2021-05-28 23:54:44 +08:00
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
// Copyright (C) 2021 Merlok
|
|
|
|
//
|
|
|
|
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
|
|
|
// at your option, any later version. See the LICENSE.txt file for the text of
|
|
|
|
// the license.
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
// High frequency FIDO U2F and FIDO2 contactless authenticators
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
//
|
|
|
|
// JAVA implementation here:
|
|
|
|
//
|
|
|
|
// https://github.com/duychuongvn/cipurse-card-core
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
#include "cmdhffido.h"
|
|
|
|
#include <unistd.h>
|
|
|
|
#include "cmdparser.h" // command_t
|
|
|
|
#include "commonutil.h"
|
|
|
|
#include "comms.h"
|
|
|
|
#include "proxmark3.h"
|
|
|
|
#include "emv/emvcore.h"
|
|
|
|
#include "emv/emvjson.h"
|
|
|
|
#include "cliparser.h"
|
|
|
|
#include "cmdhfcipurse.h"
|
|
|
|
#include "cipurse/cipursecore.h"
|
2021-05-29 20:21:53 +08:00
|
|
|
#include "cipurse/cipursecrypto.h"
|
2021-05-28 23:54:44 +08:00
|
|
|
#include "ui.h"
|
|
|
|
#include "cmdhf14a.h"
|
|
|
|
#include "cmdtrace.h"
|
|
|
|
#include "util.h"
|
|
|
|
#include "fileutils.h" // laodFileJSONroot
|
|
|
|
|
|
|
|
static int CmdHelp(const char *Cmd);
|
|
|
|
|
|
|
|
static int CmdHFCipurseInfo(const char *Cmd) {
|
|
|
|
CLIParserContext *ctx;
|
|
|
|
CLIParserInit(&ctx, "hf cipurse info",
|
|
|
|
"Get info from cipurse tags",
|
|
|
|
"hf cipurse info");
|
|
|
|
|
|
|
|
void *argtable[] = {
|
|
|
|
arg_param_begin,
|
|
|
|
arg_param_end
|
|
|
|
};
|
|
|
|
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
|
|
|
CLIParserFree(ctx);
|
|
|
|
|
|
|
|
// info about 14a part
|
|
|
|
infoHF14A(false, false, false);
|
|
|
|
|
|
|
|
// CIPURSE info
|
|
|
|
PrintAndLogEx(INFO, "-----------" _CYAN_("CIPURSE Info") "---------------------------------");
|
|
|
|
SetAPDULogging(false);
|
|
|
|
|
|
|
|
uint8_t buf[APDU_RES_LEN] = {0};
|
|
|
|
size_t len = 0;
|
|
|
|
uint16_t sw = 0;
|
|
|
|
int res = CIPURSESelect(true, true, buf, sizeof(buf), &len, &sw);
|
|
|
|
|
|
|
|
if (res) {
|
|
|
|
DropField();
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sw != 0x9000) {
|
|
|
|
if (sw)
|
|
|
|
PrintAndLogEx(INFO, "Not a CIPURSE card! APDU response: %04x - %s", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
|
|
|
|
else
|
|
|
|
PrintAndLogEx(ERR, "APDU exchange error. Card returns 0x0000.");
|
|
|
|
|
|
|
|
DropField();
|
|
|
|
return PM3_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
PrintAndLogEx(INFO, "Cipurse card: " _GREEN_("OK"));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DropField();
|
|
|
|
return PM3_SUCCESS;
|
|
|
|
}
|
|
|
|
|
2021-05-29 00:57:43 +08:00
|
|
|
static int CmdHFCipurseAuth(const char *Cmd) {
|
|
|
|
uint8_t buf[APDU_RES_LEN] = {0};
|
|
|
|
size_t len = 0;
|
|
|
|
uint16_t sw = 0;
|
2021-05-29 23:37:23 +08:00
|
|
|
uint8_t keyId = 1;
|
|
|
|
uint8_t key[] = {0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73, 0x73};
|
|
|
|
|
|
|
|
CLIParserContext *ctx;
|
|
|
|
CLIParserInit(&ctx, "hf 14a sim",
|
|
|
|
"Simulate ISO/IEC 14443 type A tag with 4,7 or 10 byte UID",
|
|
|
|
"hf 14a sim -t 1 --uid 11223344 -> MIFARE Classic 1k\n");
|
|
|
|
|
|
|
|
void *argtable[] = {
|
|
|
|
arg_param_begin,
|
|
|
|
arg_lit0("a", "apdu", "show APDU requests and responses"),
|
|
|
|
arg_lit0("v", "verbose", "show technical data"),
|
|
|
|
arg_int0("n", "keyid", "<dec>", "key id"),
|
|
|
|
arg_str0("k", "key", "<hex>", "key for authenticate"),
|
|
|
|
arg_param_end
|
|
|
|
};
|
|
|
|
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
|
|
|
|
|
|
|
bool APDULogging = arg_get_lit(ctx, 1);
|
|
|
|
bool verbose = arg_get_lit(ctx, 2);
|
|
|
|
keyId = arg_get_int_def(ctx, 3, 1);
|
|
|
|
|
|
|
|
uint8_t hdata[250] = {0};
|
|
|
|
int hdatalen = sizeof(hdata);
|
|
|
|
CLIGetHexWithReturn(ctx, 4, hdata, &hdatalen);
|
|
|
|
if (hdatalen && hdatalen != 16) {
|
|
|
|
PrintAndLogEx(ERR, "ERROR: key length for AES128 must be 16 bytes only.");
|
|
|
|
CLIParserFree(ctx);
|
|
|
|
return PM3_EINVARG;
|
|
|
|
}
|
|
|
|
if (hdatalen)
|
|
|
|
memcpy(key, hdata, CIPURSE_AES_KEY_LENGTH);
|
2021-05-29 00:57:43 +08:00
|
|
|
|
2021-05-29 23:37:23 +08:00
|
|
|
SetAPDULogging(APDULogging);
|
|
|
|
|
|
|
|
CLIParserFree(ctx);
|
2021-05-29 00:57:43 +08:00
|
|
|
|
|
|
|
int res = CIPURSESelect(true, true, buf, sizeof(buf), &len, &sw);
|
|
|
|
if (res != 0 || sw != 0x9000) {
|
|
|
|
PrintAndLogEx(ERR, "Cipurse select error. Card returns 0x%04x.", sw);
|
|
|
|
DropField();
|
|
|
|
return PM3_ESOFT;
|
|
|
|
}
|
2021-05-29 20:21:53 +08:00
|
|
|
|
2021-05-29 23:37:23 +08:00
|
|
|
CipurseContext cpc = {0};
|
|
|
|
CipurseCSetKey(&cpc, 1, key);
|
2021-05-29 20:51:08 +08:00
|
|
|
|
|
|
|
uint8_t kvv[CIPURSE_KVV_LENGTH] = {0};
|
|
|
|
CipurseCGetKVV(key, kvv);
|
2021-05-29 23:37:23 +08:00
|
|
|
if (verbose)
|
|
|
|
PrintAndLogEx(INFO, "Key: %s KVV: %s", sprint_hex(key, CIPURSE_AES_KEY_LENGTH), sprint_hex_inrow(kvv, CIPURSE_KVV_LENGTH));
|
2021-05-29 00:57:43 +08:00
|
|
|
|
2021-05-29 21:09:34 +08:00
|
|
|
// get RP, rP
|
2021-05-29 00:57:43 +08:00
|
|
|
res = CIPURSEChallenge(buf, sizeof(buf), &len, &sw);
|
|
|
|
if (res != 0 || len != 0x16) {
|
|
|
|
PrintAndLogEx(ERR, "Cipurse get challenge error. Card returns 0x%04x.", sw);
|
|
|
|
DropField();
|
|
|
|
return PM3_ESOFT;
|
|
|
|
}
|
2021-05-29 23:37:23 +08:00
|
|
|
CipurseCSetRandomFromPICC(&cpc, buf);
|
2021-05-29 20:21:53 +08:00
|
|
|
|
2021-05-29 21:09:34 +08:00
|
|
|
// make auth data
|
|
|
|
uint8_t authparams[16 + 16 + 6] = {0};
|
2021-05-29 23:37:23 +08:00
|
|
|
CipurseCAuthenticateHost(&cpc, authparams);
|
2021-05-29 00:57:43 +08:00
|
|
|
|
2021-05-29 21:09:34 +08:00
|
|
|
// authenticate
|
|
|
|
res = CIPURSEMutalAuthenticate(keyId, authparams, sizeof(authparams), buf, sizeof(buf), &len, &sw);
|
|
|
|
if (res != 0 || sw != 0x9000 || len != 0x16) {
|
2021-05-29 23:37:23 +08:00
|
|
|
if (sw == 0x6988)
|
|
|
|
PrintAndLogEx(ERR, "Cipurse authentication error. Wrong key.");
|
|
|
|
else if ((sw == 0x6A88))
|
|
|
|
PrintAndLogEx(ERR, "Cipurse authentication error. Wrong key number.");
|
|
|
|
else PrintAndLogEx(ERR, "Cipurse authentication error. Card returns 0x%04x.", sw);
|
|
|
|
|
2021-05-29 21:09:34 +08:00
|
|
|
DropField();
|
|
|
|
return PM3_ESOFT;
|
|
|
|
}
|
2021-05-29 00:57:43 +08:00
|
|
|
|
|
|
|
DropField();
|
|
|
|
return PM3_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-05-28 23:54:44 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-05-29 00:05:00 +08:00
|
|
|
bool CheckCardCipurse(void) {
|
|
|
|
uint8_t buf[APDU_RES_LEN] = {0};
|
|
|
|
size_t len = 0;
|
|
|
|
uint16_t sw = 0;
|
|
|
|
int res = CIPURSESelect(true, false, buf, sizeof(buf), &len, &sw);
|
|
|
|
|
|
|
|
return (res == 0 && sw == 0x9000);
|
|
|
|
}
|
|
|
|
|
2021-05-28 23:54:44 +08:00
|
|
|
static command_t CommandTable[] = {
|
|
|
|
{"help", CmdHelp, AlwaysAvailable, "This help."},
|
|
|
|
{"info", CmdHFCipurseInfo, IfPm3Iso14443a, "Info about Cipurse tag."},
|
2021-05-29 00:57:43 +08:00
|
|
|
{"auth", CmdHFCipurseAuth, IfPm3Iso14443a, "Authentication."},
|
2021-05-28 23:54:44 +08:00
|
|
|
{NULL, NULL, 0, NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
int CmdHFCipurse(const char *Cmd) {
|
|
|
|
clearCommandBuffer();
|
|
|
|
return CmdsParse(CommandTable, Cmd);
|
|
|
|
}
|
|
|
|
|
|
|
|
int CmdHelp(const char *Cmd) {
|
|
|
|
(void)Cmd; // Cmd is not used so far
|
|
|
|
CmdsHelp(CommandTable);
|
|
|
|
return PM3_SUCCESS;
|
|
|
|
}
|