From: Oleg Moiseenko <olegmsn@gmail.com>
Date: Wed, 10 Oct 2018 20:34:04 +0000 (+0300)
Subject: auth 14443-4 (#692)
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/7dadcc959fb7009b6e8bbde4a644aa2f7f1b7a98?hp=9f3839139568c064633102c3da240be65d8c6205
auth 14443-4 (#692)
* AES authentication
---
diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 94eb8ff3..a5de2e2a 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -648,6 +648,95 @@ void DropField() {
SendCommand(&c);
}
+int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
+ uint16_t cmdc = 0;
+ *dataoutlen = 0;
+
+ if (activateField) {
+ UsbCommand resp;
+
+ // Anticollision + SELECT card
+ UsbCommand ca = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT | ISO14A_CLEAR_TRACE, 0, 0}};
+ SendCommand(&ca);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+ PrintAndLog("14aRAW ERROR: Proxmark connection timeout.");
+ return 1;
+ }
+
+ // check result
+ if (resp.arg[0] == 0) {
+ PrintAndLog("14aRAW ERROR: No card in field.");
+ return 1;
+ }
+
+ if (resp.arg[0] != 1 && resp.arg[0] != 2) {
+ PrintAndLog("14aRAW ERROR: card not in iso14443-4. res=%d.", resp.arg[0]);
+ return 1;
+ }
+
+ if (resp.arg[0] == 2) { // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
+ // get ATS
+ UsbCommand cr = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT, 2, 0}};
+ uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
+ memcpy(cr.d.asBytes, rats, 2);
+ SendCommand(&cr);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+ PrintAndLog("14aRAW ERROR: Proxmark connection timeout.");
+ return 1;
+ }
+
+ if (resp.arg[0] <= 0) { // ats_len
+ PrintAndLog("14aRAW ERROR: Can't get ATS.");
+ return 1;
+ }
+ }
+ }
+
+ if (leaveSignalON)
+ cmdc |= ISO14A_NO_DISCONNECT;
+
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | cmdc, (datainlen & 0xFFFF), 0}};
+ memcpy(c.d.asBytes, datain, datainlen);
+ SendCommand(&c);
+
+ uint8_t *recv;
+ UsbCommand resp;
+
+ if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+ recv = resp.d.asBytes;
+ int iLen = resp.arg[0];
+
+ *dataoutlen = iLen - 2;
+ if (*dataoutlen < 0)
+ *dataoutlen = 0;
+
+ if (maxdataoutlen && *dataoutlen > maxdataoutlen) {
+ PrintAndLog("14aRAW ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen);
+ return 2;
+ }
+
+ memcpy(dataout, recv, *dataoutlen);
+
+ if(!iLen) {
+ PrintAndLog("14aRAW ERROR: No card response.");
+ return 1;
+ }
+
+ // CRC Check
+ if (iLen == -1) {
+ PrintAndLog("14aRAW ERROR: ISO 14443A CRC error.");
+ return 3;
+ }
+
+
+ } else {
+ PrintAndLog("14aRAW ERROR: Reply timeout.");
+ return 4;
+ }
+
+ return 0;
+}
+
int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
uint16_t cmdc = 0;
diff --git a/client/cmdhf14a.h b/client/cmdhf14a.h
index 71007f95..bbfd9b29 100644
--- a/client/cmdhf14a.h
+++ b/client/cmdhf14a.h
@@ -25,6 +25,7 @@ int CmdHF14ASnoop(const char *Cmd);
char* getTagInfo(uint8_t uid);
extern void DropField();
+extern int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
extern int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
#endif
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index e2a4ba1e..028bbf7a 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -27,6 +27,9 @@
#include "mifare.h"
#include "mfkey.h"
#include "hardnested/hardnested_bf_core.h"
+#include "cliparser/cliparser.h"
+#include "cmdhf14a.h"
+#include <polarssl/aes.h>
#define NESTED_SECTOR_RETRY 10 // how often we try mfested() until we give up
@@ -2634,6 +2637,149 @@ int CmdDecryptTraceCmds(const char *Cmd){
return tryDecryptWord(param_get32ex(Cmd,0,0,16),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),data,len/2);
}
+int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
+ uint8_t iiv[16] = {0};
+ if (iv)
+ memcpy(iiv, iv, 16);
+
+ aes_context aes;
+ aes_init(&aes);
+ if (aes_setkey_enc(&aes, key, 128))
+ return 1;
+ if (aes_crypt_cbc(&aes, AES_ENCRYPT, length, iiv, input, output))
+ return 2;
+ aes_free(&aes);
+
+ return 0;
+}
+
+int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
+ uint8_t iiv[16] = {0};
+ if (iv)
+ memcpy(iiv, iv, 16);
+
+ aes_context aes;
+ aes_init(&aes);
+ if (aes_setkey_dec(&aes, key, 128))
+ return 1;
+ if (aes_crypt_cbc(&aes, AES_DECRYPT, length, iiv, input, output))
+ return 2;
+ aes_free(&aes);
+
+ return 0;
+}
+
+int CmdHF14AMfAuth4(const char *cmd) {
+ uint8_t keyn[20] = {0};
+ int keynlen = 0;
+ uint8_t key[16] = {0};
+ int keylen = 0;
+ uint8_t data[257] = {0};
+ int datalen = 0;
+
+ uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
+ uint8_t Rnd2[17] = {0};
+
+
+ CLIParserInit("hf mf auth4",
+ "Executes AES authentication command in ISO14443-4",
+ "Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
+ "\thf mf auth4 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> executes authentication\n");
+
+ void* argtable[] = {
+ arg_param_begin,
+ arg_str1(NULL, NULL, "<Key Num (HEX 2 bytes)>", NULL),
+ arg_str1(NULL, NULL, "<Key Value (HEX 16 bytes)>", NULL),
+ arg_param_end
+ };
+ CLIExecWithReturn(cmd, argtable, true);
+
+ CLIGetStrWithReturn(1, keyn, &keynlen);
+ CLIGetStrWithReturn(2, key, &keylen);
+ CLIParserFree();
+
+ if (keynlen != 2) {
+ PrintAndLog("ERROR: <Key Num> must be 2 bytes long instead of: %d", keynlen);
+ return 1;
+ }
+
+ if (keylen != 16) {
+ PrintAndLog("ERROR: <Key Value> must be 16 bytes long instead of: %d", keylen);
+ return 1;
+ }
+
+ uint8_t cmd1[] = {0x0a, 0x00, 0x70, keyn[1], keyn[0], 0x00};
+ int res = ExchangeRAW14a(cmd1, sizeof(cmd1), true, true, data, sizeof(data), &datalen);
+ if (res) {
+ PrintAndLog("ERROR exchande raw error: %d", res);
+ return 2;
+ }
+
+ PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
+
+ if (datalen < 3) {
+ PrintAndLog("ERROR: card response length: %d", datalen);
+ return 3;
+ }
+
+ if (data[0] != 0x0a || data[1] != 0x00) {
+ PrintAndLog("ERROR: card response. Framing error. :%s", sprint_hex(data, 2));
+ return 3;
+ }
+
+ if (data[2] != 0x90) {
+ PrintAndLog("ERROR: card response error: %02x", data[2]);
+ return 3;
+ }
+
+ if (datalen != 19) {
+ PrintAndLog("ERROR: card response must be 16 bytes long instead of: %d", datalen);
+ return 3;
+ }
+
+ aes_decode(NULL, key, &data[3], Rnd2, 16);
+ Rnd2[16] = Rnd2[0];
+ PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
+
+ uint8_t cmd2[35] = {0};
+ cmd2[0] = 0x0b;
+ cmd2[1] = 0x00;
+ cmd2[2] = 0x72;
+
+ uint8_t raw[32] = {0};
+ memmove(raw, Rnd1, 16);
+ memmove(&raw[16], &Rnd2[1], 16);
+
+ aes_encode(NULL, key, raw, &cmd2[3], 32);
+ PrintAndLog(">phase2: %s", sprint_hex(cmd2, 35));
+
+ res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
+ if (res) {
+ PrintAndLog("ERROR exchande raw error: %d", res);
+ DropField();
+ return 4;
+ }
+
+ PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
+
+ aes_decode(NULL, key, &data[3], raw, 32);
+ PrintAndLog("res: %s", sprint_hex(raw, 32));
+
+ PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
+ if (memcmp(&raw[4], &Rnd1[1], 16)) {
+ PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
+ PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
+ PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
+ DropField();
+ return 5;
+ }
+
+ DropField();
+ PrintAndLog("\nAuthentication OK");
+
+ return 0;
+}
+
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
@@ -2643,6 +2789,7 @@ static command_t CommandTable[] =
{"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},
{"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},
{"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},
+ {"auth4", CmdHF14AMfAuth4, 0, "ISO14443-4 AES authentication"},
{"chk", CmdHF14AMfChk, 0, "Test block keys"},
{"mifare", CmdHF14AMifare, 0, "Read parity error messages."},
{"hardnested", CmdHF14AMfNestedHard, 0, "Nested attack for hardened Mifare cards"},