Gitiles
Code Review Sign In
gerrit.osmocom.org / simtrace2 / b89469184140ab44895fb43b519f70e42343d033 / . / usb_application / mitm.py
blob: 4736d6cc32e19a779b6036ac53fd3d84ecd6921e [file] [log] [blame]
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]1import usb.core
2import usb.util
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]3import array
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]4
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]5from ccid_raw import SmartcardConnection
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]6from smartcard_emulator import SmartCardEmulator
Christina Quast95270b12015-04-04 19:59:03 +0200[diff] [blame]7
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]8from contextlib import closing
9
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]10from util import HEX
Christina Quast9547e9f2015-04-14 22:18:30 +0200[diff] [blame]11from constants import *
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]12from apdu_split import Apdu_splitter, apdu_states
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]13
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]14def find_dev():
15 dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004)
16 if dev is None:
17 raise ValueError("Device not found")
18 else:
19 print("Found device")
20 return dev
21
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]22def pattern_match(inpt):
23 print("Matching inpt", inpt)
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]24 if (inpt == ATR_SYSMOCOM1) or (inpt == ATR_STRANGE_SIM):
25 print("ATR: ", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]26 return NEW_ATR
27 elif (inpt == CMD_SEL_FILE):
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]28 print("CMD_SEL_FILE:", inpt)
29 return CMD_SEL_ROOT
30 elif (inpt == CMD_GET_DATA):
31 print("CMD_DATA:", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]32 return CMD_SEL_ROOT
33 else:
34 return inpt
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]35
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]36def poll_ep(dev, ep):
37 try:
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]38 return dev.read(ep, 64, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]39 except usb.core.USBError as e:
40 if e.errno != ERR_TIMEOUT:
41 raise
42 return None
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]43
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]44def write_phone(dev, resp):
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]45 print("WR: ", HEX(resp))
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]46 dev.write(PHONE_WR, resp, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]47
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]48def replace(data):
49 if data is None:
50 raise MITMReplaceError
51 else:
52 try:
53 if data[0] == 0x3B:
54 print("*** Replace ATR")
Christina Quastb6e005c2015-05-04 15:28:03 +0200[diff] [blame]55 return array('B', NEW_ATR)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]56 elif data[0] == 0x9F:
57 print("*** Replace return val")
58# return array('B', [0x60, 0x00])
Christina Quast34d4eb32015-05-04 17:50:32 +0200[diff] [blame]59 elif data == PHONE_BOOK_RESP:
60 print("*** Replace phone book")
61 return PHONE_BOOK_RESP_MITM
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]62 except ValueError:
63 print("*** Value error! ")
64 return data
65
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]66def do_mitm(sim_emul=True):
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]67 dev = find_dev()
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]68 if sim_emul == True:
69 my_class = SmartCardEmulator
70 else:
71 my_class = SmartcardConnection
72 with closing(my_class()) as sm_con:
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]73 atr = sm_con.getATR()
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]74
75 apdus = []
76 apdu = Apdu_splitter()
77
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]78 while True:
79 cmd = poll_ep(dev, PHONE_INT)
80 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]81 print("Int line ", HEX(cmd))
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]82 assert cmd[0] == ord('R')
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]83# FIXME: restart card anyways?
84# sm_con.reset_card()
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]85 print("Write atr: ", HEX(atr))
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]86 write_phone(dev, replace(atr))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]87 apdus = []
88 apdu = Apdu_splitter()
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]89
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]90 cmd = poll_ep(dev, PHONE_RD)
91 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]92 print("RD: ", HEX(cmd))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]93 for c in cmd:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]94 if apdu.state == apdu_states.APDU_S_FIN:
95 apdus.append(apdu)
96 apdu = Apdu_splitter()
97
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]98 apdu.split(c)
Christina Quast08ea8612015-05-03 16:34:32 +0200[diff] [blame]99 if apdu.state == apdu_states.APDU_S_FIN and apdu.pts_buf == [0xff, 0x00, 0xff]:
Christina Quastb6e005c2015-05-04 15:28:03 +0200[diff] [blame]100 #sim_data = sm_con.send_receive_cmd(apdu.pts_buf)
101 #write_phone(dev, replace(array('B', sim_data)))
102 write_phone(dev, replace(array('B', apdu.pts_buf)))
Christina Quast08ea8612015-05-03 16:34:32 +0200[diff] [blame]103 continue;
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]104
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]105 if apdu.state == apdu_states.APDU_S_SW1:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]106 if apdu.data is not None and len(apdu.data) == 0:
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]107 # FIXME: implement other ACK types
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]108 write_phone(dev, replace(array('B', [apdu.ins])))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]109 apdu.split(apdu.ins)
110 else:
111 sim_data = sm_con.send_receive_cmd(apdu.buf)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]112 write_phone(dev, replace(sim_data))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]113 for c in sim_data:
114 apdu.split(c)
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]115 elif apdu.state == apdu_states.APDU_S_SEND_DATA:
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]116 sim_data = sm_con.send_receive_cmd(replace(apdu.buf))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]117 sim_data.insert(0, apdu.ins)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]118 write_phone(dev, replace(sim_data))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]119 apdu.state = apdu_states.APDU_S_SW1
120 for c in sim_data:
121 apdu.split(c)