RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-22 00:06:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

emrtd: Code cleanup, impl PRNG

Browse source
This commit is contained in:
Ave 2020-12-14 17:26:47 +03:00
parent a5aed0dffd
commit 1e16b2d2d9
1 changed files with 20 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
client/src/cmdhfemrtd.c
View file

@ -26,6 +26,9 @@
#include "des.h" // mbedtls_des_key_set_parity
#include "cmdhf14b.h" // exchange_14b_apdu
#include "iso14b.h" // ISO14B_CONNECT etc
#include "crapto1/crapto1.h" // prng_successor
#include "commonutil.h" // num_to_bytes
#include "util_posix.h" // msclock
#define TIMEOUT 2000
@ -62,6 +65,9 @@
// App IDs
#define AID_MRTD "A0000002471001"
uint8_t KENC_type[4] = {0x00, 0x00, 0x00, 0x01};
uint8_t KMAC_type[4] = {0x00, 0x00, 0x00, 0x02};
static int CmdHelp(const char *Cmd);
static uint16_t get_sw(uint8_t *d, uint8_t n) {
@ -481,16 +487,9 @@ static bool _secure_read_binary(uint8_t *kmac, uint8_t *ssc, int offset, int byt
PrintAndLogEx(DEBUG, "kmac: %s", sprint_hex_inrow(kmac, 20));
// TODO: hacky
char offsethex[5];
sprintf(offsethex, "%04X", offset);
char offsetbuffer[8];
memcpy(offsetbuffer, offsethex, 2);
int p1 = (int)strtol(offsetbuffer, NULL, 16);
memcpy(offsetbuffer, offsethex + 2, 2);
int p2 = (int)strtol(offsetbuffer, NULL, 16);
temp[2] = p1;
temp[3] = p2;
// Set p1 and p2
temp[2] = (uint8_t)(offset >> 8);
temp[3] = (uint8_t)(offset >> 0);
int cmdlen = pad_block(temp, 4, cmd);
PrintAndLogEx(DEBUG, "cmd: %s", sprint_hex_inrow(cmd, cmdlen));
@ -523,7 +522,7 @@ static bool _secure_read_binary(uint8_t *kmac, uint8_t *ssc, int offset, int byt
memcpy(data + 3, do8e, 10);
PrintAndLogEx(DEBUG, "data: %s", sprint_hex_inrow(data, lc));
sprintf(command, "0C%s%02X%02X%02X%s00", READ_BINARY, p1, p2, lc, sprint_hex_inrow(data, lc));
sprintf(command, "0C%s%04X%02X%s00", READ_BINARY, offset, lc, sprint_hex_inrow(data, lc));
PrintAndLogEx(DEBUG, "command: %s", command);
if (exchange_commands(command, dataout, dataoutlen, false, true, use_14b) == false) {
@ -727,6 +726,13 @@ static bool dump_file(uint8_t *ks_enc, uint8_t *ks_mac, uint8_t *ssc, const char
return true;
}
static void rng(int length, uint8_t *dataout) {
// Do very very secure prng operations
for (int i = 0; i < (length / 4); i++) {
num_to_bytes(prng_successor(msclock() + i, 32), 4, &dataout[i * 4]);
}
}
int dumpHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
uint8_t response[25000];
uint8_t rnd_ic[8];
@ -735,12 +741,9 @@ int dumpHF_EMRTD(char *documentnumber, char *dob, char *expiry) {
int resplen = 0;
// bool BAC = true;
uint8_t S[32];
// TODO: Code sponsored jointly by duracell and sony
uint8_t rnd_ifd[8] = {0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA};
uint8_t k_ifd[16] = {0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA};
// TODO: get these _types into a better spot
uint8_t KENC_type[4] = {0x00, 0x00, 0x00, 0x01};
uint8_t KMAC_type[4] = {0x00, 0x00, 0x00, 0x02};
uint8_t rnd_ifd[8], k_ifd[16];
rng(8, rnd_ifd);
rng(16, k_ifd);
bool use_14b = false;