Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Index: include/usb_cmd.h
- ===================================================================
- --- include/usb_cmd.h (revision 603)
- +++ include/usb_cmd.h (working copy)
- @@ -91,6 +91,7 @@
- #define CMD_SNOOP_ISO_14443a 0x0383
- #define CMD_SIMULATE_TAG_ISO_14443a 0x0384
- #define CMD_READER_ISO_14443a 0x0385
- +#define CMD_PACE_ISO_14443a 0x386
- #define CMD_SIMULATE_TAG_LEGIC_RF 0x0387
- #define CMD_READER_LEGIC_RF 0x0388
- #define CMD_WRITER_LEGIC_RF 0x0399
- Index: armsrc/iso14443a.c
- ===================================================================
- --- armsrc/iso14443a.c (revision 603)
- +++ armsrc/iso14443a.c (working copy)
- @@ -1790,6 +1790,189 @@
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LEDsoff();
- }
- +
- +//-----------------------------------------------------------------------------
- +// Perform initial part of PACE protocol
- +//
- +//-----------------------------------------------------------------------------
- +void PaceIso14443a(UsbCommand * c, UsbCommand * ack)
- +{
- + /*
- + * ack layout:
- + * arg:
- + * 1. element
- + * 1. bit: 1 = failure, 0 = success
- + * 2.+3. bit: step where failure occured
- + * 0: card select
- + * 1: PACE MSE: Set AT
- + * 2: PACE General Authenticate
- + * 16.-31. bit: SW1 || SW2 of response APDU (in case of failure)
- + * 2. element
- + * iso14_apdu() return code
- + * d:
- + * Encrypted nonce
- + */
- +
- + //iso14a_command_t param = c->arg[0];
- + //uint8_t * cmd = c->d.asBytes;
- + //size_t len = c->arg[1];
- +
- + // card UID
- + uint8_t uid[8];
- +
- + // return value of a function
- + int func_return;
- +
- + // command APDU
- + // size should be the max. size needed by any command used here
- + uint8_t command_apdu[20] = {0};
- + // response APDU
- + // for the size the same holds as for the command APDU
- + uint8_t response_apdu[6] = {0};
- +
- + // initialize ack with 0
- + memset(ack->arg, 0, 12);
- + memset(ack->d.asBytes, 0, 48);
- +
- + // power up the field
- + iso14443a_setup();
- +
- + // select the card
- + func_return = iso14443a_select_card(uid, NULL, NULL);
- + // if this failed already, abort
- + if(func_return != 1)
- + {
- + // set fail bit
- + ack->arg[0] |= 0x80000000;
- + UsbSendPacket((void *)ack, sizeof(UsbCommand));
- + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- + LEDsoff();
- + return;
- + }
- +
- + // command APDU to initiate PACE
- + uint8_t i = 0;
- + // CLA
- + command_apdu[i++] = 0x00;
- + // INS
- + command_apdu[i++] = 0x22;
- + // P1
- + command_apdu[i++] = 0xC1;
- + // P2
- + command_apdu[i++] = 0xA4;
- + // Lc: 15 bytes
- + command_apdu[i++] = 0x0F;
- + // Content:
- + // Type: Protocol (by OID)
- + command_apdu[i++] = 0x80;
- + // Length: 10 bytes
- + command_apdu[i++] = 0x0A;
- + // OID
- + // bsi-de
- + command_apdu[i++] = 0x04;
- + command_apdu[i++] = 0x00;
- + command_apdu[i++] = 0x7F;
- + command_apdu[i++] = 0x00;
- + command_apdu[i++] = 0x07;
- + // protocols
- + command_apdu[i++] = 0x02;
- + // smartcard
- + command_apdu[i++] = 0x02;
- + // id_PACE
- + command_apdu[i++] = 0x04;
- + // ECDH-GM
- + command_apdu[i++] = 0x02;
- + // 3DES-CBC-CBC
- + command_apdu[i++] = 0x01;
- + // Type: Password
- + command_apdu[i++] = 0x83;
- + // Length: 1 byte
- + command_apdu[i++] = 0x01;
- + // CAN
- + command_apdu[i++] = 0x02;
- +
- + // send it
- + iso14_apdu(command_apdu, 20, response_apdu);
- + // check if command failed
- + if(func_return == -1 || response_apdu[0] != 0x90 || response_apdu[1] != 0x00)
- + {
- + // fail
- + ack->arg[0] |= 0x80000000;
- + // step 1
- + ack->arg[0] |= 0x20000000;
- + // SW1 of RAPDU
- + ack->arg[0] |= ((uint32_t) response_apdu[0]) << 8;
- + // SW2 of RAPDU
- + ack->arg[0] |= ((uint32_t) response_apdu[1]);
- +
- + // return code
- + ack->arg[1] = func_return;
- +
- + // send it
- + UsbSendPacket((void *)ack, sizeof(UsbCommand));
- + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- + LEDsoff();
- + return;
- + }
- + // clear command and response APDUs
- + memset(command_apdu, 0, 20);
- + memset(response_apdu, 0, 2);
- +
- + // command APDU to request the encrypted nonce
- + i = 0;
- + // CLA
- + command_apdu[i++] = 0x00;
- + // INS
- + command_apdu[i++] = 0x86;
- + // P1
- + command_apdu[i++] = 0x00;
- + // P2
- + command_apdu[i++] = 0x00;
- + // Lc = 2 bytes
- + command_apdu[i++] = 0x02;
- + // Content:
- + // General Authenticate
- + command_apdu[i++] = 0x7C;
- + // zero byte (indicate first step?)
- + command_apdu[i++] = 0x00;
- + // Trailer:
- + // Le = 4 bytes
- + command_apdu[i++] = 0x04;
- +
- + // send it
- + func_return = iso14_apdu(command_apdu, 8, response_apdu);
- + // check if command failed
- + if(func_return == -1 || response_apdu[4] != 0x90 || response_apdu[5] != 0x00)
- + {
- + // fail
- + ack->arg[0] |= 0x80000000;
- + // step 2
- + ack->arg[0] |= 0x40000000;
- + // note: if command failed, APDU consists only of SW1 || SW2, no content
- + // SW1 of RAPDU
- + ack->arg[0] |= ((uint32_t) response_apdu[0]) << 8;
- + // SW2 of RAPDU
- + ack->arg[0] |= ((uint32_t) response_apdu[1]);
- +
- + // return code
- + ack->arg[1] = func_return;
- +
- + // send it
- + UsbSendPacket((void *)ack, sizeof(UsbCommand));
- + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- + LEDsoff();
- + return;
- + }
- +
- + // all succeeded, copy the nonce into the ack and return
- + memcpy(ack->d.asBytes, response_apdu, 4);
- +
- + // all done, return
- + UsbSendPacket((void *)ack, sizeof(UsbCommand));
- + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- + LEDsoff();
- +}
- +
- //-----------------------------------------------------------------------------
- // Read an ISO 14443a tag. Send out commands and store answers.
- //
- Index: armsrc/apps.h
- ===================================================================
- --- armsrc/apps.h (revision 603)
- +++ armsrc/apps.h (working copy)
- @@ -135,6 +135,7 @@
- void RAMFUNC SnoopIso14443a(uint8_t param);
- void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd); // ## simulate iso14443a tag
- void ReaderIso14443a(UsbCommand * c, UsbCommand * ack);
- +void PaceIso14443a(UsbCommand * c, UsbCommand * ack);
- // Also used in iclass.c
- int RAMFUNC LogTrace(const uint8_t * btBytes, int iLen, int iSamples, uint32_t dwParity, int bReader);
- uint32_t GetParity(const uint8_t * pbtCmd, int iLen);
- Index: armsrc/appmain.c
- ===================================================================
- --- armsrc/appmain.c (revision 603)
- +++ armsrc/appmain.c (working copy)
- @@ -711,6 +711,9 @@
- case CMD_READER_ISO_14443a:
- ReaderIso14443a(c, &ack);
- break;
- + case CMD_PACE_ISO_14443a:
- + PaceIso14443a(c, &ack);
- + break;
- case CMD_SIMULATE_TAG_ISO_14443a:
- SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2]); // ## Simulate iso14443a tag - pass tag type & UID
- break;
- Index: common/Makefile.common
- ===================================================================
- --- common/Makefile.common (revision 603)
- +++ common/Makefile.common (working copy)
- @@ -20,7 +20,8 @@
- all:
- -CROSS ?= arm-none-eabi-
- +#CROSS ?= arm-none-eabi-
- +CROSS ?= /home/frederik/uni/Masterarbeit/preparation/proxmark/gnuarm4/bin/arm-eabi-
- CC = $(CROSS)gcc
- AS = $(CROSS)as
- LD = $(CROSS)ld
- @@ -29,6 +30,8 @@
- OBJDIR = obj
- INCLUDE = -I../include -I../common
- +# added by me
- +INCLUDE += -I/home/frederik/uni/Masterarbeit/preparation/proxmark/gnuarm4/include
- TAR=tar
- TARFLAGS = -C .. -rvf
- Index: client/cmdhf14a.c
- ===================================================================
- --- client/cmdhf14a.c (revision 603)
- +++ client/cmdhf14a.c (working copy)
- @@ -199,6 +199,82 @@
- return resp->arg[0];
- }
- +// Collect ISO14443 Type A UIDs
- +int CmdHF14ACUIDs(const char *Cmd)
- +{
- + // requested number of UIDs
- + int n = atoi(Cmd);
- + int i;
- +
- + PrintAndLog("Collecting %d UIDs", n);
- + PrintAndLog("Start: %u", time(NULL));
- + // repeat n times
- + for(i = 0; i < n; i++)
- + {
- + // execute anticollision procedure
- + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};
- + SendCommand(&c);
- + UsbCommand * resp = WaitForResponse(CMD_ACK);
- + uint8_t * uid = resp->d.asBytes;
- + iso14a_card_select_t * card = (iso14a_card_select_t *)(uid + 12);
- +
- + // check if command failed
- + if(resp->arg[0] == 0) {
- + PrintAndLog("Card select failed.");
- + }
- + else
- + {
- + // check if UID is 4 bytes
- + if((card->atqa[1] & 0xC0) == 0)
- + {
- + PrintAndLog("%02X%02X%02X%02X", *uid, *(uid+1), *(uid+2), *(uid+3));
- + }
- + else
- + {
- + PrintAndLog("UID longer than 4 bytes");
- + }
- + }
- + }
- + PrintAndLog("End: %u", time(NULL));
- +
- + return 1;
- +}
- +
- +// Perform initial PACE steps and aqcuire enrypted random nonce
- +int CmdHF14APACE(const char *Cmd)
- +{
- + // requested number of Nonces
- + int n = atoi(Cmd);
- + int i;
- +
- + PrintAndLog("Collecting %d nonces", n);
- + PrintAndLog("Start: %u", time(NULL));
- + // repeat n times
- + for(i = 0; i < n; i++)
- + {
- + // execute PACE
- + UsbCommand c = {CMD_PACE_ISO_14443a, {0, 0, 0}};
- + SendCommand(&c);
- + UsbCommand * resp = WaitForResponse(CMD_ACK);
- +
- + // check if command failed
- + if((resp->arg[0] & 0x80000000) != 0) {
- + PrintAndLog("Operation failed in step %d, Return code: %d, SW: 0x%04X",
- + (resp->arg[0] & 0x60000000) >> 29,
- + (int)resp->arg[1],
- + (resp->arg[0] & 0x0000FFFF));
- + }
- + else
- + {
- + // print nonce
- + PrintAndLog("E(r): 0x%08X", resp->d.asDwords);
- + }
- + }
- + PrintAndLog("End: %u", time(NULL));
- +
- + return 1;
- +}
- +
- // ## simulate iso14443a tag
- // ## greg - added ability to specify tag UID
- int CmdHF14ASim(const char *Cmd)
- @@ -313,6 +389,8 @@
- {"help", CmdHelp, 1, "This help"},
- {"list", CmdHF14AList, 0, "List ISO 14443a history"},
- {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"},
- + {"cuids", CmdHF14ACUIDs, 0, "<n> Collect n ISO14443 Type A UIDs"},
- + {"pace", CmdHF14APACE, 0, "<n> Acquire n encrypted PACE nonces"},
- {"sim", CmdHF14ASim, 0, "<UID> -- Fake ISO 14443a tag"},
- {"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"},
- {NULL, NULL, 0, NULL}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement