1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2012 Frederik Möllers
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Commands related to the German electronic Identification Card
9 //-----------------------------------------------------------------------------
13 #include "proxmark3.h"
15 #include "cmdparser.h"
21 static int CmdHelp(const char *Cmd
);
23 // Perform (part of) the PACE protocol
24 int CmdHFEPACollectPACENonces(const char *Cmd
)
26 // requested nonce size
28 // requested number of Nonces
30 // delay between requests
33 sscanf(Cmd
, "%u %u %u", &m
, &n
, &d
);
35 // values are expected to be > 0
39 PrintAndLog("Collecting %u %"hhu
"-byte nonces", n
, m
);
40 PrintAndLog("Start: %u", time(NULL
));
42 for (unsigned int i
= 0; i
< n
; i
++) {
44 UsbCommand c
= {CMD_EPA_PACE_COLLECT_NONCE
, {(int)m
, 0, 0}};
48 WaitForResponse(CMD_ACK
,&resp
);
50 // check if command failed
51 if (resp
.arg
[0] != 0) {
52 PrintAndLog("Error in step %d, Return code: %d",resp
.arg
[0],(int)resp
.arg
[1]);
54 size_t nonce_length
= resp
.arg
[1];
55 char *nonce
= (char *) malloc(2 * nonce_length
+ 1);
56 for(int j
= 0; j
< nonce_length
; j
++) {
57 sprintf(nonce
+ (2 * j
), "%02X", resp
.d
.asBytes
[j
]);
60 PrintAndLog("Length: %d, Nonce: %s", nonce_length
, nonce
);
67 PrintAndLog("End: %u", time(NULL
));
71 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
72 ////////////////////////////////The commands lie below here/////////////////////////////////////////////////////////////////////////////////////////
74 // perform the PACE protocol by replaying APDUs
75 int CmdHFEPAPACEReplay(const char *Cmd
)
77 // the 4 APDUs which are replayed + their lengths
78 uint8_t msesa_apdu
[41], gn_apdu
[8], map_apdu
[75];
79 uint8_t pka_apdu
[75], ma_apdu
[18], apdu_lengths
[5] = {0};
80 // pointers to the arrays to be able to iterate
81 uint8_t *apdus
[] = {msesa_apdu
, gn_apdu
, map_apdu
, pka_apdu
, ma_apdu
};
84 static const char const *usage_msg
=
85 "Please specify 5 APDUs separated by spaces. "
86 "Example:\n preplay 0022C1A4 1068000000 1086000002 1234ABCDEF 1A2B3C4D";
91 int skip
= 0, skip_add
= 0, scan_return
= 0;
93 for (int i
= 0; i
< sizeof(apdu_lengths
); i
++) {
94 // scan to next space or end of string
95 while (Cmd
[skip
] != ' ' && Cmd
[skip
] != '\0') {
97 scan_return
= sscanf(Cmd
+ skip
, "%2X%n",
98 (unsigned int *) (apdus
[i
] + apdu_lengths
[i
]),
100 if (scan_return
< 1) {
101 PrintAndLog((char *)usage_msg
);
102 PrintAndLog("Not enough APDUs! Try again!");
110 if (Cmd
[skip
] == '\0') {
111 if (i
< sizeof(apdu_lengths
) - 1) {
113 PrintAndLog((char *)usage_msg
);
122 // transfer the APDUs to the Proxmark
124 usb_cmd
.cmd
= CMD_EPA_PACE_REPLAY
;
125 for (int i
= 0; i
< sizeof(apdu_lengths
); i
++) {
127 usb_cmd
.arg
[0] = i
+ 1;
128 // transfer the APDU in several parts if necessary
129 for (int j
= 0; j
* sizeof(usb_cmd
.d
.asBytes
) < apdu_lengths
[i
]; j
++) {
130 // offset into the APDU
131 usb_cmd
.arg
[1] = j
* sizeof(usb_cmd
.d
.asBytes
);
132 // amount of data in this packet
133 int packet_length
= apdu_lengths
[i
] - (j
* sizeof(usb_cmd
.d
.asBytes
));
134 if (packet_length
> sizeof(usb_cmd
.d
.asBytes
)) {
135 packet_length
= sizeof(usb_cmd
.d
.asBytes
);
137 usb_cmd
.arg
[2] = packet_length
;
139 memcpy(usb_cmd
.d
.asBytes
, // + (j * sizeof(usb_cmd.d.asBytes)),
140 apdus
[i
] + (j
* sizeof(usb_cmd
.d
.asBytes
)),
142 SendCommand(&usb_cmd
);
143 WaitForResponse(CMD_ACK
, &resp
);
144 if (resp
.arg
[0] != 0) {
145 PrintAndLog("Transfer of APDU #%d Part %d failed!", i
, j
);
151 // now perform the replay
153 SendCommand(&usb_cmd
);
154 WaitForResponse(CMD_ACK
, &resp
);
155 if (resp
.arg
[0] != 0) {
156 PrintAndLog("\nPACE replay failed in step %u!", (uint32_t)resp
.arg
[0]);
157 PrintAndLog("Measured times:");
158 PrintAndLog("MSE Set AT: %u us", resp
.d
.asDwords
[0]);
159 PrintAndLog("GA Get Nonce: %u us", resp
.d
.asDwords
[1]);
160 PrintAndLog("GA Map Nonce: %u us", resp
.d
.asDwords
[2]);
161 PrintAndLog("GA Perform Key Agreement: %u us", resp
.d
.asDwords
[3]);
162 PrintAndLog("GA Mutual Authenticate: %u us", resp
.d
.asDwords
[4]);
164 PrintAndLog("PACE replay successfull!");
165 PrintAndLog("MSE Set AT: %u us", resp
.d
.asDwords
[0]);
166 PrintAndLog("GA Get Nonce: %u us", resp
.d
.asDwords
[1]);
167 PrintAndLog("GA Map Nonce: %u us", resp
.d
.asDwords
[2]);
168 PrintAndLog("GA Perform Key Agreement: %u us", resp
.d
.asDwords
[3]);
169 PrintAndLog("GA Mutual Authenticate: %u us", resp
.d
.asDwords
[4]);
176 ////////////////////////////////The new commands lie above here/////////////////////////////////////////////////////////////////////////////////////
177 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
181 static const command_t CommandTable
[] =
183 {"help", CmdHelp
, 1, "This help"},
184 {"cnonces", CmdHFEPACollectPACENonces
, 0,
185 "<m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses"},
186 {"preplay", CmdHFEPAPACEReplay
, 0,
187 "<mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs"},
188 {NULL
, NULL
, 0, NULL
}
191 int CmdHelp(const char *Cmd
)
193 CmdsHelp(CommandTable
);
197 int CmdHFEPA(const char *Cmd
)
200 WaitForResponseTimeout(CMD_ACK
,NULL
,100);
203 CmdsParse(CommandTable
, Cmd
);