def execute(self, arg_components: components, arg_arguments=''): log.debug(self.__class__.__name__, "ENTER") uicc: uicc = arg_components.modeler.uicc change_pin1_state_key = None dict_args = convert_arguments_to_dict(arg_arguments) for key, value in dict_args.items(): if key == "pin1": change_pin1_state_key = value # change pin1 state if change_pin1_state_key != None: if is_valid_pin_code(change_pin1_state_key) == False: print(self.get_res("invalid_pin")) else: msg = None if uicc.pin_enabled: ret_result, ret_retries = uicc.disable_pin( toASCIIBytes(change_pin1_state_key)) msg = self.get_res( 'disable_ok') if ret_result == ERROR.NONE else self.get_res('disable_fail') else: ret_result, ret_retries = uicc.enable_pin( toASCIIBytes(change_pin1_state_key)) msg = self.get_res( 'enable_ok') if ret_result == ERROR.NONE else self.get_res('enable_fail') print(msg) print(os.linesep, end='') print(self.get_res("pin1").format(self.get_res("enable"), res.get_string("yes") if uicc.pin_enabled else res.get_string("no"))) print(self.get_res("pin1").format(self.get_res("verify"), res.get_string("yes") if uicc.pin_verified else res.get_string("na"))) ret_result, ret_retries = uicc.verify_pin(PIN_TYPE.PIN1, "") print(self.get_res("pin1").format(self.get_res("retries"), ret_retries)) # space line print('') print(self.get_res("adm").format(self.get_res("verify"), res.get_string("yes") if uicc.adm_verified else res.get_string("no"))) ret_result, ret_retries = uicc.verify_pin(PIN_TYPE.ADM1, "") print(self.get_res("adm").format(self.get_res("retries"), ret_retries)) log.debug(self.__class__.__name__, "EXIT")
def execute(self, arg_components: components, arg_arguments): log.debug(self.__class__.__name__, "ENTER") ret_state = STATE.ADM_CODE ret_arg = None verify_result, remainings = arg_components.modeler.uicc.verify_pin( PIN_TYPE.PIN1, toASCIIBytes(arg_arguments)) # If enabled 'configuration.pin', store the pin code for auto verify if verify_result == ERROR.NONE: arg_components.modeler.uicc.pin_verified = True if arg_components.config.pin == 1: arg_components.config.update_pin_code( arg_components.modeler.uicc.iccid, arg_arguments) else: if remainings == 0: ret_state = STATE.ERROR ret_arg = res.get_string("card_blocked") else: ret_state = STATE.PIN_CODE ret_arg = res.get_string("incorrect_pin_code").format( remainings) log.debug(self.__class__.__name__, "EXIT") return (ret_state, ret_arg)
def tuliskartu(nis): otentikasi = [0xFF, 0x88, 0x00, Mifare1k[0], 0x60, 0x00] r = readers() print "Available readers:", r reader = r[0] # print "Using:", reader connection = reader.createConnection() connection.connect() data, sw1, sw2 = connection.transmit(otentikasi) print data print "Select Applet: %02X %02X" % (sw1, sw2) # write cmd = [0xFF, 0xD6, 0x00, Mifare1k[0], 0x10] # nis = "123456789" + "1234567" for s in range(16): cmd.append(toASCIIBytes(nis[s])[0]) data, sw1, sw2 = connection.transmit(cmd) print toASCIIString(data) print "Select Applet: %02X %02X" % (sw1, sw2)
def execute(self, arg_connection, arg_parameter=""): self.__logging.debug("execute()") ret_content = "" ret_err = ERROR.ERR_NONE ret_retry = 0 # Converted all parameters to dict type dict_args = convert_arguments_to_dict(arg_parameter) # figure out the key & value of parameters for key, value in dict_args.items(): action_key = key.lower() if action_key == 'pin2': ret_err, ret_retry = arg_connection.verify( VERIFY_TYPE.PIN2.value, toASCIIBytes(value)) if ret_err != ERROR.ERR_NONE: ret_content += "PIN2 verified fail, remaining count: " + \ str(ret_retry) + "\n" else: ret_content += "PIN2 verified pass.\n" elif action_key == 'onoff': action_name = "" if (arg_connection.get_pin1_enable_status()): ret_err, ret_retry = arg_connection.disable_pin( toASCIIBytes(value)) action_name = "disable" else: ret_err, ret_retry = arg_connection.enable_pin( toASCIIBytes(value)) action_name = "enable" if ret_err != ERROR.ERR_NONE: ret_content += "SIM PIN " + action_name + " fail, remaining count: " + \ str(ret_retry) + "\n" else: if action_name == 'disable': arg_connection.set_pin1_enable_status(False) else: arg_connection.set_pin1_enable_status(True) ret_content += "SIM PIN " + action_name + " success.\n" if ret_content == "": ret_content = "PIN1 Enabled: %s" % ( arg_connection.get_pin1_enable_status()) return ret_content
def find_minimum_length(emv): # Some cards require a minimum filename length for selecting filenames name = '1PAY.SYS.DDF01' for i in range(len(name), 0, -1): try: prefix = name[:i] result = emv.select_by_df(toASCIIBytes(prefix)) except EMVException, e: if (e.sw1, e.sw2) == (0x6a, 0x82): # not found return i + 1
def encrypt_user_data(user_data): #TODO # binstring = HexListToBinString( user_data ) user_data=padd(toASCIIBytes(user_data),16) cipher = AES.new(key_as_binstring,AES.MODE_ECB ) encrypted_as_string = cipher.encrypt(toASCIIString(user_data)).encode('hex') decrypted_as_string = cipher.decrypt( encrypted_as_string ) print("ans",encrypted_as_string,decrypted_as_string) return toBytes(encrypted_as_string)
def test_write(): vxco = VXCardObserver() vxco.card = Mock() vxco.card.connection = Mock() vxco.card.connection.transmit = Mock(return_value=(None,None,None)) vxco._read_bytes = Mock(return_value=toASCIIBytes(TEST_STRING)) rv = vxco.write(TEST_STRING) assert rv vxco._read_bytes.assert_called()
def find_unique_id(self): # caller should power cycle and try again to detect randomised IDs if self.uid == '21222324': name, sfi = self.emv.select_by_df(toASCIIBytes('1PAY.SYS.DDF01')) apps = self.emv.parse_apps(self.emv.read_record(1, sfi)) priority, name, aid = apps[0] self.emv.select_by_df(aid) card = self.emv.parse_card(self.emv.read_record(1, sfi)) return card['cardnum'] else: return self.uid
def find_files(emv): for i in range(256): try: name, sfi = emv.select_by_df(toASCIIBytes(chr(i))) print name, sfi except Exception, e: if isinstance(e, EMVException): print e.sw1, e.sw2 if (e.sw1, e.sw2) == (0x6a, 0x82): pass else: raise
def execute(self, arg_components: components, arg_arguments): log.debug(self.__class__.__name__, "ENTER") ret_state = STATE.ADM_VERIFY ret_arg = None adm_code = None out_msg = '' # if 'arg_arguments' exist, means may the auto verify fail # so we can't read the adm code from .xml file if arg_arguments == None: # Auto ADM operation (read from usim_modifier.xml) adm_code = arg_components.config.query_adm_code( arg_components.modeler.uicc.iccid) if adm_code == None: if arg_arguments == None: if arg_components.config.admhex == 1: out_msg = res.get_string("input_adm_code_hex") else: out_msg = res.get_string("input_adm_code") else: out_msg = arg_arguments print(layout_adm_code.layout(arg_msg=out_msg), end='') adm_code = input().strip().upper() # convert the 8 digits format to 16 hex digit if arg_components.config.admhex == 0: adm_code_byte = toASCIIBytes(adm_code) adm_code = toHexString(adm_code_byte, format=PACK) if len(adm_code) == 0: ret_state = STATE.PLUGIN print( layout_adm_code.layout( arg_msg=res.get_string("terminated_adm_code"))) elif not is_valid_adm_code(adm_code): ret_state = STATE.ADM_CODE if arg_components.config.admhex == 1: ret_arg = res.get_string("invalid_adm_code_hex") else: ret_arg = res.get_string("invalid_adm_code") if ret_state == STATE.ADM_VERIFY: ret_arg = adm_code log.debug(self.__class__.__name__, "EXIT") return (ret_state, ret_arg)
def test_card_insert_and_remove(): vxco = VXCardObserver() card_mock = Mock() connection_mock = Mock() connection_mock.connect = Mock() connection_mock.transmit = Mock(return_value=(toASCIIBytes(TEST_STRING), 0x90, 0x00)) card_mock.createConnection = Mock(return_value=connection_mock) # this is the callback that's invoked on an inserted card vxco.update(None, [[card_mock], []]) assert card_mock.createConnection.called assert connection_mock.transmit.called # remove the card vxco.update(None, [[], [card_mock]]) assert vxco.card is None
def get_pin_code(self, arg_prefix_pin): while (True): try: pin1_code = input(" " + arg_prefix_pin + " ").strip() if len(pin1_code) == 0: break if len(pin1_code) >= 4 and len(pin1_code) <= 8: is_valid = True for i in range(len(pin1_code)): if pin1_code[i] not in "0123456789": is_valid = False break if is_valid: break except: continue return toASCIIBytes(pin1_code)
def try_predefined_apps(emv): apps = [ toASCIIBytes('1PAY.SYS.DDF01'), # EMV [0xa0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10], # Visa [0xa0, 0x00, 0x00, 0x00, 0x03, 0x20, 0x10], # Visa Electron [0xa0, 0x00, 0x00, 0x00, 0x03, 0x80, 0x02], # Visa CAP [0xa0, 0x00, 0x00, 0x00, 0x04, 0x30, 0x60], # Maestro [0xa0, 0x00, 0x00, 0x00, 0x04, 0x10, 0x10], # MasterCard [0xa0, 0x00, 0x00, 0x00, 0x04, 0x80, 0x02], # MasterCard CAP ] for app in apps: try: name, sfi = emv.select_by_df(app) except EMVException as e: print e.sw1, e.sw2 if (e.sw1, e.sw2) != (0x6a, 0x82): raise else: print '%s: %s (%s)' % (app, name, sfi)
def __verify(self, arg_connection): self.__logging.debug("__verify") try: xml = etree.parse(DEF_SECURITY_CACHE_FOLDER + os.sep + self.__iccid + ".xml") security_root = xml.getroot() pin1_node = security_root.xpath("pin1") self.__pin1 = pin1_node[0].text if self.__pin1_enabled: ret_err, self.__pin1_retry = arg_connection.verify( VERIFY_TYPE.PIN1.value, toASCIIBytes(self.__pin1)) if ret_err == ERROR.ERR_NONE: self.__pin1_verified = True adm_node = security_root.xpath("adm") self.__adm = adm_node[0].text ret_err, self.__adm_retry = arg_connection.verify( VERIFY_TYPE.ADM1.value, toBytes(self.__adm)) if ret_err == ERROR.ERR_NONE: self.__adm_verified = True except: pass
def brute_pdol(tag): name, sfi, pdol_req = tag.emv.select_by_df(toASCIIBytes('1PAY.SYS.DDF01')) apps = tag.emv.read_record_parsed(1, sfi).getlistparsed('APP') for priority, name, aid in apps: ccy_ttq_dict = defaultdict(list) option_dict = defaultdict(list) not_allowed = [] invalid = [] try: name, sfi, pdol_req = tag.emv.select_by_df(aid) print 'ATC at start: %s' % tag.emv.get_data_parsed('ATC') # 12 bits for ttq in range(0x2000): if (ttq % 0x100) == 0: print 'TTQ = 0x%lx' % ttq for ccy, ccy_name in ccys: dol = DOL(ttq=[ttq & 0xff, ttq & 0x700 >> 3, ttq & 0x1800 >> 5, 0], ccy=ccy) try: # ATC is incremented if this works options = tag.emv.get_options(pdol_req, dol) except EMVException, e: if (e.sw1, e.sw2) == (0x69, 0x85): # Not allowed (conditions) not_allowed.append((ttq, ccy_name)) elif (e.sw1, e.sw2) == (0x69, 0x84): # Not allowed (invalid) invalid.append((ttq, ccy_name)) # Reset name, sfi, pdol_req = tag.emv.select_by_df(aid) else: raise else: ac_lens = tuple([len(a.data) for a in options.getlist('AC')]) sdad_lens = tuple([len(s.data) for s in options.getlist('SDAD')]) # replace AC, SDAD and ATC with length functions options.tags = Tags(*options.tags._tagdata[:]) def datalen(ber): return len(ber.data) options.tags.parsers[options.tags.tags['AC']] = datalen options.tags.parsers[options.tags.tags['SDAD']] = datalen options.tags.parsers[options.tags.tags['ATC']] = datalen options.read_ber() opts = options.dump_ber() #opts = [(k, vs) for k, vs in options.lists() if options.tags.tagname(k) not in ['AC', 'SDAD', 'ATC']] # Need to be able to create a ber, or __delitem__ # FIXME: make dump return a string or an iterator #opts = ' '.join(['0x%x %s' % (k, ', '.join([repr(v) for v in vs])) for k, vs in opts]) # opts = tuple([(k, tuple([tuple(v.data) for v in vs])) for k, vs in opts]) key = (opts, ac_lens, sdad_lens) ccy_ttq_dict[key].append((ttq, ccy_name)) # only keep the last option_dict[key] = options # Reset to Entry Point Start C, according to Figure 5-1: Initiate Application Processing (Reader) # FIXME: check what Entry Point Start C is name, sfi, pdol_req = tag.emv.select_by_df(aid) finally: def dump_ccy_ttqs(ccy_ttqs): last_ccy_name = None line = [] for ttq, ccy_name in ccy_ttqs: if last_ccy_name is not None and ccy_order.index(ccy_name) < ccy_order.index(last_ccy_name): print ' %s' % ', '.join(line) line = [] line.append('0x%x %s' % (ttq, ccy_name)) last_ccy_name = ccy_name if line: print ' %s' % ', '.join(line) print 'ATC at end: %s' % tag.emv.get_data_parsed('ATC') ccy_order = [v for k, v in ccys] for key, ccy_ttqs in ccy_ttq_dict.items(): print 'For:' dump_ccy_ttqs(ccy_ttqs) print option_dict[key].dump() print print 'Invalid:' dump_ccy_ttqs(invalid) break
#name, sfi, pdol_req = tag.emv.select_by_df(toASCIIBytes('1PAY.SYS.DDF01')) #name, sfi, pdol_req = tag.emv.select_by_df([0xa0, 0, 0, 0, 3, 0x10, 0x10]) #print pdol_req # Use PPSE to list apps #name, sfi, pdol_req = tag.emv.select_by_df(toASCIIBytes('2PAY.SYS.DDF01')) #name, sfi, pdol_req = tag.emv.select_by_df([0xa0, 0, 0, 0, 3, 0x10, 0x10]) #print pdol_req #options = tag.emv.get_options(pdol_req) #options.dump() #pprint(options.get_struct()) #break if False: # Use PSE to list apps name, sfi, pdol_req = tag.emv.select_by_df( toASCIIBytes('1PAY.SYS.DDF01')) print 'Applet data: %s' % tag.emv.get_data_parsed( 'APPLET_DATA') data = tag.emv.read_record_parsed(0x1, sfi) data.dump() apps = data.getlistparsed('APP') else: apps = [ (0, 'BARCLAYS', [0xa0, 0x00, 0x00, 0x00, 0x03, 0x80, 0x02]) ] # Visa CAP for priority, name, aid in apps: print print 'Selecting %s (%s): %s' % (priority, name,
from smartcard.System import readers from smartcard.util import toASCIIString, toASCIIBytes from Mifare1kMap import Mifare1k otentikasi = [0xFF, 0x88, 0x00, Mifare1k[0], 0x60, 0x00] bacadata = [0xFF, 0xB0, 0x00, Mifare1k[0], 0x10] # write cmd = [0xFF, 0xD6, 0x00, Mifare1k[0], 0x10] op = [] nis = "123456789" + "1234567" for s in range(16): cmd.append(toASCIIBytes(nis[s])[0]) r = readers() print "Available readers:", r reader = r[0] # print "Using:", reader connection = reader.createConnection() connection.connect() data, sw1, sw2 = connection.transmit(otentikasi) print data print "Select Applet: %02X %02X" % (sw1, sw2) # data, sw1, sw2 = connection.transmit(cmd) # print toASCIIString(data) # print "Select Applet: %02X %02X" % (sw1, sw2)
def _write_value(self, s): self._unlock() self._write_bytes(0, 1, [len(s)]) self._write_bytes(1, len(s), toASCIIBytes(s))
for i in range(256): try: name, sfi = emv.select_by_df(toASCIIBytes(chr(i))) print name, sfi except Exception, e: if isinstance(e, EMVException): print e.sw1, e.sw2 if (e.sw1, e.sw2) == (0x6a, 0x82): pass else: raise #find_files(emv) name, sfi = emv.select_by_df(toASCIIBytes('1PAY.SYS.DDF01')) # print map(hex, tag.find_14443_instrs()) # 70, a4, b2 apps = emv.parse_apps(emv.read_record(1, sfi)) pprint(apps) for priority, name, aid in apps: if name.startswith('VISA'): emv.select_by_df(aid) # print map(hex, tag.find_14443_instrs()) # 20, 70, 82, 84, 88, a4, b2 print emv.parse_card(emv.read_record(1, sfi))
def brute_pdol(tag): name, sfi, pdol_req = tag.emv.select_by_df(toASCIIBytes('1PAY.SYS.DDF01')) apps = tag.emv.read_record_parsed(1, sfi).getlistparsed('APP') for priority, name, aid in apps: ccy_ttq_dict = defaultdict(list) option_dict = defaultdict(list) not_allowed = [] invalid = [] try: name, sfi, pdol_req = tag.emv.select_by_df(aid) print 'ATC at start: %s' % tag.emv.get_data_parsed('ATC') # 12 bits for ttq in range(0x2000): if (ttq % 0x100) == 0: print 'TTQ = 0x%lx' % ttq for ccy, ccy_name in ccys: dol = DOL(ttq=[ ttq & 0xff, ttq & 0x700 >> 3, ttq & 0x1800 >> 5, 0 ], ccy=ccy) try: # ATC is incremented if this works options = tag.emv.get_options(pdol_req, dol) except EMVException, e: if (e.sw1, e.sw2) == (0x69, 0x85): # Not allowed (conditions) not_allowed.append((ttq, ccy_name)) elif (e.sw1, e.sw2) == (0x69, 0x84): # Not allowed (invalid) invalid.append((ttq, ccy_name)) # Reset name, sfi, pdol_req = tag.emv.select_by_df(aid) else: raise else: ac_lens = tuple( [len(a.data) for a in options.getlist('AC')]) sdad_lens = tuple( [len(s.data) for s in options.getlist('SDAD')]) # replace AC, SDAD and ATC with length functions options.tags = Tags(*options.tags._tagdata[:]) def datalen(ber): return len(ber.data) options.tags.parsers[options.tags.tags['AC']] = datalen options.tags.parsers[ options.tags.tags['SDAD']] = datalen options.tags.parsers[ options.tags.tags['ATC']] = datalen options.read_ber() opts = options.dump_ber() #opts = [(k, vs) for k, vs in options.lists() if options.tags.tagname(k) not in ['AC', 'SDAD', 'ATC']] # Need to be able to create a ber, or __delitem__ # FIXME: make dump return a string or an iterator #opts = ' '.join(['0x%x %s' % (k, ', '.join([repr(v) for v in vs])) for k, vs in opts]) # opts = tuple([(k, tuple([tuple(v.data) for v in vs])) for k, vs in opts]) key = (opts, ac_lens, sdad_lens) ccy_ttq_dict[key].append((ttq, ccy_name)) # only keep the last option_dict[key] = options # Reset to Entry Point Start C, according to Figure 5-1: Initiate Application Processing (Reader) # FIXME: check what Entry Point Start C is name, sfi, pdol_req = tag.emv.select_by_df(aid) finally: def dump_ccy_ttqs(ccy_ttqs): last_ccy_name = None line = [] for ttq, ccy_name in ccy_ttqs: if last_ccy_name is not None and ccy_order.index( ccy_name) < ccy_order.index(last_ccy_name): print ' %s' % ', '.join(line) line = [] line.append('0x%x %s' % (ttq, ccy_name)) last_ccy_name = ccy_name if line: print ' %s' % ', '.join(line) print 'ATC at end: %s' % tag.emv.get_data_parsed('ATC') ccy_order = [v for k, v in ccys] for key, ccy_ttqs in ccy_ttq_dict.items(): print 'For:' dump_ccy_ttqs(ccy_ttqs) print option_dict[key].dump() print print 'Invalid:' dump_ccy_ttqs(invalid) break
print 'Accepted keys: %s' % ', '.join(map(hex, vals)) # Nothing selected: 0x42, 0x45, 0x66, 0xc1, 0xc5, 0xc6, 0xc7, 0xcb, 0xcf, 0xe0, 0x9f7f, 0xdf7c, 0xdf7e # 1PAY.SYS.DDF01: 0x9f7d # LINK/VISADEBIT: # 0x9f13, 0x9f17, 0x9f36, 0x9f51, # 0x9f52, 0x9f53, 0x9f54, 0x9f56, # 0x9f57, 0x9f58, 0x9f59, 0x9f5c, # 0x9f5e, 0x9f67, 0x9f68, 0x9f6c, # 0x9f6d, 0x9f72, 0x9f73, 0x9f77, # 0x9f78, 0x9f79, 0x9f7d, 0xbf55, # 0xbf56, 0xbf57, 0xbf58, 0xbf5b with Pcsc.reader() as reader: for tag in reader.tags: brute_data(tag) print 'Selecting 1PAY' name, sfi = tag.emv.select_by_df(toASCIIBytes('1PAY.SYS.DDF01')) brute_data(tag) apps = tag.emv.parse_apps(tag.emv.read_record(0x1, sfi)) for priority, name, aid in apps: print 'Selecting %s' % name tag.emv.select_by_df(aid) brute_data(tag)
if resp != [0x6d, 0]: instrs.append([i, j]) print 'Valid instructions: %s' % ', '.join(map(toHexString, instrs)) # For my Visa Debit Paywave # Nothing selected: 00 70, 00 A4, 00 CA, 80 24, 80 50, 80 82, 80 CA, 80 D8, 80 E2, 80 E4, 80 E6, 80 E8, 80 F0, 80 F2 # 1PAY.SYS.DDF01: 00 70, 00 A4, 00 B2 # 2PAY.SYS.DDF01: 00 70, 00 A4, 00 B2 # LINK/VISADEBIT: 00 20, 00 70, 00 82, 00 84, 00 88, 00 A4, 00 B2, 80 A8, 80 AE, 80 CA with Pcsc.reader() as reader: for tag in reader.tags: brute_instrs(tag) print 'Selecting 2PAY' name, sfi, pdol = tag.emv.select_by_df(toASCIIBytes('2PAY.SYS.DDF01')) brute_instrs(tag) print 'Selecting 1PAY' name, sfi, pdol = tag.emv.select_by_df(toASCIIBytes('1PAY.SYS.DDF01')) brute_instrs(tag) data = tag.emv.read_record_parsed(0x1, sfi) apps = data.getlistparsed('APP') for priority, name, aid in apps: print 'Selecting %s' % name name, sfi, pdol_req = tag.emv.select_by_df(aid) brute_instrs(tag) if pdol_req:
if (e.sw1, e.sw2) == (0x6a, 0x82): # not found return i + 1 return 0 def select_all_by_df_no_next(emv, name): # You can't get the "next" filename when selecting by AID try: dfs = [emv.select_by_df(name)] except EMVException, e: if not (e.sw1, e.sw2) == (0x6a, 0x82): # not found raise return [] last_name, last_sfi = dfs[-1] curr = toASCIIBytes(last_name) while True: # curr will be a filled-out AID. Work our way back # to name until we've tried all this might have masked for i in reversed(range(len(name), len(curr))): curr[i] = (curr[i] + 1) % 256 if curr[i] != 0: break del curr[i] else: return dfs try: dfs.append(emv.select_by_df(curr)) except EMVException, e: pass # FIXME