diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index a83c78713..c12cd2240 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -6114,6 +6114,252 @@ static int CmdHF14ADesGetFileISOIDs(const char *Cmd) { return PM3_SUCCESS; } +static int CmdHF14ADesGetFileSettings(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfdes getfilesettings", + "Get File Settings from file from application. Master key needs to be provided or flag --no-auth set (depend on cards settings).", + "hf mfdes getfilesettings --aid 123456 --fid 01 -> execute with defaults from `default` command\n" + "hf mfdes getfilesettings -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -> execute with default factory setup"); + + void *argtable[] = { + arg_param_begin, + arg_lit0("a", "apdu", "show APDU requests and responses"), + arg_lit0("v", "verbose", "show technical data"), + arg_int0("n", "keyno", "", "Key number"), + arg_str0("t", "algo", "", "Crypt algo: DES, 2TDEA, 3TDEA, AES"), + arg_str0("k", "key", "", "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"), + arg_str0("f", "kdf", "", "Key Derivation Function (KDF): None, AN10922, Gallagher"), + arg_str0("i", "kdfi", "", "KDF input (HEX 1-31 bytes)"), + arg_str0("m", "cmode", "", "Communicaton mode: plain/mac/encrypt"), + arg_str0("c", "ccset", "", "Communicaton command set: native/niso/iso"), + arg_str0("s", "schann", "", "Secure channel: d40/ev1/ev2"), + arg_str0(NULL, "aid", "", "Application ID (3 hex bytes, big endian)"), + arg_str0(NULL, "fid", "", "File ID (1 hex byte). default: 1"), + arg_lit0(NULL, "no-auth", "execute without authentication"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + bool APDULogging = arg_get_lit(ctx, 1); + bool verbose = arg_get_lit(ctx, 2); + bool noauth = arg_get_lit(ctx, 13); + + DesfireContext dctx; + int securechann = defaultSecureChannel; + uint32_t appid = 0x000000; + int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMPlain, &appid); + if (res) { + CLIParserFree(ctx); + return res; + } + + uint32_t fileid = 1; + res = arg_get_u32_hexstr_def_nlen(ctx, 12, 1, &fileid, 1, true); + if (res == 2) { + PrintAndLogEx(ERR, "File ID must have 1 byte length"); + return PM3_EINVARG; + } + + SetAPDULogging(APDULogging); + CLIParserFree(ctx); + + if (noauth) { + res = DesfireSelectAIDHex(&dctx, appid, false, 0); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Desfire select " _RED_("error") "."); + DropField(); + return res; + } + } else { + res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + } + + uint8_t buf[APDU_RES_LEN] = {0}; + size_t buflen = 0; + + res = DesfireGetFileSettings(&dctx, fileid, buf, &buflen); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Desfire GetFileSettings command " _RED_("error") ". Result: %d", res); + DropField(); + return PM3_ESOFT; + } + + if (verbose) + PrintAndLogEx(INFO, "app %06x file %02x settings[%d]: %s", appid, fileid, buflen, sprint_hex(buf, buflen)); + + DesfirePrintFileSettings(buf, buflen); + + DropField(); + return PM3_SUCCESS; +} + +static int CmdHF14ADesChFileSettings(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfdes chfilesettings", + "Get File Settings from file from application. Master key needs to be provided or flag --no-auth set (depend on cards settings).", + "hf mfdes chfilesettings --aid 123456 --fid 01 --amode plain --rrights free --wrights free --rwrights free --chrights key0 -> change file settings app=123456, file=01 with defaults from `default` command\n" + "hf mfdes chfilesettings -n 0 -t des -k 0000000000000000 -f none --aid 123456 --fid 01 -rawdata 00EEEE -> execute with default factory setup\n" + "hf mfdes chfilesettings --aid 123456 --fid 01 --rawdata 810000021f112f22 -> change file settings with additional rights for keys 1 and 2"); + + void *argtable[] = { + arg_param_begin, + arg_lit0("a", "apdu", "show APDU requests and responses"), + arg_lit0("v", "verbose", "show technical data"), + arg_int0("n", "keyno", "", "Key number"), + arg_str0("t", "algo", "", "Crypt algo: DES, 2TDEA, 3TDEA, AES"), + arg_str0("k", "key", "", "Key for authenticate (HEX 8(DES), 16(2TDEA or AES) or 24(3TDEA) bytes)"), + arg_str0("f", "kdf", "", "Key Derivation Function (KDF): None, AN10922, Gallagher"), + arg_str0("i", "kdfi", "", "KDF input (HEX 1-31 bytes)"), + arg_str0("m", "cmode", "", "Communicaton mode: plain/mac/encrypt"), + arg_str0("c", "ccset", "", "Communicaton command set: native/niso/iso"), + arg_str0("s", "schann", "", "Secure channel: d40/ev1/ev2"), + arg_str0(NULL, "aid", "", "Application ID (3 hex bytes, big endian)"), + arg_str0(NULL, "fid", "", "File ID (1 hex byte)"), + arg_str0(NULL, "rawdata", "", "File settings (HEX > 5 bytes)"), + arg_str0(NULL, "amode", "", "File access mode: plain/mac/encrypt"), + arg_str0(NULL, "rrights", "", "Read file access mode: the specified key, free, deny"), + arg_str0(NULL, "wrights", "", "Write file access mode: the specified key, free, deny"), + arg_str0(NULL, "rwrights","", "Read/Write file access mode: the specified key, free, deny"), + arg_str0(NULL, "chrights","", "Change file settings access mode: the specified key, free, deny"), + arg_lit0(NULL, "no-auth", "execute without authentication"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + bool APDULogging = arg_get_lit(ctx, 1); + bool verbose = arg_get_lit(ctx, 2); + bool noauth = arg_get_lit(ctx, 19); + + DesfireContext dctx; + int securechann = defaultSecureChannel; + uint32_t appid = 0x000000; + int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMEncrypted, &appid); + if (res) { + CLIParserFree(ctx); + return res; + } + + uint32_t fileid = 1; + res = arg_get_u32_hexstr_def_nlen(ctx, 12, 1, &fileid, 1, true); + if (res == 2) { + PrintAndLogEx(ERR, "File ID must have 1 byte length"); + return PM3_EINVARG; + } + + uint8_t data[250] = {0x01, 0x00, 0xee, 0xee}; + uint8_t *settings = &data[1]; + int settingslen = 3; + + uint8_t sdata[250] = {0}; + int sdatalen = sizeof(sdata); + CLIGetHexWithReturn(ctx, 13, sdata, &sdatalen); + if (sdatalen > 18) { + PrintAndLogEx(ERR, "File settings length must be less than 18 instead of %d.", settingslen); + return PM3_EINVARG; + } + + // rawdata have priority over all the rest methods + if (sdatalen > 0) { + memcpy(settings, sdata, sdatalen); + settingslen = sdatalen; + } else { + int cmode = DCMNone; + if (CLIGetOptionList(arg_get_str(ctx, 14), DesfireCommunicationModeOpts, &cmode)) + return PM3_ESOFT; + + if (cmode == DCMPlain) + settings[0] = 0x00; + if (cmode == DCMMACed) + settings[0] = 0x01; + if (cmode == DCMEncrypted) + settings[0] = 0x03; + + int r_mode = 0x0e; + if (CLIGetOptionList(arg_get_str(ctx, 15), DesfireFileAccessModeOpts, &r_mode)) + return PM3_ESOFT; + int w_mode = 0x0e; + if (CLIGetOptionList(arg_get_str(ctx, 16), DesfireFileAccessModeOpts, &w_mode)) + return PM3_ESOFT; + int rw_mode = 0x0e; + if (CLIGetOptionList(arg_get_str(ctx, 17), DesfireFileAccessModeOpts, &rw_mode)) + return PM3_ESOFT; + int ch_mode = 0x0e; + if (CLIGetOptionList(arg_get_str(ctx, 18), DesfireFileAccessModeOpts, &ch_mode)) + return PM3_ESOFT; + + settings[1] = ((rw_mode & 0x0f) << 4) | (ch_mode & 0x0f); + settings[2] = ((r_mode & 0x0f) << 4) | (w_mode & 0x0f); + } + + SetAPDULogging(APDULogging); + CLIParserFree(ctx); + + if (noauth) { + res = DesfireSelectAIDHex(&dctx, appid, false, 0); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Desfire select " _RED_("error") "."); + DropField(); + return res; + } + } else { + res = DesfireSelectAndAuthenticate(&dctx, securechann, appid, verbose); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + } + + uint8_t buf[APDU_RES_LEN] = {0}; + size_t buflen = 0; + + // check current file settings + DesfireCommunicationMode commMode = dctx.commMode; + DesfireSetCommMode(&dctx, DCMPlain); + res = DesfireGetFileSettings(&dctx, fileid, buf, &buflen); + if (res == PM3_SUCCESS && buflen > 5) { + uint8_t chright = buf[2] & 0x0f; + if (verbose) + PrintAndLogEx(INFO, "Current access right for change file settings: %s", GetDesfireAccessRightStr(chright)); + + if (chright == 0x0f) + PrintAndLogEx(WARNING, "Change file settings disabled"); + + if (chright == 0x0e && (!(commMode == DCMPlain || commMode == DCMMACed || noauth))) + PrintAndLogEx(WARNING, "File settings have free access for change. Change command must be sent via plain communications mode or without authentication (--no-auth option)"); + + if (chright < 0x0e && dctx.keyNum != chright) + PrintAndLogEx(WARNING, "File settings must be changed with auth key=0x%02x but current auth with key 0x%02x", chright, dctx.keyNum); + + if (chright < 0x0e && commMode != DCMEncrypted) + PrintAndLogEx(WARNING, "File settings must be changed via encryted (full) communication mode"); + } + DesfireSetCommMode(&dctx, commMode); + + // print the new file settings + if (verbose) + PrintAndLogEx(INFO, "app %06x file %02x settings[%d]: %s", appid, fileid, settingslen, sprint_hex(settings, settingslen)); + + DesfirePrintSetFileSettings(settings, settingslen); + + // set file settings + data[0] = fileid; + res = DesfireChangeFileSettings(&dctx, data, settingslen + 1); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Desfire ChangeFileSettings command " _RED_("error") ". Result: %d", res); + DropField(); + return PM3_ESOFT; + } + + PrintAndLogEx(SUCCESS, "File settings changed " _GREEN_("successfully")); + + DropField(); + return PM3_SUCCESS; +} + static int CmdHF14ADesTest(const char *Cmd) { DesfireTest(true); return PM3_SUCCESS; @@ -6149,12 +6395,14 @@ static command_t CommandTable[] = { {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("Files") " -----------------------"}, {"getfileids", CmdHF14ADesGetFileIDs, IfPm3Iso14443a, "[new]Get File IDs list"}, {"getfileisoids", CmdHF14ADesGetFileISOIDs, IfPm3Iso14443a, "[new]Get File ISO IDs list"}, + {"getfilesettings", CmdHF14ADesGetFileSettings, IfPm3Iso14443a, "[new]Get file settings"}, + {"chfilesettings", CmdHF14ADesChFileSettings, IfPm3Iso14443a, "[new]Change file settings"}, {"changevalue", CmdHF14ADesChangeValue, IfPm3Iso14443a, "Write value of a value file (credit/debit/clear)"}, {"clearfile", CmdHF14ADesClearRecordFile, IfPm3Iso14443a, "Clear record File"}, {"createfile", CmdHF14ADesCreateFile, IfPm3Iso14443a, "Create Standard/Backup File"}, {"createvaluefile", CmdHF14ADesCreateValueFile, IfPm3Iso14443a, "Create Value File"}, {"createrecordfile", CmdHF14ADesCreateRecordFile, IfPm3Iso14443a, "Create Linear/Cyclic Record File"}, - {"deletefile", CmdHF14ADesDeleteFile, IfPm3Iso14443a, "Create Delete File"}, + {"deletefile", CmdHF14ADesDeleteFile, IfPm3Iso14443a, "Delete File"}, {"dump", CmdHF14ADesDump, IfPm3Iso14443a, "Dump all files"}, {"getvalue", CmdHF14ADesGetValueData, IfPm3Iso14443a, "Get value of file"}, {"read", CmdHF14ADesReadData, IfPm3Iso14443a, "Read data from standard/backup/record file"}, @@ -6178,10 +6426,6 @@ int CmdHFMFDes(const char *Cmd) { /* ToDo: - Native Cmds - ----------- - ChangeFileSettings - ISO/IEC 7816 Cmds ----------------- 'A4' Select diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index a48f130d2..413ef3b96 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -74,6 +74,27 @@ const CLIParserOption DesfireSecureChannelOpts[] = { }; const size_t DesfireSecureChannelOptsLen = ARRAY_LENGTH(DesfireSecureChannelOpts); +const CLIParserOption DesfireFileAccessModeOpts[] = { + {0x00, "key0"}, + {0x01, "key1"}, + {0x02, "key2"}, + {0x03, "key3"}, + {0x04, "key4"}, + {0x05, "key5"}, + {0x06, "key6"}, + {0x07, "key7"}, + {0x08, "key8"}, + {0x09, "key9"}, + {0x0a, "key10"}, + {0x0b, "key11"}, + {0x0c, "key12"}, + {0x0d, "key13"}, + {0x0e, "free"}, + {0x0f, "deny"}, + {0, NULL}, +}; + + static const char *getstatus(uint16_t *sw) { if (sw == NULL) return "--> sw argument error. This should never happen !"; if (((*sw >> 8) & 0xFF) == 0x91) { @@ -1013,6 +1034,10 @@ int DesfireSetConfigurationCmd(DesfireContext *dctx, uint8_t *data, size_t len, return DesfireCommand(dctx, MFDES_CHANGE_CONFIGURATION, data, len, resp, resplen, -1); } +int DesfireChangeFileSettings(DesfireContext *dctx, uint8_t *data, size_t datalen) { + return DesfireCommandTxData(dctx, MFDES_CHANGE_FILE_SETTINGS, data, datalen); +} + int DesfireGetFileIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen) { return DesfireCommandRxData(dctx, MFDES_GET_FILE_IDS, resp, resplen, -1); } @@ -1021,6 +1046,9 @@ int DesfireGetFileISOIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen return DesfireCommandRxData(dctx, MFDES_GET_ISOFILE_IDS, resp, resplen, -1); } +int DesfireGetFileSettings(DesfireContext *dctx, uint8_t fileid, uint8_t *resp, size_t *resplen) { + return DesfireCommand(dctx, MFDES_GET_FILE_SETTINGS, &fileid, 1, resp, resplen, -1); +} int DesfireCreateFile(DesfireContext *dctx, uint8_t *fdata, size_t fdatalen) { return DesfireCommandTxData(dctx, MFDES_CREATE_STD_DATA_FILE, fdata, fdatalen); } @@ -1117,6 +1145,173 @@ void PrintKeySettings(uint8_t keysettings, uint8_t numkeys, bool applevel, bool PrintKeySettingsPICC(keysettings, numkeys, print2ndbyte); } +static const char *DesfireUnknownStr = "unknown"; +static const char *DesfireDisabledStr = "disabled"; +static const char *DesfireFreeStr = "free"; +static const char *DesfireFileTypes[] = { + "Standard data", + "Backup data", + "Value", + "Linear Record", + "Cyclic Record", + "Transaction MAC", +}; + +static const char *GetDesfireFileType(uint8_t type) { + if (type < ARRAYLEN(DesfireFileTypes)) + return DesfireFileTypes[type]; + else + return DesfireUnknownStr; +} + +static const char *DesfireCommunicationModes[] = { + "Plain", + "MAC", + "Plain rfu", + "Full", +}; + +static const char *GetDesfireCommunicationMode(uint8_t mode) { + if (mode < ARRAYLEN(DesfireCommunicationModes)) + return DesfireCommunicationModes[mode]; + else + return DesfireUnknownStr; +} + +static const char *DesfireKeyTypeStr[] = { + "2tdea", + "3tdea", + "aes", + "rfu", +}; + +static const char *GetDesfireKeyType(uint8_t keytype) { + if (keytype < ARRAYLEN(DesfireKeyTypeStr)) + return DesfireKeyTypeStr[keytype]; + else + return DesfireUnknownStr; +} + +const char *GetDesfireAccessRightStr(uint8_t right) { + static char int_access_str[200]; + memset(int_access_str, 0, sizeof(int_access_str)); + + if (right > 0x0f) + return DesfireUnknownStr; + + if (right <= 0x0d) { + sprintf(int_access_str, "key 0x%02x", right); + return int_access_str; + } + if (right == 0x0e) + return DesfireFreeStr; + + if (right == 0x0f) + return DesfireDisabledStr; + + return DesfireUnknownStr; +} + +void DesfirePrintAccessRight(uint8_t *data) { + PrintAndLogEx(SUCCESS, "read : %s", GetDesfireAccessRightStr((data[1] >> 4) & 0x0f)); // hi 2b + PrintAndLogEx(SUCCESS, "write : %s", GetDesfireAccessRightStr(data[1] & 0x0f)); + PrintAndLogEx(SUCCESS, "readwrite: %s", GetDesfireAccessRightStr((data[0] >> 4) & 0x0f)); // low 2b + PrintAndLogEx(SUCCESS, "change : %s", GetDesfireAccessRightStr(data[0] & 0x0f)); +} + +void DesfirePrintFileSettings(uint8_t *data, size_t len) { + if (len < 6) { + PrintAndLogEx(ERR, "Wrong file settings length: %d", len); + return; + } + + uint8_t filetype = data[0]; + PrintAndLogEx(INFO, "---- " _CYAN_("File settings") " ----"); + PrintAndLogEx(SUCCESS, "File type [0x%02x] : %s file", filetype, GetDesfireFileType(filetype)); + PrintAndLogEx(SUCCESS, "File comm mode : %s", GetDesfireCommunicationMode(data[1] & 0x03)); + bool addaccess = false; + if (filetype != 0x05) { + addaccess = ((data[1] & 0x80) != 0); + PrintAndLogEx(SUCCESS, "Additional access: %s", (addaccess) ? "Yes" : "No"); + } + PrintAndLogEx(SUCCESS, "Access rights : %02x%02x", data[2], data[3]); + DesfirePrintAccessRight(&data[2]); //2 bytes + + uint8_t reclen = 0; + switch (filetype) { + case 0x00: + case 0x01: { + int filesize = (data[6] << 16) + (data[5] << 8) + data[4]; + + PrintAndLogEx(INFO, "File size : %d (0x%X) bytes", filesize, filesize); + + reclen = 7; + break; + } + case 0x02: { + int lowerlimit = (data[7] << 24) + (data[6] << 16) + (data[5] << 8) + data[4]; + int upperlimit = (data[11] << 24) + (data[10] << 16) + (data[9] << 8) + data[8]; + int limitcredvalue = (data[15] << 24) + (data[14] << 16) + (data[13] << 8) + data[12]; + uint8_t limited_credit_enabled = data[16]; + + PrintAndLogEx(INFO, "Lower limit : %d (0x%X)", lowerlimit, lowerlimit); + PrintAndLogEx(INFO, "Upper limit : %d (0x%X)", upperlimit, upperlimit); + PrintAndLogEx(INFO, "Limited credit : [%d - %s] %d (0x%X)", limited_credit_enabled, (limited_credit_enabled == 1) ? "enabled" : "disabled", limitcredvalue, limitcredvalue); + + reclen = 17; + break; + } + case 0x03: + case 0x04: { + uint32_t recordsize = (data[6] << 16) + (data[5] << 8) + data[4]; + uint32_t maxrecords = (data[9] << 16) + (data[8] << 8) + data[7]; + uint32_t currentrecord = (data[12] << 16) + (data[11] << 8) + data[10]; + + PrintAndLogEx(INFO, "Record size : %d (0x%X) bytes", recordsize, recordsize); + PrintAndLogEx(INFO, "Max num records : %d (0x%X)", maxrecords, maxrecords); + PrintAndLogEx(INFO, "Curr num records : %d (0x%X)", currentrecord, currentrecord); + + reclen = 13; + break; + } + case 0x05: { + PrintAndLogEx(INFO, "Key type [0x%02x] : %s", data[4], GetDesfireKeyType(data[4])); + PrintAndLogEx(INFO, "Key version : %d (0x%X)", data[5], data[5]); + break; + } + default: { + break; + } + } + + if (addaccess && reclen > 0 && len > reclen && len == reclen + data[reclen] * 2) { + PrintAndLogEx(SUCCESS, "Add access records: %d", data[reclen]); + for (int i = 0; i < data[reclen] * 2; i += 2) { + PrintAndLogEx(SUCCESS, "Add access rights : [%d] %02x%02x", i / 2, data[reclen + 1 + i], data[reclen + 2 + i]); + DesfirePrintAccessRight(&data[reclen + 1 + i]); + } + } +} + +void DesfirePrintSetFileSettings(uint8_t *data, size_t len) { + PrintAndLogEx(INFO, "---- " _CYAN_("Set file settings") " ----"); + PrintAndLogEx(SUCCESS, "File comm mode : %s", GetDesfireCommunicationMode(data[0] & 0x03)); + + bool addaccess = ((data[0] & 0x80) != 0); + PrintAndLogEx(SUCCESS, "Additional access: %s", (addaccess) ? "Yes" : "No"); + + PrintAndLogEx(SUCCESS, "Access rights : %02x%02x", data[1], data[2]); + DesfirePrintAccessRight(&data[1]); //2 bytes + + if (addaccess && len > 3 && len == 4 + data[3] * 2) { + PrintAndLogEx(SUCCESS, "Add access records: %d", data[3]); + for (int i = 0; i < data[3] * 2; i += 2) { + PrintAndLogEx(SUCCESS, "Add access rights : [%d] %02x%02x", i / 2, data[4 + i], data[5 + i]); + DesfirePrintAccessRight(&data[4 + i]); + } + } +} + int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newkeynum, DesfireCryptoAlgorythm newkeytype, uint32_t newkeyver, uint8_t *newkey, DesfireCryptoAlgorythm oldkeytype, uint8_t *oldkey, bool verbose) { uint8_t okeybuf[DESFIRE_MAX_KEY_SIZE] = {0}; diff --git a/client/src/mifare/desfirecore.h b/client/src/mifare/desfirecore.h index 43b76dbd7..a7eb29120 100644 --- a/client/src/mifare/desfirecore.h +++ b/client/src/mifare/desfirecore.h @@ -24,6 +24,7 @@ extern const CLIParserOption DesfireKDFAlgoOpts[]; extern const CLIParserOption DesfireCommunicationModeOpts[]; extern const CLIParserOption DesfireCommandSetOpts[]; extern const CLIParserOption DesfireSecureChannelOpts[]; +extern const CLIParserOption DesfireFileAccessModeOpts[]; const char *DesfireGetErrorString(int res, uint16_t *sw); uint32_t DesfireAIDByteToUint(uint8_t *data); @@ -63,6 +64,12 @@ int DesfireSetConfiguration(DesfireContext *dctx, uint8_t paramid, uint8_t *para int DesfireGetFileIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen); int DesfireGetFileISOIDList(DesfireContext *dctx, uint8_t *resp, size_t *resplen); +int DesfireGetFileSettings(DesfireContext *dctx, uint8_t fileid, uint8_t *resp, size_t *resplen); +int DesfireChangeFileSettings(DesfireContext *dctx, uint8_t *data, size_t datalen); +const char *GetDesfireAccessRightStr(uint8_t right); +void DesfirePrintAccessRight(uint8_t *data); +void DesfirePrintFileSettings(uint8_t *data, size_t len); +void DesfirePrintSetFileSettings(uint8_t *data, size_t len); int DesfireCreateFile(DesfireContext *dctx, uint8_t *fdata, size_t fdatalen); int DesfireDeleteFile(DesfireContext *dctx, uint8_t fid); diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c index 3b9c1006e..f2d52a31c 100644 --- a/client/src/mifare/desfiresecurechan.c +++ b/client/src/mifare/desfiresecurechan.c @@ -52,6 +52,7 @@ AllowedChannelModesS AllowedChannelModes[] = { {MFDES_GET_UID, DACd40, DCCNative, DCMEncrypted}, {MFDES_CHANGE_KEY_SETTINGS, DACd40, DCCNative, DCMEncrypted}, + {MFDES_CHANGE_FILE_SETTINGS, DACd40, DCCNative, DCMEncrypted}, {MFDES_READ_DATA, DACd40, DCCNative, DCMEncrypted}, {MFDES_WRITE_DATA, DACd40, DCCNative, DCMEncrypted}, @@ -69,20 +70,30 @@ AllowedChannelModesS AllowedChannelModes[] = { {MFDES_FORMAT_PICC, DACEV1, DCCNative, DCMMACed}, {MFDES_GET_FILE_IDS, DACEV1, DCCNative, DCMMACed}, {MFDES_GET_ISOFILE_IDS, DACEV1, DCCNative, DCMMACed}, + {MFDES_GET_FILE_SETTINGS, DACEV1, DCCNative, DCMMACed}, {MFDES_GET_UID, DACEV1, DCCNative, DCMEncrypted}, {MFDES_CHANGE_KEY_SETTINGS, DACEV1, DCCNative, DCMEncrypted}, + {MFDES_CHANGE_FILE_SETTINGS, DACEV1, DCCNative, DCMEncrypted}, {MFDES_CHANGE_KEY, DACEV1, DCCNative, DCMEncryptedPlain}, {MFDES_CHANGE_KEY_EV2, DACEV1, DCCNative, DCMEncryptedPlain}, }; -static uint8_t DesfireGetCmdHeaderLen(uint8_t cmd) { - if (cmd == MFDES_CHANGE_KEY || cmd == MFDES_CHANGE_CONFIGURATION) - return 1; +#define CMD_HEADER_LEN_ALL 0xffff +CmdHeaderLengthsS CmdHeaderLengths[] = { + {MFDES_CREATE_APPLICATION, CMD_HEADER_LEN_ALL}, + {MFDES_DELETE_APPLICATION, CMD_HEADER_LEN_ALL}, + {MFDES_CHANGE_KEY, 1}, + {MFDES_CHANGE_KEY_EV2, 2}, + {MFDES_CHANGE_CONFIGURATION, 1}, + {MFDES_CHANGE_FILE_SETTINGS, 1}, +}; - if (cmd == MFDES_CHANGE_KEY_EV2) - return 2; +static uint8_t DesfireGetCmdHeaderLen(uint8_t cmd) { + for (int i = 0; i < ARRAY_LENGTH(CmdHeaderLengths); i++) + if (CmdHeaderLengths[i].cmd == cmd) + return CmdHeaderLengths[i].len; return 0; } @@ -160,19 +171,20 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint *dstdatalen = srcdatalen + DesfireGetMACLength(ctx); } } else if (ctx->commMode == DCMEncrypted) { - rlen = padded_data_length(srcdatalen + 4, desfire_get_key_block_length(ctx->keyType)); + rlen = padded_data_length(srcdatalen + 4 - hdrlen, desfire_get_key_block_length(ctx->keyType)); data[0] = cmd; memcpy(&data[1], srcdata, srcdatalen); desfire_crc32_append(data, srcdatalen + 1); - DesfireCryptoEncDec(ctx, true, &data[1], rlen, dstdata, true); + memcpy(dstdata, srcdata, hdrlen); + DesfireCryptoEncDec(ctx, true, &data[1 + hdrlen], rlen, &dstdata[hdrlen], true); - *dstdatalen = rlen; + *dstdatalen = hdrlen + rlen; } else if (ctx->commMode == DCMEncryptedPlain) { if (srcdatalen == 0 || srcdatalen <= hdrlen) return; - memcpy(&dstdata[0], srcdata, hdrlen); + memcpy(dstdata, srcdata, hdrlen); memcpy(data, &srcdata[hdrlen], srcdatalen); rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType)); DesfireCryptoEncDec(ctx, true, data, rlen, &dstdata[hdrlen], true); diff --git a/client/src/mifare/desfiresecurechan.h b/client/src/mifare/desfiresecurechan.h index aa056323a..235e3a41b 100644 --- a/client/src/mifare/desfiresecurechan.h +++ b/client/src/mifare/desfiresecurechan.h @@ -26,6 +26,11 @@ typedef struct { DesfireCommunicationMode commMode; } AllowedChannelModesS; +typedef struct { + uint8_t cmd; + uint32_t len; +} CmdHeaderLengthsS; + void DesfireSecureChannelEncode(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen); void DesfireSecureChannelDecode(DesfireContext *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen);