]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/cmdhfepa.c
fix buffer length bugs
[proxmark3-svn] / client / cmdhfepa.c
CommitLineData
5acd09bd 1//-----------------------------------------------------------------------------
2// Copyright (C) 2012 Frederik Möllers
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Commands related to the German electronic Identification Card
9//-----------------------------------------------------------------------------
10
acf0582d 11#include "cmdhfepa.h"
3bb07d96 12
acf0582d 13#include <inttypes.h>
14#include <stdlib.h>
15#include <string.h>
16#include <unistd.h>
17#include <stdio.h>
18#include "util.h"
902cb3c0 19#include "proxmark3.h"
5acd09bd 20#include "ui.h"
21#include "cmdparser.h"
22#include "common.h"
23#include "cmdmain.h"
5acd09bd 24
25static int CmdHelp(const char *Cmd);
26
27// Perform (part of) the PACE protocol
28int CmdHFEPACollectPACENonces(const char *Cmd)
29{
30 // requested nonce size
a0bbdb76 31 unsigned int m = 0;
5acd09bd 32 // requested number of Nonces
33 unsigned int n = 0;
69f8a37b 34 // delay between requests
35 unsigned int d = 0;
3bb07d96 36
a0bbdb76 37 sscanf(Cmd, "%u %u %u", &m, &n, &d);
3bb07d96 38
5acd09bd 39 // values are expected to be > 0
40 m = m > 0 ? m : 1;
41 n = n > 0 ? n : 1;
42
43534cba 43 PrintAndLog("Collecting %u %u-byte nonces", n, m);
acf0582d 44 PrintAndLog("Start: %" PRIu64 , msclock()/1000);
5acd09bd 45 // repeat n times
46 for (unsigned int i = 0; i < n; i++) {
47 // execute PACE
48 UsbCommand c = {CMD_EPA_PACE_COLLECT_NONCE, {(int)m, 0, 0}};
49 SendCommand(&c);
902cb3c0 50 UsbCommand resp;
3bb07d96 51
3fe4ff4f 52 WaitForResponse(CMD_ACK,&resp);
5acd09bd 53
54 // check if command failed
902cb3c0 55 if (resp.arg[0] != 0) {
56 PrintAndLog("Error in step %d, Return code: %d",resp.arg[0],(int)resp.arg[1]);
5acd09bd 57 } else {
902cb3c0 58 size_t nonce_length = resp.arg[1];
5acd09bd 59 char *nonce = (char *) malloc(2 * nonce_length + 1);
60 for(int j = 0; j < nonce_length; j++) {
57642f63 61 sprintf(nonce + (2 * j), "%02X", resp.d.asBytes[j]);
5acd09bd 62 }
63 // print nonce
57642f63 64 PrintAndLog("Length: %d, Nonce: %s", nonce_length, nonce);
c4c3af7c 65 free(nonce);
5acd09bd 66 }
69f8a37b 67 if (i < n - 1) {
68 sleep(d);
69 }
5acd09bd 70 }
acf0582d 71 PrintAndLog("End: %" PRIu64, msclock()/1000);
5acd09bd 72
73 return 1;
74}
75
3bb07d96
FM
76////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
77////////////////////////////////The commands lie below here/////////////////////////////////////////////////////////////////////////////////////////
78
79// perform the PACE protocol by replaying APDUs
80int CmdHFEPAPACEReplay(const char *Cmd)
81{
82 // the 4 APDUs which are replayed + their lengths
83 uint8_t msesa_apdu[41], gn_apdu[8], map_apdu[75];
84 uint8_t pka_apdu[75], ma_apdu[18], apdu_lengths[5] = {0};
85 // pointers to the arrays to be able to iterate
86 uint8_t *apdus[] = {msesa_apdu, gn_apdu, map_apdu, pka_apdu, ma_apdu};
87
88 // usage message
89 static const char const *usage_msg =
90 "Please specify 5 APDUs separated by spaces. "
91 "Example:\n preplay 0022C1A4 1068000000 1086000002 1234ABCDEF 1A2B3C4D";
92
93 // Proxmark response
94 UsbCommand resp;
95
96 int skip = 0, skip_add = 0, scan_return = 0;
97 // for each APDU
98 for (int i = 0; i < sizeof(apdu_lengths); i++) {
99 // scan to next space or end of string
100 while (Cmd[skip] != ' ' && Cmd[skip] != '\0') {
101 // convert
102 scan_return = sscanf(Cmd + skip, "%2X%n",
103 (unsigned int *) (apdus[i] + apdu_lengths[i]),
104 &skip_add);
105 if (scan_return < 1) {
106 PrintAndLog((char *)usage_msg);
107 PrintAndLog("Not enough APDUs! Try again!");
108 return 0;
109 }
110 skip += skip_add;
111 apdu_lengths[i]++;
112 }
113
114 // break on EOF
115 if (Cmd[skip] == '\0') {
116 if (i < sizeof(apdu_lengths) - 1) {
117
118 PrintAndLog((char *)usage_msg);
119 return 0;
120 }
121 break;
122 }
123 // skip the space
124 skip++;
125 }
126
127 // transfer the APDUs to the Proxmark
128 UsbCommand usb_cmd;
129 usb_cmd.cmd = CMD_EPA_PACE_REPLAY;
130 for (int i = 0; i < sizeof(apdu_lengths); i++) {
131 // APDU number
132 usb_cmd.arg[0] = i + 1;
133 // transfer the APDU in several parts if necessary
134 for (int j = 0; j * sizeof(usb_cmd.d.asBytes) < apdu_lengths[i]; j++) {
135 // offset into the APDU
136 usb_cmd.arg[1] = j * sizeof(usb_cmd.d.asBytes);
137 // amount of data in this packet
138 int packet_length = apdu_lengths[i] - (j * sizeof(usb_cmd.d.asBytes));
139 if (packet_length > sizeof(usb_cmd.d.asBytes)) {
140 packet_length = sizeof(usb_cmd.d.asBytes);
141 }
142 usb_cmd.arg[2] = packet_length;
143
144 memcpy(usb_cmd.d.asBytes, // + (j * sizeof(usb_cmd.d.asBytes)),
145 apdus[i] + (j * sizeof(usb_cmd.d.asBytes)),
146 packet_length);
147 SendCommand(&usb_cmd);
148 WaitForResponse(CMD_ACK, &resp);
149 if (resp.arg[0] != 0) {
150 PrintAndLog("Transfer of APDU #%d Part %d failed!", i, j);
151 return 0;
152 }
153 }
154 }
155
156 // now perform the replay
157 usb_cmd.arg[0] = 0;
158 SendCommand(&usb_cmd);
159 WaitForResponse(CMD_ACK, &resp);
160 if (resp.arg[0] != 0) {
161 PrintAndLog("\nPACE replay failed in step %u!", (uint32_t)resp.arg[0]);
162 PrintAndLog("Measured times:");
163 PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]);
164 PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]);
165 PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]);
166 PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]);
167 PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]);
168 } else {
169 PrintAndLog("PACE replay successfull!");
170 PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]);
171 PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]);
172 PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]);
173 PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]);
174 PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]);
175 }
176
177
178 return 1;
179}
180
181////////////////////////////////The new commands lie above here/////////////////////////////////////////////////////////////////////////////////////
182////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
183
5acd09bd 184// UI-related stuff
185
3bb07d96 186static const command_t CommandTable[] =
5acd09bd 187{
188 {"help", CmdHelp, 1, "This help"},
69f8a37b 189 {"cnonces", CmdHFEPACollectPACENonces, 0,
190 "<m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses"},
3bb07d96
FM
191 {"preplay", CmdHFEPAPACEReplay, 0,
192 "<mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs"},
5acd09bd 193 {NULL, NULL, 0, NULL}
194};
195
196int CmdHelp(const char *Cmd)
197{
198 CmdsHelp(CommandTable);
199 return 0;
200}
201
202int CmdHFEPA(const char *Cmd)
203{
204 // flush
7dd1908b 205 WaitForResponseTimeout(CMD_ACK,NULL,100);
5acd09bd 206
207 // parse
208 CmdsParse(CommandTable, Cmd);
209 return 0;
3bb07d96 210}
Impressum, Datenschutz