command

2025-02-25 08:35:56 +08:00 · 2021-07-27 13:11:12 +03:00 · 2021-07-27 13:11:12 +03:00 · efa91d4b00
commit efa91d4b00
parent f393ce72c4
1 changed files with 129 additions and 0 deletions
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@ -5978,6 +5978,134 @@ static int CmdHF14ADesCreateRecordFile(const char *Cmd) {
    return PM3_SUCCESS;
 }

+static int CmdHF14ADesCreateTrMACFile(const char *Cmd) {
+    CLIParserContext *ctx;
+    CLIParserInit(&ctx, "hf mfdes createmacfile",
+                  "Create Transaction MAC file in the application. Application master key needs to be provided or flag --no-auth set (depend on application settings).",
+                  "--rawrights have priority over the separate rights settings.\n"
+                  "Key/mode/etc of the authentication depends on application settings\n"
+                  "hf mfdes createmacfile --aid 123456 --fid 01 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file with parameters. Rights from default. Authentication with defaults from `default` command\n"
+                  "hf mfdes createmacfile --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 --mackey 00112233445566778899aabbccddeeff -> create file app=123456, file=01, with key, and mentioned rights with defaults from `default` command\n"
+                  "hf mfdes createmacfile -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup. key and keyver == 0x00..00");
+
+    void *argtable[] = {
+        arg_param_begin,
+        arg_lit0("a",  "apdu",      "show APDU requests and responses"),
+        arg_lit0("v",  "verbose",   "show technical data"),
+        arg_int0("n",  "keyno",     "<keyno>", "Key number"),
+        arg_str0("t",  "algo",      "<DES/2TDEA/3TDEA/AES>",  "Crypt algo: DES, 2TDEA, 3TDEA, AES"),
+        arg_str0("k",  "key",       "<Key>",   "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"),
+        arg_str0("f",  "kdf",       "<none/AN10922/gallagher>",   "Key Derivation Function (KDF): None, AN10922, Gallagher"),
+        arg_str0("i",  "kdfi",      "<kdfi>",  "KDF input (HEX 1-31 bytes)"),
+        arg_str0("m",  "cmode",     "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
+        arg_str0("c",  "ccset",     "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
+        arg_str0("s",  "schann",    "<d40/ev1/ev2>", "Secure channel: d40/ev1/ev2"),
+        arg_str0(NULL, "aid",       "<app id hex>", "Application ID (3 hex bytes, big endian)"),
+        arg_str0(NULL, "fid",       "<file id hex>", "File ID (1 hex byte)"),
+        arg_str0(NULL, "amode",     "<plain/mac/encrypt>", "File access mode: plain/mac/encrypt"),
+        arg_str0(NULL, "rawrights", "<access rights HEX>", "Access rights for file (HEX 2 byte) R/W/RW/Chg, 0x0 - 0xD Key, 0xE Free, 0xF Denied"),
+        arg_str0(NULL, "rrights",   "<key0/../key13/free/deny>", "Read file access mode: the specified key, free, deny"),
+        arg_str0(NULL, "wrights",   "<key0/../key13/free/deny>", "Write file access mode: the specified key, free, deny"),
+        arg_str0(NULL, "rwrights",  "<key0/../key13/free/deny>", "Read/Write file access mode: the specified key, free, deny"),
+        arg_str0(NULL, "chrights",  "<key0/../key13/free/deny>", "Change file settings access mode: the specified key, free, deny"),
+        arg_lit0(NULL, "no-auth",   "execute without authentication"),
+        arg_str0(NULL, "mackey",    "<hex>", "AES-128 key for MAC (16 hex bytes, big endian). Default 0x00..00"),
+        arg_str0(NULL, "mackeyver", "<ver hex 1b>", "AES key version for MAC (1 hex byte). Default 0x00"),
+        arg_param_end
+    };
+    CLIExecWithReturn(ctx, Cmd, argtable, false);
+
+    bool APDULogging = arg_get_lit(ctx, 1);
+    bool verbose = arg_get_lit(ctx, 2);
+    bool noauth = arg_get_lit(ctx, 19);
+
+    uint8_t filetype = 0x05; // transaction mac file
+
+    DesfireContext dctx;
+    int securechann = defaultSecureChannel;
+    uint32_t appid = 0x000000;
+    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMPlain, &appid);
+    if (res) {
+        CLIParserFree(ctx);
+        return res;
+    }
+
+    if (appid == 0x000000) {
+        PrintAndLogEx(ERR, "Can't create files at card level.");
+        CLIParserFree(ctx);
+        return PM3_EINVARG;
+    }
+
+    uint8_t data[250] = {0};
+    size_t datalen = 0;
+
+    res = DesfireCreateFileParameters(ctx, 12, 0, 13, 14, 15, 16, 17, 18, data, &datalen);
+    if (res) {
+        CLIParserFree(ctx);
+        return res;
+    }
+
+    uint8_t sdata[250] = {0};
+    int sdatalen = sizeof(sdata);
+    CLIGetHexWithReturn(ctx, 20, sdata, &sdatalen);
+    if (sdatalen != 0 && sdatalen != 16) {
+        PrintAndLogEx(ERR, "AES-128 key must be 16 bytes instead of %d.", sdatalen);
+        CLIParserFree(ctx);
+        return PM3_EINVARG;
+    }
+
+    uint32_t keyver = 0x00;
+    res = arg_get_u32_hexstr_def_nlen(ctx, 21, 0x00, &keyver, 1, true);
+    if (res == 2) {
+        PrintAndLogEx(ERR, "Key version must be 1 byte length");
+        CLIParserFree(ctx);
+        return PM3_EINVARG;
+    }
+
+    SetAPDULogging(APDULogging);
+    CLIParserFree(ctx);
+
+    data[datalen] = 0x02; // AES key
+    datalen++;
+    if (sdatalen > 0)
+        memcpy(&data[datalen], sdata, sdatalen);
+    datalen += 16;
+    data[datalen] = keyver & 0xff;
+    datalen++;
+
+    if (noauth) {
+        res = DesfireSelectAIDHex(&dctx, appid, false, 0);
+        if (res != PM3_SUCCESS) {
+            PrintAndLogEx(ERR, "Desfire select " _RED_("error") ".");
+            DropField();
+            return res;
+        }
+    } else {
+        res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose);
+        if (res != PM3_SUCCESS) {
+            DropField();
+            return res;
+        }
+    }
+
+    if (verbose)
+        PrintAndLogEx(INFO, "App: %06x. File num: 0x%02x type: 0x%02x data[%zu]: %s", appid, data[0], filetype, datalen, sprint_hex(data, datalen));
+    DesfirePrintCreateFileSettings(filetype, data, datalen);
+
+
+    res = DesfireCreateFile(&dctx, filetype, data, datalen, true);
+    if (res != PM3_SUCCESS) {
+        PrintAndLogEx(ERR, "Desfire CreateFile command " _RED_("error") ". Result: %d", res);
+        DropField();
+        return PM3_ESOFT;
+    }
+
+    PrintAndLogEx(SUCCESS, "%s file %02x in the app %06x created " _GREEN_("successfully"), GetDesfireFileType(filetype), data[0], appid);
+
+    DropField();
+    return PM3_SUCCESS;
+}
+
 static int CmdHF14ADesDeleteFile(const char *Cmd) {
    CLIParserContext *ctx;
    CLIParserInit(&ctx, "hf mfdes deletefile",
@ -6353,6 +6481,7 @@ static command_t CommandTable[] = {
    {"createfile",       CmdHF14ADesCreateFile,       IfPm3Iso14443a,  "[new]Create Standard/Backup File"},
    {"createvaluefile",  CmdHF14ADesCreateValueFile,  IfPm3Iso14443a,  "[new]Create Value File"},
    {"createrecordfile", CmdHF14ADesCreateRecordFile, IfPm3Iso14443a,  "[new]Create Linear/Cyclic Record File"},
+    {"createmacfile",    CmdHF14ADesCreateTrMACFile,  IfPm3Iso14443a,  "[new]Create Transaction MAC File"},
    {"deletefile",       CmdHF14ADesDeleteFile,       IfPm3Iso14443a,  "[new]Delete File"},
    {"getfilesettings",  CmdHF14ADesGetFileSettings,  IfPm3Iso14443a,  "[new]Get file settings"},
    {"chfilesettings",   CmdHF14ADesChFileSettings,   IfPm3Iso14443a,  "[new]Change file settings"},