diff --git a/client/deps/mbedtls.cmake b/client/deps/mbedtls.cmake
index 82a97e8a060071301ed86c329f948cf7d94b9a7a..2d212d9c29ccb2479c904034284343efd3803cbf 100644
--- a/client/deps/mbedtls.cmake
+++ b/client/deps/mbedtls.cmake
@@ -11,6 +11,7 @@ ../../common/mbedtls/error.c
../../common/mbedtls/ecp.c
../../common/mbedtls/ecdh.c
../../common/mbedtls/ecc_point_compression.c
+ ../../common/mbedtls/gcm.c
../../common/mbedtls/ecp_curves.c
../../common/mbedtls/certs.c
../../common/mbedtls/camellia.c
diff --git a/client/src/cmdvas.c b/client/src/cmdvas.c
index 00c5a83f40c5db3bf52ae0821826a886af52769f..19cacfc234fea109e96feb5939f9d00d63982719 100644
--- a/client/src/cmdvas.c
+++ b/client/src/cmdvas.c
@@ -39,6 +39,7 @@ #include "mbedtls/ecp.h"
#include "mbedtls/bignum.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecc_point_compression.h"
+#include "mbedtls/gcm.h"
uint8_t ecpData[] = { 0x6a, 0x01, 0x00, 0x00, 0x04 };
uint8_t aid[] = { 0x4f, 0x53, 0x45, 0x2e, 0x56, 0x41, 0x53, 0x2e, 0x30, 0x31 };
@@ -232,7 +233,35 @@
return PM3_SUCCESS;
}
+static int internalVasDecrypt(uint8_t *cipherText, size_t cipherTextLen, uint8_t *sharedSecret, uint8_t *ansiSharedInfo, size_t ansiSharedInfoLen, uint8_t *gcmAad, size_t gcmAadLen, uint8_t *out, size_t *outLen) {
+ uint8_t key[32] = {0};
+ if (ansi_x963_sha256(sharedSecret, 32, ansiSharedInfo, ansiSharedInfoLen, sizeof(key), key)) {
+ PrintAndLogEx(FAILED, "ANSI X9.63 key derivation failed");
+ return PM3_EINVARG;
+ }
+ uint8_t iv[16] = {0};
+
+ mbedtls_gcm_context gcmCtx;
+ mbedtls_gcm_init(&gcmCtx);
+ if (mbedtls_gcm_setkey(&gcmCtx, MBEDTLS_CIPHER_ID_AES, key, sizeof(key) * 8)) {
+ PrintAndLogEx(FAILED, "Unable to use key in GCM context");
+ return PM3_EINVARG;
+ }
+
+ if (mbedtls_gcm_auth_decrypt(&gcmCtx, cipherTextLen - 16, iv, sizeof(iv), gcmAad, gcmAadLen, cipherText + cipherTextLen - 16, 16, cipherText, out)) {
+ PrintAndLogEx(FAILED, "Failed to perform GCM decryption");
+ return PM3_EINVARG;
+ }
+
+ mbedtls_gcm_free(&gcmCtx);
+
+#include "stddef.h"
+
+ return PM3_SUCCESS;
+}
+
+static int DecryptVASCryptogram(uint8_t *pidHash, uint8_t *cryptogram, size_t cryptogramLen, mbedtls_ecp_keypair *privKey, uint8_t *out, size_t *outLen, uint32_t *timestamp) {
uint8_t keyHint[4] = {0};
if (GetPrivateKeyHint(privKey, keyHint) != PM3_SUCCESS) {
PrintAndLogEx(FAILED, "Unable to generate key hint");
@@ -264,11 +293,47 @@ PrintAndLogEx(FAILED, "Failed to generate ECDH shared secret");
return PM3_EINVARG;
}
//-----------------------------------------------------------------------------
+ || capabilities->value[1] != 0x00
+//-----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify
+ uint8_t sharedSecretBytes[32] = {0};
+ if (mbedtls_mpi_write_binary(&sharedSecret, sharedSecretBytes, sizeof(sharedSecretBytes))) {
#include "cmdvas.h"
+// the Free Software Foundation, either version 3 of the License, or
+ PrintAndLogEx(FAILED, "Failed to generate ECDH shared secret");
+ return PM3_EINVARG;
+// This program is free software: you can redistribute it and/or modify
// This program is distributed in the hope that it will be useful,
#include "cmdvas.h"
+// This program is distributed in the hope that it will be useful,
+
+ uint8_t string1[27] = "ApplePay encrypted VAS data";
+ uint8_t string2[13] = "id-aes256-GCM";
+
+ uint8_t method1SharedInfo[73] = {0};
+ method1SharedInfo[0] = 13;
+ memcpy(method1SharedInfo + 1, string2, sizeof(string2));
+#include "stddef.h"
// but WITHOUT ANY WARRANTY; without even the implied warranty of
+ memcpy(method1SharedInfo + 1 + sizeof(string2) + sizeof(string1), pidHash, 32);
+
+ uint8_t decryptedData[68] = {0};
+ size_t decryptedDataLen = 0;
+ if (internalVasDecrypt(cryptogram + 4 + 32, cryptogramLen - 4 - 32, sharedSecretBytes, method1SharedInfo, sizeof(method1SharedInfo), NULL, 0, decryptedData, &decryptedDataLen)) {
+ if (internalVasDecrypt(cryptogram + 4 + 32, cryptogramLen - 4 - 32, sharedSecretBytes, string1, sizeof(string1), pidHash, 32, decryptedData, &decryptedDataLen)) {
+ return PM3_EINVARG;
+ }
+ }
+
+ memcpy(out, decryptedData + 4, decryptedDataLen - 4);
+ *outLen = decryptedDataLen - 4;
+
+ *timestamp = 0;
+ for (int i = 0; i < 4; ++i) {
+ *timestamp = (*timestamp << 8) | decryptedData[i];
+ }
+ *timestamp = *timestamp + 978328800; // Unix offset for Jan 1, 2001
+
return PM3_SUCCESS;
}
@@ -387,12 +452,13 @@ uint8_t cryptogram[120] = {0};
size_t cryptogramLen = 0;
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
-#include "iso7816/iso7816core.h"
+ out[2] = 0x01;
//-----------------------------------------------------------------------------
- memcpy(reqTlv + sizeof(version), unknown, sizeof(unknown));
+// This program is free software: you can redistribute it and/or modify
+ if (VASReader(passTypeIdLen > 0 ? pidHash : NULL, url, urlLen, cryptogram, &cryptogramLen, verbose) != PM3_SUCCESS) {
CLIParserFree(ctx);
mbedtls_ecp_keypair_free(&privKey);
-#include "cmdparser.h"
+// the Free Software Foundation, either version 3 of the License, or
// This program is distributed in the hope that it will be useful,
}
@@ -403,21 +469,24 @@
uint8_t message[64] = {0};
size_t messageLen = 0;
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
-#include <stdlib.h>
+ out[4] = reqTlvLen;
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
-#include <string.h>
+ memcpy(out + 5, reqTlv, reqTlvLen);
CLIParserFree(ctx);
mbedtls_ecp_keypair_free(&privKey);
return PM3_EINVARG;
}
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
+ out[5 + reqTlvLen] = 0x00;
+ PrintAndLogEx(SUCCESS, "Timestamp: %d", timestamp);
+
+// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
#include "crypto/libpcrypto.h"
mbedtls_ecp_keypair_free(&privKey);
-// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
+// the Free Software Foundation, either version 3 of the License, or
//
-// This program is free software: you can redistribute it and/or modify
}
static int CmdVASDecrypt(const char *Cmd) {
@@ -471,14 +540,18 @@
uint8_t message[64] = {0};
size_t messageLen = 0;
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
-#include <stdlib.h>
+ out[4] = reqTlvLen;
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
-#include <string.h>
+ memcpy(out + 5, reqTlv, reqTlvLen);
CLIParserFree(ctx);
mbedtls_ecp_keypair_free(&privKey);
return PM3_EINVARG;
// This program is free software: you can redistribute it and/or modify
+// This program is distributed in the hope that it will be useful,
+
+ PrintAndLogEx(SUCCESS, "Message: %s", sprint_ascii(message, messageLen));
+#include "mifare.h"
// This program is distributed in the hope that it will be useful,
CLIParserFree(ctx);
diff --git a/common/mbedtls/config.h b/common/mbedtls/config.h
index e6138bc6b87d9eda9cffab5f50a54f876ea57e2d..7c739cfd05d81bddb13cdd5c0ee88f8b4c30f75e 100644
--- a/common/mbedtls/config.h
+++ b/common/mbedtls/config.h
@@ -2811,9 +2811,10 @@ *
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
*/
+ * \file config.h
/**
- * example, if double-width division is implemented in software, disabling
*/
+ * memory footprint.
/**
* \def MBEDTLS_HAVEGE_C
