From a9f28adabf4ee8a9c572b793b1a735d6741f5f32 Mon Sep 17 00:00:00 2001 From: Ave Date: Thu, 17 Dec 2020 22:22:26 +0300 Subject: [PATCH 1/5] emrtd: Improve emrtd_lds_get_data_by_tag to account for variable data sizes --- client/src/cmdhfemrtd.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index daa51be19..9525e0ac0 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -569,9 +569,11 @@ static int emrtd_read_file(uint8_t *dataout, int *dataoutlen, uint8_t *kenc, uin } static bool emrtd_lds_get_data_by_tag(uint8_t *datain, int *datainlen, uint8_t *dataout, int *dataoutlen, int tag1, int tag2, bool twobytetag) { - int offset = 2; + int offset = 1; + offset += emrtd_get_asn1_field_length(datain, *datainlen, offset); int elementidlen = 0; int elementlen = 0; + int elementlenlen = 0; while (offset < *datainlen) { PrintAndLogEx(DEBUG, "emrtd_lds_get_data_by_tag, offset: %i, data: %X", offset, *(datain + offset)); // Determine element ID length to set as offset on asn1datalength @@ -584,13 +586,16 @@ static bool emrtd_lds_get_data_by_tag(uint8_t *datain, int *datainlen, uint8_t * // Get the length of the element elementlen = emrtd_get_asn1_data_length(datain + offset, *datainlen - offset, elementidlen); + // Get the length of the element's length + elementlenlen = emrtd_get_asn1_field_length(datain + offset, *datainlen - offset, elementidlen); + // If the element is what we're looking for, get the data and return true if (*(datain + offset) == tag1 && (!twobytetag || *(datain + offset + 1) == tag2)) { *dataoutlen = elementlen; - memcpy(dataout, datain + offset + elementidlen + 1, elementlen); + memcpy(dataout, datain + offset + elementidlen + elementlenlen, elementlen); return true; } - offset += elementidlen + elementlen + 1; + offset += elementidlen + elementlen + elementlenlen; } // Return false if we can't find the relevant element return false; @@ -894,7 +899,7 @@ static bool emrtd_do_auth(char *documentnumber, char *dob, char *expiry, bool BA // If BAC isn't available, exit out and warn user. if (!BAC_available) { PrintAndLogEx(ERR, "This eMRTD enforces Basic Access Control, but you didn't supply MRZ data. Cannot proceed."); - PrintAndLogEx(HINT, "Check out hf emrtd dump --help, supply data with -n -d and -e."); + PrintAndLogEx(HINT, "Check out hf emrtd info/dump --help, supply data with -n -d and -e."); return false; } From ae7090a47e29177a561ab1fe5e6e37499cc35425 Mon Sep 17 00:00:00 2001 From: Ave Date: Thu, 17 Dec 2020 22:22:41 +0300 Subject: [PATCH 2/5] emrtd: Dump image when dumping EF_DG5 --- client/src/cmdhfemrtd.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 9525e0ac0..cfb4361a4 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -704,6 +704,19 @@ static bool emrtd_select_and_read(uint8_t *dataout, int *dataoutlen, const char return true; } +static bool emrtd_dump_ef_dg5(uint8_t *file_contents, int file_length) { + uint8_t response[EMRTD_MAX_FILE_SIZE]; + int resplen = 0; + + // If we can't find image in EF_DG5, return false. + if (!emrtd_lds_get_data_by_tag(file_contents, &file_length, response, &resplen, 0x5f, 0x40, true)) { + return false; + } + + saveFile("EF_DG5", ".jpg", response, resplen); + return true; +} + static bool emrtd_dump_file(uint8_t *ks_enc, uint8_t *ks_mac, uint8_t *ssc, const char *file, const char *name, bool use_secure, bool use_14b) { uint8_t response[EMRTD_MAX_FILE_SIZE]; int resplen = 0; @@ -716,6 +729,10 @@ static bool emrtd_dump_file(uint8_t *ks_enc, uint8_t *ks_mac, uint8_t *ssc, cons PrintAndLogEx(DEBUG, "Contents (may be incomplete over 2k chars): %s", sprint_hex_inrow(response, resplen)); saveFile(name, ".BIN", response, resplen); + if (strcmp(file, EMRTD_EF_DG5) == 0) { + emrtd_dump_ef_dg5(response, resplen); + } + return true; } From f3d5c60c1085d9cbed0e617f709573143280515e Mon Sep 17 00:00:00 2001 From: Ave Date: Thu, 17 Dec 2020 22:45:41 +0300 Subject: [PATCH 3/5] emrtd: Dump cert when dumping EF_SOD --- client/src/cmdhfemrtd.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index cfb4361a4..299f3e7c7 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -705,15 +705,27 @@ static bool emrtd_select_and_read(uint8_t *dataout, int *dataoutlen, const char } static bool emrtd_dump_ef_dg5(uint8_t *file_contents, int file_length) { - uint8_t response[EMRTD_MAX_FILE_SIZE]; - int resplen = 0; + uint8_t data[EMRTD_MAX_FILE_SIZE]; + int datalen = 0; // If we can't find image in EF_DG5, return false. - if (!emrtd_lds_get_data_by_tag(file_contents, &file_length, response, &resplen, 0x5f, 0x40, true)) { + if (!emrtd_lds_get_data_by_tag(file_contents, &file_length, data, &datalen, 0x5f, 0x40, true)) { return false; } - saveFile("EF_DG5", ".jpg", response, resplen); + saveFile("EF_DG5", ".jpg", data, datalen); + return true; +} + +static bool emrtd_dump_ef_sod(uint8_t *file_contents, int file_length) { + uint8_t data[EMRTD_MAX_FILE_SIZE]; + + int datalenlen = emrtd_get_asn1_field_length(file_contents, file_length, 1); + int datalen = emrtd_get_asn1_data_length(file_contents, file_length, 1); + + memcpy(data, file_contents + datalenlen + 1, datalen); + + saveFile("EF_SOD", ".p7b", data, datalen); return true; } @@ -731,6 +743,8 @@ static bool emrtd_dump_file(uint8_t *ks_enc, uint8_t *ks_mac, uint8_t *ssc, cons if (strcmp(file, EMRTD_EF_DG5) == 0) { emrtd_dump_ef_dg5(response, resplen); + } else if (strcmp(file, EMRTD_EF_SOD) == 0) { + emrtd_dump_ef_sod(response, resplen); } return true; From 7d27dabbf1ba249c7e6f9436bc3514c1e342b424 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 17 Dec 2020 20:46:05 +0100 Subject: [PATCH 4/5] textual --- .github/ISSUE_TEMPLATE/checklist-for-release.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/checklist-for-release.md b/.github/ISSUE_TEMPLATE/checklist-for-release.md index aae8ab053..01709e9ab 100644 --- a/.github/ISSUE_TEMPLATE/checklist-for-release.md +++ b/.github/ISSUE_TEMPLATE/checklist-for-release.md @@ -22,14 +22,14 @@ assignees: doegox, iceman1001 # OS compilation and tests ```bash -make clean && make -j PLATFORM=PM3OTHER && tools/pm3test.sh -make clean && make -j PLATFORM=PM3RDV4 && tools/pm3test.sh -make clean && make -j PLATFORM=PM3RDV4 PLATFORM_EXTRAS=BTADDON && tools/pm3test.sh -make install; pushd /tmp; proxmark3 -c 'data load em4x05.pm3;lf search 1'; popd; make uninstall +make clean && make -j PLATFORM=PM3OTHER && tools/pm3_tests.sh +make clean && make -j PLATFORM=PM3RDV4 && tools/pm3_tests.sh +make clean && make -j PLATFORM=PM3RDV4 PLATFORM_EXTRAS=BTADDON && tools/pm3_tests.sh +make install; pushd /tmp; proxmark3 -c 'data load -f em4x05.pm3;lf search 1'; popd; make uninstall -( cd client; rm -rf build; mkdir build;cd build;cmake .. && make -j PLATFORM=PM3OTHER && PM3BIN=./proxmark3 ../../tools/pm3test.sh client ) -( cd client; rm -rf build; mkdir build;cd build;cmake .. && make -j PLATFORM=PM3RDV4 && PM3BIN=./proxmark3 ../../tools/pm3test.sh client ) -( cd client; rm -rf build; mkdir build;cd build;cmake .. && make -j PLATFORM=PM3RDV4 PLATFORM_EXTRAS=BTADDON && PM3BIN=./proxmark3 ../../tools/pm3test.sh client ) +( cd client; rm -rf build; mkdir build;cd build;cmake .. && make -j PLATFORM=PM3OTHER && PM3BIN=./proxmark3 ../../tools/pm3_tests.sh client ) +( cd client; rm -rf build; mkdir build;cd build;cmake .. && make -j PLATFORM=PM3RDV4 && PM3BIN=./proxmark3 ../../tools/pm3_tests.sh client ) +( cd client; rm -rf build; mkdir build;cd build;cmake .. && make -j PLATFORM=PM3RDV4 PLATFORM_EXTRAS=BTADDON && PM3BIN=./proxmark3 ../../tools/pm3_tests.sh client ) ``` - [ ] RPI Zero From a04d67e82866fe5775467071d6c236312b9fecc0 Mon Sep 17 00:00:00 2001 From: Ave Date: Thu, 17 Dec 2020 23:23:31 +0300 Subject: [PATCH 5/5] emrtd: Dump image when dumping EF_DG2 --- client/src/cmdhfemrtd.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 299f3e7c7..390b95866 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -704,6 +704,33 @@ static bool emrtd_select_and_read(uint8_t *dataout, int *dataoutlen, const char return true; } +static bool emrtd_dump_ef_dg2(uint8_t *file_contents, int file_length) { + uint8_t data[EMRTD_MAX_FILE_SIZE]; + int datalen = 0; + + // This is a hacky impl that just looks for the image header. I'll improve it eventually. + // based on mrpkey.py + // FF D8 FF E0 -> JPEG + // 00 00 00 0C 6A 50 -> JPEG 2000 + for (int i = 0; i < file_length - 6; i++) { + if ((file_contents[i] == 0xFF && file_contents[i + 1] == 0xD8 && file_contents[i + 2] == 0xFF && file_contents[i + 3] == 0xE0) || + (file_contents[i] == 0x00 && file_contents[i + 1] == 0x00 && file_contents[i + 2] == 0x00 && file_contents[i + 3] == 0x0C && file_contents[i + 4] == 0x6A && file_contents[i + 5] == 0x50)) { + datalen = file_length - i; + memcpy(data, file_contents + i, datalen); + break; + } + } + + // If we didn't get any data, return false. + if (datalen == 0) { + return false; + } + + saveFile("EF_DG2", ".jpg", data, datalen); + return true; +} + + static bool emrtd_dump_ef_dg5(uint8_t *file_contents, int file_length) { uint8_t data[EMRTD_MAX_FILE_SIZE]; int datalen = 0; @@ -741,7 +768,9 @@ static bool emrtd_dump_file(uint8_t *ks_enc, uint8_t *ks_mac, uint8_t *ssc, cons PrintAndLogEx(DEBUG, "Contents (may be incomplete over 2k chars): %s", sprint_hex_inrow(response, resplen)); saveFile(name, ".BIN", response, resplen); - if (strcmp(file, EMRTD_EF_DG5) == 0) { + if (strcmp(file, EMRTD_EF_DG2) == 0) { + emrtd_dump_ef_dg2(response, resplen); + } else if (strcmp(file, EMRTD_EF_DG5) == 0) { emrtd_dump_ef_dg5(response, resplen); } else if (strcmp(file, EMRTD_EF_SOD) == 0) { emrtd_dump_ef_sod(response, resplen);