1 | #include "globals.h"
|
---|
2 | #include "reader-common.h"
|
---|
3 |
|
---|
4 | static BIGNUM exp, ucpk;
|
---|
5 |
|
---|
6 | #define CMD_LEN 5
|
---|
7 |
|
---|
8 | void RotateBytes1(unsigned char *out, unsigned char *in, int n)
|
---|
9 | {
|
---|
10 | // loop is executed atleast once, so it's not a good idea to
|
---|
11 | // call with n=0 !!
|
---|
12 | out+=n;
|
---|
13 | do { *(--out)=*(in++); } while(--n);
|
---|
14 | }
|
---|
15 |
|
---|
16 | void RotateBytes2(unsigned char *in, int n)
|
---|
17 | {
|
---|
18 | // loop is executed atleast once, so it's not a good idea to
|
---|
19 | // call with n=0 !!
|
---|
20 | unsigned char *e=in+n-1;
|
---|
21 | do
|
---|
22 | {
|
---|
23 | unsigned char temp=*in;
|
---|
24 | *in++=*e;
|
---|
25 | *e-- =temp;
|
---|
26 | } while(in<e);
|
---|
27 | }
|
---|
28 |
|
---|
29 | int Input(BIGNUM *d, unsigned char *in, int n, int LE)
|
---|
30 | {
|
---|
31 | if (LE)
|
---|
32 | {
|
---|
33 | unsigned char tmp[n];
|
---|
34 | RotateBytes1(tmp,in,n);
|
---|
35 | return(BN_bin2bn(tmp,n,d)!=0);
|
---|
36 | }
|
---|
37 | else
|
---|
38 | return(BN_bin2bn(in,n,d)!=0);
|
---|
39 | }
|
---|
40 |
|
---|
41 | int Output(unsigned char *out, int n, BIGNUM *r, int LE)
|
---|
42 | {
|
---|
43 | int s=BN_num_bytes(r);
|
---|
44 | if (s>n)
|
---|
45 | {
|
---|
46 | unsigned char buff[s];
|
---|
47 | cs_debug("[cryptoworks-reader] rsa: RSA len %d > %d, truncating", s, n);
|
---|
48 | BN_bn2bin(r,buff);
|
---|
49 | memcpy(out,buff+s-n,n);
|
---|
50 | }
|
---|
51 | else if (s<n)
|
---|
52 | {
|
---|
53 | int l=n-s;
|
---|
54 | cs_debug("[cryptoworks-reader] rsa: RSA len %d < %d, padding", s, n);
|
---|
55 | memset(out,0,l);
|
---|
56 | BN_bn2bin(r,out+l);
|
---|
57 | }
|
---|
58 | else
|
---|
59 | BN_bn2bin(r,out);
|
---|
60 | if (LE)
|
---|
61 | RotateBytes2(out,n);
|
---|
62 | return(s);
|
---|
63 | }
|
---|
64 |
|
---|
65 | int RSA(unsigned char *out, unsigned char *in, int n, BIGNUM *exp, BIGNUM *mod, int LE)
|
---|
66 | {
|
---|
67 | int rc=0;
|
---|
68 | BN_CTX *ctx;
|
---|
69 | BIGNUM *r, *d;
|
---|
70 | ctx=BN_CTX_new();
|
---|
71 | r=BN_new();
|
---|
72 | d=BN_new();
|
---|
73 | if (Input(d,in,n,LE))
|
---|
74 | {
|
---|
75 | if(BN_mod_exp(r,d,exp,mod,ctx))
|
---|
76 | rc=Output(out,n,r,LE);
|
---|
77 | else
|
---|
78 | cs_log("[cryptoworks-reader] rsa: mod-exp failed");
|
---|
79 | }
|
---|
80 | BN_CTX_free(ctx);
|
---|
81 | BN_free(d);
|
---|
82 | BN_free(r);
|
---|
83 | return(rc);
|
---|
84 | }
|
---|
85 |
|
---|
86 | int CheckSctLen(const uchar *data, int off)
|
---|
87 | {
|
---|
88 | int l=SCT_LEN(data);
|
---|
89 | if (l+off > MAX_LEN)
|
---|
90 | {
|
---|
91 | cs_debug("[cryptoworks-reader] smartcard: section too long %d > %d", l, MAX_LEN-off);
|
---|
92 | l=-1;
|
---|
93 | }
|
---|
94 | return(l);
|
---|
95 | }
|
---|
96 |
|
---|
97 | static char *chid_date(uchar *ptr, char *buf, int l)
|
---|
98 | {
|
---|
99 | if (buf)
|
---|
100 | {
|
---|
101 | snprintf(buf, l, "%04d/%02d/%02d",
|
---|
102 | 1990+(ptr[0]>>1), ((ptr[0]&1)<<3)|(ptr[1]>>5), ptr[1]&0x1f);
|
---|
103 | }
|
---|
104 | return(buf);
|
---|
105 | }
|
---|
106 |
|
---|
107 | static int select_file(struct s_reader * reader, uchar f1, uchar f2, uchar * cta_res, ushort * p_cta_lr)
|
---|
108 | {
|
---|
109 | ushort cta_lr;
|
---|
110 | uchar insA4[] = {0xA4, 0xA4, 0x00, 0x00, 0x02, 0x00, 0x00};
|
---|
111 | insA4[5]=f1;
|
---|
112 | insA4[6]=f2;
|
---|
113 | write_cmd(insA4, insA4+5); // select file
|
---|
114 | *p_cta_lr = cta_lr;
|
---|
115 | return((cta_res[0]==0x9f)&&(cta_res[1]==0x11));
|
---|
116 | }
|
---|
117 |
|
---|
118 | static int read_record(struct s_reader * reader, uchar rec, uchar * cta_res)
|
---|
119 | {
|
---|
120 | ushort cta_lr;
|
---|
121 | uchar insA2[] = {0xA4, 0xA2, 0x00, 0x00, 0x01, 0x00};
|
---|
122 | uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
|
---|
123 |
|
---|
124 | insA2[5]=rec;
|
---|
125 | write_cmd(insA2, insA2+5); // select record
|
---|
126 | if (cta_res[0]!=0x9f)
|
---|
127 | return(-1);
|
---|
128 | insB2[4]=cta_res[1]; // get len
|
---|
129 | write_cmd(insB2, NULL); // read record
|
---|
130 | if ((cta_res[cta_lr-2]!=0x90) || (cta_res[cta_lr-1]))
|
---|
131 | return(-1);
|
---|
132 | return(cta_lr-2);
|
---|
133 | }
|
---|
134 |
|
---|
135 | //int cryptoworks_send_pin(struct s_reader * reader)
|
---|
136 | //{
|
---|
137 | // unsigned char insPIN[] = { 0xA4, 0x20, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //Verify PIN
|
---|
138 | //
|
---|
139 | // if(reader->pincode[0] && (reader->pincode[0]&0xF0)==0x30)
|
---|
140 | // {
|
---|
141 | // memcpy(insPIN+5,reader->pincode,4);
|
---|
142 | //
|
---|
143 | // write_cmd(insPIN, insPIN+5);
|
---|
144 | // cs_ri_log (reader, "sending pincode to card");
|
---|
145 | // if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) cs_ri_log (reader, "bad pincode");
|
---|
146 | //
|
---|
147 | // return OK;
|
---|
148 | // }
|
---|
149 | //
|
---|
150 | // return(0);
|
---|
151 | //}
|
---|
152 |
|
---|
153 | static int cryptoworks_disable_pin(struct s_reader * reader)
|
---|
154 | {
|
---|
155 | def_resp;
|
---|
156 | unsigned char insPIN[] = { 0xA4, 0x26, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //disable PIN
|
---|
157 |
|
---|
158 | if(reader->pincode[0] && (reader->pincode[0]&0xF0)==0x30)
|
---|
159 | {
|
---|
160 | memcpy(insPIN+5,reader->pincode,4);
|
---|
161 |
|
---|
162 | write_cmd(insPIN, insPIN+5);
|
---|
163 | cs_ri_log (reader, "disable pincode to card");
|
---|
164 | if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) cs_ri_log (reader, "bad pincode");
|
---|
165 | return ERROR;
|
---|
166 | }
|
---|
167 | return OK;
|
---|
168 | }
|
---|
169 |
|
---|
170 | int cryptoworks_card_init(struct s_reader * reader, ATR newatr)
|
---|
171 | {
|
---|
172 | get_atr;
|
---|
173 | def_resp;
|
---|
174 | int i;
|
---|
175 | unsigned int mfid=0x3F20;
|
---|
176 | static uchar cwexp[] = { 1, 0 , 1};
|
---|
177 | uchar insA4C[]= {0xA4, 0xC0, 0x00, 0x00, 0x11};
|
---|
178 | uchar insB8[] = {0xA4, 0xB8, 0x00, 0x00, 0x0c};
|
---|
179 | uchar issuerid=0;
|
---|
180 | char issuer[20]={0};
|
---|
181 | char *unknown="unknown", *pin=unknown, ptxt[CS_MAXPROV<<2]={0};
|
---|
182 |
|
---|
183 | if ((atr[6]!=0xC4) || (atr[9]!=0x8F) || (atr[10]!=0xF1)) return ERROR;
|
---|
184 |
|
---|
185 | reader->caid[0]=0xD00;
|
---|
186 | reader->nprov=0;
|
---|
187 | reader->ucpk_valid = 0;
|
---|
188 | memset(reader->prid, 0, sizeof(reader->prid));
|
---|
189 |
|
---|
190 | write_cmd(insA4C, NULL); // read masterfile-ID
|
---|
191 | if ((cta_res[0]==0xDF) && (cta_res[1]>=6))
|
---|
192 | mfid=(cta_res[6]<<8)|cta_res[7];
|
---|
193 |
|
---|
194 | select_file(reader, 0x3f, 0x20, cta_res, &cta_lr);
|
---|
195 | insB8[2]=insB8[3]=0; // first
|
---|
196 | for(cta_res[0]=0xdf; cta_res[0]==0xdf;)
|
---|
197 | {
|
---|
198 | write_cmd(insB8, NULL); // read provider id's
|
---|
199 | if (cta_res[0]!=0xdf) break;
|
---|
200 | if (((cta_res[4]&0x1f)==0x1f) && (reader->nprov<CS_MAXPROV))
|
---|
201 | {
|
---|
202 | sprintf(ptxt+strlen(ptxt), ",%02X", cta_res[5]);
|
---|
203 | reader->prid[reader->nprov++][3]=cta_res[5];
|
---|
204 | }
|
---|
205 | insB8[2]=insB8[3]=0xff; // next
|
---|
206 | }
|
---|
207 | for (i=reader->nprov; i<CS_MAXPROV; i++)
|
---|
208 | memset(&reader->prid[i][0], 0xff, 4);
|
---|
209 |
|
---|
210 | select_file(reader, 0x2f, 0x01, cta_res, &cta_lr); // read caid
|
---|
211 | if (read_record(reader, 0xD1, cta_res)>=4)
|
---|
212 | reader->caid[0]=(cta_res[2]<<8)|cta_res[3];
|
---|
213 |
|
---|
214 | if (read_record(reader, 0x80, cta_res)>=7) // read serial
|
---|
215 | memcpy(reader->hexserial, cta_res+2, 5);
|
---|
216 | cs_ri_log (reader, "type: CryptoWorks, caid: %04X, ascii serial: %llu, hex serial: %s",
|
---|
217 | reader->caid[0], b2ll(5, reader->hexserial),cs_hexdump(0, reader->hexserial, 5));
|
---|
218 |
|
---|
219 | if (read_record(reader, 0x9E, cta_res)>=66) // read ISK
|
---|
220 | {
|
---|
221 | uchar keybuf[256];
|
---|
222 | BIGNUM *ipk;
|
---|
223 | if (search_boxkey(reader->caid[0], (char *)keybuf))
|
---|
224 | {
|
---|
225 | ipk=BN_new();
|
---|
226 | BN_bin2bn(cwexp, sizeof(cwexp), &exp);
|
---|
227 | BN_bin2bn(keybuf, 64, ipk);
|
---|
228 | RSA(cta_res+2, cta_res+2, 0x40, &exp, ipk, 0);
|
---|
229 | BN_free(ipk);
|
---|
230 | reader->ucpk_valid =(cta_res[2]==((mfid & 0xFF)>>1));
|
---|
231 | if (reader->ucpk_valid)
|
---|
232 | {
|
---|
233 | cta_res[2]|=0x80;
|
---|
234 | BN_bin2bn(cta_res+2, 0x40, &ucpk);
|
---|
235 | cs_ddump(cta_res+2, 0x40, "IPK available -> session-key:");
|
---|
236 | }
|
---|
237 | else
|
---|
238 | {
|
---|
239 | reader->ucpk_valid =(keybuf[0]==(((mfid & 0xFF)>>1)|0x80));
|
---|
240 | if (reader->ucpk_valid)
|
---|
241 | {
|
---|
242 | BN_bin2bn(keybuf, 0x40, &ucpk);
|
---|
243 | cs_ddump(keybuf, 0x40, "session-key found:");
|
---|
244 | }
|
---|
245 | else
|
---|
246 | cs_log("[cryptoworks-reader] invalid IPK or session-key for CAID %04X !", reader->caid[0]);
|
---|
247 | }
|
---|
248 | }
|
---|
249 | }
|
---|
250 | if (read_record(reader, 0x9F, cta_res)>=3)
|
---|
251 | issuerid=cta_res[2];
|
---|
252 | if (read_record(reader, 0xC0, cta_res)>=16)
|
---|
253 | {
|
---|
254 | cs_strncpy(issuer, (const char *)cta_res+2, sizeof(issuer));
|
---|
255 | trim(issuer);
|
---|
256 | }
|
---|
257 | else
|
---|
258 | strcpy(issuer, unknown);
|
---|
259 |
|
---|
260 | select_file(reader, 0x3f, 0x20, cta_res, &cta_lr);
|
---|
261 | select_file(reader, 0x2f, 0x11, cta_res, &cta_lr); // read pin
|
---|
262 | if (read_record(reader, atr[8], cta_res)>=7)
|
---|
263 | {
|
---|
264 | cta_res[6]=0;
|
---|
265 | pin=(char *)cta_res+2;
|
---|
266 | }
|
---|
267 | cs_ri_log (reader, "issuer: %s, id: %02X, bios: v%d, pin: %s, mfid: %04X", issuer, issuerid, atr[7], pin, mfid);
|
---|
268 | cs_ri_log (reader, "providers: %d (%s)", reader->nprov, ptxt+1);
|
---|
269 | cs_log("[cryptoworks-reader] ready for requests");
|
---|
270 |
|
---|
271 | cryptoworks_disable_pin(reader); //by KrazyIvan
|
---|
272 |
|
---|
273 | return OK;
|
---|
274 | }
|
---|
275 |
|
---|
276 | //#ifdef LALL
|
---|
277 | //bool cSmartCardCryptoworks::Decode(const cEcmInfo *ecm, const unsigned char *data, unsigned char *cw)
|
---|
278 | //{
|
---|
279 | // static unsigned char ins4c[] = { 0xA4,0x4C,0x00,0x00,0x00 };
|
---|
280 | //
|
---|
281 | // unsigned char nanoD4[10];
|
---|
282 | // int l=CheckSctLen(data,-5+(ucpkValid ? sizeof(nanoD4):0));
|
---|
283 | // if(l>5) {
|
---|
284 | // unsigned char buff[MAX_LEN];
|
---|
285 | // if(ucpkValid) {
|
---|
286 | // memcpy(buff,data,l);
|
---|
287 | // nanoD4[0]=0xD4;
|
---|
288 | // nanoD4[1]=0x08;
|
---|
289 | // for(unsigned int i=2; i<sizeof(nanoD4); i++) nanoD4[i]=rand();
|
---|
290 | // memcpy(&buff[l],nanoD4,sizeof(nanoD4));
|
---|
291 | // data=buff; l+=sizeof(nanoD4);
|
---|
292 | // }
|
---|
293 | // ins4c[3]=ucpkValid ? 2 : 0;
|
---|
294 | // ins4c[4]=l-5;
|
---|
295 | // if(IsoWrite(ins4c,&data[5]) && Status() &&
|
---|
296 | // (l=GetLen())>0 && ReadData(buff,l)==l) {
|
---|
297 | // int r=0;
|
---|
298 | // for(int i=0; i<l && r<2; ) {
|
---|
299 | // int n=buff[i+1];
|
---|
300 | // switch(buff[i]) {
|
---|
301 | // case 0x80:
|
---|
302 | // de(printf("smartcardcryptoworks: nano 80 (serial)\n"))
|
---|
303 | // break;
|
---|
304 | // case 0xD4:
|
---|
305 | // de(printf("smartcardcryptoworks: nano D4 (rand)\n"))
|
---|
306 | // if(n<8 || memcmp(&buff[i],nanoD4,sizeof(nanoD4)))
|
---|
307 | // di(printf("smartcardcryptoworks: random data check failed after decrypt\n"))
|
---|
308 | // break;
|
---|
309 | // case 0xDB: // CW
|
---|
310 | // de(printf("smartcardcryptoworks: nano DB (cw)\n"))
|
---|
311 | // if(n==0x10) {
|
---|
312 | // memcpy(cw,&buff[i+2],16);
|
---|
313 | // r|=1;
|
---|
314 | // }
|
---|
315 | // break;
|
---|
316 | // case 0xDF: // signature
|
---|
317 | // de(printf("smartcardcryptoworks: nano DF %02x (sig)\n",n))
|
---|
318 | // if(n==0x08) {
|
---|
319 | // if((buff[i+2]&0x50)==0x50 && !(buff[i+3]&0x01) && (buff[i+5]&0x80))
|
---|
320 | // r|=2;
|
---|
321 | // }
|
---|
322 | // else if(n==0x40) { // camcrypt
|
---|
323 | // if(ucpkValid) {
|
---|
324 | // RSA(&buff[i+2],&buff[i+2],n,exp,ucpk,false);
|
---|
325 | // de(printf("smartcardcryptoworks: after camcrypt "))
|
---|
326 | // de(HexDump(&buff[i+2],n))
|
---|
327 | // r=0; l=n-4; n=4;
|
---|
328 | // }
|
---|
329 | // else {
|
---|
330 | // di(printf("smartcardcryptoworks: valid UCPK needed for camcrypt!\n"))
|
---|
331 | // return false;
|
---|
332 | // }
|
---|
333 | // }
|
---|
334 | // break;
|
---|
335 | // default:
|
---|
336 | // de(printf("smartcardcryptoworks: nano %02x (unhandled)\n",buff[i]))
|
---|
337 | // break;
|
---|
338 | // }
|
---|
339 | // i+=n+2;
|
---|
340 | // }
|
---|
341 | // return r==3;
|
---|
342 | // }
|
---|
343 | // }
|
---|
344 | // return false;
|
---|
345 | //}
|
---|
346 | //#endif
|
---|
347 |
|
---|
348 | int cryptoworks_do_ecm(struct s_reader * reader, ECM_REQUEST *er)
|
---|
349 | {
|
---|
350 | def_resp;
|
---|
351 | int r=0;
|
---|
352 | static unsigned char ins4C[] = { 0xA4,0x4C,0x00,0x00,0x00 };
|
---|
353 | static unsigned char insC0[] = { 0xA4,0xC0,0x00,0x00,0x1C };
|
---|
354 | unsigned char nanoD4[10];
|
---|
355 | int secLen=CheckSctLen(er->ecm,-5+(reader->ucpk_valid ? sizeof(nanoD4):0));
|
---|
356 |
|
---|
357 | if(secLen>5)
|
---|
358 | {
|
---|
359 | int i;
|
---|
360 | uchar *ecm=er->ecm;
|
---|
361 | uchar buff[MAX_LEN];
|
---|
362 |
|
---|
363 | if(reader->ucpk_valid)
|
---|
364 | {
|
---|
365 | memcpy(buff,er->ecm,secLen);
|
---|
366 | nanoD4[0]=0xD4;
|
---|
367 | nanoD4[1]=0x08;
|
---|
368 | for (i=2; i<(int)sizeof(nanoD4); i++)
|
---|
369 | nanoD4[i]=rand();
|
---|
370 | memcpy(&buff[secLen], nanoD4, sizeof(nanoD4));
|
---|
371 | ecm=buff;
|
---|
372 | secLen+=sizeof(nanoD4);
|
---|
373 | }
|
---|
374 |
|
---|
375 | ins4C[3]=reader->ucpk_valid ? 2 : 0;
|
---|
376 | ins4C[4]=secLen-5;
|
---|
377 | write_cmd(ins4C, ecm+5);
|
---|
378 | if (cta_res[cta_lr-2]==0x9f)
|
---|
379 | {
|
---|
380 | insC0[4]=cta_res[cta_lr-1];
|
---|
381 | write_cmd(insC0, NULL);
|
---|
382 | for(i=0; i<secLen && r<2; )
|
---|
383 | {
|
---|
384 | int n=cta_res[i+1];
|
---|
385 | switch(cta_res[i])
|
---|
386 | {
|
---|
387 | case 0x80:
|
---|
388 | cs_debug("[cryptoworks-reader] nano 80 (serial)");
|
---|
389 | break;
|
---|
390 | case 0xD4:
|
---|
391 | cs_debug("[cryptoworks-reader] nano D4 (rand)");
|
---|
392 | if(n<8 || memcmp(&cta_res[i],nanoD4,sizeof(nanoD4)))
|
---|
393 | cs_debug("[cryptoworks-reader] random data check failed after decrypt");
|
---|
394 | break;
|
---|
395 | case 0xDB: // CW
|
---|
396 | cs_debug("[cryptoworks-reader] nano DB (cw)");
|
---|
397 | if(n==0x10)
|
---|
398 | {
|
---|
399 | memcpy(er->cw, &cta_res[i+2], 16);
|
---|
400 | r|=1;
|
---|
401 | }
|
---|
402 | break;
|
---|
403 | case 0xDF: // signature
|
---|
404 | cs_debug("[cryptoworks-reader] nano DF %02x (sig)", n);
|
---|
405 | if (n==0x08)
|
---|
406 | {
|
---|
407 | if((cta_res[i+2]&0x50)==0x50 && !(cta_res[i+3]&0x01) && (cta_res[i+5]&0x80))
|
---|
408 | r|=2;
|
---|
409 | }
|
---|
410 | else if (n==0x40) // camcrypt
|
---|
411 | {
|
---|
412 | if(reader->ucpk_valid)
|
---|
413 | {
|
---|
414 | RSA(&cta_res[i+2],&cta_res[i+2], n, &exp, &ucpk, 0);
|
---|
415 | cs_debug("[cryptoworks-reader] after camcrypt ");
|
---|
416 | r=0; secLen=n-4; n=4;
|
---|
417 | }
|
---|
418 | else
|
---|
419 | {
|
---|
420 | cs_log("[cryptoworks-reader] valid UCPK needed for camcrypt!");
|
---|
421 | return ERROR;
|
---|
422 | }
|
---|
423 | }
|
---|
424 | break;
|
---|
425 | default:
|
---|
426 | cs_debug("[cryptoworks-reader] nano %02x (unhandled)",cta_res[i]);
|
---|
427 | break;
|
---|
428 | }
|
---|
429 | i+=n+2;
|
---|
430 | }
|
---|
431 | }
|
---|
432 |
|
---|
433 | //#ifdef LALL
|
---|
434 | //########################################################################
|
---|
435 | // if ((cta_res[cta_lr-2]==0x9f)&&(cta_res[cta_lr-1]==0x1c))
|
---|
436 | // {
|
---|
437 | // write_cmd(insC0, NULL);
|
---|
438 | // if ((cta_lr>26)&&(cta_res[cta_lr-2]==0x90)&&(cta_res[cta_lr-1]==0))
|
---|
439 | // {
|
---|
440 | // if (rc=(((cta_res[20]&0x50)==0x50) &&
|
---|
441 | // (!(cta_res[21]&0x01)) &&
|
---|
442 | // (cta_res[23]&0x80)))
|
---|
443 | // memcpy(er->cw, cta_res+2, 16);
|
---|
444 | // }
|
---|
445 | // }
|
---|
446 | //#endif
|
---|
447 | }
|
---|
448 | // return(rc ? 1 : 0);
|
---|
449 | return((r==3) ? 1 : 0);
|
---|
450 | }
|
---|
451 |
|
---|
452 | int cryptoworks_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)
|
---|
453 | {
|
---|
454 | char dumprdrserial[18];
|
---|
455 |
|
---|
456 | cs_debug_mask(D_EMM, "Entered cryptoworks_get_emm_type ep->emm[0]=%02x",ep->emm[0]);
|
---|
457 | switch (ep->emm[0]) {
|
---|
458 | case 0x82:
|
---|
459 | if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[13]==0x80 && ep->emm[14]==0x05) {
|
---|
460 | ep->type = UNIQUE;
|
---|
461 | memset(ep->hexserial, 0, 8);
|
---|
462 | memcpy(ep->hexserial, ep->emm + 5, 6);
|
---|
463 | strcpy(dumprdrserial, cs_hexdump(1, rdr->hexserial, 6));
|
---|
464 | cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: UNIQUE, ep = %s rdr = %s",
|
---|
465 | cs_hexdump(1, ep->hexserial, 6), dumprdrserial);
|
---|
466 | return (!memcmp(ep->emm + 5, rdr->hexserial, 6)); // check for serial
|
---|
467 | }
|
---|
468 |
|
---|
469 | case 0x84:
|
---|
470 | if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[12]==0x80 && ep->emm[13]==0x04) {
|
---|
471 | ep->type = SHARED;
|
---|
472 | memset(ep->hexserial, 0, 8);
|
---|
473 | memcpy(ep->hexserial, ep->emm + 5, 4);
|
---|
474 | strcpy(dumprdrserial, cs_hexdump(1, rdr->hexserial, 4));
|
---|
475 | cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: SHARED, ep = %s rdr = %s",
|
---|
476 | cs_hexdump(1, ep->hexserial, 4), dumprdrserial);
|
---|
477 | return (!memcmp(ep->emm + 5, rdr->hexserial, 4)); // check for SA
|
---|
478 | }
|
---|
479 |
|
---|
480 | case 0x88:
|
---|
481 | case 0x89:
|
---|
482 | if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[8]==0x83 && ep->emm[9]==0x01) {
|
---|
483 | cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: GLOBAL");
|
---|
484 | ep->type = GLOBAL;
|
---|
485 | return TRUE;
|
---|
486 | }
|
---|
487 |
|
---|
488 | //incoming via camd3.5x
|
---|
489 | //ep->type=emm[4];
|
---|
490 | case 0x8F:
|
---|
491 | default:
|
---|
492 | ep->type = UNKNOWN;
|
---|
493 | cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: UNKNOWN");
|
---|
494 | return TRUE;
|
---|
495 | }
|
---|
496 | }
|
---|
497 |
|
---|
498 | uchar *cryptoworks_get_emm_filter(struct s_reader * rdr, int type)
|
---|
499 | {
|
---|
500 | static uint8_t filter[32];
|
---|
501 | memset(filter, 0x00, 32);
|
---|
502 |
|
---|
503 | switch (type) {
|
---|
504 | case GLOBAL:
|
---|
505 | filter[0] = 0x88;
|
---|
506 | filter[0+16] = 0xFE; // 0x88 to 0x89
|
---|
507 | filter[1] = 0xA9;
|
---|
508 | filter[1+16] = 0xFF;
|
---|
509 | filter[2] = 0xFF;
|
---|
510 | filter[2+16] = 0xFF;
|
---|
511 | filter[6] = 0x83;
|
---|
512 | filter[6+16] = 0xFF;
|
---|
513 | filter[7] = 0x01;
|
---|
514 | filter[7+16] = 0xFF;
|
---|
515 | break;
|
---|
516 | case SHARED:
|
---|
517 | filter[0] = 0x84;
|
---|
518 | filter[0+16] = 0xFF;
|
---|
519 | filter[1] = 0xA9;
|
---|
520 | filter[1+16] = 0xFF;
|
---|
521 | filter[2] = 0xFF;
|
---|
522 | filter[2+16] = 0xFF;
|
---|
523 | memcpy(filter+3, rdr->hexserial, 4);
|
---|
524 | memset(filter+3+16, 0xFF, 4);
|
---|
525 | filter[10] = 0x80;
|
---|
526 | filter[10+16] = 0xFF;
|
---|
527 | filter[11] = 0x04;
|
---|
528 | filter[11+16] = 0xFF;
|
---|
529 | break;
|
---|
530 | case UNIQUE:
|
---|
531 | filter[0] = 0x82;
|
---|
532 | filter[0+16] = 0xFF;
|
---|
533 | filter[1] = 0xA9;
|
---|
534 | filter[1+16] = 0xFF;
|
---|
535 | filter[2] = 0xFF;
|
---|
536 | filter[2+16] = 0xFF;
|
---|
537 | memcpy(filter+3, rdr->hexserial, 6);
|
---|
538 | memset(filter+3+16, 0xFF, 6);
|
---|
539 | filter[11] = 0x80;
|
---|
540 | filter[11+16] = 0xFF;
|
---|
541 | filter[12] = 0x05;
|
---|
542 | filter[12+16] = 0xFF;
|
---|
543 | break;
|
---|
544 | }
|
---|
545 |
|
---|
546 | return filter;
|
---|
547 | }
|
---|
548 |
|
---|
549 | int cryptoworks_do_emm(struct s_reader * reader, EMM_PACKET *ep)
|
---|
550 | {
|
---|
551 | def_resp;
|
---|
552 | uchar insEMM_GA[] = {0xA4, 0x44, 0x00, 0x00, 0x00};
|
---|
553 | uchar insEMM_SA[] = {0xA4, 0x48, 0x00, 0x00, 0x00};
|
---|
554 | uchar insEMM_UA[] = {0xA4, 0x42, 0x00, 0x00, 0x00};
|
---|
555 | int rc=0;
|
---|
556 | uchar *emm=ep->emm;
|
---|
557 |
|
---|
558 | /* this original
|
---|
559 | if ((emm[0]==0x8f) && (emm[3]==0xa4)) // emm via camd3.5x
|
---|
560 | {
|
---|
561 | ep->type=emm[4];
|
---|
562 | write_cmd(emm+3, emm+3+CMD_LEN);
|
---|
563 | if ((cta_lr==2) && (cta_res[0]==0x90) && (cta_res[1]==0))
|
---|
564 | rc=1;
|
---|
565 | }
|
---|
566 | */
|
---|
567 |
|
---|
568 | //cs_log("[cryptoworks-reader] EMM Dump:..: %s",cs_hexdump(1, emm, emm[2]));
|
---|
569 | switch(ep->type)
|
---|
570 | {
|
---|
571 | // emm via camd3.5x
|
---|
572 | case UNKNOWN:
|
---|
573 | if(emm[3]==0xA4)
|
---|
574 | {
|
---|
575 | //cs_log("[cryptoworks-reader] EMM Dump: CMD: %s", cs_hexdump(1, emm+3, 5));
|
---|
576 | //cs_log("[cryptoworks-reader] EMM Dump: DATA: %s",cs_hexdump(1, emm+8, emm[7]));
|
---|
577 | write_cmd(emm+3, emm+3+CMD_LEN);
|
---|
578 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
579 | }
|
---|
580 | break;
|
---|
581 |
|
---|
582 | //GA
|
---|
583 | case GLOBAL:
|
---|
584 | insEMM_GA[4]=ep->emm[2]-2;
|
---|
585 | //cs_log("[cryptoworks-reader] EMM Dump: CMD: %s", cs_hexdump(1, insEMM_GA, 5));
|
---|
586 | //cs_log("[cryptoworks-reader] EMM Dump: DATA: %s",cs_hexdump(1, emm+5, insEMM_GA[4]));
|
---|
587 | //cs_log("[cryptoworks-reader] EMM Dump: IF: %02X == %02X",emm[7],(insEMM_GA[4]-3));
|
---|
588 |
|
---|
589 | if(emm[7]==insEMM_GA[4]-3)
|
---|
590 | {
|
---|
591 | write_cmd(insEMM_GA, emm+5);
|
---|
592 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
593 | }
|
---|
594 | break;
|
---|
595 |
|
---|
596 | //SA
|
---|
597 | case SHARED:
|
---|
598 | insEMM_SA[4]=ep->emm[2]-6;
|
---|
599 | //cs_log("[cryptoworks-reader] EMM Dump: CMD: %s", cs_hexdump(1, insEMM_SA, 5));
|
---|
600 | //cs_log("[cryptoworks-reader] EMM Dump: DATA: %s",cs_hexdump(1, emm+9, insEMM_SA[4]));
|
---|
601 | //cs_log("[cryptoworks-reader] EMM Dump: IF: %02X == %02X",emm[11],(insEMM_SA[4]-3));
|
---|
602 |
|
---|
603 | if(emm[11]==insEMM_SA[4]-3)
|
---|
604 | {
|
---|
605 | write_cmd(insEMM_SA, emm+9);
|
---|
606 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
607 | }
|
---|
608 | break;
|
---|
609 |
|
---|
610 | //UA
|
---|
611 | case UNIQUE:
|
---|
612 | insEMM_UA[4]=ep->emm[2]-7;
|
---|
613 | //cs_log("[cryptoworks-reader] EMM Dump: CMD: %s", cs_hexdump(1, insEMM_UA, 5));
|
---|
614 | //cs_log("[cryptoworks-reader] EMM Dump: DATA: %s",cs_hexdump(1, emm+10, insEMM_UA[4]));
|
---|
615 | //cs_log("[cryptoworks-reader] EMM Dump: IF: %02X == %02X",emm[12],(insEMM_UA[4]-3));
|
---|
616 |
|
---|
617 | if(emm[12]==insEMM_UA[4]-3)
|
---|
618 | {
|
---|
619 | //cryptoworks_send_pin(); //?? may be
|
---|
620 | write_cmd(insEMM_UA, emm+10);
|
---|
621 | rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
|
---|
622 | }
|
---|
623 | break;
|
---|
624 | }
|
---|
625 |
|
---|
626 | return(rc);
|
---|
627 | }
|
---|
628 |
|
---|
629 | int cryptoworks_card_info(struct s_reader * reader)
|
---|
630 | {
|
---|
631 | def_resp;
|
---|
632 | int i;
|
---|
633 | uchar insA21[]= {0xA4, 0xA2, 0x01, 0x00, 0x05, 0x8C, 0x00, 0x00, 0x00, 0x00};
|
---|
634 | uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
|
---|
635 | char l_name[20+8]=", name: ";
|
---|
636 | cs_log("[cryptoworks-reader] card detected");
|
---|
637 | cs_log("[cryptoworks-reader] type: CryptoWorks");
|
---|
638 |
|
---|
639 | for (i=0; i<reader->nprov; i++)
|
---|
640 | {
|
---|
641 | l_name[8]=0;
|
---|
642 | select_file(reader, 0x1f, reader->prid[i][3], cta_res, &cta_lr); // select provider
|
---|
643 | select_file(reader, 0x0e, 0x11, cta_res, &cta_lr); // read provider name
|
---|
644 | if (read_record(reader, 0xD6, cta_res)>=16)
|
---|
645 | {
|
---|
646 | cs_strncpy(l_name+8, (const char *)cta_res+2, sizeof(l_name)-9);
|
---|
647 | l_name[sizeof(l_name)-1]=0;
|
---|
648 | trim(l_name+8);
|
---|
649 | }
|
---|
650 | l_name[0]=(l_name[8]) ? ',' : 0;
|
---|
651 | cs_ri_log (reader, "provider: %d, id: %02X%s", i+1, reader->prid[i][3], l_name);
|
---|
652 | select_file(reader, 0x0f, 0x20, cta_res, &cta_lr); // select provider class
|
---|
653 | write_cmd(insA21, insA21+5);
|
---|
654 | if (cta_res[0]==0x9f)
|
---|
655 | {
|
---|
656 | insB2[4]=cta_res[1];
|
---|
657 | for(insB2[3]=0; (cta_res[0]!=0x94)||(cta_res[1]!=0x2); insB2[3]=1)
|
---|
658 | {
|
---|
659 | write_cmd(insB2, NULL); // read chid
|
---|
660 | if (cta_res[0]!=0x94)
|
---|
661 | {
|
---|
662 | char ds[16], de[16];
|
---|
663 | chid_date(cta_res+28, ds, sizeof(ds)-1);
|
---|
664 | chid_date(cta_res+30, de, sizeof(de)-1);
|
---|
665 | cs_ri_log (reader, "chid: %02X%02X, date: %s - %s, name: %s",
|
---|
666 | cta_res[6], cta_res[7], ds, de, trim((char *) cta_res+10));
|
---|
667 | }
|
---|
668 | }
|
---|
669 | }
|
---|
670 | //================================================================================
|
---|
671 | //by KrazyIvan
|
---|
672 | select_file(reader, 0x0f, 0x00, cta_res, &cta_lr); // select provider channel
|
---|
673 | write_cmd(insA21, insA21+5);
|
---|
674 | if (cta_res[0]==0x9f)
|
---|
675 | {
|
---|
676 | insB2[4]=cta_res[1];
|
---|
677 | for(insB2[3]=0; (cta_res[0]!=0x94)||(cta_res[1]!=0x2); insB2[3]=1)
|
---|
678 | {
|
---|
679 | write_cmd(insB2, NULL); // read chid
|
---|
680 | if (cta_res[0]!=0x94)
|
---|
681 | {
|
---|
682 | char ds[16], de[16];
|
---|
683 | chid_date(cta_res+28, ds, sizeof(ds)-1);
|
---|
684 | chid_date(cta_res+30, de, sizeof(de)-1);
|
---|
685 | cta_res[27]=0;
|
---|
686 | cs_ri_log (reader, "chid: %02X%02X, date: %s - %s, name: %s",
|
---|
687 | cta_res[6], cta_res[7], ds, de, trim((char *)cta_res+10));
|
---|
688 | }
|
---|
689 | }
|
---|
690 | }
|
---|
691 | //================================================================================
|
---|
692 |
|
---|
693 | }
|
---|
694 | return OK;
|
---|
695 | }
|
---|