desfire: added AES-authentication

dev-zzo / ChameleonMini

The ChameleonMini is a versatile contactless smartcard emulator compliant to NFC. For further information see the Getting Started Page or the GitHub-Wiki-Tab above.

https://rawgit.com/emsec/ChameleonMini/master/Doc/Doxygen/html/Page_GettingStarted.html

Other

14 stars 1 forks source link

desfire: added AES-authentication #5

Open shombre opened 8 years ago

shombre commented 8 years ago

implemented (EV1) AES authentication.

dev-zzo commented 8 years ago

Thanks for your patch!

A few minor nits:

It seems the accepted naming style is CamelCase through most of the project -- would be nice to follow that for new code as well
Your code has tab indentation, whereas surrounding code has 4 spaces per stop... it kind of breaks things visually.

What documentation did you follow when implementing this command? Or was it e.g. libfreefire or other open-source code?

shombre commented 8 years ago

I changed the codestyle.

Shall I merge my branch locally to the latest version of your desfire branch? It's my first time using Github. : )

dev-zzo commented 8 years ago

Hey, it's the same for me, never worked together with a lot of people and forks-branches-merges before :D 'd suggest holding this a bit until we sort things out with EV0 legacy auth, then we can merge in your code. I suspect a lot of things might change before we get it to do what it is supposed to... And thanks for working on EV1 code :)

shombre commented 8 years ago

ok, but just for clarification: the aes-auth is tested and working. : ) I did not verify the sessionkey yet.

I will go on with EV1 in this branch.

dev-zzo commented 8 years ago

I'd suggest creating topic branches instead if possible so we can integrate things easier.

dev-zzo commented 8 years ago

Right. I've hit the 2k lines in MifareDesfire.c, and it is really inconvenient to navigate in. I will be splitting things between external interface implementation (starting from Chameleon application stuff and up to DESFire command handlers) and internal implementation (everything that lies below command handlers). Please expect to rebase your patch due to these significant changes. I am also introducing a way to restrict the selected configuration to a specific card revision (e.g. EV0 commands only) during init time.

dev-zzo commented 8 years ago

Please see commit 9d375446. It looks scary. xD

geo-rg commented 7 years ago

I'd suggest that we make the AES auth more general, since there is also 3K3DES, which basically works the same except for the encryption part.

Anyways: great work so far!

shombre commented 7 years ago

Job and family keeps me busy, so i don't find time to contribute to this great project at the moment. Unfortunately! But once 3K3DES is working (auth and comm) it should be pretty forward to adopt AES. Or vice versa :)

herrmanns commented 6 years ago

sorry for bothering you experts but are there any additional options which i can use with the mf_desfire sim/emu mode. i currently have the problem that my reader quits just with "unknown card" when i try to read chameleon. thats why i am asking if it is just enough to config=mf_desfire_ev1_4k for example and define any uid?

dev-zzo commented 6 years ago

@herrmanns this depends on many factors. First, there are limitations in Chameleon's hardware that disallow certain capabilities of the original cards. Second, the firmware is broken at the moment anyway. :D Third, it is also important what the reader actually is expecting to find on the card. If you could e.g. record the whole transaction with proxmark3 or somesuch, that would help to look into what's going on there.

dev-zzo commented 6 years ago

I suggest we move this discussion elsewhere -- please create a new issue for this so you are subscribed to it as well.