proxmark3/doc/cipurse.md
2022-02-08 01:26:06 +02:00

9.1 KiB

Notes on CIPURSE card

Table of Contents

Documentation

^Top

Useful links to documentation about CIPURSE. full documentation accessible from osptalliance Infineon cipurse Infineon cipurse card SLS 32TLC100(M)

Source code

^Top

Useful links to Implementations / Source code on Github. cipurse card emulation cipurse card core card side some code

Communication channel with a card

^Top

The card has two secure channels - the reader to the card and the card to the reader.

And each channel has 3 modes: open, MACed, Encrypted

After authentication reader can specify the mode for each channel for each command.

Card answers if the mode that sets by the reader matches the mode of the file and the command matches the key via an access list.

Card architecture

^Top

The card has one master file with FID 0x3F00 that works as the root node.

The card has several applications inside the master file and the applications may have files. There are PxSE (special type) applications that work as an applications directory.

Each application has keys and an access control list that sets what commands can be issued in the session that authenticates with a specific key.

Master file have keys and an access control list that works at the card level.

Each file can only have an access control list that specifies what operation the key can do with this file.

Card have transaction mechanism. Transaction not needs for control structure at application level and to change files without transaction mechanism. All the rest changes needs to issue COMMIT command (--commit key)

Card structure

^Top

  • Master file (MF)

  • Keys

  • Group security levels and access rights

  • files under master file (EF). Usually have no access to them.

  • PxSE files (directory files)

  • Application 1. Have AID (up to 16-bytes) and FID (2-bytes id)

    • Application keys
    • Group security levels and access rights
    • Application files (EF). Have type (1-byte) and FID ((2-bytes id))
  • Application 2

  • ...

How to

How to select application or file

^Top

1. select PTSE hf cipurse select --aid a0000005070100

select it with display output in raw and tlv views options hf cipurse select --aid a0000005070100 -vt

  1. select application by Application ID (AID) hf cipurse select --aid 4144204631

  2. select application/file by file ID (FID) hf cipurse select --fid 2000

  3. select master file by file ID (FID) hf cipurse select --fid 3F00

  4. select default file (usually it master file) hf cipurse select --mfd

How to delete application or file

^Top

  1. delete PTSE by AID hf cipurse delete --aid a0000005070100

  2. delete application by AID hf cipurse delete --aid 4144204631

  3. delete application/top level file by FID hf cipurse delete --fid 2000

  4. delete file by FID from default application AD F1

hf cipurse delete --aid 4144204631 --chfid 0102

How to read file

^Top

with default key and aid hf cipurse read --fid 0102

with default key and specified aid hf cipurse read --aid a0000005070100

with default key and aid without authentication hf cipurse read --fid 0102 --no-auth

How to write file

^Top

with default key and aid hf cipurse read --fid 0102 -d abbbccdd

with default key and specified aid hf cipurse read --aid a0000005070100 -d abbbccdd

with default key and aid without authentication hf cipurse read --fid 0102 -d abbbccdd --no-auth

with default key and aid, perform commit (works for files with transactions mechanism switched on) hf cipurse read --fid 0102 -d abbbccdd --commit

How to read file attributes

^Top

read master file attributes hf cipurse aread --mfd

read EF.ID_INFO root file attributes hf cipurse aread --fid 2ff7

read PxSE application attributes hf cipurse aread --aid a0000005070100

read application attributes hf cipurse aread --aid 4144204632

read file (EF) attributes

hf cipurse aread --aid 4144204632 --chfid 0102

or with default application

hf cipurse aread --aid 4144204632 --chfid 0102

How to set file attributes

^Top

set elementary file attributes (EF)

full access wo keys hf cipurse awrite --chfid 0102 -d 020000ffffff

read access wo keys and full with all 2 keys hf cipurse awrite --chfid 0102 -d 02000040ffff

set EF.ID_INFO file attributes hf cipurse awrite --fid 2ff7 -d 080000C1C1C1C1C1C1C1C1C1 (as default)

set master file (MF) file attributes hf cipurse awrite --mfd -d 080000FFFFFFFFFFFFFFFFFF86023232 --commit (full access with/wo keys and tag 86 is set by 22)

How to update key

^Top

update key for master application hf cipurse updakey --newkeyn 1 --newkeya 00 --newkey 73737373737373737373737373737373 --commit

update key for application hf cipurse updakey --aid 4144204631 --newkeyn 1 --newkeya 00 --newkey 73737373737373737373737373737373 --commit

How to personalize card

^Top

1. Format card (if it needs) hf cipurse formatall

2. Create create PxSE file

The following command creates PTSE file with FID 0x2000, AID A0000005070100, and space for 8 AIDs

hf cipurse create -d 9200123F00200008000062098407A0000005070100

9200123F00200008000062098407A0000005070100
          ----                               FID
              --                             Num of AIDs in list
                            --------------   AID

3. Create application file

hf cipurse create -d 92002438613F010A05020000FFFFFF021009021009621084054144204631D407A0000005070100A00F2873737373737373737373737373737373015FD67B000102030405060708090A0B0C0D0E0F01C6A13B

This command creates a application with following details:

  • FID.................... 0x3F01
  • AID.................... 4144204631
  • App type............... 61
  • Max files count........ 10
  • Max SFID count......... 5
  • Minimum command's group security levels: plain/plain/plain/plain (0000)
  • Access rights.......... all two keys can do anything (FFFFFF)
  • Key attributes......... 021009
  • 2 keys.........
    • 73..73 (add. info 01 / kvv 5FD67B)
    • 0001..0e0f (01/C6A13B)
  • Register in the PxSE... A0000005070100

4. Create elementary file(s) (EF) inside the application

hf cipurse create --aid 4144204631 -d 92010C010001020030020000FFFFFF --commit

  - parent application ID.. 4144204631
  - file type.............. 0x01 (binary file wo transaction)
  - SFID................... 0x00
  - FID.................... 0x0102
  - File size.............. 0x0030 (48 bytes)
  - Number of keys......... 0x02 (as in the parent application)
  - Minimum command's group security levels: plain/plain/plain/plain (0000)
  - Access rights.......... all two keys can do anything (FFFFFF)

5. Save data to elementary file(s) (EF)

hf cipurse write --fid 0102 -d 010203040506070809

or if file with transaction mechanism

hf cipurse write --fid 0102 -d 010203040506070809 --commit

6. Check file(s) contents (if needs) hf cipurse read --fid 0102

8. Set the keys and needed key attributes

keys for application usually filled at create time with DGI A00F

keys for masterfile needs to be updated manually with command: hf cipurse updakey --newkeyn 1 --newkeya 00 --newkey 73737373737373737373737373737373 --commit

update key for application (if needs) hf cipurse updakey --aid 4144204631 --newkeyn 1 --newkeya 00 --newkey 73737373737373737373737373737373 --commit

update key attributes with default attributes hf cipurse updakey --aid 4144204631 --trgkeyn 1 --attr 02 -v --commit

8. Set the file attributes

Set file attributes for:

  1. All the elementary files (EF)
  2. Info files (EF.ID_INFO)
  3. Application(s)
  4. PxSE application
  5. Master file itself (MF)

(in this specific order!!!)