#if defined(HAVE_CONFIG_H) # include "config.h" #endif #include #include #include #include #include /* * This example was written based on information provided by the * following documents: * * AN11004 Mifare DESFire as Type 4 Tag * NFC Forum Type 4 Tag Extensions for Mifare DESFire * Rev. 1.1 - 21 August 2007 * Rev. 2.2 - 4 January 2012 * */ uint8_t key_data_picc[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t key_data_app[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; struct { bool interactive; } create_options = { .interactive = true }; static void usage(char *progname) { fprintf(stderr, "This application turns Mifare DESFire targets into NFC Forum Type 4 Tags.\n"); fprintf(stderr, "usage: %s [-y] [-K 11223344AABBCCDD]\n", progname); fprintf(stderr, "\nOptions:\n"); fprintf(stderr, " -y Do not ask for confirmation\n"); fprintf(stderr, " -K Provide another PICC key than the default one\n"); } int main(int argc, char *argv[]) { int ch; int error = EXIT_SUCCESS; nfc_device *device = NULL; FreefareTag *tags = NULL; while ((ch = getopt(argc, argv, "hyK:")) != -1) { switch (ch) { case 'h': usage(argv[0]); exit(EXIT_SUCCESS); break; case 'y': create_options.interactive = false; break; case 'K': if (strlen(optarg) != 16) { usage(argv[0]); exit(EXIT_FAILURE); } uint64_t n = strtoull(optarg, NULL, 16); int i; for (i = 7; i >= 0; i--) { key_data_picc[i] = (uint8_t) n; n >>= 8; } break; default: usage(argv[0]); exit(EXIT_FAILURE); } } // Remaining args, if any, are in argv[optind .. (argc-1)] nfc_connstring devices[8]; size_t device_count; nfc_context *context; nfc_init(&context); if (context == NULL) errx(EXIT_FAILURE, "Unable to init libnfc (malloc)"); device_count = nfc_list_devices(context, devices, 8); if (device_count <= 0) errx(EXIT_FAILURE, "No NFC device found."); for (size_t d = 0; d < device_count; d++) { device = nfc_open(context, devices[d]); if (!device) { warnx("nfc_open() failed."); error = EXIT_FAILURE; continue; } tags = freefare_get_tags(device); if (!tags) { nfc_close(device); errx(EXIT_FAILURE, "Error listing tags."); } for (int i = 0; (!error) && tags[i]; i++) { if (MIFARE_DESFIRE != freefare_get_tag_type(tags[i])) continue; char *tag_uid = freefare_get_tag_uid(tags[i]); char buffer[BUFSIZ]; int res; res = mifare_desfire_connect(tags[i]); if (res < 0) { warnx("Can't connect to Mifare DESFire target."); error = EXIT_FAILURE; break; } // We've to track DESFire version as NDEF mapping is different struct mifare_desfire_version_info info; res = mifare_desfire_get_version(tags[i], &info); if (res < 0) { freefare_perror(tags[i], "mifare_desfire_get_version"); error = 1; break; } printf("Found %s with UID %s and software v%d.%d\n", freefare_get_tag_friendly_name(tags[i]), tag_uid, info.software.version_major, info.software.version_minor); bool create_ndef = true; int ndef_mapping; switch (info.software.version_major) { case 0: ndef_mapping = 1; break; case 1: ndef_mapping = 2; break; default: // newer version? let's assume it supports latest mapping too warnx("Software version not supported. Assuming backward compatibility with version 1."); ndef_mapping = 2; } if (create_options.interactive) { printf("Create NDEF app v%d [yN] ", ndef_mapping); fgets(buffer, BUFSIZ, stdin); create_ndef = ((buffer[0] == 'y') || (buffer[0] == 'Y')); } else { printf("\n"); } if (create_ndef) { /* Initialised Formatting Procedure. See section 6.5.1 and 8.1 of Mifare DESFire as Type 4 Tag document*/ // Send Mifare DESFire Select Application with AID equal to 000000h to select the PICC level res = mifare_desfire_select_application(tags[i], NULL); if (res < 0) errx(EXIT_FAILURE, "Application selection failed"); MifareDESFireKey key_picc; MifareDESFireKey key_app; key_picc = mifare_desfire_des_key_new_with_version(key_data_picc); key_app = mifare_desfire_des_key_new_with_version(key_data_app); // Authentication with PICC master key MAY be needed to issue ChangeKeySettings command res = mifare_desfire_authenticate(tags[i], 0, key_picc); if (res < 0) errx(EXIT_FAILURE, "Authentication with PICC master key failed"); MifareDESFireAID aid; if (ndef_mapping == 1) { uint8_t key_settings; uint8_t max_keys; mifare_desfire_get_key_settings(tags[i], &key_settings, &max_keys); if ((key_settings & 0x08) == 0x08) { // Send Mifare DESFire ChangeKeySetting to change the PICC master key settings into : // bit7-bit4 equal to 0000b // bit3 equal to Xb, the configuration of the PICC master key MAY be changeable or frozen // bit2 equal to 0b, CreateApplication and DeleteApplication commands are allowed with PICC master key authentication // bit1 equal to 0b, GetApplicationIDs, and GetKeySettings are allowed with PICC master key authentication // bit0 equal to Xb, PICC masterkey MAY be frozen or changeable res = mifare_desfire_change_key_settings(tags[i], 0x09); if (res < 0) errx(EXIT_FAILURE, "ChangeKeySettings failed"); } // Mifare DESFire Create Application with AID equal to EEEE10h, key settings equal to 0x09, NumOfKeys equal to 01h aid = mifare_desfire_aid_new(0xEEEE10); res = mifare_desfire_create_application(tags[i], aid, 0x09, 1); if (res < 0) errx(EXIT_FAILURE, "Application creation failed. Try mifare-desfire-format before running %s.", argv[0]); // Mifare DESFire SelectApplication (Select previously creates application) res = mifare_desfire_select_application(tags[i], aid); if (res < 0) errx(EXIT_FAILURE, "Application selection failed"); free(aid); // Authentication with NDEF Tag Application master key (Authentication with key 0) res = mifare_desfire_authenticate(tags[i], 0, key_app); if (res < 0) errx(EXIT_FAILURE, "Authentication with NDEF Tag Application master key failed"); // Mifare DESFire ChangeKeySetting with key settings equal to 00001001b res = mifare_desfire_change_key_settings(tags[i], 0x09); if (res < 0) errx(EXIT_FAILURE, "ChangeKeySettings failed"); // Mifare DESFire CreateStdDataFile with FileNo equal to 03h (CC File DESFire FID), ComSet equal to 00h, // AccesRights equal to E000h, File Size bigger equal to 00000Fh res = mifare_desfire_create_std_data_file(tags[i], 0x03, MDCM_PLAIN, 0xE000, 0x00000F); if (res < 0) errx(EXIT_FAILURE, "CreateStdDataFile failed"); // Mifare DESFire WriteData to write the content of the CC File with CClEN equal to 000Fh, // Mapping Version equal to 10h,MLe equal to 003Bh, MLc equal to 0034h, and NDEF File Control TLV // equal to T =04h, L=06h, V=E1 04 (NDEF ISO FID=E104h) 0E E0 (NDEF File size =3808 Bytes) 00 (free read access) // 00 free write access uint8_t capability_container_file_content[15] = { 0x00, 0x0F, // CCLEN: Size of this capability container.CCLEN values are between 000Fh and FFFEh 0x10, // Mapping version 0x00, 0x3B, // MLe: Maximum data size that can be read using a single ReadBinary command. MLe = 000Fh-FFFFh 0x00, 0x34, // MLc: Maximum data size that can be sent using a single UpdateBinary command. MLc = 0001h-FFFFh 0x04, 0x06, // T & L of NDEF File Control TLV, followed by 6 bytes of V: 0xE1, 0x04, // File Identifier of NDEF File 0x0E, 0xE0, // Maximum NDEF File size of 3808 bytes 0x00, // free read access 0x00 // free write acces }; res = mifare_desfire_write_data(tags[i], 0x03, 0, sizeof(capability_container_file_content), capability_container_file_content); if (res > 0) { // Mifare DESFire CreateStdDataFile with FileNo equal to 04h (NDEF FileDESFire FID), CmmSet equal to 00h, AccessRigths // equal to EEE0h, FileSize equal to 000EE0h (3808 Bytes) res = mifare_desfire_create_std_data_file(tags[i], 0x04, MDCM_PLAIN, 0xEEE0, 0x000EE0); if (res < 0) errx(EXIT_FAILURE, "CreateStdDataFile failed"); } else { errx(EXIT_FAILURE, "Write CC file content failed"); } } else if (ndef_mapping == 2) { // Mifare DESFire Create Application with AID equal to 000001h, key settings equal to 0x0F, NumOfKeys equal to 01h, // 2 bytes File Identifiers supported, File-ID equal to E110h aid = mifare_desfire_aid_new(0x000001); uint8_t app[] = {0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01}; res = mifare_desfire_create_application_iso(tags[i], aid, 0x0F, 0x21, 0, 0xE110, app, sizeof(app)); if (res < 0) errx(EXIT_FAILURE, "Application creation failed. Try mifare-desfire-format before running %s.", argv[0]); // Mifare DESFire SelectApplication (Select previously creates application) res = mifare_desfire_select_application(tags[i], aid); if (res < 0) errx(EXIT_FAILURE, "Application selection failed"); free(aid); // Authentication with NDEF Tag Application master key (Authentication with key 0) res = mifare_desfire_authenticate(tags[i], 0, key_app); if (res < 0) errx(EXIT_FAILURE, "Authentication with NDEF Tag Application master key failed"); // Mifare DESFire CreateStdDataFile with FileNo equal to 01h (DESFire FID), ComSet equal to 00h, // AccesRights equal to E000h, File Size bigger equal to 00000Fh, ISO File ID equal to E103h res = mifare_desfire_create_std_data_file_iso(tags[i], 0x01, MDCM_PLAIN, 0xE000, 0x00000F, 0xE103); if (res < 0) errx(EXIT_FAILURE, "CreateStdDataFileIso failed"); // Mifare DESFire WriteData to write the content of the CC File with CClEN equal to 000Fh, // Mapping Version equal to 20h,MLe equal to 003Bh, MLc equal to 0034h, and NDEF File Control TLV // equal to T =04h, L=06h, V=E1 04 (NDEF ISO FID=E104h) 0xNNNN (NDEF File size = 0x0800/0x1000/0x1E00 bytes) // 00 (free read access) 00 free write access uint8_t capability_container_file_content[15] = { 0x00, 0x0F, // CCLEN: Size of this capability container.CCLEN values are between 000Fh and FFFEh 0x20, // Mapping version 0x00, 0x3B, // MLe: Maximum data size that can be read using a single ReadBinary command. MLe = 000Fh-FFFFh 0x00, 0x34, // MLc: Maximum data size that can be sent using a single UpdateBinary command. MLc = 0001h-FFFFh 0x04, 0x06, // T & L of NDEF File Control TLV, followed by 6 bytes of V: 0xE1, 0x04, // File Identifier of NDEF File 0x04, 0x00, // Maximum NDEF File size of 1024 bytes 0x00, // free read access 0x00 // free write acces }; uint16_t ndefmaxsize = 0x0800; uint16_t announcedsize = 1 << (info.software.storage_size >> 1); if (announcedsize >= 0x1000) ndefmaxsize = 0x1000; if (announcedsize >= 0x1E00) ndefmaxsize = 0x1E00; capability_container_file_content[11] = ndefmaxsize >> 8; capability_container_file_content[12] = ndefmaxsize & 0xFF; res = mifare_desfire_write_data(tags[i], 0x01, 0, sizeof(capability_container_file_content), capability_container_file_content); if (res > 0) { // Mifare DESFire CreateStdDataFile with FileNo equal to 02h (DESFire FID), CmmSet equal to 00h, AccessRigths // equal to EEE0h, FileSize equal to ndefmaxsize (0x000800, 0x001000 or 0x001E00) res = mifare_desfire_create_std_data_file_iso(tags[i], 0x02, MDCM_PLAIN, 0xEEE0, ndefmaxsize, 0xE104); if (res < 0) errx(EXIT_FAILURE, "CreateStdDataFileIso failed"); } else { errx(EXIT_FAILURE, "Write CC file content failed"); } } mifare_desfire_key_free(key_picc); mifare_desfire_key_free(key_app); } mifare_desfire_disconnect(tags[i]); free(tag_uid); } freefare_free_tags(tags); nfc_close(device); } nfc_exit(context); exit(error); }