[proxmark3-svn] / client / cmdhfmfdes.c

//-----------------------------------------------------------------------------
// Copyright (C) 2014 Iceman
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// High frequency MIFARE Desfire commands
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <openssl/des.h>
#include "cmdmain.h"
#include "proxmark3.h"
#include "../include/common.h"
#include "../include/mifare.h"
#include "../common/iso14443crc.h"
#include "data.h"
#include "ui.h"
#include "cmdparser.h"
#include "util.h"
#include "cmdhfmfdes.h"


uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };


static int CmdHelp(const char *Cmd);
static void xor(unsigned char * dst, unsigned char * src, size_t len);
static int32_t le24toh (uint8_t data[3]);


int CmdHF14ADesWb(const char *Cmd)
{
/* 	uint8_t blockNo = 0;
	uint8_t keyType = 0;
	uint8_t key[6] = {0, 0, 0, 0, 0, 0};
	uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
	
	char cmdp	= 0x00;

	if (strlen(Cmd)<3) {
		PrintAndLog("Usage:  hf mf wrbl    <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");
		PrintAndLog("        sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");
		return 0;
	}	

	blockNo = param_get8(Cmd, 0);
	cmdp = param_getchar(Cmd, 1);
	if (cmdp == 0x00) {
		PrintAndLog("Key type must be A or B");
		return 1;
	}
	if (cmdp != 'A' && cmdp != 'a') keyType = 1;
	if (param_gethex(Cmd, 2, key, 12)) {
		PrintAndLog("Key must include 12 HEX symbols");
		return 1;
	}
	if (param_gethex(Cmd, 3, bldata, 32)) {
		PrintAndLog("Block data must include 32 HEX symbols");
		return 1;
	}
	PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6));
	PrintAndLog("--data: %s", sprint_hex(bldata, 16));
	
  UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
	memcpy(c.d.asBytes, key, 6);
	memcpy(c.d.asBytes + 10, bldata, 16);
  SendCommand(&c);

	UsbCommand resp;
	if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
		uint8_t isOK  = resp.arg[0] & 0xff;
		PrintAndLog("isOk:%02x", isOK);
	} else {
		PrintAndLog("Command execute timeout");
	}
 */
	return 0;
}

int CmdHF14ADesRb(const char *Cmd)
{
	// uint8_t blockNo = 0;
	// uint8_t keyType = 0;
	// uint8_t key[6] = {0, 0, 0, 0, 0, 0};
	
	// char cmdp	= 0x00;


	// if (strlen(Cmd)<3) {
		// PrintAndLog("Usage:  hf mf rdbl    <block number> <key A/B> <key (12 hex symbols)>");
		// PrintAndLog("        sample: hf mf rdbl 0 A FFFFFFFFFFFF ");
		// return 0;
	// }	
	
	// blockNo = param_get8(Cmd, 0);
	// cmdp = param_getchar(Cmd, 1);
	// if (cmdp == 0x00) {
		// PrintAndLog("Key type must be A or B");
		// return 1;
	// }
	// if (cmdp != 'A' && cmdp != 'a') keyType = 1;
	// if (param_gethex(Cmd, 2, key, 12)) {
		// PrintAndLog("Key must include 12 HEX symbols");
		// return 1;
	// }
	// PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6));
	
  // UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
	// memcpy(c.d.asBytes, key, 6);
  // SendCommand(&c);

	// UsbCommand resp;
	// if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
		// uint8_t                isOK  = resp.arg[0] & 0xff;
		// uint8_t              * data  = resp.d.asBytes;

		// if (isOK)
			// PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));
		// else
			// PrintAndLog("isOk:%02x", isOK);
	// } else {
		// PrintAndLog("Command execute timeout");
	// }

  return 0;
}

int CmdHF14ADesInfo(const char *Cmd){

	UsbCommand c = {CMD_MIFARE_DESFIRE_INFO};
    SendCommand(&c);
	UsbCommand resp;
	
	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
		PrintAndLog("Command execute timeout");
		return 0;
	}
	uint8_t isOK  = resp.arg[0] & 0xff;
	if ( !isOK ){
		PrintAndLog("Command unsuccessfull");
		return 0;
	}  
	
	PrintAndLog("---Desfire Information---------------------------------------");
	PrintAndLog("-------------------------------------------------------------");
	PrintAndLog("  UID                : %s",sprint_hex(resp.d.asBytes, 7));
	PrintAndLog("  Batch number       : %s",sprint_hex(resp.d.asBytes+28,5));
	PrintAndLog("  Production date    : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]);
	PrintAndLog("-------------------------------------------------------------");
	PrintAndLog("  Hardware Information");
	PrintAndLog("      Vendor Id      : %s", GetVendorStr(resp.d.asBytes[7]));
	PrintAndLog("      Type           : 0x%02X",resp.d.asBytes[8]);
	PrintAndLog("      Subtype        : 0x%02X",resp.d.asBytes[9]);
	PrintAndLog("      Version        : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]);
	PrintAndLog("      Storage size   : %s",GetCardSizeStr(resp.d.asBytes[12]));
	PrintAndLog("      Protocol       : %s",GetProtocolStr(resp.d.asBytes[13]));
	PrintAndLog("-------------------------------------------------------------");
	PrintAndLog("  Software Information");
	PrintAndLog("      Vendor Id      : %s",GetVendorStr(resp.d.asBytes[14]));
	PrintAndLog("      Type           : 0x%02X",resp.d.asBytes[15]);
	PrintAndLog("      Subtype        : 0x%02X",resp.d.asBytes[16]);
	PrintAndLog("      Version        : %d.%d",resp.d.asBytes[17], resp.d.asBytes[18]);
	PrintAndLog("      storage size   : %s", GetCardSizeStr(resp.d.asBytes[19]));
	PrintAndLog("      Protocol       : %s", GetProtocolStr(resp.d.asBytes[20]));
	PrintAndLog("-------------------------------------------------------------");
	
	
	UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
	c1.d.asBytes[0] = GET_KEY_SETTINGS;
    SendCommand(&c1);
	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
		return 0;
	}  
	
	PrintAndLog("  Master Key settings");
	if (  resp.d.asBytes[3] & (1 << 3 ) )
		PrintAndLog("     0x08 Configuration changeable;");
	else
		PrintAndLog("     0x08 Configuration NOT changeable;");

	if (  resp.d.asBytes[3] & (1 << 2 ) )
		PrintAndLog("     0x04 PICC Master Key not required for create / delete;");
	else 
		PrintAndLog("     0x04 PICC Master Key required for create / delete;");

	if (  resp.d.asBytes[3] & (1 << 1 ) )
		PrintAndLog("     0x02 Free directory list access without PICC Master Key;");
	else
		PrintAndLog("     0x02 Directory list access with PICC Master Key;");
	
	if (  resp.d.asBytes[3] & (1 << 0 ) )
		PrintAndLog("     0x01 Allow changing the Master Key;");
	else
		PrintAndLog("     0x01 Master Key is not changeable anymore;");
	
	//                                      init   len
	UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x01, 0x02 }};
    c2.d.asBytes[0] = GET_KEY_VERSION;
	c2.d.asBytes[1] = 0x00;
	SendCommand(&c2);
	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
		return 0;
	}
	
	PrintAndLog("");
	PrintAndLog("     Max number of keys  : %d", resp.d.asBytes[2]);
	PrintAndLog("     Master key Version  : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
	PrintAndLog("-------------------------------------------------------------");
	

	UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
	c3.d.asBytes[0] = GET_FREE_MEMORY;
    SendCommand(&c3);
	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
		return 0;
	}  
	
	uint8_t tmp[3];
	memcpy(tmp, resp.d.asBytes+3,3); 

	PrintAndLog("     Free memory on card : %d bytes", le24toh( tmp ));
	PrintAndLog("-------------------------------------------------------------");
	/*
		Card Master key (CMK)  0x00 on AID = 00 00 00 (card level)
		0x1
		
		Application Master Key (AMK) 0x00 on AID != 00 00 00
		Application keys (APK) = 0x01-0x0D
		Application free = 0x0E
		Application never = 0x0F
		
		ACCESS RIGHTS:
		keys 0,1,2,3     C
		keys 4,5,6,7     RW
		keys 8,9,10,11   W
		keys 12,13,14,15 R
		
		KEY Versioning.
			Se GetKeyVersion (samma nyckel kan ha olika versionen?)
			
		Session key:
			16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7)
			8  : RndA(byte0-byte3) + RndB(byte0-byte3) 
			
			AES 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte12-byte15) + RndB(byte12-byte15)
	*/
	
    return 1;
}

char * GetVendorStr( uint8_t id){
 	static char buf[30];
	char *retStr = buf;
	
	if ( id == 0x04 )
		sprintf(retStr, "0x%02X (NXP)",id);
	else 
		sprintf(retStr,"0x%02X (Unknown)",id);
	return buf;
}

/*
  The 7 MSBits (= n) code the storage size itself based on 2^n, 
  the LSBit is set to '0' if the size is exactly 2^n
	and set to '1' if the storage size is between 2^n and 2^(n+1). 
	For this version of DESFire the 7 MSBits are set to 0x0C (2^12 = 4096) and the LSBit is '0'.
*/
char * GetCardSizeStr( uint8_t fsize ){
 
 	static char buf[30];
	char *retStr = buf;

	uint16_t usize = 1 << ((fsize >>1) + 1);
	uint16_t lsize = 1 << (fsize >>1);
	
	// is  LSB set?
	if (  fsize & (1 << 0 ) )
		sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
	else 
		sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);		
	return buf;
}

char * GetProtocolStr(uint8_t id){

 	static char buf[30];
	char *retStr = buf;

	if ( id == 0x05)
		sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
	else
		sprintf(retStr,"0x%02X", id);	
	return buf;
}

int CmdHF14ADesEnumApplications(const char *Cmd){
	return 1;
}

int CmdHF14ADesNonces(const char *Cmd){
	return 1;
}

//
// MIAFRE DesFire Authentication
//
#define BUFSIZE 64 
int CmdHF14ADesAuth(const char *Cmd){
    
	// NR  DESC		KEYLENGHT
	// ------------------------
	// 1 = DES		8
	// 2 = 3DES		16
	// 3 = 3K 3DES	24
	// 4 = AES		16
	
	// AUTHENTICTION MODES:
	// 1 Normal
	// 2 ISO
	// 3 AES
	
	uint8_t keylength = 8;
	//unsigned char testinput[] = { 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00};
	unsigned char key[24]; // =       { 0x75,0x28,0x78,0x39,0x74,0x93,0xCB,0x70};	
	
    if (strlen(Cmd)<3) {
        PrintAndLog("Usage:  hf mfdes auth <1|2|3> <1|2|3|4> <keyno> <key> ");
		PrintAndLog("		    AUTH modes 1 = normal, 2 = iso, 3 = aes");
		PrintAndLog("		    Crypto: 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
		PrintAndLog("		    keynumber");
        PrintAndLog("        sample: hf mfdes auth 1 1 0 11223344");
        return 0;
    } 
	uint8_t cmdAuthMode	= param_get8(Cmd,0);
	uint8_t cmdAuthAlgo	= param_get8(Cmd,1);
	uint8_t cmdKeyNo	= param_get8(Cmd,2);
	
	switch (cmdAuthMode)
	{
		case 1: 
			if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2) {
				PrintAndLog("Crypto algo not valid for the auth mode");
				return 1;
			}
			break;
		case 2:
			if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2 && cmdAuthAlgo != 3) {
				PrintAndLog("Crypto algo not valid for the auth mode");
				return 1;
			}
			break;
		case 3:
			if ( cmdAuthAlgo != 4) {
				PrintAndLog("Crypto algo not valid for the auth mode");
				return 1;
			}
			break;
		default:
			PrintAndLog("Wrong Auth mode");
			return 1;
			break;
	}
	
	switch (cmdAuthAlgo){
		case 2: 
			keylength = 16;
			PrintAndLog("3DES selected");
			break;
		case 3: 
			keylength = 24;
			PrintAndLog("3 key 3DES selected");
			break;
		case 4:
			keylength = 16;
			PrintAndLog("AES selected");
			break;
		default:
			cmdAuthAlgo = 1;
			keylength = 8;
			PrintAndLog("DES selected");
			break;
	}

	// key
	if (param_gethex(Cmd, 3, key, keylength*2)) {
		PrintAndLog("Key must include %d HEX symbols", keylength);
		return 1;
	}
Commit	Line	Data
f38a1528	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2014 Iceman
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// High frequency MIFARE Desfire commands
	9	//-----------------------------------------------------------------------------
	10
	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
	14	#include <ctype.h>
	15	#include <openssl/des.h>
	16	#include "cmdmain.h"
	17	#include "proxmark3.h"
	18	#include "../include/common.h"
	19	#include "../include/mifare.h"
	20	#include "../common/iso14443crc.h"
	21	#include "data.h"
	22	#include "ui.h"
	23	#include "cmdparser.h"
	24	#include "util.h"
	25	#include "cmdhfmfdes.h"
	26
	27
	28	uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
	29	uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
	30	uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
	31
	32
	33	static int CmdHelp(const char *Cmd);
	34	static void xor(unsigned char * dst, unsigned char * src, size_t len);
	35	static int32_t le24toh (uint8_t data[3]);
	36
	37
	38	int CmdHF14ADesWb(const char *Cmd)
	39	{
	40	/* uint8_t blockNo = 0;
	41	uint8_t keyType = 0;
	42	uint8_t key[6] = {0, 0, 0, 0, 0, 0};
	43	uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
	44
	45	char cmdp = 0x00;
	46
	47	if (strlen(Cmd)<3) {
	48	PrintAndLog("Usage: hf mf wrbl <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");
	49	PrintAndLog(" sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");
	50	return 0;
	51	}
	52
	53	blockNo = param_get8(Cmd, 0);
	54	cmdp = param_getchar(Cmd, 1);
	55	if (cmdp == 0x00) {
	56	PrintAndLog("Key type must be A or B");
	57	return 1;
	58	}
	59	if (cmdp != 'A' && cmdp != 'a') keyType = 1;
	60	if (param_gethex(Cmd, 2, key, 12)) {
	61	PrintAndLog("Key must include 12 HEX symbols");
	62	return 1;
	63	}
	64	if (param_gethex(Cmd, 3, bldata, 32)) {
65	PrintAndLog("Block data must include 32 HEX symbols");
66	return 1;
67	}
68	PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6));
69	PrintAndLog("--data: %s", sprint_hex(bldata, 16));
70
71	UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
72	memcpy(c.d.asBytes, key, 6);
73	memcpy(c.d.asBytes + 10, bldata, 16);
74	SendCommand(&c);
75
76	UsbCommand resp;
77	if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
78	uint8_t isOK = resp.arg[0] & 0xff;
79	PrintAndLog("isOk:%02x", isOK);
80	} else {
81	PrintAndLog("Command execute timeout");
82	}
83	*/
84	return 0;
85	}
86
87	int CmdHF14ADesRb(const char *Cmd)
88	{
89	// uint8_t blockNo = 0;
90	// uint8_t keyType = 0;
91	// uint8_t key[6] = {0, 0, 0, 0, 0, 0};
92
93	// char cmdp = 0x00;
94
95
96	// if (strlen(Cmd)<3) {
97	// PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");
98	// PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");
99	// return 0;
100	// }
101
102	// blockNo = param_get8(Cmd, 0);
103	// cmdp = param_getchar(Cmd, 1);
104	// if (cmdp == 0x00) {
105	// PrintAndLog("Key type must be A or B");
106	// return 1;
107	// }
108	// if (cmdp != 'A' && cmdp != 'a') keyType = 1;
109	// if (param_gethex(Cmd, 2, key, 12)) {
110	// PrintAndLog("Key must include 12 HEX symbols");
111	// return 1;
112	// }
113	// PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6));
114
115	// UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
116	// memcpy(c.d.asBytes, key, 6);
117	// SendCommand(&c);
118
119	// UsbCommand resp;
120	// if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
121	// uint8_t isOK = resp.arg[0] & 0xff;
122	// uint8_t * data = resp.d.asBytes;
123
124	// if (isOK)
125	// PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));
126	// else
127	// PrintAndLog("isOk:%02x", isOK);
128	// } else {
129	// PrintAndLog("Command execute timeout");
130	// }
131
132	return 0;
133	}
134
135	int CmdHF14ADesInfo(const char *Cmd){
136
313ee67e	137	UsbCommand c = {CMD_MIFARE_DESFIRE_INFO};
f38a1528	138	SendCommand(&c);
	139	UsbCommand resp;
	140
313ee67e	141	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
f38a1528	142	PrintAndLog("Command execute timeout");
f38a1528	143	return 0;
313ee67e	144	}
	145	uint8_t isOK = resp.arg[0] & 0xff;
	146	if ( !isOK ){
	147	PrintAndLog("Command unsuccessfull");
	148	return 0;
f38a1528	149	}
	150
	151	PrintAndLog("---Desfire Information---------------------------------------");
	152	PrintAndLog("-------------------------------------------------------------");
	153	PrintAndLog(" UID : %s",sprint_hex(resp.d.asBytes, 7));
	154	PrintAndLog(" Batch number : %s",sprint_hex(resp.d.asBytes+28,5));
	155	PrintAndLog(" Production date : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]);
	156	PrintAndLog("-------------------------------------------------------------");
	157	PrintAndLog(" Hardware Information");
	158	PrintAndLog(" Vendor Id : %s", GetVendorStr(resp.d.asBytes[7]));
	159	PrintAndLog(" Type : 0x%02X",resp.d.asBytes[8]);
	160	PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[9]);
	161	PrintAndLog(" Version : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]);
	162	PrintAndLog(" Storage size : %s",GetCardSizeStr(resp.d.asBytes[12]));
	163	PrintAndLog(" Protocol : %s",GetProtocolStr(resp.d.asBytes[13]));
	164	PrintAndLog("-------------------------------------------------------------");
	165	PrintAndLog(" Software Information");
	166	PrintAndLog(" Vendor Id : %s",GetVendorStr(resp.d.asBytes[14]));
	167	PrintAndLog(" Type : 0x%02X",resp.d.asBytes[15]);
	168	PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[16]);
	169	PrintAndLog(" Version : %d.%d",resp.d.asBytes[17], resp.d.asBytes[18]);
	170	PrintAndLog(" storage size : %s", GetCardSizeStr(resp.d.asBytes[19]));
	171	PrintAndLog(" Protocol : %s", GetProtocolStr(resp.d.asBytes[20]));
	172	PrintAndLog("-------------------------------------------------------------");
	173
313ee67e	174
	175	UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
	176	c1.d.asBytes[0] = GET_KEY_SETTINGS;
	177	SendCommand(&c1);
	178	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
	179	return 0;
	180	}
	181
f38a1528	182	PrintAndLog(" Master Key settings");
313ee67e	183	if ( resp.d.asBytes[3] & (1 << 3 ) )
f38a1528	184	PrintAndLog(" 0x08 Configuration changeable;");
	185	else
	186	PrintAndLog(" 0x08 Configuration NOT changeable;");
	187
313ee67e	188	if ( resp.d.asBytes[3] & (1 << 2 ) )
f38a1528	189	PrintAndLog(" 0x04 PICC Master Key not required for create / delete;");
	190	else
	191	PrintAndLog(" 0x04 PICC Master Key required for create / delete;");
	192
313ee67e	193	if ( resp.d.asBytes[3] & (1 << 1 ) )
f38a1528	194	PrintAndLog(" 0x02 Free directory list access without PICC Master Key;");
	195	else
	196	PrintAndLog(" 0x02 Directory list access with PICC Master Key;");
	197
313ee67e	198	if ( resp.d.asBytes[3] & (1 << 0 ) )
f38a1528	199	PrintAndLog(" 0x01 Allow changing the Master Key;");
	200	else
	201	PrintAndLog(" 0x01 Master Key is not changeable anymore;");
	202
313ee67e	203	// init len
	204	UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x01, 0x02 }};
	205	c2.d.asBytes[0] = GET_KEY_VERSION;
	206	c2.d.asBytes[1] = 0x00;
	207	SendCommand(&c2);
	208	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
	209	return 0;
	210	}
	211
	212	PrintAndLog("");
	213	PrintAndLog(" Max number of keys : %d", resp.d.asBytes[2]);
	214	PrintAndLog(" Master key Version : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
f38a1528	215	PrintAndLog("-------------------------------------------------------------");
f38a1528	216
313ee67e	217
	218	UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
	219	c3.d.asBytes[0] = GET_FREE_MEMORY;
	220	SendCommand(&c3);
	221	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
	222	return 0;
	223	}
	224
f38a1528	225	uint8_t tmp[3];
313ee67e	226	memcpy(tmp, resp.d.asBytes+3,3);
f38a1528	227
	228	PrintAndLog(" Free memory on card : %d bytes", le24toh( tmp ));
	229	PrintAndLog("-------------------------------------------------------------");
	230	/*
	231	Card Master key (CMK) 0x00 on AID = 00 00 00 (card level)
	232	0x1
	233
	234	Application Master Key (AMK) 0x00 on AID != 00 00 00
	235	Application keys (APK) = 0x01-0x0D
	236	Application free = 0x0E
	237	Application never = 0x0F
	238
	239	ACCESS RIGHTS:
	240	keys 0,1,2,3 C
	241	keys 4,5,6,7 RW
	242	keys 8,9,10,11 W
	243	keys 12,13,14,15 R
	244
	245	KEY Versioning.
	246	Se GetKeyVersion (samma nyckel kan ha olika versionen?)
	247
	248	Session key:
	249	16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7)
	250	8 : RndA(byte0-byte3) + RndB(byte0-byte3)
	251
	252	AES 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte12-byte15) + RndB(byte12-byte15)
	253	*/
	254
f38a1528	255	return 1;
	256	}
	257
	258	char * GetVendorStr( uint8_t id){
	259	static char buf[30];
	260	char *retStr = buf;
	261
	262	if ( id == 0x04 )
	263	sprintf(retStr, "0x%02X (NXP)",id);
	264	else
	265	sprintf(retStr,"0x%02X (Unknown)",id);
	266	return buf;
	267	}
	268
	269	/*
	270	The 7 MSBits (= n) code the storage size itself based on 2^n,
	271	the LSBit is set to '0' if the size is exactly 2^n
	272	and set to '1' if the storage size is between 2^n and 2^(n+1).
	273	For this version of DESFire the 7 MSBits are set to 0x0C (2^12 = 4096) and the LSBit is '0'.
	274	*/
	275	char * GetCardSizeStr( uint8_t fsize ){
	276
	277	static char buf[30];
	278	char *retStr = buf;
	279
	280	uint16_t usize = 1 << ((fsize >>1) + 1);
	281	uint16_t lsize = 1 << (fsize >>1);
	282
	283	// is LSB set?
	284	if ( fsize & (1 << 0 ) )
	285	sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
	286	else
	287	sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);
	288	return buf;
	289	}
	290
	291	char * GetProtocolStr(uint8_t id){
	292
	293	static char buf[30];
	294	char *retStr = buf;
	295
	296	if ( id == 0x05)
	297	sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
	298	else
	299	sprintf(retStr,"0x%02X", id);
	300	return buf;
	301	}
	302
	303	int CmdHF14ADesEnumApplications(const char *Cmd){
	304	return 1;
	305	}
	306
	307	int CmdHF14ADesNonces(const char *Cmd){
	308	return 1;
	309	}
	310
	311	//
	312	// MIAFRE DesFire Authentication
	313	//
	314	#define BUFSIZE 64
	315	int CmdHF14ADesAuth(const char *Cmd){
	316
	317	// NR DESC KEYLENGHT
	318	// ------------------------
319	// 1 = DES 8
320	// 2 = 3DES 16
321	// 3 = 3K 3DES 24
322	// 4 = AES 16
323
324	// AUTHENTICTION MODES:
325	// 1 Normal
326	// 2 ISO
327	// 3 AES
328
329	uint8_t keylength = 8;
330	//unsigned char testinput[] = { 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00};
331	unsigned char key[24]; // = { 0x75,0x28,0x78,0x39,0x74,0x93,0xCB,0x70};
332
333	if (strlen(Cmd)<3) {
334	PrintAndLog("Usage: hf mfdes auth <1\|2\|3> <1\|2\|3\|4> <keyno> <key> ");
335	PrintAndLog(" AUTH modes 1 = normal, 2 = iso, 3 = aes");
336	PrintAndLog(" Crypto: 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
337	PrintAndLog(" keynumber");
338	PrintAndLog(" sample: hf mfdes auth 1 1 0 11223344");
339	return 0;
340	}
341	uint8_t cmdAuthMode = param_get8(Cmd,0);
342	uint8_t cmdAuthAlgo = param_get8(Cmd,1);
343	uint8_t cmdKeyNo = param_get8(Cmd,2);
344
345	switch (cmdAuthMode)
346	{
347	case 1:
348	if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2) {
349	PrintAndLog("Crypto algo not valid for the auth mode");
350	return 1;
351	}
352	break;
353	case 2:
354	if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2 && cmdAuthAlgo != 3) {
355	PrintAndLog("Crypto algo not valid for the auth mode");
356	return 1;
357	}
358	break;
359	case 3:
360	if ( cmdAuthAlgo != 4) {
361	PrintAndLog("Crypto algo not valid for the auth mode");
362	return 1;
363	}
364	break;
365	default:
366	PrintAndLog("Wrong Auth mode");
367	return 1;
368	break;
369	}
370
371	switch (cmdAuthAlgo){
372	case 2:
373	keylength = 16;
374	PrintAndLog("3DES selected");
375	break;
376	case 3:
377	keylength = 24;
378	PrintAndLog("3 key 3DES selected");
379	break;
380	case 4:
381	keylength = 16;
382	PrintAndLog("AES selected");
383	break;
384	default:
385	cmdAuthAlgo = 1;
386	keylength = 8;
387	PrintAndLog("DES selected");
388	break;
389	}
390
391	// key
392	if (param_gethex(Cmd, 3, key, keylength*2)) {
393	PrintAndLog("Key must include %d HEX symbols", keylength);
394	return 1;
395	}
396