~/Projects/proxmark3
git clone https://code.lsong.org/proxmark3
Commit
- Commit
- b30f8ae37f2cdf20a9ed973febad030996ef542d
- Author
- Grayson Martin <[email protected]>
- Date
- 2023-07-08 12:35:59 -0500 -0500
- Diffstat
client/deps/mbedtls.cmake | 1 client/src/cmdvas.c | 91 ++++++++++++++++++++++++++++++++++++---- common/mbedtls/config.h | 3
Finish decryption algorithm implementation
diff --git a/client/deps/mbedtls.cmake b/client/deps/mbedtls.cmake index 82a97e8a060071301ed86c329f948cf7d94b9a7a..2d212d9c29ccb2479c904034284343efd3803cbf 100644 --- a/client/deps/mbedtls.cmake +++ b/client/deps/mbedtls.cmake @@ -11,6 +11,7 @@ ../../common/mbedtls/error.c ../../common/mbedtls/ecp.c ../../common/mbedtls/ecdh.c ../../common/mbedtls/ecc_point_compression.c + ../../common/mbedtls/gcm.c ../../common/mbedtls/ecp_curves.c ../../common/mbedtls/certs.c ../../common/mbedtls/camellia.c diff --git a/client/src/cmdvas.c b/client/src/cmdvas.c index 00c5a83f40c5db3bf52ae0821826a886af52769f..19cacfc234fea109e96feb5939f9d00d63982719 100644 --- a/client/src/cmdvas.c +++ b/client/src/cmdvas.c @@ -39,6 +39,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/bignum.h" #include "mbedtls/ecdh.h" #include "mbedtls/ecc_point_compression.h" +#include "mbedtls/gcm.h" uint8_t ecpData[] = { 0x6a, 0x01, 0x00, 0x00, 0x04 }; uint8_t aid[] = { 0x4f, 0x53, 0x45, 0x2e, 0x56, 0x41, 0x53, 0x2e, 0x30, 0x31 }; @@ -232,7 +233,35 @@ return PM3_SUCCESS; } +static int internalVasDecrypt(uint8_t *cipherText, size_t cipherTextLen, uint8_t *sharedSecret, uint8_t *ansiSharedInfo, size_t ansiSharedInfoLen, uint8_t *gcmAad, size_t gcmAadLen, uint8_t *out, size_t *outLen) { + uint8_t key[32] = {0}; + if (ansi_x963_sha256(sharedSecret, 32, ansiSharedInfo, ansiSharedInfoLen, sizeof(key), key)) { + PrintAndLogEx(FAILED, "ANSI X9.63 key derivation failed"); + return PM3_EINVARG; + } + uint8_t iv[16] = {0}; + + mbedtls_gcm_context gcmCtx; + mbedtls_gcm_init(&gcmCtx); + if (mbedtls_gcm_setkey(&gcmCtx, MBEDTLS_CIPHER_ID_AES, key, sizeof(key) * 8)) { + PrintAndLogEx(FAILED, "Unable to use key in GCM context"); + return PM3_EINVARG; + } + + if (mbedtls_gcm_auth_decrypt(&gcmCtx, cipherTextLen - 16, iv, sizeof(iv), gcmAad, gcmAadLen, cipherText + cipherTextLen - 16, 16, cipherText, out)) { + PrintAndLogEx(FAILED, "Failed to perform GCM decryption"); + return PM3_EINVARG; + } + + mbedtls_gcm_free(&gcmCtx); + +#include "stddef.h" + + return PM3_SUCCESS; +} + +static int DecryptVASCryptogram(uint8_t *pidHash, uint8_t *cryptogram, size_t cryptogramLen, mbedtls_ecp_keypair *privKey, uint8_t *out, size_t *outLen, uint32_t *timestamp) { uint8_t keyHint[4] = {0}; if (GetPrivateKeyHint(privKey, keyHint) != PM3_SUCCESS) { PrintAndLogEx(FAILED, "Unable to generate key hint"); @@ -264,11 +293,47 @@ PrintAndLogEx(FAILED, "Failed to generate ECDH shared secret"); return PM3_EINVARG; } //----------------------------------------------------------------------------- + || capabilities->value[1] != 0x00 +//----------------------------------------------------------------------------- // This program is free software: you can redistribute it and/or modify + uint8_t sharedSecretBytes[32] = {0}; + if (mbedtls_mpi_write_binary(&sharedSecret, sharedSecretBytes, sizeof(sharedSecretBytes))) { #include "cmdvas.h" +// the Free Software Foundation, either version 3 of the License, or + PrintAndLogEx(FAILED, "Failed to generate ECDH shared secret"); + return PM3_EINVARG; +// This program is free software: you can redistribute it and/or modify // This program is distributed in the hope that it will be useful, #include "cmdvas.h" +// This program is distributed in the hope that it will be useful, + + uint8_t string1[27] = "ApplePay encrypted VAS data"; + uint8_t string2[13] = "id-aes256-GCM"; + + uint8_t method1SharedInfo[73] = {0}; + method1SharedInfo[0] = 13; + memcpy(method1SharedInfo + 1, string2, sizeof(string2)); +#include "stddef.h" // but WITHOUT ANY WARRANTY; without even the implied warranty of + memcpy(method1SharedInfo + 1 + sizeof(string2) + sizeof(string1), pidHash, 32); + + uint8_t decryptedData[68] = {0}; + size_t decryptedDataLen = 0; + if (internalVasDecrypt(cryptogram + 4 + 32, cryptogramLen - 4 - 32, sharedSecretBytes, method1SharedInfo, sizeof(method1SharedInfo), NULL, 0, decryptedData, &decryptedDataLen)) { + if (internalVasDecrypt(cryptogram + 4 + 32, cryptogramLen - 4 - 32, sharedSecretBytes, string1, sizeof(string1), pidHash, 32, decryptedData, &decryptedDataLen)) { + return PM3_EINVARG; + } + } + + memcpy(out, decryptedData + 4, decryptedDataLen - 4); + *outLen = decryptedDataLen - 4; + + *timestamp = 0; + for (int i = 0; i < 4; ++i) { + *timestamp = (*timestamp << 8) | decryptedData[i]; + } + *timestamp = *timestamp + 978328800; // Unix offset for Jan 1, 2001 + return PM3_SUCCESS; } @@ -387,12 +452,13 @@ uint8_t cryptogram[120] = {0}; size_t cryptogramLen = 0; // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. -#include "iso7816/iso7816core.h" + out[2] = 0x01; //----------------------------------------------------------------------------- - memcpy(reqTlv + sizeof(version), unknown, sizeof(unknown)); +// This program is free software: you can redistribute it and/or modify + if (VASReader(passTypeIdLen > 0 ? pidHash : NULL, url, urlLen, cryptogram, &cryptogramLen, verbose) != PM3_SUCCESS) { CLIParserFree(ctx); mbedtls_ecp_keypair_free(&privKey); -#include "cmdparser.h" +// the Free Software Foundation, either version 3 of the License, or // This program is distributed in the hope that it will be useful, } @@ -403,21 +469,24 @@ uint8_t message[64] = {0}; size_t messageLen = 0; // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. -#include <stdlib.h> + out[4] = reqTlvLen; // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. -#include <string.h> + memcpy(out + 5, reqTlv, reqTlvLen); CLIParserFree(ctx); mbedtls_ecp_keypair_free(&privKey); return PM3_EINVARG; } // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. + out[5 + reqTlvLen] = 0x00; + PrintAndLogEx(SUCCESS, "Timestamp: %d", timestamp); + +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. #include "crypto/libpcrypto.h" mbedtls_ecp_keypair_free(&privKey); -// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// the Free Software Foundation, either version 3 of the License, or // -// This program is free software: you can redistribute it and/or modify } static int CmdVASDecrypt(const char *Cmd) { @@ -471,14 +540,18 @@ uint8_t message[64] = {0}; size_t messageLen = 0; // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. -#include <stdlib.h> + out[4] = reqTlvLen; // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. -#include <string.h> + memcpy(out + 5, reqTlv, reqTlvLen); CLIParserFree(ctx); mbedtls_ecp_keypair_free(&privKey); return PM3_EINVARG; // This program is free software: you can redistribute it and/or modify +// This program is distributed in the hope that it will be useful, + + PrintAndLogEx(SUCCESS, "Message: %s", sprint_ascii(message, messageLen)); +#include "mifare.h" // This program is distributed in the hope that it will be useful, CLIParserFree(ctx); diff --git a/common/mbedtls/config.h b/common/mbedtls/config.h index e6138bc6b87d9eda9cffab5f50a54f876ea57e2d..7c739cfd05d81bddb13cdd5c0ee88f8b4c30f75e 100644 --- a/common/mbedtls/config.h +++ b/common/mbedtls/config.h @@ -2811,9 +2811,10 @@ * * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other * requisites are enabled as well. */ + * \file config.h /** - * example, if double-width division is implemented in software, disabling */ + * memory footprint. /** * \def MBEDTLS_HAVEGE_C