[8] | 1 | #include "globals.h"
|
---|
| 2 | #include "reader-common.h"
|
---|
| 3 |
|
---|
| 4 | static uchar ISK[0x40];
|
---|
| 5 | static uchar cwexp[] = { 1, 0 , 1};
|
---|
| 6 | static BIGNUM exp, ucpk;
|
---|
| 7 | static int ucpk_valid = 0;
|
---|
| 8 |
|
---|
| 9 | extern uchar cta_cmd[], cta_res[];
|
---|
| 10 | extern ushort cta_lr;
|
---|
| 11 |
|
---|
| 12 | #define CMD_LEN 5
|
---|
| 13 |
|
---|
| 14 | void RotateBytes1(unsigned char *out, unsigned char *in, int n)
|
---|
| 15 | {
|
---|
| 16 | // loop is executed atleast once, so it's not a good idea to
|
---|
| 17 | // call with n=0 !!
|
---|
| 18 | out+=n;
|
---|
| 19 | do { *(--out)=*(in++); } while(--n);
|
---|
| 20 | }
|
---|
| 21 |
|
---|
| 22 | void RotateBytes2(unsigned char *in, int n)
|
---|
| 23 | {
|
---|
| 24 | // loop is executed atleast once, so it's not a good idea to
|
---|
| 25 | // call with n=0 !!
|
---|
| 26 | unsigned char *e=in+n-1;
|
---|
| 27 | do
|
---|
| 28 | {
|
---|
| 29 | unsigned char temp=*in;
|
---|
| 30 | *in++=*e;
|
---|
| 31 | *e-- =temp;
|
---|
| 32 | } while(in<e);
|
---|
| 33 | }
|
---|
| 34 |
|
---|
| 35 | int Input(BIGNUM *d, unsigned char *in, int n, int LE)
|
---|
| 36 | {
|
---|
| 37 | if (LE)
|
---|
| 38 | {
|
---|
| 39 | unsigned char tmp[n];
|
---|
| 40 | RotateBytes1(tmp,in,n);
|
---|
| 41 | return(BN_bin2bn(tmp,n,d)!=0);
|
---|
| 42 | }
|
---|
| 43 | else
|
---|
| 44 | return(BN_bin2bn(in,n,d)!=0);
|
---|
| 45 | }
|
---|
| 46 |
|
---|
| 47 | int Output(unsigned char *out, int n, BIGNUM *r, int LE)
|
---|
| 48 | {
|
---|
| 49 | int s=BN_num_bytes(r);
|
---|
| 50 | if (s>n)
|
---|
| 51 | {
|
---|
| 52 | unsigned char buff[s];
|
---|
| 53 | cs_debug("rsa: RSA len %d > %d, truncating", s, n);
|
---|
| 54 | BN_bn2bin(r,buff);
|
---|
| 55 | memcpy(out,buff+s-n,n);
|
---|
| 56 | }
|
---|
| 57 | else if (s<n)
|
---|
| 58 | {
|
---|
| 59 | int l=n-s;
|
---|
| 60 | cs_debug("rsa: RSA len %d < %d, padding", s, n);
|
---|
| 61 | memset(out,0,l);
|
---|
| 62 | BN_bn2bin(r,out+l);
|
---|
| 63 | }
|
---|
| 64 | else
|
---|
| 65 | BN_bn2bin(r,out);
|
---|
| 66 | if (LE)
|
---|
| 67 | RotateBytes2(out,n);
|
---|
| 68 | return(s);
|
---|
| 69 | }
|
---|
| 70 |
|
---|
| 71 | int RSA(unsigned char *out, unsigned char *in, int n, BIGNUM *exp, BIGNUM *mod, int LE)
|
---|
| 72 | {
|
---|
| 73 | int rc=0;
|
---|
| 74 | BN_CTX *ctx;
|
---|
| 75 | BIGNUM *r, *d;
|
---|
| 76 | ctx=BN_CTX_new();
|
---|
| 77 | r=BN_new();
|
---|
| 78 | d=BN_new();
|
---|
| 79 | if (Input(d,in,n,LE))
|
---|
| 80 | {
|
---|
| 81 | if(BN_mod_exp(r,d,exp,mod,ctx))
|
---|
| 82 | rc=Output(out,n,r,LE);
|
---|
| 83 | else
|
---|
| 84 | cs_log("rsa: mod-exp failed");
|
---|
| 85 | }
|
---|
| 86 | BN_CTX_free(ctx);
|
---|
| 87 | BN_free(d);
|
---|
| 88 | BN_free(r);
|
---|
| 89 | return(rc);
|
---|
| 90 | }
|
---|
| 91 |
|
---|
| 92 | int CheckSctLen(const uchar *data, int off)
|
---|
| 93 | {
|
---|
| 94 | int l=SCT_LEN(data);
|
---|
| 95 | if (l+off > MAX_LEN)
|
---|
| 96 | {
|
---|
| 97 | cs_debug("smartcard: section too long %d > %d", l, MAX_LEN-off);
|
---|
| 98 | l=-1;
|
---|
| 99 | }
|
---|
| 100 | return(l);
|
---|
| 101 | }
|
---|
| 102 |
|
---|
| 103 | static int card_write(uchar *cmd, uchar *data, int wflag)
|
---|
| 104 | {
|
---|
| 105 | int l;
|
---|
| 106 | uchar buf[MAX_LEN];
|
---|
| 107 | memcpy(buf, cmd, CMD_LEN);
|
---|
| 108 | l=wflag ? cmd[4] : 0;
|
---|
| 109 | if (l && data)
|
---|
| 110 | memcpy(buf+CMD_LEN, data, l);
|
---|
| 111 | l=reader_cmd2icc(buf, CMD_LEN+l);
|
---|
| 112 | return(l);
|
---|
| 113 | }
|
---|
| 114 |
|
---|
| 115 | #define write_cmd(cmd, data) \
|
---|
| 116 | { \
|
---|
| 117 | if (card_write(cmd, data, 1)) return(0); \
|
---|
| 118 | }
|
---|
| 119 |
|
---|
| 120 | #define read_cmd(cmd, data) \
|
---|
| 121 | { \
|
---|
| 122 | if (card_write(cmd, data, 0)) return(0); \
|
---|
| 123 | }
|
---|
| 124 |
|
---|
| 125 | static char *chid_date(uchar *ptr, char *buf, int l)
|
---|
| 126 | {
|
---|
| 127 | if (buf)
|
---|
| 128 | {
|
---|
| 129 | snprintf(buf, l, "%04d/%02d/%02d",
|
---|
| 130 | 1990+(ptr[0]>>1), ((ptr[0]&1)<<3)|(ptr[1]>>5), ptr[1]&0x1f);
|
---|
| 131 | }
|
---|
| 132 | return(buf);
|
---|
| 133 | }
|
---|
| 134 |
|
---|
| 135 | static int select_file(uchar f1, uchar f2)
|
---|
| 136 | {
|
---|
| 137 | uchar insA4[] = {0xA4, 0xA4, 0x00, 0x00, 0x02, 0x00, 0x00};
|
---|
| 138 | insA4[5]=f1;
|
---|
| 139 | insA4[6]=f2;
|
---|
| 140 | write_cmd(insA4, insA4+5); // select file
|
---|
| 141 | return((cta_res[0]==0x9f)&&(cta_res[1]==0x11));
|
---|
| 142 | }
|
---|
| 143 |
|
---|
| 144 | static int read_record(uchar rec)
|
---|
| 145 | {
|
---|
| 146 | uchar insA2[] = {0xA4, 0xA2, 0x00, 0x00, 0x01, 0x00};
|
---|
| 147 | uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
|
---|
| 148 |
|
---|
| 149 | insA2[5]=rec;
|
---|
| 150 | write_cmd(insA2, insA2+5); // select record
|
---|
| 151 | if (cta_res[0]!=0x9f)
|
---|
| 152 | return(-1);
|
---|
| 153 | insB2[4]=cta_res[1]; // get len
|
---|
| 154 | read_cmd(insB2, NULL); // read record
|
---|
| 155 | if ((cta_res[cta_lr-2]!=0x90) || (cta_res[cta_lr-1]))
|
---|
| 156 | return(-1);
|
---|
| 157 | return(cta_lr-2);
|
---|
| 158 | }
|
---|
| 159 |
|
---|
[39] | 160 | int cryptoworks_send_pin(void)
|
---|
| 161 | {
|
---|
| 162 | unsigned char insPIN[] = { 0xA4, 0x20, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //Verify PIN
|
---|
| 163 |
|
---|
| 164 | if(reader[ridx].pincode[0] && (reader[ridx].pincode[0]&0xF0)==0x30)
|
---|
| 165 | {
|
---|
| 166 | memcpy(insPIN+5,reader[ridx].pincode,4);
|
---|
| 167 |
|
---|
| 168 | write_cmd(insPIN, insPIN+5);
|
---|
| 169 | cs_ri_log("[cryptoworks]-sending pincode to card");
|
---|
| 170 | if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) cs_ri_log("[cryptoworks]-bad pincode");
|
---|
| 171 |
|
---|
| 172 | return(1);
|
---|
| 173 | }
|
---|
| 174 |
|
---|
| 175 | return(0);
|
---|
| 176 | }
|
---|
| 177 |
|
---|
| 178 | int cryptoworks_disbale_pin(void)
|
---|
| 179 | {
|
---|
| 180 | unsigned char insPIN[] = { 0xA4, 0x26, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //disable PIN
|
---|
| 181 |
|
---|
| 182 | if(reader[ridx].pincode[0] && (reader[ridx].pincode[0]&0xF0)==0x30)
|
---|
| 183 | {
|
---|
| 184 | memcpy(insPIN+5,reader[ridx].pincode,4);
|
---|
| 185 |
|
---|
| 186 | write_cmd(insPIN, insPIN+5);
|
---|
| 187 | cs_ri_log("[cryptoworks]-disable pincode to card");
|
---|
| 188 | if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) cs_ri_log("[cryptoworks]-bad pincode");
|
---|
| 189 | return(1);
|
---|
| 190 | }
|
---|
| 191 |
|
---|
| 192 | return(0);
|
---|
| 193 | }
|
---|
| 194 |
|
---|
[8] | 195 | int cryptoworks_card_init(uchar *atr, int atrsize)
|
---|
| 196 | {
|
---|
| 197 | int i;
|
---|
| 198 | unsigned int mfid=0x3F20;
|
---|
| 199 | uchar insA4C[]= {0xA4, 0xC0, 0x00, 0x00, 0x11};
|
---|
| 200 | uchar insB8[] = {0xA4, 0xB8, 0x00, 0x00, 0x0c};
|
---|
| 201 | uchar issuerid=0;
|
---|
| 202 | char issuer[20]={0};
|
---|
| 203 | char *unknown="unknown", *pin=unknown, ptxt[CS_MAXPROV<<2]={0};
|
---|
| 204 |
|
---|
| 205 | if ((atr[6]!=0xC4) || (atr[9]!=0x8F) || (atr[10]!=0xF1)) return(0);
|
---|
| 206 |
|
---|
| 207 | reader[ridx].caid[0]=0xD00;
|
---|
| 208 | reader[ridx].nprov=0;
|
---|
| 209 | memset(reader[ridx].prid, 0, sizeof(reader[ridx].prid));
|
---|
| 210 |
|
---|
| 211 | read_cmd(insA4C, NULL); // read masterfile-ID
|
---|
| 212 | if ((cta_res[0]==0xDF) && (cta_res[1]>=6))
|
---|
| 213 | mfid=(cta_res[6]<<8)|cta_res[7];
|
---|
| 214 |
|
---|
| 215 | select_file(0x3f, 0x20);
|
---|
| 216 | insB8[2]=insB8[3]=0; // first
|
---|
| 217 | for(cta_res[0]=0xdf; cta_res[0]==0xdf;)
|
---|
| 218 | {
|
---|
| 219 | read_cmd(insB8, NULL); // read provider id's
|
---|
| 220 | if (cta_res[0]!=0xdf) break;
|
---|
| 221 | if (((cta_res[4]&0x1f)==0x1f) && (reader[ridx].nprov<CS_MAXPROV))
|
---|
| 222 | {
|
---|
| 223 | sprintf(ptxt+strlen(ptxt), ",%02X", cta_res[5]);
|
---|
| 224 | reader[ridx].prid[reader[ridx].nprov++][3]=cta_res[5];
|
---|
| 225 | }
|
---|
| 226 | insB8[2]=insB8[3]=0xff; // next
|
---|
| 227 | }
|
---|
| 228 | for (i=reader[ridx].nprov; i<CS_MAXPROV; i++)
|
---|
| 229 | memset(&reader[ridx].prid[i][0], 0xff, 4);
|
---|
| 230 |
|
---|
| 231 | select_file(0x2f, 0x01); // read caid
|
---|
| 232 | if (read_record(0xD1)>=4)
|
---|
| 233 | reader[ridx].caid[0]=(cta_res[2]<<8)|cta_res[3];
|
---|
| 234 |
|
---|
| 235 | if (read_record(0x80)>=7) // read serial
|
---|
| 236 | memcpy(reader[ridx].hexserial, cta_res+2, 5);
|
---|
[39] | 237 | cs_ri_log("type: cryptoworks, caid: %04X, ascii serial: %llu, hex serial: %s",
|
---|
| 238 | reader[ridx].caid[0], b2ll(5, reader[ridx].hexserial),cs_hexdump(0, reader[ridx].hexserial, 5));
|
---|
[8] | 239 |
|
---|
| 240 | if (read_record(0x9E)>=66) // read ISK
|
---|
| 241 | {
|
---|
| 242 | uchar keybuf[256];
|
---|
| 243 | BIGNUM *ipk;
|
---|
[70] | 244 | if (search_boxkey(reader[ridx].caid[0], 0, (char *)keybuf))
|
---|
[8] | 245 | {
|
---|
| 246 | ipk=BN_new();
|
---|
| 247 | BN_bin2bn(cwexp, sizeof(cwexp), &exp);
|
---|
| 248 | BN_bin2bn(keybuf, 64, ipk);
|
---|
| 249 | RSA(cta_res+2, cta_res+2, 0x40, &exp, ipk, 0);
|
---|
| 250 | BN_free(ipk);
|
---|
| 251 | if (ucpk_valid=(cta_res[2]==((mfid & 0xFF)>>1)))
|
---|
| 252 | {
|
---|
| 253 | cta_res[2]|=0x80;
|
---|
| 254 | BN_bin2bn(cta_res+2, 0x40, &ucpk);
|
---|
| 255 | cs_ddump(cta_res+2, 0x40, "IPK available -> session-key:");
|
---|
| 256 | }
|
---|
| 257 | else
|
---|
| 258 | {
|
---|
| 259 | if (ucpk_valid=(keybuf[0]==(((mfid & 0xFF)>>1)|0x80)))
|
---|
| 260 | {
|
---|
| 261 | BN_bin2bn(keybuf, 0x40, &ucpk);
|
---|
| 262 | cs_ddump(keybuf, 0x40, "session-key found:");
|
---|
| 263 | }
|
---|
| 264 | else
|
---|
| 265 | cs_log("invalid IPK or session-key for CAID %04X !", reader[ridx].caid[0]);
|
---|
| 266 | }
|
---|
| 267 | }
|
---|
| 268 | }
|
---|
| 269 | if (read_record(0x9F)>=3)
|
---|
| 270 | issuerid=cta_res[2];
|
---|
| 271 | if (read_record(0xC0)>=16)
|
---|
| 272 | {
|
---|
[70] | 273 | strncpy(issuer, (const char *)cta_res+2, sizeof(issuer)-1);
|
---|
[8] | 274 | trim(issuer);
|
---|
| 275 | }
|
---|
| 276 | else
|
---|
| 277 | strcpy(issuer, unknown);
|
---|
| 278 |
|
---|
| 279 | select_file(0x3f, 0x20);
|
---|
| 280 | select_file(0x2f, 0x11); // read pin
|
---|
| 281 | if (read_record(atr[8])>=7)
|
---|
| 282 | {
|
---|
| 283 | cta_res[6]=0;
|
---|
[70] | 284 | pin=(char *)cta_res+2;
|
---|
[8] | 285 | }
|
---|
| 286 | cs_ri_log("issuer: %s, id: %02X, bios: v%d, pin: %s, mfid: %04X", issuer, issuerid, atr[7], pin, mfid);
|
---|
| 287 | cs_ri_log("providers: %d (%s)", reader[ridx].nprov, ptxt+1);
|
---|
| 288 | cs_log("ready for requests");
|
---|
[39] | 289 |
|
---|
| 290 | cryptoworks_disbale_pin(); //by KrazyIvan
|
---|
| 291 |
|
---|
[8] | 292 | return(1);
|
---|
| 293 | }
|
---|
| 294 |
|
---|
| 295 | #ifdef LALL
|
---|
| 296 | bool cSmartCardCryptoworks::Decode(const cEcmInfo *ecm, const unsigned char *data, unsigned char *cw)
|
---|
| 297 | {
|
---|
| 298 | static unsigned char ins4c[] = { 0xA4,0x4C,0x00,0x00,0x00 };
|
---|
| 299 |
|
---|
| 300 | unsigned char nanoD4[10];
|
---|
| 301 | int l=CheckSctLen(data,-5+(ucpkValid ? sizeof(nanoD4):0));
|
---|
| 302 | if(l>5) {
|
---|
| 303 | unsigned char buff[MAX_LEN];
|
---|
| 304 | if(ucpkValid) {
|
---|
| 305 | memcpy(buff,data,l);
|
---|
| 306 | nanoD4[0]=0xD4;
|
---|
| 307 | nanoD4[1]=0x08;
|
---|
| 308 | for(unsigned int i=2; i<sizeof(nanoD4); i++) nanoD4[i]=rand();
|
---|
| 309 | memcpy(&buff[l],nanoD4,sizeof(nanoD4));
|
---|
| 310 | data=buff; l+=sizeof(nanoD4);
|
---|
| 311 | }
|
---|
| 312 | ins4c[3]=ucpkValid ? 2 : 0;
|
---|
| 313 | ins4c[4]=l-5;
|
---|
| 314 | if(IsoWrite(ins4c,&data[5]) && Status() &&
|
---|
| 315 | (l=GetLen())>0 && ReadData(buff,l)==l) {
|
---|
| 316 | int r=0;
|
---|
| 317 | for(int i=0; i<l && r<2; ) {
|
---|
| 318 | int n=buff[i+1];
|
---|
| 319 | switch(buff[i]) {
|
---|
| 320 | case 0x80:
|
---|
| 321 | de(printf("smartcardcryptoworks: nano 80 (serial)\n"))
|
---|
| 322 | break;
|
---|
| 323 | case 0xD4:
|
---|
| 324 | de(printf("smartcardcryptoworks: nano D4 (rand)\n"))
|
---|
| 325 | if(n<8 || memcmp(&buff[i],nanoD4,sizeof(nanoD4)))
|
---|
| 326 | di(printf("smartcardcryptoworks: random data check failed after decrypt\n"))
|
---|
| 327 | break;
|
---|
| 328 | case 0xDB: // CW
|
---|
| 329 | de(printf("smartcardcryptoworks: nano DB (cw)\n"))
|
---|
| 330 | if(n==0x10) {
|
---|
| 331 | memcpy(cw,&buff[i+2],16);
|
---|
| 332 | r|=1;
|
---|
| 333 | }
|
---|
| 334 | break;
|
---|
| 335 | case 0xDF: // signature
|
---|
| 336 | de(printf("smartcardcryptoworks: nano DF %02x (sig)\n",n))
|
---|
| 337 | if(n==0x08) {
|
---|
| 338 | if((buff[i+2]&0x50)==0x50 && !(buff[i+3]&0x01) && (buff[i+5]&0x80))
|
---|
| 339 | r|=2;
|
---|
| 340 | }
|
---|
| 341 | else if(n==0x40) { // camcrypt
|
---|
| 342 | if(ucpkValid) {
|
---|
| 343 | RSA(&buff[i+2],&buff[i+2],n,exp,ucpk,false);
|
---|
| 344 | de(printf("smartcardcryptoworks: after camcrypt "))
|
---|
| 345 | de(HexDump(&buff[i+2],n))
|
---|
| 346 | r=0; l=n-4; n=4;
|
---|
| 347 | }
|
---|
| 348 | else {
|
---|
| 349 | di(printf("smartcardcryptoworks: valid UCPK needed for camcrypt!\n"))
|
---|
| 350 | return false;
|
---|
| 351 | }
|
---|
| 352 | }
|
---|
| 353 | break;
|
---|
| 354 | default:
|
---|
| 355 | de(printf("smartcardcryptoworks: nano %02x (unhandled)\n",buff[i]))
|
---|
| 356 | break;
|
---|
| 357 | }
|
---|
| 358 | i+=n+2;
|
---|
| 359 | }
|
---|
| 360 | return r==3;
|
---|
| 361 | }
|
---|
| 362 | }
|
---|
| 363 | return false;
|
---|
| 364 | }
|
---|
| 365 | #endif
|
---|
| 366 |
|
---|
| 367 | int cryptoworks_do_ecm(ECM_REQUEST *er)
|
---|
| 368 | {
|
---|
| 369 | int rc=0;
|
---|
| 370 | int r=0;
|
---|
| 371 | static unsigned char ins4C[] = { 0xA4,0x4C,0x00,0x00,0x00 };
|
---|
| 372 | static unsigned char insC0[] = { 0xA4,0xC0,0x00,0x00,0x1C };
|
---|
| 373 | unsigned char nanoD4[10];
|
---|
| 374 | int secLen=CheckSctLen(er->ecm,-5+(ucpk_valid ? sizeof(nanoD4):0));
|
---|
| 375 |
|
---|
| 376 | if(secLen>5)
|
---|
| 377 | {
|
---|
| 378 | int i;
|
---|
| 379 | uchar *ecm=er->ecm;
|
---|
| 380 | uchar buff[MAX_LEN];
|
---|
| 381 |
|
---|
| 382 | if(ucpk_valid)
|
---|
| 383 | {
|
---|
| 384 | memcpy(buff,er->ecm,secLen);
|
---|
| 385 | nanoD4[0]=0xD4;
|
---|
| 386 | nanoD4[1]=0x08;
|
---|
| 387 | for (i=2; i<sizeof(nanoD4); i++)
|
---|
| 388 | nanoD4[i]=rand();
|
---|
| 389 | memcpy(&buff[secLen], nanoD4, sizeof(nanoD4));
|
---|
| 390 | ecm=buff;
|
---|
| 391 | secLen+=sizeof(nanoD4);
|
---|
| 392 | }
|
---|
| 393 |
|
---|
| 394 | ins4C[3]=ucpk_valid ? 2 : 0;
|
---|
| 395 | ins4C[4]=secLen-5;
|
---|
| 396 | write_cmd(ins4C, ecm+5);
|
---|
| 397 | if (cta_res[cta_lr-2]==0x9f)
|
---|
| 398 | {
|
---|
| 399 | insC0[4]=cta_res[cta_lr-1];
|
---|
| 400 | read_cmd(insC0, NULL);
|
---|
| 401 | for(i=0; i<secLen && r<2; )
|
---|
| 402 | {
|
---|
| 403 | int n=cta_res[i+1];
|
---|
| 404 | switch(cta_res[i])
|
---|
| 405 | {
|
---|
| 406 | case 0x80:
|
---|
| 407 | cs_debug("cryptoworks: nano 80 (serial)");
|
---|
| 408 | break;
|
---|
| 409 | case 0xD4:
|
---|
| 410 | cs_debug("smartcardcryptoworks: nano D4 (rand)");
|
---|
| 411 | if(n<8 || memcmp(&cta_res[i],nanoD4,sizeof(nanoD4)))
|
---|
| 412 | cs_debug("cryptoworks: random data check failed after decrypt");
|
---|
| 413 | break;
|
---|
| 414 | case 0xDB: // CW
|
---|
| 415 | cs_debug("smartcardcryptoworks: nano DB (cw)");
|
---|
| 416 | if(n==0x10)
|
---|
| 417 | {
|
---|
| 418 | memcpy(er->cw, &cta_res[i+2], 16);
|
---|
| 419 | r|=1;
|
---|
| 420 | }
|
---|
| 421 | break;
|
---|
| 422 | case 0xDF: // signature
|
---|
| 423 | cs_debug("cryptoworks: nano DF %02x (sig)", n);
|
---|
| 424 | if (n==0x08)
|
---|
| 425 | {
|
---|
| 426 | if((cta_res[i+2]&0x50)==0x50 && !(cta_res[i+3]&0x01) && (cta_res[i+5]&0x80))
|
---|
| 427 | r|=2;
|
---|
| 428 | }
|
---|
| 429 | else if (n==0x40) // camcrypt
|
---|
| 430 | {
|
---|
| 431 | if(ucpk_valid)
|
---|
| 432 | {
|
---|
| 433 | RSA(&cta_res[i+2],&cta_res[i+2], n, &exp, &ucpk, 0);
|
---|
| 434 | cs_debug("smartcardcryptoworks: after camcrypt ");
|
---|
| 435 | r=0; secLen=n-4; n=4;
|
---|
| 436 | }
|
---|
| 437 | else
|
---|
| 438 | {
|
---|
| 439 | cs_log("cryptoworks: valid UCPK needed for camcrypt!");
|
---|
| 440 | return(0);
|
---|
| 441 | }
|
---|
| 442 | }
|
---|
| 443 | break;
|
---|
| 444 | default:
|
---|
| 445 | cs_debug("smartcardcryptoworks: nano %02x (unhandled)",cta_res[i]);
|
---|
| 446 | break;
|
---|
| 447 | }
|
---|
| 448 | i+=n+2;
|
---|
| 449 | }
|
---|
| 450 | }
|
---|
| 451 |
|
---|
| 452 | #ifdef LALL
|
---|
| 453 | ########################################################################
|
---|
| 454 | if ((cta_res[cta_lr-2]==0x9f)&&(cta_res[cta_lr-1]==0x1c))
|
---|
| 455 | {
|
---|
| 456 | read_cmd(insC0, NULL);
|
---|
| 457 | if ((cta_lr>26)&&(cta_res[cta_lr-2]==0x90)&&(cta_res[cta_lr-1]==0))
|
---|
| 458 | {
|
---|
| 459 | if (rc=(((cta_res[20]&0x50)==0x50) &&
|
---|
| 460 | (!(cta_res[21]&0x01)) &&
|
---|
| 461 | (cta_res[23]&0x80)))
|
---|
| 462 | memcpy(er->cw, cta_res+2, 16);
|
---|
| 463 | }
|
---|
| 464 | }
|
---|
| 465 | #endif
|
---|
| 466 | }
|
---|
| 467 | // return(rc ? 1 : 0);
|
---|
| 468 | return((r==3) ? 1 : 0);
|
---|
| 469 | }
|
---|
| 470 |
|
---|
| 471 | int cryptoworks_do_emm(EMM_PACKET *ep)
|
---|
| 472 | {
|
---|
[39] | 473 | uchar insEMM_GA[] = {0xA4, 0x44, 0x00, 0x00, 0x00};
|
---|
| 474 | uchar insEMM_SA[] = {0xA4, 0x48, 0x00, 0x00, 0x00};
|
---|
| 475 | uchar insEMM_UA[] = {0xA4, 0x42, 0x00, 0x00, 0x00};
|
---|
[8] | 476 | int rc=0;
|
---|
| 477 | uchar *emm=ep->emm;
|
---|
[39] | 478 |
|
---|
| 479 | /* this original
|
---|
[8] | 480 | if ((emm[0]==0x8f) && (emm[3]==0xa4)) // emm via camd3.5x
|
---|
[39] | 481 | {
|
---|
[8] | 482 | ep->type=emm[4];
|
---|
| 483 | write_cmd(emm+3, emm+3+CMD_LEN);
|
---|
| 484 | if ((cta_lr==2) && (cta_res[0]==0x90) && (cta_res[1]==0))
|
---|
| 485 | rc=1;
|
---|
| 486 | }
|
---|
[39] | 487 | */
|
---|
| 488 |
|
---|
| 489 | //by KrazyIvan
|
---|
| 490 | ep->type=emm[0];
|
---|
| 491 | //cs_log("EMM Dump:..: %s",cs_hexdump(1, emm, emm[2]));
|
---|
| 492 | switch(emm[0])
|
---|
| 493 | {
|
---|
| 494 | // emm via camd3.5x
|
---|
| 495 | case 0x8F:
|
---|
| 496 | if(emm[3]==0xA4)
|
---|
| 497 | {
|
---|
| 498 | ep->type=emm[4];
|
---|
| 499 | //cs_log("EMM Dump: CMD: %s", cs_hexdump(1, emm+3, 5));
|
---|
| 500 | //cs_log("EMM Dump: DATA: %s",cs_hexdump(1, emm+8, emm[7]));
|
---|
| 501 | write_cmd(emm+3, emm+3+CMD_LEN);
|
---|
| 502 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
| 503 | }
|
---|
| 504 | break;
|
---|
| 505 |
|
---|
| 506 | //GA
|
---|
| 507 | case 0x88:
|
---|
| 508 | case 0x89:
|
---|
| 509 | if(emm[3]==0xA9 && emm[4]==0xFF && emm[8]==0x83 && emm[9]==0x01)
|
---|
| 510 | {
|
---|
| 511 | ep->type=insEMM_GA[1];
|
---|
| 512 | insEMM_GA[4]=ep->emm[2]-2;
|
---|
| 513 | //cs_log("EMM Dump: CMD: %s", cs_hexdump(1, insEMM_GA, 5));
|
---|
| 514 | //cs_log("EMM Dump: DATA: %s",cs_hexdump(1, emm+5, insEMM_GA[4]));
|
---|
| 515 | //cs_log("EMM Dump: IF: %02X == %02X",emm[7],(insEMM_GA[4]-3));
|
---|
| 516 |
|
---|
| 517 | if(emm[7]==insEMM_GA[4]-3)
|
---|
| 518 | {
|
---|
| 519 | write_cmd(insEMM_GA, emm+5);
|
---|
| 520 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
| 521 | }
|
---|
| 522 | }
|
---|
| 523 | break;
|
---|
| 524 |
|
---|
| 525 | //SA
|
---|
| 526 | case 0x84:
|
---|
| 527 | if(emm[3]==0xA9 && emm[4]==0xFF && emm[12]==0x80 && emm[13]==0x04)
|
---|
| 528 | {
|
---|
| 529 | ep->type=insEMM_SA[1];
|
---|
| 530 | insEMM_SA[4]=ep->emm[2]-6;
|
---|
| 531 | //cs_log("EMM Dump: CMD: %s", cs_hexdump(1, insEMM_SA, 5));
|
---|
| 532 | //cs_log("EMM Dump: DATA: %s",cs_hexdump(1, emm+9, insEMM_SA[4]));
|
---|
| 533 | //cs_log("EMM Dump: IF: %02X == %02X",emm[11],(insEMM_SA[4]-3));
|
---|
| 534 |
|
---|
| 535 | if(emm[11]==insEMM_SA[4]-3)
|
---|
| 536 | {
|
---|
| 537 | write_cmd(insEMM_SA, emm+9);
|
---|
| 538 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
| 539 | }
|
---|
| 540 | }
|
---|
| 541 | break;
|
---|
| 542 |
|
---|
| 543 | //UA
|
---|
| 544 | case 0x82:
|
---|
| 545 | if(emm[3]==0xA9 && emm[4]==0xFF && emm[13]==0x80 && emm[14]==0x05)
|
---|
| 546 | {
|
---|
| 547 | ep->type=insEMM_UA[1];
|
---|
| 548 | insEMM_UA[4]=ep->emm[2]-7;
|
---|
| 549 | //cs_log("EMM Dump: CMD: %s", cs_hexdump(1, insEMM_UA, 5));
|
---|
| 550 | //cs_log("EMM Dump: DATA: %s",cs_hexdump(1, emm+10, insEMM_UA[4]));
|
---|
| 551 | //cs_log("EMM Dump: IF: %02X == %02X",emm[12],(insEMM_UA[4]-3));
|
---|
| 552 |
|
---|
| 553 | if(emm[12]==insEMM_UA[4]-3)
|
---|
| 554 | {
|
---|
| 555 | //cryptoworks_send_pin(); //?? may be
|
---|
| 556 | write_cmd(insEMM_UA, emm+10);
|
---|
| 557 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
| 558 | }
|
---|
| 559 | }
|
---|
| 560 | break;
|
---|
| 561 | }
|
---|
| 562 |
|
---|
[8] | 563 | return(rc);
|
---|
| 564 | }
|
---|
| 565 |
|
---|
| 566 | int cryptoworks_card_info(void)
|
---|
| 567 | {
|
---|
| 568 | int i;
|
---|
| 569 | uchar insA21[]= {0xA4, 0xA2, 0x01, 0x00, 0x05, 0x8C, 0x00, 0x00, 0x00, 0x00};
|
---|
| 570 | uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
|
---|
| 571 | char l_name[20+8]=", name: ";
|
---|
| 572 |
|
---|
| 573 | for (i=0; i<reader[ridx].nprov; i++)
|
---|
| 574 | {
|
---|
| 575 | l_name[8]=0;
|
---|
| 576 | select_file(0x1f, reader[ridx].prid[i][3]); // select provider
|
---|
| 577 | select_file(0x0e, 0x11); // read provider name
|
---|
| 578 | if (read_record(0xD6)>=16)
|
---|
| 579 | {
|
---|
[70] | 580 | strncpy(l_name+8, (const char *)cta_res+2, sizeof(l_name)-9);
|
---|
[8] | 581 | l_name[sizeof(l_name)]=0;
|
---|
| 582 | trim(l_name+8);
|
---|
| 583 | }
|
---|
| 584 | l_name[0]=(l_name[8]) ? ',' : 0;
|
---|
| 585 | cs_ri_log("provider: %d, id: %02X%s", i+1, reader[ridx].prid[i][3], l_name);
|
---|
| 586 | select_file(0x0f, 0x20); // select provider class
|
---|
| 587 | write_cmd(insA21, insA21+5);
|
---|
| 588 | if (cta_res[0]==0x9f)
|
---|
| 589 | {
|
---|
| 590 | insB2[4]=cta_res[1];
|
---|
| 591 | for(insB2[3]=0; (cta_res[0]!=0x94)||(cta_res[1]!=0x2); insB2[3]=1)
|
---|
| 592 | {
|
---|
| 593 | read_cmd(insB2, NULL); // read chid
|
---|
| 594 | if (cta_res[0]!=0x94)
|
---|
| 595 | {
|
---|
| 596 | char ds[16], de[16];
|
---|
| 597 | chid_date(cta_res+28, ds, sizeof(ds)-1);
|
---|
| 598 | chid_date(cta_res+30, de, sizeof(de)-1);
|
---|
| 599 | cs_ri_log("chid: %02X%02X, date: %s - %s, name: %s",
|
---|
[70] | 600 | cta_res[6], cta_res[7], ds, de, trim((char *) cta_res+10));
|
---|
[8] | 601 | }
|
---|
| 602 | }
|
---|
| 603 | }
|
---|
[39] | 604 | //================================================================================
|
---|
| 605 | //by KrazyIvan
|
---|
| 606 | select_file(0x0f, 0x00); // select provider channel
|
---|
| 607 | write_cmd(insA21, insA21+5);
|
---|
| 608 | if (cta_res[0]==0x9f)
|
---|
| 609 | {
|
---|
| 610 | insB2[4]=cta_res[1];
|
---|
| 611 | for(insB2[3]=0; (cta_res[0]!=0x94)||(cta_res[1]!=0x2); insB2[3]=1)
|
---|
| 612 | {
|
---|
| 613 | read_cmd(insB2, NULL); // read chid
|
---|
| 614 | if (cta_res[0]!=0x94)
|
---|
| 615 | {
|
---|
| 616 | char ds[16], de[16];
|
---|
| 617 | chid_date(cta_res+28, ds, sizeof(ds)-1);
|
---|
| 618 | chid_date(cta_res+30, de, sizeof(de)-1);
|
---|
| 619 | cta_res[27]=0;
|
---|
| 620 | cs_ri_log("chid: %02X%02X, date: %s - %s, name: %s",
|
---|
[70] | 621 | cta_res[6], cta_res[7], ds, de, trim((char *)cta_res+10));
|
---|
[39] | 622 | }
|
---|
| 623 | }
|
---|
| 624 | }
|
---|
| 625 | //================================================================================
|
---|
| 626 |
|
---|
[8] | 627 | }
|
---|
| 628 | return(1);
|
---|
| 629 | }
|
---|