From: iceman1001 Date: Fri, 19 Sep 2014 08:50:34 +0000 (+0200) Subject: Merge branch 'master' of https://github.com/Proxmark/proxmark3 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/75465377b93c9a27450a186342e9cfd2a84b4173 Merge branch 'master' of https://github.com/Proxmark/proxmark3 Conflicts: armsrc/appmain.c armsrc/apps.h armsrc/iclass.c client/Makefile client/cmdhficlass.c client/loclass/cipher.c client/loclass/fileutils.c client/loclass/ikeys.h include/usb_cmd.h --- 75465377b93c9a27450a186342e9cfd2a84b4173 diff --cc armsrc/iclass.c index f71607d2,0ff24bfd..6ceb436b --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@@ -45,10 -45,9 +45,11 @@@ // Needed for CRC in emulation mode; // same construction as in ISO 14443; // different initial value (CRC_ICLASS) -#include "iso14443crc.h" +#include "../common/iso14443crc.h" +#include "../common/iso15693tools.h" + #include "iso15693tools.h" + static int timeout = 4096; diff --cc armsrc/mifaredesfire.c index 6660ef75,00000000..60f5ec03 mode 100644,000000..100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@@ -1,574 -1,0 +1,585 @@@ +#include "mifaredesfire.h" + +#define MAX_APPLICATION_COUNT 28 +#define MAX_FILE_COUNT 16 +#define MAX_FRAME_SIZE 60 +#define NOT_YET_AUTHENTICATED 255 +#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5) + +// the block number for the ISO14443-4 PCB +uint8_t pcb_blocknum = 0; +// Deselect card by sending a s-block. the crc is precalced for speed +static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4}; + +//static uint8_t __msg[MAX_FRAME_SIZE] = { 0x0A, 0x00, 0x00, /* ..., */ 0x00 }; +/* PCB CID CMD PAYLOAD */ +//static uint8_t __res[MAX_FRAME_SIZE]; + +bool InitDesfireCard(){ + + // Make sure it is off. +// FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); +// SpinDelay(300); + + byte_t cardbuf[USB_CMD_DATA_SIZE]; + memset(cardbuf,0,sizeof(cardbuf)); + + iso14a_set_tracing(TRUE); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; + int len = iso14443a_select_card(NULL,card,NULL); + + if (!len) { + if (MF_DBGLEVEL >= 1) { + Dbprintf("Can't select card"); + } + OnError(); + return false; + } + return true; +} + ++// ARG0 flag enums ++enum { ++ NONE = 0x00, ++ INIT = 0x01, ++ DISCONNECT = 0x02, ++ FOO = 0x04, ++ BAR = 0x08, ++} CmdOptions ; ++ +void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){ + + /* ARG0 contains flags. + 0x01 = init card. - 0x02 = ++ 0x02 = No Disconnect + 0x03 + */ + uint8_t flags = arg0; + size_t datalen = arg1; + uint8_t resp[RECV_RES_SIZE]; + memset(resp,0,sizeof(resp)); + + if (MF_DBGLEVEL >= 4) { - Dbprintf(" flags: %02X", flags); - Dbprintf(" len : %02X", datalen); - print_result("to send: ", datain, datalen); ++ Dbprintf(" flags : %02X", flags); ++ Dbprintf(" len : %02X", datalen); ++ print_result(" RX : ", datain, datalen); + } + - if ( flags & 0x01 ){ ++ if ( flags & INIT ){ + if ( !InitDesfireCard() ) + return; + } + + int len = DesfireAPDU(datain, datalen, resp); ++ print_result(" <--: ", resp, len); + if ( !len ) { + if (MF_DBGLEVEL >= 4) { + print_result("ERR <--: ", resp, len); + } + OnError(); + return; + } - cmd_send(CMD_ACK,1,len,0,resp,len); + - - OnSuccess(); ++ // reset the pcb_blocknum, ++ pcb_blocknum = 0; ++ ++ if ( flags & DISCONNECT ) ++ OnSuccess(); ++ ++ cmd_send(CMD_ACK,1,len,0,resp,len); +} + +void MifareDesfireGetInformation(){ + + int len = 0; + uint8_t resp[USB_CMD_DATA_SIZE]; + uint8_t dataout[USB_CMD_DATA_SIZE]; + byte_t cardbuf[USB_CMD_DATA_SIZE]; + + memset(resp,0,sizeof(resp)); + memset(dataout,0, sizeof(dataout)); + memset(cardbuf,0,sizeof(cardbuf)); + + /* + 1 = PCB 1 + 2 = cid 2 + 3 = desfire command 3 + 4-5 = crc 4 key + 5-6 crc + PCB == 0x0A because sending CID byte. + CID == 0x00 first card? + */ + iso14a_clear_trace(); + iso14a_set_tracing(TRUE); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + // card select - information + iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; + byte_t isOK = iso14443a_select_card(NULL, card, NULL); + if (isOK != 1) { + if (MF_DBGLEVEL >= 1) { + Dbprintf("Can't select card"); + } + OnError(); + return; + } + + memcpy(dataout,card->uid,7); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + uint8_t cmd[] = {GET_VERSION}; + size_t cmd_len = sizeof(cmd); + + len = DesfireAPDU(cmd, cmd_len, resp); + if ( !len ) { + print_result("ERROR <--: ", resp, len); + OnError(); + return; + } + + LED_A_OFF(); + LED_B_ON(); + memcpy(dataout+7,resp+3,7); + + // ADDITION_FRAME 1 + cmd[0] = ADDITIONAL_FRAME; + len = DesfireAPDU(cmd, cmd_len, resp); + if ( !len ) { + print_result("ERROR <--: ", resp, len); + OnError(); + return; + } + + LED_B_OFF(); + LED_C_ON(); + memcpy(dataout+7+7,resp+3,7); + + // ADDITION_FRAME 2 + len = DesfireAPDU(cmd, cmd_len, resp); + if ( !len ) { + print_result("ERROR <--: ", resp, len); + OnError(); + return; + } + + memcpy(dataout+7+7+7,resp+3,14); + + cmd_send(CMD_ACK,1,0,0,dataout,sizeof(dataout)); + + // reset the pcb_blocknum, + pcb_blocknum = 0; + OnSuccess(); +} + +void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain){ + + uint8_t null_key_data[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + //uint8_t new_key_data[8] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }; + int res = 0; + + desfirekey_t default_key = Desfire_des_key_new_with_version (null_key_data); + + // res = Desfire_select_application (tags[i], aid); + if (res < 0) { + print_result("default key: ", default_key->data, 24 ); + return; + } + + return; + // pcb cid cmd key crc1 cr2 + //uint8_t cmd2[] = {0x02,0x00,GET_KEY_VERSION, 0x00, 0x00, 0x00 }; + + //uint8_t* bigbuffer = mifare_get_bigbufptr(); + byte_t isOK = 1; + uint8_t resp[256]; + uint8_t key[24]; + uint8_t IV[16]; + + // första byten håller keylength. + uint8_t keylen = datain[0]; + memcpy(key, datain+1, keylen); + + if (MF_DBGLEVEL >= 1) { + + Dbprintf("MODE: %d", mode); + Dbprintf("ALGO: %d", algo); + Dbprintf("KEYNO: %d", keyno); + Dbprintf("KEYLEN: %d", keylen); + + print_result("KEY", key, keylen); + } + + // card select - information + byte_t buf[USB_CMD_DATA_SIZE]; + iso14a_card_select_t *card = (iso14a_card_select_t*)buf; + + // test of DES on ARM side. + /* + if ( mode == 1){ + uint8_t IV[8]; + uint8_t plain[16]; + uint8_t encData[16]; + + uint8_t tmpData[8]; + uint8_t tmpPlain[8]; + + memset(IV, 0, 8); + memset(tmpData, 0 ,8); + memset(tmpPlain,0 ,8); + memcpy(key, datain, 8); + memcpy(plain, datain+30, 16); + + for(uint8_t i=0; i< sizeof(plain); i=i+8 ){ + + memcpy(tmpPlain, plain+i, 8); + des_enc( &tmpData, &tmpPlain, &key); + memcpy(encData+i, tmpData, 8); + } + } +*/ + + iso14a_clear_trace(); + + iso14a_set_tracing(TRUE); + + // power up the field + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + // select the card + isOK = iso14443a_select_card(resp, card, NULL); + if (isOK != 1) { + if (MF_DBGLEVEL >= 1) { + Dbprintf("CAN'T SELECT CARD, SOMETHING WENT WRONG BEFORE AUTH"); + } + OnError(); + return; + } + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + // 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32) + // 4 olika crypto algo DES, 3DES, 3K3DES, AES + // 3 olika kommunikations sätt, PLAIN,MAC,CRYPTO + + // des, nyckel 0, + switch (mode){ + case 1: + // if ( SendDesfireCommand(AUTHENTICATE, &keyno, resp) > 0 ){ + // // fick nonce från kortet + // } + break; + case 2: + //SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp); + break; + case 3:{ + AesCtx ctx; + if ( AesCtxIni(&ctx, IV, key, KEY128, CBC) < 0 ){ + if (MF_DBGLEVEL >= 1) { + Dbprintf("AES context failed to init"); + } + OnError(); + return; + } + uint8_t real_cmd[6]; + real_cmd[0] = 0x90; + real_cmd[1] = 0x02; + real_cmd[2] = AUTHENTICATE_AES; + real_cmd[3] = keyno; + + AppendCrc14443a(real_cmd, 4); + ReaderTransmit(real_cmd, sizeof(real_cmd), NULL); + + int len = ReaderReceive(resp); + if(!len) { + OnError(); + return; + } + + print_result("RX:", resp, len); + + enum DESFIRE_STATUS status = resp[1]; + if ( status != ADDITIONAL_FRAME) { + OnError(); + return; + } + + // tags enc nonce + uint8_t encRndB[16]; + uint8_t decRndB[16]; + uint8_t nonce[16]; + uint8_t both[32]; + uint8_t encBoth[32]; + + memset(nonce, 0, 16); + memcpy( encRndB, resp+2, 16); + + // dekryptera tagnonce. + AesDecrypt(&ctx, encRndB, decRndB, 16); + + rol(decRndB,16); + + memcpy(both, nonce,16); + memcpy(both+16, decRndB ,16 ); + + AesEncrypt(&ctx, both, encBoth, 32 ); + + uint8_t real_cmd_A[36]; + real_cmd_A[0] = 0x03; + real_cmd_A[1] = ADDITIONAL_FRAME; + + memcpy(real_cmd_A+2, encBoth, sizeof(encBoth) ); + AppendCrc14443a(real_cmd_A, 34); + ReaderTransmit(real_cmd_A, sizeof(real_cmd_A), NULL); + + len = ReaderReceive(resp); + + print_result("Auth1a ", resp, 36); + + status = resp[1]; + if ( status != OPERATION_OK) { + Dbprintf("Cmd Error: %02x Len: %d", status,len); + OnError(); + return; + } + + break; + } + + } + + OnSuccess(resp); +} + +// 3 olika ISO sätt att skicka data till DESFIRE (direkt, inkapslat, inkapslat ISO) +// cmd = cmd bytes to send +// cmd_len = length of cmd +// dataout = pointer to response data array +int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){ + + uint32_t status = 0; + size_t wrappedLen = 0; + uint8_t wCmd[USB_CMD_DATA_SIZE]; + + wrappedLen = CreateAPDU( cmd, cmd_len, wCmd); + + if (MF_DBGLEVEL >= 4) { + print_result("WCMD <--: ", wCmd, wrappedLen); + } + ReaderTransmit( wCmd, wrappedLen, NULL); + + status = ReaderReceive(dataout); + + if(!status){ + return FALSE; //DATA LINK ERROR + } + // if we received an I- or R(ACK)-Block with a block number equal to the + // current block number, toggle the current block number + else if (status >= 4 // PCB+CID+CRC = 4 bytes + && ((dataout[0] & 0xC0) == 0 // I-Block + || (dataout[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0 + && (dataout[0] & 0x01) == pcb_blocknum) // equal block numbers + { + pcb_blocknum ^= 1; //toggle next block + } + return status; +} + +// CreateAPDU +size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){ + + size_t cmdlen = MIN(len+4, USB_CMD_DATA_SIZE-1); + + uint8_t cmd[cmdlen]; + memset(cmd, 0, cmdlen); + + cmd[0] = 0x0A; // 0x0A = skicka cid, 0x02 = ingen cid. Särskilda bitar // + cmd[0] |= pcb_blocknum; // OR the block number into the PCB + cmd[1] = 0x00; // CID: 0x00 //FIXME: allow multiple selected cards + + memcpy(cmd+2, datain, len); + AppendCrc14443a(cmd, len+2); + + memcpy(dataout, cmd, cmdlen); + + return cmdlen; +} + + // crc_update(&desfire_crc32, 0, 1); /* CMD_WRITE */ + // crc_update(&desfire_crc32, addr, addr_sz); + // crc_update(&desfire_crc32, byte, 8); + // uint32_t crc = crc_finish(&desfire_crc32); + + + /* Version + + //uint8_t versionCmd1[] = {0x02, 0x60}; + //uint8_t versionCmd2[] = {0x03, 0xaf}; + //uint8_t versionCmd3[] = {0x02, 0xaf}; + + // AUTH 1 - CMD: 0x02, 0x0A, 0x00 = Auth + // 0x02 = status byte för simpla svar?!? + // 0x0a = krypto typ + // 0x00 = key nr + //uint8_t initAuthCmdDES[] = {0x02, 0x0a, 0x00}; // DES + //uint8_t initAuthCmd3DES[] = {0x02, 0x1a, 0x00}; // 3DES + //uint8_t initAuthCmdAES[] = {0x02, 0xaa, 0x00}; // AES + // auth 1 - answer command + // 0x03 = status byte för komplexa typer? + // 0xaf = additional frame + // LEN = 1+1+32+2 = 36 + //uint8_t answerAuthCmd[34] = {0x03, 0xaf}; + + // Lägg till CRC + //AppendCrc14443a(versionCmd1,sizeof(versionCmd1)); +*/ + + // Sending commands + /*ReaderTransmit(versionCmd1,sizeof(versionCmd1)+2, NULL); + len = ReaderReceive(buffer); + print_result("Get Version 3", buffer, 9); + */ + + // for( int i = 0; i < 8; i++){ + // // Auth 1 - Request authentication + // ReaderTransmit(initAuthCmdAES,sizeof(initAuthCmdAES)+2, NULL); + // //len = ReaderReceive(buffer); + + // // 0xAE = authentication error + // if (buffer[1] == 0xae) { + // Dbprintf("Cmd Error: %02x", buffer[1]); + // OnError(); + // return; + // } + + // // tags enc nonce + // memcpy(encRndB, buffer+2, 16); + + // // dekryptera svaret från tag. + // AesDecrypt(&ctx, encRndB, decRndB, 16); + + // rol8(decRndB,16); + // memcpy(RndARndB, RndA,16); + // memcpy(RndARndB+16, decRndB ,16 ); + + // AesEncrypt(&ctx, RndARndB, encRndARndB, 32 ); + + // memcpy(answerAuthCmd+2, encRndARndB, 32); + // AppendCrc14443a(answerAuthCmd,sizeof(answerAuthCmd)); + + // ReaderTransmit(answerAuthCmd,sizeof(answerAuthCmd)+2, NULL); + + // len = ReaderReceive(buffer); + + // print_result("Auth1a ", buffer, 8); + // Dbprintf("Rx len: %02x", len); + + // if (buffer[1] == 0xCA) { + // Dbprintf("Cmd Error: %02x Len: %d", buffer[1],len); + // cmd_send(CMD_ACK,0,0,0,0,0); + // key[1] = i; + // AesCtxIni(&ctx, iv, key, KEY128, CBC); + // } + // } + + //des_dec(decRndB, encRndB, key); + + //Do crypto magic + /* + DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0); + memcpy(RndARndB,RndA,8); + memcpy(RndARndB+8,RndB,8); + PrintAndLog(" RA+B:%s",sprint_hex(RndARndB, 16)); + DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1); + PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16)); + */ + + +int mifare_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){ + + uint8_t* buffer = mifare_get_bigbufptr(); + uint8_t dcmd[19]; + + dcmd[0] = 0xAF; + memcpy(dcmd+1,key,16); + AppendCrc14443a(dcmd, 17); + + + ReaderTransmit(dcmd, sizeof(dcmd), NULL); + int len = ReaderReceive(buffer); + if(!len) { + if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout."); + len = ReaderReceive(buffer); + } + + if(len==1) { + if (MF_DBGLEVEL >= 1) { + Dbprintf("NAK - Authentication failed."); + Dbprintf("Cmd Error: %02x", buffer[0]); + } + return 1; + } + + if (len == 11){ + if (MF_DBGLEVEL >= 1) { + Dbprintf("Auth2 Resp: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x", + buffer[0],buffer[1],buffer[2],buffer[3],buffer[4], + buffer[5],buffer[6],buffer[7],buffer[8],buffer[9], + buffer[10]); + } + return 0; + } + return 1; +} + +void MifareDES_Auth2(uint32_t arg0, uint8_t *datain){ + + return; + uint32_t cuid = arg0; + uint8_t key[16]; + + byte_t isOK = 0; + byte_t dataoutbuf[16]; + + memset(key, 0, 16); + memcpy(key, datain, 16); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + if(mifare_des_auth2(cuid, key, dataoutbuf)){ + if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail..."); + } + isOK=1; + if (MF_DBGLEVEL >= 2) DbpString("AUTH 2 FINISHED"); + + LED_B_ON(); + cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,11); + LED_B_OFF(); + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} + +void OnSuccess(){ - // transmit a DESELECT COMMAND for Desfire. - ReaderTransmit(deselect_cmd, 3 , NULL); - // reset the pcb_blocknum, + pcb_blocknum = 0; ++ ReaderTransmit(deselect_cmd, 3 , NULL); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} + +void OnError(){ - cmd_send(CMD_ACK,0,0,0,0,0); - ReaderTransmit(deselect_cmd, 3 , NULL); - // reset the pcb_blocknum, + pcb_blocknum = 0; ++ ReaderTransmit(deselect_cmd, 3 , NULL); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); ++ cmd_send(CMD_ACK,0,0,0,0,0); + LEDsoff(); +} diff --cc client/Makefile index 026db798,05ffc667..1aa801ee --- a/client/Makefile +++ b/client/Makefile @@@ -19,10 -19,15 +19,15 @@@ CFLAGS = -std=c99 -I. -I../include -I. LUAPLATFORM = generic ifneq (,$(findstring MINGW,$(platform))) -CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4 +CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -I$(QTDIR)/include/QtWidgets +QTLDLIBS = -L$(QTDIR)/lib -lQt5Core -lQt5Gui -lQt5Widgets MOC = $(QTDIR)/bin/moc LUAPLATFORM = mingw + else ifeq ($(platform),Darwin) + CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 + QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) + MOC = $(shell pkg-config --variable=moc_location QtCore) + LUAPLATFORM = macosx else CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) @@@ -73,13 -78,10 +78,13 @@@ CMDSRCS = nonce2key/crapto1.c cmdhflegic.c \ cmdhficlass.c \ cmdhfmf.c \ + cmdhfmfu.c \ + cmdhfmfdes.c \ + cmdhfdes.c \ cmdhw.c \ cmdlf.c \ - cmdlfhid.c \ cmdlfio.c \ + cmdlfhid.c \ cmdlfem4x.c \ cmdlfhitag.c \ cmdlfti.c \ diff --cc client/cmdhficlass.c index e32664f5,7156b118..bd215a61 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@@ -436,8 -437,8 +436,8 @@@ int CmdHFiClassReader_Replay(const cha if (strlen(Cmd)<1) { PrintAndLog("Usage: hf iclass replay "); PrintAndLog(" sample: hf iclass replay 00112233"); - return 0; + return 0; - } + } if (param_gethex(Cmd, 0, MAC, 8)) { PrintAndLog("MAC must include 8 HEX symbols"); @@@ -645,14 -647,14 +646,17 @@@ int CmdHFiClass_iso14443A_write(const c static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"list", CmdHFiClassList, 0, "List iClass history"}, - {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"}, - {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"}, + {"help", CmdHelp, 1, "This help"}, + {"list", CmdHFiClassList, 0, "List iClass history"}, + {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"}, + {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"}, - {"reader", CmdHFiClassReader, 0, "Read an iClass tag"}, + {"reader",CmdHFiClassReader, 0, "Read an iClass tag"}, + {"replay",CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"}, + {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"}, + {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"}, + {"replay", CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"}, + {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"}, + {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"}, {NULL, NULL, 0, NULL} }; diff --cc client/cmdhfmfdes.c index 824236be,00000000..f3217df2 mode 100644,000000..100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@@ -1,503 -1,0 +1,538 @@@ +//----------------------------------------------------------------------------- +// Copyright (C) 2014 Iceman +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency MIFARE Desfire commands +//----------------------------------------------------------------------------- + +#include +#include +#include +#include +#include +#include "cmdmain.h" +#include "proxmark3.h" +#include "../include/common.h" +#include "../include/mifare.h" +#include "../common/iso14443crc.h" +#include "data.h" +#include "ui.h" +#include "cmdparser.h" +#include "util.h" +#include "cmdhfmfdes.h" + + +uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; +uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }; +uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 }; + + +static int CmdHelp(const char *Cmd); +static void xor(unsigned char * dst, unsigned char * src, size_t len); +static int32_t le24toh (uint8_t data[3]); + + +int CmdHF14ADesWb(const char *Cmd) +{ +/* uint8_t blockNo = 0; + uint8_t keyType = 0; + uint8_t key[6] = {0, 0, 0, 0, 0, 0}; + uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + + char cmdp = 0x00; + + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf mf wrbl "); + PrintAndLog(" sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F"); + return 0; + } + + blockNo = param_get8(Cmd, 0); + cmdp = param_getchar(Cmd, 1); + if (cmdp == 0x00) { + PrintAndLog("Key type must be A or B"); + return 1; + } + if (cmdp != 'A' && cmdp != 'a') keyType = 1; + if (param_gethex(Cmd, 2, key, 12)) { + PrintAndLog("Key must include 12 HEX symbols"); + return 1; + } + if (param_gethex(Cmd, 3, bldata, 32)) { + PrintAndLog("Block data must include 32 HEX symbols"); + return 1; + } + PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6)); + PrintAndLog("--data: %s", sprint_hex(bldata, 16)); + + UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}}; + memcpy(c.d.asBytes, key, 6); + memcpy(c.d.asBytes + 10, bldata, 16); + SendCommand(&c); + + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + */ + return 0; +} + +int CmdHF14ADesRb(const char *Cmd) +{ + // uint8_t blockNo = 0; + // uint8_t keyType = 0; + // uint8_t key[6] = {0, 0, 0, 0, 0, 0}; + + // char cmdp = 0x00; + + + // if (strlen(Cmd)<3) { + // PrintAndLog("Usage: hf mf rdbl "); + // PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF "); + // return 0; + // } + + // blockNo = param_get8(Cmd, 0); + // cmdp = param_getchar(Cmd, 1); + // if (cmdp == 0x00) { + // PrintAndLog("Key type must be A or B"); + // return 1; + // } + // if (cmdp != 'A' && cmdp != 'a') keyType = 1; + // if (param_gethex(Cmd, 2, key, 12)) { + // PrintAndLog("Key must include 12 HEX symbols"); + // return 1; + // } + // PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6)); + + // UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}}; + // memcpy(c.d.asBytes, key, 6); + // SendCommand(&c); + + // UsbCommand resp; + // if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + // uint8_t isOK = resp.arg[0] & 0xff; + // uint8_t * data = resp.d.asBytes; + + // if (isOK) + // PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16)); + // else + // PrintAndLog("isOk:%02x", isOK); + // } else { + // PrintAndLog("Command execute timeout"); + // } + + return 0; +} + +int CmdHF14ADesInfo(const char *Cmd){ + + UsbCommand c = {CMD_MIFARE_DESFIRE_INFO}; + SendCommand(&c); + UsbCommand resp; + + if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) { + PrintAndLog("Command execute timeout"); + return 0; + } + uint8_t isOK = resp.arg[0] & 0xff; + if ( !isOK ){ + PrintAndLog("Command unsuccessful"); + return 0; + } + + PrintAndLog("---Desfire Information---------------------------------------"); + PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" UID : %s",sprint_hex(resp.d.asBytes, 7)); + PrintAndLog(" Batch number : %s",sprint_hex(resp.d.asBytes+28,5)); + PrintAndLog(" Production date : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]); + PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" Hardware Information"); + PrintAndLog(" Vendor Id : %s", GetVendorStr(resp.d.asBytes[7])); + PrintAndLog(" Type : 0x%02X",resp.d.asBytes[8]); + PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[9]); + PrintAndLog(" Version : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]); + PrintAndLog(" Storage size : %s",GetCardSizeStr(resp.d.asBytes[12])); + PrintAndLog(" Protocol : %s",GetProtocolStr(resp.d.asBytes[13])); + PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" Software Information"); + PrintAndLog(" Vendor Id : %s",GetVendorStr(resp.d.asBytes[14])); + PrintAndLog(" Type : 0x%02X",resp.d.asBytes[15]); + PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[16]); + PrintAndLog(" Version : %d.%d",resp.d.asBytes[17], resp.d.asBytes[18]); + PrintAndLog(" storage size : %s", GetCardSizeStr(resp.d.asBytes[19])); + PrintAndLog(" Protocol : %s", GetProtocolStr(resp.d.asBytes[20])); + PrintAndLog("-------------------------------------------------------------"); + + - UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }}; ++ UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }}; + c1.d.asBytes[0] = GET_KEY_SETTINGS; + SendCommand(&c1); + if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) { + return 0; + } + + PrintAndLog(" Master Key settings"); + if ( resp.d.asBytes[3] & (1 << 3 ) ) - PrintAndLog(" 0x08 Configuration changeable;"); ++ PrintAndLog(" 0x08 Configuration changeable"); + else - PrintAndLog(" 0x08 Configuration NOT changeable;"); ++ PrintAndLog(" 0x08 Configuration NOT changeable"); + + if ( resp.d.asBytes[3] & (1 << 2 ) ) - PrintAndLog(" 0x04 PICC Master Key not required for create / delete;"); ++ PrintAndLog(" 0x04 PICC Master Key not required for create / delete"); + else - PrintAndLog(" 0x04 PICC Master Key required for create / delete;"); ++ PrintAndLog(" 0x04 PICC Master Key required for create / delete"); + + if ( resp.d.asBytes[3] & (1 << 1 ) ) - PrintAndLog(" 0x02 Free directory list access without PICC Master Key;"); ++ PrintAndLog(" 0x02 Free directory list access without PICC Master Key"); + else - PrintAndLog(" 0x02 Directory list access with PICC Master Key;"); ++ PrintAndLog(" 0x02 Directory list access with PICC Master Key"); + + if ( resp.d.asBytes[3] & (1 << 0 ) ) - PrintAndLog(" 0x01 Allow changing the Master Key;"); ++ PrintAndLog(" 0x01 Allow changing the Master Key"); + else - PrintAndLog(" 0x01 Master Key is not changeable anymore;"); ++ PrintAndLog(" 0x01 Master Key is not changeable anymore"); + + // init len - UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x01, 0x02 }}; ++ UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x03, 0x02 }}; + c2.d.asBytes[0] = GET_KEY_VERSION; + c2.d.asBytes[1] = 0x00; + SendCommand(&c2); + if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) { + return 0; + } + + PrintAndLog(""); - PrintAndLog(" Max number of keys : %d", resp.d.asBytes[2]); ++ PrintAndLog(" Max number of keys : %d", resp.d.asBytes[4]); + PrintAndLog(" Master key Version : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]); + PrintAndLog("-------------------------------------------------------------"); + + - UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }}; ++ UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }}; + c3.d.asBytes[0] = GET_FREE_MEMORY; + SendCommand(&c3); + if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + return 0; + } + + uint8_t tmp[3]; + memcpy(tmp, resp.d.asBytes+3,3); + + PrintAndLog(" Free memory on card : %d bytes", le24toh( tmp )); + PrintAndLog("-------------------------------------------------------------"); + + /* - Card Master key (CMK) 0x00 on AID = 00 00 00 (card level) 0x1 - Application Master Key (AMK) 0x00 on AID != 00 00 00 - Application keys (APK) = 0x01-0x0D - Application free = 0x0E - Application never = 0x0F ++ Card Master key (CMK) 0x00 AID = 00 00 00 (card level) ++ Application Master Key (AMK) 0x00 AID != 00 00 00 ++ Application keys (APK) 0x01-0x0D ++ Application free 0x0E ++ Application never 0x0F + + ACCESS RIGHTS: + keys 0,1,2,3 C + keys 4,5,6,7 RW + keys 8,9,10,11 W + keys 12,13,14,15 R + + Session key: + 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7) + 8 : RndA(byte0-byte3) + RndB(byte0-byte3) + + AES 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte12-byte15) + RndB(byte12-byte15) + */ + + return 1; +} + +char * GetVendorStr( uint8_t id){ + static char buf[30]; + char *retStr = buf; + + if ( id == 0x04 ) + sprintf(retStr, "0x%02X (NXP)",id); + else + sprintf(retStr,"0x%02X (Unknown)",id); + return buf; +} + +/* + The 7 MSBits (= n) code the storage size itself based on 2^n, + the LSBit is set to '0' if the size is exactly 2^n + and set to '1' if the storage size is between 2^n and 2^(n+1). + For this version of DESFire the 7 MSBits are set to 0x0C (2^12 = 4096) and the LSBit is '0'. +*/ +char * GetCardSizeStr( uint8_t fsize ){ + + static char buf[30]; + char *retStr = buf; + + uint16_t usize = 1 << ((fsize >>1) + 1); + uint16_t lsize = 1 << (fsize >>1); + + // is LSB set? + if ( fsize & (1 << 0 ) ) + sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize); + else + sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize); + return buf; +} + +char * GetProtocolStr(uint8_t id){ + + static char buf[30]; + char *retStr = buf; + + if ( id == 0x05) + sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id); + else + sprintf(retStr,"0x%02X", id); + return buf; +} + +int CmdHF14ADesEnumApplications(const char *Cmd){ + - UsbCommand c = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }}; - c.d.asBytes[0] = GET_APPLICATION_IDS; ++ uint32_t options = 0x00; ++ ++ options |= INIT; ++ options |= DISCONNECT; ++ ++ UsbCommand c = {CMD_MIFARE_DESFIRE, {options , 0x01 }}; ++ c.d.asBytes[0] = GET_APPLICATION_IDS; //0x6a + SendCommand(&c); + UsbCommand resp; + + if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) { + return 0; + } + + uint8_t isOK = resp.arg[0] & 0xff; + if ( !isOK ){ + PrintAndLog("Command unsuccessful"); + return 0; + } + + PrintAndLog("---Desfire Enum Applications --------------------------------"); + PrintAndLog("-------------------------------------------------------------"); + - //UsbCommand respFiles; ++ UsbCommand respAid; ++ UsbCommand respFiles; + + uint8_t num = 0; + int max = resp.arg[1] -3 -2; + + for(int i=3; i<=max; i+=3){ - PrintAndLog(" Aid %d : %s ",num ,sprint_hex(resp.d.asBytes+i,3)); ++ PrintAndLog(" Aid %d : %02X %02X %02X ",num ,resp.d.asBytes[i],resp.d.asBytes[i+1],resp.d.asBytes[i+2]); + num++; + - // UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { 0x01, 0x04 }}; - // cFiles.d.asBytes[0] = GET_FILE_IDS; - // cFiles.d.asBytes[1] = resp.d.asBytes+i; - // cFiles.d.asBytes[2] = resp.d.asBytes+i+1; - // cFiles.d.asBytes[3] = resp.d.asBytes+i+2; - // SendCommand(&cFiles); ++ options = INIT; ++ ++ UsbCommand cAid = {CMD_MIFARE_DESFIRE, { options, 0x04 }}; ++ cAid.d.asBytes[0] = SELECT_APPLICATION; // 0x5a ++ cAid.d.asBytes[1] = resp.d.asBytes[i]; ++ cAid.d.asBytes[2] = resp.d.asBytes[i+1]; ++ cAid.d.asBytes[3] = resp.d.asBytes[i+2]; ++ SendCommand(&cAid); ++ ++ if (!WaitForResponseTimeout(CMD_ACK,&respAid,1500) ) { ++ PrintAndLog(" Timed-out"); ++ continue; ++ } ++ uint8_t isOK = respAid.arg[0] & 0xff; ++ if ( !isOK ){ ++ PrintAndLog(" Can't select AID: %s",sprint_hex(resp.d.asBytes+i,3)); ++ continue; ++ } ++ ++ options = DISCONNECT; ++ UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { options, 0x01 }}; ++ cFiles.d.asBytes[0] = GET_FILE_IDS; // 0x6f ++ SendCommand(&cFiles); ++ ++ if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) { ++ PrintAndLog(" Timed-out"); ++ continue; ++ } else { ++ ++ uint8_t isOK = respFiles.arg[0] & 0xff; ++ if ( !isOK ){ ++ PrintAndLog(" No files found"); ++ continue; ++ } + - // if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) { - // PrintAndLog(" No files found"); - // break; - // } ++ int respfileLen = resp.arg[1]-3-2; ++ for (int j=0; j< respfileLen; ++j){ ++ PrintAndLog(" Fileid %d :", resp.d.asBytes[j+3]); ++ } ++ } + + } + PrintAndLog("-------------------------------------------------------------"); + + + return 1; +} + +int CmdHF14ADesNonces(const char *Cmd){ + return 1; +} + +// +// MIAFRE DesFire Authentication +// +#define BUFSIZE 64 +int CmdHF14ADesAuth(const char *Cmd){ + + // NR DESC KEYLENGHT + // ------------------------ + // 1 = DES 8 + // 2 = 3DES 16 + // 3 = 3K 3DES 24 + // 4 = AES 16 + + // AUTHENTICTION MODES: + // 1 Normal + // 2 ISO + // 3 AES + + uint8_t keylength = 8; + //unsigned char testinput[] = { 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00}; + unsigned char key[24]; // = { 0x75,0x28,0x78,0x39,0x74,0x93,0xCB,0x70}; + + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf mfdes auth <1|2|3> <1|2|3|4> "); + PrintAndLog(" AUTH modes 1 = normal, 2 = iso, 3 = aes"); + PrintAndLog(" Crypto: 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES"); + PrintAndLog(" keynumber"); + PrintAndLog(" sample: hf mfdes auth 1 1 0 11223344"); + return 0; + } + uint8_t cmdAuthMode = param_get8(Cmd,0); + uint8_t cmdAuthAlgo = param_get8(Cmd,1); + uint8_t cmdKeyNo = param_get8(Cmd,2); + + switch (cmdAuthMode) + { + case 1: + if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2) { + PrintAndLog("Crypto algo not valid for the auth mode"); + return 1; + } + break; + case 2: + if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2 && cmdAuthAlgo != 3) { + PrintAndLog("Crypto algo not valid for the auth mode"); + return 1; + } + break; + case 3: + if ( cmdAuthAlgo != 4) { + PrintAndLog("Crypto algo not valid for the auth mode"); + return 1; + } + break; + default: + PrintAndLog("Wrong Auth mode"); + return 1; + break; + } + + switch (cmdAuthAlgo){ + case 2: + keylength = 16; + PrintAndLog("3DES selected"); + break; + case 3: + keylength = 24; + PrintAndLog("3 key 3DES selected"); + break; + case 4: + keylength = 16; + PrintAndLog("AES selected"); + break; + default: + cmdAuthAlgo = 1; + keylength = 8; + PrintAndLog("DES selected"); + break; + } + + // key + if (param_gethex(Cmd, 3, key, keylength*2)) { + PrintAndLog("Key must include %d HEX symbols", keylength); + return 1; + } + // algo, nyckellängd, + UsbCommand c = {CMD_MIFARE_DESFIRE_AUTH1, { cmdAuthMode, cmdAuthAlgo, cmdKeyNo }}; + + c.d.asBytes[0] = keylength; + memcpy(c.d.asBytes+1, key, keylength); + //memcpy(c.d.asBytes + 30, testinput, keylength); + + SendCommand(&c); + UsbCommand resp; + + if (WaitForResponseTimeout(CMD_ACK,&resp,3000)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + + } else { + PrintAndLog("Command execute timeout"); + return 0; + } + + uint8_t * data= resp.d.asBytes; + + // PrintAndLog("-------------------------------------------------------------"); + PrintAndLog(" Key :%s",sprint_hex(key, keylength)); + // PrintAndLog(" Plain :%s",sprint_hex(testinput, keylength)); + PrintAndLog(" Encoded :%s",sprint_hex(data, keylength)); + PrintAndLog("-------------------------------------------------------------"); + //PrintAndLog(" Expected :B5 21 9E E8 1A A7 49 9D 21 96 68 7E 13 97 38 56"); + + return 1; +} + + +static void xor(unsigned char * dst, unsigned char * src, size_t len) { + for( ; len > 0; len--,dst++,src++) + *dst ^= *src; +} + +static int32_t le24toh (uint8_t data[3]) { + return (data[2] << 16) | (data[1] << 8) | data[0]; +} + +static command_t CommandTable[] = +{ + {"help", CmdHelp, 1, "This help"}, + {"auth", CmdHF14ADesAuth, 0, "Tries a MIFARE DesFire Authentication"}, + {"rb", CmdHF14ADesRb, 0, "Read MIFARE DesFire block"}, + {"wb", CmdHF14ADesWb, 0, "write MIFARE DesFire block"}, + {"info", CmdHF14ADesInfo, 0, "Get MIFARE DesFire information"}, + {"enum", CmdHF14ADesEnumApplications,0, "Tries enumerate all applications"}, + {"nonce", CmdHF14ADesNonces, 0, " Collect n>0 nonces"}, + {NULL, NULL, 0, NULL} +}; + +int CmdHFMFDes(const char *Cmd) +{ + // flush + WaitForResponseTimeout(CMD_ACK,NULL,100); + CmdsParse(CommandTable, Cmd); + return 0; +} + +int CmdHelp(const char *Cmd) +{ + CmdsHelp(CommandTable); + return 0; +} + + diff --cc client/cmdhfmfdes.h index 15bb9a23,00000000..8ecf36d3 mode 100644,000000..100644 --- a/client/cmdhfmfdes.h +++ b/client/cmdhfmfdes.h @@@ -1,65 -1,0 +1,73 @@@ +//----------------------------------------------------------------------------- +// Copyright (C) 2014 Iceman +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency MIFARE Desfire commands +//----------------------------------------------------------------------------- + +int CmdHFMFDes(const char *Cmd); +int CmdHF14ADesAuth(const char* cmd); +int CmdHF14ADesRb(const char* cmd); +int CmdHF14ADesWb(const char* cmd); +int CmdHF14ADesInfo(const char *Cmd); +int CmdHF14ADesEnumApplications(const char *Cmd); +int CmdHF14ADesNonces(const char *Cmd); +char * GetCardSizeStr( uint8_t fsize ); +char * GetVendorStr( uint8_t id); +char * GetProtocolStr(uint8_t id); + ++// Command options for Desfire behavior. ++enum { ++ NONE = 0x00, ++ INIT = 0x01, ++ DISCONNECT = 0x02, ++ FOO = 0x04, ++ BAR = 0x08, ++} CmdOptions ; + + +#define CREATE_APPLICATION 0xca +#define DELETE_APPLICATION 0xda +#define GET_APPLICATION_IDS 0x6a +#define SELECT_APPLICATION 0x5a +#define FORMAT_PICC 0xfc +#define GET_VERSION 0x60 +#define READ_DATA 0xbd +#define WRITE_DATA 0x3d +#define GET_VALUE 0x6c +#define CREDIT 0x0c +#define DEBIT 0xdc +#define LIMITED_CREDIT 0x1c +#define WRITE_RECORD 0x3b +#define READ_RECORDS 0xbb +#define CLEAR_RECORD_FILE 0xeb +#define COMMIT_TRANSACTION 0xc7 +#define ABORT_TRANSACTION 0xa7 +#define GET_FREE_MEMORY 0x6e +#define GET_FILE_IDS 0x6f +#define GET_FILE_SETTINGS 0xf5 +#define CHANGE_FILE_SETTINGS 0x5f +#define CREATE_STD_DATA_FILE 0xcd +#define CREATE_BACKUP_DATA_FILE 0xcb +#define CREATE_VALUE_FILE 0xcc +#define CREATE_LINEAR_RECORD_FILE 0xc1 +#define CREATE_CYCLIC_RECORD_FILE 0xc0 +#define DELETE_FILE 0xdf +#define AUTHENTICATE 0x0a // AUTHENTICATE_NATIVE +#define AUTHENTICATE_ISO 0x1a // AUTHENTICATE_STANDARD +#define AUTHENTICATE_AES 0xaa +#define CHANGE_KEY_SETTINGS 0x54 +#define GET_KEY_SETTINGS 0x45 +#define CHANGE_KEY 0xc4 +#define GET_KEY_VERSION 0x64 +#define AUTHENTICATION_FRAME 0xAF + + +#define MAX_APPLICATION_COUNT 28 +#define MAX_FILE_COUNT 16 +#define MAX_FRAME_SIZE 60 +#define NOT_YET_AUTHENTICATED 255 +#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5)