Basic Gallagher support on DESFire

tomaspre commented 1 year ago

I've been working on getting the Chameleon to work with Gallagher authentication on DESFire. This PR includes code for the very basic ability for:

Writing Gallagher data onto the Chameleon in DESFire EV1 4k mode using Proxmark
Reading that data back using Proxmark

It also includes:

Fix of the binary search for DESFire commands.
Removal of resetting the card every tick.
Reclaim of allocated blocks when formatting the PICC.
Fixed CRC32 for DESFire.
New CMAC functions (adapted from the Proxmark library) that pass my tests for DESFire use
Ability to keep updating the IV during DESFire operations (this is not called in every function that requires it yet, but the support is there). This calculates CMAC of incoming commands.
Ability to change the master key type to AES even if the reader identifies the AES master key as number 0x80.
Reset the selected AID to 000000 after WUPA which seems to be needed but not documented.
Very limited support for encrypted file reading and writing (maximum 32 bytes of encrypted data, including CRC, is supported). This is not for the fully encrypted communication but when the comm is done in plain and the file is set to be read/written encrypted.

This is my first contribution to the project. Testing is very much needed from someone else too (I tested as much as I could).

Gallagher read using Proxmark from Chameleon (note - includes extra debugging info from PM3)

[usb] pm3 --> hf gallagher reader --apdu [+] Setting ISODEP -> inactive
[+] Setting ISODEP -> inactive
[+] >>>> 90 5A 00 00 03 F4 81 2F 00
[+] Setting ISODEP -> inactive
[+] Setting ISODEP -> NFC-A
[+] <<<< 91 00
[+] >>>> 90 BD 00 00 07 00 00 00 00 24 00 00 00
[+] <<<< 02 03 F8 20 81 F4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 91 00 [+] Setting ISODEP -> inactive
[+] >>>> 90 5A 00 00 03 F4 81 20 00
[+] Setting ISODEP -> inactive
[+] Setting ISODEP -> NFC-A
[+] <<<< 91 00
[=] IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [0] (null)
[=] IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [0]
[+] >>>> 90 AA 00 00 01 00 00
[+] <<<< 38 1D E0 9A 30 ED 7B 7F 90 22 C7 1D F2 7E 95 A0 91 AF
[=] IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [0] (null)
[=] IV: 38 1D E0 9A 30 ED 7B 7F 90 22 C7 1D F2 7E 95 A0 [0] (null)
[+] >>>> 90 AF 00 00 20 48 EA C4 15 E3 62 24 45 E5 BE EA B6 80 41 76 B6 9A F4 93 42 98 53 6B EC 44 EF 27 A4 CC 7C 56 CC 00 [+] <<<< D9 69 5F B5 87 DF 2B E8 1A 2D FF 5B 96 57 61 2B 91 00
[=] IV: 9A F4 93 42 98 53 6B EC 44 EF 27 A4 CC 7C 56 CC [0] (null)
[=] CMAC over: BD 00 00 00 00 10 00 00
[=] IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [0] (null)
[=] IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [0]
[+] >>>> 90 BD 00 00 07 00 00 00 00 10 00 00 00
[+] <<<< 8C 9B 6F E5 A4 A8 01 EC BC 9C F8 35 A7 A9 9F BE AE 54 16 07 FA A8 42 2D 03 E4 08 EF 92 EC 1D 6D 91 00 [=] IV: DD C7 0A 5D 86 33 16 DF A0 11 78 5C A8 E4 77 57 [0]
[+] Gallagher (AID 2081F4) - region: C ( 2 ), facility: 1111, card number: 438456, issue level: 1

fptrs commented 1 year ago

Hi @tomaspre, nice work so far. How did you build the firmware (make desfire?) and how did you create the Gallagher application on the Chameleon? I tried to use the proxmark but ran into a problem. proxmark:

[usb] pm3 --> hf gallagher clone --rc 1 --fc 22 --cn 3333 --il 4 --sitekey 00112233445566778899aabbccddeeff -t aes
[#] error DESFIRESendApdu Requested AID not present on PICC
[#] encRndB: AC D6 2C D0 ED 7D 3F A4 
[#] RndB: C8 D8 67 74 6E CA C8 92 
[#] rotRndB: D8 67 74 6E CA C8 92 1B 90 19 39 7C 1F 83 03 C8 
[#] Both   : 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 D8 67 74 6E CA C8 92 1B 90 19 39 7C 1F 83 03 C8 
[#] encRndB: 23 22 5A 71 C6 C5 F5 67 
[#] RndB: DB C0 87 EB 50 59 81 09 
[#] rotRndB: C0 87 EB 50 59 81 09 FE 57 8E B0 A9 89 0F F8 DB 
[#] Both   : 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 C0 87 EB 50 59 81 09 FE 57 8E B0 A9 89 0F F8 DB 
[=] Diversified key 0 for CAD (AID 2F81F4): 3042D12F223D4D26926775482BF56E88
[=] Successfully created Card Application Directory (AID 2F81F4)
[#]     KDF Input: 08 68 49 DB 16 18 06 00 F4 81 2F 
[#]  Derrived key: 30 42 D1 2F 22 3D 4D 26 92 67 75 48 2B F5 6E 88 
[#] encRndB: 9D D7 8C 85 84 72 A1 51 
[#] RndB: DD 16 E3 45 53 2D D0 FD 
[#] rotRndB: 16 E3 45 53 2D D0 FD E2 F5 ED DF 2F 30 2B 8C DD 
[#] Both   : 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 16 E3 45 53 2D D0 FD E2 F5 ED DF 2F 30 2B 8C DD 
[=] Successfully added new entry for 2081F4 to the Card Application Directory
[#] encRndB: 2E 86 87 C3 95 12 23 1B 
[#] RndB: EF 0B B7 84 56 C7 6E 15 
[#] rotRndB: 0B B7 84 56 C7 6E 15 DC 03 8C A6 E0 12 B3 9D EF 
[#] Both   : 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 0B B7 84 56 C7 6E 15 DC 03 8C A6 E0 12 B3 9D EF 
[#] error DESFIRESendApdu Value of the parameter(s) invalid
[!!] 🚨 Failed creating application 2081F4. Does it already exist?
[!!] 🚨 Failed creating Gallagher application

chameleon:

14629 ms <  +192 ms>:CODEC RX                     (1   bytes) [52                  ]    
14629 ms <    +0 ms>:CODEC TX                     (2   bytes) [0403                ]    
14629 ms <    +0 ms>:CODEC RX                     (1   bytes) [52                  ]    
14629 ms <    +0 ms>:CODEC TX                     (2   bytes) [0403                ]    
14630 ms <    +1 ms>:CODEC RX                     (2   bytes) [9320                ]    
14630 ms <    +0 ms>:CODEC TX                     (5   bytes) [88086849a1          ]    
14631 ms <    +1 ms>:CODEC RX                     (9   bytes) [937088086849a1430a  ]    
14631 ms <    +0 ms>:CODEC TX                     (3   bytes) [24d836              ]    
14632 ms <    +1 ms>:CODEC RX                     (2   bytes) [9520                ]    
14632 ms <    +0 ms>:CODEC TX                     (5   bytes) [db161806d3          ]    
14634 ms <    +2 ms>:CODEC RX                     (9   bytes) [9570db161806d32042  ]    
14634 ms <    +0 ms>:CODEC TX                     (3   bytes) [20fc70              ]    
14635 ms <    +1 ms>:CODEC RX                     (4   bytes) [e0803173            ]    
14635 ms <    +0 ms>:CODEC TX                     (8   bytes) [06750081028066fd    ]    
14681 ms <   +46 ms>:CODEC RX                     (10  bytes) [0290aa0000010000919e]    
14683 ms <    +2 ms>:CODEC TX                     (21  bytes) [022e8687c39512231be39d2c70a205472191afa619]    
14725 ms <   +42 ms>:CODEC RX                     (41  bytes) [0390af0000205abeaffe3fe682a4a82fbea1f55aa1da5d6f9db86e7af7c2588b7af269399f0700d5d4]    
14726 ms <    +1 ms>:CODEC TX                     (21  bytes) [0311856dd1adbec256bd91f57f6620dc7b9100cb0a]    
14762 ms <   +36 ms>:CODEC RX                     (14  bytes) [0290ca000005f481200b8300e1a8]    <-- create application with 3 keys
14763 ms <    +1 ms>:CODEC TX                     (5   bytes) [02919ede6d          ]

The Chameleon returns the parameter error (9E) because the number of keys exceeds the maximum number of keys, which is 2, because by default (make desfire) the firmware is built with the flag MEMORY_LIMITED_TESTING. You can replace MEMORY_LIMITED_TESTING in BuildScripts/custom_build_targets.mk with suitable values for DESFIRE_CUSTOM_MAX_KEYS etc.

tomaspre commented 1 year ago

Hi @fptrs,

Thanks for testing the code! I create the Gallagher app with this command: hf gallagher clone -t aes --rc 2 --fc yyyy--cn xxxxxxx --il 1 -k 00000000000000000000000000000000 -v (FC and CN are censored here.)

As you mentioned, I'm pretty sure that the errors are caused by insufficient memory, probably by the DESFIRE_CUSTOM_MAX_KEYS setting. I actually edited the Makefile, enabling just DESFire support without the MEMORY_LIMITED_TESTING=1 parameter. I'll try to modify the make desfire option so it's compatible with Gallagher.

Also, I just added two more commits. If you compile the whole PR now, it adds support for actually authenticating to a Gallagher reader and opening a door with just the Chameleon! I'm pretty excited about that, here's a quick demo video. https://user-images.githubusercontent.com/6633873/196441287-7efe1c29-3b6c-4159-a8ce-b8ab3edeffcb.mp4

tomaspre commented 1 year ago

I added a new option to the Makefile - make desfire-gallagher which increases the maximum number of keys to 3 (and keeps everything else the same as make desfire. Now everything should, hopefully, work without issues.

fptrs commented 1 year ago

Nice work @tomaspre 👍 But I don't think we need another build target, you can just apply your changes to the default desfire build in order to support Gallagher.

tomaspre commented 1 year ago

Okay, I finally got to adapting the make desfire build target. It should now support Gallagher without any issues. Next, I'll try to implement a terminal command to load Gallagher data onto the Chameleon without the need for Proxmark. But that is going to be a separate PR.

emsec / ChameleonMini

Basic Gallagher support on DESFire #327