Gitiles
Code Review Sign In
gerrit.osmocom.org / simtrace2 / 46a93672d3e2c1bb2b06f0e802b37c607cad3a7d / . / usb_application / mitm.py
blob: 6a7e87a029e069026695a4ef017813501294e0b4 [file] [log] [blame]
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]1import usb.core
2import usb.util
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]3import array
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]4
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]5from ccid_raw import SmartcardConnection
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]6from smartcard_emulator import SmartCardEmulator
Christina Quast95270b12015-04-04 19:59:03 +0200[diff] [blame]7
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]8from contextlib import closing
9
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]10from util import HEX
Christina Quast9547e9f2015-04-14 22:18:30 +0200[diff] [blame]11from constants import *
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]12from apdu_split import Apdu_splitter, apdu_states
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]13
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]14def find_dev():
15 dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004)
16 if dev is None:
17 raise ValueError("Device not found")
18 else:
19 print("Found device")
20 return dev
21
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]22def pattern_match(inpt):
23 print("Matching inpt", inpt)
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]24 if (inpt == ATR_SYSMOCOM1) or (inpt == ATR_STRANGE_SIM):
25 print("ATR: ", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]26 return NEW_ATR
27 elif (inpt == CMD_SEL_FILE):
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]28 print("CMD_SEL_FILE:", inpt)
29 return CMD_SEL_ROOT
30 elif (inpt == CMD_GET_DATA):
31 print("CMD_DATA:", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]32 return CMD_SEL_ROOT
33 else:
34 return inpt
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]35
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]36def poll_ep(dev, ep):
37 try:
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]38 return dev.read(ep, 64, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]39 except usb.core.USBError as e:
40 if e.errno != ERR_TIMEOUT:
41 raise
42 return None
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]43
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]44def write_phone(dev, resp):
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]45 print("WR: ", HEX(resp))
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]46 dev.write(PHONE_WR, resp, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]47
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame^]48def replace(data):
49 if data is None:
50 raise MITMReplaceError
51 else:
52 try:
53 if data[0] == 0x3B:
54 print("*** Replace ATR")
55 return array('B', ATR_SYSMOCOM2)
56 elif data[0] == 0x9F:
57 print("*** Replace return val")
58# return array('B', [0x60, 0x00])
59 except ValueError:
60 print("*** Value error! ")
61 return data
62
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]63def do_mitm(sim_emul=True):
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]64 dev = find_dev()
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]65 if sim_emul == True:
66 my_class = SmartCardEmulator
67 else:
68 my_class = SmartcardConnection
69 with closing(my_class()) as sm_con:
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]70 atr = sm_con.getATR()
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]71
72 apdus = []
73 apdu = Apdu_splitter()
74
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]75 while True:
76 cmd = poll_ep(dev, PHONE_INT)
77 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]78 print("Int line ", HEX(cmd))
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]79 assert cmd[0] == ord('R')
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]80# FIXME: restart card anyways?
81# sm_con.reset_card()
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]82 print("Write atr: ", HEX(atr))
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame^]83 write_phone(dev, replace(atr))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]84 apdus = []
85 apdu = Apdu_splitter()
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]86
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]87 cmd = poll_ep(dev, PHONE_RD)
88 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]89 print("RD: ", HEX(cmd))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]90 for c in cmd:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]91 if apdu.state == apdu_states.APDU_S_FIN:
92 apdus.append(apdu)
93 apdu = Apdu_splitter()
94
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]95 apdu.split(c)
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]96
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]97 if apdu.state == apdu_states.APDU_S_SW1:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]98 if apdu.data is not None and len(apdu.data) == 0:
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]99 # FIXME: implement other ACK types
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame^]100 write_phone(dev, replace(array('B', [apdu.ins])))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]101 apdu.split(apdu.ins)
102 else:
103 sim_data = sm_con.send_receive_cmd(apdu.buf)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame^]104 write_phone(dev, replace(sim_data))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]105 for c in sim_data:
106 apdu.split(c)
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]107 elif apdu.state == apdu_states.APDU_S_SEND_DATA:
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame^]108 sim_data = sm_con.send_receive_cmd(replace(apdu.buf))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]109 sim_data.insert(0, apdu.ins)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame^]110 write_phone(dev, replace(sim_data))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]111 apdu.state = apdu_states.APDU_S_SW1
112 for c in sim_data:
113 apdu.split(c)