X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/02ab5afa8701ecc9434e7d8c30850d0d4ec5903f..03439be30ff87187899944775a1c9aa3954baf72:/client/emv/cmdemv.c
diff --git a/client/emv/cmdemv.c b/client/emv/cmdemv.c
index 571e1880..d886834d 100644
--- a/client/emv/cmdemv.c
+++ b/client/emv/cmdemv.c
@@ -9,15 +9,39 @@
//-----------------------------------------------------------------------------
#include <ctype.h>
+#include "mifare.h"
#include "cmdemv.h"
+#include "emvjson.h"
+#include "emv_pki.h"
#include "test/cryptotest.h"
#include "cliparser/cliparser.h"
+#include <jansson.h>
+
+#define TLV_ADD(tag, value)( tlvdb_change_or_add_node(tlvRoot, tag, sizeof(value) - 1, (const unsigned char *)value) )
+void ParamLoadDefaults(struct tlvdb *tlvRoot) {
+ //9F02:(Amount, authorized (Numeric)) len:6
+ TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
+ //9F1A:(Terminal Country Code) len:2
+ TLV_ADD(0x9F1A, "ru");
+ //5F2A:(Transaction Currency Code) len:2
+ // USD 840, EUR 978, RUR 810, RUB 643, RUR 810(old), UAH 980, AZN 031, n/a 999
+ TLV_ADD(0x5F2A, "\x09\x80");
+ //9A:(Transaction Date) len:3
+ TLV_ADD(0x9A, "\x00\x00\x00");
+ //9C:(Transaction Type) len:1 | 00 => Goods and service #01 => Cash
+ TLV_ADD(0x9C, "\x00");
+ // 9F37 Unpredictable Number len:4
+ TLV_ADD(0x9F37, "\x01\x02\x03\x04");
+ // 9F6A Unpredictable Number (MSD for UDOL) len:4
+ TLV_ADD(0x9F6A, "\x01\x02\x03\x04");
+ //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
+ TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
+}
int CmdHFEMVSelect(const char *cmd) {
uint8_t data[APDU_AID_LEN] = {0};
int datalen = 0;
-
CLIParserInit("hf emv select",
"Executes select applet command",
"Usage:\n\thf emv select -s a00000000101 -> select card, select applet\n\thf emv select -st a00000000101 -> select card, select applet, show result in TLV\n");
@@ -28,7 +52,7 @@ int CmdHFEMVSelect(const char *cmd) {
arg_lit0("kK", "keep", "keep field for next command"),
arg_lit0("aA", "apdu", "show APDU reqests and responses"),
arg_lit0("tT", "tlv", "TLV decode results"),
- arg_str0(NULL, NULL, "<HEX applet AID>", NULL),
+ arg_strx0(NULL, NULL, "<HEX applet AID>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, true);
@@ -37,7 +61,7 @@ int CmdHFEMVSelect(const char *cmd) {
bool leaveSignalON = arg_get_lit(2);
bool APDULogging = arg_get_lit(3);
bool decodeTLV = arg_get_lit(4);
- CLIGetStrWithReturn(5, data, &datalen);
+ CLIGetHexWithReturn(5, data, &datalen);
CLIParserFree();
SetAPDULogging(APDULogging);
@@ -155,25 +179,24 @@ int CmdHFEMVPPSE(const char *cmd) {
return 0;
}
-#define TLV_ADD(tag, value)( tlvdb_add(tlvRoot, tlvdb_fixed(tag, sizeof(value) - 1, (const unsigned char *)value)) )
-
int CmdHFEMVGPO(const char *cmd) {
uint8_t data[APDU_RES_LEN] = {0};
int datalen = 0;
CLIParserInit("hf emv gpo",
"Executes Get Processing Options command. It returns data in TLV format (0x77 - format2) or plain format (0x80 - format1).\nNeeds a EMV applet to be selected.",
- "Usage:\n\thf emv gpo -k -> execute GPO\n\thf emv gpo -st 01020304 -> execute GPO with 4-byte PDOL data, show result in TLV\n");
- // here need to add load params from file and gen pdol
+ "Usage:\n\thf emv gpo -k -> execute GPO\n"
+ "\thf emv gpo -t 01020304 -> execute GPO with 4-byte PDOL data, show result in TLV\n"
+ "\thf emv gpo -pmt 9F 37 04 -> load params from file, make PDOL data from PDOL, execute GPO with PDOL, show result in TLV\n");
void* argtable[] = {
arg_param_begin,
arg_lit0("kK", "keep", "keep field ON for next command"),
- arg_lit0("pP", "params", "load parameters for PDOL making from `emv/defparams.json` file (by default uses default parameters) (NOT WORK!!!)"),
- arg_lit0("mM", "make", "make PDOLdata from PDOL (tag 9F38) and parameters (NOT WORK!!!)"),
+ arg_lit0("pP", "params", "load parameters from `emv/defparams.json` file for PDOLdata making from PDOL and parameters"),
+ arg_lit0("mM", "make", "make PDOLdata from PDOL (tag 9F38) and parameters (by default uses default parameters)"),
arg_lit0("aA", "apdu", "show APDU reqests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
- arg_str0(NULL, NULL, "<HEX PDOLdata/PDOL>", NULL),
+ arg_strx0(NULL, NULL, "<HEX PDOLdata/PDOL>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, true);
@@ -183,7 +206,7 @@ int CmdHFEMVGPO(const char *cmd) {
bool dataMakeFromPDOL = arg_get_lit(3);
bool APDULogging = arg_get_lit(4);
bool decodeTLV = arg_get_lit(5);
- CLIGetStrWithReturn(6, data, &datalen);
+ CLIGetHexWithReturn(6, data, &datalen);
CLIParserFree();
SetAPDULogging(APDULogging);
@@ -195,42 +218,28 @@ int CmdHFEMVGPO(const char *cmd) {
// calc PDOL
struct tlv *pdol_data_tlv = NULL;
struct tlv data_tlv = {
- .tag = 0x01,
+ .tag = 0x83,
.len = datalen,
.value = (uint8_t *)data,
};
if (dataMakeFromPDOL) {
- // TODO
- PrintAndLog("Make PDOL data not implemented!");
-
- //9F02:(Amount, authorized (Numeric)) len:6
- TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
- //9F1A:(Terminal Country Code) len:2
- TLV_ADD(0x9F1A, "ru");
- //5F2A:(Transaction Currency Code) len:2
- // USD 840, EUR 978, RUR 810, RUB 643, RUR 810(old), UAH 980, AZN 031, n/a 999
- TLV_ADD(0x5F2A, "\x09\x80");
- //9A:(Transaction Date) len:3
- TLV_ADD(0x9A, "\x00\x00\x00");
- //9C:(Transaction Type) len:1 | 00 => Goods and service #01 => Cash
- TLV_ADD(0x9C, "\x00");
- // 9F37 Unpredictable Number len:4
- TLV_ADD(0x9F37, "\x01\x02\x03\x04");
- // 9F6A Unpredictable Number (MSD for UDOL) len:4
- TLV_ADD(0x9F6A, "\x01\x02\x03\x04");
- //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
- TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
+ ParamLoadDefaults(tlvRoot);
if (paramsLoadFromFile) {
+ PrintAndLog("Params loading from file...");
+ ParamLoadFromJson(tlvRoot);
};
-/* pdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x9f38, NULL), tlvRoot, 0x83);
+
+ pdol_data_tlv = dol_process((const struct tlv *)tlvdb_external(0x9f38, datalen, data), tlvRoot, 0x83);
if (!pdol_data_tlv){
PrintAndLog("ERROR: can't create PDOL TLV.");
tlvdb_free(tlvRoot);
return 4;
- }*/
- return 0;
+ }
} else {
+ if (paramsLoadFromFile) {
+ PrintAndLog("WARNING: don't need to load parameters. Sending plain PDOL data...");
+ }
pdol_data_tlv = &data_tlv;
}
@@ -249,7 +258,8 @@ int CmdHFEMVGPO(const char *cmd) {
uint16_t sw = 0;
int res = EMVGPO(leaveSignalON, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
- free(pdol_data_tlv_data);
+ if (pdol_data_tlv != &data_tlv)
+ free(pdol_data_tlv);
tlvdb_free(tlvRoot);
if (sw)
@@ -277,7 +287,7 @@ int CmdHFEMVReadRecord(const char *cmd) {
arg_lit0("kK", "keep", "keep field ON for next command"),
arg_lit0("aA", "apdu", "show APDU reqests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
- arg_str1(NULL, NULL, "<SFI 1byte HEX><SFIrec 1byte HEX>", NULL),
+ arg_strx1(NULL, NULL, "<SFI 1byte HEX><SFIrec 1byte HEX>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, true);
@@ -285,7 +295,7 @@ int CmdHFEMVReadRecord(const char *cmd) {
bool leaveSignalON = arg_get_lit(1);
bool APDULogging = arg_get_lit(2);
bool decodeTLV = arg_get_lit(3);
- CLIGetStrWithReturn(4, data, &datalen);
+ CLIGetHexWithReturn(4, data, &datalen);
CLIParserFree();
if (datalen != 2) {
@@ -322,16 +332,19 @@ int CmdHFEMVAC(const char *cmd) {
"Generate Application Cryptogram command. It returns data in TLV format .\nNeeds a EMV applet to be selected and GPO to be executed.",
"Usage:\n\thf emv genac -k 0102 -> generate AC with 2-byte CDOLdata and keep field ON after command\n"
"\thf emv genac -t 01020304 -> generate AC with 4-byte CDOL data, show result in TLV\n"
- "\thf emv genac -Daac 01020304 -> generate AC with 4-byte CDOL data and terminal decision 'declined'\n");
+ "\thf emv genac -Daac 01020304 -> generate AC with 4-byte CDOL data and terminal decision 'declined'\n"
+ "\thf emv genac -pmt 9F 37 04 -> load params from file, make CDOL data from CDOL, generate AC with CDOL, show result in TLV");
void* argtable[] = {
arg_param_begin,
arg_lit0("kK", "keep", "keep field ON for next command"),
arg_lit0("cC", "cda", "executes CDA transaction. Needs to get SDAD in results."),
arg_str0("dD", "decision", "<aac|tc|arqc>", "Terminal decision. aac - declined, tc - approved, arqc - online authorisation requested"),
+ arg_lit0("pP", "params", "load parameters from `emv/defparams.json` file for CDOLdata making from CDOL and parameters"),
+ arg_lit0("mM", "make", "make CDOLdata from CDOL (tag 8C and 8D) and parameters (by default uses default parameters)"),
arg_lit0("aA", "apdu", "show APDU reqests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
- arg_str1(NULL, NULL, "<HEX CDOLdata>", NULL),
+ arg_strx1(NULL, NULL, "<HEX CDOLdata/CDOL>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, false);
@@ -356,9 +369,11 @@ int CmdHFEMVAC(const char *cmd) {
}
if (trTypeCDA)
termDecision = termDecision | EMVAC_CDAREQ;
- bool APDULogging = arg_get_lit(4);
- bool decodeTLV = arg_get_lit(5);
- CLIGetStrWithReturn(6, data, &datalen);
+ bool paramsLoadFromFile = arg_get_lit(4);
+ bool dataMakeFromCDOL = arg_get_lit(5);
+ bool APDULogging = arg_get_lit(6);
+ bool decodeTLV = arg_get_lit(7);
+ CLIGetHexWithReturn(8, data, &datalen);
CLIParserFree();
SetAPDULogging(APDULogging);
@@ -369,22 +384,43 @@ int CmdHFEMVAC(const char *cmd) {
// calc CDOL
struct tlv *cdol_data_tlv = NULL;
-// struct tlv *cdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x8c, NULL), tlvRoot, 0x01); // 0x01 - dummy tag
struct tlv data_tlv = {
.tag = 0x01,
.len = datalen,
.value = (uint8_t *)data,
- };
- cdol_data_tlv = &data_tlv;
- PrintAndLog("CDOL data[%d]: %s", cdol_data_tlv->len, sprint_hex(cdol_data_tlv->value, cdol_data_tlv->len));
+ };
+ if (dataMakeFromCDOL) {
+ ParamLoadDefaults(tlvRoot);
+
+ if (paramsLoadFromFile) {
+ PrintAndLog("Params loading from file...");
+ ParamLoadFromJson(tlvRoot);
+ };
+
+ cdol_data_tlv = dol_process((const struct tlv *)tlvdb_external(0x8c, datalen, data), tlvRoot, 0x01); // 0x01 - dummy tag
+ if (!cdol_data_tlv){
+ PrintAndLog("ERROR: can't create CDOL TLV.");
+ tlvdb_free(tlvRoot);
+ return 4;
+ }
+ } else {
+ if (paramsLoadFromFile) {
+ PrintAndLog("WARNING: don't need to load parameters. Sending plain CDOL data...");
+ }
+ cdol_data_tlv = &data_tlv;
+ }
+
+ PrintAndLog("CDOL data[%d]: %s", cdol_data_tlv->len, sprint_hex(cdol_data_tlv->value, cdol_data_tlv->len));
+
// exec
uint8_t buf[APDU_RES_LEN] = {0};
size_t len = 0;
uint16_t sw = 0;
int res = EMVAC(leaveSignalON, termDecision, (uint8_t *)cdol_data_tlv->value, cdol_data_tlv->len, buf, sizeof(buf), &len, &sw, tlvRoot);
-// free(cdol_data_tlv);
+ if (cdol_data_tlv != &data_tlv)
+ free(cdol_data_tlv);
tlvdb_free(tlvRoot);
if (sw)
@@ -402,7 +438,7 @@ int CmdHFEMVAC(const char *cmd) {
int CmdHFEMVGenerateChallenge(const char *cmd) {
CLIParserInit("hf emv challenge",
- "Executes Generate Challenge command. It returns 4 or 8-byte random number from card:\n",
+ "Executes Generate Challenge command. It returns 4 or 8-byte random number from card.\nNeeds a EMV applet to be selected and GPO to be executed.",
"Usage:\n\thf emv challenge -> get challenge\n\thf emv challenge -k -> get challenge, keep fileld ON\n");
void* argtable[] = {
@@ -446,28 +482,65 @@ int CmdHFEMVInternalAuthenticate(const char *cmd) {
CLIParserInit("hf emv intauth",
"Generate Internal Authenticate command. Usually needs 4-byte random number. It returns data in TLV format .\nNeeds a EMV applet to be selected and GPO to be executed.",
"Usage:\n\thf emv intauth -k 01020304 -> execute Internal Authenticate with 4-byte DDOLdata and keep field ON after command\n"
- "\thf emv intauth -t 01020304 -> execute Internal Authenticate with 4-byte DDOL data, show result in TLV\n");
+ "\thf emv intauth -t 01020304 -> execute Internal Authenticate with 4-byte DDOL data, show result in TLV\n"
+ "\thf emv intauth -pmt 9F 37 04 -> load params from file, make DDOL data from DDOL, Internal Authenticate with DDOL, show result in TLV");
void* argtable[] = {
arg_param_begin,
arg_lit0("kK", "keep", "keep field ON for next command"),
+ arg_lit0("pP", "params", "load parameters from `emv/defparams.json` file for DDOLdata making from DDOL and parameters"),
+ arg_lit0("mM", "make", "make DDOLdata from DDOL (tag 9F49) and parameters (by default uses default parameters)"),
arg_lit0("aA", "apdu", "show APDU reqests and responses"),
arg_lit0("tT", "tlv", "TLV decode results of selected applets"),
- arg_str1(NULL, NULL, "<HEX DDOLdata>", NULL),
+ arg_strx1(NULL, NULL, "<HEX DDOLdata/DDOL>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, false);
bool leaveSignalON = arg_get_lit(1);
- bool APDULogging = arg_get_lit(2);
- bool decodeTLV = arg_get_lit(3);
- CLIGetStrWithReturn(4, data, &datalen);
+ bool paramsLoadFromFile = arg_get_lit(2);
+ bool dataMakeFromDDOL = arg_get_lit(3);
+ bool APDULogging = arg_get_lit(4);
+ bool decodeTLV = arg_get_lit(5);
+ CLIGetHexWithReturn(6, data, &datalen);
CLIParserFree();
SetAPDULogging(APDULogging);
+
+ // Init TLV tree
+ const char *alr = "Root terminal TLV tree";
+ struct tlvdb *tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
- // DDOL
- PrintAndLog("DDOL data[%d]: %s", datalen, sprint_hex(data, datalen));
+ // calc DDOL
+ struct tlv *ddol_data_tlv = NULL;
+ struct tlv data_tlv = {
+ .tag = 0x01,
+ .len = datalen,
+ .value = (uint8_t *)data,
+ };
+
+ if (dataMakeFromDDOL) {
+ ParamLoadDefaults(tlvRoot);
+
+ if (paramsLoadFromFile) {
+ PrintAndLog("Params loading from file...");
+ ParamLoadFromJson(tlvRoot);
+ };
+
+ ddol_data_tlv = dol_process((const struct tlv *)tlvdb_external(0x9f49, datalen, data), tlvRoot, 0x01); // 0x01 - dummy tag
+ if (!ddol_data_tlv){
+ PrintAndLog("ERROR: can't create DDOL TLV.");
+ tlvdb_free(tlvRoot);
+ return 4;
+ }
+ } else {
+ if (paramsLoadFromFile) {
+ PrintAndLog("WARNING: don't need to load parameters. Sending plain DDOL data...");
+ }
+ ddol_data_tlv = &data_tlv;
+ }
+
+ PrintAndLog("DDOL data[%d]: %s", ddol_data_tlv->len, sprint_hex(ddol_data_tlv->value, ddol_data_tlv->len));
// exec
uint8_t buf[APDU_RES_LEN] = {0};
@@ -475,6 +548,10 @@ int CmdHFEMVInternalAuthenticate(const char *cmd) {
uint16_t sw = 0;
int res = EMVInternalAuthenticate(leaveSignalON, data, datalen, buf, sizeof(buf), &len, &sw, NULL);
+ if (ddol_data_tlv != &data_tlv)
+ free(ddol_data_tlv);
+ tlvdb_free(tlvRoot);
+
if (sw)
PrintAndLog("APDU response status: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
@@ -487,35 +564,72 @@ int CmdHFEMVInternalAuthenticate(const char *cmd) {
return 0;
}
-int UsageCmdHFEMVExec(void) {
- PrintAndLog("HELP : Executes EMV contactless transaction:\n");
- PrintAndLog("Usage: hf emv exec [-s][-a][-t][-f][-v][-c][-x][-g]\n");
- PrintAndLog(" Options:");
- PrintAndLog(" -s : select card");
- PrintAndLog(" -a : show APDU reqests and responses\n");
- PrintAndLog(" -t : TLV decode results\n");
- PrintAndLog(" -f : force search AID. Search AID instead of execute PPSE.\n");
- PrintAndLog(" -v : transaction type - qVSDC or M/Chip.\n");
- PrintAndLog(" -c : transaction type - qVSDC or M/Chip plus CDA (SDAD generation).\n");
- PrintAndLog(" -x : transaction type - VSDC. For test only. Not a standart behavior.\n");
- PrintAndLog(" -g : VISA. generate AC from GPO\n");
- PrintAndLog("By default : transaction type - MSD.\n");
- PrintAndLog("Samples:");
- PrintAndLog(" hf emv exec -s -a -t -> execute MSD transaction");
- PrintAndLog(" hf emv exec -s -a -t -c -> execute CDA transaction");
- return 0;
+#define dreturn(n) {free(pdol_data_tlv);tlvdb_free(tlvSelect);tlvdb_free(tlvRoot);DropField();return n;}
+
+void InitTransactionParameters(struct tlvdb *tlvRoot, bool paramLoadJSON, enum TransactionType TrType, bool GenACGPO) {
+
+ ParamLoadDefaults(tlvRoot);
+
+ if (paramLoadJSON) {
+ PrintAndLog("* * Transaction parameters loading from JSON...");
+ ParamLoadFromJson(tlvRoot);
+ }
+
+ //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
+ char *qVSDC = "\x26\x00\x00\x00";
+ if (GenACGPO) {
+ qVSDC = "\x26\x80\x00\x00";
+ }
+ switch(TrType) {
+ case TT_MSD:
+ TLV_ADD(0x9F66, "\x86\x00\x00\x00"); // MSD
+ break;
+ // not standard for contactless. just for test.
+ case TT_VSDC:
+ TLV_ADD(0x9F66, "\x46\x00\x00\x00"); // VSDC
+ break;
+ case TT_QVSDCMCHIP:
+ TLV_ADD(0x9F66, qVSDC); // qVSDC
+ break;
+ case TT_CDA:
+ TLV_ADD(0x9F66, qVSDC); // qVSDC (VISA CDA not enabled)
+ break;
+ default:
+ break;
+ }
}
-#define dreturn(n) {free(pdol_data_tlv);tlvdb_free(tlvSelect);tlvdb_free(tlvRoot);DropField();return n;}
+void ProcessGPOResponseFormat1(struct tlvdb *tlvRoot, uint8_t *buf, size_t len, bool decodeTLV) {
+ if (buf[0] == 0x80) {
+ if (decodeTLV){
+ PrintAndLog("GPO response format1:");
+ TLVPrintFromBuffer(buf, len);
+ }
+
+ if (len < 4 || (len - 4) % 4) {
+ PrintAndLog("ERROR: GPO response format1 parsing error. length=%d", len);
+ } else {
+ // AIP
+ struct tlvdb * f1AIP = tlvdb_fixed(0x82, 2, buf + 2);
+ tlvdb_add(tlvRoot, f1AIP);
+ if (decodeTLV){
+ PrintAndLog("\n* * Decode response format 1 (0x80) AIP and AFL:");
+ TLVPrintFromTLV(f1AIP);
+ }
-int CmdHFEMVExec(const char *cmd) {
- bool activateField = false;
- bool showAPDU = false;
- bool decodeTLV = false;
- bool forceSearch = false;
- enum TransactionType TrType = TT_MSD;
- bool GenACGPO = false;
+ // AFL
+ struct tlvdb * f1AFL = tlvdb_fixed(0x94, len - 4, buf + 2 + 2);
+ tlvdb_add(tlvRoot, f1AFL);
+ if (decodeTLV)
+ TLVPrintFromTLV(f1AFL);
+ }
+ } else {
+ if (decodeTLV)
+ TLVPrintFromBuffer(buf, len);
+ }
+}
+int CmdHFEMVExec(const char *cmd) {
uint8_t buf[APDU_RES_LEN] = {0};
size_t len = 0;
uint16_t sw = 0;
@@ -530,59 +644,45 @@ int CmdHFEMVExec(const char *cmd) {
struct tlvdb *tlvRoot = NULL;
struct tlv *pdol_data_tlv = NULL;
- if (strlen(cmd) < 1) {
- UsageCmdHFEMVExec();
- return 0;
- }
+ CLIParserInit("hf emv exec",
+ "Executes EMV contactless transaction",
+ "Usage:\n\thf emv exec -sat -> select card, execute MSD transaction, show APDU and TLV\n"
+ "\thf emv exec -satc -> select card, execute CDA transaction, show APDU and TLV\n");
+
+ void* argtable[] = {
+ arg_param_begin,
+ arg_lit0("sS", "select", "activate field and select card."),
+ arg_lit0("aA", "apdu", "show APDU reqests and responses."),
+ arg_lit0("tT", "tlv", "TLV decode results."),
+ arg_lit0("jJ", "jload", "Load transaction parameters from `emv/defparams.json` file."),
+ arg_lit0("fF", "forceaid", "Force search AID. Search AID instead of execute PPSE."),
+ arg_rem("By default:", "Transaction type - MSD"),
+ arg_lit0("vV", "qvsdc", "Transaction type - qVSDC or M/Chip."),
+ arg_lit0("cC", "qvsdccda", "Transaction type - qVSDC or M/Chip plus CDA (SDAD generation)."),
+ arg_lit0("xX", "vsdc", "Transaction type - VSDC. For test only. Not a standart behavior."),
+ arg_lit0("gG", "acgpo", "VISA. generate AC from GPO."),
+ arg_param_end
+ };
+ CLIExecWithReturn(cmd, argtable, true);
- int cmdp = 0;
- while(param_getchar(cmd, cmdp) != 0x00) {
- char c = param_getchar(cmd, cmdp);
- if ((c == '-') && (param_getlength(cmd, cmdp) == 2))
- switch (param_getchar_indx(cmd, 1, cmdp)) {
- case 'h':
- case 'H':
- UsageCmdHFEMVExec();
- return 0;
- case 's':
- case 'S':
- activateField = true;
- break;
- case 'a':
- case 'A':
- showAPDU = true;
- break;
- case 't':
- case 'T':
- decodeTLV = true;
- break;
- case 'f':
- case 'F':
- forceSearch = true;
- break;
- case 'x':
- case 'X':
- TrType = TT_VSDC;
- break;
- case 'v':
- case 'V':
- TrType = TT_QVSDCMCHIP;
- break;
- case 'c':
- case 'C':
- TrType = TT_CDA;
- break;
- case 'g':
- case 'G':
- GenACGPO = true;
- break;
- default:
- PrintAndLog("Unknown parameter '%c'", param_getchar_indx(cmd, 1, cmdp));
- return 1;
- }
- cmdp++;
- }
+ bool activateField = arg_get_lit(1);
+ bool showAPDU = arg_get_lit(2);
+ bool decodeTLV = arg_get_lit(3);
+ bool paramLoadJSON = arg_get_lit(4);
+ bool forceSearch = arg_get_lit(5);
+ enum TransactionType TrType = TT_MSD;
+ if (arg_get_lit(6))
+ TrType = TT_QVSDCMCHIP;
+ if (arg_get_lit(7))
+ TrType = TT_CDA;
+ if (arg_get_lit(8))
+ TrType = TT_VSDC;
+
+ bool GenACGPO = arg_get_lit(9);
+ CLIParserFree();
+
+ SetAPDULogging(showAPDU);
// init applets list tree
const char *al = "Applets list";
@@ -641,47 +741,7 @@ int CmdHFEMVExec(const char *cmd) {
PrintAndLog("* Selected.");
PrintAndLog("\n* Init transaction parameters.");
-
- //9F66:(Terminal Transaction Qualifiers (TTQ)) len:4
- char *qVSDC = "\x26\x00\x00\x00";
- if (GenACGPO) {
- qVSDC = "\x26\x80\x00\x00";
- }
- switch(TrType) {
- case TT_MSD:
- TLV_ADD(0x9F66, "\x86\x00\x00\x00"); // MSD
- break;
- // not standard for contactless. just for test.
- case TT_VSDC:
- TLV_ADD(0x9F66, "\x46\x00\x00\x00"); // VSDC
- break;
- case TT_QVSDCMCHIP:
- TLV_ADD(0x9F66, qVSDC); // qVSDC
- break;
- case TT_CDA:
- TLV_ADD(0x9F66, qVSDC); // qVSDC (VISA CDA not enabled)
- break;
- default:
- TLV_ADD(0x9F66, "\x26\x00\x00\x00"); // qVSDC
- break;
- }
-
- //9F02:(Amount, authorized (Numeric)) len:6
- TLV_ADD(0x9F02, "\x00\x00\x00\x00\x01\x00");
- //9F1A:(Terminal Country Code) len:2
- TLV_ADD(0x9F1A, "ru");
- //5F2A:(Transaction Currency Code) len:2
- // USD 840, EUR 978, RUR 810, RUB 643, RUR 810(old), UAH 980, AZN 031, n/a 999
- TLV_ADD(0x5F2A, "\x09\x80");
- //9A:(Transaction Date) len:3
- TLV_ADD(0x9A, "\x00\x00\x00");
- //9C:(Transaction Type) len:1 | 00 => Goods and service #01 => Cash
- TLV_ADD(0x9C, "\x00");
- // 9F37 Unpredictable Number len:4
- TLV_ADD(0x9F37, "\x01\x02\x03\x04");
- // 9F6A Unpredictable Number (MSD for UDOL) len:4
- TLV_ADD(0x9F6A, "\x01\x02\x03\x04");
-
+ InitTransactionParameters(tlvRoot, paramLoadJSON, TrType, GenACGPO);
TLVPrintFromTLV(tlvRoot); // TODO delete!!!
PrintAndLog("\n* Calc PDOL.");
@@ -711,33 +771,7 @@ int CmdHFEMVExec(const char *cmd) {
}
// process response template format 1 [id:80 2b AIP + x4b AFL] and format 2 [id:77 TLV]
- if (buf[0] == 0x80) {
- if (decodeTLV){
- PrintAndLog("GPO response format1:");
- TLVPrintFromBuffer(buf, len);
- }
-
- if (len < 4 || (len - 4) % 4) {
- PrintAndLog("ERROR: GPO response format1 parsing error. length=%d", len);
- } else {
- // AIP
- struct tlvdb * f1AIP = tlvdb_fixed(0x82, 2, buf + 2);
- tlvdb_add(tlvRoot, f1AIP);
- if (decodeTLV){
- PrintAndLog("\n* * Decode response format 1 (0x80) AIP and AFL:");
- TLVPrintFromTLV(f1AIP);
- }
-
- // AFL
- struct tlvdb * f1AFL = tlvdb_fixed(0x94, len - 4, buf + 2 + 2);
- tlvdb_add(tlvRoot, f1AFL);
- if (decodeTLV)
- TLVPrintFromTLV(f1AFL);
- }
- } else {
- if (decodeTLV)
- TLVPrintFromBuffer(buf, len);
- }
+ ProcessGPOResponseFormat1(tlvRoot, buf, len, decodeTLV);
// extract PAN from track2
{
@@ -1037,6 +1071,332 @@ int CmdHFEMVExec(const char *cmd) {
return 0;
}
+int CmdHFEMVScan(const char *cmd) {
+ uint8_t AID[APDU_AID_LEN] = {0};
+ size_t AIDlen = 0;
+ uint8_t buf[APDU_RES_LEN] = {0};
+ size_t len = 0;
+ uint16_t sw = 0;
+ int res;
+ json_t *root;
+ json_error_t error;
+
+ CLIParserInit("hf emv scan",
+ "Scan EMV card and save it contents to a file.",
+ "It executes EMV contactless transaction and saves result to a file which can be used for emulation\n"
+ "Usage:\n\thf emv scan -at -> scan MSD transaction mode and show APDU and TLV\n"
+ "\thf emv scan -c -> scan CDA transaction mode\n");
+
+ void* argtable[] = {
+ arg_param_begin,
+ arg_lit0("aA", "apdu", "show APDU reqests and responses."),
+ arg_lit0("tT", "tlv", "TLV decode results."),
+ arg_lit0("eE", "extract", "Extract TLV elements and fill Application Data"),
+ arg_lit0("jJ", "jload", "Load transaction parameters from `emv/defparams.json` file."),
+ arg_rem("By default:", "Transaction type - MSD"),
+ arg_lit0("vV", "qvsdc", "Transaction type - qVSDC or M/Chip."),
+ arg_lit0("cC", "qvsdccda", "Transaction type - qVSDC or M/Chip plus CDA (SDAD generation)."),
+ arg_lit0("xX", "vsdc", "Transaction type - VSDC. For test only. Not a standart behavior."),
+ arg_lit0("gG", "acgpo", "VISA. generate AC from GPO."),
+ arg_lit0("mM", "merge", "Merge output file with card's data. (warning: the file may be corrupted!)"),
+ arg_str1(NULL, NULL, "output.json", "JSON output file name"),
+ arg_param_end
+ };
+ CLIExecWithReturn(cmd, argtable, true);
+
+ bool showAPDU = arg_get_lit(1);
+ bool decodeTLV = arg_get_lit(2);
+ bool extractTLVElements = arg_get_lit(3);
+ bool paramLoadJSON = arg_get_lit(4);
+
+ enum TransactionType TrType = TT_MSD;
+ if (arg_get_lit(6))
+ TrType = TT_QVSDCMCHIP;
+ if (arg_get_lit(7))
+ TrType = TT_CDA;
+ if (arg_get_lit(8))
+ TrType = TT_VSDC;
+
+ bool GenACGPO = arg_get_lit(9);
+ bool MergeJSON = arg_get_lit(10);
+ uint8_t relfname[250] ={0};
+ char *crelfname = (char *)relfname;
+ int relfnamelen = 0;
+ CLIGetStrWithReturn(11, relfname, &relfnamelen);
+ CLIParserFree();
+
+ SetAPDULogging(showAPDU);
+
+ // current path + file name
+ if (!strstr(crelfname, ".json"))
+ strcat(crelfname, ".json");
+ char fname[strlen(get_my_executable_directory()) + strlen(crelfname) + 1];
+ strcpy(fname, get_my_executable_directory());
+ strcat(fname, crelfname);
+
+ if (MergeJSON) {
+ root = json_load_file(fname, 0, &error);
+ if (!root) {
+ PrintAndLog("ERROR: json error on line %d: %s", error.line, error.text);
+ return 1;
+ }
+
+ if (!json_is_object(root)) {
+ PrintAndLog("ERROR: Invalid json format. root must be an object.");
+ return 1;
+ }
+ } else {
+ root = json_object();
+ }
+
+ // drop field at start
+ DropField();
+
+ // iso 14443 select
+ PrintAndLog("--> GET UID, ATS.");
+
+ iso14a_card_select_t card;
+ if (Hf14443_4aGetCardData(&card)) {
+ return 2;
+ }
+
+ JsonSaveStr(root, "$.File.Created", "proxmark3 `hf emv scan`");
+
+ JsonSaveStr(root, "$.Card.Communication", "iso14443-4a");
+ JsonSaveBufAsHex(root, "$.Card.UID", (uint8_t *)&card.uid, card.uidlen);
+ JsonSaveHex(root, "$.Card.ATQA", card.atqa[0] + (card.atqa[1] << 2), 2);
+ JsonSaveHex(root, "$.Card.SAK", card.sak, 0);
+ JsonSaveBufAsHex(root, "$.Card.ATS", (uint8_t *)card.ats, card.ats_len);
+
+ // init applets list tree
+ const char *al = "Applets list";
+ struct tlvdb *tlvSelect = tlvdb_fixed(1, strlen(al), (const unsigned char *)al);
+
+ // EMV PPSE
+ PrintAndLog("--> PPSE.");
+ res = EMVSelectPSE(true, true, 2, buf, sizeof(buf), &len, &sw);
+
+ if (!res && sw == 0x9000){
+ if (decodeTLV)
+ TLVPrintFromBuffer(buf, len);
+
+ JsonSaveBufAsHex(root, "$.PPSE.AID", (uint8_t *)"2PAY.SYS.DDF01", 14);
+
+ struct tlvdb *fci = tlvdb_parse_multi(buf, len);
+ if (extractTLVElements)
+ JsonSaveTLVTree(root, root, "$.PPSE.FCITemplate", fci);
+ else
+ JsonSaveTLVTreeElm(root, "$.PPSE.FCITemplate", fci, true, true, false);
+ JsonSaveTLVValue(root, "$.Application.KernelID", tlvdb_find_full(fci, 0x9f2a));
+ tlvdb_free(fci);
+ }
+
+ res = EMVSearchPSE(false, true, decodeTLV, tlvSelect);
+
+ // check PPSE and select application id
+ if (!res) {
+ TLVPrintAIDlistFromSelectTLV(tlvSelect);
+ } else {
+ // EMV SEARCH with AID list
+ SetAPDULogging(false);
+ PrintAndLog("--> AID search.");
+ if (EMVSearch(false, true, decodeTLV, tlvSelect)) {
+ PrintAndLog("E->Can't found any of EMV AID. Exit...");
+ tlvdb_free(tlvSelect);
+ DropField();
+ return 3;
+ }
+
+ // check search and select application id
+ TLVPrintAIDlistFromSelectTLV(tlvSelect);
+ }
+
+ // EMV SELECT application
+ SetAPDULogging(showAPDU);
+ EMVSelectApplication(tlvSelect, AID, &AIDlen);
+
+ tlvdb_free(tlvSelect);
+
+ if (!AIDlen) {
+ PrintAndLog("Can't select AID. EMV AID not found. Exit...");
+ DropField();
+ return 4;
+ }
+
+ JsonSaveBufAsHex(root, "$.Application.AID", AID, AIDlen);
+
+ // Init TLV tree
+ const char *alr = "Root terminal TLV tree";
+ struct tlvdb *tlvRoot = tlvdb_fixed(1, strlen(alr), (const unsigned char *)alr);
+
+ // EMV SELECT applet
+
+ PrintAndLog("\n-->Selecting AID:%s.", sprint_hex_inrow(AID, AIDlen));
+ SetAPDULogging(showAPDU);
+ res = EMVSelect(false, true, AID, AIDlen, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+ if (res) {
+ PrintAndLog("E->Can't select AID (%d). Exit...", res);
+ tlvdb_free(tlvRoot);
+ DropField();
+ return 5;
+ }
+
+ if (decodeTLV)
+ TLVPrintFromBuffer(buf, len);
+
+ // save mode
+ if (tlvdb_get(tlvRoot, 0x9f38, NULL)) {
+ JsonSaveStr(root, "$.Application.Mode", TransactionTypeStr[TrType]);
+ }
+
+ struct tlvdb *fci = tlvdb_parse_multi(buf, len);
+ if (extractTLVElements)
+ JsonSaveTLVTree(root, root, "$.Application.FCITemplate", fci);
+ else
+ JsonSaveTLVTreeElm(root, "$.Application.FCITemplate", fci, true, true, false);
+ tlvdb_free(fci);
+
+ // create transaction parameters
+ PrintAndLog("-->Init transaction parameters.");
+ InitTransactionParameters(tlvRoot, paramLoadJSON, TrType, GenACGPO);
+
+ PrintAndLog("-->Calc PDOL.");
+ struct tlv *pdol_data_tlv = dol_process(tlvdb_get(tlvRoot, 0x9f38, NULL), tlvRoot, 0x83);
+ if (!pdol_data_tlv){
+ PrintAndLog("E->Can't create PDOL TLV.");
+ tlvdb_free(tlvRoot);
+ DropField();
+ return 6;
+ }
+
+ size_t pdol_data_tlv_data_len;
+ unsigned char *pdol_data_tlv_data = tlv_encode(pdol_data_tlv, &pdol_data_tlv_data_len);
+ if (!pdol_data_tlv_data) {
+ PrintAndLog("E->Can't create PDOL data.");
+ tlvdb_free(tlvRoot);
+ DropField();
+ return 6;
+ }
+ PrintAndLog("PDOL data[%d]: %s", pdol_data_tlv_data_len, sprint_hex(pdol_data_tlv_data, pdol_data_tlv_data_len));
+
+ PrintAndLog("-->GPO.");
+ res = EMVGPO(true, pdol_data_tlv_data, pdol_data_tlv_data_len, buf, sizeof(buf), &len, &sw, tlvRoot);
+
+ free(pdol_data_tlv_data);
+ free(pdol_data_tlv);
+
+ if (res) {
+ PrintAndLog("GPO error(%d): %4x. Exit...", res, sw);
+ tlvdb_free(tlvRoot);
+ DropField();
+ return 7;
+ }
+ ProcessGPOResponseFormat1(tlvRoot, buf, len, decodeTLV);
+
+ struct tlvdb *gpofci = tlvdb_parse_multi(buf, len);
+ if (extractTLVElements)
+ JsonSaveTLVTree(root, root, "$.Application.GPO", gpofci);
+ else
+ JsonSaveTLVTreeElm(root, "$.Application.GPO", gpofci, true, true, false);
+
+ JsonSaveTLVValue(root, "$.ApplicationData.AIP", tlvdb_find_full(gpofci, 0x82));
+ JsonSaveTLVValue(root, "$.ApplicationData.AFL", tlvdb_find_full(gpofci, 0x94));
+
+ tlvdb_free(gpofci);
+
+ PrintAndLog("-->Read records from AFL.");
+ const struct tlv *AFL = tlvdb_get(tlvRoot, 0x94, NULL);
+
+ while(AFL && AFL->len) {
+ if (AFL->len % 4) {
+ PrintAndLog("E->Wrong AFL length: %d", AFL->len);
+ break;
+ }
+
+ json_t *sfijson = json_path_get(root, "$.Application.Records");
+ if (!sfijson) {
+ json_t *app = json_path_get(root, "$.Application");
+ json_object_set_new(app, "Records", json_array());
+
+ sfijson = json_path_get(root, "$.Application.Records");
+ }
+ if (!json_is_array(sfijson)) {
+ PrintAndLog("E->Internal logic error. `$.Application.Records` is not an array.");
+ break;
+ }
+ for (int i = 0; i < AFL->len / 4; i++) {
+ uint8_t SFI = AFL->value[i * 4 + 0] >> 3;
+ uint8_t SFIstart = AFL->value[i * 4 + 1];
+ uint8_t SFIend = AFL->value[i * 4 + 2];
+ uint8_t SFIoffline = AFL->value[i * 4 + 3];
+
+ PrintAndLog("--->SFI[%02x] start:%02x end:%02x offline:%02x", SFI, SFIstart, SFIend, SFIoffline);
+ if (SFI == 0 || SFI == 31 || SFIstart == 0 || SFIstart > SFIend) {
+ PrintAndLog("SFI ERROR! Skipped...");
+ continue;
+ }
+
+ for(int n = SFIstart; n <= SFIend; n++) {
+ PrintAndLog("---->SFI[%02x] %d", SFI, n);
+
+ res = EMVReadRecord(true, SFI, n, buf, sizeof(buf), &len, &sw, tlvRoot);
+ if (res) {
+ PrintAndLog("E->SFI[%02x]. APDU error %4x", SFI, sw);
+ continue;
+ }
+
+ if (decodeTLV) {
+ TLVPrintFromBuffer(buf, len);
+ PrintAndLog("");
+ }
+
+ json_t *jsonelm = json_object();
+ json_array_append_new(sfijson, jsonelm);
+
+ JsonSaveHex(jsonelm, "SFI", SFI, 1);
+ JsonSaveHex(jsonelm, "RecordNum", n, 1);
+ JsonSaveHex(jsonelm, "Offline", SFIoffline, 1);
+
+ struct tlvdb *rsfi = tlvdb_parse_multi(buf, len);
+ if (extractTLVElements)
+ JsonSaveTLVTree(root, jsonelm, "$.Data", rsfi);
+ else
+ JsonSaveTLVTreeElm(jsonelm, "$.Data", rsfi, true, true, false);
+ tlvdb_free(rsfi);
+ }
+ }
+
+ break;
+ }
+
+ // getting certificates
+ if (tlvdb_get(tlvRoot, 0x90, NULL)) {
+ PrintAndLog("-->Recovering certificates.");
+ PKISetStrictExecution(false);
+ RecoveryCertificates(tlvRoot, root);
+ PKISetStrictExecution(true);
+ }
+
+ // free tlv object
+ tlvdb_free(tlvRoot);
+
+ // DropField
+ DropField();
+
+ res = json_dump_file(root, fname, JSON_INDENT(2));
+ if (res) {
+ PrintAndLog("ERROR: can't save the file: %s", fname);
+ return 200;
+ }
+ PrintAndLog("File `%s` saved.", fname);
+
+ // free json object
+ json_decref(root);
+
+ return 0;
+}
+
int CmdHFEMVTest(const char *cmd) {
return ExecuteCryptoTests(true);
}
@@ -1053,6 +1413,7 @@ static command_t CommandTable[] = {
{"genac", CmdHFEMVAC, 0, "Generate ApplicationCryptogram."},
{"challenge", CmdHFEMVGenerateChallenge, 0, "Generate challenge."},
{"intauth", CmdHFEMVInternalAuthenticate, 0, "Internal authentication."},
+ {"scan", CmdHFEMVScan, 0, "Scan EMV card and save it contents to json file for emulator."},
{"test", CmdHFEMVTest, 0, "Crypto logic test."},
{NULL, NULL, 0, NULL}
};