search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
recover_pk.py: replace secp192r1 by prime192v1
[RRG-proxmark3.git] / client / src / cmdhfict.c
blob4432532c54c972ec2d9a5f3c17016e12d3892c9d
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // SEOS commands
17 //-----------------------------------------------------------------------------
18 #include "cmdhfict.h"
19 #include <ctype.h> // tolower
20 #include <stdio.h>
21 #include <string.h>
22
23 #include "cliparser.h"
24 #include "cmdparser.h" // command_t
25 #include "comms.h" // clearCommandBuffer
26 #include "commonutil.h" // get_sw
27 #include "cmdhf14a.h" // manufacture
28 #include "cmdhfmf.h" // mf_print_sector
29 #include "cmdtrace.h"
30 #include "protocols.h" // definitions of ISO14A/7816 protocol
31 #include "iso7816/apduinfo.h" // GetAPDUCodeDescription
32 #include "protocols.h" // ISO7816 APDU return codes
33 #include "mifare/mifaredefault.h" // AES_KEY_LEN
34 #include "mifare/mifare4.h"
35 #include <mbedtls/aes.h>
36 #include <mbedtls/cmac.h>
37 //#include <mbedtls/entropy.h>
38 #include <mbedtls/error.h>
39 #include "ui.h"
40
41 static int CmdHelp(const char *Cmd);
42
43
44 // missing
45 #define ICT_DESFIRE_FILEKEY "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
46 #define ICT_DESFIRE_MASTER_APPKEY "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
47 #define ICT_BLE_DEFAULT_BASE_KEY "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
48
49 #define ICT_MIFARE_SECTOR 14
50 #define ICT_APP_ID 0x1023f5
51 #define ICT_REV_APP_ID 0xf52310
52 #define ICT_FILE_ID 0
53 #define ICT_FILE_SIZE 128
54
55 #define ICT_CT_DESFIRE 0
56 #define ICT_CT_CLASSIC 1
57 #define ICT_CT_NFC 2
58
59 static const uint8_t ICT_MIFARE_A_KEY[] = {0x9c, 0x28, 0xa6, 0x0f, 0x72, 0x49};
60 static const uint8_t ICT_MIFARE_B_KEY[] = {0xc9, 0x82, 0x6a, 0xf0, 0x27, 0x94};
61
62 static int derive_ble_key(uint8_t *unique_data, uint8_t len, uint8_t *app_key) {
63
64 if (unique_data == NULL || app_key == NULL) {
65 return PM3_EINVARG;
66 }
67
68 uint8_t input[1 + len];
69 input[0] = 0x01;
70 memcpy(input + 1, unique_data, len);
71
72 uint8_t mac[16];
73 memset(mac, 0x00, 16);
74
75 uint8_t key[AES_KEY_LEN];
76 memcpy(key, ICT_BLE_DEFAULT_BASE_KEY, sizeof(key));
77
78 // NIST 800-38B
79 mbedtls_aes_cmac_prf_128(key, MBEDTLS_AES_BLOCK_SIZE, input, sizeof(input), mac);
80
81 memcpy(app_key, mac, sizeof(mac));
82 return PM3_SUCCESS;
83 }
84
85 static int derive_app_key(uint8_t *uid, uint8_t *app_key) {
86 if (uid == NULL || app_key == NULL) {
87 return PM3_EINVARG;
88 }
89
90 /*
91 c = b'\x88' + uid
92 ch, cl = c[0:4], c[4:8]
93 payload = (ch + cl + cl + ch) * 2
94 AES.new(ICT_DESFIRE_MASTER_APPKEY, AES.MODE_CBC, iv=b'\0'*16).decrypt(payload)[16:]
95 */
96 uint8_t input[] = {0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
97 memcpy(input + 1, uid, 7);
98
99 // uint32_t ch = bytes_to_num(input, 4);
100 // uint32_t cl = bytes_to_num(input + 4, 4);
101 // uint64_t payload = ((2 * ch) + (2 * cl) * 2);
102
103 uint8_t key[AES_KEY_LEN];
104 memcpy(key, ICT_DESFIRE_MASTER_APPKEY, AES_KEY_LEN);
105
106 uint8_t iv[16] = {0};
107 mbedtls_aes_context aes;
108 mbedtls_aes_init(&aes);
109 if (mbedtls_aes_setkey_enc(&aes, key, 128)) {
110 return PM3_ESOFT;
111 }
112
113 uint8_t output[8];
114 if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, sizeof(input), iv, input, output)) {
115 return PM3_ESOFT;
116 }
117 mbedtls_aes_free(&aes);
118 memcpy(app_key, output, sizeof(output));
119 return PM3_SUCCESS;
120 }
121
122 // Might miss payload..
123 static int diversify_mifare_key(const uint8_t *uid, uint8_t *app_key, uint8_t app_keylen) {
124 if (uid == NULL || app_key == NULL) {
125 return PM3_EINVARG;
126 }
127
128 if (app_keylen > AES_KEY_LEN) {
129 return PM3_EINVARG;
130 }
131
132 uint8_t input[AES_KEY_LEN];
133 memcpy(input, uid, 4);
134
135 uint32_t big = bytes_to_num(uid, 4);
136 big ^= 0xFFFFFFFF;
137 num_to_bytes(big, 4, input + 4);
138
139 uint8_t key[AES_KEY_LEN];
140 memset(key, 0, sizeof(key));
141 // memcpy(key, ICT_DESFIRE_FILEKEY, AES_KEY_LEN);
142
143 uint8_t iv[16] = {0};
144 mbedtls_aes_context aes;
145 mbedtls_aes_init(&aes);
146 if (mbedtls_aes_setkey_enc(&aes, key, 128)) {
147 return PM3_ESOFT;
148 }
149
150 uint8_t output[AES_KEY_LEN];
151 if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, sizeof(input), iv, input, output)) {
152 return PM3_ESOFT;
153 }
154 mbedtls_aes_free(&aes);
155 memcpy(app_key, output, app_keylen);
156 return PM3_SUCCESS;
157 }
158
159 static int decrypt_card_sector(uint8_t *uid, const uint8_t *sector_data, uint8_t len, uint8_t *plain) {
160 if (uid == NULL || sector_data == NULL || plain == NULL) {
161 return PM3_EINVARG;
162 }
163
164 uint8_t input[len];
165 memcpy(input, sector_data, len);
166
167 uint8_t key[AES_KEY_LEN];
168 diversify_mifare_key(uid, key, sizeof(key));
169
170 uint8_t iv[16] = {0};
171 mbedtls_aes_context aes;
172 mbedtls_aes_init(&aes);
173 if (mbedtls_aes_setkey_enc(&aes, key, 128)) {
174 return PM3_ESOFT;
175 }
176
177 uint8_t output[len];
178 if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, sizeof(input), iv, input, output)) {
179 return PM3_ESOFT;
180 }
181 mbedtls_aes_free(&aes);
182
183 memcpy(plain, output, sizeof(output));
184 return PM3_SUCCESS;
185 }
186
187 static int derive_mifare_key(uint8_t *uid, const uint8_t *base_key, uint8_t *app_key) {
188 if (uid == NULL || base_key == NULL || app_key == NULL) {
189 return PM3_EINVARG;
190 }
191
192 uint8_t diverse[MIFARE_KEY_SIZE];
193 diversify_mifare_key(uid, diverse, sizeof(diverse));
194
195 for (uint8_t i = 0; i < MIFARE_KEY_SIZE; i++) {
196 app_key[i] = base_key[i] ^ diverse[i];
197 }
198
199 return PM3_SUCCESS;
200 }
201
202 static int derive_mifare_key_a(uint8_t *uid, uint8_t *app_key) {
203 return derive_mifare_key(uid, ICT_MIFARE_A_KEY, app_key);
204 }
205
206 static int derive_mifare_key_b(uint8_t *uid, uint8_t *app_key) {
207 return derive_mifare_key(uid, ICT_MIFARE_B_KEY, app_key);
208 }
209
210 static int decrypt_card_file(const uint8_t *card_file, uint8_t len, uint8_t *plain) {
211 if (card_file == NULL || plain == NULL) {
212 return PM3_EINVARG;
213 }
214
215 uint8_t input[ICT_FILE_SIZE];
216 memcpy(input, card_file, len);
217
218 uint8_t key[AES_KEY_LEN] = {0};
219 // memcpy(key, ICT_DESFIRE_FILEKEY, AES_KEY_LEN);
220
221 uint8_t iv[16] = {0};
222 mbedtls_aes_context aes;
223 mbedtls_aes_init(&aes);
224 if (mbedtls_aes_setkey_enc(&aes, key, 128)) {
225 return PM3_ESOFT;
226 }
227
228 uint8_t output[ICT_FILE_SIZE];
229 if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, ICT_FILE_SIZE, iv, input, output)) {
230 return PM3_ESOFT;
231 }
232 mbedtls_aes_free(&aes);
233 memcpy(plain, output, sizeof(output));
234 return PM3_SUCCESS;
235 }
236
237 static int encrypt_card_file(const uint8_t *card_file, uint8_t len, bool padding, uint8_t *enc) {
238
239 if (len > ICT_FILE_SIZE) {
240 return PM3_EINVARG;
241 }
242
243 uint8_t input[ICT_FILE_SIZE];
244 memcpy(input, card_file, len);
245
246 if (padding) {
247 memset(input + len, 0x4C, 128 - len);
248 }
249
250 uint8_t key[AES_KEY_LEN] = {0};
251 // memcpy(key, ICT_DESFIRE_FILEKEY, AES_KEY_LEN);
252
253 uint8_t iv[16] = {0};
254 mbedtls_aes_context aes;
255 mbedtls_aes_init(&aes);
256 if (mbedtls_aes_setkey_enc(&aes, key, 128)) {
257 return PM3_ESOFT;
258 }
259
260 uint8_t output[ICT_FILE_SIZE];
261 if (mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, ICT_FILE_SIZE, iv, input, output)) {
262 return PM3_ESOFT;
263 }
264 mbedtls_aes_free(&aes);
265 memcpy(enc, output, sizeof(output));
266 return PM3_SUCCESS;
267 }
268
269 static void itc_decode_card_blob(const uint8_t *data, uint8_t card_type) {
270 if (data == NULL) {
271 return;
272 }
273 /*
274 uint8_t block[16];
275 if (card_type == ICT_CT_NFC)
276 memcpy(block, data+16, sizeof(block));
277 else
278 memcpy(block, data, sizeof(block));
279
280 uint8_t bit_count = data[8];
281
282 uint8_t wiegand[32];
283
284 if (card_type == ICT_CT_DESFIRE || card_type == ICT_CT_NFC) {
285 memcpy(wiegand, data + 11, 32-11);
286 }
287
288 if (card_type == ICT_CT_CLASSIC) {
289 memcpy(wiegand, data + 9, 32-9);
290 }
291
292 if (bit_count == 26) {
293 fc, cn = decode_wiegand_26(wiegand_payload)
294 ct = "Wiegand 26-bit"
295 }
296 if (bit_count == 34) {
297 fc, cn = decode_wiegand_34(wiegand_payload)
298 ct = "Wiegand 34-bit"
299 }else {
300 return f"Unknown format (bitlength={bit_count})", None, None
301 }
302
303 return ct, fc, cn
304 */
305 }
306 static void itc_encode_card_blob(uint8_t facility_code, uint16_t card_number, uint8_t bit_count) {
307 /*
308 // encode wiegand ..
309 uint8_t wiegand[] = {0,0,0,0,0};
310 if (bit_count == 26) {
311 // wiegand_data = encode_wiegand_26(facility_code, card_number)
312 }
313 if (bit_count == 34) {
314 // wiegand_data = encode_wiegand_34(facility_code, card_number)
315 }
316
317 // card binary blog
318 uint8_t blob[] = {
319 '@', 'I', 'C', 'T', 0x00, 0x80, 0x00, 0x00, bit_count, 0x00, bit_count
320 };
321 // return b'@ICT' + bytes([0,128,0,0,bit_count, 0, bit_count]) + wiegand_data
322 */
323 }
324
325 static int ict_select(void) {
326 bool activate_field = true;
327 bool keep_field_on = true;
328 uint8_t response[PM3_CMD_DATA_SIZE];
329 int resplen = 0;
330
331 // --------------- Select SEOS applet ----------------
332 uint8_t aSELECT_AID[80];
333 int aSELECT_AID_n = 0;
334 param_gethex_to_eol("00a404000aa000000440000101000100", 0, aSELECT_AID, sizeof(aSELECT_AID), &aSELECT_AID_n);
335 int res = ExchangeAPDU14a(aSELECT_AID, aSELECT_AID_n, activate_field, keep_field_on, response, sizeof(response), &resplen);
336 if (res != PM3_SUCCESS) {
337 DropField();
338 return res;
339 }
340
341 if (resplen < 2) {
342 DropField();
343 return PM3_ESOFT;
344 }
345
346 uint16_t sw = get_sw(response, resplen);
347 if (sw != ISO7816_OK) {
348 PrintAndLogEx(ERR, "Selecting SEOS applet aid failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
349 DropField();
350 return PM3_ESOFT;
351 }
352
353 activate_field = false;
354 keep_field_on = false;
355 // --------------- CC file reading ----------------
356
357 uint8_t aSELECT_FILE_ADF[30];
358 int aSELECT_FILE_ADF_n = 0;
359 param_gethex_to_eol("80a504001306112b0601040181e43801010201180101020200", 0, aSELECT_FILE_ADF, sizeof(aSELECT_FILE_ADF), &aSELECT_FILE_ADF_n);
360 res = ExchangeAPDU14a(aSELECT_FILE_ADF, aSELECT_FILE_ADF_n, activate_field, keep_field_on, response, sizeof(response), &resplen);
361 if (res != PM3_SUCCESS) {
362 DropField();
363 return res;
364 }
365
366 sw = get_sw(response, resplen);
367 if (sw != ISO7816_OK) {
368 PrintAndLogEx(ERR, "Selecting ADF file failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
369 DropField();
370 return PM3_ESOFT;
371 }
372
373 return PM3_SUCCESS;
374 }
375
376 int infoICT(bool verbose) {
377 int res = ict_select();
378 if (res == PM3_SUCCESS) {
379 PrintAndLogEx(NORMAL, "");
380 PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
381 }
382 return PM3_SUCCESS;
383 }
384
385 static int CmdHfIctInfo(const char *Cmd) {
386 CLIParserContext *ctx;
387 CLIParserInit(&ctx, "hf ict info",
388 "Get info from ICT encoded credential tags (MIFARE Classic / DESfire)",
389 "hf ict info");
390
391 void *argtable[] = {
392 arg_param_begin,
393 arg_param_end
394 };
395 CLIExecWithReturn(ctx, Cmd, argtable, true);
396 CLIParserFree(ctx);
397 return infoICT(true);
398 }
399
400 static int ict_select_card(iso14a_card_select_t *card) {
401 if (card == NULL) {
402 return PM3_EINVARG;
403 }
404
405 clearCommandBuffer();
406 SendCommandMIX(CMD_HF_ISO14443A_READER, ISO14A_CONNECT, 0, 0, NULL, 0);
407 PacketResponseNG resp;
408 if (WaitForResponseTimeout(CMD_ACK, &resp, 2500) == false) {
409 return PM3_ESOFT;
410 }
411
412 /*
413 0: couldn't read
414 1: OK, with ATS
415 2: OK, no ATS
416 3: proprietary Anticollision
417 */
418 uint64_t select_status = resp.oldarg[0];
419 if (select_status == 0) {
420 return PM3_ESOFT;
421 }
422
423 memcpy(card, (iso14a_card_select_t *)resp.data.asBytes, sizeof(iso14a_card_select_t));
424 return PM3_SUCCESS;
425 }
426
427 static int CmdHfIctReader(const char *Cmd) {
428 CLIParserContext *ctx;
429 CLIParserInit(&ctx, "hf ict reader",
430 "Act as a reader",
431 "hf ict reader\n"
432 );
433 void *argtable[] = {
434 arg_param_begin,
435 arg_param_end
436 };
437 CLIExecWithReturn(ctx, Cmd, argtable, true);
438 CLIParserFree(ctx);
439
440 iso14a_card_select_t card;
441 if (ict_select_card(&card) != PM3_SUCCESS) {
442 return PM3_ESOFT;
443 }
444
445 PrintAndLogEx(INFO, "UID... %s", sprint_hex_inrow(card.uid, card.uidlen));
446 // MFC actions
447 uint8_t uid[4] = {0x04, 0x01, 0x02, 0x03};
448 uint8_t key[MIFARE_KEY_SIZE] = {0};
449 derive_mifare_key_a(card.uid, key);
450 PrintAndLogEx(INFO, "Derived KEY A... %s", sprint_hex_inrow(key, MIFARE_KEY_SIZE));
451
452 memset(key, 0, sizeof(key));
453 derive_mifare_key_b(card.uid, key);
454 PrintAndLogEx(INFO, "Derived KEY B... %s", sprint_hex_inrow(key, MIFARE_KEY_SIZE));
455
456 uint8_t encsector[48] = {0};
457 uint8_t plainsector[48] = {0};
458 decrypt_card_sector(uid, encsector, sizeof(encsector), plainsector);
459
460 // DESFIRE Actions
461 uint8_t aeskey[AES_KEY_LEN] = {0};
462 uint8_t desfireuid[7] = {0x04, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06};
463 derive_app_key(desfireuid, aeskey);
464
465 uint8_t uniquedata[16] = {0};
466 derive_ble_key(uniquedata, sizeof(uniquedata), aeskey);
467
468 uint8_t encdata[ICT_FILE_SIZE] = {0};
469 uint8_t plaindata[ICT_FILE_SIZE] = {0};
470 decrypt_card_file(encdata, sizeof(encdata), plaindata);
471 encrypt_card_file(plaindata, sizeof(plaindata), true, encdata);
472
473 // blob actions
474 uint8_t mfcblob[48] = {0};
475 itc_decode_card_blob(mfcblob, ICT_CT_CLASSIC);
476 itc_encode_card_blob(101, 1337, 26);
477
478 return PM3_SUCCESS;
479 }
480
481 static int CmdHfIctCredential(const char *Cmd) {
482
483 CLIParserContext *ctx;
484 CLIParserInit(&ctx, "hf ict credential",
485 "Read ICT sector from tag and decode",
486 "hf ict credential\n"
487 );
488 void *argtable[] = {
489 arg_param_begin,
490 arg_lit0("v", "verbose", "verbose output"),
491 arg_param_end
492 };
493 CLIExecWithReturn(ctx, Cmd, argtable, true);
494 bool verbose = arg_get_lit(ctx, 1);
495 CLIParserFree(ctx);
496
497 SetAPDULogging(false);
498 DropField();
499
500 iso14a_card_select_t card;
501 if (ict_select_card(&card) != PM3_SUCCESS) {
502 return PM3_ESOFT;
503 }
504
505 bool isdesfire = false;
506 if ((card.sak & 0x24) == 0x24) {
507 isdesfire = true;
508 } else if ((card.sak & 0x20) == 0x20) {
509 if (card.atqa[0] == 0x003 && card.atqa[1] == 0x40) {
510 isdesfire = true;
511 }
512 }
513
514 if (isdesfire) {
515
516 // read file in desfire application
517 // add decrypt sector
518
519 } else {
520 uint16_t sc_size = mfNumBlocksPerSector(ICT_MIFARE_SECTOR) * MFBLOCK_SIZE;
521 uint8_t *data = calloc(sc_size, sizeof(uint8_t));
522 if (data == NULL) {
523 PrintAndLogEx(ERR, "failed to allocate memory");
524 return PM3_EMALLOC;
525 }
526
527 // diversified key A?
528 int res = mf_read_sector(ICT_MIFARE_SECTOR, MF_KEY_A, ICT_MIFARE_A_KEY, data);
529 if (res != PM3_SUCCESS) {
530 free(data);
531 return res;
532 }
533 uint8_t blocks = mfNumBlocksPerSector(ICT_MIFARE_SECTOR);
534 uint8_t start = mfFirstBlockOfSector(ICT_MIFARE_SECTOR);
535
536 mf_print_sector_hdr(ICT_MIFARE_SECTOR);
537 for (int i = 0; i < blocks; i++) {
538 mf_print_block_one(start + i, data + (i * MFBLOCK_SIZE), verbose);
539 }
540
541 // add decrypt sector
542
543 free(data);
544 }
545 return PM3_SUCCESS;
546 }
547
548 static int CmdHfIctList(const char *Cmd) {
549 return CmdTraceListAlias(Cmd, "hf ict", "14a -c");
550 }
551
552 static command_t CommandTable[] = {
553 {"help", CmdHelp, AlwaysAvailable, "This help"},
554 {"credential", CmdHfIctCredential, IfPm3Iso14443a, "Read ICT credential and decode"},
555 {"info", CmdHfIctInfo, IfPm3Iso14443a, "Tag information"},
556 {"list", CmdHfIctList, AlwaysAvailable, "List ICT history"},
557 {"reader", CmdHfIctReader, AlwaysAvailable, "Act like an IS14443-a reader"},
558 {NULL, NULL, NULL, NULL}
559 };
560
561 static int CmdHelp(const char *Cmd) {
562 (void)Cmd; // Cmd is not used so far
563 CmdsHelp(CommandTable);
564 return PM3_SUCCESS;
565 }
566
567 int CmdHFICT(const char *Cmd) {
568 clearCommandBuffer();
569 return CmdsParse(CommandTable, Cmd);
570 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware