-
Notifications
You must be signed in to change notification settings - Fork 393
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Desfire adpu processing for real iso-8716 #313
Comments
…till need to handle emsec#313
Do you know what the prepended two bytes correspond to? How should this get preprocessed? |
these are 14443 I-blocks. (marked by the first 2 bytes) so select file (with a DF name) A0 00 00 03 97 43 49 44 5F 01 00 only name D2760000850100 (Desfire app) should answer found (0x90 0x00) , and select aid 000 the iso answer will need to be preceeded by the same 0A 01 prologue... |
Edited: Also, thank you for all the help these last couple of weeks! I am feeling really good about getting the pull request in today (by the end of my marathon weekend) to add complete reader support. All my previous testing was with wrapped and native commands with LibNFC... |
@lvandenb |
I thought most processing was already done via MifareDesfireProcess() but only wrapped desfire ( class starts with 0x90, or native Desfire is processed now. anyway, the first command determines Native or 8716 (including wrapped native) for the implementation I can make existing send and receive apdu's. |
I have had my head in the clouds since Thursday on like four hours of sleep working on mathematical writing style to eloquently describe the results in an analytic number theory paper I am responsible for this year. On top of that, it's snowing hard for the usually light hoodie as winter weather in Atlanta. Let me have another cup of coffee and come back to writing code in an hour. Perhaps we can aim to get this pull request started for the holiday (in the US) tomorrow? When I file the PR, I will make sure to note at the top that it is collaborative with @lvandenb and @colinoflynn. |
I found the |
@lvandenb @colinoflynn The |
it seems logframe 59 sends the answer, so 3 answers instead of 1 ? the full 14443a i-block frame should be 6 bytes, the answer with 2 leading bytes (I-Block), and 2 trailing crc bytes I'm still waiting for my Proxmark. this is sniffed from usb, so the 14443a-4 framing is handled by the reader. OUT : 00 a4 04 00 0b a0 00 00 03 97 43 49 44 5f 01 00 IN : 6a 82 OUT : 00 ca 7f 68 00 IN : 6d 00 OUT : 00 a4 04 00 09 a0 00 00 03 08 00 00 10 00 OUT : 00 a4 04 00 09 a0 00 00 03 97 42 54 46 59 remark: well known AID list in https://www.eftlab.com/knowledge-base/211-emv-aid-rid-pix/ |
Last night it still did not answer the iso file select correctly |
I just check the latest build
the iso file select answers twice , but both are incomplete
1: 6a 82 94 21 : missing prologue
2: 0a 01 6a 82 : so missing crc
maybe you can find this bug it faster
Op wo 19 jan. 2022 om 22:38 schreef Maxie D. Schmidt <
***@***.***>:
… @lvandenb <https://github.com/lvandenb>
Do you think the code is ready to file the pull request? It definitely
resolves #302 <#302>.
—
Reply to this email directly, view it on GitHub
<#313 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXQJ7V4XZSESFIIVKAQVWLUW4VNBANCNFSM5LXDYDTA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@lvandenb |
@maxie,
ok, almost.
but I really think the crc of this answer is calulated over 6A 82
I guess the answer should be 0A 01 6A 82 4D EF instead of 0A 01 6A 82 9F 21 ?
|
@lvandenb You were right. I computed the CRC bytes on just the data part of the buffer before prepending the prologue back to it prior to returning. This was actually a point of confusion for me initially. I thought that it might want a consistency check on just the data for application processing. At any rate, cheers! It appears to be working. 😺 |
Ok this is looking good. right now only but a real desfire ev1 card responds it seems to work, but sometimes it returns a NAK.
so maybe I'll wait for the proxmark now, to compare timings. |
@maxie |
@lvandenb Thanks again for all the help debugging and testing. |
resolved by #314 |
I'll try to give it a check this weekend - I may try to port my changes to that PR as well if I get change, but can at least check it didn't seem to break anything on the base code. Thanks! |
@colinoflynn @david-oswald |
Finally got some time, but I have an issue with the Makefile now $ make desfire |
@lvandenb [OBJCPY] : Extracting HEX file data from "Chameleon-Mini.elf"
avr-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature --set-section-flags=.flashdata="alloc,load" Chameleon-Mini.elf Chameleon-Mini.hex
[OBJCPY] : Extracting EEP file data from "Chameleon-Mini.elf"
avr-objcopy -O ihex -j .eeprom --set-section-flags=.eeprom="alloc,load" --change-section-lma .eeprom=0 --no-change-warnings Chameleon-Mini.elf Chameleon-Mini.eep || exit 0
[OBJCPY] : Extracting BIN file data from "Chameleon-Mini.elf"
avr-objcopy -O binary -R .eeprom -R .fuse -R .lock -R .signature --set-section-flags=.flashdata="alloc,load" Chameleon-Mini.elf Chameleon-Mini.bin
Chameleon-Mini.elf :
section size addr
.flashdata 0x10000 0x10000
.spmhelper 0x14 0x21fe0
.text 0xe65a 0x0
.data 0x162 0x802000
.bss 0xc6d 0x802162
.eeprom 0x64 0x810000
.comment 0x26 0x0
.note.gnu.avr.deviceinfo 0x40 0x0
.debug_aranges 0x160 0x0
.debug_info 0x29f1 0x0
.debug_abbrev 0x2708 0x0
.debug_line 0x71e 0x0
.debug_str 0x1b33 0x0
Total 0x269b1
text data bss dec hex filename
0xe65a 0x1c6 0xc6d 62605 f48d Chameleon-Mini.elf
AVR Memory Usage
----------------
Device: Unknown
Program: 59324 bytes
(.text + .data + .bootloader)
Data: 3535 bytes
(.data + .bss + .noinit)
EEPROM: 100 bytes
(.eeprom) The warning from the LUFA make script is normal. It has been printed for years. Looking at line
A quick fix is to use the binaries I just compiled for testing: current-build.zip Happy to follow up otherwise. |
I finally got around to trying this - I got the same
It doesn't look like the SHELL variable was used there and I got the expected size print. On to functional testing... |
I ran the test by just compiling with With this configuration, I see:
Trying to use
It looks like it's locking up on
Anyway the authentication code seems to be working per the instructions & that is great! And still useful for me to build on this for MFP. |
@colinoflynn |
Hi @maxieds - this seemed to get further, testing shows this result. It does still lock up (stops responding on
I'll see if I can get better debug output to show what is giving it problems. BTW I forgot you mentioned missing a proxmark at one point, if can help loan one if helpful let me know. The authentication side seems to work great, so still major improvements overall. Also the build worked OK now for me too from a clean checkout. |
…s in emsec#313 (success with \'hf mfdes info -- Still debugging auth exchanges)
@colinoflynn [usb] pm3 --> hf mfdes info
[=] ---------------------------------- Tag Information ----------------------------------
[+] UID: 08 61 44 FE B4 2B F9
[+] Batch number: 00 00 00 00 00
[+] Production date: week 00 / 2000
[=] --- Hardware Information
[=] raw: EC720000000000
[=] Vendor Id: no tag-info available
[=] Type: 0x72
[=] Subtype: 0x00
[=] Version: 0.0 ( DESFire MF3ICD40 )
[=] Storage size: 0x00 ( 1 bytes )
[=] Protocol: 0x00 ( Unknown )
[=] --- Software Information
[=] raw: 91C1ACC7000000
[=] Vendor Id: no tag-info available
[=] Type: 0xC1
[=] Subtype: 0xAC
[=] Version: 199.0
[=] Storage size: 0x00 ( 1 bytes )
[=] Protocol: 0x00 ( Unknown )
[=] --------------------------------- Card capabilities ---------------------------------
[#] Halt error
[#] Card didn't answer to CL1 select all I introduced a bug somewhere into the auth command: [usb] pm3 --> script run test-mfdes-auth.cmd
[+] executing Cmd test-mfdes-auth.cmd
[+] args ''
[usb|script] pm3 --> hf mfdes auth -n 0 -t 3tdea -k 000000000000000000000000000000000000000000000000 -v -c native -a
[=] Key num: 0 Key algo: 3tdea Key[24]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[=] Secure channel: n/a Command set: native Communication mode: plain
[+] Setting ISODEP -> inactive
[+] Setting ISODEP -> NFC-A
[=] AID 000000 is selected
[=] Auth: cmd: 0x1a keynum: 0x00
[+] raw>> 1A 00
[+] raw<< AF EE 91 30 1E E8 F5 84 D6 C7 85 1D 05 65 13 90 A6 C6 D5
[#] encRndB: EE 91 30 1E E8 F5 84 D6
[#] RndB: CA FE BA BE 00 11 22 33
[#] rotRndB: FE BA BE 00 11 22 33 CA FE BA BE 00 11 22 33 CA
[#] Both : 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 FE BA BE 00 11 22 33 CA FE BA BE 00 11 22 33 CA
[+] raw>> AF 30 EB 55 F3 29 39 04 96 77 88 CE EF 33 A3 C8 7B 18 66 1A F1 62 78 A0 28 53 84 67 98 7C BB DB 03
[+] raw<< 7E 4B 16
[!!] 🚨 Command (af) ERROR: 0x7e
[#] error DESFIRESendRaw Length of command string invalid
[!!] 🚨 Desfire authenticate error. Result: [7] Sending auth command failed
[+] Setting ISODEP -> inactive
[-] ⛔ Select or authentication AID 000000 failed. Result [7] Sending auth command failed
[usb|script] pm3 --> script run ./debug.cmd
[+] executing Cmd ./debug.cmd
[+] args ''
[usb|script] pm3 --> hw dbg -4
[usb|script] pm3 --> prefs set clientdebug --full
[=] client debug........... full
[usb|script] pm3 --> data setdebugmode -2
[=] client debug level... 2 ( verbose debug messages )
[usb|script] pm3 --> hf mfdes auth -n 0 -t 3tdea -k 000000000000000000000000000000000000000000000000 -v -c native -a
[=] Key num: 0 Key algo: 3tdea Key[24]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[=] Secure channel: n/a Command set: native Communication mode: plain
[+] Setting ISODEP -> inactive
[#] Debug log level......... 4 ( extended )
[#] Card didn't answer to select
[!!] 🚨 Desfire AID select error.
[+] Setting ISODEP -> inactive
[-] ⛔ Select or authentication AID 000000 failed. Result [202] Can't select application by ISO ID. I should have some more time to finish up and get the auth command working tonight or tomorrow :) Anything else I have missed in all of the excellent feedback you gave above? |
@colinoflynn [usb] pm3 --> script run debug.cmd
[+] executing Cmd debug.cmd
[+] args ''
[usb|script] pm3 --> hw dbg -4
[usb|script] pm3 --> prefs set clientdebug --full
[=] client debug........... full
[usb|script] pm3 --> data setdebugmode -2
[=] client debug level... 2 ( verbose debug messages )
[#] Debug log level......... 4 ( extended )
[usb] pm3 --> hf mfdes info
[#] pcb_blocknum 0 == 2
[#] [WCMD <--: : 08/08] 02 90 60 00 00 00 14 98
[#] pcb_blocknum 1 == 3
[#] [WCMD <--: : 08/08] 03 90 af 00 00 00 1f 15
[#] pcb_blocknum 0 == 2
[#] [WCMD <--: : 08/08] 02 90 af 00 00 00 34 11
[=] ---------------------------------- Tag Information ----------------------------------
[+] UID: 08 4F 8A 44 7D AE 83
[+] Batch number: AE 83 CE E4 A5
[+] Production date: week db / 20f1
[=] --- Hardware Information
[=] raw: 04010100011805
[=] Vendor Id: NXP Semiconductors Germany
[=] Type: 0x01
[=] Subtype: 0x01
[=] Version: 0.1 ( DESFire MF3ICD40 )
[=] Storage size: 0x18 ( 4096 bytes )
[=] Protocol: 0x05 ( ISO 14443-2, 14443-3 )
[=] --- Software Information
[=] raw: 90AF0401010001
[=] Vendor Id: no tag-info available
[=] Type: 0xAF
[=] Subtype: 0x04
[=] Version: 1.1
[=] Storage size: 0x00 ( 1 bytes )
[=] Protocol: 0x01 ( Unknown )
[=] --------------------------------- Card capabilities ---------------------------------
[#] switch_off
[usb] pm3 --> hf mfdes auth -n 0 -t 3tdea -k 000000000000000000000000000000000000000000000000 -v -c native -a
[=] Key num: 0 Key algo: 3tdea Key[24]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[=] Secure channel: n/a Command set: native Communication mode: plain
[+] Setting ISODEP -> inactive
[+] Setting ISODEP -> NFC-A
[=] AID 000000 is selected
[=] Auth: cmd: 0x1a keynum: 0x00
[+] raw>> 1A 00
[+] raw<< AF EE 91 30 1E E8 F5 84 D6 C7 85 1D 05 65 13 90 A6 C6 D5
[#] encRndB: EE 91 30 1E E8 F5 84 D6
[#] RndB: CA FE BA BE 00 11 22 33
[#] rotRndB: FE BA BE 00 11 22 33 CA FE BA BE 00 11 22 33 CA
[#] Both : 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 FE BA BE 00 11 22 33 CA FE BA BE 00 11 22 33 CA
[+] raw>> AF 30 EB 55 F3 29 39 04 96 77 88 CE EF 33 A3 C8 7B 18 66 1A F1 62 78 A0 28 53 84 67 98 7C BB DB 03
[+] raw<< 00 9B 71 57 8F FB DF 80 A8 F6 EF 33 4A C6 CD F9 7A 7D BE
[=] Session key : 01 02 03 04 CA FE BA BE 07 08 09 10 22 33 CA FE 13 14 15 16 00 11 22 33
[=] Desfire authenticated
[+] PICC selected and authenticated succesfully
[+] Context:
[=] Key num: 0 Key algo: 3tdea Key[24]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[=] Secure channel: ev1 Command set: native Communication mode: plain
[=] Session key [24]: 01 02 03 04 CA FE BA BE 07 08 09 10 22 33 CA FE 13 14 15 16 00 11 22 33
[=] IV [8]: 00 00 00 00 00 00 00 00
[+] Setting ISODEP -> inactive |
With both
There's no line number so not sure (it looks like maybe from an included makefile?), do you know offhand where things were tweaked? I'm building it on Ubuntu (using WSL). |
@colinoflynn BTW, thanks for the proxmark offer. My advisor gave me some money from her grant this Spring to buy one :) |
Got it! Will test those binaries - the output now fixes the basename problem, but I still get:
How are you building that doesn't trigger the errors? |
@colinoflynn |
Nevermind. It should work now. It looks like |
… compat changes: Attempt to fix this problem (PM3 command support verified as still working) -- Cf. emsec#313
The @colinoflynn @lvandenb What response should it actuay be sending back? This happens after the anticollision loop and RATS are satisfied. My start to fixing this issue is found here -- all commented out again after failed tests of the code. |
Here are current binary builds: latest-desfire-build.zip |
I'm travelling for some events - I did throw PM3/CM in my bag in case I've got time, but it's likely I'll be away from this for a couple weeks, will update if I get a chance to try. Unfortunately no other reader with me so on the final problem I can take a look once I've back to office. |
If anyone else wants to help out with testing PR #319, it would be nice to add some example DESFire configuration dumps generated with non-default interactions with the Chameleon. Also, posting this request as a follow up on the PR thread. |
@david-oswald @fptrs |
Thanks for more updates! I'll still try and test them, my trip got messed up due to COVID/travel complications so I still didn't get around to it... but if I find any problems will work through them on new issue. |
commit 9fbb7fb Author: Fabian <[email protected]> Date: Wed Sep 21 11:06:58 2022 +0200 fix emsec#325 * remove MemoryClear from ConfigurationSetById commit 62e2f71 Merge: f5c1347 d5d36fe Author: fptrs <[email protected]> Date: Mon Aug 15 10:45:10 2022 +0200 Merge pull request emsec#323 from maxieds/ExternalUSBReadersCompat DESfire emulation support: Updated support for PM3 and better compatibility with external USB readers commit d5d36fe Author: Maxie D. Schmidt <[email protected]> Date: Wed Aug 3 18:03:28 2022 -0500 Update BuilingFirmwareBinariesFromSource.md commit 46a3cc8 Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jul 26 01:40:27 2022 -0400 Small changes to the NAK/ACK return size (4 bits versus 1 byte) commit eb0d5fd Author: Maxie D. Schmidt <[email protected]> Date: Tue Jul 26 00:02:15 2022 -0400 Update DESFireSupportReadme.md commit 3a91394 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Jul 25 20:39:50 2022 -0400 One more small change to resetting the ATQA value automatically depending on whether the UID is known to be randomly generated commit 2257c42 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Jul 25 20:31:29 2022 -0400 Cleaning up modifications used to test the development code commit cddb9bd Author: Maxie D. Schmidt <[email protected]> Date: Mon Jul 25 19:41:50 2022 -0400 Update DESFireSupportReadme.md commit 63e74f9 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Jul 25 19:42:29 2022 -0400 Changes to ISO14443A-4 handlers confirmed to work with the ACS ACR-122U external USB reader ; Updated docs and source code commit 32277f0 Author: Maxie D. Schmidt <[email protected]> Date: Mon Jul 25 19:15:46 2022 -0400 Update DESFireSupportReadme.md commit f9e9018 Author: Maxie D. Schmidt <[email protected]> Date: Mon Jul 25 18:42:50 2022 -0400 Update DESFireSupportReadme.md commit 8fe0e66 Author: Maxie D. Schmidt <[email protected]> Date: Mon Jul 25 18:40:06 2022 -0400 Update DESFireSupportReadme.md commit 15be871 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Jul 23 00:16:22 2022 -0400 Restore point for changes to the CL1/CL2 exchanges in the anticollision for DF ISO14443A-4 support commit 2a42b31 Author: Maxie D. Schmidt <[email protected]> Date: Sat Jul 23 00:12:24 2022 -0400 Update DESFireSupportReadme.md commit f5c1347 Author: Fabian <[email protected]> Date: Wed Jul 20 13:42:28 2022 +0200 fix github action name commit 78a108b Author: Fabian <[email protected]> Date: Wed Jul 20 13:32:06 2022 +0200 change automated builds * make all builds all ISO14443A configs * all ISO15693 configs are automatically build with make iso15693 commit 66c2e8b Merge: 3c01a6c aa20be6 Author: fptrs <[email protected]> Date: Wed Jul 20 13:08:23 2022 +0200 Merge pull request emsec#322 from maxieds/DESFireNFCExternalUSBReaderPatches-LibNFCTestCode DESFire emulation support: Bug fixes, improvements and updated LibNFC test code commit aa20be6 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jul 20 06:14:27 2022 -0400 Current firmware builds tested with PM3 and LibNFC test code ; Still takes too long to verify the file mgmt and data manip programs commit ffb6683 Author: Maxie D. Schmidt <[email protected]> Date: Wed Jul 20 05:59:02 2022 -0400 Update DESFireSupportReadme.md commit b79d964 Author: Maxie D. Schmidt <[email protected]> Date: Wed Jul 20 03:25:21 2022 -0400 Update DESFireSupportReadme.md commit 5cd6773 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jul 20 03:00:17 2022 -0400 Restore point for many incremental updates, bug fixes and documentation changes commit 126189a Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jul 19 22:00:24 2022 -0400 Verified ISODES and legacy DES auth schemes work ; AES-128 auth support is verified with the PM3 commit a050d04 Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jul 19 20:54:09 2022 -0400 Multiple code cleanup changes to TransferState -- Enc of transfers is handled by the APDU pre/post process functions -- Restore point for previous functionality commit 871451a Author: Maxie D. Schmidt <[email protected]> Date: Tue Jul 19 19:14:45 2022 -0400 Update DESFireSupportReadme.md commit 512eff3 Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jul 19 18:53:18 2022 -0400 Fixing PM3 AES-128 authentication bug commit 3d86fe4 Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jul 19 17:46:08 2022 -0400 Updating TDEA (x3) crypto code to handle uneven buffer sizes ; Changes to DESFire auth instructions reinit / (in)validate state logic commit 5c894b8 Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jul 19 15:24:27 2022 -0400 Updating the AES128 enc/dec code to support ECB mode (default) and handle uneven buffer sizes that are not a multiple of 16 commit ccdc36e Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jul 17 16:54:43 2022 -0400 Removed old AES128 support with AVR libs in place of openssl/EVP ; Bug fix for ISODES auth in the firmware to keep session IV state with multiple auths commit 3078e7f Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jul 17 14:23:02 2022 -0400 Stashing working LibNFC test code -- ISO auth is working commit e7790dc Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jul 17 06:56:28 2022 -0400 Updates to LibNFC test code (ISO auth works) ; Untested changes to fw source to support recall of header data from EEPROM on power cycle (need to test) ; Other misc minor modifications to stash as a restore point commit 1c2cf3a Author: Maxie D. Schmidt <[email protected]> Date: Sun Jul 17 02:09:53 2022 -0400 Update DESFireSupportReadme.md commit 306865e Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jul 17 01:55:21 2022 -0400 New DF_ENCMODE command to set ECB/CBC crypto modes ; Incremental changes to LibNFC test code ; Incomplete docs to edit elsewhere commit 3a89c4b Author: Maxie D. Schmidt <[email protected]> Date: Sat Jul 16 20:57:25 2022 -0400 Update BuilingFirmwareBinariesFromSource.md commit 197b958 Author: Maxie D. Schmidt <[email protected]> Date: Sat Jul 16 20:55:20 2022 -0400 Update and rename BuilingFromSource.md to BuilingFirmwareBinariesFromSource.md commit 5de0aae Author: Maxie D. Schmidt <[email protected]> Date: Sat Jul 16 20:54:59 2022 -0400 New misc-tags target to BuildScripts/custom_build_targets.mk commit e07823e Author: Maxie Dion Schmidt <[email protected]> Date: Sat Jul 16 20:39:06 2022 -0400 Stashing in progress changes to the DESFire LibNFC test code ; Adding incomplete documentation for custom build targets commit 3d19776 Author: Maxie D. Schmidt <[email protected]> Date: Sat Jul 16 20:27:39 2022 -0400 Update DESFireSupportReadme.md commit 4cfea3d Author: Maxie Dion Schmidt <[email protected]> Date: Fri Jul 15 19:10:30 2022 -0400 Saving work on the LibNFC testing code for DESFire builds commit d297a0e Author: Maxie Dion Schmidt <[email protected]> Date: Fri Jul 15 11:04:24 2022 -0400 Restoring full log buffer space to the default (non dev) desfire target commit bfac980 Author: Maxie Dion Schmidt <[email protected]> Date: Fri Jul 15 10:20:39 2022 -0400 Testing code updates with the PM3 -- a few small changes commit 53de26e Author: Maxie Dion Schmidt <[email protected]> Date: Fri Jul 15 08:50:10 2022 -0400 Tidying up code, build script fixes for no bc command, preliminary attempts to get CONFIG=MF_DESFIRE compatibility with extrernal USB readers using 'pcsc_spy -v' commit 3c01a6c Author: fptrs <[email protected]> Date: Fri Jul 8 13:09:53 2022 +0200 Update firmware-desfire-push.yml commit bc333f9 Merge: 99dceff 37be68d Author: fptrs <[email protected]> Date: Fri Jul 8 12:24:22 2022 +0200 Merge pull request emsec#319 from maxieds/DESFire-AuthISO-Patch DESFire emulation support: Bug, stability and reliability fixes and PM3 compatible ISO authentication commit 37be68d Merge: bc8057b 05eeda6 Author: Maxie Dion Schmidt <[email protected]> Date: Fri Jul 1 08:44:33 2022 -0400 Merge branch 'DESFire-AuthISO-Patch' of https://github.com/maxieds/ChameleonMini into DESFire-AuthISO-Patch commit bc8057b Author: Maxie Dion Schmidt <[email protected]> Date: Fri Jul 1 08:44:21 2022 -0400 Several fixes to responsiveness and frozen behavior noted in PR emsec#319 commit 93e77a2 Author: Maxie Dion Schmidt <[email protected]> Date: Thu Jun 30 22:42:22 2022 -0400 Stashing changes to DESFire code -- No PSTR wrappers on command names as this doesn't change the ELF application size commit 807d4ac Author: Maxie Dion Schmidt <[email protected]> Date: Thu Jun 30 22:24:07 2022 -0400 Stashing DESFire updates before tinkering with saving space with PSTR wrappers around the terminal command names commit 05eeda6 Author: fptrs <[email protected]> Date: Wed Jun 29 13:12:55 2022 +0200 Update Log.py change DESFire Generic Error decoder commit 99dceff Author: fptrs <[email protected]> Date: Wed Jun 29 11:50:28 2022 +0200 Update ISO15693-A.c add missing VICINITY support statement commit cda26ee Merge: c3e1dab b6f4094 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 29 05:44:30 2022 -0400 Merge branch 'DESFire-AuthISO-Patch' of https://github.com/maxieds/ChameleonMini into DESFire-AuthISO-Patch commit c3e1dab Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 29 05:44:22 2022 -0400 Updating the FLASH_DATA_ADDR value to the correct value for 6 slots (versus standard 8) commit b6f4094 Author: fptrs <[email protected]> Date: Wed Jun 29 11:36:35 2022 +0200 add missing sources for ISO15693_SNIFF commit 3d2a8a6 Author: fptrs <[email protected]> Date: Wed Jun 29 11:24:39 2022 +0200 add missing EM4233 statement commit 40da00a Author: fptrs <[email protected]> Date: Wed Jun 29 11:12:29 2022 +0200 fix typos commit 688b494 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 29 04:50:39 2022 -0400 More typ corrections and build script bug fixes annotated in emsec#319 commit 7f37bfb Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jun 28 11:59:03 2022 -0400 Updating source after the feedback from @fptrs in PR emsec#319 commit b378b4e Author: Maxie D. Schmidt <[email protected]> Date: Wed Jun 22 21:00:18 2022 -0400 Delete DESFire_example.contents This image is out of date -- Created using much older firmware sources. It eventually would be nice to replace it with a better dump using PR emsec#319 sources (or more recent). commit 3806bcf Author: Maxie D. Schmidt <[email protected]> Date: Wed Jun 22 21:00:08 2022 -0400 Delete DESFire_example.dmp This image is out of date -- Created using much older firmware sources. It eventually would be nice to replace it with a better dump using PR emsec#319 sources (or more recent). commit d29f087 Merge: 149599e 0291b9b Author: Maxie D. Schmidt <[email protected]> Date: Thu Jun 16 20:17:00 2022 -0400 Merge branch 'master' into DESFire-AuthISO-Patch commit 149599e Author: Maxie D. Schmidt <[email protected]> Date: Thu Jun 16 02:32:57 2022 -0400 Cleaning up some old commented out macro definitions commit bbc489e Author: Maxie D. Schmidt <[email protected]> Date: Thu Jun 16 02:31:32 2022 -0400 Typo corrected commit 39de8cc Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 15 18:54:58 2022 -0400 ACR122U USB/PCSC reader stopped being responsive after all of the PM3 compat changes: Attempt to fix this problem (PM3 command support verified as still working) -- Cf. emsec#313 commit 1ce7b55 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 15 12:20:25 2022 -0400 Fixing the terminal (echo) printing on MacOS following the last commit for Linux users commit 68a12e6 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 15 11:42:43 2022 -0400 Fixing Linux build errors noticed by @colinoflynn in \emsec#313 commit 7b4cdd8 Author: Maxie Dion Schmidt <[email protected]> Date: Tue Jun 7 21:56:24 2022 -0400 Fixing some make build script bugs commit 024c699 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Jun 4 16:13:01 2022 -0400 Finalizing the fixes to emsec#313 to verify PM3 support commit f9c1dab Author: Maxie Dion Schmidt <[email protected]> Date: Thu Jun 2 00:40:53 2022 -0400 Updates to make/build scripts ; Partial fixes to @colinoflynn\'s notes in emsec#313 (success with \'hf mfdes info -- Still debugging auth exchanges) commit 8e77d78 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 1 09:04:53 2022 -0400 More refinements and efforts to make build output cleaner to read commit 8a823c8 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Jun 1 00:39:24 2022 -0400 A few improvements to Makefile and build scripts (cf. previous issue emsec#283) commit 8e25538 Author: Maxie Dion Schmidt <[email protected]> Date: Fri May 13 08:27:42 2022 -0400 Attempt to fix bug with `pm3 --> hf mfdes info` reported in emsec#313 commit 83ce182 Author: Maxie Dion Schmidt <[email protected]> Date: Wed May 11 00:43:28 2022 -0400 Fix Makefile bugs noticed in emsec#313 commit 4536789 Author: Maxie Dion Schmidt <[email protected]> Date: Fri Apr 22 13:43:40 2022 -0400 Incorporating bug fixes by @colinoflynn at https://github.com/colinoflynn/ChameleonMini/commits/desfire-fixes (see message in emsec#313) commit 19e0d1c Author: Maxie Dion Schmidt <[email protected]> Date: Wed Mar 30 12:46:06 2022 -0400 Stashing LibNFC external USB reader test code online to test on Linux (builds on MacOS) commit f4faaa7 Author: Maxie Dion Schmidt <[email protected]> Date: Wed Mar 30 10:00:26 2022 -0400 Working ISO authentication on the PM3 : cf. emsec#313 commit 45a6c3f Author: Maxie Dion Schmidt <[email protected]> Date: Tue Mar 29 23:30:46 2022 -0400 Stashing more working code to test PM3 compatibility (ISO/EV1 auth) commit 7ecf3cb Author: Maxie Dion Schmidt <[email protected]> Date: Sat Mar 26 18:25:54 2022 -0400 Stuck on debugging issue with PM3 -- Posted to discord -- awaiting fix before this can get fixed commit fecf5cb Author: Maxie Dion Schmidt <[email protected]> Date: Sat Mar 26 10:44:07 2022 -0400 More progress towards PM3 compatible auth II commit b873261 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Mar 26 10:23:55 2022 -0400 More progress towards PM3 compatible auth commit bccf579 Author: Maxie Dion Schmidt <[email protected]> Date: Tue Mar 22 06:36:24 2022 -0400 Proposed PM3 ISO auth compliant fwmod -- pending testing commit 1be7688 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Mar 21 21:05:16 2022 -0400 Adding more complete support for PM3 ISO auth (stashing incremental changes as reference point -- II) commit bb7d46f Author: Maxie Dion Schmidt <[email protected]> Date: Mon Mar 21 18:34:11 2022 -0400 Adding more complete support for PM3 ISO auth (stashing incremental changes as reference point) commit 0291b9b Author: Fabian <[email protected]> Date: Thu Mar 17 12:04:40 2022 +0100 update Doxygen commit aafc5ab Author: Maxie Dion Schmidt <[email protected]> Date: Wed Mar 16 03:03:03 2022 -0400 Stashing more incremental updates to the code to get/verify PM3 compatibility commit 64d1fff Author: Maxie Dion Schmidt <[email protected]> Date: Tue Mar 15 17:48:29 2022 -0400 Stashing incremental changes from Arch for compilation on Mac commit 371eaca Merge: 94aeb3c 14537ac Author: fptrs <[email protected]> Date: Tue Mar 1 15:31:32 2022 +0100 Merge pull request emsec#318 from cacke-r/master AUTOCALIBRATE command for Sniff-ISO15693 application commit 14537ac Merge: a212bbb c47974e Author: cacke-r <[email protected]> Date: Thu Feb 24 15:40:22 2022 +0100 Merge pull request #2 from cacke-r/fix_autothreshold Sniff15693: Autocalibrate: Detect error case commit c47974e Author: cacke-r <[email protected]> Date: Wed Feb 23 21:03:17 2022 +0100 Sniff15693: Autocalibrate: Detect error case Detect the case, that we never receive a valid card frame. Restore original/recent threshold in this case. Signed-off-by: cacke-r <[email protected]> commit a212bbb Author: cacke-r <[email protected]> Date: Tue Feb 15 20:56:36 2022 +0100 Chamtool: Add Autothreshold command Signed-off-by: cacke-r <[email protected]> commit c686040 Author: cacke-r <[email protected]> Date: Tue Feb 15 20:15:15 2022 +0100 Commands: Autocalibrate: Dont execute if ISO15693 codec uses autothreshold Signed-off-by: cacke-r <[email protected]> commit b8fec22 Author: cacke-r <[email protected]> Date: Mon Feb 14 21:01:46 2022 +0100 Terminal: Add commands to control Sniff15693 autothreshold feature Signed-off-by: cacke-r <[email protected]> commit b04351b Author: cacke-r <[email protected]> Date: Wed Feb 9 21:46:30 2022 +0100 Sniff15693: Add CRC Check on received data Signed-off-by: cacke-r <[email protected]> commit ad16434 Author: cacke-r <[email protected]> Date: Tue Feb 15 20:07:25 2022 +0100 Sniff15693: Implementation of Autocalibration command Signed-off-by: cacke-r <[email protected]> commit 821de78 Author: cacke-r <[email protected]> Date: Tue Feb 15 20:00:22 2022 +0100 SniffISO15693: Add functions to codec to enable autocalibration Signed-off-by: cacke-r <[email protected]> commit 97d7ad8 Author: cacke-r <[email protected]> Date: Sun Jan 30 21:21:39 2022 +0100 Hook Sniff15693 App to the AutoCalibration command Signed-off-by: cacke-r <[email protected]> commit 5f8d0ec Author: cacke-r <[email protected]> Date: Sun Jan 30 21:20:38 2022 +0100 Add Autocalibrate command to chamtool Signed-off-by: cacke-r <[email protected]> commit 8f5053f Author: Maxie Dion Schmidt <[email protected]> Date: Mon Feb 14 12:54:05 2022 -0500 *Should* finally be working now -- Problem was that the SETTINGS memory remapped the FLASH memory space used by avr-gcc\'s __flash to a custom .flashdata section after the LUFA build by a second call to avr-objcopy -- Clever way to maximize slot space, but the previous code was not aware of that causing apparently quasi-non-deterministic behavior with some readers -- Cf. emsec#313 and emsec#315 commit 2d54740 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Feb 14 12:32:10 2022 -0500 Separate section to store in flash not working -- Beginning new approach to put reduced size massive structure into plain old data mem commit 138a174 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Feb 14 08:19:23 2022 -0500 Swapping out previous __flash settings for commands lookup table into last half of LOG_FRAM (code and Makefile defines -- may still need to extract this new section using avr-objcopy -- pending testing) commit ac265b4 Author: Maxie Dion Schmidt <[email protected]> Date: Sun Feb 13 03:54:01 2022 -0500 Out of hell ... Everything seems to be working again with the MEMORY_LIMITED_TESTING define set in the Makefile :) commit 65766e1 Author: Maxie Dion Schmidt <[email protected]> Date: Sun Feb 13 02:41:53 2022 -0500 Incremental backup -- Auth schemes should be working -- New CommMode checksum functions DO NOT fit into text/data (yet) commit bf1eadc Author: Maxie Dion Schmidt <[email protected]> Date: Sun Feb 13 00:29:24 2022 -0500 Making a sane backup point while prfusely debugging commit a24fbe8 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 21:47:54 2022 -0500 Preliminary (partial) support for more CommModes -- This is going to need substantial testing -- III commit 74f216f Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 19:15:57 2022 -0500 Preliminary (partial) support for more CommModes -- This is going to need substantial testing -- II commit e9437a6 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 18:52:10 2022 -0500 Preliminary (partial) support for more CommModes -- This is going to need substantial testing commit e9ce4ac Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 14:43:01 2022 -0500 Untested CMAC implementation for CommMode=FULL exchanges (Enciphered+CMAC'ed data) commit de798fb Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 10:59:20 2022 -0500 Adding in preliminary AES transfer functions -- Trying to save space for more where it can be pruned -- III -- cf. emsec#313 commit a0cb74c Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 10:20:10 2022 -0500 Adding in preliminary AES transfer functions -- Trying to save space for more where it can be pruned -- II commit 583bb93 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 10:07:37 2022 -0500 Adding in preliminary AES transfer functions -- Trying to save space for more where it can be pruned commit 3974786 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 08:47:04 2022 -0500 Finding other places to squeeze space for the DESFire config (Log and terminal buffers stored on the stack -- adding buffer full messages for INFO) commit a4672ff Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 08:34:27 2022 -0500 Finding other places to squeeze space for the DESFire config (Log and terminal buffers stored on the stack) commit 9ee3236 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 08:02:54 2022 -0500 Addressing the ACK/NAK keep-alive exchanges from some NXP readers noted by \@lvandenb in emsec#313 commit b6be1b8 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 05:32:37 2022 -0500 Space saving defines to remove currently unused crypto exchange functionality (will revisit when get to this subproject) commit 20a6960 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 04:41:40 2022 -0500 Fixing legacy auth algorithm from 3K3DES -> 2K3DES (cf. emsec#313) commit 1644a9e Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 00:40:13 2022 -0500 Making sure the auth AES and auth ISO handlers keep the chain of prior legacy auths intact commit bcf68d0 Author: Maxie Dion Schmidt <[email protected]> Date: Sat Feb 12 00:27:24 2022 -0500 Last minute modifications to DES/3DES enc/dec routines for data that is not a multiple of the resp. block size commit e15f8c7 Author: Maxie Dion Schmidt <[email protected]> Date: Fri Feb 11 22:51:37 2022 -0500 Fixing bug where we must first auth with the legacy command mentioned in emsec#313 commit e22b286 Author: Maxie Dion Schmidt <[email protected]> Date: Fri Feb 11 17:43:41 2022 -0500 Removing default testing nonce B from auth commands ; Running make style commit ba3c736 Author: Maxie Dion Schmidt <[email protected]> Date: Fri Feb 11 17:42:20 2022 -0500 Bug fixes to observations in emsec#313 commit a02f214 Author: Maxie Dion Schmidt <[email protected]> Date: Fri Feb 4 22:17:00 2022 -0500 Working AES128 auth and ISO auth ; Still need to debug the legacy auth commit b451e12 Author: Maxie Dion Schmidt <[email protected]> Date: Thu Feb 3 06:52:33 2022 -0500 Working AES128 auth ; Nearly working ISO auth (still debugging) -- Stashing copy for reference commit 7176259 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Jan 31 12:54:23 2022 -0500 Stashing incremental testing release code commit ca0afad Author: Maxie Dion Schmidt <[email protected]> Date: Mon Jan 31 10:54:37 2022 -0500 Adding support for non-wrapped native commands (I believe) commit 281d3c7 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Jan 31 01:23:50 2022 -0500 AuthLegacy(0x0A) works using 3DES enc/dec modes -- Makefile no testing -- For emsec#313 commit 195e600 Author: Maxie Dion Schmidt <[email protected]> Date: Mon Jan 31 01:22:07 2022 -0500 AuthLegacy(0x0A) works using 3DES enc/dec modes commit 6ee1958 Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jan 30 23:03:07 2022 -0500 AuthISO(0x1A) works tentatively (a little slowly) with the LibNFC test code commit d20cac4 Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jan 30 15:45:27 2022 -0500 More testing (still doesn't make it through round2 on the Chameleon) commit 1e542ec Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jan 30 14:53:16 2022 -0500 Re-implementing the 3DES crypto with CBC commit fba0ee3 Author: Maxie Dion Schmidt <[email protected]> Date: Sun Jan 30 12:34:25 2022 -0500 Debugging ISO authenticate command (0x1a)
module MifareDesfireProcess
will not work for real iso - 8716 apdu like
right now, it is only testing "wrapped desfire" or "native". and it fails or the first command...
in this case buffer[2] == 0x04, and some iso-8716 do not have a LE field ...
And it seems simple to do
if Buffer[0]==0x90 then wrapped for sure, else if Buffer[0]<0x0a then most likely 8716 else most likely Desfire Native.
for native check the first byte as a valid command, otherwise the second..
most of the time, communication starts with file select , like "select the desfire app" (this is optional but recommended)
00 A4 04 00 07 D2 76 00 00 85 01 00
on windows, it will always try 00 a4 04 00 0b a0 00 00 03 97 43 49 44 5f 01 00 9e 32, first, if smartcard services are enabled.
( so windows users using the pc/sc api, will always fail trying native desfire when the smartcard service is active)
for the global communication there should be a flag, like "protocolFraming" = unknown / native / 8716
after the card becomes "state active" , the first command determines the protocol framing. until reset..
The text was updated successfully, but these errors were encountered: