export utility mooltipass_libusb.py python3

[listerr]

Unfortunately, one of my devices has failed and the other is almost dead (the wheel is intermittent, despite all the trying to recover it with isopropyl etc.) and I can't seem to obtain new devices at the moment. I have the ACS card reader and was trying to use the mooltipass_libusb.py to export the passwords (using a live boot ubuntu on an isolated laptop)

I converted it to python3 as it seems not possible to get some of the modules in pip anymore for python2.7 and got quite far but it falls over:

    Verify_Sec_Code_Packet.append(int('{:08b}'.format((pin_code / 256))[::-1], 2))      # Code byte 1
ValueError: Unknown format code 'b' for object of type 'float'

A type error, but my google-fu and python skills a bit lacking - couldn't work out how to fix. Probably something simple?

root@ubuntu:/home/ubuntu# python3 ./mooltipass_libusb.py 

Mooltipass Card Reader
Reader found
DEVICE ID 072f:90cc on Bus 001 Address 008 =================
 bLength                :   0x12 (18 bytes)
 bDescriptorType        :    0x1 Device
 bcdUSB                 :  0x110 USB 1.1
 bDeviceClass           :    0x0 Specified at interface
 bDeviceSubClass        :    0x0
 bDeviceProtocol        :    0x0
 bMaxPacketSize0        :    0x8 (8 bytes)
 idVendor               : 0x072f
 idProduct              : 0x90cc
 bcdDevice              :  0x100 Device 1.0
 iManufacturer          :    0x1 ACS
 iProduct               :    0x2 CCID USB Reader
 iSerialNumber          :    0x0 
 bNumConfigurations     :    0x1
  CONFIGURATION 1: 100 mA ==================================
   bLength              :    0x9 (9 bytes)
   bDescriptorType      :    0x2 Configuration
   wTotalLength         :   0x5d (93 bytes)
   bNumInterfaces       :    0x1
   bConfigurationValue  :    0x1
   iConfiguration       :    0x0 
   bmAttributes         :   0x80 Bus Powered
   bMaxPower            :   0x32 (100 mA)
    INTERFACE 0: Smart Card ================================
     bLength            :    0x9 (9 bytes)
     bDescriptorType    :    0x4 Interface
     bInterfaceNumber   :    0x0
     bAlternateSetting  :    0x0
     bNumEndpoints      :    0x3
     bInterfaceClass    :    0xb Smart Card
     bInterfaceSubClass :    0x0
     bInterfaceProtocol :    0x0
     iInterface         :    0x0 
      ENDPOINT 0x81: Interrupt IN ==========================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :   0x81 IN
       bmAttributes     :    0x3 Interrupt
       wMaxPacketSize   :    0x8 (8 bytes)
       bInterval        :   0x10
      ENDPOINT 0x2: Bulk OUT ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :    0x2 OUT
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :   0x40 (64 bytes)
       bInterval        :    0x0
      ENDPOINT 0x82: Bulk IN ===============================
       bLength          :    0x7 (7 bytes)
       bDescriptorType  :    0x5 Endpoint
       bEndpointAddress :   0x82 IN
       bmAttributes     :    0x2 Bulk
       wMaxPacketSize   :   0x40 (64 bytes)
       bInterval        :    0x0

Get Reader Info Packet
Max number of command data bytes: 255
Max number of data bytes that can be requested to be transmitted in a response: 255
Firmware: 0x41 0x43 0x52 0x33 0x38 0x2d 0x31 0x31 0x32 0x63 
Supported card types :
- No card type
- I2C <= 16kb card type
- I2C > 16kb card type
- AT88SC153 card type
- AT88SC1608 card type
- SLE4418/28 card type
- SLE4432/42 card type
- SLE4406/36 & SLE5536 card type
- SLE4404 card type
- AT88SC101/102/103 card type
- MCU T=0 card type
- MCU T=1 card type
MCU T=0 card type selected
Card inserted, not powered up

Power Off Packet
Response OK
ICC present and inactive
Clock running
Interrupt packet: array('B', [81, 0, 0, 1])

Power On Packet
abData: 0x3b 0x04 0xf0 0xf0 0x36 0x96 

Select Card Type Packet
Response OK
ICC present and active
Correctly changed card type to AT88SC102

Read Memory Card Packet
Response OK
ICC present and active
Correct AT88SC102 card inserted
Card Initialized by Mooltipass
Number of tries left: 4
User Card

Please enter the path to the memory export file: /home/ubuntu/mooltipass_exp.bin

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  WARNING  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!                                                                                                       !
! Using this tool effectively renders your Mooltipass useless.                                          !
! After accepting the following prompt, your AES key will be fetched from your card.                    !
! Both your credential database and its decryption key will therefore be in your computer memory.       !
! If your computer is infected, all your logins & passwords can be decrypted without your knowledge.    !
! Type "I understand" in the following prompt to proceed                                                !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Text input: I understand

Please Enter Your PIN: ****
Traceback (most recent call last):
  File "./mooltipass_libusb.py", line 557, in <module>
    sequence_number, card_blocked = verify_security_code(epout, epin, pin_code, sequence_number)
  File "./mooltipass_libusb1.py", line 193, in verify_security_code
    Verify_Sec_Code_Packet.append(int('{:08b}'.format((pin_code / 256))[::-1], 2))      # Code byte 1
ValueError: Unknown format code 'b' for object of type 'float'

Step by step guide to reproduce the problem

• Install bootable USB ubuntu.
• apt-get install pcscd 2to3
• pip install simple-crypt
• install driver for ACS card reader
• convert to python3 using 2to3 util

Mooltipass Device

• The Mooltipass Mini

[deXol]

If I'm not mistaken, I did the Python3 conversion here: https://github.com/mooltipass/minible/tree/master/scripts/smc_decode

Could you try it and get back to me? Alternatively, I could sell you a mini ble prototype :) Regards

[listerr]

Thanks for pointing that out. I got the windows one working in the end. The idea was to keep it on an isolated one-time USB boot of Linux to extract the passwords rather than use existing windows box. However.

Process seems to be:

• Install ACR38U-I1 driver for windows
• Uninstall previous versions of Python and the Python Launcher as this prevents changing the path.
• Install Python 3.8 into C:\Python38-x64 (this seems to be where pyscard expects it to be.)
• Install pycryptodome python -m pip install pycryptodome
• Install pyscard: from .msi installer : https://ci.appveyor.com/project/LudovicRousseau/pyscard
  • Select your Python configuration and then go in "Artifacts".
  • You should find .whl, .exe and .msi files.

Connect card reader, insert card and run the script.

I had to reformat the output to something more like .csv format.

• Also wishing I had put a loop of tape on the back of the Mooltipass card, as getting it out of the card reader was a challenge.