1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2012 Frederik Möllers
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Commands related to the German electronic Identification Card
9 //-----------------------------------------------------------------------------
13 #include "proxmark3.h"
15 #include "cmdparser.h"
21 static int CmdHelp(const char *Cmd
);
23 // Perform (part of) the PACE protocol
24 int CmdHFEPACollectPACENonces(const char *Cmd
)
26 // requested nonce size
28 // requested number of Nonces
30 // delay between requests
33 sscanf(Cmd
, "%u %u %u", &m
, &n
, &d
);
35 // values are expected to be > 0
39 PrintAndLog("Collecting %u %"hhu
"-byte nonces", n
, m
);
40 PrintAndLog("Start: %u", time(NULL
));
42 for (unsigned int i
= 0; i
< n
; i
++) {
44 UsbCommand c
= {CMD_EPA_PACE_COLLECT_NONCE
, {(int)m
, 0, 0}};
48 WaitForResponse(CMD_ACK
,&resp
);
50 // check if command failed
51 if (resp
.arg
[0] != 0) {
52 PrintAndLog("Error in step %d, Return code: %d",resp
.arg
[0],(int)resp
.arg
[1]);
54 size_t nonce_length
= resp
.arg
[1];
55 char *nonce
= (char *) malloc(2 * nonce_length
+ 1);
56 for(int j
= 0; j
< nonce_length
; j
++) {
57 sprintf(nonce
+ (2 * j
), "%02X", resp
.d
.asBytes
[j
]);
60 PrintAndLog("Length: %d, Nonce: %s", nonce_length
, nonce
);
67 PrintAndLog("End: %u", time(NULL
));
72 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
73 ////////////////////////////////The commands lie below here/////////////////////////////////////////////////////////////////////////////////////////
75 // perform the PACE protocol by replaying APDUs
76 int CmdHFEPAPACEReplay(const char *Cmd
)
78 // the 4 APDUs which are replayed + their lengths
79 uint8_t msesa_apdu
[41], gn_apdu
[8], map_apdu
[75];
80 uint8_t pka_apdu
[75], ma_apdu
[18], apdu_lengths
[5] = {0};
81 // pointers to the arrays to be able to iterate
82 uint8_t *apdus
[] = {msesa_apdu
, gn_apdu
, map_apdu
, pka_apdu
, ma_apdu
};
85 static const char const *usage_msg
=
86 "Please specify 5 APDUs separated by spaces. "
87 "Example:\n preplay 0022C1A4 1068000000 1086000002 1234ABCDEF 1A2B3C4D";
92 int skip
= 0, skip_add
= 0, scan_return
= 0;
94 for (int i
= 0; i
< sizeof(apdu_lengths
); i
++) {
95 // scan to next space or end of string
96 while (Cmd
[skip
] != ' ' && Cmd
[skip
] != '\0') {
98 scan_return
= sscanf(Cmd
+ skip
, "%2X%n",
99 (unsigned int *) (apdus
[i
] + apdu_lengths
[i
]),
101 if (scan_return
< 1) {
102 PrintAndLog((char *)usage_msg
);
103 PrintAndLog("Not enough APDUs! Try again!");
111 if (Cmd
[skip
] == '\0') {
112 if (i
< sizeof(apdu_lengths
) - 1) {
114 PrintAndLog((char *)usage_msg
);
123 // transfer the APDUs to the Proxmark
125 usb_cmd
.cmd
= CMD_EPA_PACE_REPLAY
;
126 for (int i
= 0; i
< sizeof(apdu_lengths
); i
++) {
128 usb_cmd
.arg
[0] = i
+ 1;
129 // transfer the APDU in several parts if necessary
130 for (int j
= 0; j
* sizeof(usb_cmd
.d
.asBytes
) < apdu_lengths
[i
]; j
++) {
131 // offset into the APDU
132 usb_cmd
.arg
[1] = j
* sizeof(usb_cmd
.d
.asBytes
);
133 // amount of data in this packet
134 int packet_length
= apdu_lengths
[i
] - (j
* sizeof(usb_cmd
.d
.asBytes
));
135 if (packet_length
> sizeof(usb_cmd
.d
.asBytes
)) {
136 packet_length
= sizeof(usb_cmd
.d
.asBytes
);
138 usb_cmd
.arg
[2] = packet_length
;
140 memcpy(usb_cmd
.d
.asBytes
, // + (j * sizeof(usb_cmd.d.asBytes)),
141 apdus
[i
] + (j
* sizeof(usb_cmd
.d
.asBytes
)),
143 SendCommand(&usb_cmd
);
144 WaitForResponse(CMD_ACK
, &resp
);
145 if (resp
.arg
[0] != 0) {
146 PrintAndLog("Transfer of APDU #%d Part %d failed!", i
, j
);
152 // now perform the replay
154 SendCommand(&usb_cmd
);
155 WaitForResponse(CMD_ACK
, &resp
);
156 if (resp
.arg
[0] != 0) {
157 PrintAndLog("\nPACE replay failed in step %u!", (uint32_t)resp
.arg
[0]);
158 PrintAndLog("Measured times:");
159 PrintAndLog("MSE Set AT: %u us", resp
.d
.asDwords
[0]);
160 PrintAndLog("GA Get Nonce: %u us", resp
.d
.asDwords
[1]);
161 PrintAndLog("GA Map Nonce: %u us", resp
.d
.asDwords
[2]);
162 PrintAndLog("GA Perform Key Agreement: %u us", resp
.d
.asDwords
[3]);
163 PrintAndLog("GA Mutual Authenticate: %u us", resp
.d
.asDwords
[4]);
165 PrintAndLog("PACE replay successfull!");
166 PrintAndLog("MSE Set AT: %u us", resp
.d
.asDwords
[0]);
167 PrintAndLog("GA Get Nonce: %u us", resp
.d
.asDwords
[1]);
168 PrintAndLog("GA Map Nonce: %u us", resp
.d
.asDwords
[2]);
169 PrintAndLog("GA Perform Key Agreement: %u us", resp
.d
.asDwords
[3]);
170 PrintAndLog("GA Mutual Authenticate: %u us", resp
.d
.asDwords
[4]);
177 ////////////////////////////////The new commands lie above here/////////////////////////////////////////////////////////////////////////////////////
178 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
182 static const command_t CommandTable
[] =
184 {"help", CmdHelp
, 1, "This help"},
185 {"cnonces", CmdHFEPACollectPACENonces
, 0,
186 "<m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses"},
187 {"preplay", CmdHFEPAPACEReplay
, 0,
188 "<mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs"},
189 {NULL
, NULL
, 0, NULL
}
192 int CmdHelp(const char *Cmd
)
194 CmdsHelp(CommandTable
);
198 int CmdHFEPA(const char *Cmd
)
201 WaitForResponseTimeout(CMD_ACK
,NULL
,100);
204 CmdsParse(CommandTable
, Cmd
);