]>
Commit | Line | Data |
---|---|---|
1 | //----------------------------------------------------------------------------- | |
2 | // Copyright (C) 2012 Frederik Möllers | |
3 | // | |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
5 | // at your option, any later version. See the LICENSE.txt file for the text of | |
6 | // the license. | |
7 | //----------------------------------------------------------------------------- | |
8 | // Commands related to the German electronic Identification Card | |
9 | //----------------------------------------------------------------------------- | |
10 | ||
11 | #include "cmdhfepa.h" | |
12 | ||
13 | #include <inttypes.h> | |
14 | #include <stdlib.h> | |
15 | #include <string.h> | |
16 | #include <unistd.h> | |
17 | #include <stdio.h> | |
18 | #include "util.h" | |
19 | #include "util_posix.h" | |
20 | #include "comms.h" | |
21 | #include "ui.h" | |
22 | #include "cmdparser.h" | |
23 | #include "common.h" | |
24 | #include "cmdmain.h" | |
25 | ||
26 | static int CmdHelp(const char *Cmd); | |
27 | ||
28 | // Perform (part of) the PACE protocol | |
29 | int CmdHFEPACollectPACENonces(const char *Cmd) | |
30 | { | |
31 | // requested nonce size | |
32 | unsigned int m = 0; | |
33 | // requested number of Nonces | |
34 | unsigned int n = 0; | |
35 | // delay between requests | |
36 | unsigned int d = 0; | |
37 | ||
38 | sscanf(Cmd, "%u %u %u", &m, &n, &d); | |
39 | ||
40 | // values are expected to be > 0 | |
41 | m = m > 0 ? m : 1; | |
42 | n = n > 0 ? n : 1; | |
43 | ||
44 | PrintAndLog("Collecting %u %u-byte nonces", n, m); | |
45 | PrintAndLog("Start: %" PRIu64 , msclock()/1000); | |
46 | // repeat n times | |
47 | for (unsigned int i = 0; i < n; i++) { | |
48 | // execute PACE | |
49 | UsbCommand c = {CMD_EPA_PACE_COLLECT_NONCE, {(int)m, 0, 0}}; | |
50 | SendCommand(&c); | |
51 | UsbCommand resp; | |
52 | ||
53 | WaitForResponse(CMD_ACK,&resp); | |
54 | ||
55 | // check if command failed | |
56 | if (resp.arg[0] != 0) { | |
57 | PrintAndLog("Error in step %d, Return code: %d",resp.arg[0],(int)resp.arg[1]); | |
58 | } else { | |
59 | size_t nonce_length = resp.arg[1]; | |
60 | char *nonce = (char *) malloc(2 * nonce_length + 1); | |
61 | for(int j = 0; j < nonce_length; j++) { | |
62 | sprintf(nonce + (2 * j), "%02X", resp.d.asBytes[j]); | |
63 | } | |
64 | // print nonce | |
65 | PrintAndLog("Length: %d, Nonce: %s", nonce_length, nonce); | |
66 | free(nonce); | |
67 | } | |
68 | if (i < n - 1) { | |
69 | sleep(d); | |
70 | } | |
71 | } | |
72 | PrintAndLog("End: %" PRIu64, msclock()/1000); | |
73 | ||
74 | return 1; | |
75 | } | |
76 | ||
77 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
78 | ////////////////////////////////The commands lie below here///////////////////////////////////////////////////////////////////////////////////////// | |
79 | ||
80 | // perform the PACE protocol by replaying APDUs | |
81 | int CmdHFEPAPACEReplay(const char *Cmd) | |
82 | { | |
83 | // the 4 APDUs which are replayed + their lengths | |
84 | uint8_t msesa_apdu[41], gn_apdu[8], map_apdu[75]; | |
85 | uint8_t pka_apdu[75], ma_apdu[18], apdu_lengths[5] = {0}; | |
86 | // pointers to the arrays to be able to iterate | |
87 | uint8_t *apdus[] = {msesa_apdu, gn_apdu, map_apdu, pka_apdu, ma_apdu}; | |
88 | ||
89 | // usage message | |
90 | static const char *usage_msg = | |
91 | "Please specify 5 APDUs separated by spaces. " | |
92 | "Example:\n preplay 0022C1A4 1068000000 1086000002 1234ABCDEF 1A2B3C4D"; | |
93 | ||
94 | // Proxmark response | |
95 | UsbCommand resp; | |
96 | ||
97 | int skip = 0, skip_add = 0, scan_return = 0; | |
98 | // for each APDU | |
99 | for (int i = 0; i < sizeof(apdu_lengths); i++) { | |
100 | // scan to next space or end of string | |
101 | while (Cmd[skip] != ' ' && Cmd[skip] != '\0') { | |
102 | // convert | |
103 | scan_return = sscanf(Cmd + skip, "%2X%n", | |
104 | (unsigned int *) (apdus[i] + apdu_lengths[i]), | |
105 | &skip_add); | |
106 | if (scan_return < 1) { | |
107 | PrintAndLog((char *)usage_msg); | |
108 | PrintAndLog("Not enough APDUs! Try again!"); | |
109 | return 0; | |
110 | } | |
111 | skip += skip_add; | |
112 | apdu_lengths[i]++; | |
113 | } | |
114 | ||
115 | // break on EOF | |
116 | if (Cmd[skip] == '\0') { | |
117 | if (i < sizeof(apdu_lengths) - 1) { | |
118 | ||
119 | PrintAndLog((char *)usage_msg); | |
120 | return 0; | |
121 | } | |
122 | break; | |
123 | } | |
124 | // skip the space | |
125 | skip++; | |
126 | } | |
127 | ||
128 | // transfer the APDUs to the Proxmark | |
129 | UsbCommand usb_cmd; | |
130 | usb_cmd.cmd = CMD_EPA_PACE_REPLAY; | |
131 | for (int i = 0; i < sizeof(apdu_lengths); i++) { | |
132 | // APDU number | |
133 | usb_cmd.arg[0] = i + 1; | |
134 | // transfer the APDU in several parts if necessary | |
135 | for (int j = 0; j * sizeof(usb_cmd.d.asBytes) < apdu_lengths[i]; j++) { | |
136 | // offset into the APDU | |
137 | usb_cmd.arg[1] = j * sizeof(usb_cmd.d.asBytes); | |
138 | // amount of data in this packet | |
139 | int packet_length = apdu_lengths[i] - (j * sizeof(usb_cmd.d.asBytes)); | |
140 | if (packet_length > sizeof(usb_cmd.d.asBytes)) { | |
141 | packet_length = sizeof(usb_cmd.d.asBytes); | |
142 | } | |
143 | usb_cmd.arg[2] = packet_length; | |
144 | ||
145 | memcpy(usb_cmd.d.asBytes, // + (j * sizeof(usb_cmd.d.asBytes)), | |
146 | apdus[i] + (j * sizeof(usb_cmd.d.asBytes)), | |
147 | packet_length); | |
148 | SendCommand(&usb_cmd); | |
149 | WaitForResponse(CMD_ACK, &resp); | |
150 | if (resp.arg[0] != 0) { | |
151 | PrintAndLog("Transfer of APDU #%d Part %d failed!", i, j); | |
152 | return 0; | |
153 | } | |
154 | } | |
155 | } | |
156 | ||
157 | // now perform the replay | |
158 | usb_cmd.arg[0] = 0; | |
159 | SendCommand(&usb_cmd); | |
160 | WaitForResponse(CMD_ACK, &resp); | |
161 | if (resp.arg[0] != 0) { | |
162 | PrintAndLog("\nPACE replay failed in step %u!", (uint32_t)resp.arg[0]); | |
163 | PrintAndLog("Measured times:"); | |
164 | PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]); | |
165 | PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]); | |
166 | PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]); | |
167 | PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]); | |
168 | PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]); | |
169 | } else { | |
170 | PrintAndLog("PACE replay successfull!"); | |
171 | PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]); | |
172 | PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]); | |
173 | PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]); | |
174 | PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]); | |
175 | PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]); | |
176 | } | |
177 | ||
178 | ||
179 | return 1; | |
180 | } | |
181 | ||
182 | ////////////////////////////////The new commands lie above here///////////////////////////////////////////////////////////////////////////////////// | |
183 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
184 | ||
185 | // UI-related stuff | |
186 | ||
187 | static const command_t CommandTable[] = | |
188 | { | |
189 | {"help", CmdHelp, 1, "This help"}, | |
190 | {"cnonces", CmdHFEPACollectPACENonces, 0, | |
191 | "<m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses"}, | |
192 | {"preplay", CmdHFEPAPACEReplay, 0, | |
193 | "<mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs"}, | |
194 | {NULL, NULL, 0, NULL} | |
195 | }; | |
196 | ||
197 | int CmdHelp(const char *Cmd) | |
198 | { | |
199 | CmdsHelp(CommandTable); | |
200 | return 0; | |
201 | } | |
202 | ||
203 | int CmdHFEPA(const char *Cmd) | |
204 | { | |
205 | // flush | |
206 | WaitForResponseTimeout(CMD_ACK,NULL,100); | |
207 | ||
208 | // parse | |
209 | CmdsParse(CommandTable, Cmd); | |
210 | return 0; | |
211 | } |