,7 +576,7 @@ int DesfireExchangeEx(bool activate_field, DesfireContext *ctx, uint8_t cmd, uin
|
|||
uint8_t databuf[250 * 5] = {0};
|
||||
size_t databuflen = 0;
|
||||
|
||||
switch(ctx->cmdSet) {
|
||||
switch (ctx->cmdSet) {
|
||||
case DCCNative:
|
||||
case DCCNativeISO:
|
||||
DesfireSecureChannelEncode(ctx, cmd, data, datalen, databuf, &databuflen);
|
||||
|
|
@ -755,10 +600,10 @@ int DesfireExchangeEx(bool activate_field, DesfireContext *ctx, uint8_t cmd, uin
|
|||
} else {
|
||||
DesfireSecureChannelDecode(ctx, databuf, databuflen, *respcode, resp, resplen);
|
||||
}
|
||||
break;
|
||||
break;
|
||||
case DCCISO:
|
||||
return PM3_EAPDU_FAIL;
|
||||
break;
|
||||
break;
|
||||
}
|
||||
|
||||
return res;
|
||||
|
|
@ -1028,9 +873,9 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
|
|||
Desfire_session_key_new(RndA, RndB, key, &sesskey);
|
||||
memcpy(dctx->sessionKeyEnc, sesskey.data, desfire_get_key_length(dctx->keyType));
|
||||
|
||||
PrintAndLogEx(INFO, "encRndA : %s", sprint_hex(encRndA, rndlen));
|
||||
PrintAndLogEx(INFO, "IV : %s", sprint_hex(IV, rndlen));
|
||||
if (dctx->keyType == T_DES){
|
||||
PrintAndLogEx(INFO, "encRndA : %s", sprint_hex(encRndA, rndlen));
|
||||
PrintAndLogEx(INFO, "IV : %s", sprint_hex(IV, rndlen));
|
||||
if (dctx->keyType == T_DES) {
|
||||
if (secureChannel == DACd40)
|
||||
des_decrypt(encRndA, encRndA, key->data);
|
||||
if (secureChannel == DACEV1)
|
||||
|
|
@ -1047,8 +892,8 @@ PrintAndLogEx(INFO, "IV : %s", sprint_hex(IV, rndlen));
|
|||
}
|
||||
|
||||
rol(RndA, rndlen);
|
||||
PrintAndLogEx(INFO, "Expected_RndA : %s", sprint_hex(RndA, rndlen));
|
||||
PrintAndLogEx(INFO, "Generated_RndA : %s", sprint_hex(encRndA, rndlen));
|
||||
PrintAndLogEx(INFO, "Expected_RndA : %s", sprint_hex(RndA, rndlen));
|
||||
PrintAndLogEx(INFO, "Generated_RndA : %s", sprint_hex(encRndA, rndlen));
|
||||
for (uint32_t x = 0; x < rndlen; x++) {
|
||||
if (RndA[x] != encRndA[x]) {
|
||||
if (g_debugMode > 1) {
|
||||
|
|
@ -1074,7 +919,7 @@ PrintAndLogEx(INFO, "Generated_RndA : %s", sprint_hex(encRndA, rndlen));
|
|||
|
||||
dctx->secureChannel = secureChannel;
|
||||
memcpy(dctx->sessionKeyMAC, dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType));
|
||||
PrintAndLogEx(INFO, "sessionKeyEnc : %s", sprint_hex(dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType)));
|
||||
PrintAndLogEx(INFO, "sessionKeyEnc : %s", sprint_hex(dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType)));
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ void DesfireClearSession(DesfireContext *ctx);
|
|||
void DesfireSetKey(DesfireContext *ctx, uint8_t keyNum, enum DESFIRE_CRYPTOALGO keyType, uint8_t *key);
|
||||
void DesfireSetCommandSet(DesfireContext *ctx, DesfireCommandSet cmdSet);
|
||||
void DesfireSetCommMode(DesfireContext *ctx, DesfireCommunicationMode commMode);
|
||||
void DesfireSetKdf(DesfireContext *ctx, uint8_t kdfAlgo,uint8_t *kdfInput, uint8_t kdfInputLen);
|
||||
void DesfireSetKdf(DesfireContext *ctx, uint8_t kdfAlgo, uint8_t *kdfInput, uint8_t kdfInputLen);
|
||||
|
||||
const char *DesfireGetErrorString(int res, uint16_t *sw);
|
||||
uint32_t DesfireAIDByteToUint(uint8_t *data);
|
||||
|
|
|
|||
194
client/src/mifare/desfiresecurechan.c
Normal file
194
client/src/mifare/desfiresecurechan.c
Normal file
|
|
@ -0,0 +1,194 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2010 Romain Tartiere.
|
||||
// Copyright (C) 2014 Iceman
|
||||
// Copyright (C) 2021 Merlok
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// High frequency Desfire secure channel functions
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#include "desfiresecurechan.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <util.h>
|
||||
#include "ui.h"
|
||||
#include "crc.h"
|
||||
#include "crc16.h" // crc16 ccitt
|
||||
#include "crc32.h"
|
||||
#include "commonutil.h"
|
||||
#include "mifare/desfire_crypto.h"
|
||||
|
||||
void DesfireCryptoEncDec(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, bool encode) {
|
||||
uint8_t data[1024] = {0};
|
||||
|
||||
switch (ctx->keyType) {
|
||||
case T_DES:
|
||||
if (ctx->secureChannel == DACd40) {
|
||||
if (encode)
|
||||
des_encrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
else
|
||||
des_decrypt_ecb(data, srcdata, srcdatalen, ctx->key);
|
||||
}
|
||||
if (ctx->secureChannel == DACEV1) {
|
||||
if (encode)
|
||||
des_encrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
else
|
||||
des_decrypt_cbc(data, srcdata, srcdatalen, ctx->key, ctx->IV);
|
||||
}
|
||||
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
case T_3DES:
|
||||
break;
|
||||
case T_3K3DES:
|
||||
break;
|
||||
case T_AES:
|
||||
if (encode)
|
||||
aes_encode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
else
|
||||
aes_decode(ctx->IV, ctx->key, srcdata, data, srcdatalen);
|
||||
if (dstdata)
|
||||
memcpy(dstdata, data, srcdatalen);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
uint8_t data[1024] = {0};
|
||||
size_t rlen = 0;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMPlain:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
case DCMMACed:
|
||||
if (srcdatalen == 0)
|
||||
break;
|
||||
|
||||
rlen = padded_data_length(srcdatalen, desfire_get_key_block_length(ctx->keyType));
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, NULL, true);
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
memcpy(&dstdata[srcdatalen], ctx->IV, 4);
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
rlen = padded_data_length(srcdatalen + 2, desfire_get_key_block_length(ctx->keyType)); // 2 - crc16
|
||||
memcpy(data, srcdata, srcdatalen);
|
||||
compute_crc(CRC_14443_A, data, srcdatalen, &data[srcdatalen], &data[srcdatalen + 1]);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, dstdata, true);
|
||||
*dstdatalen = rlen;
|
||||
break;
|
||||
case DCMNone:
|
||||
;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
uint8_t data[1024] = {0};
|
||||
size_t rlen = 0;
|
||||
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
data[0] = cmd;
|
||||
rlen = padded_data_length(srcdatalen + 1, desfire_get_key_block_length(ctx->keyType));
|
||||
memcpy(&data[1], srcdata, srcdatalen);
|
||||
DesfireCryptoEncDec(ctx, data, rlen, NULL, true);
|
||||
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
if (srcdatalen != 0 && ctx->commMode == DCMMACed) {
|
||||
memcpy(&dstdata[srcdatalen], ctx->IV, 4);
|
||||
*dstdatalen = rlen;
|
||||
}
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMNone:
|
||||
;
|
||||
}
|
||||
}
|
||||
|
||||
void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch (ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelEncodeD40(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelEncodeEV1(ctx, cmd, srcdata, srcdatalen, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeD40(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMMACed:
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DCMPlain:
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void DesfireSecureChannelDecodeEV1(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
|
||||
switch (ctx->commMode) {
|
||||
case DCMPlain:
|
||||
case DCMMACed:
|
||||
memcpy(dstdata, srcdata, srcdatalen - 8);
|
||||
*dstdatalen = srcdatalen - 8;
|
||||
|
||||
break;
|
||||
case DCMEncrypted:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
|
||||
switch (ctx->secureChannel) {
|
||||
case DACd40:
|
||||
DesfireSecureChannelDecodeD40(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV1:
|
||||
DesfireSecureChannelDecodeEV1(ctx, srcdata, srcdatalen, respcode, dstdata, dstdatalen);
|
||||
break;
|
||||
case DACEV2:
|
||||
break;
|
||||
case DACNone:
|
||||
memcpy(dstdata, srcdata, srcdatalen);
|
||||
*dstdatalen = srcdatalen;
|
||||
break;
|
||||
}
|
||||
}
|
||||
27
client/src/mifare/desfiresecurechan.h
Normal file
27
client/src/mifare/desfiresecurechan.h
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2010 Romain Tartiere.
|
||||
// Copyright (C) 2014 Iceman
|
||||
// Copyright (C) 2021 Merlok
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// High frequency Desfire secure channel functions
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef __DESFIRESECURECHAN_H
|
||||
#define __DESFIRESECURECHAN_H
|
||||
|
||||
#include "common.h"
|
||||
#include "mifare/desfirecore.h"
|
||||
#include "mifare/desfire_crypto.h"
|
||||
#include "mifare/mifare4.h"
|
||||
|
||||
void DesfireCryptoEncDec(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, bool encode);
|
||||
|
||||
void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen);
|
||||
void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen);
|
||||
|
||||
|
||||
#endif // __DESFIRESECURECHAN_H
|
||||
|
|
@ -973,7 +973,7 @@
|
|||
},
|
||||
"help": {
|
||||
"command": "help",
|
||||
"description": "help use `<command> help` for details of a command prefs { edit client/device preferences... } -------- ----------------------- technology ----------------------- analyse { analyse utils... } data { plot window / data buffer manipulation... } emv { emv iso-14443 / iso-7816... } hf { high frequency commands... } hw { hardware commands... } lf { low frequency commands... } nfc { nfc commands... } reveng { crc calculations from reveng software... } smart { smart card iso-7816 commands... } script { scripting commands... } trace { trace manipulation... } wiegand { wiegand format manipulation... } -------- ----------------------- general ----------------------- clear clear screen hints turn hints on / off msleep add a pause in milliseconds rem add a text line in log file quit exit exit program [=] session log e:\\proxspace\\pm3/.proxmark3/logs/log_20210630.txt --------------------------------------------------------------------------------------- auto available offline: no run lf search / hf search / data plot / data save",
|
||||
"description": "help use `<command> help` for details of a command prefs { edit client/device preferences... } -------- ----------------------- technology ----------------------- analyse { analyse utils... } data { plot window / data buffer manipulation... } emv { emv iso-14443 / iso-7816... } hf { high frequency commands... } hw { hardware commands... } lf { low frequency commands... } nfc { nfc commands... } reveng { crc calculations from reveng software... } smart { smart card iso-7816 commands... } script { scripting commands... } trace { trace manipulation... } wiegand { wiegand format manipulation... } -------- ----------------------- general ----------------------- clear clear screen hints turn hints on / off msleep add a pause in milliseconds rem add a text line in log file quit exit exit program [=] session log e:\\proxspace\\pm3/.proxmark3/logs/log_20210706.txt --------------------------------------------------------------------------------------- auto available offline: no run lf search / hf search / data plot / data save",
|
||||
"notes": [
|
||||
"auto"
|
||||
],
|
||||
|
|
@ -3938,6 +3938,31 @@
|
|||
],
|
||||
"usage": "hf mf wrbl [-hab] --blk <dec> [-k <hex>] [-d <hex>]"
|
||||
},
|
||||
"hf mfdes auth": {
|
||||
"command": "hf mfdes auth",
|
||||
"description": "authenticates mifare desfire using key",
|
||||
"notes": [
|
||||
"hf mfdes auth -m 3 -t 4 -a 808301 -n 0 -k 00000000000000000000000000000000 -> aes,keynumber 0, aid 0x803201",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 1 -k 00000000000000000000000000000000 -> 3des,keynumber 1, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 2 -k 0000000000000000 -> des,keynumber 2, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 0 -> des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 0 -> 3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> 3k3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> aes, defaultkey, aid 0x000000"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-m, --type <type> auth type (1=normal, 2=iso, 3=aes)",
|
||||
"-t, --algo <algo> crypt algo (1=des, 2=3des(2k2des), 3=3k3des, 4=aes)",
|
||||
"-a, --aid <aid> aid used for authentification (hex 3 bytes)",
|
||||
"-n, --keyno <keyno> key number used for authentification",
|
||||
"-k, --key <key> key for checking (hex 8-24 bytes)",
|
||||
"-d, --kdf <kdf> key derivation function (kdf) (0=none, 1=an10922, 2=gallagher)",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)"
|
||||
],
|
||||
"usage": "hf mfdes auth [-h] [-m <type>] [-t <algo>] [-a <aid>]... [-n <keyno>] [-k <key>] [-d <kdf>] [-i <kdfi>]"
|
||||
},
|
||||
"hf mfdes bruteaid": {
|
||||
"command": "hf mfdes bruteaid",
|
||||
"description": "recover aids by bruteforce. warning: this command takes a long time",
|
||||
|
|
@ -4168,6 +4193,50 @@
|
|||
],
|
||||
"usage": "hf mfdes formatpicc [-h]"
|
||||
},
|
||||
"hf mfdes getaids": {
|
||||
"command": "hf mfdes getaids",
|
||||
"description": "get application ids list from card. master key needs to be provided.",
|
||||
"notes": [
|
||||
"hf mfdes getaids -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-a, --apdu show apdu requests and responses",
|
||||
"-v, --verbose show technical data",
|
||||
"-n, --keyno <keyno> key number",
|
||||
"-t, --algo <des/2tdea/3tdea/aes> crypt algo: des, 2tdea, 3tdea, aes",
|
||||
"-k, --key <key> key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)",
|
||||
"-f, --kdf <none/an10922/gallagher> key derivation function (kdf): none, an10922, gallagher",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)",
|
||||
"-m, --cmode <plain/mac/encrypt> communicaton mode: plain/mac/encrypt",
|
||||
"-c, --ccset <native/niso/iso> communicaton command set: native/niso/iso",
|
||||
"-s, --schann <d40/ev1/ev2> secure channel: d40/ev1/ev2"
|
||||
],
|
||||
"usage": "hf mfdes getaids [-hav] [-n <keyno>] [-t <des/2tdea/3tdea/aes>] [-k <key>] [-f <none/an10922/gallagher>] [-i <kdfi>] [-m <plain/mac/encrypt>] [-c <native/niso/iso>] [-s <d40/ev1/ev2>]"
|
||||
},
|
||||
"hf mfdes getappnames": {
|
||||
"command": "hf mfdes getappnames",
|
||||
"description": "get application ids, iso ids and df names from card. master key needs to be provided.",
|
||||
"notes": [
|
||||
"hf mfdes getappnames -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-a, --apdu show apdu requests and responses",
|
||||
"-v, --verbose show technical data",
|
||||
"-n, --keyno <keyno> key number",
|
||||
"-t, --algo <des/2tdea/3tdea/aes> crypt algo: des, 2tdea, 3tdea, aes",
|
||||
"-k, --key <key> key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)",
|
||||
"-f, --kdf <none/an10922/gallagher> key derivation function (kdf): none, an10922, gallagher",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)",
|
||||
"-m, --cmode <plain/mac/encrypt> communicaton mode: plain/mac/encrypt",
|
||||
"-c, --ccset <native/niso/iso> communicaton command set: native/niso/iso",
|
||||
"-s, --schann <d40/ev1/ev2> secure channel: d40/ev1/ev2"
|
||||
],
|
||||
"usage": "hf mfdes getappnames [-hav] [-n <keyno>] [-t <des/2tdea/3tdea/aes>] [-k <key>] [-f <none/an10922/gallagher>] [-i <kdfi>] [-m <plain/mac/encrypt>] [-c <native/niso/iso>] [-s <d40/ev1/ev2>]"
|
||||
},
|
||||
"hf mfdes getuid": {
|
||||
"command": "hf mfdes getuid",
|
||||
"description": "get uid from a mifare desfire tag",
|
||||
|
|
@ -4196,28 +4265,23 @@
|
|||
},
|
||||
"hf mfdes help": {
|
||||
"command": "hf mfdes help",
|
||||
"description": "help this help list list desfire (iso 14443a) history --------------------------------------------------------------------------------------- hf mfdes auth available offline: no authenticates mifare desfire using key",
|
||||
"description": "help this help list list desfire (iso 14443a) history --------------------------------------------------------------------------------------- hf mfdes default available offline: no get application ids, iso ids and df names from card. master key needs to be provided.",
|
||||
"notes": [
|
||||
"hf mfdes auth -m 3 -t 4 -a 808301 -n 0 -k 00000000000000000000000000000000 -> aes,keynumber 0, aid 0x803201",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 1 -k 00000000000000000000000000000000 -> 3des,keynumber 1, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 2 -k 0000000000000000 -> des,keynumber 2, aid 0x000000",
|
||||
"hf mfdes auth -m 1 -t 1 -a 000000 -n 0 -> des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 2 -t 2 -a 000000 -n 0 -> 3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> 3k3des, defaultkey, aid 0x000000",
|
||||
"hf mfdes auth -m 3 -t 4 -a 000000 -n 0 -> aes, defaultkey, aid 0x000000"
|
||||
"hf mfdes getappnames -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup"
|
||||
],
|
||||
"offline": true,
|
||||
"options": [
|
||||
"-h, --help this help",
|
||||
"-m, --type <type> auth type (1=normal, 2=iso, 3=aes)",
|
||||
"-t, --algo <algo> crypt algo (1=des, 2=3des(2k2des), 3=3k3des, 4=aes)",
|
||||
"-a, --aid <aid> aid used for authentification (hex 3 bytes)",
|
||||
"-n, --keyno <keyno> key number used for authentification",
|
||||
"-k, --key <key> key for checking (hex 8-24 bytes)",
|
||||
"-d, --kdf <kdf> key derivation function (kdf) (0=none, 1=an10922, 2=gallagher)",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)"
|
||||
"-n, --keyno <keyno> key number",
|
||||
"-t, --algo <des/2tdea/3tdea/aes> crypt algo: des, 2tdea, 3tdea, aes",
|
||||
"-k, --key <key> key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)",
|
||||
"-f, --kdf <none/an10922/gallagher> key derivation function (kdf): none, an10922, gallagher",
|
||||
"-i, --kdfi <kdfi> kdf input (hex 1-31 bytes)",
|
||||
"-m, --cmode <plain/mac/encrypt> communicaton mode: plain/mac/encrypt",
|
||||
"-c, --ccset <native/niso/iso> communicaton command set: native/niso/iso",
|
||||
"-s, --schann <d40/ev1/ev2> secure channel: d40/ev1/ev2"
|
||||
],
|
||||
"usage": "hf mfdes auth [-h] [-m <type>] [-t <algo>] [-a <aid>]... [-n <keyno>] [-k <key>] [-d <kdf>] [-i <kdfi>]"
|
||||
"usage": "hf mfdes default [-h] [-n <keyno>] [-t <des/2tdea/3tdea/aes>] [-k <key>] [-f <none/an10922/gallagher>] [-i <kdfi>] [-m <plain/mac/encrypt>] [-c <native/niso/iso>] [-s <d40/ev1/ev2>]"
|
||||
},
|
||||
"hf mfdes info": {
|
||||
"command": "hf mfdes info",
|
||||
|
|
@ -9217,8 +9281,8 @@
|
|||
}
|
||||
},
|
||||
"metadata": {
|
||||
"commands_extracted": 572,
|
||||
"commands_extracted": 575,
|
||||
"extracted_by": "PM3Help2JSON v1.00",
|
||||
"extracted_on": "2021-06-30T09:30:39"
|
||||
"extracted_on": "2021-07-06T09:14:57"
|
||||
}
|
||||
}
|
||||
|
|
@ -501,6 +501,7 @@ Check column "offline" for their availability.
|
|||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf mfdes help `|Y |`This help`
|
||||
|`hf mfdes default `|N |`[new]Set defaults for all the commands`
|
||||
|`hf mfdes auth `|N |`Tries a MIFARE DesFire Authentication`
|
||||
|`hf mfdes changekey `|N |`Change Key`
|
||||
|`hf mfdes chk `|N |`Check keys`
|
||||
|
|
@ -513,6 +514,8 @@ Check column "offline" for their availability.
|
|||
|`hf mfdes createaid `|N |`Create Application ID`
|
||||
|`hf mfdes deleteaid `|N |`Delete Application ID`
|
||||
|`hf mfdes selectaid `|N |`Select Application ID`
|
||||
|`hf mfdes getaids `|N |`[new]Get Application IDs list`
|
||||
|`hf mfdes getappnames `|N |`[new]Get Applications list`
|
||||
|`hf mfdes changevalue `|N |`Write value of a value file (credit/debit/clear)`
|
||||
|`hf mfdes clearfile `|N |`Clear record File`
|
||||
|`hf mfdes createfile `|N |`Create Standard/Backup File`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue