X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=mifare-mad.pl;h=b786248e5cae41395f7a806d868281a5e9f24596;hb=59ab9f21afdf5f7e1a8b25ea4eb5da3d33af51c3;hp=19f957a110727b7074c21ca93a761d76d24eff29;hpb=bebeaacf7d21636292b159f6de8f6e819957f875;p=perl-Mifare-MAD.git diff --git a/mifare-mad.pl b/mifare-mad.pl index 19f957a..b786248 100755 --- a/mifare-mad.pl +++ b/mifare-mad.pl @@ -5,65 +5,291 @@ use strict; # based on AN10787 # MIFARE Application Directory (MAD) - +# http://www.nxp.com/acrobat_download2/other/identification/MAD_overview.pdf use Data::Dump qw(dump); -# http://www.nxp.com/acrobat_download2/other/identification/MAD_overview.pdf -my $mad_id = { - 0x0000 => 'sector free', - 0x0001 => 'sector defective', - 0x0002 => 'sector reserved', - 0x0003 => 'DIR continuted', - 0x0004 => 'card holder', - # ... - 0x0015 => 'card administration - MIKROELEKTRONIKA spol.s.v.M', +my $debug = $ENV{DEBUG} || 0; - 0x071D => 'miscellaneous applications - ZAGREBACKI Holding d.o.o. [1] Customer profile', - 0x071E => 'miscellaneous applications - ZAGREBACKI Holding d.o.o. [1] Bonus counter', +my $function_clusters; +my $mad_id; - 0x1837 => 'city traffic - ZAGREBACKI Holding d.o.o. [1] Prepaid coupon', +while() { + chomp; + next if m/^#?\s*$/; + my ( $code, $function ) = split(/\s+/,$_,2); + my $h = '[0-9A-F]'; + if ( $code =~ m/^($h{2})-($h{2})$/ ) { + foreach my $c ( hex($1) .. hex($2) ) { + $function_clusters->{ unpack('HH',$c) } = $function; + } + } elsif ( $code =~ m/^($h{2})$/ ) { + $function_clusters->{ lc $code } = $function; + } elsif ( $code =~ m/^($h{4})$/ ) { + $mad_id->{ lc $1 } = $function; + } else { + die "can't parse __DATA__ line $.\n$_\n"; + } +} - 0x2062 => 'bus services - ZAGREBACKI Holding d.o.o. [1] electronic ticket', +my $access_condition_data = { +0b000 => 'R:AB W:AB I:AB DTR:AB transport conf', +0b010 => 'R:AB W:-- I:-- DTR:-- r/w block', +0b100 => 'R:AB W:-B I:-- DTR:-- r/w block', +0b110 => 'R:AB W:-B I:-B DTR:AB r/w block', +0b001 => 'R:AB W:-- I:-- DTR:AB value block', +0b011 => 'R:-B W:-B I:-- DTR:-- value block', +0b101 => 'R:-B W:-- I:-- DTR:-- r/w block', +0b111 => 'R:-- W:-- I:-- DTR:-- r/w block', +}; + +my $access_condition_trailer = { +0b000 => 'R/W: KEYA:-/A ACCESS:A-/- DATB:A/A ?', +0b010 => 'R/W: KEYA:-/- ACCESS:A-/- DATB:A/- ?', +0b100 => 'R/W: KEYA:-/B ACCESS:AB/- KEYB:-/B', +0b110 => 'R/W: KEYA:-/- ACCESS:AB/- KEYB:-/-', +0b001 => 'R/W: KEYA:-/A ACCESS:A-/A DATB:A/A ? transport conf', +0b011 => 'R/W: KEYA:-/B ACCESS:AB/B KEYB:-/B', +0b101 => 'R/W: KEYA:-/- ACCESS:AB/B KEYB:-/-', +0b111 => 'R/W: KEYA:-/- ACCESS:AB/- KEYB:-/-', +}; - 0x887B => 'electronic purse - ZAGREBACKI Holding d.o.o. [4]', +my $life_cycle = { +"\x78\x77\x88" => 'MAD INIT,RW', +"\x7F\x07\x88" => 'NFC INIT,RW', +"\x07\x8F\x0F" => 'READ ONLY', }; + +if ( $debug ) { + warn "# function_clusters ",dump($function_clusters); + warn "# mad_id ", dump($mad_id); +} + local $/ = undef; my $card = <>; -die "expected 4096 bytes, got ",length($card), " bytes\n" - unless length $card == 4096; +die "expected 4096 or 1024 bytes, got ",length($card), " bytes\n" + unless length $card == 4096 || length $card == 1024; -foreach my $i ( 0 .. 15 ) { - my $v = unpack('v',(substr($card, 0x10 + ( $i * 2 ), 2))); - printf "MAD sector %-2d %04x %s\n", $i, $v, $mad_id->{$v} || '?'; +my ( $ADV, $MA, $DA ); - foreach my $j ( 0 .. 3 ) { - my $offset = 0x40 * $i + $j * 0x10; - my $block = substr($card, $offset, 0x10); - printf "%04x %s\n", $offset, unpack('H*',$block); +my $pos = 0; + +foreach my $sector ( 0 .. 39 ) { + + my $blocks = $sector < 32 ? 4 : 16; + + last if $pos >= length($card); + next if substr($card,$pos,$blocks * 0x10) eq "\x00" x ($blocks * 0x10); + + # General purpose byte (GPB) + my $GBP = ord(substr($card,0x39,1)); + + if ( $sector == 0 ) { + printf "manufacturer block\nSerial number: %s\nCB: %s\nmanufacturer data: %s\n" + , unpack('H*',substr($card,0,4)) + , unpack('H*',substr($card,4,1)) + , unpack('H*',substr($card,5,11)) + ; + + # MAD + $ADV = $GBP & 0b00000011; + $MA = $GBP & 0b01000000; + $DA = $GBP & 0b10000000; + printf "ADV (MAD version code): %d\n", $ADV; + printf "MA (multiapplication): %s\n", $MA ? 'yes' : 'monoaplication'; + printf "DA (MAD available): %s%s\n", $DA ? 'yes' : 'no', + substr($card,$pos+0x30,6) eq "\xA0\xA1\xA2\xA3\xA4\xA5" ? ' public' : ''; + + printf "Info byte (publisher sector): %x\n", ord(substr($card,0x11,1)); + } elsif ( $DA ) { + my $mad_offset = 0x10 + ( $sector * 2 ); + my $v = unpack('v',(substr($card, $mad_offset, 2))); + my $cluster_id = unpack('HH', (( $v & 0xff00 ) >> 8) ); + my $full_id = sprintf "%04x",$v; + printf "# sector %-2d MAD@%x %04x [%s]\n%s\n", $sector, $mad_offset, $v + , $function_clusters->{ $cluster_id } + , $mad_id->{$full_id} || "FIXME: add $full_id from MAD_overview.pdf to __DATA__ at end of $0" + ; + + if ( $v == 0x0004 ) { + # RLE encoded card holder information + my $data = substr( $card, $pos, 0x30); + my $o = 0; + my $types = { + 0b00 => 'surname', + 0b01 => 'given name', + 0b10 => 'sex', + 0b11 => 'any', + }; + while ( substr($data,$o,1) ne "\x00" ) { + my $len = ord(substr($data,$o,1)); + my $type = ( $len & 0b11000000 ) >> 6; + $len = $len & 0b00111111; + my $dump = substr($data,$o+1,$len-1); + $dump = '0x' . unpack('H*', $dump) if $type == 0b11; # any + printf "%-10s %2d %s\n", $types->{$type}, $len, $dump; + $o += $len + 1; + } + } elsif ( $v == 0x0015 ) { + printf "Card number: %s\n", unpack('h*',substr($card,$pos + 0x04,6)); + } + + } else { + printf "# sector %-2d with %d blocks\n", $sector, $blocks; } - if ( $v == 0x0004 ) { - # RLE encoded card holder information - my $data = substr( $card, 0x40 * $i, 0x30); - my $o = 0; - my $types = { - 0b00 => 'surname', - 0b01 => 'given name', - 0b10 => 'sex', - 0b11 => 'any', - }; - while ( substr($data,$o,1) ne "\x00" ) { - my $len = ord(substr($data,$o,1)); - my $type = ( $len & 0b11000000 ) >> 6; - $len = $len & 0b00111111; - my $dump = substr($data,$o+1,$len-1); - $dump = '0x' . unpack('H*', $dump) if $type == 0b11; # any - printf "%-10s %2d %s\n", $types->{$type}, $len, $dump; - $o += $len + 1; + my $trailer_pos = $pos + $blocks * 0x10 - 0x10; + my $c1 = ( ord(substr($card,$trailer_pos+7,1)) & 0xf0 ) >> 4; + my $c2 = ( ord(substr($card,$trailer_pos+8,1)) & 0x0f ); + my $c3 = ( ord(substr($card,$trailer_pos+8,1)) & 0xf0 ) >> 4; + + printf "# trailer @%x %016b c1:%08b c2:%08b c3:%08b\n" + , unpack('n',(substr($card,$trailer_pos+7,2))) + , $trailer_pos, $c1, $c2, $c3 + ; + + my $condition = ''; + foreach my $j ( 0 .. $blocks - 1 ) { + my $offset = $pos + $j * 0x10; + my $block = substr($card, $offset, 0x10); + + my $acl_block = + $sector < 32 ? $j : + $j % 5 == 0 ? $j / 5 : + undef; # display condition only once for block group + + if ( defined $acl_block ) { + my $trailer = $j == ( $blocks - 1 ); + my $mask = 1 << $acl_block; + my $cond + = ( ( $c1 & $mask ) * 4 ) + + ( ( $c2 & $mask ) * 2 ) + + ( ( $c3 & $mask ) * 1 ) + ; + $cond >>= $acl_block; + $condition = sprintf ' %03b %s' + , $cond + , $trailer ? $access_condition_trailer->{$cond} + : $access_condition_data->{$cond} + ; + if ( ! $trailer && ( $cond == 0b001 || $cond == 0b011 ) ) { + my ( $value_block, $not ) = unpack 'llx8', $block; + my $value = $value_block; +# my $positive = $value_block & 0x8000_0000; +# my $value = $value_block & 0x7fff_ffff; +# $value = -$value if ! $positive; + #$condition .= sprintf " = %d 0x%x", $value, $value_block; + $condition .= sprintf " = %d 0x%x", $value_block, $not; + } + } else { + $condition = ''; } + + my $hex = unpack('H*',$block); + $hex =~ s/(....)/$1 /g; + + if ( $ENV{SWAP} ) { + my $hex_sw = unpack('h*',$block); + $hex_sw =~ s/(....)/$1 /g; + $hex .= " | $hex_sw"; + } + + printf "%x %03x %s%s\n", $j, $offset, $hex, $condition; } + printf "KEY A:%s | %s GDP: %s | B:%s %s\n" + ,unpack('H*',substr($card,$trailer_pos ,6)) + ,unpack('H*',substr($card,$trailer_pos+6 ,3)) + ,unpack('H*',substr($card,$trailer_pos+9 ,1)) + ,unpack('H*',substr($card,$trailer_pos+10,6)) + ,$life_cycle->{substr($card,$trailer_pos+6,3)} || '' + ; + + print "\n"; + + $pos += $blocks * 0x10; } + +__DATA__ +00 card administration +01-07 miscellaneous applications +08 airlines +09 ferry trafic +10 railway services +12 transport +18 city traffic +19 Czech Railways +20 bus services +21 multi modal transit +28 taxi +30 road toll +38 company services +40 city card services +47-48 access control & security +49 VIGIK +4A Ministry of Defence, Netherlands +4B Bosch Telecom, Germany +4A Ministry of Defence, Netherlands +4C European Union Institutions +50 ski ticketing +51-54 access control & security +58 academic services +60 food +68 non food trade +70 hotel +75 airport services +78 car rental +79 Dutch government +80 administration services +88 electronic purse +90 television +91 cruise ship +95 IOPTA +97 Metering +98 telephone +A0 health services +A8 warehouse +B0 electronic trade +B8 banking +C0 entertainment & sports +C8 car parking +C9 Fleet Management +D0 fuel, gasoline +D8 info services +E0 press +E1 NFC Forum +E8 computer +F0 mail +F8-FF miscellaneous applications + +0000 sector is free +0001 sector is defect, e.g. access keys are destroyed or unknown +0002 sector is reserved +0003 sector contains additional directory info (useful only for future cards) +0004 sector contains card holder information in ASCII format. +0005 sector not applicable (above memory size) + +0015 - card administration MIKROELEKTRONIKA spol.s.v.MIKROELEKTRONIKA spol.s.v.o. worldwide 1 01.02.2007 Card publisher info +0016 - card administration Mikroelektronika spol.s.r.o., Kpt.Mikroelektronika spol.s.r.o., Kpt. PoEurope 1 10.10.2007 Issuer information + +071C - miscellaneous applications MIKROELEKTRONIKA spol.s.r. MIKROELEKTRONIKA spol.s.r.o., Europe 1 01.12.2008 Customer profile +071D - miscellaneous applications ZAGREBACKI Holding d.o.o. MIKROELEKTRONIKA spol.s.r.o. EUROPE,Croatia 1 01.04.2009 Customer profile +071E - miscellaneous applications ZAGREBACKI Holding d.o.o. MIKROELEKTRONIKA spol.s.r.o. EUROPE,Croatia 1 01.04.2009 Bonus counter + +1835 - city traffic KORID LK, spol.s.r.o. KORID LK, spol.s.r.o. Europe 2 08.09.2008 Eticket +1836 - city traffic MIKROELEKTRONIKA spol.s.r. MIKROELEKTRONIKA spol.s.r.o., Europe 1 01.12.2008 Prepaid coupon 1S +1837 - city traffic ZAGREBACKI Holding d.o.o. MIKROELEKTRONIKA spol.s.r.o. EUROPE,Croatia 1 01.04.2009 Prepaid coupon +1838 - city traffic MIKROELEKTRONIKA spol.s.r. MIKROELEKTRONIKA spol.s.r.o. Europe 1 01.05.2009 Prepaid coupon +1839 - city traffic Mikroelektronika spol.s r.o Mikroelektronika spol.s r.o EUROPE,Czech R 1 01.08.2009 Prepaid coupon +183B - city traffic UNICARD S.A. UNICARD S.A. Poland 15 01.01.2010 city traffic services + +2061 - bus services Mikroelektronika spol.s r.o. Mikroelektronika spol.s r.o. Europe 1 01.08.2008 Electronic ticket +2062 - bus services ZAGREBACKI Holding d.o.o. MIKROELEKTRONIKA spol.s.r.o EUROPE,Croatia 1 01.04.2009 Electronic tiicket +2063 - bus services MIKROELEKTRONIKA spol.s.r. MIKROELEKTRONIKA spol.s.r.o. Europe 3 01.05.2009 electronic ticket + +887B - electronic purse ZAGREBACKI Holding d.o.o. MIKROELEKTRONIKA spol.s.r.o. EUROPE,Croatia 4 01.04.2009 Electronic purse +887C - electronic purse MIKROELEKTRONIKA spol.s.r. MIKROELEKTRONIKA spol.s.r.o. Europe 4 01.05.2009 electronic purse +887D - electronic purse Mikroelektronika spol.s r.o Mikroelektronika spol.s r.o EUROPE,Czech R 4 01.08.2009 Electronic purse +