From 1040fa8a86e91714660572af770c73af722c8d1d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 14 Jan 2025 18:18:07 +0100 Subject: [PATCH] style --- armsrc/emvsim.c | 30 +++---- armsrc/emvsim.h | 2 +- armsrc/i2c_direct.c | 29 ++++--- client/src/cmdhfmf.c | 2 +- client/src/emv/cmdemv.c | 8 +- client/src/pm3line_vocabulary.h | 10 ++- doc/commands.json | 133 ++++++++++++++++++++++++++++---- doc/commands.md | 10 ++- 8 files changed, 171 insertions(+), 53 deletions(-) diff --git a/armsrc/emvsim.c b/armsrc/emvsim.c index a18b023c50..4b42b4a1e7 100644 --- a/armsrc/emvsim.c +++ b/armsrc/emvsim.c @@ -138,7 +138,7 @@ static bool MifareSimInit(uint16_t flags, uint8_t *datain, uint16_t atqa, uint8_ rSAK[0] = block0[5]; memcpy(rATQA, &block0[6], sizeof(rATQA)); } - // Check for 7 bytes UID: double size uid bits in ATQA + // Check for 7 bytes UID: double size uid bits in ATQA else if ((block0[8] & 0xc0) == 0x40) { flags |= FLAG_7B_UID_IN_DATA_OLD; memcpy(datain, block0, 7); @@ -497,17 +497,17 @@ void EMVsim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint16_t a break; } - // The anti-collision sequence, which is a mandatory part of the card activation sequence. - // It auto with 4-byte UID (= Single Size UID), - // 7 -byte UID (= Double Size UID) or 10-byte UID (= Triple Size UID). - // For details see chapter 2 of AN10927.pdf - // - // This case is used for all Cascade Levels, because: - // 1) Any devices (under Android for example) after full select procedure completed, - // when UID is known, uses "fast-selection" method. In this case reader ignores - // first cascades and tries to select tag by last bytes of UID of last cascade - // 2) Any readers (like ACR122U) uses bit oriented anti-collision frames during selectin, - // same as multiple tags. For details see chapter 6.1.5.3 of ISO/IEC 14443-3 + // The anti-collision sequence, which is a mandatory part of the card activation sequence. + // It auto with 4-byte UID (= Single Size UID), + // 7 -byte UID (= Double Size UID) or 10-byte UID (= Triple Size UID). + // For details see chapter 2 of AN10927.pdf + // + // This case is used for all Cascade Levels, because: + // 1) Any devices (under Android for example) after full select procedure completed, + // when UID is known, uses "fast-selection" method. In this case reader ignores + // first cascades and tries to select tag by last bytes of UID of last cascade + // 2) Any readers (like ACR122U) uses bit oriented anti-collision frames during selectin, + // same as multiple tags. For details see chapter 6.1.5.3 of ISO/IEC 14443-3 case MFEMUL_SELECT: { int uid_index = -1; @@ -591,7 +591,7 @@ void EMVsim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint16_t a break; } - // WORK + // WORK case MFEMUL_WORK: { if (receivedCmd_len == 0) { @@ -700,7 +700,7 @@ void EMVsim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint16_t a // We want to modify corrupted request if ((receivedCmd_len > 5 && receivedCmd[0] != 0x03 && receivedCmd[0] != 0x02 && receivedCmd[1] == 0 && receivedCmd[4] == 0) || (receivedCmd[2] == 0xa8)) { - //if (receivedCmd[2] == 0xa8) { + //if (receivedCmd[2] == 0xa8) { Dbprintf("We saw signing request... modifying it into a generate ac transaction !!!!"); receivedCmd[0] = 0x03; receivedCmd[1] = 0x80; @@ -752,7 +752,7 @@ void EMVsim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint16_t a // This is minus 3 because we don't include the first byte (prepend), plus we don't want to send the // last two bytes (CRC) to the card - CmdSmartRaw(receivedCmd_copy[0], &(receivedCmd_copy[1]), receivedCmd_len_copy-3, (&responseToReader[0]), &responseToReader_len); + CmdSmartRaw(receivedCmd_copy[0], &(receivedCmd_copy[1]), receivedCmd_len_copy - 3, (&responseToReader[0]), &responseToReader_len); EmSendCmd(responseToReader, responseToReader_len); Dbprintf("Sent delayed command to card..."); diff --git a/armsrc/emvsim.h b/armsrc/emvsim.h index 265b9effa7..26ec388bbd 100644 --- a/armsrc/emvsim.h +++ b/armsrc/emvsim.h @@ -26,4 +26,4 @@ void EMVsim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint16_t atqa, uint8_t sak); -#endif \ No newline at end of file +#endif diff --git a/armsrc/i2c_direct.c b/armsrc/i2c_direct.c index 74a7e86b06..2af1f5adf9 100644 --- a/armsrc/i2c_direct.c +++ b/armsrc/i2c_direct.c @@ -41,7 +41,7 @@ static uint8_t fci_template[] = {0x02, 0x6f, 0x5e, 0x84, 0x07, 0xa0, 0x00, 0x00, static uint8_t pay1_response[] = { 0x6F, 0x1E, 0x84, 0x0E, 0x31, 0x50, 0x41, 0x59 }; static uint8_t pay2_response[] = { 0x03, 0x6f, 0x3e, 0x84, 0x0e, 0x32, 0x50, 0x41, 0x59, 0x2e, 0x53, 0x59, 0x53, 0x2e, 0x44, 0x44, 0x46, 0x30, 0x31, 0xa5, 0x2c, 0xbf, 0x0c, 0x29, 0x61, 0x27, 0x4f, 0x07, 0xa0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10, 0x50, 0x0a, 0x56, 0x69, 0x73, 0x61, 0x20, 0x44, 0x65, 0x62, 0x69, 0x74, 0x9f, 0x0a, 0x08, 0x00, 0x01, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0xbf, 0x63, 0x04, 0xdf, 0x20, 0x01, 0x80, 0x90, 0x00, 0x07, 0x9d}; -void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *output, uint16_t *olen) { +static void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *output, uint16_t *olen) { LED_D_ON(); uint16_t len = 0; @@ -85,11 +85,11 @@ void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *ou LogTrace(p->data, p->len, 0, 0, NULL, true); bool res = I2C_BufferWrite( - p->data, - p->len, - (((flags & SC_RAW_T0) == SC_RAW_T0) ? I2C_DEVICE_CMD_SEND_T0 : I2C_DEVICE_CMD_SEND), - I2C_DEVICE_ADDRESS_MAIN - ); + p->data, + p->len, + (((flags & SC_RAW_T0) == SC_RAW_T0) ? I2C_DEVICE_CMD_SEND_T0 : I2C_DEVICE_CMD_SEND), + I2C_DEVICE_ADDRESS_MAIN + ); if (res == false && g_dbglevel > 3) { //DbpString(I2C_ERROR); @@ -126,7 +126,7 @@ void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *ou Dbhexdump(3, &resp[0], false); resp[0] = prepend; resp[1] = 0x6a; - resp[2] =0x82; + resp[2] = 0x82; AddCrc14A(resp, 3); //Dbhexdump(5, &resp[0], false); // special print @@ -139,7 +139,7 @@ void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *ou Dbprintf("***** bad response from card (file not found)..."); resp[0] = prepend; resp[1] = 0x6a; - resp[2] =0x82; + resp[2] = 0x82; AddCrc14A(resp, 3); //Dbhexdump(5, &resp[0], false); // special print @@ -198,14 +198,14 @@ void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *ou len = sizeof(template); Dbhexdump(len, &template[0], false); // special print - AddCrc14A(&template[1], len-3); + AddCrc14A(&template[1], len - 3); Dbprintf("\nafter crc rearranged is: "); Dbhexdump(len, &template[0], false); // special print Dbprintf("\n"); //EmSendCmd(&template[1], len-1); - memcpy(output, &template[1], len-1); - *olen = len-1; + memcpy(output, &template[1], len - 1); + *olen = len - 1; BigBuf_free(); return; @@ -213,7 +213,7 @@ void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *ou //Dbhexdump(len, &resp[1], false); // special print AddCrc14A(&resp[1], len); - Dbhexdump(len+2, &resp[1], false); // special print + Dbhexdump(len + 2, &resp[1], false); // special print // Check we don't want to modify the response (application profile response) //uint8_t modifyme[] = {0x03, 0x77, 0x0e, 0x82, 0x02}; @@ -230,8 +230,7 @@ void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *ou //EmSendCmd(&pay2_response[0], sizeof(pay2_response)); memcpy(output, &pay2_response[0], sizeof(pay2_response)); *olen = sizeof(pay2_response); - } - else if (memcmp(&resp[1], &fci_template[0], 2) == 0 && true) { + } else if (memcmp(&resp[1], &fci_template[0], 2) == 0 && true) { Dbprintf("***** modifying response to have full fci template...!"); //EmSendCmd(&fci_template[0], sizeof(fci_template)); memcpy(output, &fci_template[0], sizeof(fci_template)); @@ -254,7 +253,7 @@ void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint8_t *ou //reply_ng(CMD_SMART_RAW, PM3_SUCCESS, resp, len); - OUT: +OUT: //BigBuf_free(); //set_tracing(false); LEDsoff(); diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 341d0d7d98..e84c0dd166 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -2678,7 +2678,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { if (is_ev1) { // hidden sectors on MFC EV1 sector_cnt += 2; - + // bandaid fix block_cnt += 8; } diff --git a/client/src/emv/cmdemv.c b/client/src/emv/cmdemv.c index 809d7a4e57..38f23082b7 100644 --- a/client/src/emv/cmdemv.c +++ b/client/src/emv/cmdemv.c @@ -636,10 +636,10 @@ static int CmdEMVSmartToNFC(const char *Cmd) { "emv smart2nfc -t -> test that the attached card is working (must be VISA)\n"); void *argtable[] = { - arg_param_begin, - arg_lit0("t", "test", "test that the attached card is working (must be VISA)"), - arg_str0("u", "uid", "", "optional 7 hex bytes UID"), - arg_param_end + arg_param_begin, + arg_lit0("t", "test", "test that the attached card is working (must be VISA)"), + arg_str0("u", "uid", "", "optional 7 hex bytes UID"), + arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); diff --git a/client/src/pm3line_vocabulary.h b/client/src/pm3line_vocabulary.h index f4155935e0..048a92ec88 100644 --- a/client/src/pm3line_vocabulary.h +++ b/client/src/pm3line_vocabulary.h @@ -136,6 +136,7 @@ const static vocabulary_t vocabulary[] = { { 0, "emv scan" }, { 0, "emv search" }, { 0, "emv select" }, + { 0, "emv smart2nfc" }, { 1, "hf help" }, { 1, "hf list" }, { 0, "hf plot" }, @@ -388,7 +389,7 @@ const static vocabulary_t vocabulary[] = { { 0, "hf mf gen3uid" }, { 0, "hf mf gen3blk" }, { 0, "hf mf gen3freeze" }, - { 0, "hf mf ginfo" }, + { 1, "hf mf ginfo" }, { 0, "hf mf ggetblk" }, { 0, "hf mf gload" }, { 0, "hf mf gsave" }, @@ -493,8 +494,13 @@ const static vocabulary_t vocabulary[] = { { 0, "hf ntag424 changefs" }, { 0, "hf ntag424 changekey" }, { 1, "hf seos help" }, - { 0, "hf seos info" }, { 1, "hf seos list" }, + { 0, "hf seos sam" }, + { 0, "hf seos info" }, + { 1, "hf seos pacs" }, + { 1, "hf seos adf" }, + { 1, "hf seos gdf" }, + { 1, "hf seos managekeys" }, { 1, "hf st25ta help" }, { 0, "hf st25ta info" }, { 1, "hf st25ta list" }, diff --git a/doc/commands.json b/doc/commands.json index 157451109e..d3b4e711e9 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -1093,6 +1093,20 @@ ], "usage": "emv select [-hskatw] " }, + "emv smart2nfc": { + "command": "emv smart2nfc", + "description": "Executes ISO14443a payment, TX using ISO7816 interface for authentication", + "notes": [ + "emv smart2nfc -t -> test that the attached card is working (must be VISA)" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-t, --test test that the attached card is working (must be VISA)", + "-u, --uid optional 7 hex bytes UID" + ], + "usage": "emv smart2nfc [-ht] [-u ]" + }, "emv test": { "command": "emv test", "description": "Executes tests", @@ -4974,7 +4988,7 @@ "hf mf ginfo --pwd 01020304 -> get info with password", "hf mf ginfo -d 00000000000002090978009102BDAC19131011121314151604001800FF0002FD -v -> decode config block" ], - "offline": false, + "offline": true, "options": [ "-h, --help This help", "-v, --verbose verbose output", @@ -5106,7 +5120,7 @@ }, "hf mf help": { "command": "hf mf help", - "description": "help This help list List MIFARE history hardnested Nested attack for hardened MIFARE Classic cards decrypt Decrypt Crypto1 data from sniff or trace acl Decode and print MIFARE Classic access rights bytes mad Checks and prints MAD value Value blocks view Display content from tag dump file gdmparsecfg Parse config block to card --------------------------------------------------------------------------------------- hf mf list available offline: yes Alias of `trace list -t mf -c` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", + "description": "help This help list List MIFARE history hardnested Nested attack for hardened MIFARE Classic cards decrypt Decrypt Crypto1 data from sniff or trace acl Decode and print MIFARE Classic access rights bytes mad Checks and prints MAD value Value blocks view Display content from tag dump file ginfo Info about configuration of the card gdmparsecfg Parse config block to card --------------------------------------------------------------------------------------- hf mf list available offline: yes Alias of `trace list -t mf -c` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ "hf mf list --frame -> show frame delay times", "hf mf list -1 -> use trace buffer" @@ -7566,21 +7580,40 @@ ], "usage": "hf search [-hv]" }, - "hf seos help": { - "command": "hf seos help", - "description": "help This help list List SEOS history --------------------------------------------------------------------------------------- hf seos info available offline: no Get info from SEOS tags", + "hf seos adf": { + "command": "hf seos adf", + "description": "Make a GET DATA request to an Application Data File (ADF) of a SEOS Tag The ADF is meant to be read by an application You still need the valid authentication keys to read a card By default: - ADF OID : 2B0601040181E438010102011801010202 - Key Index: 0 - Tag List : 5c02ff00", "notes": [ - "hf seos info" + "hf seos adf", + "hf seos adf -o 2B0601040181E438010102011801010202", + "hf seos adf -o 2B0601040181E438010102011801010202 --ki 0", + "hf seos adf -o 2B0601040181E438010102011801010202 -c 5c02ff41" ], "offline": true, "options": [ - "-h, --help This help" + "-h, --help This help", + "-c, --getdata <0-100> hex bytes for the tag list to Get Data request (Default: 5c02ff00)", + "-o, --oid <0-100> hex bytes for OID (Default: 2B0601040181E438010102011801010202)", + "--ki Specify key index to set key in memory" ], - "usage": "hf seos info [-h]" + "usage": "hf seos adf [-h] [-c ] [-o ] [--ki ]" }, - "hf seos list": { - "command": "hf seos list", - "description": "Alias of `trace list -t seos -c` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", + "hf seos gdf": { + "command": "hf seos gdf", + "description": "Get Global Data File (GDF) from SEOS card By default: - Key Index: 0", + "notes": [ + "hf seos gdfhf seos gdf --ki 0" + ], + "offline": true, + "options": [ + "-h, --help This help", + "--ki Specify key index to set key in memory" + ], + "usage": "hf seos gdf [-h] [--ki ]" + }, + "hf seos help": { + "command": "hf seos help", + "description": "----------- ----------------------- General ----------------------- help This help list List SEOS history ----------- ----------------------- Operations ----------------------- pacs Extract PACS Information from card adf Read an ADF from the card gdf Read an GDF from card ----------- ----------------------- Utils ----------------------- managekeys Manage keys to use with SEOS commands --------------------------------------------------------------------------------------- hf seos list available offline: yes Alias of `trace list -t seos -c` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ "hf seos list --frame -> show frame delay times", "hf seos list -1 -> use trace buffer" @@ -7599,6 +7632,80 @@ ], "usage": "hf seos list [-h1crux] [--frame] [-f ]" }, + "hf seos info": { + "command": "hf seos info", + "description": "Requests the unauthenticated information from the default ADF of a SEOS card - If the card is a SEOS card - Are static RND.ICC keys used (can detect SEOS default keyset) - What encryption and hashing algorithm is use", + "notes": [ + "hf seos info" + ], + "offline": false, + "options": [ + "-h, --help This help" + ], + "usage": "hf seos info [-h]" + }, + "hf seos managekeys": { + "command": "hf seos managekeys", + "description": "Manage SEOS Keys in client memory, keys are required to authenticate with SEOS cards", + "notes": [ + "hf seos managekeys -p", + "hf seos managekeys -p -v", + "hf seos managekeys --ki 0 --nonce 0102030405060708 -> Set nonce value at key index 0", + "hf seos managekeys --load -f mykeys.bin -p -> load from file and prints keys", + "hf seos managekeys --save -f mykeys.bin -> saves keys to file" + ], + "offline": true, + "options": [ + "-h, --help This help", + "--ki Specify key index to set key in memory", + "--nonce Nonce value as 8 hex bytes", + "--privenc Privacy Encryption key as 16 hex bytes", + "--privmac Privacy MAC key as 16 hex bytes", + "--read Undiversified Read key as 16 hex bytes", + "--write Undiversified Write key as 16 hex bytes", + "--admin Undiversified Admin key as 16 hex bytes", + "-f, --file Specify a filename for load / save operations", + "--save Save keys in memory to file specified by filename", + "--load Load keys to memory from file specified by filename", + "-p, --print Print keys loaded into memory", + "-v, --verbose verbose (print all key info)" + ], + "usage": "hf seos managekeys [-hpv] [--ki ] [--nonce ] [--privenc ] [--privmac ] [--read ] [--write ] [--admin ] [-f ] [--save] [--load]" + }, + "hf seos pacs": { + "command": "hf seos pacs", + "description": "Make a GET DATA request to an ADF of a SEOS card By default: - ADF OID : 2B0601040181E438010102011801010202 - Key Index: 0", + "notes": [ + "hf seos pacs", + "hf seos pacs --ki 1", + "hf seos pacs -o 2B0601040181E438010102011801010202 --ki 0" + ], + "offline": true, + "options": [ + "-h, --help This help", + "-o, --oid <0-100> hex bytes for OID (Default: 2B0601040181E438010102011801010202)", + "--ki Specify key index to set key in memory" + ], + "usage": "hf seos pacs [-h] [-o ] [--ki ]" + }, + "hf seos sam": { + "command": "hf seos sam", + "description": "Extract PACS via a HID SAM", + "notes": [ + "hf seos sam", + "hd seos sam -d a005a103800104 -> get PACS data" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-v, --verbose verbose output", + "-k, --keep keep the field active after command executed", + "-n, --nodetect skip selecting the card and sending card details to SAM", + "-t, --tlv decode TLV", + "-d, --data DER encoded command to send to SAM" + ], + "usage": "hf seos sam [-hvknt] [-d ]..." + }, "hf sniff": { "command": "hf sniff", "description": "The high frequency sniffer will assign all available memory on device for sniffed data. Use `data samples` to download from device and `data plot` to visualize it. Press button to quit the sniffing.", @@ -13093,8 +13200,8 @@ } }, "metadata": { - "commands_extracted": 753, + "commands_extracted": 759, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2025-01-05T12:10:45" + "extracted_on": "2025-01-14T15:42:02" } } diff --git a/doc/commands.md b/doc/commands.md index fbee31f497..8650508ff0 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -163,6 +163,7 @@ Check column "offline" for their availability. |`emv scan `|N |`Scan EMV card and save it contents to json file for emulator` |`emv search `|N |`Try to select all applets from applets list and print installed applets` |`emv select `|N |`Select applet` +|`emv smart2nfc `|N |`Complete transaction as a nfc smart card, using the ISO-7816 interface for auth` ### hf @@ -559,7 +560,7 @@ Check column "offline" for their availability. |`hf mf gen3uid `|N |`Set UID without changing manufacturer block` |`hf mf gen3blk `|N |`Overwrite manufacturer block` |`hf mf gen3freeze `|N |`Perma lock UID changes. irreversible` -|`hf mf ginfo `|N |`Info about configuration of the card` +|`hf mf ginfo `|Y |`Info about configuration of the card` |`hf mf ggetblk `|N |`Read block from card` |`hf mf gload `|N |`Load dump to card` |`hf mf gsave `|N |`Save dump from card into file or emulator` @@ -704,8 +705,13 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`hf seos help `|Y |`This help` -|`hf seos info `|N |`Tag information` |`hf seos list `|Y |`List SEOS history` +|`hf seos sam `|N |`SAM tests` +|`hf seos info `|N |`Tag information` +|`hf seos pacs `|Y |`Extract PACS Information from card` +|`hf seos adf `|Y |`Read an ADF from the card` +|`hf seos gdf `|Y |`Read an GDF from card` +|`hf seos managekeys `|Y |`Manage keys to use with SEOS commands` ### hf st25ta