mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-22 08:16:16 +08:00
Merge pull request #1376 from merlokk/desf_setconfig
Desfire set configuration
This commit is contained in:
commit
0ce5531f76
|
@ -4885,6 +4885,93 @@ static int CmdHF14ADesDefault(const char *Cmd) {
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int CmdHF14ADesSetConfiguration(const char *Cmd) {
|
||||||
|
CLIParserContext *ctx;
|
||||||
|
CLIParserInit(&ctx, "hf mfdes setconfig",
|
||||||
|
"Set card configuration. WARNING! Danger zone! Needs to provide card's master key and works if not blocked by config.",
|
||||||
|
"hf mfdes setconfig --param 03 --data 0428 -> set parameter 03\n"
|
||||||
|
"hf mfdes setconfig --param 02 --data 0875778102637264 -> set parameter 02");
|
||||||
|
|
||||||
|
void *argtable[] = {
|
||||||
|
arg_param_begin,
|
||||||
|
arg_lit0("a", "apdu", "show APDU requests and responses"),
|
||||||
|
arg_lit0("v", "verbose", "show technical data"),
|
||||||
|
arg_int0("n", "keyno", "<keyno>", "Key number"),
|
||||||
|
arg_str0("t", "algo", "<DES/2TDEA/3TDEA/AES>", "Crypt algo: DES, 2TDEA, 3TDEA, AES"),
|
||||||
|
arg_str0("k", "key", "<Key>", "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"),
|
||||||
|
arg_str0("f", "kdf", "<none/AN10922/gallagher>", "Key Derivation Function (KDF): None, AN10922, Gallagher"),
|
||||||
|
arg_str0("i", "kdfi", "<kdfi>", "KDF input (HEX 1-31 bytes)"),
|
||||||
|
arg_str0("m", "cmode", "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
|
||||||
|
arg_str0("c", "ccset", "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
|
||||||
|
arg_str0("s", "schann", "<d40/ev1/ev2>", "Secure channel: d40/ev1/ev2"),
|
||||||
|
arg_str0(NULL, "aid", "<app id hex>", "Application ID of application for some parameters (3 hex bytes, big endian)"),
|
||||||
|
arg_str0("p", "param", "<HEX 1 byte>", "Parameter id (HEX 1 byte)"),
|
||||||
|
arg_str0("d", "data", "<data HEX>", "Data for parameter (HEX 1..30 bytes)"),
|
||||||
|
arg_param_end
|
||||||
|
};
|
||||||
|
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||||
|
|
||||||
|
bool APDULogging = arg_get_lit(ctx, 1);
|
||||||
|
bool verbose = arg_get_lit(ctx, 2);
|
||||||
|
|
||||||
|
DesfireContext dctx;
|
||||||
|
int securechann = defaultSecureChannel;
|
||||||
|
uint32_t appid = 0x000000;
|
||||||
|
int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMEncrypted, &appid);
|
||||||
|
if (res) {
|
||||||
|
CLIParserFree(ctx);
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint32_t paramid = 0;
|
||||||
|
res = arg_get_u32_hexstr_def_nlen(ctx, 12, 0, ¶mid, 1, true);
|
||||||
|
if (res == 2) {
|
||||||
|
PrintAndLogEx(ERR, "Parameter ID must have 1 bytes length");
|
||||||
|
CLIParserFree(ctx);
|
||||||
|
return PM3_EINVARG;
|
||||||
|
}
|
||||||
|
|
||||||
|
uint8_t param[250] = {0};
|
||||||
|
int paramlen = sizeof(param);
|
||||||
|
CLIGetHexWithReturn(ctx, 13, param, ¶mlen);
|
||||||
|
if (paramlen == 0) {
|
||||||
|
PrintAndLogEx(ERR, "Parameter must have a data.");
|
||||||
|
return PM3_EINVARG;
|
||||||
|
}
|
||||||
|
if (paramlen > 50) {
|
||||||
|
PrintAndLogEx(ERR, "Parameter data length must be less than 50 instead of %d.", paramlen);
|
||||||
|
return PM3_EINVARG;
|
||||||
|
}
|
||||||
|
|
||||||
|
SetAPDULogging(APDULogging);
|
||||||
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
|
if (verbose) {
|
||||||
|
if (appid == 0x000000)
|
||||||
|
PrintAndLogEx(INFO, _CYAN_("PICC") " param ID: 0x%02x param[%d]: %s", paramid, paramlen, sprint_hex(param, paramlen));
|
||||||
|
else
|
||||||
|
PrintAndLogEx(INFO, _CYAN_("Application %06x") " param ID: 0x%02x param[%d]: %s", appid, paramid, paramlen, sprint_hex(param, paramlen));
|
||||||
|
}
|
||||||
|
|
||||||
|
res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose);
|
||||||
|
if (res != PM3_SUCCESS) {
|
||||||
|
DropField();
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
|
DesfireSetCommMode(&dctx, DCMEncryptedPlain);
|
||||||
|
res = DesfireSetConfiguration(&dctx, paramid, param, paramlen);
|
||||||
|
if (res == PM3_SUCCESS) {
|
||||||
|
PrintAndLogEx(SUCCESS, "Set configuration 0x%02x " _GREEN_("ok") " ", paramid);
|
||||||
|
} else {
|
||||||
|
PrintAndLogEx(FAILED, "Set configuration 0x%02x " _RED_("failed") " ", paramid);
|
||||||
|
}
|
||||||
|
DesfireSetCommMode(&dctx, DCMEncrypted);
|
||||||
|
|
||||||
|
DropField();
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
static int CmdHF14ADesChangeKey(const char *Cmd) {
|
static int CmdHF14ADesChangeKey(const char *Cmd) {
|
||||||
CLIParserContext *ctx;
|
CLIParserContext *ctx;
|
||||||
CLIParserInit(&ctx, "hf mfdes changekey",
|
CLIParserInit(&ctx, "hf mfdes changekey",
|
||||||
|
@ -5003,6 +5090,7 @@ static int CmdHF14ADesChangeKey(const char *Cmd) {
|
||||||
} else {
|
} else {
|
||||||
PrintAndLogEx(FAILED, "Change key " _RED_("failed") " ");
|
PrintAndLogEx(FAILED, "Change key " _RED_("failed") " ");
|
||||||
}
|
}
|
||||||
|
DesfireSetCommMode(&dctx, DCMEncrypted);
|
||||||
|
|
||||||
DropField();
|
DropField();
|
||||||
return res;
|
return res;
|
||||||
|
@ -5885,6 +5973,7 @@ static command_t CommandTable[] = {
|
||||||
{"formatpicc", CmdHF14ADesFormatPICC, IfPm3Iso14443a, "[new]Format PICC"},
|
{"formatpicc", CmdHF14ADesFormatPICC, IfPm3Iso14443a, "[new]Format PICC"},
|
||||||
{"freemem", CmdHF14ADesGetFreeMem, IfPm3Iso14443a, "[new]Get free memory size"},
|
{"freemem", CmdHF14ADesGetFreeMem, IfPm3Iso14443a, "[new]Get free memory size"},
|
||||||
{"getuid", CmdHF14ADesGetUID, IfPm3Iso14443a, "[new]Get uid from card"},
|
{"getuid", CmdHF14ADesGetUID, IfPm3Iso14443a, "[new]Get uid from card"},
|
||||||
|
{"setconfig", CmdHF14ADesSetConfiguration, IfPm3Iso14443a, "[new]Set card configuration"},
|
||||||
{"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"},
|
{"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"},
|
||||||
{"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"},
|
{"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"},
|
||||||
// {"ndefread", CmdHF14aDesNDEFRead, IfPm3Iso14443a, "Prints NDEF records from card"},
|
// {"ndefread", CmdHF14aDesNDEFRead, IfPm3Iso14443a, "Prints NDEF records from card"},
|
||||||
|
@ -5933,7 +6022,6 @@ int CmdHFMFDes(const char *Cmd) {
|
||||||
|
|
||||||
Native Cmds
|
Native Cmds
|
||||||
-----------
|
-----------
|
||||||
SetConfiguration
|
|
||||||
ChangeFileSettings
|
ChangeFileSettings
|
||||||
|
|
||||||
ISO/IEC 7816 Cmds
|
ISO/IEC 7816 Cmds
|
||||||
|
|
|
@ -611,8 +611,10 @@ int DesfireSelectAndAuthenticate(DesfireContext *dctx, DesfireSecureChannel secu
|
||||||
PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
|
PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
if (verbose)
|
||||||
|
PrintAndLogEx(INFO, "App %06x " _GREEN_("selected"), aid);
|
||||||
|
|
||||||
res = DesfireAuthenticate(dctx, secureChannel);
|
res = DesfireAuthenticate(dctx, secureChannel, verbose);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(ERR, "Desfire authenticate " _RED_("error") ". Result: %d", res);
|
PrintAndLogEx(ERR, "Desfire authenticate " _RED_("error") ". Result: %d", res);
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
|
@ -628,7 +630,7 @@ int DesfireSelectAndAuthenticate(DesfireContext *dctx, DesfireSecureChannel secu
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel) {
|
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel, bool verbose) {
|
||||||
// 3 different way to authenticate AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
|
// 3 different way to authenticate AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
|
||||||
// 4 different crypto arg1 DES, 3DES, 3K3DES, AES
|
// 4 different crypto arg1 DES, 3DES, 3K3DES, AES
|
||||||
// 3 different communication modes, PLAIN,MAC,CRYPTO
|
// 3 different communication modes, PLAIN,MAC,CRYPTO
|
||||||
|
@ -695,6 +697,9 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
|
||||||
uint8_t respcode = 0;
|
uint8_t respcode = 0;
|
||||||
uint8_t recv_data[256] = {0};
|
uint8_t recv_data[256] = {0};
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
PrintAndLogEx(INFO, _CYAN_("Auth:") " cmd: 0x%02x keynum: 0x%02x", subcommand, dctx->keyNum);
|
||||||
|
|
||||||
// Let's send our auth command
|
// Let's send our auth command
|
||||||
int res = DesfireExchangeEx(false, dctx, subcommand, &dctx->keyNum, 1, &respcode, recv_data, &recv_len, false, 0);
|
int res = DesfireExchangeEx(false, dctx, subcommand, &dctx->keyNum, 1, &respcode, recv_data, &recv_len, false, 0);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
|
@ -907,7 +912,8 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
|
||||||
memset(dctx->IV, 0, DESFIRE_MAX_KEY_SIZE);
|
memset(dctx->IV, 0, DESFIRE_MAX_KEY_SIZE);
|
||||||
dctx->secureChannel = secureChannel;
|
dctx->secureChannel = secureChannel;
|
||||||
memcpy(dctx->sessionKeyMAC, dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType));
|
memcpy(dctx->sessionKeyMAC, dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType));
|
||||||
PrintAndLogEx(INFO, "Session key : %s", sprint_hex(dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType)));
|
if (verbose)
|
||||||
|
PrintAndLogEx(INFO, _GREEN_("Session key") " : %s", sprint_hex(dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType)));
|
||||||
|
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
}
|
}
|
||||||
|
@ -1003,6 +1009,10 @@ int DesfireChangeKeyCmd(DesfireContext *dctx, uint8_t *data, size_t len, uint8_t
|
||||||
return DesfireCommand(dctx, MFDES_CHANGE_KEY, data, len, resp, resplen, -1);
|
return DesfireCommand(dctx, MFDES_CHANGE_KEY, data, len, resp, resplen, -1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int DesfireSetConfigurationCmd(DesfireContext *dctx, uint8_t *data, size_t len, uint8_t *resp, size_t *resplen) {
|
||||||
|
return DesfireCommand(dctx, MFDES_CHANGE_CONFIGURATION, data, len, resp, resplen, -1);
|
||||||
|
}
|
||||||
|
|
||||||
uint8_t DesfireKeyAlgoToType(DesfireCryptoAlgorythm keyType) {
|
uint8_t DesfireKeyAlgoToType(DesfireCryptoAlgorythm keyType) {
|
||||||
switch (keyType) {
|
switch (keyType) {
|
||||||
case T_DES:
|
case T_DES:
|
||||||
|
@ -1098,7 +1108,7 @@ int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newke
|
||||||
uint8_t pckcdata[DESFIRE_MAX_KEY_SIZE + 10] = {0};
|
uint8_t pckcdata[DESFIRE_MAX_KEY_SIZE + 10] = {0};
|
||||||
uint8_t *cdata = &pckcdata[2];
|
uint8_t *cdata = &pckcdata[2];
|
||||||
uint8_t keynodata = newkeynum & 0x3f;
|
uint8_t keynodata = newkeynum & 0x3f;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Because new crypto methods can be setup only at application creation,
|
* Because new crypto methods can be setup only at application creation,
|
||||||
* changing the card master key to one of them require a key_no tweak.
|
* changing the card master key to one of them require a key_no tweak.
|
||||||
|
@ -1106,7 +1116,7 @@ int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newke
|
||||||
if (change_master_key) {
|
if (change_master_key) {
|
||||||
keynodata |= (DesfireKeyAlgoToType(newkeytype) & 0x03) << 6;
|
keynodata |= (DesfireKeyAlgoToType(newkeytype) & 0x03) << 6;
|
||||||
}
|
}
|
||||||
|
|
||||||
pckcdata[0] = MFDES_CHANGE_KEY; // TODO
|
pckcdata[0] = MFDES_CHANGE_KEY; // TODO
|
||||||
pckcdata[1] = keynodata;
|
pckcdata[1] = keynodata;
|
||||||
|
|
||||||
|
@ -1179,3 +1189,38 @@ int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newke
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int DesfireSetConfiguration(DesfireContext *dctx, uint8_t paramid, uint8_t *param, size_t paramlen) {
|
||||||
|
uint8_t cdata[200] = {0};
|
||||||
|
cdata[0] = MFDES_CHANGE_CONFIGURATION;
|
||||||
|
uint8_t *data = &cdata[1];
|
||||||
|
data[0] = paramid;
|
||||||
|
memcpy(&data[1], param, paramlen);
|
||||||
|
size_t datalen = 1 + paramlen;
|
||||||
|
|
||||||
|
|
||||||
|
// add crc
|
||||||
|
if (dctx->secureChannel == DACd40) {
|
||||||
|
iso14443a_crc_append(&data[1], datalen - 1);
|
||||||
|
datalen += 2;
|
||||||
|
} else {
|
||||||
|
desfire_crc32_append(cdata, datalen + 1);
|
||||||
|
datalen += 4;
|
||||||
|
}
|
||||||
|
|
||||||
|
// dynamic length
|
||||||
|
if (paramid == 0x02) {
|
||||||
|
data[datalen] = 0x80;
|
||||||
|
datalen++;
|
||||||
|
}
|
||||||
|
|
||||||
|
// send command
|
||||||
|
uint8_t resp[257] = {0};
|
||||||
|
size_t resplen = 0;
|
||||||
|
int res = DesfireSetConfigurationCmd(dctx, data, datalen, resp, &resplen);
|
||||||
|
|
||||||
|
// check response
|
||||||
|
if (res == 0 && resplen > 0)
|
||||||
|
res = -20;
|
||||||
|
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
|
@ -38,7 +38,7 @@ int DesfireSelectAID(DesfireContext *ctx, uint8_t *aid1, uint8_t *aid2);
|
||||||
int DesfireSelectAIDHex(DesfireContext *ctx, uint32_t aid1, bool select_two, uint32_t aid2);
|
int DesfireSelectAIDHex(DesfireContext *ctx, uint32_t aid1, bool select_two, uint32_t aid2);
|
||||||
|
|
||||||
int DesfireSelectAndAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel, uint32_t aid, bool verbose);
|
int DesfireSelectAndAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel, uint32_t aid, bool verbose);
|
||||||
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel);
|
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel, bool verbose);
|
||||||
|
|
||||||
int DesfireFormatPICC(DesfireContext *dctx);
|
int DesfireFormatPICC(DesfireContext *dctx);
|
||||||
int DesfireGetFreeMem(DesfireContext *dctx, uint32_t *freemem);
|
int DesfireGetFreeMem(DesfireContext *dctx, uint32_t *freemem);
|
||||||
|
@ -58,4 +58,7 @@ uint8_t DesfireKeyAlgoToType(DesfireCryptoAlgorythm keyType);
|
||||||
int DesfireChangeKeyCmd(DesfireContext *dctx, uint8_t *data, size_t datalen, uint8_t *resp, size_t *resplen);
|
int DesfireChangeKeyCmd(DesfireContext *dctx, uint8_t *data, size_t datalen, uint8_t *resp, size_t *resplen);
|
||||||
int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newkeynum, DesfireCryptoAlgorythm newkeytype, uint32_t newkeyver, uint8_t *newkey, DesfireCryptoAlgorythm oldkeytype, uint8_t *oldkey, bool verbose);
|
int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newkeynum, DesfireCryptoAlgorythm newkeytype, uint32_t newkeyver, uint8_t *newkey, DesfireCryptoAlgorythm oldkeytype, uint8_t *oldkey, bool verbose);
|
||||||
|
|
||||||
|
int DesfireSetConfigurationCmd(DesfireContext *dctx, uint8_t *data, size_t len, uint8_t *resp, size_t *resplen);
|
||||||
|
int DesfireSetConfiguration(DesfireContext *dctx, uint8_t paramid, uint8_t *param, size_t paramlen);
|
||||||
|
|
||||||
#endif // __DESFIRECORE_H
|
#endif // __DESFIRECORE_H
|
||||||
|
|
|
@ -126,6 +126,7 @@ static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint
|
||||||
memcpy(dstdata, srcdata, hdrlen);
|
memcpy(dstdata, srcdata, hdrlen);
|
||||||
DesfireCryptoEncDec(ctx, true, &data[hdrlen], rlen - hdrlen, &dstdata[hdrlen], true);
|
DesfireCryptoEncDec(ctx, true, &data[hdrlen], rlen - hdrlen, &dstdata[hdrlen], true);
|
||||||
*dstdatalen = rlen;
|
*dstdatalen = rlen;
|
||||||
|
ctx->commMode = DCMEncrypted;
|
||||||
break;
|
break;
|
||||||
case DCMNone:
|
case DCMNone:
|
||||||
;
|
;
|
||||||
|
@ -172,6 +173,7 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint
|
||||||
rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType));
|
rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType));
|
||||||
DesfireCryptoEncDec(ctx, true, data, rlen, &dstdata[hdrlen], true);
|
DesfireCryptoEncDec(ctx, true, data, rlen, &dstdata[hdrlen], true);
|
||||||
*dstdatalen = hdrlen + rlen;
|
*dstdatalen = hdrlen + rlen;
|
||||||
|
ctx->commMode = DCMEncrypted;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue