]> cvs.zerfleddert.de Git - proxmark3-svn/blame_incremental - client/cmdhfepa.c
Fixes a double-free issue in CloseProxmark: (#617)
[proxmark3-svn] / client / cmdhfepa.c
... / ...
CommitLineData
1//-----------------------------------------------------------------------------
2// Copyright (C) 2012 Frederik Möllers
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Commands related to the German electronic Identification Card
9//-----------------------------------------------------------------------------
10
11#include "cmdhfepa.h"
12
13#include <inttypes.h>
14#include <stdlib.h>
15#include <string.h>
16#include <unistd.h>
17#include <stdio.h>
18#include "util.h"
19#include "util_posix.h"
20#include "comms.h"
21#include "ui.h"
22#include "cmdparser.h"
23#include "common.h"
24#include "cmdmain.h"
25
26static int CmdHelp(const char *Cmd);
27
28// Perform (part of) the PACE protocol
29int CmdHFEPACollectPACENonces(const char *Cmd)
30{
31 // requested nonce size
32 unsigned int m = 0;
33 // requested number of Nonces
34 unsigned int n = 0;
35 // delay between requests
36 unsigned int d = 0;
37
38 sscanf(Cmd, "%u %u %u", &m, &n, &d);
39
40 // values are expected to be > 0
41 m = m > 0 ? m : 1;
42 n = n > 0 ? n : 1;
43
44 PrintAndLog("Collecting %u %u-byte nonces", n, m);
45 PrintAndLog("Start: %" PRIu64 , msclock()/1000);
46 // repeat n times
47 for (unsigned int i = 0; i < n; i++) {
48 // execute PACE
49 UsbCommand c = {CMD_EPA_PACE_COLLECT_NONCE, {(int)m, 0, 0}};
50 SendCommand(&c);
51 UsbCommand resp;
52
53 WaitForResponse(CMD_ACK,&resp);
54
55 // check if command failed
56 if (resp.arg[0] != 0) {
57 PrintAndLog("Error in step %d, Return code: %d",resp.arg[0],(int)resp.arg[1]);
58 } else {
59 size_t nonce_length = resp.arg[1];
60 char *nonce = (char *) malloc(2 * nonce_length + 1);
61 for(int j = 0; j < nonce_length; j++) {
62 sprintf(nonce + (2 * j), "%02X", resp.d.asBytes[j]);
63 }
64 // print nonce
65 PrintAndLog("Length: %d, Nonce: %s", nonce_length, nonce);
66 free(nonce);
67 }
68 if (i < n - 1) {
69 sleep(d);
70 }
71 }
72 PrintAndLog("End: %" PRIu64, msclock()/1000);
73
74 return 1;
75}
76
77////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
78////////////////////////////////The commands lie below here/////////////////////////////////////////////////////////////////////////////////////////
79
80// perform the PACE protocol by replaying APDUs
81int CmdHFEPAPACEReplay(const char *Cmd)
82{
83 // the 4 APDUs which are replayed + their lengths
84 uint8_t msesa_apdu[41], gn_apdu[8], map_apdu[75];
85 uint8_t pka_apdu[75], ma_apdu[18], apdu_lengths[5] = {0};
86 // pointers to the arrays to be able to iterate
87 uint8_t *apdus[] = {msesa_apdu, gn_apdu, map_apdu, pka_apdu, ma_apdu};
88
89 // usage message
90 static const char *usage_msg =
91 "Please specify 5 APDUs separated by spaces. "
92 "Example:\n preplay 0022C1A4 1068000000 1086000002 1234ABCDEF 1A2B3C4D";
93
94 // Proxmark response
95 UsbCommand resp;
96
97 int skip = 0, skip_add = 0, scan_return = 0;
98 // for each APDU
99 for (int i = 0; i < sizeof(apdu_lengths); i++) {
100 // scan to next space or end of string
101 while (Cmd[skip] != ' ' && Cmd[skip] != '\0') {
102 // convert
103 scan_return = sscanf(Cmd + skip, "%2X%n",
104 (unsigned int *) (apdus[i] + apdu_lengths[i]),
105 &skip_add);
106 if (scan_return < 1) {
107 PrintAndLog((char *)usage_msg);
108 PrintAndLog("Not enough APDUs! Try again!");
109 return 0;
110 }
111 skip += skip_add;
112 apdu_lengths[i]++;
113 }
114
115 // break on EOF
116 if (Cmd[skip] == '\0') {
117 if (i < sizeof(apdu_lengths) - 1) {
118
119 PrintAndLog((char *)usage_msg);
120 return 0;
121 }
122 break;
123 }
124 // skip the space
125 skip++;
126 }
127
128 // transfer the APDUs to the Proxmark
129 UsbCommand usb_cmd;
130 usb_cmd.cmd = CMD_EPA_PACE_REPLAY;
131 for (int i = 0; i < sizeof(apdu_lengths); i++) {
132 // APDU number
133 usb_cmd.arg[0] = i + 1;
134 // transfer the APDU in several parts if necessary
135 for (int j = 0; j * sizeof(usb_cmd.d.asBytes) < apdu_lengths[i]; j++) {
136 // offset into the APDU
137 usb_cmd.arg[1] = j * sizeof(usb_cmd.d.asBytes);
138 // amount of data in this packet
139 int packet_length = apdu_lengths[i] - (j * sizeof(usb_cmd.d.asBytes));
140 if (packet_length > sizeof(usb_cmd.d.asBytes)) {
141 packet_length = sizeof(usb_cmd.d.asBytes);
142 }
143 usb_cmd.arg[2] = packet_length;
144
145 memcpy(usb_cmd.d.asBytes, // + (j * sizeof(usb_cmd.d.asBytes)),
146 apdus[i] + (j * sizeof(usb_cmd.d.asBytes)),
147 packet_length);
148 SendCommand(&usb_cmd);
149 WaitForResponse(CMD_ACK, &resp);
150 if (resp.arg[0] != 0) {
151 PrintAndLog("Transfer of APDU #%d Part %d failed!", i, j);
152 return 0;
153 }
154 }
155 }
156
157 // now perform the replay
158 usb_cmd.arg[0] = 0;
159 SendCommand(&usb_cmd);
160 WaitForResponse(CMD_ACK, &resp);
161 if (resp.arg[0] != 0) {
162 PrintAndLog("\nPACE replay failed in step %u!", (uint32_t)resp.arg[0]);
163 PrintAndLog("Measured times:");
164 PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]);
165 PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]);
166 PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]);
167 PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]);
168 PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]);
169 } else {
170 PrintAndLog("PACE replay successfull!");
171 PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]);
172 PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]);
173 PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]);
174 PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]);
175 PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]);
176 }
177
178
179 return 1;
180}
181
182////////////////////////////////The new commands lie above here/////////////////////////////////////////////////////////////////////////////////////
183////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
184
185// UI-related stuff
186
187static const command_t CommandTable[] =
188{
189 {"help", CmdHelp, 1, "This help"},
190 {"cnonces", CmdHFEPACollectPACENonces, 0,
191 "<m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses"},
192 {"preplay", CmdHFEPAPACEReplay, 0,
193 "<mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs"},
194 {NULL, NULL, 0, NULL}
195};
196
197int CmdHelp(const char *Cmd)
198{
199 CmdsHelp(CommandTable);
200 return 0;
201}
202
203int CmdHFEPA(const char *Cmd)
204{
205 // flush
206 WaitForResponseTimeout(CMD_ACK,NULL,100);
207
208 // parse
209 CmdsParse(CommandTable, Cmd);
210 return 0;
211}
Impressum, Datenschutz