github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-03-12 04:35:36 -07:00
Code Issues Packages Projects Releases Wiki Activity

Basic support for EAC documents (e.g. German Identification Card)

Browse Source 
-new files armsrc/epa.[ch] for ePA (electronic "Personalausweis") related functions
    -Offers elementary functions (EPA_PACE_MSE_Set_AT etc.)
    -Also offers one new USB command: EPA_PACE_Collect_Nonce
-created new command subtree in client: client/hfepa.[ch] ("hf epa")
    -offers "hf epa cnonces" (collect encrypted PACE nonces)
-more to come
This commit is contained in:
frederikmoellers@aol.de 2012-08-28 21:39:50 +00:00
parent b0127e65f1
commit 5acd09bdfb
11 changed files with 601 additions and 7 deletions

2
armsrc/Makefile

@ -16,7 +16,7 @@ APP_CFLAGS = -O2 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DW
#SRC_LCD = fonts.c LCD.c
SRC_LF = lfops.c hitag2.c
SRC_ISO15693 = iso15693.c iso15693tools.c
SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443.c
SRC_CRAPTO1 = crapto1.c crypto1.c

3
armsrc/appmain.c

@ -714,6 +714,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_SIMULATE_TAG_ISO_14443a:
SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2]); // ## Simulate iso14443a tag - pass tag type & UID
break;
case CMD_EPA_PACE_COLLECT_NONCE:
EPA_PACE_Collect_Nonce(c, &ack);
break;
case CMD_READER_MIFARE:
ReaderMifare(c->arg[0]);

3
armsrc/apps.h

@ -143,6 +143,9 @@ void iso14a_clear_tracelen(void);
void iso14a_set_tracing(int enable);
void RAMFUNC SniffMifare(uint8_t param);
/// epa.h
void EPA_PACE_Collect_Nonce(UsbCommand * c, UsbCommand * ack);
// mifarecmd.h
void ReaderMifare(uint32_t parameter);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);

441
armsrc/epa.c Normal file

@ -0,0 +1,441 @@
//-----------------------------------------------------------------------------
// Frederik Möllers - August 2012
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Routines to support the German eletronic "Personalausweis" (ID card)
// Note that the functions which do not implement USB commands do NOT initialize
// the card (with iso14443a_select_card etc.). If You want to use these
// functions, You need to do the setup before calling them!
//-----------------------------------------------------------------------------
#include "iso14443a.h"
#include "epa.h"
// Protocol and Parameter Selection Request
// use regular (1x) speed in both directions
// CRC is already included
static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
// APDUs for communication with German Identification Card
// General Authenticate (request encrypted nonce) WITHOUT the Le at the end
static const uint8_t apdu_general_authenticate_pace_get_nonce[] = {
0x10, // CLA
0x86, // INS
0x00, // P1
0x00, // P2
0x02, // Lc
0x7C, // Type: Dynamic Authentication Data
0x00, // Length: 0 bytes
};
// MSE: Set AT (only CLA, INS, P1 and P2)
static const uint8_t apdu_mse_set_at_start[] = {
0x00, // CLA
0x22, // INS
0xC1, // P1
0xA4, // P2
};
// SELECT BINARY with the ID for EF.CardAccess
static const uint8_t apdu_select_binary_cardaccess[] = {
0x00, // CLA
0xA4, // INS
0x02, // P1
0x0C, // P2
0x02, // Lc
0x01, // ID
0x1C // ID
};
// READ BINARY
static const uint8_t apdu_read_binary[] = {
0x00, // CLA
0xB0, // INS
0x00, // P1
0x00, // P2
0x38 // Le
};
// the leading bytes of a PACE OID
static const uint8_t oid_pace_start[] = {
0x04, // itu-t, identified-organization
0x00, // etsi
0x7F, // reserved
0x00, // etsi-identified-organization
0x07, // bsi-de
0x02, // protocols
0x02, // smartcard
0x04 // id-PACE
};
//-----------------------------------------------------------------------------
// Closes the communication channel and turns off the field
//-----------------------------------------------------------------------------
void EPA_Finish()
{
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
//-----------------------------------------------------------------------------
// Parses DER encoded data, e.g. from EF.CardAccess and fills out the given
// structs. If a pointer is 0, it is ignored.
// The function returns 0 on success and if an error occured, it returns the
// offset where it occured.
//
// TODO: This function can access memory outside of the given data if the DER
// encoding is broken
// TODO: Support skipping elements with a length > 0x7F
// TODO: Support OIDs with a length > 7F
// TODO: Support elements with long tags (tag is longer than 1 byte)
// TODO: Support proprietary PACE domain parameters
//-----------------------------------------------------------------------------
size_t EPA_Parse_CardAccess(uint8_t *data,
size_t length,
pace_version_info_t *pace_info)
{
size_t index = 0;
while (index <= length - 2) {
// determine type of element
// SET or SEQUENCE
if (data[index] == 0x31 || data[index] == 0x30) {
// enter the set (skip tag + length)
index += 2;
// extended length
if ((data[index - 1] & 0x80) != 0) {
index += (data[index] & 0x7F);
}
}
// OID
else if (data[index] == 0x06) {
// is this a PACE OID?
if (data[index + 1] == 0x0A // length matches
&& memcmp(data + index + 2,
oid_pace_start,
sizeof(oid_pace_start)) == 0 // content matches
&& pace_info != NULL)
{
// first, clear the pace_info struct
memset(pace_info, 0, sizeof(pace_version_info_t));
memcpy(pace_info->oid, data + index + 2, sizeof(pace_info->oid));
// a PACE OID is followed by the version
index += data[index + 1] + 2;
if (data[index] == 02 && data[index + 1] == 01) {
pace_info->version = data[index + 2];
index += 3;
}
else {
return index;
}
// after that there might(!) be the parameter ID
if (data[index] == 02 && data[index + 1] == 01) {
pace_info->parameter_id = data[index + 2];
index += 3;
}
}
else {
// skip this OID
index += 2 + data[index + 1];
}
}
// if the length is 0, something is wrong
// TODO: This needs to be extended to support long tags
else if (data[index + 1] == 0) {
return index;
}
else {
// skip this part
// TODO: This needs to be extended to support long tags
// TODO: This needs to be extended to support unknown elements with
// a size > 0x7F
index += 2 + data[index + 1];
}
}
// TODO: We should check whether we reached the end in error, but for that
// we need a better parser (e.g. with states like IN_SET or IN_PACE_INFO)
return 0;
}
//-----------------------------------------------------------------------------
// Read the file EF.CardAccess and save it into a buffer (at most max_length bytes)
// Returns -1 on failure or the length of the data on success
// TODO: for the moment this sends only 1 APDU regardless of the requested length
//-----------------------------------------------------------------------------
int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
{
// the response APDU of the card
// since the card doesn't always care for the expected length we send it,
// we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame)
uint8_t response_apdu[262];
int rapdu_length = 0;
// select the file EF.CardAccess
rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
sizeof(apdu_select_binary_cardaccess),
response_apdu);
if (rapdu_length != 6
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
return -1;
}
// read the file
rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
sizeof(apdu_read_binary),
response_apdu);
if (rapdu_length <= 6
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
return -1;
}
// copy the content into the buffer
// length of data available: apdu_length - 4 (ISO frame) - 2 (SW)
size_t to_copy = rapdu_length - 6;
to_copy = to_copy < max_length ? to_copy : max_length;
memcpy(buffer, response_apdu+2, to_copy);
return to_copy;
}
//-----------------------------------------------------------------------------
// Abort helper function for EPA_PACE_Collect_Nonce
// sets relevant data in ack, sends the response
//-----------------------------------------------------------------------------
static void EPA_PACE_Collect_Nonce_Abort(UsbCommand *ack, uint8_t step, int func_return)
{
// step in which the failure occured
ack->arg[0] = step;
// last return code
ack->arg[1] = func_return;
// send the USB packet
UsbSendPacket((void *)ack, sizeof(UsbCommand));
// power down the field
EPA_Finish();
}
//-----------------------------------------------------------------------------
// Acquire one encrypted PACE nonce
//-----------------------------------------------------------------------------
void EPA_PACE_Collect_Nonce(UsbCommand *c, UsbCommand *ack)
{
/*
* ack layout:
* arg:
* 1. element
* step where the error occured or 0 if no error occured
* 2. element
* return code of the last executed function
* d:
* Encrypted nonce
*/
// return value of a function
int func_return;
// initialize ack with 0s
memset(ack->arg, 0, 12);
memset(ack->d.asBytes, 0, 48);
// set up communication
func_return = EPA_Setup();
if (func_return != 0) {
EPA_PACE_Collect_Nonce_Abort(ack, 1, func_return);
return;
}
// increase the timeout (at least some cards really do need this!)
iso14a_set_timeout(0x0002FFFF);
// read the CardAccess file
// this array will hold the CardAccess file
uint8_t card_access[256] = {0};
int card_access_length = EPA_Read_CardAccess(card_access, 256);
// the response has to be at least this big to hold the OID
if (card_access_length < 18) {
EPA_PACE_Collect_Nonce_Abort(ack, 2, card_access_length);
return;
}
// this will hold the PACE info of the card
pace_version_info_t pace_version_info;
// search for the PACE OID
func_return = EPA_Parse_CardAccess(card_access,
card_access_length,
&pace_version_info);
if (func_return != 0 || pace_version_info.version == 0) {
EPA_PACE_Collect_Nonce_Abort(ack, 3, func_return);
return;
}
// initiate the PACE protocol
// use the CAN for the password since that doesn't change
func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2);
// now get the nonce
uint8_t nonce[256] = {0};
uint8_t requested_size = (uint8_t)c->arg[0];
func_return = EPA_PACE_Get_Nonce(requested_size, nonce);
// check if the command succeeded
if (func_return < 0)
{
EPA_PACE_Collect_Nonce_Abort(ack, 4, func_return);
return;
}
// save received information
ack->arg[1] = func_return;
memcpy(ack->d.asBytes, nonce, func_return);
// all done, return
EPA_Finish();
UsbSendPacket((void *)ack, sizeof(UsbCommand));
}
//-----------------------------------------------------------------------------
// Performs the "Get Nonce" step of the PACE protocol and saves the returned
// nonce. The caller is responsible for allocating enough memory to store the
// nonce. Note that the returned size might be less or than or greater than the
// requested size!
// Returns the actual size of the nonce on success or a less-than-zero error
// code on failure.
//-----------------------------------------------------------------------------
int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
{
// build the APDU
uint8_t apdu[sizeof(apdu_general_authenticate_pace_get_nonce) + 1];
// copy the constant part
memcpy(apdu,
apdu_general_authenticate_pace_get_nonce,
sizeof(apdu_general_authenticate_pace_get_nonce));
// append Le (requested length + 2 due to tag/length taking 2 bytes) in RAPDU
apdu[sizeof(apdu_general_authenticate_pace_get_nonce)] = requested_length + 4;
// send it
uint8_t response_apdu[262];
int send_return = iso14_apdu(apdu,
sizeof(apdu),
response_apdu);
// check if the command succeeded
if (send_return < 6
|| response_apdu[send_return - 4] != 0x90
|| response_apdu[send_return - 3] != 0x00)
{
return -1;
}
// if there is no nonce in the RAPDU, return here
if (send_return < 10)
{
// no error
return 0;
}
// get the actual length of the nonce
uint8_t nonce_length = response_apdu[5];
if (nonce_length > send_return - 10)
{
nonce_length = send_return - 10;
}
// copy the nonce
memcpy(nonce, response_apdu + 6, nonce_length);
return nonce_length;
}
//-----------------------------------------------------------------------------
// Initializes the PACE protocol by performing the "MSE: Set AT" step
// Returns 0 on success or a non-zero error code on failure
//-----------------------------------------------------------------------------
int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
{
// create the MSE: Set AT APDU
uint8_t apdu[23];
// the minimum length (will be increased as more data is added)
size_t apdu_length = 20;
// copy the constant part
memcpy(apdu,
apdu_mse_set_at_start,
sizeof(apdu_mse_set_at_start));
// type: OID
apdu[5] = 0x80;
// length of the OID
apdu[6] = sizeof(pace_version_info.oid);
// copy the OID
memcpy(apdu + 7,
pace_version_info.oid,
sizeof(pace_version_info.oid));
// type: password
apdu[17] = 0x83;
// length: 1
apdu[18] = 1;
// password
apdu[19] = password;
// if standardized domain parameters are used, copy the ID
if (pace_version_info.parameter_id != 0) {
apdu_length += 3;
// type: domain parameter
apdu[20] = 0x84;
// length: 1
apdu[21] = 1;
// copy the parameter ID
apdu[22] = pace_version_info.parameter_id;
}
// now set Lc to the actual length
apdu[4] = apdu_length - 5;
// send it
uint8_t response_apdu[6];
int send_return = iso14_apdu(apdu,
apdu_length,
response_apdu);
// check if the command succeeded
if (send_return != 6
|| response_apdu[send_return - 4] != 0x90
|| response_apdu[send_return - 3] != 0x00)
{
return 1;
}
return 0;
}
//-----------------------------------------------------------------------------
// Set up a communication channel (Card Select, PPS)
// Returns 0 on success or a non-zero error code on failure
//-----------------------------------------------------------------------------
int EPA_Setup()
{
// return code
int return_code = 0;
// card UID
uint8_t uid[8];
// card select information
iso14a_card_select_t card_select_info;
// power up the field
iso14443a_setup();
// select the card
return_code = iso14443a_select_card(uid, &card_select_info, NULL);
if (return_code != 1) {
return 1;
}
// send the PPS request
ReaderTransmit((uint8_t *)pps, sizeof(pps));
uint8_t pps_response[3];
return_code = ReaderReceive(pps_response);
if (return_code != 3 || pps_response[0] != 0xD0) {
return return_code == 0 ? 2 : return_code;
}
return 0;
}

36
armsrc/epa.h Normal file

@ -0,0 +1,36 @@
//-----------------------------------------------------------------------------
// Frederik Möllers - August 2012
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Routines to support the German eletronic "Personalausweis" (ID card)
//-----------------------------------------------------------------------------
#ifndef __EPA_H
#define __EPA_H
// this struct is used by EPA_Parse_CardAccess and contains info about the
// PACE protocol supported by the chip
typedef struct {
uint8_t oid[10];
uint8_t version;
uint8_t parameter_id;
} pace_version_info_t;
// note: EPA_PACE_GetNonce is declared in apps.h
// general functions
void EPA_Finish();
size_t EPA_Parse_CardAccess(uint8_t *data,
size_t length,
pace_version_info_t *pace_info);
int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length);
int EPA_Setup();
// PACE related functions
int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password);
int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce);
#endif /* __EPA_H */

1
client/Makefile

@ -56,6 +56,7 @@ CMDSRCS = \
cmdhf14a.c \
cmdhf14b.c \
cmdhf15.c \
cmdhfepa.c \
cmdhflegic.c \
cmdhficlass.c \
cmdhfmf.c \

2
client/cmdhf.c

@ -17,6 +17,7 @@
#include "cmdhf14a.h"
#include "cmdhf14b.h"
#include "cmdhf15.h"
#include "cmdhfepa.h"
#include "cmdhflegic.h"
#include "cmdhficlass.h"
#include "cmdhfmf.h"
@ -36,6 +37,7 @@ static command_t CommandTable[] =
{"14a", CmdHF14A, 1, "{ ISO14443A RFIDs... }"},
{"14b", CmdHF14B, 1, "{ ISO14443B RFIDs... }"},
{"15", CmdHF15, 1, "{ ISO15693 RFIDs... }"},
{"epa", CmdHFEPA, 1, "{ German Identification Card... }"},
{"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"},
{"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"},
{"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"},

12
client/cmdhf14a.c

@ -463,12 +463,12 @@ int CmdHF14ASnoop(const char *Cmd) {
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdHF14AList, 0, "List ISO 14443a history"},
{"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"},
{"cuids", CmdHF14ACUIDs, 0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
{"sim", CmdHF14ASim, 0, "<UID> -- Fake ISO 14443a tag"},
{"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"},
{"help", CmdHelp, 1, "This help"},
{"list", CmdHF14AList, 0, "List ISO 14443a history"},
{"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"},
{"cuids", CmdHF14ACUIDs, 0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
{"sim", CmdHF14ASim, 0, "<UID> -- Fake ISO 14443a tag"},
{"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"},
{NULL, NULL, 0, NULL}
};

89
client/cmdhfepa.c Normal file

@ -0,0 +1,89 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2012 Frederik Möllers
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Commands related to the German electronic Identification Card
//-----------------------------------------------------------------------------
#include "util.h"
#include "proxusb.h"
#include "ui.h"
#include "cmdparser.h"
#include "common.h"
#include "cmdmain.h"
#include "cmdhfepa.h"
static int CmdHelp(const char *Cmd);
// Perform (part of) the PACE protocol
int CmdHFEPACollectPACENonces(const char *Cmd)
{
// requested nonce size
uint8_t m = 0;
// requested number of Nonces
unsigned int n = 0;
sscanf(Cmd, "%hhu %u", &m, &n);
// values are expected to be > 0
m = m > 0 ? m : 1;
n = n > 0 ? n : 1;
PrintAndLog("Collecting %u %hhu-byte nonces", n, m);
PrintAndLog("Start: %u", time(NULL));
// repeat n times
for (unsigned int i = 0; i < n; i++) {
// execute PACE
UsbCommand c = {CMD_EPA_PACE_COLLECT_NONCE, {(int)m, 0, 0}};
SendCommand(&c);
UsbCommand *resp = WaitForResponse(CMD_ACK);
// check if command failed
if (resp->arg[0] != 0) {
PrintAndLog("Error in step %d, Return code: %d",
resp->arg[0],
(int)resp->arg[1]);
} else {
size_t nonce_length = resp->arg[1];
char *nonce = (char *) malloc(2 * nonce_length + 1);
for(int j = 0; j < nonce_length; j++) {
snprintf(nonce + (2 * j), 3, "%02X", resp->d.asBytes[j]);
}
// print nonce
PrintAndLog("Length: %d, Nonce: %s",
resp->arg[1], nonce);
}
}
PrintAndLog("End: %u", time(NULL));
return 1;
}
// UI-related stuff
static const command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"cnonces", CmdHFEPACollectPACENonces, 0, "<m> <n> Acquire n>0 encrypted PACE nonces of size m>0"},
{NULL, NULL, 0, NULL}
};
int CmdHelp(const char *Cmd)
{
CmdsHelp(CommandTable);
return 0;
}
int CmdHFEPA(const char *Cmd)
{
// flush
while (WaitForResponseTimeout(CMD_ACK, 500) != NULL) ;
// parse
CmdsParse(CommandTable, Cmd);
return 0;
}

18
client/cmdhfepa.h Normal file

@ -0,0 +1,18 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2012 Frederik Möllers
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Commands related to the German electronic Identification Card
//-----------------------------------------------------------------------------
#ifndef CMDHFEPA_H__
#define CMDHFEPA_H__
int CmdHFEPA(const char *Cmd);
int CmdHFEPACollectPACENonces(const char *Cmd);
#endif // CMDHFEPA_H__

1
include/usb_cmd.h

@ -95,6 +95,7 @@ typedef struct {
#define CMD_SIMULATE_TAG_LEGIC_RF 0x0387
#define CMD_READER_LEGIC_RF 0x0388
#define CMD_WRITER_LEGIC_RF 0x0389
#define CMD_EPA_PACE_COLLECT_NONCE 0x038A
#define CMD_SNOOP_ICLASS 0x0392
#define CMD_SIMULATE_TAG_ICLASS 0x0393