X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/a23f000182dfde6f2b429c15ff8a7cff87c8a40f..da05bc6eca632aa8ef5251942919ab8650191357:/client/cmdhf14a.c?ds=inline diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index f6ed899a..03ab0b5a 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -1,5 +1,5 @@ //----------------------------------------------------------------------------- -// 2011, Merlok +// 2011, 2017 Merlok // Copyright (C) 2010 iZsh , Hagen Fritsch // // This code is licensed to you under the terms of the GNU GPL, version 2 or, @@ -11,10 +11,36 @@ #include "cmdhf14a.h" +#include +#include +#include +#include +#include +#include +#include "util.h" +#include "util_posix.h" +#include "iso14443crc.h" +#include "comms.h" +#include "ui.h" +#include "cmdparser.h" +#include "common.h" +#include "cmdmain.h" +#include "mifare.h" +#include "cmdhfmfu.h" +#include "mifarehost.h" +#include "emv/apduinfo.h" +#include "emv/emvcore.h" + static int CmdHelp(const char *Cmd); static int waitCmd(uint8_t iLen); -const manufactureName manufactureMapping[] = { +// structure and database for uid -> tagtype lookups +typedef struct { + uint8_t uid; + char* desc; +} manufactureName; + +static const manufactureName manufactureMapping[] = { // ID, "Vendor Country" { 0x01, "Motorola UK" }, { 0x02, "ST Microelectronics SA France" }, @@ -109,7 +135,84 @@ int CmdHF14AList(const char *Cmd) return 0; } -int CmdHF14AReader(const char *Cmd) +int CmdHF14AReader(const char *Cmd) { + uint32_t cm = ISO14A_CONNECT; + bool disconnectAfter = true; + + int cmdp = 0; + while(param_getchar(Cmd, cmdp) != 0x00) { + switch(param_getchar(Cmd, cmdp)) { + case 'h': + case 'H': + PrintAndLog("Usage: hf 14a reader [k|x] [3]"); + PrintAndLog(" k keep the field active after command executed"); + PrintAndLog(" x just drop the signal field"); + PrintAndLog(" 3 ISO14443-3 select only (skip RATS)"); + return 0; + case '3': + cm |= ISO14A_NO_RATS; + break; + case 'k': + case 'K': + disconnectAfter = false; + break; + case 'x': + case 'X': + cm &= ~ISO14A_CONNECT; + break; + default: + PrintAndLog("Unknown command."); + return 1; + } + + cmdp++; + } + + if (!disconnectAfter) + cm |= ISO14A_NO_DISCONNECT; + + UsbCommand c = {CMD_READER_ISO_14443a, {cm, 0, 0}}; + SendCommand(&c); + + if (ISO14A_CONNECT & cm) { + UsbCommand resp; + WaitForResponse(CMD_ACK,&resp); + + iso14a_card_select_t card; + memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); + + uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + + if(select_status == 0) { + PrintAndLog("iso14443a card select failed"); + return 1; + } + + if(select_status == 3) { + PrintAndLog("Card doesn't support standard iso14443-3 anticollision"); + PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); + return 1; + } + + PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen)); + PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); + PrintAndLog(" SAK : %02x [%" PRIu64 "]", card.sak, resp.arg[0]); + if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes + PrintAndLog(" ATS : %s", sprint_hex(card.ats, card.ats_len)); + } + if (!disconnectAfter) { + PrintAndLog("Card is selected. You can now start sending commands"); + } + } + + if (disconnectAfter) { + PrintAndLog("Field dropped."); + } + + return 0; +} + +int CmdHF14AInfo(const char *Cmd) { UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; SendCommand(&c); @@ -145,10 +248,12 @@ int CmdHF14AReader(const char *Cmd) PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen)); PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); - PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]); + PrintAndLog(" SAK : %02x [%" PRIu64 "]", card.sak, resp.arg[0]); + bool isMifareClassic = true; switch (card.sak) { case 0x00: + isMifareClassic = false; //***************************************test**************** // disconnect @@ -381,7 +486,20 @@ int CmdHF14AReader(const char *Cmd) // try to see if card responses to "chinese magic backdoor" commands. - mfCIdentify(); + (void)mfCIdentify(); + + if (isMifareClassic) { + switch(DetectClassicPrng()) { + case 0: + PrintAndLog("Prng detection: HARDENED (hardnested)"); + break; + case 1: + PrintAndLog("Prng detection: WEAK"); + break; + default: + PrintAndLog("Prng detection error."); + } + } return select_status; } @@ -530,74 +648,79 @@ int CmdHF14ASnoop(const char *Cmd) { return 0; } -int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int *dataoutlen) { - uint8_t data[USB_CMD_DATA_SIZE]; - int datalen; - uint8_t cmdc = 0; - uint8_t first, second; +void DropField() { + UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}}; + SendCommand(&c); +} + +int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + uint16_t cmdc = 0; - if (activateField) - cmdc |= ISO14A_CONNECT; + if (activateField) { + cmdc |= ISO14A_CONNECT | ISO14A_CLEAR_TRACE; + } if (leaveSignalON) cmdc |= ISO14A_NO_DISCONNECT; - // ISO 14443 APDU frame: PCB [CID] [NAD] APDU CRC PCB=0x02 - memcpy(data + 1, datain, datainlen); - data[0] = 0x02; // bnr,nad,cid,chn=0; i-block(0x00) - datalen = datainlen + 1; - - ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second); - data[datalen++] = first; - data[datalen++] = second; - // "Command APDU" length should be 5+255+1, but javacard's APDU buffer might be smaller - 133 bytes // https://stackoverflow.com/questions/32994936/safe-max-java-card-apdu-data-command-and-respond-size // here length USB_CMD_DATA_SIZE=512 - // timeout timeout14a * 1.06 / 100, true, size, &keyBlock[6 * c], e_sector); // timeout is (ms * 106)/10 or us*0.0106 - UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_SET_TIMEOUT | cmdc, (datalen & 0xFFFF), 1000 * 1000 * 1.06 / 100}}; - memcpy(c.d.asBytes, data, datalen); + // timeout must be authomatically set by "get ATS" + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_APDU | cmdc, (datainlen & 0xFFFF), 0}}; + memcpy(c.d.asBytes, datain, datainlen); SendCommand(&c); uint8_t *recv; UsbCommand resp; if (activateField) { - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLog("APDU ERROR: Proxmark connection timeout."); return 1; - if (resp.arg[0] != 1) + } + if (resp.arg[0] != 1) { + PrintAndLog("APDU ERROR: Proxmark error %d.", resp.arg[0]); return 1; + } } if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { recv = resp.d.asBytes; - uint8_t iLen = resp.arg[0]; + int iLen = resp.arg[0]; - *dataoutlen = iLen - 1 - 2; + *dataoutlen = iLen - 2; if (*dataoutlen < 0) *dataoutlen = 0; - memcpy(dataout, recv + 1, *dataoutlen); - if(!iLen) - return 1; - - // check apdu length - if (iLen < 5) { - PrintAndLog("APDU ERROR: Small APDU response."); + if (maxdataoutlen && *dataoutlen > maxdataoutlen) { + PrintAndLog("APDU ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen); return 2; } - // check block - if (data[0] != recv[0]) { - PrintAndLog("APDU ERROR: Block type mismatch: %02x-%02x", data[0], recv[0]); + memcpy(dataout, recv, *dataoutlen); + + if(!iLen) { + PrintAndLog("APDU ERROR: No APDU response."); + return 1; + } + + // check block TODO + if (iLen == -2) { + PrintAndLog("APDU ERROR: Block type mismatch."); return 2; } // CRC Check - ComputeCrc14443(CRC_14443_A, recv, iLen, &first, &second); - if (first || second) { + if (iLen == -1) { PrintAndLog("APDU ERROR: ISO 14443A CRC error."); return 3; } + + // check apdu length + if (iLen < 4) { + PrintAndLog("APDU ERROR: Small APDU response. Len=%d", iLen); + return 2; + } } else { PrintAndLog("APDU ERROR: Reply timeout."); @@ -607,6 +730,7 @@ int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool lea return 0; } +// ISO14443-4. 7. Half-duplex block transmission protocol int CmdHF14AAPDU(const char *cmd) { uint8_t data[USB_CMD_DATA_SIZE]; int datalen = 0; @@ -616,9 +740,10 @@ int CmdHF14AAPDU(const char *cmd) { if (strlen(cmd) < 2) { PrintAndLog("Usage: hf 14a apdu [-s] [-k] [-t] "); + PrintAndLog("Command sends an ISO 7816-4 APDU via ISO 14443-4 block transmission protocol (T=CL)"); PrintAndLog(" -s activate field and select card"); PrintAndLog(" -k leave the signal field ON after receive response"); - PrintAndLog(" -t executes TLV decoder if it possible"); + PrintAndLog(" -t executes TLV decoder if it possible. TODO!!!!"); return 0; } @@ -644,7 +769,7 @@ int CmdHF14AAPDU(const char *cmd) { return 1; } - if (isxdigit(c)) { + if (isxdigit((unsigned char)c)) { // len = data + PCB(1b) + CRC(2b) switch(param_gethex_to_eol(cmd, cmdp, data, sizeof(data) - 1 - 2, &datalen)) { case 1: @@ -665,31 +790,20 @@ int CmdHF14AAPDU(const char *cmd) { cmdp++; } - PrintAndLog("--%s %s %s >>>> %s", activateField ? "sel": "", leaveSignalON ? "keep": "", decodeTLV ? "TLV": "", sprint_hex(data, datalen)); + PrintAndLog(">>>>[%s%s%s] %s", activateField ? "sel ": "", leaveSignalON ? "keep ": "", decodeTLV ? "TLV": "", sprint_hex(data, datalen)); - switch(ExchangeAPDU14a(data, datalen, activateField, leaveSignalON, data, &datalen)) { - case 0: - break; - case 1: - PrintAndLog("APDU ERROR: Send APDU error."); - return 1; - case 2: - return 2; - case 3: - return 3; - case 4: - return 4; - default: - return 5; - } + int res = ExchangeAPDU14a(data, datalen, activateField, leaveSignalON, data, USB_CMD_DATA_SIZE, &datalen); + + if (res) + return res; PrintAndLog("<<<< %s", sprint_hex(data, datalen)); - PrintAndLog("APDU response: %02x %02x", data[datalen - 2], data[datalen - 1]); // TODO add APDU descriptions + PrintAndLog("APDU response: %02x %02x - %s", data[datalen - 2], data[datalen - 1], GetAPDUCodeDescription(data[datalen - 2], data[datalen - 1])); - // here TLV decoder... - if (decodeTLV) { - PrintAndLog("--- TLV decoded:"); + // TLV decoder + if (decodeTLV && datalen > 4) { + TLVPrintFromBuffer(data, datalen - 2); } return 0; @@ -817,7 +931,7 @@ int CmdHF14ACmdRaw(const char *cmd) { if(active || active_select) { - c.arg[0] |= ISO14A_CONNECT; + c.arg[0] |= ISO14A_CONNECT | ISO14A_CLEAR_TRACE; if(active) c.arg[0] |= ISO14A_NO_SELECT; } @@ -872,8 +986,17 @@ static int waitCmd(uint8_t iSelect) { if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { recv = resp.d.asBytes; - uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0]; - PrintAndLog("received %i octets", iLen); + uint8_t iLen = resp.arg[0]; + if (iSelect){ + iLen = resp.arg[1]; + if (iLen){ + PrintAndLog("Card selected. UID[%i]:", iLen); + } else { + PrintAndLog("Can't select card."); + } + } else { + PrintAndLog("received %i bytes:", iLen); + } if(!iLen) return 1; hexout = (char *)malloc(iLen * 3 + 1); @@ -898,22 +1021,20 @@ static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, - {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"}, + {"reader", CmdHF14AReader, 0, "Start acting like an ISO14443 Type A reader"}, + {"info", CmdHF14AInfo, 0, "Reads card and shows information about it"}, {"cuids", CmdHF14ACUIDs, 0, " Collect n>0 ISO14443 Type A UIDs in one go"}, {"sim", CmdHF14ASim, 0, " -- Simulate ISO 14443a tag"}, {"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"}, - {"apdu", CmdHF14AAPDU, 0, "Send ISO 1443-4 APDU to tag"}, + {"apdu", CmdHF14AAPDU, 0, "Send an ISO 7816-4 APDU via ISO 14443-4 block transmission protocol"}, {"raw", CmdHF14ACmdRaw, 0, "Send raw hex data to tag"}, {NULL, NULL, 0, NULL} }; int CmdHF14A(const char *Cmd) { - // flush - WaitForResponseTimeout(CMD_ACK,NULL,100); - - // parse - CmdsParse(CommandTable, Cmd); - return 0; + (void)WaitForResponseTimeout(CMD_ACK,NULL,100); + CmdsParse(CommandTable, Cmd); + return 0; } int CmdHelp(const char *Cmd)