Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-04-24 03:29:57 -07:00
Code Issues Packages Projects Releases Wiki Activity

MRTD proper parse DO87 multi byte length

Browse Source
This commit is contained in:
Chris van Marle
2022-10-11 22:13:39 +02:00
parent d3d9b67544
commit 0ab7d91fb4
2 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/nfc/protocols/mrtd_helpers.c
View File

@@ -1,4 +1,5 @@
#include "mrtd_helpers.h"
#include "../helpers/iso7816.h"
#include <stdio.h> //TODO: remove
#include <stdlib.h>
@@ -185,15 +186,25 @@ uint16_t mrtd_bac_decrypt_verify_sm(const uint8_t* data, size_t data_length, uin
uint16_t ret_code = data[data_length - 10 - 2] <<8 | data[data_length - 10 - 1];
//ntohs(data + data_length - 10 - 2);
if(data[0] == 0x87) {
TlvInfo do87 = iso7816_tlv_select(data, data_length, (uint16_t[]){0x87}, 1);
//printf("DO87.Tag: %X\n", do87.tag);
//printf("DO87.Length: %ld\n", do87.length);
//printf("DO87.Value: ");
//for(uint8_t i=1; i<do87.length; ++i) { printf("%02X ", do87.value[i]); }
//printf("\r\n");
if(do87.tag) {
if(output_written != NULL && output != NULL) {
uint8_t do87_length = data[1] - 1;
mrtd_bac_decrypt(data + 3, do87_length, key_enc, output);
printf("Decrypted: "); for(uint8_t i=0; i<do87_length; ++i) printf("%02X ", output[i]); printf("\r\n");
// Skip the first byte '01'
const uint8_t* encdata = do87.value + 1;
size_t enclength = do87.length - 1;
mrtd_bac_decrypt(encdata, enclength, key_enc, output);
printf("Decrypted: "); for(uint8_t i=0; i<enclength; ++i) printf("%02X ", output[i]); printf("\r\n");
//TODO: function mrtd_bac_unpad?
int padidx;
for(padidx=do87_length-1; padidx>=0; --padidx) {
for(padidx=enclength-1; padidx>=0; --padidx) {
if(output[padidx] == 0x00) {
continue;
} else if(output[padidx] == 0x80) {

12
test_mrtd_helpers.c
View File

@@ -467,9 +467,9 @@ int main(int argc, char** argv) {
uint8_t buffer[32]; // RND.IC || RND.IFD || KIC
//TODO: set challenge rx
mrtd_bac_decrypt_verify((uint8_t*)"\x11\x0e\x51\x83\xbe\x78\x94\xcf\x43\x40\x8e\xea\xfe\x99\x54\xbb\x17\x97\x27\x65\xf8\xb4\x51\xa4\x94\x0d\xb2\x5b\xad\x1b\xe3\x64\x16\x53\x2a\xff\xad\xee\x29\xcf", 40, kenc, kmac, buffer);
mrtd_bac_decrypt_verify((uint8_t*)"\xDA\x35\xDF\x28\x7E\x9C\xE1\x25\x39\xD5\x66\xBA\x16\xF7\x16\x46\xCA\x7A\xBC\x0C\x98\x54\x55\x84\x50\x9E\xC1\x91\xB3\x06\x6B\x56\xBD\x10\xD0\xE9\x13\x83\xA9\x97", 40, kenc, kmac, buffer);
//TODO: set kifd
uint8_t *kifd = (uint8_t*)"\xe0\x01\xf4\x4c\x09\xb1\xb3\x16\x63\xab\x3a\x11\x8d\xa3\x17\xcc";
uint8_t *kifd = (uint8_t*)"\x1D\xF3\x5C\xFF\x0F\xF9\xE0\xBA\x36\x89\x63\xAE\xAF\xC8\x26\x64";
printf("buffer: "); print_hex(buffer, 32); printf("\n");
// 8F763C0B1CDF9F9D|0983F7C136155248|7A705FD193C6A6328C42264A3804002C
@@ -498,13 +498,13 @@ int main(int argc, char** argv) {
ssc++;
ssc+=6;
ssc+=11;
//test_mrtd_protect_
test_mrtd_bac_decrypt_verify_sm((uint8_t*)"\x87\x81\xE9\x01\x25\xF5\xD5\xB9\x8C\x5D\xF6\xDB\x5C\xC2\x79\x49\x1F\x3B\xDA\xA9\xC3\x55\x95\xE2\x33\xBD\xE6\x1F\xA5\x41\xD7\xF0\x8A\xCB\x01\x6F\xF7\xD3\xCF\x33\x3A\x65\x8C\x40\x37\x06\xDE\xB7\xB6\x1D\x73\x88\x04\x12\xC1\xD1\x52\x04\xC1\xA1\x84\x9F\xD9\x34\x60\x2B\x5F\x30\xD1\xDD\xFB\x37\xE7\x7D\xE8\xC1\x38\x72\x0F\x6C\x69\x12\x14\xB3\x8E\x4C\x19\x8A\x9F\x0F\x39\x08\xD4\xF5\xA4\xBE\x0C\xD0\xD9\x72\x24\xCE\x76\x45\xD3\xCC\xD2\x02\x53\xDE\x49\x77\x0F\xD5\x5E\xBE\x20\x8F\x9F\xFD\x89\x90\xBD\x5C\x44\x74\xE9\x76\xFB\xAA\x81\x35\x6B\xC0\x49\x5D\x5E\x1B\xC9\x18\x85\xFA\xC5\x82\x6F\x7B\x8F\x0F\x1B\x03\x30\xCE\x25\x90\x6E\x3E\xA0\xF4\x01\xA6\xF4\xAE\x02\xF8\x30\x29\x25\xEB\x0A\x10\x31\x8A\x89\xB6\x6B\x8C\xC5\x2E\xE6\xCC\xB8\xFA\xEC\x64\x36\x8D\x5A\x3F\x5A\x31\x67\x26\x01\x85\x19\x98\x0A\x69\x10\x8F\x5F\x71\xAA\x6C\x6E\x1C\xEB\x8A\x40\xD1\x87\xEE\x2A\x0D\xE7\xA3\x61\x92\x6A\x46\x3B\x8C\x79\x5F\x1E\xA2\xE4\x76\x59\x71\xD7\xE4\xFE\x41\xC0\x8A\x99\x02\x90\x00\x8E\x08\x0F\xE2\xD4\x0B\xED\xD6\x66\xA2", 250, ks_enc, ks_mac, ssc, NULL, 0, 0x9000);
//TODO: set challenge TX for verification
test_mrtd_protect_apdu(0x00, 0xA4, 0x02, 0x0C, 0x02, "\x01\x01", -1, ks_enc, ks_mac, ssc,
(uint8_t*)"\x0c\xa4\x02\x0c\x15\x87\x09\x01\xc8\xcc\x50\x6f\x50\xae\x10\xc7\x8e\x08\xaf\xec\x2e\x03\x90\x26\x8f\xa5\x00", 27);
//test_mrtd_protect_apdu(0x00, 0xA4, 0x02, 0x0C, 0x02, "\x01\x01", -1, ks_enc, ks_mac, ssc,
//(uint8_t*)"\x0c\xa4\x02\x0c\x15\x87\x09\x01\xc8\xcc\x50\x6f\x50\xae\x10\xc7\x8e\x08\xaf\xec\x2e\x03\x90\x26\x8f\xa5\x00", 27);
/*
uint8_t* select_ef_com = "\x0C\xA4\x02\x0C\x15\x87\x09\x01\xE2\x94\xA2\x9A\xF3\x73\xFD\x20\x8E\x08\x7E\x3B\xA9\xAA\x7C\xB9\x07\x0C\x00";