mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-22 08:16:16 +08:00
Merge pull request #1376 from merlokk/desf_setconfig
Desfire set configuration
This commit is contained in:
commit
0ce5531f76
|
@ -4885,6 +4885,93 @@ static int CmdHF14ADesDefault(const char *Cmd) {
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int CmdHF14ADesSetConfiguration(const char *Cmd) {
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf mfdes setconfig",
|
||||
"Set card configuration. WARNING! Danger zone! Needs to provide card's master key and works if not blocked by config.",
|
||||
"hf mfdes setconfig --param 03 --data 0428 -> set parameter 03\n"
|
||||
"hf mfdes setconfig --param 02 --data 0875778102637264 -> set parameter 02");
|
||||
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_lit0("a", "apdu", "show APDU requests and responses"),
|
||||
arg_lit0("v", "verbose", "show technical data"),
|
||||
arg_int0("n", "keyno", "<keyno>", "Key number"),
|
||||
arg_str0("t", "algo", "<DES/2TDEA/3TDEA/AES>", "Crypt algo: DES, 2TDEA, 3TDEA, AES"),
|
||||
arg_str0("k", "key", "<Key>", "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"),
|
||||
arg_str0("f", "kdf", "<none/AN10922/gallagher>", "Key Derivation Function (KDF): None, AN10922, Gallagher"),
|
||||
arg_str0("i", "kdfi", "<kdfi>", "KDF input (HEX 1-31 bytes)"),
|
||||
arg_str0("m", "cmode", "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
|
||||
arg_str0("c", "ccset", "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
|
||||
arg_str0("s", "schann", "<d40/ev1/ev2>", "Secure channel: d40/ev1/ev2"),
|
||||
arg_str0(NULL, "aid", "<app id hex>", "Application ID of application for some parameters (3 hex bytes, big endian)"),
|
||||
arg_str0("p", "param", "<HEX 1 byte>", "Parameter id (HEX 1 byte)"),
|
||||
arg_str0("d", "data", "<data HEX>", "Data for parameter (HEX 1..30 bytes)"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||
|
||||
bool APDULogging = arg_get_lit(ctx, 1);
|
||||
bool verbose = arg_get_lit(ctx, 2);
|
||||
|
||||
DesfireContext dctx;
|
||||
int securechann = defaultSecureChannel;
|
||||
uint32_t appid = 0x000000;
|
||||
int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMEncrypted, &appid);
|
||||
if (res) {
|
||||
CLIParserFree(ctx);
|
||||
return res;
|
||||
}
|
||||
|
||||
uint32_t paramid = 0;
|
||||
res = arg_get_u32_hexstr_def_nlen(ctx, 12, 0, ¶mid, 1, true);
|
||||
if (res == 2) {
|
||||
PrintAndLogEx(ERR, "Parameter ID must have 1 bytes length");
|
||||
CLIParserFree(ctx);
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
|
||||
uint8_t param[250] = {0};
|
||||
int paramlen = sizeof(param);
|
||||
CLIGetHexWithReturn(ctx, 13, param, ¶mlen);
|
||||
if (paramlen == 0) {
|
||||
PrintAndLogEx(ERR, "Parameter must have a data.");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
if (paramlen > 50) {
|
||||
PrintAndLogEx(ERR, "Parameter data length must be less than 50 instead of %d.", paramlen);
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
|
||||
SetAPDULogging(APDULogging);
|
||||
CLIParserFree(ctx);
|
||||
|
||||
if (verbose) {
|
||||
if (appid == 0x000000)
|
||||
PrintAndLogEx(INFO, _CYAN_("PICC") " param ID: 0x%02x param[%d]: %s", paramid, paramlen, sprint_hex(param, paramlen));
|
||||
else
|
||||
PrintAndLogEx(INFO, _CYAN_("Application %06x") " param ID: 0x%02x param[%d]: %s", appid, paramid, paramlen, sprint_hex(param, paramlen));
|
||||
}
|
||||
|
||||
res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose);
|
||||
if (res != PM3_SUCCESS) {
|
||||
DropField();
|
||||
return res;
|
||||
}
|
||||
|
||||
DesfireSetCommMode(&dctx, DCMEncryptedPlain);
|
||||
res = DesfireSetConfiguration(&dctx, paramid, param, paramlen);
|
||||
if (res == PM3_SUCCESS) {
|
||||
PrintAndLogEx(SUCCESS, "Set configuration 0x%02x " _GREEN_("ok") " ", paramid);
|
||||
} else {
|
||||
PrintAndLogEx(FAILED, "Set configuration 0x%02x " _RED_("failed") " ", paramid);
|
||||
}
|
||||
DesfireSetCommMode(&dctx, DCMEncrypted);
|
||||
|
||||
DropField();
|
||||
return res;
|
||||
}
|
||||
|
||||
static int CmdHF14ADesChangeKey(const char *Cmd) {
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf mfdes changekey",
|
||||
|
@ -5003,6 +5090,7 @@ static int CmdHF14ADesChangeKey(const char *Cmd) {
|
|||
} else {
|
||||
PrintAndLogEx(FAILED, "Change key " _RED_("failed") " ");
|
||||
}
|
||||
DesfireSetCommMode(&dctx, DCMEncrypted);
|
||||
|
||||
DropField();
|
||||
return res;
|
||||
|
@ -5885,6 +5973,7 @@ static command_t CommandTable[] = {
|
|||
{"formatpicc", CmdHF14ADesFormatPICC, IfPm3Iso14443a, "[new]Format PICC"},
|
||||
{"freemem", CmdHF14ADesGetFreeMem, IfPm3Iso14443a, "[new]Get free memory size"},
|
||||
{"getuid", CmdHF14ADesGetUID, IfPm3Iso14443a, "[new]Get uid from card"},
|
||||
{"setconfig", CmdHF14ADesSetConfiguration, IfPm3Iso14443a, "[new]Set card configuration"},
|
||||
{"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"},
|
||||
{"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"},
|
||||
// {"ndefread", CmdHF14aDesNDEFRead, IfPm3Iso14443a, "Prints NDEF records from card"},
|
||||
|
@ -5933,7 +6022,6 @@ int CmdHFMFDes(const char *Cmd) {
|
|||
|
||||
Native Cmds
|
||||
-----------
|
||||
SetConfiguration
|
||||
ChangeFileSettings
|
||||
|
||||
ISO/IEC 7816 Cmds
|
||||
|
|
|
@ -611,8 +611,10 @@ int DesfireSelectAndAuthenticate(DesfireContext *dctx, DesfireSecureChannel secu
|
|||
PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
if (verbose)
|
||||
PrintAndLogEx(INFO, "App %06x " _GREEN_("selected"), aid);
|
||||
|
||||
res = DesfireAuthenticate(dctx, secureChannel);
|
||||
res = DesfireAuthenticate(dctx, secureChannel, verbose);
|
||||
if (res != PM3_SUCCESS) {
|
||||
PrintAndLogEx(ERR, "Desfire authenticate " _RED_("error") ". Result: %d", res);
|
||||
return PM3_ESOFT;
|
||||
|
@ -628,7 +630,7 @@ int DesfireSelectAndAuthenticate(DesfireContext *dctx, DesfireSecureChannel secu
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel) {
|
||||
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel, bool verbose) {
|
||||
// 3 different way to authenticate AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
|
||||
// 4 different crypto arg1 DES, 3DES, 3K3DES, AES
|
||||
// 3 different communication modes, PLAIN,MAC,CRYPTO
|
||||
|
@ -695,6 +697,9 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
|
|||
uint8_t respcode = 0;
|
||||
uint8_t recv_data[256] = {0};
|
||||
|
||||
if (verbose)
|
||||
PrintAndLogEx(INFO, _CYAN_("Auth:") " cmd: 0x%02x keynum: 0x%02x", subcommand, dctx->keyNum);
|
||||
|
||||
// Let's send our auth command
|
||||
int res = DesfireExchangeEx(false, dctx, subcommand, &dctx->keyNum, 1, &respcode, recv_data, &recv_len, false, 0);
|
||||
if (res != PM3_SUCCESS) {
|
||||
|
@ -907,7 +912,8 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
|
|||
memset(dctx->IV, 0, DESFIRE_MAX_KEY_SIZE);
|
||||
dctx->secureChannel = secureChannel;
|
||||
memcpy(dctx->sessionKeyMAC, dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType));
|
||||
PrintAndLogEx(INFO, "Session key : %s", sprint_hex(dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType)));
|
||||
if (verbose)
|
||||
PrintAndLogEx(INFO, _GREEN_("Session key") " : %s", sprint_hex(dctx->sessionKeyEnc, desfire_get_key_length(dctx->keyType)));
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
@ -1003,6 +1009,10 @@ int DesfireChangeKeyCmd(DesfireContext *dctx, uint8_t *data, size_t len, uint8_t
|
|||
return DesfireCommand(dctx, MFDES_CHANGE_KEY, data, len, resp, resplen, -1);
|
||||
}
|
||||
|
||||
int DesfireSetConfigurationCmd(DesfireContext *dctx, uint8_t *data, size_t len, uint8_t *resp, size_t *resplen) {
|
||||
return DesfireCommand(dctx, MFDES_CHANGE_CONFIGURATION, data, len, resp, resplen, -1);
|
||||
}
|
||||
|
||||
uint8_t DesfireKeyAlgoToType(DesfireCryptoAlgorythm keyType) {
|
||||
switch (keyType) {
|
||||
case T_DES:
|
||||
|
@ -1179,3 +1189,38 @@ int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newke
|
|||
return res;
|
||||
}
|
||||
|
||||
int DesfireSetConfiguration(DesfireContext *dctx, uint8_t paramid, uint8_t *param, size_t paramlen) {
|
||||
uint8_t cdata[200] = {0};
|
||||
cdata[0] = MFDES_CHANGE_CONFIGURATION;
|
||||
uint8_t *data = &cdata[1];
|
||||
data[0] = paramid;
|
||||
memcpy(&data[1], param, paramlen);
|
||||
size_t datalen = 1 + paramlen;
|
||||
|
||||
|
||||
// add crc
|
||||
if (dctx->secureChannel == DACd40) {
|
||||
iso14443a_crc_append(&data[1], datalen - 1);
|
||||
datalen += 2;
|
||||
} else {
|
||||
desfire_crc32_append(cdata, datalen + 1);
|
||||
datalen += 4;
|
||||
}
|
||||
|
||||
// dynamic length
|
||||
if (paramid == 0x02) {
|
||||
data[datalen] = 0x80;
|
||||
datalen++;
|
||||
}
|
||||
|
||||
// send command
|
||||
uint8_t resp[257] = {0};
|
||||
size_t resplen = 0;
|
||||
int res = DesfireSetConfigurationCmd(dctx, data, datalen, resp, &resplen);
|
||||
|
||||
// check response
|
||||
if (res == 0 && resplen > 0)
|
||||
res = -20;
|
||||
|
||||
return res;
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ int DesfireSelectAID(DesfireContext *ctx, uint8_t *aid1, uint8_t *aid2);
|
|||
int DesfireSelectAIDHex(DesfireContext *ctx, uint32_t aid1, bool select_two, uint32_t aid2);
|
||||
|
||||
int DesfireSelectAndAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel, uint32_t aid, bool verbose);
|
||||
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel);
|
||||
int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel, bool verbose);
|
||||
|
||||
int DesfireFormatPICC(DesfireContext *dctx);
|
||||
int DesfireGetFreeMem(DesfireContext *dctx, uint32_t *freemem);
|
||||
|
@ -58,4 +58,7 @@ uint8_t DesfireKeyAlgoToType(DesfireCryptoAlgorythm keyType);
|
|||
int DesfireChangeKeyCmd(DesfireContext *dctx, uint8_t *data, size_t datalen, uint8_t *resp, size_t *resplen);
|
||||
int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newkeynum, DesfireCryptoAlgorythm newkeytype, uint32_t newkeyver, uint8_t *newkey, DesfireCryptoAlgorythm oldkeytype, uint8_t *oldkey, bool verbose);
|
||||
|
||||
int DesfireSetConfigurationCmd(DesfireContext *dctx, uint8_t *data, size_t len, uint8_t *resp, size_t *resplen);
|
||||
int DesfireSetConfiguration(DesfireContext *dctx, uint8_t paramid, uint8_t *param, size_t paramlen);
|
||||
|
||||
#endif // __DESFIRECORE_H
|
||||
|
|
|
@ -126,6 +126,7 @@ static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint
|
|||
memcpy(dstdata, srcdata, hdrlen);
|
||||
DesfireCryptoEncDec(ctx, true, &data[hdrlen], rlen - hdrlen, &dstdata[hdrlen], true);
|
||||
*dstdatalen = rlen;
|
||||
ctx->commMode = DCMEncrypted;
|
||||
break;
|
||||
case DCMNone:
|
||||
;
|
||||
|
@ -172,6 +173,7 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint
|
|||
rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType));
|
||||
DesfireCryptoEncDec(ctx, true, data, rlen, &dstdata[hdrlen], true);
|
||||
*dstdatalen = hdrlen + rlen;
|
||||
ctx->commMode = DCMEncrypted;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue