From 61ea3109c9d6529c1b1f77c7ff78fe6aafb0f80f Mon Sep 17 00:00:00 2001 From: merlokk Date: Wed, 24 Oct 2018 18:18:05 +0300 Subject: [PATCH 1/5] start merge --- client/Makefile | 3 + client/cliparser/cliparser.c | 45 ++- client/cliparser/cliparser.h | 8 +- client/cmdhf.c | 1 + client/cmdhf.h | 1 + client/cmdhfmf.c | 120 +----- client/cmdhfmfp.c | 696 +++++++++++++++++++++++++++++++++++ client/cmdhfmfp.h | 18 + client/mifare4.c | 153 ++++++++ client/mifare4.h | 35 ++ common/polarssl/libpcrypto.c | 44 +++ common/polarssl/libpcrypto.h | 20 + 12 files changed, 1015 insertions(+), 129 deletions(-) create mode 100644 client/cmdhfmfp.c create mode 100644 client/cmdhfmfp.h create mode 100644 client/mifare4.c create mode 100644 client/mifare4.h create mode 100644 common/polarssl/libpcrypto.c create mode 100644 common/polarssl/libpcrypto.h diff --git a/client/Makefile b/client/Makefile index eaf846610..c832d9e49 100644 --- a/client/Makefile +++ b/client/Makefile @@ -110,6 +110,7 @@ CMDSRCS = crapto1/crapto1.c \ polarssl/sha1.c \ polarssl/sha256.c \ polarssl/base64.c \ + polarssl/libpcrypto.c \ cliparser/argtable3.c\ cliparser/cliparser.c\ loclass/cipher.c \ @@ -147,6 +148,7 @@ CMDSRCS = crapto1/crapto1.c \ emv/test/dda_test.c\ emv/test/cda_test.c\ emv/cmdemv.c \ + mifare4.c \ cmdanalyse.c \ cmdhf.c \ cmdhflist.c \ @@ -158,6 +160,7 @@ CMDSRCS = crapto1/crapto1.c \ cmdhficlass.c \ cmdhfmf.c \ cmdhfmfu.c \ + cmdhfmfp.c \ cmdhfmfhard.c \ hardnested/hardnested_bruteforce.c \ cmdhfmfdes.c \ diff --git a/client/cliparser/cliparser.c b/client/cliparser/cliparser.c index 56be2ca6a..954220398 100644 --- a/client/cliparser/cliparser.c +++ b/client/cliparser/cliparser.c @@ -153,23 +153,14 @@ void CLIParserFree() { // convertors int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen) { *datalen = 0; - if (!argstr->count) - return 0; - char buf[256] = {0}; int ibuf = 0; + uint8_t buf[256] = {0}; + int res = CLIParamStrToBuf(argstr, buf, maxdatalen * 2, &ibuf); // *2 because here HEX + if (res || !ibuf) + return res; - for (int i = 0; i < argstr->count; i++) { - int len = strlen(argstr->sval[i]); - memcpy(&buf[ibuf], argstr->sval[i], len); - ibuf += len; - } - buf[ibuf] = 0; - - if (!ibuf) - return 0; - - switch(param_gethex_to_eol(buf, 0, data, maxdatalen, datalen)) { + switch(param_gethex_to_eol((char *)buf, 0, data, maxdatalen, datalen)) { case 1: printf("Parameter error: Invalid HEX value.\n"); return 1; @@ -184,5 +175,31 @@ int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int return 0; } +int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen) { + *datalen = 0; + if (!argstr->count) + return 0; + + uint8_t buf[256] = {0}; + int ibuf = 0; + + for (int i = 0; i < argstr->count; i++) { + int len = strlen(argstr->sval[i]); + memcpy(&buf[ibuf], argstr->sval[i], len); + ibuf += len; + } + buf[ibuf] = 0; + + if (!ibuf) + return 0; + + if (ibuf > maxdatalen) + return 2; + + memcpy(data, buf, ibuf); + *datalen = ibuf; + + return 0; +} diff --git a/client/cliparser/cliparser.h b/client/cliparser/cliparser.h index 7c1ced207..05910ea43 100644 --- a/client/cliparser/cliparser.h +++ b/client/cliparser/cliparser.h @@ -17,7 +17,9 @@ #define arg_getsize(a) (sizeof(a) / sizeof(a[0])) #define arg_get_lit(n)(((struct arg_lit*)argtable[n])->count) +#define arg_get_int_count(n)(((struct arg_int*)argtable[n])->count) #define arg_get_int(n)(((struct arg_int*)argtable[n])->ival[0]) +#define arg_get_int_def(n,def)(arg_get_int_count(n)?(arg_get_int(n)):(def)) #define arg_get_str(n)((struct arg_str*)argtable[n]) #define arg_get_str_len(n)(strlen(((struct arg_str*)argtable[n])->sval[0])) @@ -25,8 +27,9 @@ #define arg_strx0(shortopts, longopts, datatype, glossary) (arg_strn((shortopts), (longopts), (datatype), 0, 250, (glossary))) #define CLIExecWithReturn(cmd, atbl, ifempty) if (CLIParserParseString(cmd, atbl, arg_getsize(atbl), ifempty)){CLIParserFree();return 0;} -#define CLIGetStrBLessWithReturn(paramnum, data, datalen, delta) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data) - (delta), datalen)) {CLIParserFree();return 1;} -#define CLIGetStrWithReturn(paramnum, data, datalen) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;} +#define CLIGetHexBLessWithReturn(paramnum, data, datalen, delta) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data) - (delta), datalen)) {CLIParserFree();return 1;} +#define CLIGetHexWithReturn(paramnum, data, datalen) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;} +#define CLIGetStrWithReturn(paramnum, data, datalen) if (CLIParamStrToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;} extern int CLIParserInit(char *vprogramName, char *vprogramHint, char *vprogramHelp); extern int CLIParserParseString(const char* str, void* argtable[], size_t vargtableLen, bool allowEmptyExec); @@ -35,3 +38,4 @@ extern int CLIParserParseArg(int argc, char **argv, void* argtable[], size_t var extern void CLIParserFree(); extern int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen); +extern int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen); diff --git a/client/cmdhf.c b/client/cmdhf.c index 594450271..30669d24d 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -117,6 +117,7 @@ static command_t CommandTable[] = { {"legic", CmdHFLegic, 1, "{ LEGIC RFIDs... }"}, {"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"}, {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, + {"mfp", CmdHFMFP, 1, "{ MIFARE Plus RFIDs... }"}, {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"}, {"mfdes", CmdHFMFDes, 1, "{ MIFARE Desfire RFIDs... }"}, {"topaz", CmdHFTopaz, 1, "{ TOPAZ (NFC Type 1) RFIDs... }"}, diff --git a/client/cmdhf.h b/client/cmdhf.h index be369b626..a4cc2e95c 100644 --- a/client/cmdhf.h +++ b/client/cmdhf.h @@ -26,6 +26,7 @@ #include "cmdhficlass.h" // ICLASS #include "cmdhfmf.h" // CLASSIC #include "cmdhfmfu.h" // ULTRALIGHT/NTAG etc +#include "cmdhfmfp.h" // Mifare Plus #include "cmdhfmfdes.h" // DESFIRE #include "cmdhftopaz.h" // TOPAZ #include "cmdhffelica.h" // ISO18092 / FeliCa diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index f40db51cf..2ef1fd6ba 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -9,6 +9,7 @@ //----------------------------------------------------------------------------- #include "cmdhfmf.h" +#include "mifare4.h" #define MIFARE_4K_MAXBLOCK 255 #define MIFARE_2K_MAXBLOCK 128 @@ -3067,50 +3068,12 @@ out: return 0; } -int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){ - uint8_t iiv[16] = {0}; - if (iv) - memcpy(iiv, iv, 16); - - aes_context aes; - aes_init(&aes); - if (aes_setkey_enc(&aes, key, 128)) - return 1; - if (aes_crypt_cbc(&aes, AES_ENCRYPT, length, iiv, input, output)) - return 2; - aes_free(&aes); - - return 0; -} - -int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){ - uint8_t iiv[16] = {0}; - if (iv) - memcpy(iiv, iv, 16); - - aes_context aes; - aes_init(&aes); - if (aes_setkey_dec(&aes, key, 128)) - return 1; - if (aes_crypt_cbc(&aes, AES_DECRYPT, length, iiv, input, output)) - return 2; - aes_free(&aes); - - return 0; -} - int CmdHF14AMfAuth4(const char *cmd) { uint8_t keyn[20] = {0}; int keynlen = 0; uint8_t key[16] = {0}; int keylen = 0; - uint8_t data[257] = {0}; - int datalen = 0; - - uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00}; - uint8_t Rnd2[17] = {0}; - - + CLIParserInit("hf mf auth4", "Executes AES authentication command in ISO14443-4", "Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n" @@ -3124,90 +3087,21 @@ int CmdHF14AMfAuth4(const char *cmd) { }; CLIExecWithReturn(cmd, argtable, true); - CLIGetStrWithReturn(1, keyn, &keynlen); - CLIGetStrWithReturn(2, key, &keylen); + CLIGetHexWithReturn(1, keyn, &keynlen); + CLIGetHexWithReturn(2, key, &keylen); CLIParserFree(); if (keynlen != 2) { - PrintAndLogEx(ERR, " must be 2 bytes long instead of: %d", keynlen); + PrintAndLog(ERROR, " must be 2 bytes long instead of: %d", keynlen); return 1; } if (keylen != 16) { - PrintAndLogEx(ERR, " must be 16 bytes long instead of: %d", keylen); + PrintAndLog(ERROR, " must be 16 bytes long instead of: %d", keylen); return 1; } - uint8_t cmd1[] = {0x0a, 0x00, 0x70, keyn[1], keyn[0], 0x00}; - int res = ExchangeRAW14a(cmd1, sizeof(cmd1), true, true, data, sizeof(data), &datalen); - if (res) { - PrintAndLog("ERROR exchande raw error: %d", res); - return 2; - } - - PrintAndLog("phase2: %s", sprint_hex(cmd2, 35)); - - res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen); - if (res) { - PrintAndLogEx(ERR, "exchande raw error: %d", res); - DropField(); - return 4; - } - - PrintAndLog(" +#include +#include +#include +#include +#include "comms.h" +#include "cmdmain.h" +#include "util.h" +#include "ui.h" +#include "cmdhf14a.h" +#include "mifare.h" +#include "mifare4.h" +#include "cliparser/cliparser.h" +#include "polarssl/libpcrypto.h" + +static const uint8_t DefaultKey[16] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + +typedef struct { + uint8_t Code; + const char *Description; +} PlusErrorsElm; + +static const PlusErrorsElm PlusErrors[] = { + {0xFF, ""}, + {0x00, "Unknown error"}, + {0x06, "Block use error"}, + {0x07, "Command use error"}, + {0x08, "Invalid write command"}, + {0x09, "Invalid block number"}, + {0x0b, "Command code error"}, + {0x0c, "Length error"}, + {0x90, "OK"}, +}; +int PlusErrorsLen = sizeof(PlusErrors) / sizeof(PlusErrorsElm); + +const char * GetErrorDescription(uint8_t errorCode) { + for(int i = 0; i < PlusErrorsLen; i++) + if (errorCode == PlusErrors[i].Code) + return PlusErrors[i].Description; + + return PlusErrors[0].Description; +} + +static int CmdHelp(const char *Cmd); + +static bool VerboseMode = false; +void SetVerboseMode(bool verbose) { + VerboseMode = verbose; +} + +int intExchangeRAW14aPlus(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + if(VerboseMode) + PrintAndLog(">>> %s", sprint_hex(datain, datainlen)); + + int res = ExchangeRAW14a(datain, datainlen, activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen); + + if(VerboseMode) + PrintAndLog("<<< %s", sprint_hex(dataout, *dataoutlen)); + + return res; +} + +int MFPWritePerso(uint8_t *keyNum, uint8_t *key, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + uint8_t rcmd[3 + 16] = {0xa8, keyNum[1], keyNum[0], 0x00}; + memmove(&rcmd[3], key, 16); + + return intExchangeRAW14aPlus(rcmd, sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen); +} + +int MFPCommitPerso(bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + uint8_t rcmd[1] = {0xaa}; + + return intExchangeRAW14aPlus(rcmd, sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen); +} + +int MFPReadBlock(mf4Session *session, bool plain, uint8_t blockNum, uint8_t blockCount, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + uint8_t rcmd[4 + 8] = {(plain?(0x37):(0x33)), blockNum, 0x00, blockCount}; + + return intExchangeRAW14aPlus(rcmd, plain?4:sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen); +} + +int MFPWriteBlock(mf4Session *session, uint8_t blockNum, uint8_t *data, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + uint8_t rcmd[1 + 2 + 16 + 8] = {0xA3, blockNum, 0x00}; + memmove(&rcmd[3], data, 16); + + return intExchangeRAW14aPlus(rcmd, sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen); +} + +int CmdHFMFPInfo(const char *cmd) { + + if (cmd && strlen(cmd) > 0) + PrintAndLog("WARNING: command don't have any parameters.\n"); + + // info about 14a part + CmdHF14AInfo(""); + + // Mifare Plus info + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; + SendCommand(&c); + + UsbCommand resp; + WaitForResponse(CMD_ACK,&resp); + + iso14a_card_select_t card; + memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); + + uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + + if (select_status == 1 || select_status == 2) { + PrintAndLog("----------------------------------------------"); + PrintAndLog("Mifare Plus info:"); + + // MIFARE Type Identification Procedure + // https://www.nxp.com/docs/en/application-note/AN10833.pdf + uint16_t ATQA = card.atqa[0] + (card.atqa[1] << 8); + if (ATQA == 0x0004) PrintAndLog("ATQA: Mifare Plus 2k 4bUID"); + if (ATQA == 0x0002) PrintAndLog("ATQA: Mifare Plus 4k 4bUID"); + if (ATQA == 0x0044) PrintAndLog("ATQA: Mifare Plus 2k 7bUID"); + if (ATQA == 0x0042) PrintAndLog("ATQA: Mifare Plus 4k 7bUID"); + + uint8_t SLmode = 0xff; + if (card.sak == 0x08) { + PrintAndLog("SAK: Mifare Plus 2k 7bUID"); + if (select_status == 2) SLmode = 1; + } + if (card.sak == 0x18) { + PrintAndLog("SAK: Mifare Plus 4k 7bUID"); + if (select_status == 2) SLmode = 1; + } + if (card.sak == 0x10) { + PrintAndLog("SAK: Mifare Plus 2k"); + if (select_status == 2) SLmode = 2; + } + if (card.sak == 0x11) { + PrintAndLog("SAK: Mifare Plus 4k"); + if (select_status == 2) SLmode = 2; + } + if (card.sak == 0x20) { + PrintAndLog("SAK: Mifare Plus SL0/SL3 or Mifare desfire"); + if (card.ats_len > 0) { + SLmode = 3; + + // check SL0 + uint8_t data[250] = {0}; + int datalen = 0; + // https://github.com/Proxmark/proxmark3/blob/master/client/scripts/mifarePlus.lua#L161 + uint8_t cmd[3 + 16] = {0xa8, 0x90, 0x90, 0x00}; + int res = ExchangeRAW14a(cmd, sizeof(cmd), false, false, data, sizeof(data), &datalen); + if (!res && datalen > 1 && data[0] == 0x09) { + SLmode = 0; + } + } + } + + if (SLmode != 0xff) + PrintAndLog("Mifare Plus SL mode: SL%d", SLmode); + else + PrintAndLog("Mifare Plus SL mode: unknown("); + } else { + PrintAndLog("Mifare Plus info not available."); + } + + DropField(); + + return 0; +} + +int CmdHFMFPWritePerso(const char *cmd) { + uint8_t keyNum[64] = {0}; + int keyNumLen = 0; + uint8_t key[64] = {0}; + int keyLen = 0; + + CLIParserInit("hf mfp wrp", + "Executes Write Perso command. Can be used in SL0 mode only.", + "Usage:\n\thf mfp wrp 4000 000102030405060708090a0b0c0d0e0f -> write key (00..0f) to key number 4000 \n" + "\thf mfp wrp 4000 -> write default key(0xff..0xff) to key number 4000"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("vV", "verbose", "show internal data."), + arg_str1(NULL, NULL, "", NULL), + arg_strx0(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool verbose = arg_get_lit(1); + CLIGetHexWithReturn(2, keyNum, &keyNumLen); + CLIGetHexWithReturn(3, key, &keyLen); + CLIParserFree(); + + SetVerboseMode(verbose); + + if (!keyLen) { + memmove(key, DefaultKey, 16); + keyLen = 16; + } + + if (keyNumLen != 2) { + PrintAndLog("Key number length must be 2 bytes instead of: %d", keyNumLen); + return 1; + } + if (keyLen != 16) { + PrintAndLog("Key length must be 16 bytes instead of: %d", keyLen); + return 1; + } + + uint8_t data[250] = {0}; + int datalen = 0; + + int res = MFPWritePerso(keyNum, key, true, false, data, sizeof(data), &datalen); + if (res) { + PrintAndLog("Exchange error: %d", res); + return res; + } + + if (datalen != 3) { + PrintAndLog("Command must return 3 bytes instead of: %d", datalen); + return 1; + } + + if (data[0] != 0x90) { + PrintAndLog("Command error: %02x %s", data[0], GetErrorDescription(data[0])); + return 1; + } + PrintAndLog("Write OK."); + + return 0; +} + +uint16_t CardAddresses[] = {0x9000, 0x9001, 0x9002, 0x9003, 0x9004, 0xA000, 0xA001, 0xA080, 0xA081, 0xC000, 0xC001}; + +int CmdHFMFPInitPerso(const char *cmd) { + int res; + uint8_t key[256] = {0}; + int keyLen = 0; + uint8_t keyNum[2] = {0}; + uint8_t data[250] = {0}; + int datalen = 0; + + CLIParserInit("hf mfp initp", + "Executes Write Perso command for all card's keys. Can be used in SL0 mode only.", + "Usage:\n\thf mfp initp 000102030405060708090a0b0c0d0e0f -> fill all the keys with key (00..0f)\n" + "\thf mfp initp -vv -> fill all the keys with default key(0xff..0xff) and show all the data exchange"); + + void* argtable[] = { + arg_param_begin, + arg_litn("vV", "verbose", 0, 2, "show internal data."), + arg_strx0(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool verbose = arg_get_lit(1); + bool verbose2 = arg_get_lit(1) > 1; + CLIGetHexWithReturn(2, key, &keyLen); + CLIParserFree(); + + if (keyLen && keyLen != 16) { + PrintAndLog("Key length must be 16 bytes instead of: %d", keyLen); + return 1; + } + + if (!keyLen) + memmove(key, DefaultKey, 16); + + SetVerboseMode(verbose2); + for (uint16_t sn = 0x4000; sn < 0x4050; sn++) { + keyNum[0] = sn >> 8; + keyNum[1] = sn & 0xff; + res = MFPWritePerso(keyNum, key, (sn == 0x4000), true, data, sizeof(data), &datalen); + if (!res && (datalen == 3) && data[0] == 0x09) { + PrintAndLog("2k card detected."); + break; + } + if (res || (datalen != 3) || data[0] != 0x90) { + PrintAndLog("Write error on address %04x", sn); + break; + } + } + + SetVerboseMode(verbose); + for (int i = 0; i < sizeof(CardAddresses) / 2; i++) { + keyNum[0] = CardAddresses[i] >> 8; + keyNum[1] = CardAddresses[i] & 0xff; + res = MFPWritePerso(keyNum, key, false, true, data, sizeof(data), &datalen); + if (!res && (datalen == 3) && data[0] == 0x09) { + PrintAndLog("Skipped[%04x]...", CardAddresses[i]); + } else { + if (res || (datalen != 3) || data[0] != 0x90) { + PrintAndLog("Write error on address %04x", CardAddresses[i]); + break; + } + } + } + + DropField(); + + if (res) + return res; + + PrintAndLog("Done."); + + return 0; +} + +int CmdHFMFPCommitPerso(const char *cmd) { + CLIParserInit("hf mfp commitp", + "Executes Commit Perso command. Can be used in SL0 mode only.", + "Usage:\n\thf mfp commitp -> \n"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("vV", "verbose", "show internal data."), + arg_int0(NULL, NULL, "SL mode", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool verbose = arg_get_lit(1); + CLIParserFree(); + + SetVerboseMode(verbose); + + uint8_t data[250] = {0}; + int datalen = 0; + + int res = MFPCommitPerso(true, false, data, sizeof(data), &datalen); + if (res) { + PrintAndLog("Exchange error: %d", res); + return res; + } + + if (datalen != 3) { + PrintAndLog("Command must return 3 bytes instead of: %d", datalen); + return 1; + } + + if (data[0] != 0x90) { + PrintAndLog("Command error: %02x %s", data[0], GetErrorDescription(data[0])); + return 1; + } + PrintAndLog("Switch level OK."); + + return 0; +} + +int CmdHFMFPAuth(const char *cmd) { + uint8_t keyn[250] = {0}; + int keynlen = 0; + uint8_t key[250] = {0}; + int keylen = 0; + + CLIParserInit("hf mfp auth", + "Executes AES authentication command for Mifare Plus card", + "Usage:\n\thf mfp auth 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n" + "\thf mfp auth 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -v -> executes authentication and shows all the system data\n"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("vV", "verbose", "show internal data."), + arg_str1(NULL, NULL, "", NULL), + arg_str1(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + bool verbose = arg_get_lit(1); + CLIGetHexWithReturn(2, keyn, &keynlen); + CLIGetHexWithReturn(3, key, &keylen); + CLIParserFree(); + + if (keynlen != 2) { + PrintAndLog("ERROR: must be 2 bytes long instead of: %d", keynlen); + return 1; + } + + if (keylen != 16) { + PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + return 1; + } + + return MifareAuth4(NULL, keyn, key, true, false, verbose); +} + +int CmdHFMFPRdbl(const char *cmd) { + uint8_t keyn[2] = {0}; + uint8_t key[250] = {0}; + int keylen = 0; + + CLIParserInit("hf mfp rdbl", + "Reads several blocks from Mifare Plus card in plain mode.", + "Usage:\n\thf mfp rdbl 0 000102030405060708090a0b0c0d0e0f -> executes authentication and read block 0 data\n" + "\thf mfp rdbl 1 -v -> executes authentication and shows sector 1 data with default key 0xFF..0xFF and some additional data\n"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("vV", "verbose", "show internal data."), + arg_int0("nN", "count", "blocks count (by default 1).", NULL), + arg_lit0("bB", "keyb", "use key B (by default keyA)."), + arg_lit0("pP", "plain", "plain communication between reader and card."), + arg_int1(NULL, NULL, "", NULL), + arg_str0(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, false); + + bool verbose = arg_get_lit(1); + int blocksCount = arg_get_int_def(2, 1); + bool keyB = arg_get_lit(3); + int plain = arg_get_lit(4) | true; + uint32_t blockn = arg_get_int(5); + CLIGetHexWithReturn(6, key, &keylen); + CLIParserFree(); + + if (!keylen) { + memmove(key, DefaultKey, 16); + keylen = 16; + } + + if (blockn > 255) { + PrintAndLog("ERROR: must be in range [0..255] instead of: %d", blockn); + return 1; + } + + if (keylen != 16) { + PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + return 1; + } + + // 3 blocks - wo iso14443-4 chaining + if (blocksCount > 3) { + PrintAndLog("ERROR: blocks count must be less than 3 instead of: %d", blocksCount); + return 1; + } + + uint8_t sectorNum = mfSectorNum(blockn & 0xff); + uint16_t uKeyNum = 0x4000 + sectorNum * 2 + (keyB ? 1 : 0); + keyn[0] = uKeyNum >> 8; + keyn[1] = uKeyNum & 0xff; + if (verbose) + PrintAndLog("--block:%d sector[%d]:%02x key:%04x", blockn, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + + mf4Session session; + int res = MifareAuth4(&session, keyn, key, true, true, verbose); + if (res) { + PrintAndLog("Authentication error: %d", res); + return res; + } + + uint8_t data[250] = {0}; + int datalen = 0; + res = MFPReadBlock(&session, plain, blockn & 0xff, blocksCount, false, false, data, sizeof(data), &datalen); + if (res) { + PrintAndLog("Read error: %d", res); + return res; + } + + if (datalen && data[0] != 0x90) { + PrintAndLog("Card read error: %02x %s", data[0], GetErrorDescription(data[0])); + return 6; + } + + if (datalen != 1 + blocksCount * 16 + 8 + 2) { + PrintAndLog("Error return length:%d", datalen); + return 5; + } + + int indx = blockn; + for(int i = 0; i < blocksCount; i++) { + PrintAndLog("data[%03d]: %s", indx, sprint_hex(&data[1 + i * 16], 16)); + indx++; + if (mfIsSectorTrailer(indx)){ + PrintAndLog("data[%03d]: ------------------- trailer -------------------", indx); + indx++; + } + } + + if(verbose) + PrintAndLog("MAC: %s", sprint_hex(&data[blocksCount * 16 + 1], 8)); + + return 0; +} + +int CmdHFMFPRdsc(const char *cmd) { + uint8_t keyn[2] = {0}; + uint8_t key[250] = {0}; + int keylen = 0; + + CLIParserInit("hf mfp rdsc", + "Reads one sector from Mifare Plus card in plain mode.", + "Usage:\n\thf mfp rdsc 0 000102030405060708090a0b0c0d0e0f -> executes authentication and read sector 0 data\n" + "\thf mfp rdsc 1 -v -> executes authentication and shows sector 1 data with default key 0xFF..0xFF and some additional data\n"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("vV", "verbose", "show internal data."), + arg_lit0("bB", "keyb", "use key B (by default keyA)."), + arg_lit0("pP", "plain", "plain communication between reader and card."), + arg_int1(NULL, NULL, "", NULL), + arg_str0(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, false); + + bool verbose = arg_get_lit(1); + bool keyB = arg_get_lit(2); + bool plain = arg_get_lit(3) | true; + uint32_t sectorNum = arg_get_int(4); + CLIGetHexWithReturn(5, key, &keylen); + CLIParserFree(); + + if (!keylen) { + memmove(key, DefaultKey, 16); + keylen = 16; + } + + if (sectorNum > 39) { + PrintAndLog("ERROR: must be in range [0..39] instead of: %d", sectorNum); + return 1; + } + + if (keylen != 16) { + PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + return 1; + } + + uint16_t uKeyNum = 0x4000 + sectorNum * 2 + (keyB ? 1 : 0); + keyn[0] = uKeyNum >> 8; + keyn[1] = uKeyNum & 0xff; + if (verbose) + PrintAndLog("--sector[%d]:%02x key:%04x", mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + + mf4Session session; + int res = MifareAuth4(&session, keyn, key, true, true, verbose); + if (res) { + PrintAndLog("Authentication error: %d", res); + return res; + } + + uint8_t data[250] = {0}; + int datalen = 0; + for(int n = mfFirstBlockOfSector(sectorNum); n < mfFirstBlockOfSector(sectorNum) + mfNumBlocksPerSector(sectorNum); n++) { + res = MFPReadBlock(&session, plain, n & 0xff, 1, false, true, data, sizeof(data), &datalen); + if (res) { + PrintAndLog("Read error: %d", res); + DropField(); + return res; + } + + if (datalen && data[0] != 0x90) { + PrintAndLog("Card read error: %02x %s", data[0], GetErrorDescription(data[0])); + DropField(); + return 6; + } + if (datalen != 1 + 16 + 8 + 2) { + PrintAndLog("Error return length:%d", datalen); + DropField(); + return 5; + } + + PrintAndLog("data[%03d]: %s", n, sprint_hex(&data[1], 16)); + + if(verbose) + PrintAndLog("MAC: %s", sprint_hex(&data[1 + 16], 8)); + } + DropField(); + + return 0; +} + +int CmdHFMFPWrbl(const char *cmd) { + uint8_t keyn[2] = {0}; + uint8_t key[250] = {0}; + int keylen = 0; + uint8_t datain[250] = {0}; + int datainlen = 0; + + CLIParserInit("hf mfp wrbl", + "Writes one block to Mifare Plus card.", + "Usage:\n\thf mfp wrbl 1 ff0000000000000000000000000000ff 000102030405060708090a0b0c0d0e0f -> writes block 1 data\n" + "\thf mfp wrbl 2 ff0000000000000000000000000000ff -v -> writes block 2 data with default key 0xFF..0xFF and some additional data\n"); + + void* argtable[] = { + arg_param_begin, + arg_lit0("vV", "verbose", "show internal data."), + arg_lit0("bB", "keyb", "use key B (by default keyA)."), + arg_int1(NULL, NULL, "", NULL), + arg_str1(NULL, NULL, "", NULL), + arg_str0(NULL, NULL, "", NULL), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, false); + + bool verbose = arg_get_lit(1); + bool keyB = arg_get_lit(2); + uint32_t blockNum = arg_get_int(3); + CLIGetHexWithReturn(4, datain, &datainlen); + CLIGetHexWithReturn(5, key, &keylen); + CLIParserFree(); + + if (!keylen) { + memmove(key, DefaultKey, 16); + keylen = 16; + } + + if (blockNum > 39) { + PrintAndLog("ERROR: must be in range [0..255] instead of: %d", blockNum); + return 1; + } + + if (keylen != 16) { + PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + return 1; + } + + if (datainlen != 16) { + PrintAndLog("ERROR: must be 16 bytes long instead of: %d", datainlen); + return 1; + } + + uint8_t sectorNum = mfSectorNum(blockNum & 0xff); + uint16_t uKeyNum = 0x4000 + sectorNum * 2 + (keyB ? 1 : 0); + keyn[0] = uKeyNum >> 8; + keyn[1] = uKeyNum & 0xff; + if (verbose) + PrintAndLog("--block:%d sector[%d]:%02x key:%04x", blockNum & 0xff, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + + mf4Session session; + int res = MifareAuth4(&session, keyn, key, true, true, verbose); + if (res) { + PrintAndLog("Authentication error: %d", res); + return res; + } + + uint8_t data[250] = {0}; + int datalen = 0; + res = MFPWriteBlock(&session, blockNum & 0xff, datain, false, false, data, sizeof(data), &datalen); + if (res) { + PrintAndLog("Write error: %d", res); + return res; + } + + if (datalen != 3 && (datalen != 3 + 8)) { + PrintAndLog("Error return length:%d", datalen); + return 5; + } + + if (datalen && data[0] != 0x90) { + PrintAndLog("Card write error: %02x %s", data[0], GetErrorDescription(data[0])); + return 6; + } + + if(verbose) + PrintAndLog("MAC: %s", sprint_hex(&data[1], 8)); + + return 0; +} + +static command_t CommandTable[] = +{ + {"help", CmdHelp, 1, "This help"}, + {"info", CmdHFMFPInfo, 0, "Info about Mifare Plus tag"}, + {"wrp", CmdHFMFPWritePerso, 0, "Write Perso command"}, + {"initp", CmdHFMFPInitPerso, 0, "Fills all the card's keys"}, + {"commitp", CmdHFMFPCommitPerso, 0, "Move card to SL1 or SL3 mode"}, + {"auth", CmdHFMFPAuth, 0, "Authentication"}, + {"rdbl", CmdHFMFPRdbl, 0, "Read blocks"}, + {"rdsc", CmdHFMFPRdsc, 0, "Read sectors"}, +// {"wrbl", CmdHFMFPWrbl, 0, "Write blocks"}, + {NULL, NULL, 0, NULL} +}; + +int CmdHFMFP(const char *Cmd) { + (void)WaitForResponseTimeout(CMD_ACK,NULL,100); + CmdsParse(CommandTable, Cmd); + return 0; +} + +int CmdHelp(const char *Cmd) { + CmdsHelp(CommandTable); + return 0; +} diff --git a/client/cmdhfmfp.h b/client/cmdhfmfp.h new file mode 100644 index 000000000..b1ac7c349 --- /dev/null +++ b/client/cmdhfmfp.h @@ -0,0 +1,18 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency MIFARE Plus commands +//----------------------------------------------------------------------------- +#ifndef CMDHFMFP_H__ +#define CMDHFMFP_H__ + +#include "mifaredefault.h" + +extern int CmdHFMFP(const char *Cmd); + + +#endif \ No newline at end of file diff --git a/client/mifare4.c b/client/mifare4.c new file mode 100644 index 000000000..145dd243e --- /dev/null +++ b/client/mifare4.c @@ -0,0 +1,153 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// iso14443-4 mifare commands +//----------------------------------------------------------------------------- + +#include "mifare4.h" +#include +#include +#include "cmdhf14a.h" +#include "util.h" +#include "ui.h" +#include "polarssl/libpcrypto.h" + +int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) { + uint8_t data[257] = {0}; + int datalen = 0; + + uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00}; + uint8_t Rnd2[17] = {0}; + + if (session) + session->Authenticated = false; + + uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00}; + int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen); + if (res) { + PrintAndLog("ERROR exchande raw error: %d", res); + DropField(); + return 2; + } + + if (verbose) + PrintAndLog("phase2: %s", sprint_hex(cmd2, 33)); + + res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, true, data, sizeof(data), &datalen); + if (res) { + PrintAndLog("ERROR exchande raw error: %d", res); + DropField(); + return 4; + } + + if (verbose) + PrintAndLog("Authenticated = true; + session->KeyNum = keyn[1] + (keyn[0] << 8); + memmove(session->Rnd1, Rnd1, 16); + memmove(session->Rnd2, Rnd2, 16); + } + + PrintAndLog("Authentication OK"); + + return 0; +} + +// Mifare Memory Structure: up to 32 Sectors with 4 blocks each (1k and 2k cards), +// plus evtl. 8 sectors with 16 blocks each (4k cards) +uint8_t mfNumBlocksPerSector(uint8_t sectorNo) { + if (sectorNo < 32) + return 4; + else + return 16; +} + +uint8_t mfFirstBlockOfSector(uint8_t sectorNo) { + if (sectorNo < 32) + return sectorNo * 4; + else + return 32 * 4 + (sectorNo - 32) * 16; +} + +uint8_t mfSectorTrailer(uint8_t blockNo) { + if (blockNo < 32*4) { + return (blockNo | 0x03); + } else { + return (blockNo | 0x0f); + } +} + +bool mfIsSectorTrailer(uint8_t blockNo) { + return (blockNo == mfSectorTrailer(blockNo)); +} + +uint8_t mfSectorNum(uint8_t blockNo) { + if (blockNo < 32 * 4) + return blockNo / 4; + else + return 32 + (blockNo - 32 * 4) / 16; + +} diff --git a/client/mifare4.h b/client/mifare4.h new file mode 100644 index 000000000..d26152cb4 --- /dev/null +++ b/client/mifare4.h @@ -0,0 +1,35 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// iso14443-4 mifare commands +//----------------------------------------------------------------------------- + +#ifndef MIFARE4_H +#define MIFARE4_H + +#include +#include +#include + +typedef struct { + bool Authenticated; + uint16_t KeyNum; + uint8_t Rnd1[16]; + uint8_t Rnd2[16]; + +}mf4Session; + +extern int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose); + +extern uint8_t mfNumBlocksPerSector(uint8_t sectorNo); +extern uint8_t mfFirstBlockOfSector(uint8_t sectorNo); +extern uint8_t mfSectorTrailer(uint8_t blockNo); +extern bool mfIsSectorTrailer(uint8_t blockNo); +extern uint8_t mfSectorNum(uint8_t blockNo); + + +#endif // mifare4.h diff --git a/common/polarssl/libpcrypto.c b/common/polarssl/libpcrypto.c new file mode 100644 index 000000000..032c3a18b --- /dev/null +++ b/common/polarssl/libpcrypto.c @@ -0,0 +1,44 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// crypto commands +//----------------------------------------------------------------------------- + +#include "polarssl/libpcrypto.h" +#include + +int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){ + uint8_t iiv[16] = {0}; + if (iv) + memcpy(iiv, iv, 16); + + aes_context aes; + aes_init(&aes); + if (aes_setkey_enc(&aes, key, 128)) + return 1; + if (aes_crypt_cbc(&aes, AES_ENCRYPT, length, iiv, input, output)) + return 2; + aes_free(&aes); + + return 0; +} + +int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){ + uint8_t iiv[16] = {0}; + if (iv) + memcpy(iiv, iv, 16); + + aes_context aes; + aes_init(&aes); + if (aes_setkey_dec(&aes, key, 128)) + return 1; + if (aes_crypt_cbc(&aes, AES_DECRYPT, length, iiv, input, output)) + return 2; + aes_free(&aes); + + return 0; +} \ No newline at end of file diff --git a/common/polarssl/libpcrypto.h b/common/polarssl/libpcrypto.h new file mode 100644 index 000000000..84732cd31 --- /dev/null +++ b/common/polarssl/libpcrypto.h @@ -0,0 +1,20 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2018 Merlok +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// crypto commands +//----------------------------------------------------------------------------- + +#ifndef LIBPCRYPTO_H +#define LIBPCRYPTO_H + +#include +#include + +extern int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length); +extern int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length); + +#endif /* libpcrypto.h */ From 8720d10da9ff1b98428b431c2ec9fa24267d3364 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 24 Oct 2018 19:02:14 +0300 Subject: [PATCH 2/5] changed logs --- client/cmdhfmf.c | 4 +-- client/cmdhfmfp.c | 74 +++++++++++++++++++++++------------------------ 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 2ef1fd6ba..016025fbc 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -3092,12 +3092,12 @@ int CmdHF14AMfAuth4(const char *cmd) { CLIParserFree(); if (keynlen != 2) { - PrintAndLog(ERROR, " must be 2 bytes long instead of: %d", keynlen); + PrintAndLogEx(ERR, " must be 2 bytes long instead of: %d", keynlen); return 1; } if (keylen != 16) { - PrintAndLog(ERROR, " must be 16 bytes long instead of: %d", keylen); + PrintAndLogEx(ERR, " must be 16 bytes long instead of: %d", keylen); return 1; } diff --git a/client/cmdhfmfp.c b/client/cmdhfmfp.c index 7f7660df1..7ba1c2561 100644 --- a/client/cmdhfmfp.c +++ b/client/cmdhfmfp.c @@ -62,12 +62,12 @@ void SetVerboseMode(bool verbose) { int intExchangeRAW14aPlus(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { if(VerboseMode) - PrintAndLog(">>> %s", sprint_hex(datain, datainlen)); + PrintAndLogEx(INFO, ">>> %s", sprint_hex(datain, datainlen)); int res = ExchangeRAW14a(datain, datainlen, activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen); if(VerboseMode) - PrintAndLog("<<< %s", sprint_hex(dataout, *dataoutlen)); + PrintAndLogEx(INFO, "<<< %s", sprint_hex(dataout, *dataoutlen)); return res; } @@ -101,7 +101,7 @@ int MFPWriteBlock(mf4Session *session, uint8_t blockNum, uint8_t *data, bool act int CmdHFMFPInfo(const char *cmd) { if (cmd && strlen(cmd) > 0) - PrintAndLog("WARNING: command don't have any parameters.\n"); + PrintAndLogEx(WARNING, "command don't have any parameters.\n"); // info about 14a part CmdHF14AInfo(""); @@ -119,8 +119,8 @@ int CmdHFMFPInfo(const char *cmd) { uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision if (select_status == 1 || select_status == 2) { - PrintAndLog("----------------------------------------------"); - PrintAndLog("Mifare Plus info:"); + PrintAndLogEx(INFO, "----------------------------------------------"); + PrintAndLogEx(INFO, "Mifare Plus info:"); // MIFARE Type Identification Procedure // https://www.nxp.com/docs/en/application-note/AN10833.pdf @@ -165,11 +165,11 @@ int CmdHFMFPInfo(const char *cmd) { } if (SLmode != 0xff) - PrintAndLog("Mifare Plus SL mode: SL%d", SLmode); + PrintAndLogEx(INFO, "Mifare Plus SL mode: SL%d", SLmode); else - PrintAndLog("Mifare Plus SL mode: unknown("); + PrintAndLogEx(WARNING, "Mifare Plus SL mode: unknown("); } else { - PrintAndLog("Mifare Plus info not available."); + PrintAndLogEx(INFO, "Mifare Plus info not available."); } DropField(); @@ -210,11 +210,11 @@ int CmdHFMFPWritePerso(const char *cmd) { } if (keyNumLen != 2) { - PrintAndLog("Key number length must be 2 bytes instead of: %d", keyNumLen); + PrintAndLogEx(ERR, "Key number length must be 2 bytes instead of: %d", keyNumLen); return 1; } if (keyLen != 16) { - PrintAndLog("Key length must be 16 bytes instead of: %d", keyLen); + PrintAndLogEx(ERR, "Key length must be 16 bytes instead of: %d", keyLen); return 1; } @@ -223,20 +223,20 @@ int CmdHFMFPWritePerso(const char *cmd) { int res = MFPWritePerso(keyNum, key, true, false, data, sizeof(data), &datalen); if (res) { - PrintAndLog("Exchange error: %d", res); + PrintAndLogEx(ERR, "Exchange error: %d", res); return res; } if (datalen != 3) { - PrintAndLog("Command must return 3 bytes instead of: %d", datalen); + PrintAndLogEx(ERR, "Command must return 3 bytes instead of: %d", datalen); return 1; } if (data[0] != 0x90) { - PrintAndLog("Command error: %02x %s", data[0], GetErrorDescription(data[0])); + PrintAndLogEx(ERR, "Command error: %02x %s", data[0], GetErrorDescription(data[0])); return 1; } - PrintAndLog("Write OK."); + PrintAndLogEx(INFO, "Write OK."); return 0; } @@ -270,7 +270,7 @@ int CmdHFMFPInitPerso(const char *cmd) { CLIParserFree(); if (keyLen && keyLen != 16) { - PrintAndLog("Key length must be 16 bytes instead of: %d", keyLen); + PrintAndLogEx(ERR, "Key length must be 16 bytes instead of: %d", keyLen); return 1; } @@ -283,11 +283,11 @@ int CmdHFMFPInitPerso(const char *cmd) { keyNum[1] = sn & 0xff; res = MFPWritePerso(keyNum, key, (sn == 0x4000), true, data, sizeof(data), &datalen); if (!res && (datalen == 3) && data[0] == 0x09) { - PrintAndLog("2k card detected."); + PrintAndLogEx(INFO, "2k card detected."); break; } if (res || (datalen != 3) || data[0] != 0x90) { - PrintAndLog("Write error on address %04x", sn); + PrintAndLogEx(ERR, "Write error on address %04x", sn); break; } } @@ -298,10 +298,10 @@ int CmdHFMFPInitPerso(const char *cmd) { keyNum[1] = CardAddresses[i] & 0xff; res = MFPWritePerso(keyNum, key, false, true, data, sizeof(data), &datalen); if (!res && (datalen == 3) && data[0] == 0x09) { - PrintAndLog("Skipped[%04x]...", CardAddresses[i]); + PrintAndLogEx(WARNING, "Skipped[%04x]...", CardAddresses[i]); } else { if (res || (datalen != 3) || data[0] != 0x90) { - PrintAndLog("Write error on address %04x", CardAddresses[i]); + PrintAndLogEx(ERR, "Write error on address %04x", CardAddresses[i]); break; } } @@ -312,7 +312,7 @@ int CmdHFMFPInitPerso(const char *cmd) { if (res) return res; - PrintAndLog("Done."); + PrintAndLogEx(INFO, "Done."); return 0; } @@ -340,20 +340,20 @@ int CmdHFMFPCommitPerso(const char *cmd) { int res = MFPCommitPerso(true, false, data, sizeof(data), &datalen); if (res) { - PrintAndLog("Exchange error: %d", res); + PrintAndLogEx(ERR, "Exchange error: %d", res); return res; } if (datalen != 3) { - PrintAndLog("Command must return 3 bytes instead of: %d", datalen); + PrintAndLogEx(ERR, "Command must return 3 bytes instead of: %d", datalen); return 1; } if (data[0] != 0x90) { - PrintAndLog("Command error: %02x %s", data[0], GetErrorDescription(data[0])); + PrintAndLogEx(ERR, "Command error: %02x %s", data[0], GetErrorDescription(data[0])); return 1; } - PrintAndLog("Switch level OK."); + PrintAndLogEx(INFO, "Switch level OK."); return 0; } @@ -384,12 +384,12 @@ int CmdHFMFPAuth(const char *cmd) { CLIParserFree(); if (keynlen != 2) { - PrintAndLog("ERROR: must be 2 bytes long instead of: %d", keynlen); + PrintAndLogEx(ERR, "ERROR: must be 2 bytes long instead of: %d", keynlen); return 1; } if (keylen != 16) { - PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + PrintAndLogEx(ERR, "ERROR: must be 16 bytes long instead of: %d", keylen); return 1; } @@ -432,18 +432,18 @@ int CmdHFMFPRdbl(const char *cmd) { } if (blockn > 255) { - PrintAndLog("ERROR: must be in range [0..255] instead of: %d", blockn); + PrintAndLogEx(ERR, " must be in range [0..255] instead of: %d", blockn); return 1; } if (keylen != 16) { - PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + PrintAndLogEx(ERR, " must be 16 bytes long instead of: %d", keylen); return 1; } // 3 blocks - wo iso14443-4 chaining if (blocksCount > 3) { - PrintAndLog("ERROR: blocks count must be less than 3 instead of: %d", blocksCount); + PrintAndLogEx(ERR, "blocks count must be less than 3 instead of: %d", blocksCount); return 1; } @@ -452,12 +452,12 @@ int CmdHFMFPRdbl(const char *cmd) { keyn[0] = uKeyNum >> 8; keyn[1] = uKeyNum & 0xff; if (verbose) - PrintAndLog("--block:%d sector[%d]:%02x key:%04x", blockn, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + PrintAndLogEx(INFO, "--block:%d sector[%d]:%02x key:%04x", blockn, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); mf4Session session; int res = MifareAuth4(&session, keyn, key, true, true, verbose); if (res) { - PrintAndLog("Authentication error: %d", res); + PrintAndLogEx(ERR, "Authentication error: %d", res); return res; } @@ -465,32 +465,32 @@ int CmdHFMFPRdbl(const char *cmd) { int datalen = 0; res = MFPReadBlock(&session, plain, blockn & 0xff, blocksCount, false, false, data, sizeof(data), &datalen); if (res) { - PrintAndLog("Read error: %d", res); + PrintAndLogEx(ERR, "Read error: %d", res); return res; } if (datalen && data[0] != 0x90) { - PrintAndLog("Card read error: %02x %s", data[0], GetErrorDescription(data[0])); + PrintAndLogEx(ERR, "Card read error: %02x %s", data[0], GetErrorDescription(data[0])); return 6; } if (datalen != 1 + blocksCount * 16 + 8 + 2) { - PrintAndLog("Error return length:%d", datalen); + PrintAndLogEx(ERR, "Error return length:%d", datalen); return 5; } int indx = blockn; for(int i = 0; i < blocksCount; i++) { - PrintAndLog("data[%03d]: %s", indx, sprint_hex(&data[1 + i * 16], 16)); + PrintAndLogEx(INFO, "data[%03d]: %s", indx, sprint_hex(&data[1 + i * 16], 16)); indx++; if (mfIsSectorTrailer(indx)){ - PrintAndLog("data[%03d]: ------------------- trailer -------------------", indx); + PrintAndLogEx(INFO, "data[%03d]: ------------------- trailer -------------------", indx); indx++; } } if(verbose) - PrintAndLog("MAC: %s", sprint_hex(&data[blocksCount * 16 + 1], 8)); + PrintAndLogEx(INFO, "MAC: %s", sprint_hex(&data[blocksCount * 16 + 1], 8)); return 0; } From 0af06c0b63e7afbacd7e1466f0c08be93651eca6 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 24 Oct 2018 19:05:30 +0300 Subject: [PATCH 3/5] mifare4 logging --- client/mifare4.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/client/mifare4.c b/client/mifare4.c index 145dd243e..494d63e61 100644 --- a/client/mifare4.c +++ b/client/mifare4.c @@ -29,28 +29,28 @@ int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateF uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00}; int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen); if (res) { - PrintAndLog("ERROR exchande raw error: %d", res); + PrintAndLogEx(ERR, "Exchande raw error: %d", res); DropField(); return 2; } if (verbose) - PrintAndLog("phase2: %s", sprint_hex(cmd2, 33)); + PrintAndLogEx(INFO, ">phase2: %s", sprint_hex(cmd2, 33)); res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, true, data, sizeof(data), &datalen); if (res) { - PrintAndLog("ERROR exchande raw error: %d", res); + PrintAndLogEx(ERR, "Exchande raw error: %d", res); DropField(); return 4; } if (verbose) - PrintAndLog("Rnd2, Rnd2, 16); } - PrintAndLog("Authentication OK"); + PrintAndLogEx(INFO, "Authentication OK"); return 0; } From 122cbe7d1dded6ed384663f38a6996afd1a40f6c Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 24 Oct 2018 19:19:15 +0300 Subject: [PATCH 4/5] info and some fix in exchange --- client/cmdhf14a.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index de1854630..7880bf38f 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -669,10 +669,12 @@ int CmdHF14ASniff(const char *Cmd) { } int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + static bool responseNum = false; uint16_t cmdc = 0; *dataoutlen = 0; if (activateField) { + responseNum = false; UsbCommand resp; // Anticollision + SELECT card @@ -685,7 +687,7 @@ int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leav // check result if (resp.arg[0] == 0) { - PrintAndLogEx(NORMAL, "No card in field."); + PrintAndLogEx(ERR, "No card in field."); return 1; } @@ -715,8 +717,11 @@ int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leav if (leaveSignalON) cmdc |= ISO14A_NO_DISCONNECT; - UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | cmdc, (datainlen & 0xFFFF), 0}}; - memcpy(c.d.asBytes, datain, datainlen); + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | cmdc, (datainlen & 0xFFFF) + 2, 0}}; + uint8_t header[] = {0x0a | responseNum, 0x00}; + responseNum ^= 1; + memcpy(c.d.asBytes, header, 2); + memcpy(&c.d.asBytes[2], datain, datainlen); SendCommand(&c); uint8_t *recv; @@ -726,6 +731,11 @@ int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leav recv = resp.d.asBytes; int iLen = resp.arg[0]; + if(!iLen) { + PrintAndLogEx(ERR, "No card response."); + return 1; + } + *dataoutlen = iLen - 2; if (*dataoutlen < 0) *dataoutlen = 0; @@ -735,13 +745,13 @@ int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leav return 2; } - memcpy(dataout, recv, *dataoutlen); - - if(!iLen) { - PrintAndLogEx(ERR, "No card response."); - return 1; + if (recv[0] != header[0]) { + PrintAndLogEx(ERR, "iso14443-4 framing error. Card send %2x must be %2x", dataout[0], header[0]); + return 2; } - + + memcpy(dataout, &recv[2], *dataoutlen); + // CRC Check if (iLen == -1) { PrintAndLogEx(ERR, "ISO 14443A CRC error."); From b08ce3a1f75db30ffc05f228db28e65b3ef2fdd6 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 24 Oct 2018 19:19:55 +0300 Subject: [PATCH 5/5] changed logs --- client/cmdhfmfp.c | 58 +++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/client/cmdhfmfp.c b/client/cmdhfmfp.c index 7ba1c2561..b50b3bdd3 100644 --- a/client/cmdhfmfp.c +++ b/client/cmdhfmfp.c @@ -119,36 +119,36 @@ int CmdHFMFPInfo(const char *cmd) { uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision if (select_status == 1 || select_status == 2) { - PrintAndLogEx(INFO, "----------------------------------------------"); - PrintAndLogEx(INFO, "Mifare Plus info:"); + PrintAndLogEx(NORMAL, "----------------------------------------------"); + PrintAndLogEx(NORMAL, "Mifare Plus info:"); // MIFARE Type Identification Procedure // https://www.nxp.com/docs/en/application-note/AN10833.pdf uint16_t ATQA = card.atqa[0] + (card.atqa[1] << 8); - if (ATQA == 0x0004) PrintAndLog("ATQA: Mifare Plus 2k 4bUID"); - if (ATQA == 0x0002) PrintAndLog("ATQA: Mifare Plus 4k 4bUID"); - if (ATQA == 0x0044) PrintAndLog("ATQA: Mifare Plus 2k 7bUID"); - if (ATQA == 0x0042) PrintAndLog("ATQA: Mifare Plus 4k 7bUID"); + if (ATQA == 0x0004) PrintAndLogEx(INFO, "ATQA: Mifare Plus 2k 4bUID"); + if (ATQA == 0x0002) PrintAndLogEx(INFO, "ATQA: Mifare Plus 4k 4bUID"); + if (ATQA == 0x0044) PrintAndLogEx(INFO, "ATQA: Mifare Plus 2k 7bUID"); + if (ATQA == 0x0042) PrintAndLogEx(INFO, "ATQA: Mifare Plus 4k 7bUID"); uint8_t SLmode = 0xff; if (card.sak == 0x08) { - PrintAndLog("SAK: Mifare Plus 2k 7bUID"); + PrintAndLogEx(INFO, "SAK: Mifare Plus 2k 7bUID"); if (select_status == 2) SLmode = 1; } if (card.sak == 0x18) { - PrintAndLog("SAK: Mifare Plus 4k 7bUID"); + PrintAndLogEx(INFO, "SAK: Mifare Plus 4k 7bUID"); if (select_status == 2) SLmode = 1; } if (card.sak == 0x10) { - PrintAndLog("SAK: Mifare Plus 2k"); + PrintAndLogEx(INFO, "SAK: Mifare Plus 2k"); if (select_status == 2) SLmode = 2; } if (card.sak == 0x11) { - PrintAndLog("SAK: Mifare Plus 4k"); + PrintAndLogEx(INFO, "SAK: Mifare Plus 4k"); if (select_status == 2) SLmode = 2; } if (card.sak == 0x20) { - PrintAndLog("SAK: Mifare Plus SL0/SL3 or Mifare desfire"); + PrintAndLogEx(INFO, "SAK: Mifare Plus SL0/SL3 or Mifare desfire"); if (card.ats_len > 0) { SLmode = 3; @@ -529,12 +529,12 @@ int CmdHFMFPRdsc(const char *cmd) { } if (sectorNum > 39) { - PrintAndLog("ERROR: must be in range [0..39] instead of: %d", sectorNum); + PrintAndLogEx(ERR, " must be in range [0..39] instead of: %d", sectorNum); return 1; } if (keylen != 16) { - PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + PrintAndLogEx(ERR, " must be 16 bytes long instead of: %d", keylen); return 1; } @@ -542,12 +542,12 @@ int CmdHFMFPRdsc(const char *cmd) { keyn[0] = uKeyNum >> 8; keyn[1] = uKeyNum & 0xff; if (verbose) - PrintAndLog("--sector[%d]:%02x key:%04x", mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + PrintAndLogEx(INFO, "--sector[%d]:%02x key:%04x", mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); mf4Session session; int res = MifareAuth4(&session, keyn, key, true, true, verbose); if (res) { - PrintAndLog("Authentication error: %d", res); + PrintAndLogEx(ERR, "Authentication error: %d", res); return res; } @@ -556,26 +556,26 @@ int CmdHFMFPRdsc(const char *cmd) { for(int n = mfFirstBlockOfSector(sectorNum); n < mfFirstBlockOfSector(sectorNum) + mfNumBlocksPerSector(sectorNum); n++) { res = MFPReadBlock(&session, plain, n & 0xff, 1, false, true, data, sizeof(data), &datalen); if (res) { - PrintAndLog("Read error: %d", res); + PrintAndLogEx(ERR, "Read error: %d", res); DropField(); return res; } if (datalen && data[0] != 0x90) { - PrintAndLog("Card read error: %02x %s", data[0], GetErrorDescription(data[0])); + PrintAndLogEx(ERR, "Card read error: %02x %s", data[0], GetErrorDescription(data[0])); DropField(); return 6; } if (datalen != 1 + 16 + 8 + 2) { - PrintAndLog("Error return length:%d", datalen); + PrintAndLogEx(ERR, "Error return length:%d", datalen); DropField(); return 5; } - PrintAndLog("data[%03d]: %s", n, sprint_hex(&data[1], 16)); + PrintAndLogEx(INFO, "data[%03d]: %s", n, sprint_hex(&data[1], 16)); if(verbose) - PrintAndLog("MAC: %s", sprint_hex(&data[1 + 16], 8)); + PrintAndLogEx(INFO, "MAC: %s", sprint_hex(&data[1 + 16], 8)); } DropField(); @@ -618,17 +618,17 @@ int CmdHFMFPWrbl(const char *cmd) { } if (blockNum > 39) { - PrintAndLog("ERROR: must be in range [0..255] instead of: %d", blockNum); + PrintAndLogEx(ERR, " must be in range [0..255] instead of: %d", blockNum); return 1; } if (keylen != 16) { - PrintAndLog("ERROR: must be 16 bytes long instead of: %d", keylen); + PrintAndLogEx(ERR, " must be 16 bytes long instead of: %d", keylen); return 1; } if (datainlen != 16) { - PrintAndLog("ERROR: must be 16 bytes long instead of: %d", datainlen); + PrintAndLogEx(ERR, " must be 16 bytes long instead of: %d", datainlen); return 1; } @@ -637,12 +637,12 @@ int CmdHFMFPWrbl(const char *cmd) { keyn[0] = uKeyNum >> 8; keyn[1] = uKeyNum & 0xff; if (verbose) - PrintAndLog("--block:%d sector[%d]:%02x key:%04x", blockNum & 0xff, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); + PrintAndLogEx(INFO, "--block:%d sector[%d]:%02x key:%04x", blockNum & 0xff, mfNumBlocksPerSector(sectorNum), sectorNum, uKeyNum); mf4Session session; int res = MifareAuth4(&session, keyn, key, true, true, verbose); if (res) { - PrintAndLog("Authentication error: %d", res); + PrintAndLogEx(ERR, "Authentication error: %d", res); return res; } @@ -650,22 +650,22 @@ int CmdHFMFPWrbl(const char *cmd) { int datalen = 0; res = MFPWriteBlock(&session, blockNum & 0xff, datain, false, false, data, sizeof(data), &datalen); if (res) { - PrintAndLog("Write error: %d", res); + PrintAndLogEx(ERR, "Write error: %d", res); return res; } if (datalen != 3 && (datalen != 3 + 8)) { - PrintAndLog("Error return length:%d", datalen); + PrintAndLogEx(ERR, "Error return length:%d", datalen); return 5; } if (datalen && data[0] != 0x90) { - PrintAndLog("Card write error: %02x %s", data[0], GetErrorDescription(data[0])); + PrintAndLogEx(ERR, "Card write error: %02x %s", data[0], GetErrorDescription(data[0])); return 6; } if(verbose) - PrintAndLog("MAC: %s", sprint_hex(&data[1], 8)); + PrintAndLogEx(INFO, "MAC: %s", sprint_hex(&data[1], 8)); return 0; }