Closed ezhevita closed 8 months ago
iceman1001
commented
2 years ago looks like there is something with russian epassorts and 0x011E secure file read of EF_COM...
Try enable debug messages, might get more necessary information out.
data setdeb -2
hf emrtd infodid you test to call the hf emrtd info with the "-n -d -e" params set?
ezhevita
commented
2 years ago Setting data setdeb -2 does make no difference, output is the same
I was calling with set -n -d -e params, as you can see on the screenshot - without them it will show basic info and stop, since authentication is enforced
Also Proxmark gets stuck even after failed authentication:
iceman1001
commented
2 years ago ok, 14B,
Seems to get stuck in the external authentication part where your passport seems to not approve.
And after that your next command fails. Most likely because of field is still on.
ezhevita
commented
2 years ago Is there any debug info I can collect to help?
iceman1001
commented
2 years ago I can confirm that on OSX the emrtd commands get stuck on 8E08 apdu, it creates it but epassport doesnt answer back.
It fails after detecting BrainpoolP384r1 might be related to the mbedtls library we use.
I have confirmed that on ubuntu/wsl it work.
realytcracker
commented
2 years ago client seems to vomit more information on this - prefs set clientdebug --full
after the APDU failure, it locks the device, and you need to unplug and replug to get it working again.
doubly-confirmed, same passport works on ubuntu, fails on x86 and m1 macs.
[=] ------------------ Basic Info ------------------
[+] Communication standard: ISO/IEC 14443(B)
[+] Authentication........: Enforced
[+] PACE..................: Not available
[+] Authentication result.: Successful
[#] cmd: 0CA4020C80000000
[#] data: 011E800000000000
[#] temp: 8FD4DDB974CD9A2C
[#] do87: 8709018FD4DDB974CD9A2C
[#] m: 0CA4020C800000008709018FD4DDB974CD9A2C
[#] ssc-b: 01D4E9C900000000
[#] ssc-a: 01D4E9C900000001
[#] n: 01D4E9C9000000010CA4020C800000008709018FD4DDB974CD9A2C
[#] cc: 2976C3F480D32E36
[#] do8e: 8E082976C3F480D32E36
[#] lc: 21
[#] data: 8709018FD4DDB974CD9A2C8E082976C3F480D32E36
[+] >>>> 0C A4 02 0C 15 87 09 01 8F D4 DD B9 74 CD 9A 2C 8E 08 29 76 C3 F4 80 D3 2E 36 00
[=] You can cancel this operation by pressing the pm3 button
[!!] 🚨 APDU: reply timeout
[!!] 🚨 Failed to secure select 011E
[!!] 🚨 Failed to read EF_COM.edit: nevermind, i am a moron and can't read.
iceman1001
commented
2 years ago it is an odd issue, working on Ubuntu vs not working on M1...
iceman1001
commented
1 year ago @realytcracker I guess you dropped a beat with deadmau5 ?
I don't think this issue will be resolved until someone starts debugging the mbedtls library calls.
Close until someone finds more luck?
realytcracker
commented
1 year ago yes indeed - i lead i very weird existence.if i harvest some time somewhere, i might take a stab at a PR myself to end these shenanigans. feel free to close in the meantime.hacky new year and i hope you are well!On Jan 8, 2023, at 11:30 AM, Iceman @.***> wrote: @realytcracker I guess you dropped a beat with deadmau5 ? I don't think this issue will be resolved until someone starts debugging the mbedtls library calls. Close until someone finds more luck?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>
anders0l
commented
1 year ago same issue for me - stuck on mac os with m1 max and fully work on Ubuntu in UTM virtualisation
please keep this issue open as maybe someone will dive into
ThreeSixes
commented
10 months ago I also have the same issue on an X86 Mac.
piotrva
commented
9 months ago Observed even more drastic behavior with Polish passport - both on Linux and Windows machines Proxmark3 hardware reboots after a few seconds following read command...
iceman1001
commented
9 months ago There is a memory issue, where several 14B apdu calls eats up the bigbuff and eventually into the stack and the device hangs.
anders0l
commented
9 months ago There is a memory issue, where several 14B apdu calls eats up the bigbuff and eventually into the stack and the device hangs.
On my mac, I've got 64gb unified memory and 400GB/s of memory bandwidth, and it's definitely not memory issue. Except there is some configuration memory limit in proxmark itself
piotrva
commented
9 months ago @anders0l - I think this memory is related to internal memory in Proxmark MCU...
iceman1001
commented
9 months ago I was unclear. it is device side related.
piotrva
commented
9 months ago Do RDV4.01 have bigger internal RAM than others?
iceman1001
commented
9 months ago no, it has 64k ram like most MCU from that product line
piotrva
commented
8 months ago Tested new firmware (Iceman/master/v4.17768-170-gf48d49556). Now with Polish Passport I get:
[usb] pm3 --> hf em info -n AB1234567 -d 123456 -e 123456
[=] ..
[=] Authentication is enforced
[=] Switching to external authentication...
[!!] APDU: no APDU response
[!!] Couldn't do external authentication. Did you supply the correct MRZ info?
[=] ------------------ Basic Info ------------------
[+] Communication standard: ISO/IEC 14443(B)
[+] Authentication........: Enforced
[+] PACE..................: Available
[+] Authentication result.: Failed
[=] ----------------- EF_CardAccess ----------------
[+] PACE version..........: 2
[+] PACE algorithm........: ECDH, Generic Mapping, 3DES-CBC-CBC
[+] PACE parameter........: NIST P-256 (secp256r1)So good news is the device is not rebooting. Bad news - still not reading the data ;)
iceman1001
commented
8 months ago if you add
data setde -2
hf emrtd info -n AB1234567 -d 123456 -e 123456
trace save -f polish_pp_nAB1234567_d123456_e123456
hf emrtd list
data setde -0One can look and see what is going wrong in the trace if any and you should have gotten a longer more detailed output
piotrva
commented
8 months ago Well, it might expose some sensitive data, as this is my actual valid passport...
iceman1001
commented
8 months ago In that case you are on your own, I can't not help out. But look at the output and see where it stops
iceman1001
commented
8 months ago Try pulling latest and flash, need to test if it is fixed.
piotrva
commented
8 months ago Hi, again same result
[usb] pm3 --> hf em info -n AB1234567 -d 123456 -e 123456
[=] ..
[=] Authentication is enforced
[=] Switching to external authentication...
[!!] APDU: no APDU response
[!!] Couldn't do external authentication. Did you supply the correct MRZ info?
[=] ------------------ Basic Info ------------------
[+] Communication standard: ISO/IEC 14443(B)
[+] Authentication........: Enforced
[+] PACE..................: Available
[+] Authentication result.: Failed
[=] ----------------- EF_CardAccess ----------------
[+] PACE version..........: 2
[+] PACE algorithm........: ECDH, Generic Mapping, 3DES-CBC-CBC
[+] PACE parameter........: NIST P-256 (secp256r1)Maybe I can send you trace data using some secure channel?
iceman1001
commented
8 months ago Well, either your passport doesn't support BAC,
[!!] Couldn't do external authentication. Did you supply the correct MRZ info?and we don't support PACE.
The first question is, does your pm3 client hang still?
the second is that your password is most likely PACE...
piotrva
commented
8 months ago No, same as I mentioned before - now proxmark does not hang - that is the good news.
Is there any literature I can probably read about the BAC and PACE?
iceman1001
commented
8 months ago use your google-foo to find about machine readable documents. Should be public information
iceman1001
commented
8 months ago Closing , since original issue is solved.
ezhevita
commented
7 months ago @iceman1001 I can still reproduce this issue using the latest pm3 client and firmware
iceman1001
commented
7 months ago Still don't have anything to go with here, until you decide to add proper instructions on how to replicate the issue.
And no, "it doesn't work on my passport" isn't going to help debugging it. Nor have I any russian passports to play with .
In the end, its down to you to solve this issue. We can't.
ezhevita
commented
7 months ago I’ve tried debugging this issue, the firmware itself is alive — i’ve added debug output in the AppMain method in the main loop (that receives new packets from usb) and it goes through without any problems, so it looks like after authentication proxmark just doesn’t receive any packets
also i’ve tried capturing usb interface on macOS using wireshark and i still can see the last sent packet to proxmark there (despite it being non-existent for proxmark)
Describe the bug Proxmark stops responding to any commands after trying to read Russian international passport using command
hf emrtd info(and getting timeout during it). Reconnecting (and thus rebooting Proxmark) will bring it back alive.To Reproduce Steps to reproduce the behavior:
hf emrtd info ...on a Russian international passportExpected behavior Passport will be successfully read.
Screenshots
Desktop (please complete the following information):
hw version
Additional context Despite being tested on the Chinese copy of Proxmark3 Easy, issue is reproducible on other Easy devices and RDV4. Also NFC chip in the passport I was testing isn't faulty - I tried multiple and they all behave the same.