]> git.zerfleddert.de Git - proxmark3-svn/blob - client/emv/emvcore.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
EVM fixes and additions (RRG repository PRs 78-82 by @merlokk) (#776)
[proxmark3-svn] / client / emv / emvcore.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2017 Merlok
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // EMV core functions
9 //-----------------------------------------------------------------------------
10
11 #include "emvcore.h"
12 #include "emvjson.h"
13 #include "util_posix.h"
14 #include "protocols.h"
15 #ifdef WITH_SMARTCARD
16 #include "cmdsmartcard.h"
17 #endif
18
19 // Got from here. Thanks)
20 // https://eftlab.co.uk/index.php/site-map/knowledge-base/211-emv-aid-rid-pix
21 static const char *PSElist [] = {
22 "325041592E5359532E4444463031", // 2PAY.SYS.DDF01 - Visa Proximity Payment System Environment - PPSE
23 "315041592E5359532E4444463031" // 1PAY.SYS.DDF01 - Visa Payment System Environment - PSE
24 };
25 //static const size_t PSElistLen = sizeof(PSElist)/sizeof(char*);
26
27 char *TransactionTypeStr[] = {
28 "MSD",
29 "VSDC",
30 "qVCDCMCHIP",
31 "CDA"
32 };
33
34 typedef struct {
35 enum CardPSVendor vendor;
36 const char* aid;
37 } TAIDList;
38
39 static const TAIDList AIDlist [] = {
40 // Visa International
41 { CV_VISA, "A00000000305076010"}, // VISA ELO Credit
42 { CV_VISA, "A0000000031010" }, // VISA Debit/Credit (Classic)
43 { CV_VISA, "A000000003101001" }, // VISA Credit
44 { CV_VISA, "A000000003101002" }, // VISA Debit
45 { CV_VISA, "A0000000032010" }, // VISA Electron
46 { CV_VISA, "A0000000032020" }, // VISA
47 { CV_VISA, "A0000000033010" }, // VISA Interlink
48 { CV_VISA, "A0000000034010" }, // VISA Specific
49 { CV_VISA, "A0000000035010" }, // VISA Specific
50 { CV_VISA, "A0000000036010" }, // Domestic Visa Cash Stored Value
51 { CV_VISA, "A0000000036020" }, // International Visa Cash Stored Value
52 { CV_VISA, "A0000000038002" }, // VISA Auth, VisaRemAuthen EMV-CAP (DPA)
53 { CV_VISA, "A0000000038010" }, // VISA Plus
54 { CV_VISA, "A0000000039010" }, // VISA Loyalty
55 { CV_VISA, "A000000003999910" }, // VISA Proprietary ATM
56 // Visa USA
57 { CV_VISA, "A000000098" }, // Debit Card
58 { CV_VISA, "A0000000980848" }, // Debit Card
59 // Mastercard International
60 { CV_MASTERCARD, "A00000000401" }, // MasterCard PayPass
61 { CV_MASTERCARD, "A0000000041010" }, // MasterCard Credit
62 { CV_MASTERCARD, "A00000000410101213" }, // MasterCard Credit
63 { CV_MASTERCARD, "A00000000410101215" }, // MasterCard Credit
64 { CV_MASTERCARD, "A0000000042010" }, // MasterCard Specific
65 { CV_MASTERCARD, "A0000000043010" }, // MasterCard Specific
66 { CV_MASTERCARD, "A0000000043060" }, // Maestro (Debit)
67 { CV_MASTERCARD, "A000000004306001" }, // Maestro (Debit)
68 { CV_MASTERCARD, "A0000000044010" }, // MasterCard Specific
69 { CV_MASTERCARD, "A0000000045010" }, // MasterCard Specific
70 { CV_MASTERCARD, "A0000000046000" }, // Cirrus
71 { CV_MASTERCARD, "A0000000048002" }, // SecureCode Auth EMV-CAP
72 { CV_MASTERCARD, "A0000000049999" }, // MasterCard PayPass
73 { CV_MASTERCARD, "B012345678" }, // Maestro TEST Used for development
74 // American Express
75 { CV_AMERICANEXPRESS, "A000000025" },
76 { CV_AMERICANEXPRESS, "A0000000250000" },
77 { CV_AMERICANEXPRESS, "A00000002501" },
78 { CV_AMERICANEXPRESS, "A000000025010402" },
79 { CV_AMERICANEXPRESS, "A000000025010701" },
80 { CV_AMERICANEXPRESS, "A000000025010801" },
81 // Groupement des Cartes Bancaires "CB"
82 { CV_CB, "A0000000421010" }, // Cartes Bancaire EMV Card
83 { CV_CB, "A0000000422010" },
84 { CV_CB, "A0000000423010" },
85 { CV_CB, "A0000000424010" },
86 { CV_CB, "A0000000425010" },
87 // JCB CO., LTD.
88 { CV_JCB, "A00000006510" }, // JCB
89 { CV_JCB, "A0000000651010" }, // JCB J Smart Credit
90 // Switch Card Services Ltd.
91 { CV_SWITCH, "A0000000050001" }, // Maestro UK
92 { CV_SWITCH, "A0000000050002" }, // Solo
93 // Diners Club International Ltd.
94 { CV_DINERS, "A0000001523010" }, // Discover, Pulse D Pas Discover Card
95 { CV_DINERS, "A0000001524010" }, // Discover, Discover Debit Common Card
96 // Other
97 { CV_OTHER, "A00000002401" }, // Midland Bank Plc - Self Service
98 { CV_OTHER, "A0000000291010" }, // LINK Interchange Network Ltd - Link / American Express
99 { CV_OTHER, "A00000006900" }, // Société Européenne de Monnaie Electronique SEME - Moneo
100 { CV_OTHER, "A000000077010000021000000000003B" }, // Oberthur Technologies France - Visa AEPN
101 { CV_OTHER, "A0000001211010" }, // PBS Danmark A/S - Denmark - Dankort (VISA GEM Vision) - Danish domestic debit card
102 { CV_OTHER, "A0000001410001" }, // Associazione Bancaria Italiana - Italy - PagoBANCOMAT - CoGeBan Consorzio BANCOMAT (Italian domestic debit card)
103 { CV_OTHER, "A0000001544442" }, // Banricompras Debito - Banrisul - Banco do Estado do Rio Grande do SUL - S.A.
104 { CV_OTHER, "A000000172950001" }, // Financial Information Service Co. Ltd. - Taiwan - BAROC Financial Application Taiwan- The Bankers Association of the Republic of China
105 { CV_OTHER, "A0000001850002" }, // Post Office Limited - United Kingdom - UK Post Office Account card
106 { CV_OTHER, "A0000002281010" }, // Saudi Arabian Monetary Agency (SAMA) - Kingdom of Saudi Arabia - SPAN (M/Chip) - SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)
107 { CV_OTHER, "A0000002282010" }, // Saudi Arabian Monetary Agency (SAMA) - Kingdom of Saudi Arabia - SPAN (VIS) - SPAN2 (Saudi Payments Network) - Saudi Arabia domestic credit/debit card (Saudi Arabia Monetary Agency)
108 { CV_OTHER, "A0000002771010" }, // Interac Association - Canada - INTERAC - Canadian domestic credit/debit card
109 { CV_OTHER, "A00000031510100528" }, // Currence Holding/PIN BV - The Netherlands- Currence PuC
110 { CV_OTHER, "A0000003156020" }, // Currence Holding/PIN BV - The Netherlands - Chipknip
111 { CV_OTHER, "A0000003591010028001" }, // Euro Alliance of Payment Schemes s.c.r.l. (EAPS) - Belgium - Girocard EAPS - ZKA (Germany)
112 { CV_OTHER, "A0000003710001" }, // Verve - Nigeria - InterSwitch Verve Card - Nigerian local switch company
113 { CV_OTHER, "A0000004540010" }, // eTranzact - Nigeria - Etranzact Genesis Card - Nigerian local switch company
114 { CV_OTHER, "A0000004540011" }, // eTranzact - Nigeria - Etranzact Genesis Card 2 - Nigerian local switch company
115 { CV_OTHER, "A0000004766C" }, // Google - United States - GOOGLE_PAYMENT_AID
116 { CV_OTHER, "A0000005241010" }, // RuPay - India - RuPay - RuPay (India)
117 { CV_OTHER, "A0000006723010" }, // TROY - Turkey - TROY chip credit card - Turkey's Payment Method
118 { CV_OTHER, "A0000006723020" }, // TROY - Turkey - TROY chip debit card - Turkey's Payment Method
119 { CV_OTHER, "A0000007705850" }, // Indian Oil Corporation Limited - India - XTRAPOWER Fleet Card Program - Indian Oil’s Pre Paid Program
120 { CV_OTHER, "D27600002545500100" }, // ZKA - Germany - Girocard - ZKA Girocard (Geldkarte) (Germany)
121 { CV_OTHER, "D5280050218002" }, // The Netherlands - ? - (Netherlands)
122 { CV_OTHER, "D5780000021010" }, // Bankaxept Norway Bankaxept Norwegian domestic debit card
123 { CV_OTHER, "F0000000030001" }, // BRADESCO - Brazilian Bank Banco Bradesco
124 };
125 static const size_t AIDlistLen = sizeof(AIDlist)/sizeof(TAIDList);
126
127 static bool APDULogging = false;
128 void SetAPDULogging(bool logging) {
129 APDULogging = logging;
130 }
131
132 enum CardPSVendor GetCardPSVendor(uint8_t * AID, size_t AIDlen) {
133 char buf[100] = {0};
134 if (AIDlen < 1)
135 return CV_NA;
136
137 hex_to_buffer((uint8_t *)buf, AID, AIDlen, sizeof(buf) - 1, 0, 0, true);
138
139 for(int i = 0; i < AIDlistLen; i ++) {
140 if (strncmp(AIDlist[i].aid, buf, strlen(AIDlist[i].aid)) == 0){
141 return AIDlist[i].vendor;
142 }
143 }
144
145 return CV_NA;
146 }
147
148 static bool print_cb(void *data, const struct tlv *tlv, int level, bool is_leaf) {
149 emv_tag_dump(tlv, stdout, level);
150 if (is_leaf) {
151 dump_buffer(tlv->value, tlv->len, stdout, level);
152 }
153
154 return true;
155 }
156
157 bool TLVPrintFromBuffer(uint8_t *data, int datalen) {
158 struct tlvdb *t = NULL;
159 t = tlvdb_parse_multi(data, datalen);
160 if (t) {
161 PrintAndLogEx(NORMAL, "-------------------- TLV decoded --------------------");
162
163 tlvdb_visit(t, print_cb, NULL, 0);
164 tlvdb_free(t);
165 return true;
166 } else {
167 PrintAndLogEx(WARNING, "TLV ERROR: Can't parse response as TLV tree.");
168 }
169 return false;
170 }
171
172 void TLVPrintFromTLVLev(struct tlvdb *tlv, int level) {
173 if (!tlv)
174 return;
175
176 tlvdb_visit(tlv, print_cb, NULL, level);
177 }
178
179 void TLVPrintFromTLV(struct tlvdb *tlv) {
180 TLVPrintFromTLVLev(tlv, 0);
181 }
182
183 void TLVPrintAIDlistFromSelectTLV(struct tlvdb *tlv) {
184 PrintAndLogEx(NORMAL, "|------------------|--------|-------------------------|");
185 PrintAndLogEx(NORMAL, "| AID |Priority| Name |");
186 PrintAndLogEx(NORMAL, "|------------------|--------|-------------------------|");
187
188 struct tlvdb *ttmp = tlvdb_find(tlv, 0x6f);
189 if (!ttmp)
190 PrintAndLogEx(NORMAL, "| none |");
191
192 while (ttmp) {
193 const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x84, NULL);
194 const struct tlv *tgName = tlvdb_get_inchild(ttmp, 0x50, NULL);
195 const struct tlv *tgPrio = tlvdb_get_inchild(ttmp, 0x87, NULL);
196 if (!tgAID)
197 break;
198 PrintAndLogEx(NORMAL, "|%s| %s |%s|",
199 sprint_hex_inrow_ex(tgAID->value, tgAID->len, 18),
200 (tgPrio) ? sprint_hex(tgPrio->value, 1) : " ",
201 (tgName) ? sprint_ascii_ex(tgName->value, tgName->len, 25) : " ");
202
203 ttmp = tlvdb_find_next(ttmp, 0x6f);
204 }
205
206 PrintAndLogEx(NORMAL, "|------------------|--------|-------------------------|");
207 }
208
209 struct tlvdb *GetPANFromTrack2(const struct tlv *track2) {
210 char track2Hex[200] = {0};
211 uint8_t PAN[100] = {0};
212 int PANlen = 0;
213 char *tmp = track2Hex;
214
215 if (!track2)
216 return NULL;
217
218 for (int i = 0; i < track2->len; ++i, tmp += 2)
219 sprintf(tmp, "%02x", (unsigned int)track2->value[i]);
220
221 int posD = strchr(track2Hex, 'd') - track2Hex;
222 if (posD < 1)
223 return NULL;
224
225 track2Hex[posD] = 0;
226 if (strlen(track2Hex) % 2) {
227 track2Hex[posD] = 'F';
228 track2Hex[posD + 1] = '\0';
229 }
230
231 param_gethex_to_eol(track2Hex, 0, PAN, sizeof(PAN), &PANlen);
232
233 return tlvdb_fixed(0x5a, PANlen, PAN);
234 }
235
236 struct tlvdb *GetdCVVRawFromTrack2(const struct tlv *track2) {
237 char track2Hex[200] = {0};
238 char dCVVHex[100] = {0};
239 uint8_t dCVV[100] = {0};
240 int dCVVlen = 0;
241 const int PINlen = 5; // must calculated from 9F67 MSD Offset but i have not seen this tag)
242 char *tmp = track2Hex;
243
244 if (!track2)
245 return NULL;
246
247 for (int i = 0; i < track2->len; ++i, tmp += 2)
248 sprintf(tmp, "%02x", (unsigned int)track2->value[i]);
249
250 int posD = strchr(track2Hex, 'd') - track2Hex;
251 if (posD < 1)
252 return NULL;
253
254 memset(dCVVHex, '0', 32);
255 // ATC
256 memcpy(dCVVHex + 0, track2Hex + posD + PINlen + 11, 4);
257 // PAN 5 hex
258 memcpy(dCVVHex + 4, track2Hex, 5);
259 // expire date
260 memcpy(dCVVHex + 9, track2Hex + posD + 1, 4);
261 // service code
262 memcpy(dCVVHex + 13, track2Hex + posD + 5, 3);
263
264 param_gethex_to_eol(dCVVHex, 0, dCVV, sizeof(dCVV), &dCVVlen);
265
266 return tlvdb_fixed(0x02, dCVVlen, dCVV);
267 }
268
269
270 static int EMVExchangeEx(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *apdu, int apdu_len, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
271 {
272 *ResultLen = 0;
273 if (sw) *sw = 0;
274 uint16_t isw = 0;
275 int res = 0;
276
277 if (ActivateField && channel == ECC_CONTACTLESS) {
278 DropField();
279 msleep(50);
280 }
281
282 if (APDULogging)
283 PrintAndLogEx(SUCCESS, ">>>> %s", sprint_hex(apdu, apdu_len));
284
285 switch(channel) {
286 case ECC_CONTACTLESS:
287 // 6 byes + data = INS + CLA + P1 + P2 + Lc + <data = Nc> + Le(?IncludeLe)
288 res = ExchangeAPDU14a(apdu, apdu_len, ActivateField, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen);
289 if (res) {
290 return res;
291 }
292 break;
293 case ECC_CONTACT:
294 //int ExchangeAPDUSC(uint8_t *datain, int datainlen, bool activateCard, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
295 #ifdef WITH_SMARTCARD
296 res = ExchangeAPDUSC(apdu, apdu_len, ActivateField, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen);
297 if (res) {
298 return res;
299 }
300 #endif
301 break;
302 }
303
304 if (APDULogging)
305 PrintAndLogEx(SUCCESS, "<<<< %s", sprint_hex(Result, *ResultLen));
306
307 if (*ResultLen < 2) {
308 return 200;
309 }
310
311 /* if (Result[*ResultLen-2] == 0x61) {
312 uint8_t La = Result[*ResultLen-1];
313 uint8_t get_response[5] = {apdu[0], ISO7816_GET_RESPONSE, 0x00, 0x00, La};
314 return EMVExchangeEx(channel, false, LeaveFieldON, get_response, sizeof(get_response), Result, MaxResultLen, ResultLen, sw, tlv);
315 }*/
316
317 *ResultLen -= 2;
318 isw = Result[*ResultLen] * 0x0100 + Result[*ResultLen + 1];
319 if (sw)
320 *sw = isw;
321
322 if (isw != 0x9000) {
323 if (APDULogging) {
324 PrintAndLogEx(ERR, "APDU(%02x%02x) ERROR: [%4X] %s", apdu[0], apdu[1], isw, GetAPDUCodeDescription(*sw >> 8, *sw & 0xff));
325 return 5;
326 }
327 }
328
329 // add to tlv tree
330 if (tlv) {
331 struct tlvdb *t = tlvdb_parse_multi(Result, *ResultLen);
332 tlvdb_add(tlv, t);
333 }
334
335 return 0;
336 }
337
338 int EMVExchange(EMVCommandChannel channel, bool LeaveFieldON, uint8_t *apdu, int apdu_len, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
339 {
340 uint8_t APDU[APDU_COMMAND_LEN];
341 memcpy(APDU, apdu, apdu_len);
342 APDU[apdu_len] = 0x00;
343 if (channel == ECC_CONTACTLESS) {
344 if (apdu_len == 5 && apdu[4] == 0) {
345 // there is no Lc but an Le == 0 already
346 } else if (apdu_len > 5 && apdu_len == 5 + apdu[4] + 1) {
347 // there is Lc, data and Le
348 } else {
349 if (apdu[1] != 0xc0)
350 apdu_len++; // no Le, add Le = 0x00 because some vendors require it for contactless
351 }
352 }
353 return EMVExchangeEx(channel, false, LeaveFieldON, APDU, apdu_len, Result, MaxResultLen, ResultLen, sw, tlv);
354 }
355
356 int EMVSelect(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
357 {
358 uint8_t Select_APDU[APDU_COMMAND_LEN] = {0x00, ISO7816_SELECT_FILE, 0x04, 0x00, AIDLen, 0x00};
359 memcpy(Select_APDU + 5, AID, AIDLen);
360 int apdulen = 5 + AIDLen;
361 if (channel == ECC_CONTACTLESS) {
362 apdulen++; // some vendors require Le = 0x00 for contactless operations
363 }
364 return EMVExchangeEx(channel, ActivateField, LeaveFieldON, Select_APDU, apdulen, Result, MaxResultLen, ResultLen, sw, tlv);
365 }
366
367 int EMVSelectPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw) {
368 uint8_t buf[APDU_DATA_LEN] = {0};
369 *ResultLen = 0;
370 int len = 0;
371 int res = 0;
372 switch (PSENum) {
373 case 1:
374 param_gethex_to_eol(PSElist[1], 0, buf, sizeof(buf), &len);
375 break;
376 case 2:
377
378 param_gethex_to_eol(PSElist[0], 0, buf, sizeof(buf), &len);
379 break;
380 default:
381 return -1;
382 }
383
384 // select
385 res = EMVSelect(channel, ActivateField, LeaveFieldON, buf, len, Result, MaxResultLen, ResultLen, sw, NULL);
386
387 return res;
388 }
389
390
391 int EMVSelectWithRetry(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t *AID, size_t AIDLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv) {
392 int retrycnt = 0;
393 int res = 0;
394 do {
395 res = EMVSelect(channel, false, true, AID, AIDLen, Result, MaxResultLen, ResultLen, sw, tlv);
396
397 // retry if error and not returned sw error
398 if (res && res != 5) {
399 if (++retrycnt < 3){
400 continue;
401 } else {
402 // card select error, proxmark error
403 if (res == 1) {
404 PrintAndLogEx(WARNING, "Exit...");
405 return 1;
406 }
407
408 retrycnt = 0;
409 PrintAndLogEx(NORMAL, "Retry failed [%s]. Skiped...", sprint_hex_inrow(AID, AIDLen));
410 return res;
411 }
412 }
413 } while (res && res != 5);
414
415 return res;
416 }
417
418
419 int EMVCheckAID(EMVCommandChannel channel, bool decodeTLV, struct tlvdb *tlvdbelm, struct tlvdb *tlv){
420 uint8_t data[APDU_RESPONSE_LEN] = {0};
421 size_t datalen = 0;
422 int res = 0;
423 uint16_t sw = 0;
424
425 while (tlvdbelm) {
426 const struct tlv *tgAID = tlvdb_get_inchild(tlvdbelm, 0x4f, NULL);
427 if (tgAID) {
428 res = EMVSelectWithRetry(channel, false, true, (uint8_t *)tgAID->value, tgAID->len, data, sizeof(data), &datalen, &sw, tlv);
429
430 // if returned sw error
431 if (res == 5) {
432 // next element
433 tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
434 continue;
435 }
436
437 if (res)
438 break;
439
440 // all is ok
441 if (decodeTLV){
442 PrintAndLogEx(NORMAL, "%s:", sprint_hex_inrow(tgAID->value, tgAID->len));
443 TLVPrintFromBuffer(data, datalen);
444 }
445 }
446 tlvdbelm = tlvdb_find_next(tlvdbelm, 0x61);
447 }
448 return res;
449 }
450
451
452 int EMVSearchPSE(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, uint8_t PSENum, bool decodeTLV, struct tlvdb *tlv) {
453 uint8_t data[APDU_RESPONSE_LEN] = {0};
454 size_t datalen = 0;
455 uint8_t sfidata[0x11][APDU_RESPONSE_LEN] = {0};
456 size_t sfidatalen[0x11] = {0};
457 uint16_t sw = 0;
458 int res;
459 bool fileFound = false;
460
461 char *PSE_or_PPSE = PSENum == 1 ? "PSE" : "PPSE";
462
463 // select PPSE
464 res = EMVSelectPSE(channel, ActivateField, true, PSENum, data, sizeof(data), &datalen, &sw);
465
466 if (!res){
467 if (sw != 0x9000) {
468 PrintAndLogEx(FAILED, "Select PSE error. APDU error: %04x.", sw);
469 return 1;
470 }
471
472 struct tlvdb *t = NULL;
473 t = tlvdb_parse_multi(data, datalen);
474 if (t) {
475 // PSE/PPSE with SFI
476 struct tlvdb *tsfi = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0x88, 0x00});
477 if (tsfi) {
478 uint8_t sfin = 0;
479 tlv_get_uint8(tlvdb_get_tlv(tsfi), &sfin);
480 PrintAndLogEx(INFO, "* PPSE get SFI: 0x%02x.", sfin);
481
482 for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
483 PrintAndLogEx(INFO, "* * Get SFI: 0x%02x. num: 0x%02x", sfin, ui);
484 res = EMVReadRecord(channel, true, sfin, ui, sfidata[ui], APDU_RESPONSE_LEN, &sfidatalen[ui], &sw, NULL);
485
486 // end of records
487 if (sw == 0x6a83) {
488 sfidatalen[ui] = 0;
489 PrintAndLogEx(INFO, "* * PPSE get SFI. End of records.");
490 break;
491 }
492
493 // error catch!
494 if (sw != 0x9000) {
495 sfidatalen[ui] = 0;
496 PrintAndLogEx(FAILED, "PPSE get Error. APDU error: %04x.", sw);
497 break;
498 }
499
500 if (decodeTLV){
501 TLVPrintFromBuffer(sfidata[ui], sfidatalen[ui]);
502 }
503 }
504
505 for (uint8_t ui = 0x01; ui <= 0x10; ui++) {
506 if (sfidatalen[ui]) {
507 struct tlvdb *tsfi = NULL;
508 tsfi = tlvdb_parse_multi(sfidata[ui], sfidatalen[ui]);
509 if (tsfi) {
510 struct tlvdb *tsfitmp = tlvdb_find_path(tsfi, (tlv_tag_t[]){0x70, 0x61, 0x00});
511 if (!tsfitmp) {
512 PrintAndLogEx(FAILED, "SFI 0x%02d doesn't have any records.", sfidatalen[ui]);
513 continue;
514 }
515 res = EMVCheckAID(channel, decodeTLV, tsfitmp, tlv);
516 fileFound = true;
517 }
518 tlvdb_free(tsfi);
519 }
520 }
521 }
522
523
524 // PSE/PPSE plain (wo SFI)
525 struct tlvdb *ttmp = tlvdb_find_path(t, (tlv_tag_t[]){0x6f, 0xa5, 0xbf0c, 0x61, 0x00});
526 if (ttmp) {
527 res = EMVCheckAID(channel, decodeTLV, ttmp, tlv);
528 fileFound = true;
529 }
530
531 if (!fileFound)
532 PrintAndLogEx(FAILED, "PPSE doesn't have any records.");
533
534 tlvdb_free(t);
535 } else {
536 PrintAndLogEx(WARNING, "%s ERROR: Can't get TLV from response.", PSE_or_PPSE);
537 }
538 } else {
539 PrintAndLogEx(WARNING, "%s ERROR: Can't select PPSE AID. Error: %d", PSE_or_PPSE, res);
540 }
541
542 if(!LeaveFieldON && channel == ECC_CONTACTLESS)
543 DropField();
544
545 return res;
546 }
547
548 int EMVSearch(EMVCommandChannel channel, bool ActivateField, bool LeaveFieldON, bool decodeTLV, struct tlvdb *tlv) {
549 uint8_t aidbuf[APDU_DATA_LEN] = {0};
550 int aidlen = 0;
551 uint8_t data[APDU_RESPONSE_LEN] = {0};
552 size_t datalen = 0;
553 uint16_t sw = 0;
554
555 int res = 0;
556 int retrycnt = 0;
557 for(int i = 0; i < AIDlistLen; i ++) {
558 param_gethex_to_eol(AIDlist[i].aid, 0, aidbuf, sizeof(aidbuf), &aidlen);
559 res = EMVSelect(channel, (i == 0) ? ActivateField : false, (i == AIDlistLen - 1) ? LeaveFieldON : true, aidbuf, aidlen, data, sizeof(data), &datalen, &sw, tlv);
560 // retry if error and not returned sw error
561 if (res && res != 5) {
562 if (++retrycnt < 3){
563 i--;
564 } else {
565 // (1) - card select error, proxmark error OR (200) - result length = 0
566 if (res == 1 || res == 200) {
567 PrintAndLogEx(WARNING, "Exit...");
568 return 1;
569 }
570
571 retrycnt = 0;
572 PrintAndLogEx(FAILED, "Retry failed [%s]. Skipped...", AIDlist[i].aid);
573 }
574 continue;
575 }
576 retrycnt = 0;
577
578 if (res)
579 continue;
580
581 if (!datalen)
582 continue;
583
584 if (decodeTLV) {
585 PrintAndLogEx(SUCCESS, "%s", AIDlist[i].aid);
586 TLVPrintFromBuffer(data, datalen);
587 }
588 }
589
590 return 0;
591 }
592
593 int EMVSelectApplication(struct tlvdb *tlv, uint8_t *AID, size_t *AIDlen) {
594 // check priority. 0x00 - highest
595 int prio = 0xffff;
596
597 *AIDlen = 0;
598
599 struct tlvdb *ttmp = tlvdb_find(tlv, 0x6f);
600 if (!ttmp)
601 return 1;
602
603 while (ttmp) {
604 const struct tlv *tgAID = tlvdb_get_inchild(ttmp, 0x84, NULL);
605 const struct tlv *tgPrio = tlvdb_get_inchild(ttmp, 0x87, NULL);
606
607 if (!tgAID)
608 break;
609
610 if (tgPrio) {
611 int pt = bytes_to_num((uint8_t*)tgPrio->value, (tgPrio->len < 2) ? tgPrio->len : 2);
612 if (pt < prio) {
613 prio = pt;
614
615 memcpy(AID, tgAID->value, tgAID->len);
616 *AIDlen = tgAID->len;
617 }
618 } else {
619 // takes the first application from list wo priority
620 if (!*AIDlen) {
621 memcpy(AID, tgAID->value, tgAID->len);
622 *AIDlen = tgAID->len;
623 }
624 }
625
626 ttmp = tlvdb_find_next(ttmp, 0x6f);
627 }
628
629 return 0;
630 }
631
632 int EMVGPO(EMVCommandChannel channel, bool LeaveFieldON, uint8_t *PDOL, size_t PDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
633 {
634 uint8_t GPO_APDU[APDU_COMMAND_LEN] = {0x80, 0xa8, 0x00, 0x00, PDOLLen, 0x00};
635 memcpy(GPO_APDU + 5, PDOL, PDOLLen);
636 int apdulen = 5 + PDOLLen;
637
638 return EMVExchange(channel, LeaveFieldON, GPO_APDU, apdulen, Result, MaxResultLen, ResultLen, sw, tlv);
639 }
640
641 int EMVReadRecord(EMVCommandChannel channel, bool LeaveFieldON, uint8_t SFI, uint8_t SFIrec, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
642 {
643 uint8_t read_APDU[5] = {0x00, ISO7816_READ_RECORDS, SFIrec, (SFI << 3) | 0x04, 0x00};
644 int res = EMVExchange(channel, LeaveFieldON, read_APDU, sizeof(read_APDU), Result, MaxResultLen, ResultLen, sw, tlv);
645 if (*sw == 0x6700) {
646 PrintAndLogEx(INFO, ">>> trying to reissue command withouth Le...");
647 res = EMVExchangeEx(channel, false, LeaveFieldON, read_APDU, sizeof(read_APDU), Result, MaxResultLen, ResultLen, sw, tlv);
648 }
649 return res;
650 }
651
652 int EMVAC(EMVCommandChannel channel, bool LeaveFieldON, uint8_t RefControl, uint8_t *CDOL, size_t CDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
653 {
654 uint8_t CDOL_APDU[APDU_COMMAND_LEN] = {0x80, 0xae, RefControl, 0x00, CDOLLen, 0x00};
655 memcpy(CDOL_APDU + 5, CDOL, CDOLLen);
656 int apdulen = 5 + CDOLLen;
657
658 return EMVExchange(channel, LeaveFieldON, CDOL_APDU, apdulen, Result, MaxResultLen, ResultLen, sw, tlv);
659 }
660
661 int EMVGenerateChallenge(EMVCommandChannel channel, bool LeaveFieldON, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
662 {
663 uint8_t get_challenge_APDU[APDU_COMMAND_LEN] = {0x00, ISO7816_GET_CHALLENGE, 0x00, 0x00};
664
665 int res = EMVExchange(channel, LeaveFieldON, get_challenge_APDU, 4, Result, MaxResultLen, ResultLen, sw, tlv);
666 if (*sw == 0x6700) {
667 PrintAndLogEx(INFO, ">>> trying to reissue command withouth Le...");
668 res = EMVExchangeEx(channel, false, LeaveFieldON, get_challenge_APDU, 4, Result, MaxResultLen, ResultLen, sw, tlv);
669 }
670 return res;
671 }
672
673 int EMVInternalAuthenticate(EMVCommandChannel channel, bool LeaveFieldON, uint8_t *DDOL, size_t DDOLLen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
674 {
675 uint8_t authenticate_APDU[APDU_COMMAND_LEN] = {0x00, ISO7816_INTERNAL_AUTHENTICATION, 0x00, 0x00, DDOLLen, 0x00};
676 memcpy(authenticate_APDU + 5, DDOL, DDOLLen);
677 int apdulen = 5 + DDOLLen;
678
679 return EMVExchange(channel, LeaveFieldON, authenticate_APDU, apdulen, Result, MaxResultLen, ResultLen, sw, tlv);
680 }
681
682 int MSCComputeCryptoChecksum(EMVCommandChannel channel, bool LeaveFieldON, uint8_t *UDOL, uint8_t UDOLlen, uint8_t *Result, size_t MaxResultLen, size_t *ResultLen, uint16_t *sw, struct tlvdb *tlv)
683 {
684 uint8_t checksum_APDU[APDU_COMMAND_LEN] = {0x80, 0x2a, 0x8e, 0x80, UDOLlen, 0x00};
685 memcpy(checksum_APDU + 5, UDOL, UDOLlen);
686 int apdulen = 5 + UDOLlen;
687
688 return EMVExchange(channel, LeaveFieldON, checksum_APDU, apdulen, Result, MaxResultLen, ResultLen, sw, tlv);
689 }
690
691 // Authentication
692 struct emv_pk *get_ca_pk(struct tlvdb *db) {
693 const struct tlv *df_tlv = tlvdb_get(db, 0x84, NULL);
694 const struct tlv *caidx_tlv = tlvdb_get(db, 0x8f, NULL);
695
696 if (!df_tlv || !caidx_tlv || df_tlv->len < 6 || caidx_tlv->len != 1)
697 return NULL;
698
699 PrintAndLogEx(NORMAL, "CA public key index 0x%0x", caidx_tlv->value[0]);
700 return emv_pk_get_ca_pk(df_tlv->value, caidx_tlv->value[0]);
701 }
702
703 int trSDA(struct tlvdb *tlv) {
704
705 struct emv_pk *pk = get_ca_pk(tlv);
706 if (!pk) {
707 PrintAndLogEx(WARNING, "Error: Key not found. Exit.");
708 return 2;
709 }
710
711 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
712 if (!issuer_pk) {
713 emv_pk_free(pk);
714 PrintAndLogEx(WARNING, "Error: Issuer certificate not found. Exit.");
715 return 2;
716 }
717
718 PrintAndLogEx(SUCCESS, "Issuer PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx",
719 issuer_pk->rid[0],
720 issuer_pk->rid[1],
721 issuer_pk->rid[2],
722 issuer_pk->rid[3],
723 issuer_pk->rid[4],
724 issuer_pk->index,
725 issuer_pk->serial[0],
726 issuer_pk->serial[1],
727 issuer_pk->serial[2]
728 );
729
730 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
731 if (!sda_tlv || sda_tlv->len < 1) {
732 emv_pk_free(issuer_pk);
733 emv_pk_free(pk);
734 PrintAndLogEx(WARNING, "Can't find input list for Offline Data Authentication. Exit.");
735 return 3;
736 }
737
738 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
739 if (dac_db) {
740 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
741 PrintAndLogEx(NORMAL, "SDA verified OK. (Data Authentication Code: %02hhx:%02hhx)\n", dac_tlv->value[0], dac_tlv->value[1]);
742 tlvdb_add(tlv, dac_db);
743 } else {
744 emv_pk_free(issuer_pk);
745 emv_pk_free(pk);
746 PrintAndLogEx(WARNING, "SSAD verify error");
747 return 4;
748 }
749
750 emv_pk_free(issuer_pk);
751 emv_pk_free(pk);
752 return 0;
753 }
754
755 static const unsigned char default_ddol_value[] = {0x9f, 0x37, 0x04};
756 static struct tlv default_ddol_tlv = {.tag = 0x9f49, .len = 3, .value = default_ddol_value };
757
758 int trDDA(EMVCommandChannel channel, bool decodeTLV, struct tlvdb *tlv) {
759 uint8_t buf[APDU_RESPONSE_LEN] = {0};
760 size_t len = 0;
761 uint16_t sw = 0;
762
763 struct emv_pk *pk = get_ca_pk(tlv);
764 if (!pk) {
765 PrintAndLogEx(WARNING, "Error: Key not found. Exit.");
766 return 2;
767 }
768
769 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
770 /* if (!sda_tlv || sda_tlv->len < 1) { it may be 0!!!!
771 emv_pk_free(pk);
772 PrintAndLogEx(WARNING, "Error: Can't find input list for Offline Data Authentication. Exit.");
773 return 3;
774 }
775 */
776 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
777 if (!issuer_pk) {
778 emv_pk_free(pk);
779 PrintAndLogEx(WARNING, "Error: Issuer certificate not found. Exit.");
780 return 2;
781 }
782 PrintAndLogEx(SUCCESS, "Issuer PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx\n",
783 issuer_pk->rid[0],
784 issuer_pk->rid[1],
785 issuer_pk->rid[2],
786 issuer_pk->rid[3],
787 issuer_pk->rid[4],
788 issuer_pk->index,
789 issuer_pk->serial[0],
790 issuer_pk->serial[1],
791 issuer_pk->serial[2]
792 );
793
794 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlv, sda_tlv);
795 if (!icc_pk) {
796 emv_pk_free(pk);
797 emv_pk_free(issuer_pk);
798 PrintAndLogEx(WARNING, "Error: ICC certificate not found. Exit.");
799 return 2;
800 }
801 PrintAndLogEx(SUCCESS, "ICC PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx\n",
802 icc_pk->rid[0],
803 icc_pk->rid[1],
804 icc_pk->rid[2],
805 icc_pk->rid[3],
806 icc_pk->rid[4],
807 icc_pk->index,
808 icc_pk->serial[0],
809 icc_pk->serial[1],
810 icc_pk->serial[2]
811 );
812
813 if (tlvdb_get(tlv, 0x9f2d, NULL)) {
814 struct emv_pk *icc_pe_pk = emv_pki_recover_icc_pe_cert(issuer_pk, tlv);
815 if (!icc_pe_pk) {
816 PrintAndLogEx(WARNING, "WARNING: ICC PE PK recover error. ");
817 } else {
818 PrintAndLogEx(SUCCESS, "ICC PE PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx\n",
819 icc_pe_pk->rid[0],
820 icc_pe_pk->rid[1],
821 icc_pe_pk->rid[2],
822 icc_pe_pk->rid[3],
823 icc_pe_pk->rid[4],
824 icc_pe_pk->index,
825 icc_pe_pk->serial[0],
826 icc_pe_pk->serial[1],
827 icc_pe_pk->serial[2]
828 );
829 }
830 } else {
831 PrintAndLogEx(INFO, "ICC PE PK (PIN Encipherment Public Key Certificate) not found.\n");
832 }
833
834 // 9F4B: Signed Dynamic Application Data
835 const struct tlv *sdad_tlv = tlvdb_get(tlv, 0x9f4b, NULL);
836 // DDA with internal authenticate OR fDDA with filled 0x9F4B tag (GPO result)
837 // EMV kernel3 v2.4, contactless book C-3, C.1., page 147
838 if (sdad_tlv) {
839 PrintAndLogEx(NORMAL, "\n* * Got Signed Dynamic Application Data (9F4B) form GPO. Maybe fDDA...");
840
841 const struct tlvdb *atc_db = emv_pki_recover_atc_ex(icc_pk, tlv, true);
842 if (!atc_db) {
843 PrintAndLogEx(WARNING, "Error: Can't recover IDN (ICC Dynamic Number)");
844 emv_pk_free(pk);
845 emv_pk_free(issuer_pk);
846 emv_pk_free(icc_pk);
847 return 8;
848 }
849
850 // 9f36 Application Transaction Counter (ATC)
851 const struct tlv *atc_tlv = tlvdb_get(atc_db, 0x9f36, NULL);
852 if(atc_tlv) {
853 PrintAndLogEx(NORMAL, "\nATC (Application Transaction Counter) [%zu] %s", atc_tlv->len, sprint_hex_inrow(atc_tlv->value, atc_tlv->len));
854
855 const struct tlv *core_atc_tlv = tlvdb_get(tlv, 0x9f36, NULL);
856 if(tlv_equal(core_atc_tlv, atc_tlv)) {
857 PrintAndLogEx(SUCCESS, "ATC check OK.");
858 PrintAndLogEx(SUCCESS, "fDDA (fast DDA) verified OK.");
859 } else {
860 PrintAndLogEx(WARNING, "Error: fDDA verified, but ATC in the certificate and ATC in the record not the same.");
861 }
862 } else {
863 PrintAndLogEx(NORMAL, "\nERROR: fDDA (fast DDA) verify error");
864 emv_pk_free(pk);
865 emv_pk_free(issuer_pk);
866 emv_pk_free(icc_pk);
867 return 9;
868 }
869 } else {
870 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
871 if (dac_db) {
872 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
873 PrintAndLogEx(NORMAL, "SDAD verified OK. (Data Authentication Code: %02hhx:%02hhx)\n", dac_tlv->value[0], dac_tlv->value[1]);
874 tlvdb_add(tlv, dac_db);
875 } else {
876 PrintAndLogEx(WARNING, "Error: SSAD verify error");
877 emv_pk_free(pk);
878 emv_pk_free(issuer_pk);
879 emv_pk_free(icc_pk);
880 return 4;
881 }
882
883 PrintAndLogEx(NORMAL, "\n* Calc DDOL");
884 const struct tlv *ddol_tlv = tlvdb_get(tlv, 0x9f49, NULL);
885 if (!ddol_tlv) {
886 ddol_tlv = &default_ddol_tlv;
887 PrintAndLogEx(NORMAL, "DDOL [9f49] not found. Using default DDOL");
888 }
889
890 struct tlv *ddol_data_tlv = dol_process(ddol_tlv, tlv, 0);
891 if (!ddol_data_tlv) {
892 PrintAndLogEx(WARNING, "Error: Can't create DDOL TLV");
893 emv_pk_free(pk);
894 emv_pk_free(issuer_pk);
895 emv_pk_free(icc_pk);
896 return 5;
897 }
898
899 PrintAndLogEx(NORMAL, "DDOL data[%d]: %s", ddol_data_tlv->len, sprint_hex(ddol_data_tlv->value, ddol_data_tlv->len));
900
901 PrintAndLogEx(NORMAL, "\n* Internal Authenticate");
902 int res = EMVInternalAuthenticate(channel, true, (uint8_t *)ddol_data_tlv->value, ddol_data_tlv->len, buf, sizeof(buf), &len, &sw, NULL);
903 if (res) {
904 PrintAndLogEx(WARNING, "Internal Authenticate error(%d): %4x. Exit...", res, sw);
905 free(ddol_data_tlv);
906 emv_pk_free(pk);
907 emv_pk_free(issuer_pk);
908 emv_pk_free(icc_pk);
909 return 6;
910 }
911
912 struct tlvdb *dda_db = NULL;
913 if (buf[0] == 0x80) {
914 if (len < 3 ) {
915 PrintAndLogEx(WARNING, "Error: Internal Authenticate format1 parsing error. length=%d", len);
916 } else {
917 // parse response 0x80
918 struct tlvdb *t80 = tlvdb_parse_multi(buf, len);
919 const struct tlv * t80tlv = tlvdb_get_tlv(t80);
920
921 // 9f4b Signed Dynamic Application Data
922 dda_db = tlvdb_fixed(0x9f4b, t80tlv->len, t80tlv->value);
923 tlvdb_add(tlv, dda_db);
924
925 tlvdb_free(t80);
926
927 if (decodeTLV){
928 PrintAndLogEx(NORMAL, "* * Decode response format 1:");
929 TLVPrintFromTLV(dda_db);
930 }
931 }
932 } else {
933 dda_db = tlvdb_parse_multi(buf, len);
934 if(!dda_db) {
935 PrintAndLogEx(WARNING, "Error: Can't parse Internal Authenticate result as TLV");
936 free(ddol_data_tlv);
937 emv_pk_free(pk);
938 emv_pk_free(issuer_pk);
939 emv_pk_free(icc_pk);
940 return 7;
941 }
942 tlvdb_add(tlv, dda_db);
943
944 if (decodeTLV)
945 TLVPrintFromTLV(dda_db);
946 }
947
948 struct tlvdb *idn_db = emv_pki_recover_idn_ex(icc_pk, dda_db, ddol_data_tlv, true);
949 free(ddol_data_tlv);
950 if (!idn_db) {
951 PrintAndLogEx(WARNING, "Error: Can't recover IDN (ICC Dynamic Number)");
952 tlvdb_free(dda_db);
953 emv_pk_free(pk);
954 emv_pk_free(issuer_pk);
955 emv_pk_free(icc_pk);
956 return 8;
957 }
958 tlvdb_free(dda_db);
959
960 // 9f4c ICC Dynamic Number
961 const struct tlv *idn_tlv = tlvdb_get(idn_db, 0x9f4c, NULL);
962 if(idn_tlv) {
963 PrintAndLogEx(NORMAL, "\nIDN (ICC Dynamic Number) [%zu] %s", idn_tlv->len, sprint_hex_inrow(idn_tlv->value, idn_tlv->len));
964 PrintAndLogEx(NORMAL, "DDA verified OK.");
965 tlvdb_add(tlv, idn_db);
966 tlvdb_free(idn_db);
967 } else {
968 PrintAndLogEx(NORMAL, "\nERROR: DDA verify error");
969 tlvdb_free(idn_db);
970
971 emv_pk_free(pk);
972 emv_pk_free(issuer_pk);
973 emv_pk_free(icc_pk);
974 return 9;
975 }
976 }
977
978 emv_pk_free(pk);
979 emv_pk_free(issuer_pk);
980 emv_pk_free(icc_pk);
981 return 0;
982 }
983
984 int trCDA(struct tlvdb *tlv, struct tlvdb *ac_tlv, struct tlv *pdol_data_tlv, struct tlv *ac_data_tlv) {
985
986 struct emv_pk *pk = get_ca_pk(tlv);
987 if (!pk) {
988 PrintAndLogEx(WARNING, "Error: Key not found. Exit.");
989 return 2;
990 }
991
992 const struct tlv *sda_tlv = tlvdb_get(tlv, 0x21, NULL);
993 if (!sda_tlv || sda_tlv->len < 1) {
994 PrintAndLogEx(WARNING, "Error: Can't find input list for Offline Data Authentication. Exit.");
995 emv_pk_free(pk);
996 return 3;
997 }
998
999 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlv);
1000 if (!issuer_pk) {
1001 PrintAndLogEx(WARNING, "Error: Issuer certificate not found. Exit.");
1002 emv_pk_free(pk);
1003 return 2;
1004 }
1005 PrintAndLogEx(SUCCESS, "Issuer PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx\n",
1006 issuer_pk->rid[0],
1007 issuer_pk->rid[1],
1008 issuer_pk->rid[2],
1009 issuer_pk->rid[3],
1010 issuer_pk->rid[4],
1011 issuer_pk->index,
1012 issuer_pk->serial[0],
1013 issuer_pk->serial[1],
1014 issuer_pk->serial[2]
1015 );
1016
1017 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlv, sda_tlv);
1018 if (!icc_pk) {
1019 PrintAndLogEx(WARNING, "Error: ICC setrificate not found. Exit.");
1020 emv_pk_free(pk);
1021 emv_pk_free(issuer_pk);
1022 return 2;
1023 }
1024 PrintAndLogEx(SUCCESS, "ICC PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx\n",
1025 icc_pk->rid[0],
1026 icc_pk->rid[1],
1027 icc_pk->rid[2],
1028 icc_pk->rid[3],
1029 icc_pk->rid[4],
1030 icc_pk->index,
1031 icc_pk->serial[0],
1032 icc_pk->serial[1],
1033 icc_pk->serial[2]
1034 );
1035
1036 struct tlvdb *dac_db = emv_pki_recover_dac(issuer_pk, tlv, sda_tlv);
1037 if (dac_db) {
1038 const struct tlv *dac_tlv = tlvdb_get(dac_db, 0x9f45, NULL);
1039 PrintAndLogEx(NORMAL, "SSAD verified OK. (%02hhx:%02hhx)", dac_tlv->value[0], dac_tlv->value[1]);
1040 tlvdb_add(tlv, dac_db);
1041 } else {
1042 PrintAndLogEx(WARNING, "Error: SSAD verify error");
1043 emv_pk_free(pk);
1044 emv_pk_free(issuer_pk);
1045 emv_pk_free(icc_pk);
1046 return 4;
1047 }
1048
1049 PrintAndLogEx(NORMAL, "\n* * Check Signed Dynamic Application Data (SDAD)");
1050 struct tlvdb *idn_db = emv_pki_perform_cda_ex(icc_pk, tlv, ac_tlv,
1051 pdol_data_tlv, // pdol
1052 ac_data_tlv, // cdol1
1053 NULL, // cdol2
1054 true);
1055 if (idn_db) {
1056 const struct tlv *idn_tlv = tlvdb_get(idn_db, 0x9f4c, NULL);
1057 PrintAndLogEx(NORMAL, "\nIDN (ICC Dynamic Number) [%zu] %s", idn_tlv->len, sprint_hex_inrow(idn_tlv->value, idn_tlv->len));
1058 PrintAndLogEx(NORMAL, "CDA verified OK.");
1059 tlvdb_add(tlv, idn_db);
1060 } else {
1061 PrintAndLogEx(NORMAL, "\nERROR: CDA verify error");
1062 }
1063
1064 emv_pk_free(pk);
1065 emv_pk_free(issuer_pk);
1066 emv_pk_free(icc_pk);
1067 return 0;
1068 }
1069
1070 int RecoveryCertificates(struct tlvdb *tlvRoot, json_t *root) {
1071
1072 struct emv_pk *pk = get_ca_pk(tlvRoot);
1073 if (!pk) {
1074 PrintAndLog("ERROR: Key not found. Exit.");
1075 return 1;
1076 }
1077
1078 struct emv_pk *issuer_pk = emv_pki_recover_issuer_cert(pk, tlvRoot);
1079 if (!issuer_pk) {
1080 emv_pk_free(pk);
1081 PrintAndLog("WARNING: Issuer certificate not found. Exit.");
1082 return 2;
1083 }
1084 PrintAndLogEx(SUCCESS, "Issuer PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx",
1085 issuer_pk->rid[0],
1086 issuer_pk->rid[1],
1087 issuer_pk->rid[2],
1088 issuer_pk->rid[3],
1089 issuer_pk->rid[4],
1090 issuer_pk->index,
1091 issuer_pk->serial[0],
1092 issuer_pk->serial[1],
1093 issuer_pk->serial[2]
1094 );
1095
1096 JsonSaveBufAsHex(root, "$.ApplicationData.RID", issuer_pk->rid, 5);
1097
1098 char *issuer_pk_c = emv_pk_dump_pk(issuer_pk);
1099 JsonSaveStr(root, "$.ApplicationData.IssuerPublicKeyDec", issuer_pk_c);
1100 JsonSaveBufAsHex(root, "$.ApplicationData.IssuerPublicKeyModulus", issuer_pk->modulus, issuer_pk->mlen);
1101 free(issuer_pk_c);
1102
1103 struct emv_pk *icc_pk = emv_pki_recover_icc_cert(issuer_pk, tlvRoot, NULL);
1104 if (!icc_pk) {
1105 emv_pk_free(pk);
1106 emv_pk_free(issuer_pk);
1107 PrintAndLogEx(WARNING, "WARNING: ICC certificate not found. Exit.");
1108 return 2;
1109 }
1110 PrintAndLogEx(SUCCESS, "ICC PK recovered. RID %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx CSN %02hhx:%02hhx:%02hhx\n",
1111 icc_pk->rid[0],
1112 icc_pk->rid[1],
1113 icc_pk->rid[2],
1114 icc_pk->rid[3],
1115 icc_pk->rid[4],
1116 icc_pk->index,
1117 icc_pk->serial[0],
1118 icc_pk->serial[1],
1119 icc_pk->serial[2]
1120 );
1121
1122 char *icc_pk_c = emv_pk_dump_pk(icc_pk);
1123 JsonSaveStr(root, "$.ApplicationData.ICCPublicKeyDec", icc_pk_c);
1124 JsonSaveBufAsHex(root, "$.ApplicationData.ICCPublicKeyModulus", icc_pk->modulus, icc_pk->mlen);
1125 free(issuer_pk_c);
1126
1127 return 0;
1128 }
Proxmark3 GIT tracking
Impressum, Datenschutz