def get_card(self): # create connection if hasattr(self, 'connection'): self.connection.disconnect() self.connection = self.reader.createConnection() self.connection.connect() self.card = SmartCard(self.connection)
def process_card(connection, options): """ Implement your function here """ # Open card card = SmartCard(connection)
class Fuzzer: def __init__(self, reader, logical_channel): self.reader = reader self.logical_channel = logical_channel self.get_card() if self.logical_channel > 0: self.card._send_apdu([0x0, 0x70, 0x0] + [self.logical_channel]) def get_card(self): # create connection if hasattr(self, 'connection'): self.connection.disconnect() self.connection = self.reader.createConnection() self.connection.connect() self.card = SmartCard(self.connection) def select(self, application): self.card._send_apdu([0 + self.logical_channel, 0xA4, 0x04, 0x00] + [len(application)] + application + [0x00]) def send_channel_aware_precommand(self, command): apdu = command apdu[0] += self.logical_channel self.card._send_apdu(apdu) def send_apdu(self, apdu_to_send): """ Send an APDU to the card, and hadle errors appropriately """ str = "Trying : ", [hex(i) for i in apdu_to_send] logging.debug(str) start = timer() try: for attempt in range(10): try: (data, sw1, sw2) = self.card._send_apdu(apdu_to_send) errorchain[0]([], sw1, sw2) except CardConnectionException, e: sleep(1) self.get_card() else: break else:
def process_card(connection, options): """ Implement your function here """ global log_level # Open card card = SmartCard(connection) # Try sending a valid PIN PIN = "1213" PIN_DATA = [] for c in PIN: PIN_DATA.append(ord(c)) PIN_DATA2 = list(PIN_DATA) PIN_DATA2[0] = 0x30 print("Set PIN data:") print(PIN) print(PIN_DATA) # try global pin print("TRYING GLOBAL PIN") (data, sw1, sw2) = card.apdu_verify_pin([], 0x00, 0) (data, sw1, sw2) = card.apdu_verify_pin(PIN_DATA, 0x00) print("\n\n\n") ## # Lock Card # for x in range(3): # (data, sw1, sw2) = card.apdu_verify_pin(PIN_DATA, 0x80) # # for x in range(3): # (data, sw1, sw2) = card.apdu_reset_retry_counter(PIN_DATA, 0x80, PIN_DATA) print("Opening Secure Channel") # Select GP Manager card.apdu_select_application(APDU.APPLET.SECURITY_GEMALTO) # Open our secure channel card.open_secure_channel(APDU.APPLET.SECURITY_GEMALTO, APDU.AUTH_KEYS.GEMALTO, security_level=APDU.SECURE_CHANNEL.MODE.NONE) # Reset our retry counter print("Resetting retry counter...") # card.apdu_change_reference_data(0x00, [], PIN_DATA, first=True) card.apdu_change_reference_data(0x80, PIN_DATA, PIN_DATA) card.apdu_reset_retry_counter(PIN_DATA, 0x80, PIN_DATA) # Print applications on the card print("Printing card applications...") card.print_applications()
def main(args=None): opts = optparse.OptionParser() opts.add_option("-t", "--cardtype", action="store", type="string", dest="cardtype", default=CARD_TYPE.CAC, help="Card Type (V - Visa, C - CAC, H - Hello World)") opts.add_option("-l", "--listreaders", action="store_true", dest="listreaders", default=False, help="List Available Readers") opts.add_option("-s", "--savecerts", action="store", type="string", dest="savecerts", default=None, help="Save certificates to disk.") opts.add_option("-r", "--reader", action="store", type="int", dest="reader", default=-1, help="Reader number from --list or -1 for all.") opts.add_option("-d", "--debug", action="store_true", dest="debug", default=False, help="Enable DEBUG") (options, positionals) = opts.parse_args(args) if options.cardtype in CARD_TYPES: card_type = CARD_TYPES[options.cardtype] else: print "Card type not recognized." card_type = CARD_TYPE.CAC reader_list = readers() if options.listreaders: print "Available readers: " for i in range(len(reader_list)): print " %d: %s" % (i, reader_list[i]) return log_level = logging.ERROR if options.debug: log_level = logging.DEBUG # by default we use the first reader for i in range(len(reader_list)): if options.reader == i or options.reader < 0: try: print "Using: %s" % reader_list[i] connection = reader_list[i].createConnection() connection.connect() if card_type == CARD_TYPE.SECURE: card = SmartCard(connection, log_level=log_level) card.apdu_select_application(APDU.APPLET.SECURITY_GEMALTO) card.open_secure_channel(APDU.APPLET.SECURITY_GEMALTO, APDU.AUTH_KEYS.GEMALTO) card.print_applications() for p1 in range(0xff): for p2 in range(0xff): data, sw1, sw2 = card.apdu_get_data([p1, p2]) if (sw1, sw2) != APDU.STATUS_WORDS.NOT_FOUND and ( sw1, sw2 ) != APDU.STATUS_WORDS.COND_NOT_SATISFIED: print "(%s,%s) %s %s: %s" % (hex(sw1), hex( sw2), hex(p1), hex(p2), APDU.get_hex(data)) if card_type == CARD_TYPE.VISA: card = VisaCard(connection, log_level=log_level) card.select_visa_applet() card.read_visa() if card_type == CARD_TYPE.HELLO_WORLD: card = SmartCard(connection, log_level=log_level) card.apdu_select_application(APDU.APPLET.HELLO) data, sw1, sw2 = card.apdu_read_record(0x00, 0x00) print "Data: %s" % APDU.get_str(data) if card_type == CARD_TYPE.CAC: card = CAC(connection, log_level=log_level) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CHUID) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CCC) if options.savecerts is not None: print "Dumping Certs" import os import struct try: os.makedirs(options.savecerts) except: pass # Dump CHUID Cert cert_filename = os.path.join(options.savecerts, "chuid.crt") card.extract_cert(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CHUID, cert_filename) # NIST PIV CERTS # These are all gzipped def extract_nist(oid, cert_filename): card.extract_cert(APPLET.NIST_PIV, oid, cert_filename) # ungzip it call(["gunzip", "-f", cert_filename]) cert_filename = cert_filename[0:-3] # extract public cert p = subprocess.Popen([ "openssl", "x509", "-inform", "DER", "-pubkey", "-in", cert_filename, "-out", cert_filename + ".pem" ], stdout=subprocess.PIPE) out, err = p.communicate() f = open(cert_filename + ".pub", "w+") f.write(out) f.close() nist_dir = os.path.join(options.savecerts, "piv") try: os.makedirs(nist_dir) except: pass # Dig Sig cert_filename = os.path.join(nist_dir, "nist_dig_sig.crt.gz") extract_nist(APDU.OBJ_NIST_PIV.KEY_DIG_SIG, cert_filename) # call(, "> %s.pub" % cert_filename]) # PIV Auth cert_filename = os.path.join(nist_dir, "nist_piv_auth.crt.gz") extract_nist(APDU.OBJ_NIST_PIV.KEY_PIV_ATH, cert_filename) # Doesn't seem to exist... # # Cred Auth # cert_filename = os.path.join(nist_dir, # "nist_crd_auth.crt.gz") # extract_nist(APDU.OBJ_NIST_PIV.KEY_CRD_ATH, cert_filename) # Key Management cert_filename = os.path.join(nist_dir, "nist_mng.crt.gz") extract_nist(APDU.OBJ_NIST_PIV.KEY_MNG, cert_filename) # # DoD CAC Certs # cac_dir = os.path.join(options.savecerts, "cac") try: os.makedirs(cac_dir) except: pass cert_filename = os.path.join(cac_dir, "cac_pki_enc.pub") card.extract_cert(APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ENC, cert_filename) cert_filename = os.path.join(cac_dir, "cac_pki_id.pub") card.extract_cert(APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ID, cert_filename) cert_filename = os.path.join(cac_dir, "cac_pki_sig.pub") card.extract_cert(APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_SIG, cert_filename) # nist_dig_sig_f = open(nist_dig_sig, "wb") # # # NIST PIV # data = card.read_object(APPLET.NIST_PIV, # APDU.OBJ_NIST_PIV.KEY_DIG_SIG) # print APDU.get_hex(data[0][1]) # for i in data[0][1]: # nist_dig_sig_f.write(struct.pack("B", i)) # # nist_dig_sig_f.close() # card.print_object(APPLET.NIST_PIV, # APDU.OBJ_NIST_PIV.KEY_MNG) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_PIV_ATH) # card.print_object(APPLET.NIST_PIV, # APDU.OBJ_NIST_PIV.SEC_OBJ) # # # DoD CAC card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ENC) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ID) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_SIG) if card_type == CARD_TYPE.EXPERIMENT: card = CAC(connection, log_level=log_level) PIN = [0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37] data, sw1, sw2 = card.apdu_verify_pin(PIN, p2=0x00) card.apdu_select_application(APDU.APPLET.DOD_CAC) card.apdu_select_object(APDU.OBJ_DOD_CAC.KEY_PKI_ID) # data, sw1, sw2 = card.apdu_verify_pin(PIN, p2=0x80) sign_data = [] for i in range(100): sign_data.append(0x41) sign_data = read_binary("input.ssl") print sign_data print "Signing: %s" % APDU.get_hex(sign_data) data, sw1, sw2 = card.apdu_sign_decrypt(sign_data) write_binary(data, "data.enc") print "Signed: %s" % APDU.get_hex(data) # card.apdu_select_object(APDU.OBJ_DOD_CAC.KEY_PKI_SIG) # # data, sw1, sw2 = card.apdu_sign_decrypt(data) # # print "Decrypted: %s" % APDU.get_hex(data) # card.read_x509_piv(card.X509.PIV_ATH) # # card.read_x509_piv(card.X509.DIG_SIG) # card.read_x509_piv(card.X509.KEY_MNG) # card.read_chuid(APDU.APPLET.NIST_PIV) # card.read_chuid(APDU.APPLET.DOD_PIV) # # card.read_card_capability_container(APDU.APPLET.NIST_PIV) # card.read_card_capability_container(APDU.APPLET.DOD_PIV) # card.apdu_select_application(APDU.APPLET.DOD_PIV, pix=APDU.OBJ_DOD_PIV.CHUID) # card.apdu_select_object(APDU.OBJ_DOD_PIV.KEY_PIV_ATH) # card.read_tl_v_buffer(0x0000) # card.apdu_select_object(APDU.OBJ_DOD_PIV.SEC_OBJ) # if False: print "Printing NIST PIV Objects..." # Print NIST PIV Objects card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CHUID) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CCC) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_DIG_SIG) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_MNG) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_PIV_ATH) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.SEC_OBJ) # Objects that require PIN card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_CRD_ATH) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.FACE) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.FNGR_P1) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.FNGR_P2) print "Printing DoD PIV Objects..." # Print DOD PIV Object card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.CCC) card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.SEC_OBJ, pix=APDU.PIX_CAC.PIV_TRNS_APLT) card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.FACE, pix=APDU.PIX_CAC.PIV_TRNS_APLT) card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.FNGR_PRNT, pix=APDU.PIX_CAC.PIV_TRNS_APLT) # We need a PIN for the CHUID? card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.CHUID) print "Printing DoD CAC Objects..." # Print DOD CAC Objects card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ENC) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ID) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_SIG) # Not yet sure what information is here. card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.CAC_PERSON) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.CAC_PERSONEL) sys.exit(0) # PIN REQUIRED FOR THESE # VERIFY PIN card.apdu_select_application(APDU.APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.CHUID) tv_list = card.read_tl_v_buffer(0x0000) for tv in tv_list: print hex(tv[0]) print APDU.get_hex(tv[1]) # data, sw1, sw2 = card.apdu_read_buffer(0x00, 0x00, 01, read_length=20) # data, sw1, sw2 = card.apdu_verify_pin([0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37], p2=0x01) # card.select_object([0xa0, 01]) sys.exit(0) PIN = [0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37] card.apdu_select_application(APDU.APPLET.NIST_PIV) card.read_chuid() # card.read_fingerprint(PIN) # card.read_facial_info(PIN) # Try to sign/decrypt # card.apdu_select_application(APDU.APPLET.NIST_PIV) # card.apdu_verify_pin(PIN, p2=0x00) # card.apdu_sign_decrypt([0x41, 0x41, 0x41, 0x41, 0x41, 0x41]) # # Card Auth X.509 # card.read_x509_piv(card.X509.CRD_ATH) # # # Fingerprint I # card.get_data_piv([0x5F, 0xC1, 0x03]) # # # Fingerprint II # (6a,82) Not Found # card.get_data_piv([0x5F, 0xC1, 0x04]) # # # Printed Information # (6a,82) Not Found # card.get_data_piv([0x5F, 0xC1, 0x09]) # # # Facial Image # card.get_data_piv([0x5F, 0xC1, 0x08]) # card.apdu_select_application(APDU.APPLET.PIV) # # # Read Security Object # card.get_data_piv([0x5F, 0xC1, 0x06]) # card.apdu_select_application(APDU.APPLET.PIV) ## card.select_ef([0xdb, 0x00]) ## card.select_ef([0x30, 0x00]) # data, sw1, sw2 = card.get_data_piv([0x5f, 0xc1, 0x06]) # print APDU.get_hex(data) # card.apdu_select_application(APDU.APPLET.PIV) # data, sw1, sw2 = card.get_data_piv([0x5f, 0xc1, 0x05]) # Input PIN # card.apdu_select_application(APPLET.CSG_CCC) #, p1=0x02, p2=0x00) # data, sw1, sw2 = card.read_buffer(0, 0, 0x01) # # print "Length: %d" % data[0] # card.read_buffer(0, 2, 0x01, read_length=data[0]) # card.apdu_select_application(APDU.APPLET.CSG_CCC) # card.apdu_verify_pin([0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37], p2=0x00) # card.select_mf([0x3f, 0x00], p1=0x00, p2=0x00) # card.read_card_capability_piv() # card.read_chuid() # Enter PIN to PIV Applet # card.apdu_select_application(APPLET.PIV) # card.apdu_verify_pin([0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37], p2=0x80) # card.read_card_capability_csg() # card.read_card_capability_piv() # card.read_card_capability() # for j in range(255): # card.read_buffer(0, j, 0x01) # for i in range(255): # for j in range(255): # card.read_buffer(i, j, 0x01) # # card.read_card_capability() # card.apdu_verify_pin([0x31, 0x32, 0x33, 0x34, 0xFF, 0xFF, 0xFF, 0xFF], p2=80) # card.read_chuid() # card.read_printed_info() # card.get_data(0x30, 0x00) # card.dump_records() # visa = VisaCard(connection) # if visa is not None: # print visa # visa.read_visa() except smartcard.Exceptions.CardConnectionException as ex: print "ERROR: Couldn't connect to card in %s" % reader_list[i]
def main(args=None): opts = optparse.OptionParser() opts.add_option("-t", "--cardtype", action="store", type="string", dest="cardtype", default=CARD_TYPE.CAC, help="Card Type (V - Visa, C - CAC, H - Hello World)") opts.add_option("-l", "--listreaders", action="store_true", dest="listreaders", default=False, help="List Available Readers") opts.add_option("-s", "--savecerts", action="store", type="string", dest="savecerts", default=None, help="Save certificates to disk.") opts.add_option("-r", "--reader", action="store", type="int", dest="reader", default= -1, help="Reader number from --list or -1 for all.") opts.add_option("-d", "--debug", action="store_true", dest="debug", default=False, help="Enable DEBUG") (options, positionals) = opts.parse_args(args) if options.cardtype in CARD_TYPES: card_type = CARD_TYPES[options.cardtype] else: print "Card type not recognized." card_type = CARD_TYPE.CAC reader_list = readers() if options.listreaders: print "Available readers: " for i in range(len(reader_list)): print " %d: %s" % (i, reader_list[i]) return log_level = logging.ERROR if options.debug: log_level = logging.DEBUG # by default we use the first reader for i in range(len(reader_list)): if options.reader == i or options.reader < 0: try: print "Using: %s" % reader_list[i] connection = reader_list[i].createConnection() connection.connect() if card_type == CARD_TYPE.SECURE: card = SmartCard(connection, log_level=log_level) card.apdu_select_application(APDU.APPLET.SECURITY_GEMALTO) card.open_secure_channel(APDU.APPLET.SECURITY_GEMALTO, APDU.AUTH_KEYS.GEMALTO) card.print_applications() for p1 in range(0xff): for p2 in range(0xff): data, sw1, sw2 = card.apdu_get_data([p1, p2]) if (sw1, sw2) != APDU.STATUS_WORDS.NOT_FOUND and (sw1, sw2) != APDU.STATUS_WORDS.COND_NOT_SATISFIED: print "(%s,%s) %s %s: %s" % (hex(sw1), hex(sw2), hex(p1), hex(p2), APDU.get_hex(data)) if card_type == CARD_TYPE.VISA: card = VisaCard(connection, log_level=log_level) card.select_visa_applet() card.read_visa() if card_type == CARD_TYPE.HELLO_WORLD: card = SmartCard(connection, log_level=log_level) card.apdu_select_application(APDU.APPLET.HELLO) data, sw1, sw2 = card.apdu_read_record(0x00, 0x00) print "Data: %s" % APDU.get_str(data) if card_type == CARD_TYPE.CAC: card = CAC(connection, log_level=log_level) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CHUID) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CCC) if options.savecerts is not None: print "Dumping Certs" import os import struct try: os.makedirs(options.savecerts) except: pass # Dump CHUID Cert cert_filename = os.path.join(options.savecerts, "chuid.crt") card.extract_cert(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CHUID, cert_filename) # NIST PIV CERTS # These are all gzipped def extract_nist(oid, cert_filename): card.extract_cert(APPLET.NIST_PIV, oid, cert_filename) # ungzip it call(["gunzip", "-f", cert_filename]) cert_filename = cert_filename[0:-3] # extract public cert p = subprocess.Popen(["openssl", "x509", "-inform", "DER", "-pubkey", "-in", cert_filename, "-out", cert_filename + ".pem"], stdout=subprocess.PIPE) out, err = p.communicate() f = open(cert_filename + ".pub", "w+") f.write(out) f.close() nist_dir = os.path.join(options.savecerts, "piv") try: os.makedirs(nist_dir) except: pass # Dig Sig cert_filename = os.path.join(nist_dir, "nist_dig_sig.crt.gz") extract_nist(APDU.OBJ_NIST_PIV.KEY_DIG_SIG, cert_filename) # call(, "> %s.pub" % cert_filename]) # PIV Auth cert_filename = os.path.join(nist_dir, "nist_piv_auth.crt.gz") extract_nist(APDU.OBJ_NIST_PIV.KEY_PIV_ATH, cert_filename) # Doesn't seem to exist... # # Cred Auth # cert_filename = os.path.join(nist_dir, # "nist_crd_auth.crt.gz") # extract_nist(APDU.OBJ_NIST_PIV.KEY_CRD_ATH, cert_filename) # Key Management cert_filename = os.path.join(nist_dir, "nist_mng.crt.gz") extract_nist(APDU.OBJ_NIST_PIV.KEY_MNG, cert_filename) # # DoD CAC Certs # cac_dir = os.path.join(options.savecerts, "cac") try: os.makedirs(cac_dir) except: pass cert_filename = os.path.join(cac_dir, "cac_pki_enc.pub") card.extract_cert(APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ENC, cert_filename) cert_filename = os.path.join(cac_dir, "cac_pki_id.pub") card.extract_cert(APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ID, cert_filename) cert_filename = os.path.join(cac_dir, "cac_pki_sig.pub") card.extract_cert(APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_SIG, cert_filename) # nist_dig_sig_f = open(nist_dig_sig, "wb") # # # NIST PIV # data = card.read_object(APPLET.NIST_PIV, # APDU.OBJ_NIST_PIV.KEY_DIG_SIG) # print APDU.get_hex(data[0][1]) # for i in data[0][1]: # nist_dig_sig_f.write(struct.pack("B", i)) # # nist_dig_sig_f.close() # card.print_object(APPLET.NIST_PIV, # APDU.OBJ_NIST_PIV.KEY_MNG) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_PIV_ATH) # card.print_object(APPLET.NIST_PIV, # APDU.OBJ_NIST_PIV.SEC_OBJ) # # # DoD CAC card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ENC) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ID) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_SIG) if card_type == CARD_TYPE.EXPERIMENT: card = CAC(connection, log_level=log_level) PIN = [0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37] data, sw1, sw2 = card.apdu_verify_pin(PIN, p2=0x00) card.apdu_select_application(APDU.APPLET.DOD_CAC) card.apdu_select_object(APDU.OBJ_DOD_CAC.KEY_PKI_ID) # data, sw1, sw2 = card.apdu_verify_pin(PIN, p2=0x80) sign_data = [] for i in range(100): sign_data.append(0x41) sign_data = read_binary("input.ssl") print sign_data print "Signing: %s" % APDU.get_hex(sign_data) data, sw1, sw2 = card.apdu_sign_decrypt(sign_data) write_binary(data, "data.enc") print "Signed: %s" % APDU.get_hex(data) # card.apdu_select_object(APDU.OBJ_DOD_CAC.KEY_PKI_SIG) # # data, sw1, sw2 = card.apdu_sign_decrypt(data) # # print "Decrypted: %s" % APDU.get_hex(data) # card.read_x509_piv(card.X509.PIV_ATH) # # card.read_x509_piv(card.X509.DIG_SIG) # card.read_x509_piv(card.X509.KEY_MNG) # card.read_chuid(APDU.APPLET.NIST_PIV) # card.read_chuid(APDU.APPLET.DOD_PIV) # # card.read_card_capability_container(APDU.APPLET.NIST_PIV) # card.read_card_capability_container(APDU.APPLET.DOD_PIV) # card.apdu_select_application(APDU.APPLET.DOD_PIV, pix=APDU.OBJ_DOD_PIV.CHUID) # card.apdu_select_object(APDU.OBJ_DOD_PIV.KEY_PIV_ATH) # card.read_tl_v_buffer(0x0000) # card.apdu_select_object(APDU.OBJ_DOD_PIV.SEC_OBJ) # if False: print "Printing NIST PIV Objects..." # Print NIST PIV Objects card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CHUID) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.CCC) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_DIG_SIG) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_MNG) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_PIV_ATH) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.SEC_OBJ) # Objects that require PIN card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.KEY_CRD_ATH) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.FACE) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.FNGR_P1) card.print_object(APPLET.NIST_PIV, APDU.OBJ_NIST_PIV.FNGR_P2) print "Printing DoD PIV Objects..." # Print DOD PIV Object card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.CCC) card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.SEC_OBJ, pix=APDU.PIX_CAC.PIV_TRNS_APLT) card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.FACE, pix=APDU.PIX_CAC.PIV_TRNS_APLT) card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.FNGR_PRNT, pix=APDU.PIX_CAC.PIV_TRNS_APLT) # We need a PIN for the CHUID? card.print_object(APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.CHUID) print "Printing DoD CAC Objects..." # Print DOD CAC Objects card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ENC) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_ID) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.KEY_PKI_SIG) # Not yet sure what information is here. card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.CAC_PERSON) card.print_object(APDU.APPLET.DOD_CAC, APDU.OBJ_DOD_CAC.CAC_PERSONEL) sys.exit(0) # PIN REQUIRED FOR THESE # VERIFY PIN card.apdu_select_application(APDU.APPLET.DOD_PIV, APDU.OBJ_DOD_PIV.CHUID) tv_list = card.read_tl_v_buffer(0x0000) for tv in tv_list: print hex(tv[0]) print APDU.get_hex(tv[1]) # data, sw1, sw2 = card.apdu_read_buffer(0x00, 0x00, 01, read_length=20) # data, sw1, sw2 = card.apdu_verify_pin([0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37], p2=0x01) # card.select_object([0xa0, 01]) sys.exit(0) PIN = [0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37] card.apdu_select_application(APDU.APPLET.NIST_PIV) card.read_chuid() # card.read_fingerprint(PIN) # card.read_facial_info(PIN) # Try to sign/decrypt # card.apdu_select_application(APDU.APPLET.NIST_PIV) # card.apdu_verify_pin(PIN, p2=0x00) # card.apdu_sign_decrypt([0x41, 0x41, 0x41, 0x41, 0x41, 0x41]) # # Card Auth X.509 # card.read_x509_piv(card.X509.CRD_ATH) # # # Fingerprint I # card.get_data_piv([0x5F, 0xC1, 0x03]) # # # Fingerprint II # (6a,82) Not Found # card.get_data_piv([0x5F, 0xC1, 0x04]) # # # Printed Information # (6a,82) Not Found # card.get_data_piv([0x5F, 0xC1, 0x09]) # # # Facial Image # card.get_data_piv([0x5F, 0xC1, 0x08]) # card.apdu_select_application(APDU.APPLET.PIV) # # # Read Security Object # card.get_data_piv([0x5F, 0xC1, 0x06]) # card.apdu_select_application(APDU.APPLET.PIV) ## card.select_ef([0xdb, 0x00]) ## card.select_ef([0x30, 0x00]) # data, sw1, sw2 = card.get_data_piv([0x5f, 0xc1, 0x06]) # print APDU.get_hex(data) # card.apdu_select_application(APDU.APPLET.PIV) # data, sw1, sw2 = card.get_data_piv([0x5f, 0xc1, 0x05]) # Input PIN # card.apdu_select_application(APPLET.CSG_CCC) #, p1=0x02, p2=0x00) # data, sw1, sw2 = card.read_buffer(0, 0, 0x01) # # print "Length: %d" % data[0] # card.read_buffer(0, 2, 0x01, read_length=data[0]) # card.apdu_select_application(APDU.APPLET.CSG_CCC) # card.apdu_verify_pin([0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37], p2=0x00) # card.select_mf([0x3f, 0x00], p1=0x00, p2=0x00) # card.read_card_capability_piv() # card.read_chuid() # Enter PIN to PIV Applet # card.apdu_select_application(APPLET.PIV) # card.apdu_verify_pin([0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37], p2=0x80) # card.read_card_capability_csg() # card.read_card_capability_piv() # card.read_card_capability() # for j in range(255): # card.read_buffer(0, j, 0x01) # for i in range(255): # for j in range(255): # card.read_buffer(i, j, 0x01) # # card.read_card_capability() # card.apdu_verify_pin([0x31, 0x32, 0x33, 0x34, 0xFF, 0xFF, 0xFF, 0xFF], p2=80) # card.read_chuid() # card.read_printed_info() # card.get_data(0x30, 0x00) # card.dump_records() # visa = VisaCard(connection) # if visa is not None: # print visa # visa.read_visa() except smartcard.Exceptions.CardConnectionException as ex: print "ERROR: Couldn't connect to card in %s" % reader_list[i]