Merge branch 'master' of https://github.com/RfidResearchGroup/proxmark3

CHANGELOG.md

@@ -83,6 +83,9 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
  - Added `hf fido` commands that work with FIDO U2F authenticators (@merlokk)
  - Added mbedtls instead of old polarssl (@merlokk)
  - Added jansson (@merlokk)
+ - Added `hf emv scan` - save card's data to json file (@merlokk)
+ - Added `hf emv` `gpo`, `readrec`, `genac`, `challenge`, `intauth` - separate commands from `hf emc exec` (@merlokk)
+ 
 ### Fixed
 - Changed driver file proxmark3.inf to support both old and new Product/Vendor IDs (piwi)
 - Changed start sequence in Qt mode (fix: short commands hangs main Qt thread) (Merlok)

client/cmdhf14a.c

@@ -171,13 +171,6 @@ int usage_hf_14a_info(void){
 	PrintAndLogEx(NORMAL, "       n    test for nack bug");
 	return 0;
 }
-int usage_hf_14a_apdu(void) {
-	PrintAndLogEx(NORMAL, "Usage: hf 14a apdu [-s] [-k] [-t] <APDU (hex)>");
-	PrintAndLogEx(NORMAL, "       -s    activate field and select card");
-	PrintAndLogEx(NORMAL, "       -k    leave the signal field ON after receive response");
-	PrintAndLogEx(NORMAL, "       -t    executes TLV decoder if it possible. TODO!!!!");
-	return 0;
-}
 int usage_hf_14a_antifuzz(void) {
 	PrintAndLogEx(NORMAL, "Usage: hf 14a antifuzz [4|7|10]");
 	PrintAndLogEx(NORMAL, "       <len>    determine which anticollision phase the command will target.");
@@ -190,6 +183,45 @@ int CmdHF14AList(const char *Cmd) {
 	return 0;
 }
 
+int Hf14443_4aGetCardData(iso14a_card_select_t * card) {
+	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};
+	SendCommand(&c);
+
+	UsbCommand resp;
+	WaitForResponse(CMD_ACK,&resp);
+	
+	memcpy(card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
+
+	uint64_t select_status = resp.arg[0];		// 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
+	
+	if(select_status == 0) {
+		PrintAndLog("E->iso14443a card select failed");
+		return 1;
+	}
+
+	if(select_status == 2) {
+		PrintAndLog("E->Card doesn't support iso14443-4 mode");
+		return 1;
+	}
+
+	if(select_status == 3) {
+		PrintAndLog("E->Card doesn't support standard iso14443-3 anticollision");
+		PrintAndLog("\tATQA : %02x %02x", card->atqa[1], card->atqa[0]);
+		return 1;
+	}
+
+	PrintAndLog(" UID: %s", sprint_hex(card->uid, card->uidlen));
+	PrintAndLog("ATQA: %02x %02x", card->atqa[1], card->atqa[0]);
+	PrintAndLog(" SAK: %02x [%" PRIu64 "]", card->sak, resp.arg[0]);
+	if(card->ats_len < 3) {			// a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
+		PrintAndLog("E-> Error ATS length(%d) : %s", card->ats_len, sprint_hex(card->ats, card->ats_len));
+		return 1;
+	}
+	PrintAndLog(" ATS: %s", sprint_hex(card->ats, card->ats_len));
+	
+	return 0;
+}
+
 int CmdHF14AReader(const char *Cmd) {
 
 	uint32_t cm = ISO14A_CONNECT;
@@ -875,57 +907,35 @@ int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool lea
 	return 0;
 }
 
+// ISO14443-4. 7. Half-duplex block transmission protocol
 int CmdHF14AAPDU(const char *cmd) {
 	uint8_t data[USB_CMD_DATA_SIZE];
 	int datalen = 0;
 	bool activateField = false;
 	bool leaveSignalON = false;
 	bool decodeTLV = false;
-	
-	if (strlen(cmd) < 2) return usage_hf_14a_apdu();
 
-	int cmdp = 0;
-	while(param_getchar(cmd, cmdp) != 0x00) {
-		char c = param_getchar(cmd, cmdp);
-		if ((c == '-') && (param_getlength(cmd, cmdp) == 2))
-			switch (tolower(param_getchar_indx(cmd, 1, cmdp))) {
-				case 'h':
-					return usage_hf_14a_apdu();
-				case 's':
-					activateField = true;
-					break;
-				case 'k':
-					leaveSignalON = true;
-					break;
-				case 't':
-					decodeTLV = true;
-					break;
-				default:
-					PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar_indx(cmd, 1, cmdp));
-					return 1;
-			}
+	CLIParserInit("hf 14a apdu", 
+		"Sends an ISO 7816-4 APDU via ISO 14443-4 block transmission protocol (T=CL)", 
+		"Sample:\n\thf 14a apdu -st 00A404000E325041592E5359532E444446303100\n");
+
+	void* argtable[] = {
+		arg_param_begin,
+		arg_lit0("sS",  "select",  "activate field and select card"),
+		arg_lit0("kK",  "keep",    "leave the signal field ON after receive response"),
+		arg_lit0("tT",  "tlv",     "executes TLV decoder if it possible"),
+		arg_strx1(NULL, NULL,      "<APDU (hex)>", NULL),
+		arg_param_end
+	};
+	CLIExecWithReturn(cmd, argtable, false);
 			
-		if (isxdigit(c)) {
+	activateField = arg_get_lit(1);
+	leaveSignalON = arg_get_lit(2);
+	decodeTLV = arg_get_lit(3);
 			// len = data + PCB(1b) + CRC(2b)
-			switch(param_gethex_to_eol(cmd, cmdp, data, sizeof(data) - 1 - 2, &datalen)) {
-			case 1:
-				PrintAndLogEx(WARNING, "invalid HEX value.");
-				return 1;
-			case 2:
-				PrintAndLogEx(WARNING, "APDU too large.");
-				return 1;
-			case 3:
-				PrintAndLogEx(WARNING, "hex must have even number of digits.");
-				return 1;
-			}
-			
-			// we get all the hex to end of line with spaces
-			break;
-		}
-		
-		cmdp++;
-	}
+	CLIGetHexBLessWithReturn(4, data, &datalen, 1 + 2);
 
+CLIParserFree();
 	PrintAndLogEx(NORMAL, ">>>>[%s%s%s] %s", activateField ? "sel ": "", leaveSignalON ? "keep ": "", decodeTLV ? "TLV": "", sprint_hex(data, datalen));
 	
 	int res = ExchangeAPDU14a(data, datalen, activateField, leaveSignalON, data, USB_CMD_DATA_SIZE, &datalen);

client/cmdhf14a.h

@@ -50,6 +50,7 @@ extern int CmdHF14ACUIDs(const char *Cmd);
 extern int CmdHF14AAntiFuzz(const char *cmd);
 
 extern char* getTagInfo(uint8_t uid);
+extern int Hf14443_4aGetCardData(iso14a_card_select_t * card);
 extern int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);									
 extern int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
 

client/cmdsmartcard.c

@@ -344,7 +344,7 @@ int CmdSmartUpgrade(const char *Cmd) {
 		PrintAndLogEx(WARNING, "timeout while waiting for reply.");
 		return 1;
 	}
-	if ( (resp.arg[0] && 0xFF ) )
+	if ( (resp.arg[0] & 0xFF ) )
 		PrintAndLogEx(SUCCESS, "Smartcard socket firmware upgraded successful");
 	else
 		PrintAndLogEx(FAILED, "Smartcard socket firmware updating failed");

client/emv/emv_pki.c

@@ -27,6 +27,11 @@
 #include <string.h>
 #include <stdarg.h>
 
+static bool strictExecution = true;
+void PKISetStrictExecution(bool se) {
+	strictExecution = se;
+}
+
 static const unsigned char empty_tlv_value[] = {};
 static const struct tlv empty_tlv = {.tag = 0x0, .len = 0, .value = empty_tlv_value};
 
@@ -108,9 +113,12 @@ static unsigned char *emv_pki_decode_message(const struct emv_pk *enc_pk,
 		printf("ERROR: Calculated wrong hash\n");
 		printf("decoded:    %s\n",sprint_hex(data + data_len - 1 - hash_len, hash_len));
 		printf("calculated: %s\n",sprint_hex(crypto_hash_read(ch), hash_len));
-		crypto_hash_close(ch);
-		free(data);
-		return NULL;
+		
+		if (strictExecution) {
+			crypto_hash_close(ch);
+			free(data);
+			return NULL;
+		}
 	}
 
 	crypto_hash_close(ch);

client/emv/emv_pki.h

@@ -21,6 +21,8 @@
 
 #include <stddef.h>
 
+extern void PKISetStrictExecution(bool se);
+
 struct emv_pk *emv_pki_recover_issuer_cert(const struct emv_pk *pk, struct tlvdb *db);
 struct emv_pk *emv_pki_recover_icc_cert(const struct emv_pk *pk, struct tlvdb *db, const struct tlv *sda_tlv);
 struct emv_pk *emv_pki_recover_icc_pe_cert(const struct emv_pk *pk, struct tlvdb *db);

client/emv/emvcore.c

@@ -9,6 +9,8 @@
 //-----------------------------------------------------------------------------
 
 #include "emvcore.h"
+#include "emvjson.h"
+#include "util_posix.h"
 
 // Got from here. Thanks)
 // https://eftlab.co.uk/index.php/site-map/knowledge-base/211-emv-aid-rid-pix
@@ -18,6 +20,13 @@ static const char *PSElist [] = {
 };
 //static const size_t PSElistLen = sizeof(PSElist)/sizeof(char*);
 
+char *TransactionTypeStr[] = {
+	"MSD",
+	"VSDC",
+	"qVCDCMCHIP",
+	"CDA"
+};
+
 typedef struct {
 	enum CardPSVendor vendor;
 	const char* aid;
@@ -257,9 +266,14 @@ int EMVExchangeEx(bool ActivateField, bool LeaveFieldON, sAPDU apdu, bool Includ
 		*sw = isw;
 
 	if (isw != 0x9000) {
-		if (APDULogging)
-			PrintAndLogEx(WARNING, "APDU(%02x%02x) ERROR: [%4X] %s", apdu.CLA, apdu.INS, isw, GetAPDUCodeDescription(*sw >> 8, *sw & 0xff));
-		return 5;
+		if (APDULogging) {
+			if (*sw >> 8 == 0x61) {
+				PrintAndLogEx(ERR, "APDU chaining len:%02x -->", *sw & 0xff);
+			} else {
+				PrintAndLogEx(ERR, "APDU(%02x%02x) ERROR: [%4X] %s", apdu.CLA, apdu.INS, isw, GetAPDUCodeDescription(*sw >> 8, *sw & 0xff));
+				return 5;
+			}
+		}
 	}
 
 	// add to tlv tree
@@ -527,7 +541,7 @@ int trSDA(struct tlvdb *tlv) {
 	if (!sda_tlv || sda_tlv->len < 1) {
 		emv_pk_free(issuer_pk);
 		emv_pk_free(pk);
-		PrintAndLogEx(WARNING, "Error: Can't find input list for Offline Data Authentication. Exit.");
+		PrintAndLogEx(WARNING, "Can't find input list for Offline Data Authentication. Exit.");
 		return 3;
 	}
 	
@@ -539,7 +553,7 @@ int trSDA(struct tlvdb *tlv) {
 	} else {
 		emv_pk_free(issuer_pk);
 		emv_pk_free(pk);
-		PrintAndLogEx(WARNING, "Error: SSAD verify error");
+		PrintAndLogEx(WARNING, "SSAD verify error");
 		return 4;
 	}
 	
@@ -851,3 +865,63 @@ int trCDA(struct tlvdb *tlv, struct tlvdb *ac_tlv, struct tlv *pdol_data_tlv, st
 	emv_pk_free(icc_pk);
 	return 0;
 }
+
+int RecoveryCertificates(struct tlvdb *tlvRoot, json_t *root) {
+	
+	struct emv_pk *pk = get_ca_pk(tlvRoot);
+	if (!pk) {
+		PrintAndLog("ERROR: Key not found. Exit.");
+		return 1;
+	}
+
+	struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlvRoot);
+	if (!issuer_pk) {
+		emv_pk_free(pk);
+		PrintAndLog("WARNING: Issuer certificate not found. Exit.");
+		return 2;
+	}
+	PrintAndLog("Issuer PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx",
+			issuer_pk->rid[0],
+			issuer_pk->rid[1],
+			issuer_pk->rid[2],
+			issuer_pk->rid[3],
+			issuer_pk->rid[4],
+			issuer_pk->index,
+			issuer_pk->serial[0],
+			issuer_pk->serial[1],
+			issuer_pk->serial[2]
+			);
+
+	JsonSaveBufAsHex(root, "$.ApplicationData.RID", issuer_pk->rid, 5);
+
+	char *issuer_pk_c = emv_pk_dump_pk(issuer_pk);
+	JsonSaveStr(root, "$.ApplicationData.IssuerPublicKeyDec", issuer_pk_c);
+	JsonSaveBufAsHex(root, "$.ApplicationData.IssuerPublicKeyModulus", issuer_pk->modulus, issuer_pk->mlen);
+	free(issuer_pk_c);
+
+	struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlvRoot, NULL);
+	if (!icc_pk) {
+		emv_pk_free(pk);
+		emv_pk_free(issuer_pk);
+		PrintAndLog("WARNING: ICC certificate not found. Exit.");
+		return 2;
+	}
+	printf("ICC PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx\n",
+			icc_pk->rid[0],
+			icc_pk->rid[1],
+			icc_pk->rid[2],
+			icc_pk->rid[3],
+			icc_pk->rid[4],
+			icc_pk->index,
+			icc_pk->serial[0],
+			icc_pk->serial[1],
+			icc_pk->serial[2]
+			);
+	
+	char *icc_pk_c = emv_pk_dump_pk(icc_pk);
+	JsonSaveStr(root, "$.ApplicationData.ICCPublicKeyDec", icc_pk_c);
+	JsonSaveBufAsHex(root, "$.ApplicationData.ICCPublicKeyModulus", icc_pk->modulus, icc_pk->mlen);
+	free(issuer_pk_c);
+	
+	return 0;
+}

client/emv/emvcore.h

@@ -16,6 +16,7 @@
 #include <stdlib.h>
 #include <inttypes.h>
 #include <string.h>
+#include <jansson.h>
 #include "util.h"
 #include "common.h"
 #include "ui.h"
@@ -37,6 +38,7 @@ enum TransactionType {
 	TT_QVSDCMCHIP,
 	TT_CDA,
 };
+extern char *TransactionTypeStr[];
 
 typedef struct {
 	uint8_t CLA;
@@ -93,6 +95,8 @@ extern int trSDA(struct tlvdb *tlv);
 extern int trDDA(bool decodeTLV, struct tlvdb *tlv);
 extern int trCDA(struct tlvdb *tlv, struct tlvdb *ac_tlv, struct tlv *pdol_data_tlv, struct tlv *ac_data_tlv);
 
+extern int RecoveryCertificates(struct tlvdb *tlvRoot, json_t *root);
+
 #endif