Christina Quast | 69d1f90 | 2015-04-03 11:41:23 +0200 | [diff] [blame] | 1 | import usb.core |
| 2 | import usb.util |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 3 | import array |
Christina Quast | 69d1f90 | 2015-04-03 11:41:23 +0200 | [diff] [blame] | 4 | |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 5 | from ccid_raw import SmartcardConnection |
Christina Quast | 158c1dd | 2015-04-17 20:19:29 +0200 | [diff] [blame] | 6 | from smartcard_emulator import SmartCardEmulator |
Christina Quast | 425717d | 2015-05-14 17:20:55 +0200 | [diff] [blame] | 7 | from gsmtap import gsmtap_send_apdu |
Christina Quast | 95270b1 | 2015-04-04 19:59:03 +0200 | [diff] [blame] | 8 | |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 9 | from contextlib import closing |
| 10 | |
Christina Quast | f2e53f0 | 2015-04-11 08:42:38 +0200 | [diff] [blame] | 11 | from util import HEX |
Christina Quast | 9547e9f | 2015-04-14 22:18:30 +0200 | [diff] [blame] | 12 | from constants import * |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 13 | from apdu_split import Apdu_splitter, apdu_states |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 14 | |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 15 | def pattern_match(inpt): |
| 16 | print("Matching inpt", inpt) |
Christina Quast | 94ddb91 | 2015-04-11 12:29:41 +0200 | [diff] [blame] | 17 | if (inpt == ATR_SYSMOCOM1) or (inpt == ATR_STRANGE_SIM): |
| 18 | print("ATR: ", inpt) |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 19 | return NEW_ATR |
| 20 | elif (inpt == CMD_SEL_FILE): |
Christina Quast | 94ddb91 | 2015-04-11 12:29:41 +0200 | [diff] [blame] | 21 | print("CMD_SEL_FILE:", inpt) |
| 22 | return CMD_SEL_ROOT |
| 23 | elif (inpt == CMD_GET_DATA): |
| 24 | print("CMD_DATA:", inpt) |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 25 | return CMD_SEL_ROOT |
| 26 | else: |
| 27 | return inpt |
Christina Quast | 69d1f90 | 2015-04-03 11:41:23 +0200 | [diff] [blame] | 28 | |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 29 | def poll_ep(dev, ep): |
| 30 | try: |
Christina Quast | 3a47a4f | 2015-04-11 18:16:14 +0200 | [diff] [blame] | 31 | return dev.read(ep, 64, 10) |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 32 | except usb.core.USBError as e: |
| 33 | if e.errno != ERR_TIMEOUT: |
| 34 | raise |
| 35 | return None |
Christina Quast | 69d1f90 | 2015-04-03 11:41:23 +0200 | [diff] [blame] | 36 | |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 37 | def write_phone(dev, resp): |
Christina Quast | f2e53f0 | 2015-04-11 08:42:38 +0200 | [diff] [blame] | 38 | print("WR: ", HEX(resp)) |
Christina Quast | 3a47a4f | 2015-04-11 18:16:14 +0200 | [diff] [blame] | 39 | dev.write(PHONE_WR, resp, 10) |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 40 | |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 41 | def replace(data): |
| 42 | if data is None: |
| 43 | raise MITMReplaceError |
| 44 | else: |
| 45 | try: |
| 46 | if data[0] == 0x3B: |
| 47 | print("*** Replace ATR") |
Christina Quast | b6e005c | 2015-05-04 15:28:03 +0200 | [diff] [blame] | 48 | return array('B', NEW_ATR) |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 49 | elif data[0] == 0x9F: |
| 50 | print("*** Replace return val") |
| 51 | # return array('B', [0x60, 0x00]) |
Christina Quast | 34d4eb3 | 2015-05-04 17:50:32 +0200 | [diff] [blame] | 52 | elif data == PHONE_BOOK_RESP: |
| 53 | print("*** Replace phone book") |
| 54 | return PHONE_BOOK_RESP_MITM |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 55 | except ValueError: |
| 56 | print("*** Value error! ") |
| 57 | return data |
| 58 | |
Christina Quast | 020e5d6 | 2015-05-14 18:11:23 +0200 | [diff] [blame^] | 59 | def do_mitm(dev, sim_emul=True): |
Christina Quast | 158c1dd | 2015-04-17 20:19:29 +0200 | [diff] [blame] | 60 | if sim_emul == True: |
| 61 | my_class = SmartCardEmulator |
| 62 | else: |
| 63 | my_class = SmartcardConnection |
| 64 | with closing(my_class()) as sm_con: |
Christina Quast | 6f664a3 | 2015-04-06 19:08:04 +0200 | [diff] [blame] | 65 | atr = sm_con.getATR() |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 66 | |
| 67 | apdus = [] |
| 68 | apdu = Apdu_splitter() |
| 69 | |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 70 | while True: |
| 71 | cmd = poll_ep(dev, PHONE_INT) |
| 72 | if cmd is not None: |
Christina Quast | f2e53f0 | 2015-04-11 08:42:38 +0200 | [diff] [blame] | 73 | print("Int line ", HEX(cmd)) |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 74 | assert cmd[0] == ord('R') |
Christina Quast | 6f664a3 | 2015-04-06 19:08:04 +0200 | [diff] [blame] | 75 | # FIXME: restart card anyways? |
| 76 | # sm_con.reset_card() |
Christina Quast | f2e53f0 | 2015-04-11 08:42:38 +0200 | [diff] [blame] | 77 | print("Write atr: ", HEX(atr)) |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 78 | write_phone(dev, replace(atr)) |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 79 | apdus = [] |
| 80 | apdu = Apdu_splitter() |
Christina Quast | 69d1f90 | 2015-04-03 11:41:23 +0200 | [diff] [blame] | 81 | |
Christina Quast | 88c7fa1 | 2015-04-06 00:35:03 +0200 | [diff] [blame] | 82 | cmd = poll_ep(dev, PHONE_RD) |
| 83 | if cmd is not None: |
Christina Quast | f2e53f0 | 2015-04-11 08:42:38 +0200 | [diff] [blame] | 84 | print("RD: ", HEX(cmd)) |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 85 | for c in cmd: |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 86 | if apdu.state == apdu_states.APDU_S_FIN: |
| 87 | apdus.append(apdu) |
Christina Quast | 425717d | 2015-05-14 17:20:55 +0200 | [diff] [blame] | 88 | gsmtap_send_apdu(apdu.buf) |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 89 | apdu = Apdu_splitter() |
| 90 | |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 91 | apdu.split(c) |
Christina Quast | 08ea861 | 2015-05-03 16:34:32 +0200 | [diff] [blame] | 92 | if apdu.state == apdu_states.APDU_S_FIN and apdu.pts_buf == [0xff, 0x00, 0xff]: |
Christina Quast | b6e005c | 2015-05-04 15:28:03 +0200 | [diff] [blame] | 93 | #sim_data = sm_con.send_receive_cmd(apdu.pts_buf) |
| 94 | #write_phone(dev, replace(array('B', sim_data))) |
| 95 | write_phone(dev, replace(array('B', apdu.pts_buf))) |
Christina Quast | 08ea861 | 2015-05-03 16:34:32 +0200 | [diff] [blame] | 96 | continue; |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 97 | |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 98 | if apdu.state == apdu_states.APDU_S_SW1: |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 99 | if apdu.data is not None and len(apdu.data) == 0: |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 100 | # FIXME: implement other ACK types |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 101 | write_phone(dev, replace(array('B', [apdu.ins]))) |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 102 | apdu.split(apdu.ins) |
| 103 | else: |
| 104 | sim_data = sm_con.send_receive_cmd(apdu.buf) |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 105 | write_phone(dev, replace(sim_data)) |
Christina Quast | 5384061 | 2015-04-16 11:10:59 +0200 | [diff] [blame] | 106 | for c in sim_data: |
| 107 | apdu.split(c) |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 108 | elif apdu.state == apdu_states.APDU_S_SEND_DATA: |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 109 | sim_data = sm_con.send_receive_cmd(replace(apdu.buf)) |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 110 | sim_data.insert(0, apdu.ins) |
Christina Quast | 46a9367 | 2015-04-21 23:00:52 +0200 | [diff] [blame] | 111 | write_phone(dev, replace(sim_data)) |
Christina Quast | fb91bb7 | 2015-04-18 13:31:42 +0200 | [diff] [blame] | 112 | apdu.state = apdu_states.APDU_S_SW1 |
| 113 | for c in sim_data: |
| 114 | apdu.split(c) |