1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2012 Frederik Möllers
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Commands related to the German electronic Identification Card
9 //-----------------------------------------------------------------------------
19 #include "util_posix.h"
22 #include "cmdparser.h"
26 static int CmdHelp(const char *Cmd
);
28 // Perform (part of) the PACE protocol
29 int CmdHFEPACollectPACENonces(const char *Cmd
)
31 // requested nonce size
33 // requested number of Nonces
35 // delay between requests
38 sscanf(Cmd
, "%u %u %u", &m
, &n
, &d
);
40 // values are expected to be > 0
44 PrintAndLog("Collecting %u %u-byte nonces", n
, m
);
45 PrintAndLog("Start: %" PRIu64
, msclock()/1000);
47 for (unsigned int i
= 0; i
< n
; i
++) {
49 UsbCommand c
= {CMD_EPA_PACE_COLLECT_NONCE
, {(int)m
, 0, 0}};
53 WaitForResponse(CMD_ACK
,&resp
);
55 // check if command failed
56 if (resp
.arg
[0] != 0) {
57 PrintAndLog("Error in step %d, Return code: %d",resp
.arg
[0],(int)resp
.arg
[1]);
59 size_t nonce_length
= resp
.arg
[1];
60 char *nonce
= (char *) malloc(2 * nonce_length
+ 1);
61 for(int j
= 0; j
< nonce_length
; j
++) {
62 sprintf(nonce
+ (2 * j
), "%02X", resp
.d
.asBytes
[j
]);
65 PrintAndLog("Length: %d, Nonce: %s", nonce_length
, nonce
);
72 PrintAndLog("End: %" PRIu64
, msclock()/1000);
77 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
78 ////////////////////////////////The commands lie below here/////////////////////////////////////////////////////////////////////////////////////////
80 // perform the PACE protocol by replaying APDUs
81 int CmdHFEPAPACEReplay(const char *Cmd
)
83 // the 4 APDUs which are replayed + their lengths
84 uint8_t msesa_apdu
[41], gn_apdu
[8], map_apdu
[75];
85 uint8_t pka_apdu
[75], ma_apdu
[18], apdu_lengths
[5] = {0};
86 // pointers to the arrays to be able to iterate
87 uint8_t *apdus
[] = {msesa_apdu
, gn_apdu
, map_apdu
, pka_apdu
, ma_apdu
};
90 static const char *usage_msg
=
91 "Please specify 5 APDUs separated by spaces. "
92 "Example:\n preplay 0022C1A4 1068000000 1086000002 1234ABCDEF 1A2B3C4D";
97 int skip
= 0, skip_add
= 0, scan_return
= 0;
99 for (int i
= 0; i
< sizeof(apdu_lengths
); i
++) {
100 // scan to next space or end of string
101 while (Cmd
[skip
] != ' ' && Cmd
[skip
] != '\0') {
103 scan_return
= sscanf(Cmd
+ skip
, "%2X%n",
104 (unsigned int *) (apdus
[i
] + apdu_lengths
[i
]),
106 if (scan_return
< 1) {
107 PrintAndLog((char *)usage_msg
);
108 PrintAndLog("Not enough APDUs! Try again!");
116 if (Cmd
[skip
] == '\0') {
117 if (i
< sizeof(apdu_lengths
) - 1) {
119 PrintAndLog((char *)usage_msg
);
128 // transfer the APDUs to the Proxmark
130 usb_cmd
.cmd
= CMD_EPA_PACE_REPLAY
;
131 for (int i
= 0; i
< sizeof(apdu_lengths
); i
++) {
133 usb_cmd
.arg
[0] = i
+ 1;
134 // transfer the APDU in several parts if necessary
135 for (int j
= 0; j
* sizeof(usb_cmd
.d
.asBytes
) < apdu_lengths
[i
]; j
++) {
136 // offset into the APDU
137 usb_cmd
.arg
[1] = j
* sizeof(usb_cmd
.d
.asBytes
);
138 // amount of data in this packet
139 int packet_length
= apdu_lengths
[i
] - (j
* sizeof(usb_cmd
.d
.asBytes
));
140 if (packet_length
> sizeof(usb_cmd
.d
.asBytes
)) {
141 packet_length
= sizeof(usb_cmd
.d
.asBytes
);
143 usb_cmd
.arg
[2] = packet_length
;
145 memcpy(usb_cmd
.d
.asBytes
, // + (j * sizeof(usb_cmd.d.asBytes)),
146 apdus
[i
] + (j
* sizeof(usb_cmd
.d
.asBytes
)),
148 SendCommand(&usb_cmd
);
149 WaitForResponse(CMD_ACK
, &resp
);
150 if (resp
.arg
[0] != 0) {
151 PrintAndLog("Transfer of APDU #%d Part %d failed!", i
, j
);
157 // now perform the replay
159 SendCommand(&usb_cmd
);
160 WaitForResponse(CMD_ACK
, &resp
);
161 if (resp
.arg
[0] != 0) {
162 PrintAndLog("\nPACE replay failed in step %u!", (uint32_t)resp
.arg
[0]);
163 PrintAndLog("Measured times:");
164 PrintAndLog("MSE Set AT: %u us", resp
.d
.asDwords
[0]);
165 PrintAndLog("GA Get Nonce: %u us", resp
.d
.asDwords
[1]);
166 PrintAndLog("GA Map Nonce: %u us", resp
.d
.asDwords
[2]);
167 PrintAndLog("GA Perform Key Agreement: %u us", resp
.d
.asDwords
[3]);
168 PrintAndLog("GA Mutual Authenticate: %u us", resp
.d
.asDwords
[4]);
170 PrintAndLog("PACE replay successfull!");
171 PrintAndLog("MSE Set AT: %u us", resp
.d
.asDwords
[0]);
172 PrintAndLog("GA Get Nonce: %u us", resp
.d
.asDwords
[1]);
173 PrintAndLog("GA Map Nonce: %u us", resp
.d
.asDwords
[2]);
174 PrintAndLog("GA Perform Key Agreement: %u us", resp
.d
.asDwords
[3]);
175 PrintAndLog("GA Mutual Authenticate: %u us", resp
.d
.asDwords
[4]);
182 ////////////////////////////////The new commands lie above here/////////////////////////////////////////////////////////////////////////////////////
183 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
187 static const command_t CommandTable
[] =
189 {"help", CmdHelp
, 1, "This help"},
190 {"cnonces", CmdHFEPACollectPACENonces
, 0,
191 "<m> <n> <d> Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses"},
192 {"preplay", CmdHFEPAPACEReplay
, 0,
193 "<mse> <get> <map> <pka> <ma> Perform PACE protocol by replaying given APDUs"},
194 {NULL
, NULL
, 0, NULL
}
197 int CmdHelp(const char *Cmd
)
199 CmdsHelp(CommandTable
);
203 int CmdHFEPA(const char *Cmd
)
205 (void)WaitForResponseTimeout(CMD_ACK
,NULL
,100);
206 CmdsParse(CommandTable
, Cmd
);