From 3d93d4f940e3251b3d18dfb1aa0839aa784cd573 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 18 Sep 2014 14:15:48 +0200 Subject: [PATCH] Add: simple Application enum. Fix: Minor overflows found by Holiman. --- armsrc/mifaredesfire.c | 8 +++---- client/cmdhfmfdes.c | 54 ++++++++++++++++++++++++++++++++++++------ client/cmdhfmfdes.h | 9 ++++++- 3 files changed, 59 insertions(+), 12 deletions(-) diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index ee7dc8f3..6660ef75 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -71,7 +71,7 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){ OnError(); return; } - cmd_send(CMD_ACK,1,0,0,resp,len); + cmd_send(CMD_ACK,1,len,0,resp,len); OnSuccess(); @@ -279,7 +279,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain real_cmd[2] = AUTHENTICATE_AES; real_cmd[3] = keyno; - AppendCrc14443a(real_cmd, 2); + AppendCrc14443a(real_cmd, 4); ReaderTransmit(real_cmd, sizeof(real_cmd), NULL); int len = ReaderReceive(resp); @@ -321,7 +321,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain real_cmd_A[1] = ADDITIONAL_FRAME; memcpy(real_cmd_A+2, encBoth, sizeof(encBoth) ); - AppendCrc14443a(real_cmd_A, sizeof(real_cmd_A)); + AppendCrc14443a(real_cmd_A, 34); ReaderTransmit(real_cmd_A, sizeof(real_cmd_A), NULL); len = ReaderReceive(resp); @@ -514,7 +514,7 @@ int mifare_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){ if (len == 11){ if (MF_DBGLEVEL >= 1) { - Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + Dbprintf("Auth2 Resp: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x", buffer[0],buffer[1],buffer[2],buffer[3],buffer[4], buffer[5],buffer[6],buffer[7],buffer[8],buffer[9], buffer[10]); diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index 5df89d5a..824236be 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -144,7 +144,7 @@ int CmdHF14ADesInfo(const char *Cmd){ } uint8_t isOK = resp.arg[0] & 0xff; if ( !isOK ){ - PrintAndLog("Command unsuccessfull"); + PrintAndLog("Command unsuccessful"); return 0; } @@ -227,10 +227,9 @@ int CmdHF14ADesInfo(const char *Cmd){ PrintAndLog(" Free memory on card : %d bytes", le24toh( tmp )); PrintAndLog("-------------------------------------------------------------"); + /* - Card Master key (CMK) 0x00 on AID = 00 00 00 (card level) - 0x1 - + Card Master key (CMK) 0x00 on AID = 00 00 00 (card level) 0x1 Application Master Key (AMK) 0x00 on AID != 00 00 00 Application keys (APK) = 0x01-0x0D Application free = 0x0E @@ -242,9 +241,6 @@ int CmdHF14ADesInfo(const char *Cmd){ keys 8,9,10,11 W keys 12,13,14,15 R - KEY Versioning. - Se GetKeyVersion (samma nyckel kan ha olika versionen?) - Session key: 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7) 8 : RndA(byte0-byte3) + RndB(byte0-byte3) @@ -301,6 +297,50 @@ char * GetProtocolStr(uint8_t id){ } int CmdHF14ADesEnumApplications(const char *Cmd){ + + UsbCommand c = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }}; + c.d.asBytes[0] = GET_APPLICATION_IDS; + SendCommand(&c); + UsbCommand resp; + + if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) { + return 0; + } + + uint8_t isOK = resp.arg[0] & 0xff; + if ( !isOK ){ + PrintAndLog("Command unsuccessful"); + return 0; + } + + PrintAndLog("---Desfire Enum Applications --------------------------------"); + PrintAndLog("-------------------------------------------------------------"); + + //UsbCommand respFiles; + + uint8_t num = 0; + int max = resp.arg[1] -3 -2; + + for(int i=3; i<=max; i+=3){ + PrintAndLog(" Aid %d : %s ",num ,sprint_hex(resp.d.asBytes+i,3)); + num++; + + // UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { 0x01, 0x04 }}; + // cFiles.d.asBytes[0] = GET_FILE_IDS; + // cFiles.d.asBytes[1] = resp.d.asBytes+i; + // cFiles.d.asBytes[2] = resp.d.asBytes+i+1; + // cFiles.d.asBytes[3] = resp.d.asBytes+i+2; + // SendCommand(&cFiles); + + // if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) { + // PrintAndLog(" No files found"); + // break; + // } + + } + PrintAndLog("-------------------------------------------------------------"); + + return 1; } diff --git a/client/cmdhfmfdes.h b/client/cmdhfmfdes.h index 12cb8e86..15bb9a23 100644 --- a/client/cmdhfmfdes.h +++ b/client/cmdhfmfdes.h @@ -55,4 +55,11 @@ char * GetProtocolStr(uint8_t id); #define GET_KEY_SETTINGS 0x45 #define CHANGE_KEY 0xc4 #define GET_KEY_VERSION 0x64 -#define AUTHENTICATION_FRAME 0xAF \ No newline at end of file +#define AUTHENTICATION_FRAME 0xAF + + +#define MAX_APPLICATION_COUNT 28 +#define MAX_FILE_COUNT 16 +#define MAX_FRAME_SIZE 60 +#define NOT_YET_AUTHENTICATED 255 +#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5) \ No newline at end of file -- 2.39.5