cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhfepa.c

   1 //-----------------------------------------------------------------------------
   2 // Copyright (C) 2012 Frederik Möllers
   3 //
   4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
   5 // at your option, any later version. See the LICENSE.txt file for the text of
   6 // the license.
   7 //-----------------------------------------------------------------------------
   8 // Commands related to the German electronic Identification Card
   9 //-----------------------------------------------------------------------------
  10
  11 #include "cmdhfepa.h"
  12
  13 #include <inttypes.h>
  14 #include <stdlib.h>
  15 #include <string.h>
  16 #include <unistd.h>
  17 #include <stdio.h>
  18 #include "util.h"
  19 #include "proxmark3.h"
  20 #include "ui.h"
  21 #include "cmdparser.h"
  22 #include "common.h"
  23 #include "cmdmain.h"
  24
  25 static int CmdHelp(const char *Cmd);
  26
  27 // Perform (part of) the PACE protocol
  28 int CmdHFEPACollectPACENonces(const char *Cmd)
  29 {
  30         // requested nonce size
  31         unsigned int m = 0;
  32         // requested number of Nonces
  33         unsigned int n = 0;
  34         // delay between requests
  35         unsigned int d = 0;
  36
  37         sscanf(Cmd, "%u %u %u", &m, &n, &d);
  38
  39         // values are expected to be > 0
  40         m = m > 0 ? m : 1;
  41         n = n > 0 ? n : 1;
  42
  43         PrintAndLog("Collecting %u %u-byte nonces", n, m);
  44         PrintAndLog("Start: %" PRIu64 , msclock()/1000);
  45         // repeat n times
  46         for (unsigned int i = 0; i < n; i++) {
  47                 // execute PACE
  48                 UsbCommand c = {CMD_EPA_PACE_COLLECT_NONCE, {(int)m, 0, 0}};
  49                 SendCommand(&c);
  50                 UsbCommand resp;
  51
  52                 WaitForResponse(CMD_ACK,&resp);
  53
  54                 // check if command failed
  55                 if (resp.arg[0] != 0) {
  56                         PrintAndLog("Error in step %d, Return code: %d",resp.arg[0],(int)resp.arg[1]);
  57                 } else {
  58                         size_t nonce_length = resp.arg[1];
  59                         char *nonce = (char *) malloc(2 * nonce_length + 1);
  60                         for(int j = 0; j < nonce_length; j++) {
  61                                 sprintf(nonce + (2 * j), "%02X", resp.d.asBytes[j]);
  62                         }
  63                         // print nonce
  64                         PrintAndLog("Length: %d, Nonce: %s", nonce_length, nonce);
  65                         free(nonce);
  66                 }
  67                 if (i < n - 1) {
  68                         sleep(d);
  69                 }
  70         }
  71         PrintAndLog("End: %" PRIu64, msclock()/1000);
  72
  73         return 1;
  74 }
  75
  76 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  77 ////////////////////////////////The commands lie below here/////////////////////////////////////////////////////////////////////////////////////////
  78
  79 // perform the PACE protocol by replaying APDUs
  80 int CmdHFEPAPACEReplay(const char *Cmd)
  81 {
  82         // the 4 APDUs which are replayed + their lengths
  83         uint8_t msesa_apdu[41], gn_apdu[8], map_apdu[75];
  84         uint8_t pka_apdu[75], ma_apdu[18], apdu_lengths[5] = {0};
  85         // pointers to the arrays to be able to iterate
  86         uint8_t *apdus[] = {msesa_apdu, gn_apdu, map_apdu, pka_apdu, ma_apdu};
  87
  88         // usage message
  89         static const char *usage_msg =
  90                 "Please specify 5 APDUs separated by spaces. "
  91                 "Example:\n preplay 0022C1A4 1068000000 1086000002 1234ABCDEF 1A2B3C4D";
  92
  93         // Proxmark response
  94         UsbCommand resp;
  95
  96         int skip = 0, skip_add = 0, scan_return = 0;
  97         // for each APDU
  98         for (int i = 0; i < sizeof(apdu_lengths); i++) {
  99                 // scan to next space or end of string
 100                 while (Cmd[skip] != ' ' && Cmd[skip] != '\0') {
 101                         // convert
 102                         scan_return = sscanf(Cmd + skip, "%2X%n",
 103                                              (unsigned int *) (apdus[i] + apdu_lengths[i]),
 104                                              &skip_add);
 105                         if (scan_return < 1) {
 106                                 PrintAndLog((char *)usage_msg);
 107                                 PrintAndLog("Not enough APDUs! Try again!");
 108                                 return 0;
 109                         }
 110                         skip += skip_add;
 111             apdu_lengths[i]++;
 112                 }
 113
 114                 // break on EOF
 115                 if (Cmd[skip] == '\0') {
 116                         if (i < sizeof(apdu_lengths) - 1) {
 117
 118                                 PrintAndLog((char *)usage_msg);
 119                                 return 0;
 120                         }
 121                         break;
 122                 }
 123                 // skip the space
 124                 skip++;
 125         }
 126
 127         // transfer the APDUs to the Proxmark
 128         UsbCommand usb_cmd;
 129         usb_cmd.cmd = CMD_EPA_PACE_REPLAY;
 130         for (int i = 0; i < sizeof(apdu_lengths); i++) {
 131                 // APDU number
 132                 usb_cmd.arg[0] = i + 1;
 133                 // transfer the APDU in several parts if necessary
 134                 for (int j = 0; j * sizeof(usb_cmd.d.asBytes) < apdu_lengths[i]; j++) {
 135                         // offset into the APDU
 136                         usb_cmd.arg[1] = j * sizeof(usb_cmd.d.asBytes);
 137                         // amount of data in this packet
 138                         int packet_length = apdu_lengths[i] - (j * sizeof(usb_cmd.d.asBytes));
 139                         if (packet_length > sizeof(usb_cmd.d.asBytes)) {
 140                                 packet_length = sizeof(usb_cmd.d.asBytes);
 141                         }
 142                         usb_cmd.arg[2] = packet_length;
 143
 144                         memcpy(usb_cmd.d.asBytes, // + (j * sizeof(usb_cmd.d.asBytes)),
 145                                apdus[i] + (j * sizeof(usb_cmd.d.asBytes)),
 146                                packet_length);
 147                         SendCommand(&usb_cmd);
 148                         WaitForResponse(CMD_ACK, &resp);
 149                         if (resp.arg[0] != 0) {
 150                                 PrintAndLog("Transfer of APDU #%d Part %d failed!", i, j);
 151                                 return 0;
 152                         }
 153                 }
 154         }
 155
 156         // now perform the replay
 157         usb_cmd.arg[0] = 0;
 158         SendCommand(&usb_cmd);
 159         WaitForResponse(CMD_ACK, &resp);
 160         if (resp.arg[0] != 0) {
 161                 PrintAndLog("\nPACE replay failed in step %u!", (uint32_t)resp.arg[0]);
 162                 PrintAndLog("Measured times:");
 163                 PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]);
 164                 PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]);
 165                 PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]);
 166                 PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]);
 167                 PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]);
 168         } else {
 169                 PrintAndLog("PACE replay successfull!");
 170                 PrintAndLog("MSE Set AT: %u us", resp.d.asDwords[0]);
 171                 PrintAndLog("GA Get Nonce: %u us", resp.d.asDwords[1]);
 172                 PrintAndLog("GA Map Nonce: %u us", resp.d.asDwords[2]);
 173                 PrintAndLog("GA Perform Key Agreement: %u us", resp.d.asDwords[3]);
 174                 PrintAndLog("GA Mutual Authenticate: %u us", resp.d.asDwords[4]);
 175         }
 176
 177
 178         return 1;
 179 }
 180
 181 ////////////////////////////////The new commands lie above here/////////////////////////////////////////////////////////////////////////////////////
 182 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 183
 184 // UI-related stuff
 185
 186 static const command_t CommandTable[] =
 187 {
 188   {"help",    CmdHelp,                   1, "This help"},
 189   {"cnonces", CmdHFEPACollectPACENonces, 0,
 190               "<m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses"},
 191   {"preplay", CmdHFEPAPACEReplay,        0,
 192    "<mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs"},
 193   {NULL, NULL, 0, NULL}
 194 };
 195
 196 int CmdHelp(const char *Cmd)
 197 {
 198   CmdsHelp(CommandTable);
 199   return 0;
 200 }
 201
 202 int CmdHFEPA(const char *Cmd)
 203 {
 204         // flush
 205         WaitForResponseTimeout(CMD_ACK,NULL,100);
 206
 207         // parse
 208   CmdsParse(CommandTable, Cmd);
 209   return 0;
 210 }