From 0da07fe81c2495125a224eddf339a9c522319467 Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Wed, 2 Jan 2019 19:31:06 +0200
Subject: [PATCH 1/6] get SFI records
---
client/emv/emvcore.c | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/client/emv/emvcore.c b/client/emv/emvcore.c
index b582792ac..8b774eaf0 100644
--- a/client/emv/emvcore.c
+++ b/client/emv/emvcore.c
@@ -335,6 +335,8 @@ int EMVSelectPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, bool decodeTLV, struct tlvdb *tlv) {
uint8_t data[APDU_RES_LEN] = {0};
size_t datalen = 0;
+ uint8_t sfidata[APDU_RES_LEN] = {0};
+ size_t sfidatalen = 0;
uint16_t sw = 0;
int res;
@@ -342,9 +344,47 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
res = EMVSelectPSE(channel, ActivateField, true, PSENum, data, sizeof(data), &datalen, &sw);
if (!res){
+ if (sw != 0x9000) {
+ PrintAndLogEx(FAILED, "Select PSE error. APDU error: %04x.", sw);
+ return 1;
+ }
+
struct tlvdb *t = NULL;
t = tlvdb_parse_multi(data, datalen);
if (t) {
+ struct tlvdb *tsfi = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0x88, 0x00});
+ if (tsfi) {
+ const struct tlv *tsfi_tlv = tlvdb_get_tlv(tsfi);
+ uint8_t sfin = tsfi_tlv->value[0];
+ PrintAndLogEx(INFO, "* PPSE get SFI: 0x%02x.", sfin);
+
+ for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
+ PrintAndLogEx(INFO, "* * Get SFI: 0x%02x. num: 0x%02x", sfin, ui);
+ res = EMVReadRecord(channel, true, sfin, ui, sfidata, sizeof(sfidata), &sfidatalen, &sw, NULL);
+
+ // end of records
+ if (sw == 0x6a83) {
+ PrintAndLogEx(INFO, "* * PPSE get SFI. End of records.");
+ break;
+ }
+
+ // here must bee an error catch!
+ if (sw != 0x9000) {
+ PrintAndLogEx(FAILED, "PPSE get Error. APDU error: %04x.", sw);
+ break;
+ }
+
+ if (decodeTLV){
+ TLVPrintFromBuffer(sfidata, sfidatalen);
+ }
+
+ }
+
+
+ }
+
+
+
int retrycnt = 0;
struct tlvdb *ttmp = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0xbf0c, 0x61, 0x00});
if (!ttmp)
From a5f8454168600d638354ccbe19ff75f599060777 Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Thu, 3 Jan 2019 13:41:28 +0200
Subject: [PATCH 2/6] added pse sfi files get
---
client/emv/emvcore.c | 84 +++++++++++++++++++++++++++++++-------------
1 file changed, 60 insertions(+), 24 deletions(-)
diff --git a/client/emv/emvcore.c b/client/emv/emvcore.c
index 8b774eaf0..bc2fa1a1a 100644
--- a/client/emv/emvcore.c
+++ b/client/emv/emvcore.c
@@ -332,11 +332,38 @@ int EMVSelectPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
return res;
}
+int EMVSelectWithRetry(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
+ int retrycnt = 0;
+ int res = 0;
+ do {
+ res = EMVSelect(channel, false, true, AID, AIDLen, Result, MaxResultLen, ResultLen, sw, tlv);
+
+ // retry if error and not returned sw error
+ if (res && res != 5) {
+ if (++retrycnt < 3){
+ continue;
+ } else {
+ // card select error, proxmark error
+ if (res == 1) {
+ PrintAndLogEx(WARNING, "Exit...");
+ return 1;
+ }
+
+ retrycnt = 0;
+ PrintAndLogEx(NORMAL, "Retry failed [%s]. Skiped...", sprint_hex_inrow(AID, AIDLen));
+ return res;
+ }
+ }
+ } while (res && res != 5);
+
+ return res;
+}
+
int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, bool decodeTLV, struct tlvdb *tlv) {
uint8_t data[APDU_RES_LEN] = {0};
size_t datalen = 0;
- uint8_t sfidata[APDU_RES_LEN] = {0};
- size_t sfidatalen = 0;
+ uint8_t sfidata[0x11][APDU_RES_LEN] = {0};
+ size_t sfidatalen[0x11] = {0};
uint16_t sw = 0;
int res;
@@ -360,24 +387,45 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
PrintAndLogEx(INFO, "* * Get SFI: 0x%02x. num: 0x%02x", sfin, ui);
- res = EMVReadRecord(channel, true, sfin, ui, sfidata, sizeof(sfidata), &sfidatalen, &sw, NULL);
+ res = EMVReadRecord(channel, true, sfin, ui, sfidata[ui], APDU_RES_LEN, &sfidatalen[ui], &sw, NULL);
// end of records
if (sw == 0x6a83) {
+ sfidatalen[ui] = 0;
PrintAndLogEx(INFO, "* * PPSE get SFI. End of records.");
break;
}
- // here must bee an error catch!
+ // error catch!
if (sw != 0x9000) {
+ sfidatalen[ui] = 0;
PrintAndLogEx(FAILED, "PPSE get Error. APDU error: %04x.", sw);
break;
}
if (decodeTLV){
- TLVPrintFromBuffer(sfidata, sfidatalen);
+ TLVPrintFromBuffer(sfidata[ui], sfidatalen[ui]);
+ }
+ }
+
+ for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
+ if (sfidatalen[ui]) {
+ struct tlvdb *tsfi = NULL;
+ tsfi = tlvdb_parse_multi(sfidata[ui], sfidatalen[ui]);
+ if (tsfi) {
+ struct tlvdb *tsfitmp = tlvdb_find_path(tsfi, (tlv_tag_t[]){0x70, 0x61, 0x00});
+ if (!tsfitmp) {
+ PrintAndLogEx(FAILED, "SFI 0x%02d don't have records.", sfidatalen[ui]);
+ continue;
+ }
+
+ // todo: check
+ PrintAndLogEx(INFO, "OK SFI 0x%02d.", sfidatalen[ui]);
+
+
+ }
+ tlvdb_free(tsfi);
}
-
}
@@ -385,7 +433,6 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
- int retrycnt = 0;
struct tlvdb *ttmp = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0xbf0c, 0x61, 0x00});
if (!ttmp)
PrintAndLogEx(FAILED, "PPSE don't have records.");
@@ -393,28 +440,17 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
while (ttmp) {
const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x4f, NULL);
if (tgAID) {
- res = EMVSelect(channel, false, true, (uint8_t *)tgAID->value, tgAID->len, data, sizeof(data), &datalen, &sw, tlv);
+ res = EMVSelectWithRetry(channel, false, true, (uint8_t *)tgAID->value, tgAID->len, data, sizeof(data), &datalen, &sw, tlv);
- // retry if error and not returned sw error
- if (res && res != 5) {
- if (++retrycnt < 3){
- continue;
- } else {
- // card select error, proxmark error
- if (res == 1) {
- PrintAndLogEx(WARNING, "Exit...");
- return 1;
- }
-
- retrycnt = 0;
- PrintAndLogEx(NORMAL, "Retry failed [%s]. Skiped...", sprint_hex_inrow(tgAID->value, tgAID->len));
- }
-
+ // if returned sw error
+ if (res == 5) {
// next element
ttmp = tlvdb_find_next(ttmp, 0x61);
continue;
}
- retrycnt = 0;
+
+ if (res)
+ break;
// all is ok
if (decodeTLV){
From 723298d00cb2628e3f70375e489c7acb5ba59d12 Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Thu, 3 Jan 2019 19:42:40 +0200
Subject: [PATCH 3/6] added new tlv function
---
client/emv/tlv.c | 38 ++++++++++++++++++++++++++++++++++++++
client/emv/tlv.h | 3 +++
2 files changed, 41 insertions(+)
diff --git a/client/emv/tlv.c b/client/emv/tlv.c
index 35bdb5d4c..a41d98c95 100644
--- a/client/emv/tlv.c
+++ b/client/emv/tlv.c
@@ -25,6 +25,7 @@
#include <stdint.h>
#include <stddef.h>
#include <stdlib.h>
+#include <math.h>
#define TLV_TAG_CLASS_MASK 0xc0
#define TLV_TAG_COMPLEX 0x20
@@ -534,3 +535,40 @@ struct tlvdb *tlvdb_elm_get_parent(struct tlvdb *tlvdb)
{
return tlvdb->parent;
}
+
+bool tlv_get_uint8(const struct tlv *etlv, uint8_t *value)
+{
+ *value = 0;
+ if (etlv)
+ {
+ if (etlv->len == 0)
+ return true;
+
+ if (etlv->len == 1)
+ {
+ *value = etlv->value[0];
+ return true;
+ }
+ }
+ return false;
+}
+
+bool tlv_get_int(const struct tlv *etlv, int *value)
+{
+ *value = 0;
+ if (etlv)
+ {
+ if (etlv->len == 0)
+ return true;
+
+ if (etlv->len <= 4)
+ {
+ for (int i = 0; i < etlv->len; i++)
+ {
+ *value += etlv->value[i] * pow(0x100, i);
+ }
+ return true;
+ }
+ }
+ return false;
+}
diff --git a/client/emv/tlv.h b/client/emv/tlv.h
index b25b51de2..e3c7c97fa 100644
--- a/client/emv/tlv.h
+++ b/client/emv/tlv.h
@@ -61,4 +61,7 @@ unsigned char *tlv_encode(const struct tlv *tlv, size_t *len);
bool tlv_is_constructed(const struct tlv *tlv);
bool tlv_equal(const struct tlv *a, const struct tlv *b);
+bool tlv_get_uint8(const struct tlv *etlv, uint8_t *value);
+bool tlv_get_int(const struct tlv *etlv, int *value);
+
#endif
From 00d4393af49a5d9a283ae53eaf40545e124adb7e Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Thu, 3 Jan 2019 19:43:01 +0200
Subject: [PATCH 4/6] tlv_get_uint8
---
client/emv/emvcore.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/client/emv/emvcore.c b/client/emv/emvcore.c
index bc2fa1a1a..80affb6c1 100644
--- a/client/emv/emvcore.c
+++ b/client/emv/emvcore.c
@@ -381,8 +381,8 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
if (t) {
struct tlvdb *tsfi = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0x88, 0x00});
if (tsfi) {
- const struct tlv *tsfi_tlv = tlvdb_get_tlv(tsfi);
- uint8_t sfin = tsfi_tlv->value[0];
+ uint8_t sfin = 0;
+ tlv_get_uint8(tlvdb_get_tlv(tsfi), &sfin);
PrintAndLogEx(INFO, "* PPSE get SFI: 0x%02x.", sfin);
for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
From b5c2ccb78f62d6eb5a5c87aa8c8a61810d514d75 Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Thu, 3 Jan 2019 20:07:08 +0200
Subject: [PATCH 5/6] pse/ppse works
---
client/emv/emvcore.c | 77 +++++++++++++++++++++++++-------------------
1 file changed, 43 insertions(+), 34 deletions(-)
diff --git a/client/emv/emvcore.c b/client/emv/emvcore.c
index 80affb6c1..47705cc60 100644
--- a/client/emv/emvcore.c
+++ b/client/emv/emvcore.c
@@ -359,6 +359,38 @@ int EMVSelectWithRetry(EMVCommandChannel channel, bool ActivateField, bool Leave
return res;
}
+int EMVCheckAID(EMVCommandChannel channel, bool decodeTLV, struct tlvdb *tlvdbelm, struct tlvdb *tlv){
+ uint8_t data[APDU_RES_LEN] = {0};
+ size_t datalen = 0;
+ int res = 0;
+ uint16_t sw = 0;
+
+ while (tlvdbelm) {
+ const struct tlv *tgAID = tlvdb_get_inchild(tlvdbelm, 0x4f, NULL);
+ if (tgAID) {
+ res = EMVSelectWithRetry(channel, false, true, (uint8_t *)tgAID->value, tgAID->len, data, sizeof(data), &datalen, &sw, tlv);
+
+ // if returned sw error
+ if (res == 5) {
+ // next element
+ tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
+ continue;
+ }
+
+ if (res)
+ break;
+
+ // all is ok
+ if (decodeTLV){
+ PrintAndLogEx(NORMAL, "%s:", sprint_hex_inrow(tgAID->value, tgAID->len));
+ TLVPrintFromBuffer(data, datalen);
+ }
+ }
+ tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
+ }
+ return res;
+}
+
int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, bool decodeTLV, struct tlvdb *tlv) {
uint8_t data[APDU_RES_LEN] = {0};
size_t datalen = 0;
@@ -366,6 +398,7 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
size_t sfidatalen[0x11] = {0};
uint16_t sw = 0;
int res;
+ bool fileFound = false;
// select PPSE
res = EMVSelectPSE(channel, ActivateField, true, PSENum, data, sizeof(data), &datalen, &sw);
@@ -379,6 +412,7 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
struct tlvdb *t = NULL;
t = tlvdb_parse_multi(data, datalen);
if (t) {
+ // PSE/PPSE with SFI
struct tlvdb *tsfi = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0x88, 0x00});
if (tsfi) {
uint8_t sfin = 0;
@@ -418,49 +452,24 @@ int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldO
PrintAndLogEx(FAILED, "SFI 0x%02d don't have records.", sfidatalen[ui]);
continue;
}
-
- // todo: check
- PrintAndLogEx(INFO, "OK SFI 0x%02d.", sfidatalen[ui]);
-
-
+ res = EMVCheckAID(channel, decodeTLV, tsfitmp, tlv);
+ fileFound = true;
}
tlvdb_free(tsfi);
}
}
-
-
}
-
+ // PSE/PPSE plain (wo SFI)
struct tlvdb *ttmp = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0xbf0c, 0x61, 0x00});
- if (!ttmp)
- PrintAndLogEx(FAILED, "PPSE don't have records.");
-
- while (ttmp) {
- const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x4f, NULL);
- if (tgAID) {
- res = EMVSelectWithRetry(channel, false, true, (uint8_t *)tgAID->value, tgAID->len, data, sizeof(data), &datalen, &sw, tlv);
-
- // if returned sw error
- if (res == 5) {
- // next element
- ttmp = tlvdb_find_next(ttmp, 0x61);
- continue;
- }
-
- if (res)
- break;
-
- // all is ok
- if (decodeTLV){
- PrintAndLogEx(NORMAL, "%s:", sprint_hex_inrow(tgAID->value, tgAID->len));
- TLVPrintFromBuffer(data, datalen);
- }
- }
-
- ttmp = tlvdb_find_next(ttmp, 0x61);
+ if (ttmp) {
+ res = EMVCheckAID(channel, decodeTLV, ttmp, tlv);
+ fileFound = true;
}
+
+ if (!fileFound)
+ PrintAndLogEx(FAILED, "PPSE don't have records.");
tlvdb_free(t);
} else {
From a86c6fa1a8cf10dac8b8d4f4849f455e562e38af Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Thu, 3 Jan 2019 21:00:07 +0200
Subject: [PATCH 6/6] get rid of math.h )
---
client/emv/tlv.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/client/emv/tlv.c b/client/emv/tlv.c
index a41d98c95..013e9735a 100644
--- a/client/emv/tlv.c
+++ b/client/emv/tlv.c
@@ -25,7 +25,6 @@
#include <stdint.h>
#include <stddef.h>
#include <stdlib.h>
-#include <math.h>
#define TLV_TAG_CLASS_MASK 0xc0
#define TLV_TAG_COMPLEX 0x20
@@ -565,7 +564,7 @@ bool tlv_get_int(const struct tlv *etlv, int *value)
{
for (int i = 0; i < etlv->len; i++)
{
- *value += etlv->value[i] * pow(0x100, i);
+ *value += etlv->value[i] * (1 << (i * 8));
}
return true;
}