Gitiles
Code Review Sign In
gerrit.osmocom.org / simtrace2 / ca0ebfdbd61d40c38edfaf84daaa343921260a78 / . / usb_application / mitm.py
blob: 5e8ff6eff09f9feeb88f9a6e339dde02590de31a [file] [log] [blame]
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]1import usb.core
2import usb.util
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]3import array
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]4
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]5from ccid_raw import SmartcardConnection
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]6from smartcard_emulator import SmartCardEmulator
Christina Quast425717d2015-05-14 17:20:55 +0200[diff] [blame]7from gsmtap import gsmtap_send_apdu
Christina Quast95270b12015-04-04 19:59:03 +0200[diff] [blame]8
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]9from contextlib import closing
10
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]11from util import HEX
Christina Quast9547e9f2015-04-14 22:18:30 +0200[diff] [blame]12from constants import *
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]13from apdu_split import Apdu_splitter, apdu_states
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]14
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]15def pattern_match(inpt):
16 print("Matching inpt", inpt)
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]17 if (inpt == ATR_SYSMOCOM1) or (inpt == ATR_STRANGE_SIM):
18 print("ATR: ", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]19 return NEW_ATR
20 elif (inpt == CMD_SEL_FILE):
Christina Quast94ddb912015-04-11 12:29:41 +0200[diff] [blame]21 print("CMD_SEL_FILE:", inpt)
22 return CMD_SEL_ROOT
23 elif (inpt == CMD_GET_DATA):
24 print("CMD_DATA:", inpt)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]25 return CMD_SEL_ROOT
26 else:
27 return inpt
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]28
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]29def poll_ep(dev, ep):
30 try:
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]31 return dev.read(ep, 64, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]32 except usb.core.USBError as e:
33 if e.errno != ERR_TIMEOUT:
34 raise
35 return None
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]36
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]37def write_phone(dev, resp):
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]38 print("WR: ", HEX(resp))
Christina Quast3a47a4f2015-04-11 18:16:14 +0200[diff] [blame]39 dev.write(PHONE_WR, resp, 10)
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]40
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]41def replace(data):
42 if data is None:
43 raise MITMReplaceError
44 else:
45 try:
46 if data[0] == 0x3B:
47 print("*** Replace ATR")
Christina Quastb6e005c2015-05-04 15:28:03 +0200[diff] [blame]48 return array('B', NEW_ATR)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]49 elif data[0] == 0x9F:
50 print("*** Replace return val")
51# return array('B', [0x60, 0x00])
Christina Quast34d4eb32015-05-04 17:50:32 +0200[diff] [blame]52 elif data == PHONE_BOOK_RESP:
53 print("*** Replace phone book")
54 return PHONE_BOOK_RESP_MITM
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]55 except ValueError:
56 print("*** Value error! ")
57 return data
58
Christina Quast020e5d62015-05-14 18:11:23 +0200[diff] [blame]59def do_mitm(dev, sim_emul=True):
Christina Quast158c1dd2015-04-17 20:19:29 +0200[diff] [blame]60 if sim_emul == True:
61 my_class = SmartCardEmulator
62 else:
63 my_class = SmartcardConnection
64 with closing(my_class()) as sm_con:
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]65 atr = sm_con.getATR()
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]66
67 apdus = []
68 apdu = Apdu_splitter()
69
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]70 while True:
71 cmd = poll_ep(dev, PHONE_INT)
72 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]73 print("Int line ", HEX(cmd))
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]74 assert cmd[0] == ord('R')
Christina Quast6f664a32015-04-06 19:08:04 +0200[diff] [blame]75# FIXME: restart card anyways?
76# sm_con.reset_card()
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]77 print("Write atr: ", HEX(atr))
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]78 write_phone(dev, replace(atr))
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]79 apdus = []
80 apdu = Apdu_splitter()
Christina Quast69d1f902015-04-03 11:41:23 +0200[diff] [blame]81
Christina Quast88c7fa12015-04-06 00:35:03 +0200[diff] [blame]82 cmd = poll_ep(dev, PHONE_RD)
83 if cmd is not None:
Christina Quastf2e53f02015-04-11 08:42:38 +0200[diff] [blame]84 print("RD: ", HEX(cmd))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]85 for c in cmd:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]86 if apdu.state == apdu_states.APDU_S_FIN:
87 apdus.append(apdu)
Christina Quast425717d2015-05-14 17:20:55 +0200[diff] [blame]88 gsmtap_send_apdu(apdu.buf)
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]89 apdu = Apdu_splitter()
90
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]91 apdu.split(c)
Christina Quast08ea8612015-05-03 16:34:32 +0200[diff] [blame]92 if apdu.state == apdu_states.APDU_S_FIN and apdu.pts_buf == [0xff, 0x00, 0xff]:
Christina Quastb6e005c2015-05-04 15:28:03 +0200[diff] [blame]93 #sim_data = sm_con.send_receive_cmd(apdu.pts_buf)
94 #write_phone(dev, replace(array('B', sim_data)))
95 write_phone(dev, replace(array('B', apdu.pts_buf)))
Christina Quast08ea8612015-05-03 16:34:32 +0200[diff] [blame]96 continue;
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]97
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]98 if apdu.state == apdu_states.APDU_S_SW1:
Christina Quastfb91bb72015-04-18 13:31:42 +0200[diff] [blame]99 if apdu.data is not None and len(apdu.data) == 0:
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]100 # FIXME: implement other ACK types
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]101 write_phone(dev, replace(array('B', [apdu.ins])))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]102 apdu.split(apdu.ins)
103 else:
104 sim_data = sm_con.send_receive_cmd(apdu.buf)
Christina Quast46a93672015-04-21 23:00:52 +0200[diff] [blame]105 write_phone(dev, replace(sim_data))
Christina Quast53840612015-04-16 11:10:59 +0200[diff] [blame]106 for c in sim_data:
107 apdu.split(c)
Christina Quastca0ebfd2015-06-19 13:29:14 +0200[diff] [blame^]108 if apdu.state == apdu_states.APDU_S_SEND_DATA:
109 sim_data = sm_con.send_receive_cmd(replace(apdu.buf))
110 #sim_data.insert(0, apdu.ins)
111 write_phone(dev, replace(sim_data))
112 #apdu.state = apdu_states.APDU_S_SW1
113 for c in sim_data:
114 apdu.split(c)