]> git.zerfleddert.de Git - proxmark3-svn/commitdiff
Basic support for EAC documents (e.g. German Identification Card)
authorfrederikmoellers@aol.de <frederikmoellers@aol.de@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Tue, 28 Aug 2012 21:39:50 +0000 (21:39 +0000)
committerfrederikmoellers@aol.de <frederikmoellers@aol.de@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Tue, 28 Aug 2012 21:39:50 +0000 (21:39 +0000)
-new files armsrc/epa.[ch] for ePA (electronic "Personalausweis") related functions
    -Offers elementary functions (EPA_PACE_MSE_Set_AT etc.)
    -Also offers one new USB command: EPA_PACE_Collect_Nonce
-created new command subtree in client: client/hfepa.[ch] ("hf epa")
    -offers "hf epa cnonces" (collect encrypted PACE nonces)
-more to come

armsrc/Makefile
armsrc/appmain.c
armsrc/apps.h
armsrc/epa.c [new file with mode: 0644]
armsrc/epa.h [new file with mode: 0644]
client/Makefile
client/cmdhf.c
client/cmdhf14a.c
client/cmdhfepa.c [new file with mode: 0644]
client/cmdhfepa.h [new file with mode: 0644]
include/usb_cmd.h

index 249cf5a9e836a40509af1f62e0f5021d653a21c8..e2d71324728c85384804054f5d9f245dfbfc4adc 100644 (file)
@@ -16,7 +16,7 @@ APP_CFLAGS    = -O2 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DW
 #SRC_LCD = fonts.c LCD.c
 SRC_LF = lfops.c hitag2.c
 SRC_ISO15693 = iso15693.c iso15693tools.c 
-SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
+SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
 SRC_ISO14443b = iso14443.c
 SRC_CRAPTO1 = crapto1.c crypto1.c
 
index 7830265fa253e6c87cd2c84f76beaa2cacd9c6bc..d354486145b4accf72ff97debb6064a4fa3bebc8 100644 (file)
@@ -714,6 +714,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_SIMULATE_TAG_ISO_14443a:
                        SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2]);  // ## Simulate iso14443a tag - pass tag type & UID
                        break;
+               case CMD_EPA_PACE_COLLECT_NONCE:
+                       EPA_PACE_Collect_Nonce(c, &ack);
+                       break;
                        
                case CMD_READER_MIFARE:
                        ReaderMifare(c->arg[0]);
index 4c218d0ff4d2efbbbdef2c711ea4f7a6ca5406d4..6e98311a1c441ad3d51cf65987740cb05be921a1 100644 (file)
@@ -143,6 +143,9 @@ void iso14a_clear_tracelen(void);
 void iso14a_set_tracing(int enable);
 void RAMFUNC SniffMifare(uint8_t param);
 
+/// epa.h
+void EPA_PACE_Collect_Nonce(UsbCommand * c, UsbCommand * ack);
+
 // mifarecmd.h
 void ReaderMifare(uint32_t parameter);
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
diff --git a/armsrc/epa.c b/armsrc/epa.c
new file mode 100644 (file)
index 0000000..8ab4311
--- /dev/null
@@ -0,0 +1,441 @@
+//-----------------------------------------------------------------------------
+// Frederik Möllers - August 2012
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Routines to support the German eletronic "Personalausweis" (ID card)
+// Note that the functions which do not implement USB commands do NOT initialize
+// the card (with iso14443a_select_card etc.). If You want to use these
+// functions, You need to do the setup before calling them!
+//-----------------------------------------------------------------------------
+
+#include "iso14443a.h"
+
+#include "epa.h"
+
+// Protocol and Parameter Selection Request
+// use regular (1x) speed in both directions
+// CRC is already included
+static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
+
+// APDUs for communication with German Identification Card
+
+// General Authenticate (request encrypted nonce) WITHOUT the Le at the end
+static const uint8_t apdu_general_authenticate_pace_get_nonce[] = {
+       0x10, // CLA
+       0x86, // INS
+       0x00, // P1
+       0x00, // P2
+       0x02, // Lc
+       0x7C, // Type: Dynamic Authentication Data
+       0x00, // Length: 0 bytes
+};
+
+// MSE: Set AT (only CLA, INS, P1 and P2)
+static const uint8_t apdu_mse_set_at_start[] = {
+       0x00, // CLA
+       0x22, // INS
+       0xC1, // P1
+       0xA4, // P2
+};
+
+// SELECT BINARY with the ID for EF.CardAccess
+static const uint8_t apdu_select_binary_cardaccess[] = {
+       0x00, // CLA
+       0xA4, // INS
+       0x02, // P1
+       0x0C, // P2
+       0x02, // Lc
+       0x01, // ID
+       0x1C  // ID
+};
+
+// READ BINARY
+static const uint8_t apdu_read_binary[] = {
+       0x00, // CLA
+       0xB0, // INS
+       0x00, // P1
+       0x00, // P2
+       0x38  // Le
+};
+
+
+// the leading bytes of a PACE OID
+static const uint8_t oid_pace_start[] = {
+    0x04, // itu-t, identified-organization
+    0x00, // etsi
+    0x7F, // reserved
+    0x00, // etsi-identified-organization
+    0x07, // bsi-de
+    0x02, // protocols
+    0x02, // smartcard
+    0x04 // id-PACE
+};
+
+//-----------------------------------------------------------------------------
+// Closes the communication channel and turns off the field
+//-----------------------------------------------------------------------------
+void EPA_Finish()
+{
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+       LEDsoff();
+}
+
+//-----------------------------------------------------------------------------
+// Parses DER encoded data, e.g. from EF.CardAccess and fills out the given
+// structs. If a pointer is 0, it is ignored.
+// The function returns 0 on success and if an error occured, it returns the
+// offset where it occured.
+//
+// TODO: This function can access memory outside of the given data if the DER
+//       encoding is broken
+// TODO: Support skipping elements with a length > 0x7F
+// TODO: Support OIDs with a length > 7F
+// TODO: Support elements with long tags (tag is longer than 1 byte)
+// TODO: Support proprietary PACE domain parameters
+//-----------------------------------------------------------------------------
+size_t EPA_Parse_CardAccess(uint8_t *data,
+                            size_t length,
+                            pace_version_info_t *pace_info)
+{
+       size_t index = 0;
+       
+       while (index <= length - 2) {
+               // determine type of element
+               // SET or SEQUENCE
+               if (data[index] == 0x31 || data[index] == 0x30) {
+                       // enter the set (skip tag + length)
+                       index += 2;
+                       // extended length
+                       if ((data[index - 1] & 0x80) != 0) {
+                               index += (data[index] & 0x7F);
+                       }
+               }
+               // OID
+               else if (data[index] == 0x06) {
+                       // is this a PACE OID?
+                       if (data[index + 1] == 0x0A // length matches
+                           && memcmp(data + index + 2,
+                                     oid_pace_start,
+                                     sizeof(oid_pace_start)) == 0 // content matches
+                           && pace_info != NULL)
+                       {
+                               // first, clear the pace_info struct
+                               memset(pace_info, 0, sizeof(pace_version_info_t));
+                               memcpy(pace_info->oid, data + index + 2, sizeof(pace_info->oid));
+                               // a PACE OID is followed by the version
+                               index += data[index + 1] + 2;
+                               if (data[index] == 02 && data[index + 1] == 01) {
+                                       pace_info->version = data[index + 2];
+                                       index += 3;
+                               }
+                               else {
+                                       return index;
+                               }
+                               // after that there might(!) be the parameter ID
+                               if (data[index] == 02 && data[index + 1] == 01) {
+                                       pace_info->parameter_id = data[index + 2];
+                                       index += 3;
+                               }
+                       }
+                       else {
+                               // skip this OID
+                               index += 2 + data[index + 1];
+                       }
+               }
+               // if the length is 0, something is wrong
+               // TODO: This needs to be extended to support long tags
+               else if (data[index + 1] == 0) {
+                       return index;
+               }
+               else {
+                       // skip this part
+                       // TODO: This needs to be extended to support long tags
+                       // TODO: This needs to be extended to support unknown elements with
+                       //       a size > 0x7F
+                       index += 2 + data[index + 1];
+               }
+       }
+       
+       // TODO: We should check whether we reached the end in error, but for that
+       //       we need a better parser (e.g. with states like IN_SET or IN_PACE_INFO)
+       return 0;
+}
+
+//-----------------------------------------------------------------------------
+// Read the file EF.CardAccess and save it into a buffer (at most max_length bytes)
+// Returns -1 on failure or the length of the data on success
+// TODO: for the moment this sends only 1 APDU regardless of the requested length
+//-----------------------------------------------------------------------------
+int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
+{
+       // the response APDU of the card
+       // since the card doesn't always care for the expected length we send it,
+       // we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame)
+       uint8_t response_apdu[262];
+       int rapdu_length = 0;
+       
+       // select the file EF.CardAccess
+       rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
+                                 sizeof(apdu_select_binary_cardaccess),
+                                 response_apdu);
+       if (rapdu_length != 6
+           || response_apdu[rapdu_length - 4] != 0x90
+           || response_apdu[rapdu_length - 3] != 0x00)
+       {
+               return -1;
+       }
+       
+       // read the file
+       rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
+                                 sizeof(apdu_read_binary),
+                                 response_apdu);
+       if (rapdu_length <= 6
+           || response_apdu[rapdu_length - 4] != 0x90
+           || response_apdu[rapdu_length - 3] != 0x00)
+       {
+               return -1;
+       }
+       
+       // copy the content into the buffer
+       // length of data available: apdu_length - 4 (ISO frame) - 2 (SW)
+       size_t to_copy = rapdu_length - 6;
+       to_copy = to_copy < max_length ? to_copy : max_length;
+       memcpy(buffer, response_apdu+2, to_copy);
+       return to_copy;
+}
+
+//-----------------------------------------------------------------------------
+// Abort helper function for EPA_PACE_Collect_Nonce
+// sets relevant data in ack, sends the response
+//-----------------------------------------------------------------------------
+static void EPA_PACE_Collect_Nonce_Abort(UsbCommand *ack, uint8_t step, int func_return)
+{
+       // step in which the failure occured
+       ack->arg[0] = step;
+       // last return code
+       ack->arg[1] = func_return;
+       
+       // send the USB packet
+       UsbSendPacket((void *)ack, sizeof(UsbCommand));
+
+       // power down the field
+       EPA_Finish();
+}
+
+//-----------------------------------------------------------------------------
+// Acquire one encrypted PACE nonce
+//-----------------------------------------------------------------------------
+void EPA_PACE_Collect_Nonce(UsbCommand *c, UsbCommand *ack)
+{
+       /*
+        * ack layout:
+        *      arg:
+        *              1. element
+        *           step where the error occured or 0 if no error occured
+     *       2. element
+     *           return code of the last executed function
+        *      d:
+        *              Encrypted nonce
+        */
+
+       // return value of a function
+       int func_return;
+
+       // initialize ack with 0s
+       memset(ack->arg, 0, 12);
+       memset(ack->d.asBytes, 0, 48);
+       
+       // set up communication
+       func_return = EPA_Setup();
+       if (func_return != 0) {
+               EPA_PACE_Collect_Nonce_Abort(ack, 1, func_return);
+               return;
+       }
+
+       // increase the timeout (at least some cards really do need this!)
+       iso14a_set_timeout(0x0002FFFF);
+       
+       // read the CardAccess file
+       // this array will hold the CardAccess file
+       uint8_t card_access[256] = {0};
+       int card_access_length = EPA_Read_CardAccess(card_access, 256);
+       // the response has to be at least this big to hold the OID
+       if (card_access_length < 18) {
+               EPA_PACE_Collect_Nonce_Abort(ack, 2, card_access_length);
+               return;
+       }
+
+       // this will hold the PACE info of the card
+       pace_version_info_t pace_version_info;
+       // search for the PACE OID
+       func_return = EPA_Parse_CardAccess(card_access,
+                                          card_access_length,
+                                          &pace_version_info);
+       if (func_return != 0 || pace_version_info.version == 0) {
+               EPA_PACE_Collect_Nonce_Abort(ack, 3, func_return);
+               return;
+       }
+       
+       // initiate the PACE protocol
+       // use the CAN for the password since that doesn't change
+       func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2);
+       
+       // now get the nonce
+       uint8_t nonce[256] = {0};
+       uint8_t requested_size = (uint8_t)c->arg[0];
+       func_return = EPA_PACE_Get_Nonce(requested_size, nonce);
+       // check if the command succeeded
+       if (func_return < 0)
+       {
+               EPA_PACE_Collect_Nonce_Abort(ack, 4, func_return);
+               return;
+       }
+       
+       // save received information
+       ack->arg[1] = func_return;
+       memcpy(ack->d.asBytes, nonce, func_return);
+
+       // all done, return
+       EPA_Finish();
+       UsbSendPacket((void *)ack, sizeof(UsbCommand));
+}
+
+//-----------------------------------------------------------------------------
+// Performs the "Get Nonce" step of the PACE protocol and saves the returned
+// nonce. The caller is responsible for allocating enough memory to store the
+// nonce. Note that the returned size might be less or than or greater than the
+// requested size!
+// Returns the actual size of the nonce on success or a less-than-zero error
+// code on failure.
+//-----------------------------------------------------------------------------
+int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
+{
+       // build the APDU
+       uint8_t apdu[sizeof(apdu_general_authenticate_pace_get_nonce) + 1];
+       // copy the constant part
+       memcpy(apdu,
+              apdu_general_authenticate_pace_get_nonce,
+              sizeof(apdu_general_authenticate_pace_get_nonce));
+       // append Le (requested length + 2 due to tag/length taking 2 bytes) in RAPDU
+       apdu[sizeof(apdu_general_authenticate_pace_get_nonce)] = requested_length + 4;
+       
+       // send it
+       uint8_t response_apdu[262];
+       int send_return = iso14_apdu(apdu,
+                                    sizeof(apdu),
+                                    response_apdu);
+       // check if the command succeeded
+       if (send_return < 6
+               || response_apdu[send_return - 4] != 0x90
+               || response_apdu[send_return - 3] != 0x00)
+       {
+               return -1;
+       }
+       
+       // if there is no nonce in the RAPDU, return here
+       if (send_return < 10)
+       {
+               // no error
+               return 0;
+       }
+       // get the actual length of the nonce
+       uint8_t nonce_length = response_apdu[5];
+       if (nonce_length > send_return - 10)
+       {
+               nonce_length = send_return - 10;
+       }
+       // copy the nonce
+       memcpy(nonce, response_apdu + 6, nonce_length);
+       
+       return nonce_length;
+}
+
+//-----------------------------------------------------------------------------
+// Initializes the PACE protocol by performing the "MSE: Set AT" step
+// Returns 0 on success or a non-zero error code on failure
+//-----------------------------------------------------------------------------
+int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
+{
+       // create the MSE: Set AT APDU
+       uint8_t apdu[23];
+       // the minimum length (will be increased as more data is added)
+       size_t apdu_length = 20;
+       // copy the constant part
+       memcpy(apdu,
+              apdu_mse_set_at_start,
+              sizeof(apdu_mse_set_at_start));
+       // type: OID
+       apdu[5] = 0x80;
+       // length of the OID
+       apdu[6] = sizeof(pace_version_info.oid);
+       // copy the OID
+       memcpy(apdu + 7,
+              pace_version_info.oid,
+              sizeof(pace_version_info.oid));
+       // type: password
+       apdu[17] = 0x83;
+       // length: 1
+       apdu[18] = 1;
+       // password
+       apdu[19] = password;
+       // if standardized domain parameters are used, copy the ID
+       if (pace_version_info.parameter_id != 0) {
+               apdu_length += 3;
+               // type: domain parameter
+               apdu[20] = 0x84;
+               // length: 1
+               apdu[21] = 1;
+               // copy the parameter ID
+               apdu[22] = pace_version_info.parameter_id;
+       }
+       // now set Lc to the actual length
+       apdu[4] = apdu_length - 5;
+       // send it
+       uint8_t response_apdu[6];
+       int send_return = iso14_apdu(apdu,
+                                    apdu_length,
+                                    response_apdu);
+       // check if the command succeeded
+       if (send_return != 6
+               || response_apdu[send_return - 4] != 0x90
+               || response_apdu[send_return - 3] != 0x00)
+       {
+               return 1;
+       }
+       return 0;
+}
+
+//-----------------------------------------------------------------------------
+// Set up a communication channel (Card Select, PPS)
+// Returns 0 on success or a non-zero error code on failure
+//-----------------------------------------------------------------------------
+int EPA_Setup()
+{
+       // return code
+       int return_code = 0;
+       // card UID
+       uint8_t uid[8];
+       // card select information
+       iso14a_card_select_t card_select_info;
+       // power up the field
+       iso14443a_setup();
+
+       // select the card
+       return_code = iso14443a_select_card(uid, &card_select_info, NULL);
+       if (return_code != 1) {
+               return 1;
+       }
+
+       // send the PPS request
+       ReaderTransmit((uint8_t *)pps, sizeof(pps));
+       uint8_t pps_response[3];
+       return_code = ReaderReceive(pps_response);
+       if (return_code != 3 || pps_response[0] != 0xD0) {
+               return return_code == 0 ? 2 : return_code;
+       }
+       
+       return 0;
+}
\ No newline at end of file
diff --git a/armsrc/epa.h b/armsrc/epa.h
new file mode 100644 (file)
index 0000000..730652b
--- /dev/null
@@ -0,0 +1,36 @@
+//-----------------------------------------------------------------------------
+// Frederik Möllers - August 2012
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Routines to support the German eletronic "Personalausweis" (ID card)
+//-----------------------------------------------------------------------------
+
+#ifndef __EPA_H
+#define __EPA_H
+
+// this struct is used by EPA_Parse_CardAccess and contains info about the
+// PACE protocol supported by the chip
+typedef struct {
+       uint8_t oid[10];
+       uint8_t version;
+       uint8_t parameter_id;
+} pace_version_info_t;
+
+// note: EPA_PACE_GetNonce is declared in apps.h
+
+// general functions
+void EPA_Finish();
+size_t EPA_Parse_CardAccess(uint8_t *data,
+                            size_t length,
+                            pace_version_info_t *pace_info);
+int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length);
+int EPA_Setup();
+
+// PACE related functions
+int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password);
+int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce);
+
+#endif /* __EPA_H */
\ No newline at end of file
index c76edf522e5b396e856a42f1ce80d6641ba3beac..ff676f4f91557ae0fbb857eb8d04a69785eeabf9 100644 (file)
@@ -56,6 +56,7 @@ CMDSRCS = \
                        cmdhf14a.c \
                        cmdhf14b.c \
                        cmdhf15.c \
+                       cmdhfepa.c \
                        cmdhflegic.c \
                        cmdhficlass.c \
                        cmdhfmf.c \
index 87c819fb9cb502f1cccc8fcf23ebaefbcd1e8546..0ed3de1a8eea43a4ba11a38ad02a7b56ef1b4691 100644 (file)
@@ -17,6 +17,7 @@
 #include "cmdhf14a.h"
 #include "cmdhf14b.h"
 #include "cmdhf15.h"
+#include "cmdhfepa.h"
 #include "cmdhflegic.h"
 #include "cmdhficlass.h"
 #include "cmdhfmf.h"
@@ -36,6 +37,7 @@ static command_t CommandTable[] =
   {"14a",         CmdHF14A,         1, "{ ISO14443A RFIDs... }"},
   {"14b",         CmdHF14B,         1, "{ ISO14443B RFIDs... }"},
   {"15",          CmdHF15,          1, "{ ISO15693 RFIDs... }"},
+  {"epa",         CmdHFEPA,         1, "{ German Identification Card... }"},
   {"legic",       CmdHFLegic,       0, "{ LEGIC RFIDs... }"},
   {"iclass",      CmdHFiClass,      1, "{ ICLASS RFIDs... }"},
   {"mf",               CmdHFMF,                      1, "{ MIFARE RFIDs... }"},
index 372c37877f74e65f852fb63d2e0d8c220bb2a893..4b405d2b1b0d7db24e051bc0291cec26a88ca98a 100644 (file)
@@ -463,12 +463,12 @@ int CmdHF14ASnoop(const char *Cmd) {
 
 static command_t CommandTable[] = 
 {
-  {"help",   CmdHelp,          1, "This help"},
-  {"list",   CmdHF14AList,     0, "List ISO 14443a history"},
-  {"reader", CmdHF14AReader,   0, "Act like an ISO14443 Type A reader"},
-  {"cuids",  CmdHF14ACUIDs,    0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
-  {"sim",    CmdHF14ASim,      0, "<UID> -- Fake ISO 14443a tag"},
-  {"snoop",  CmdHF14ASnoop,    0, "Eavesdrop ISO 14443 Type A"},
+  {"help",   CmdHelp,              1, "This help"},
+  {"list",   CmdHF14AList,         0, "List ISO 14443a history"},
+  {"reader", CmdHF14AReader,       0, "Act like an ISO14443 Type A reader"},
+  {"cuids",  CmdHF14ACUIDs,        0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
+  {"sim",    CmdHF14ASim,          0, "<UID> -- Fake ISO 14443a tag"},
+  {"snoop",  CmdHF14ASnoop,        0, "Eavesdrop ISO 14443 Type A"},
   {NULL, NULL, 0, NULL}
 };
 
diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c
new file mode 100644 (file)
index 0000000..5fcd171
--- /dev/null
@@ -0,0 +1,89 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2012 Frederik Möllers
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Commands related to the German electronic Identification Card
+//-----------------------------------------------------------------------------
+
+#include "util.h"
+#include "proxusb.h"
+#include "ui.h"
+#include "cmdparser.h"
+#include "common.h"
+#include "cmdmain.h"
+
+#include "cmdhfepa.h"
+
+static int CmdHelp(const char *Cmd);
+
+// Perform (part of) the PACE protocol
+int CmdHFEPACollectPACENonces(const char *Cmd)
+{
+       // requested nonce size
+       uint8_t m = 0;
+       // requested number of Nonces
+       unsigned int n = 0;
+       
+       sscanf(Cmd, "%hhu %u", &m, &n);
+       
+       // values are expected to be > 0
+       m = m > 0 ? m : 1;
+       n = n > 0 ? n : 1;
+
+       PrintAndLog("Collecting %u %hhu-byte nonces", n, m);
+       PrintAndLog("Start: %u", time(NULL));
+       // repeat n times
+       for (unsigned int i = 0; i < n; i++) {
+               // execute PACE
+               UsbCommand c = {CMD_EPA_PACE_COLLECT_NONCE, {(int)m, 0, 0}};
+               SendCommand(&c);
+               UsbCommand *resp = WaitForResponse(CMD_ACK);
+
+               // check if command failed
+               if (resp->arg[0] != 0) {
+                       PrintAndLog("Error in step %d, Return code: %d",
+                                   resp->arg[0],
+                                               (int)resp->arg[1]);
+               } else {
+                       size_t nonce_length = resp->arg[1];
+                       char *nonce = (char *) malloc(2 * nonce_length + 1);
+                       for(int j = 0; j < nonce_length; j++) {
+                               snprintf(nonce + (2 * j), 3, "%02X", resp->d.asBytes[j]);
+                       }
+                       // print nonce
+                       PrintAndLog("Length: %d, Nonce: %s",
+                                   resp->arg[1], nonce);
+               }
+       }
+       PrintAndLog("End: %u", time(NULL));
+
+       return 1;
+}
+
+// UI-related stuff
+
+static const command_t CommandTable[] = 
+{
+  {"help",    CmdHelp,                   1, "This help"},
+  {"cnonces", CmdHFEPACollectPACENonces, 0, "<m> <n> Acquire n>0 encrypted PACE nonces of size m>0"},
+  {NULL, NULL, 0, NULL}
+};
+
+int CmdHelp(const char *Cmd)
+{
+  CmdsHelp(CommandTable);
+  return 0;
+}
+
+int CmdHFEPA(const char *Cmd)
+{
+       // flush
+       while (WaitForResponseTimeout(CMD_ACK, 500) != NULL) ;
+
+       // parse
+  CmdsParse(CommandTable, Cmd);
+  return 0;
+}
\ No newline at end of file
diff --git a/client/cmdhfepa.h b/client/cmdhfepa.h
new file mode 100644 (file)
index 0000000..94ad7d2
--- /dev/null
@@ -0,0 +1,18 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2012 Frederik Möllers
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Commands related to the German electronic Identification Card
+//-----------------------------------------------------------------------------
+
+#ifndef CMDHFEPA_H__
+#define CMDHFEPA_H__
+
+int CmdHFEPA(const char *Cmd);
+
+int CmdHFEPACollectPACENonces(const char *Cmd);
+
+#endif // CMDHFEPA_H__
index 4ba9d29fca10c929794ee1b9f1ec879ec7347e91..a209497fdc52a86d65feccd4ea95cbad9eada756 100644 (file)
@@ -95,6 +95,7 @@ typedef struct {
 #define CMD_SIMULATE_TAG_LEGIC_RF                                         0x0387
 #define CMD_READER_LEGIC_RF                                               0x0388
 #define CMD_WRITER_LEGIC_RF                                               0x0389
+#define CMD_EPA_PACE_COLLECT_NONCE                                        0x038A
 
 #define CMD_SNOOP_ICLASS                                                  0x0392
 #define CMD_SIMULATE_TAG_ICLASS                                           0x0393
Impressum, Datenschutz