diff --git a/usb_application/apdu_split.py b/usb_application/apdu_split.py index 51cc78b2..34c97c25 100755 --- a/usb_application/apdu_split.py +++ b/usb_application/apdu_split.py @@ -49,6 +49,7 @@ class Apdu_splitter: def func_APDU_S_DATA(self, c): self.buf.append(c) + self.data.append(c) self.data_remaining -= 1 if self.data_remaining == 0: self.state = apdu_states.APDU_S_SW1; @@ -66,20 +67,22 @@ class Apdu_splitter: if c == self.ins or c == self.ins + 1 or c == ~(self.ins+1): print("ACK") self.state = apdu_states.APDU_S_DATA + self.data = [] else: # check for 'only next byte' type ACK */ if c == ~(self.ins): self.state = apdu_states.APDU_S_DATA_SINGLE else: # must be SW1 + self.sw1 = c self.buf.append(c) self.state = apdu_states.APDU_S_SW2 def func_APDU_S_SW2(self, c): self.buf.append(c) + self.sw2 = c print("APDU:", hex(self.ins), ' '.join(hex(x) for x in self.buf)) - self.state = apdu_states.APDU_S_CLA - self.buf = [] + self.state = apdu_states.APDU_S_FIN Apdu_S = { apdu_states.APDU_S_CLA : func_APDU_S_CLA_P1_P2, @@ -103,7 +106,12 @@ if __name__ == '__main__': 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x91, 0x00, 0x17, 0x04, 0x00, 0x00, 0x00, 0x83, 0x8A, 0x90, 0x00] - apdus = Apdu_splitter() - + apdus = [] + apdu = Apdu_splitter() for c in msg2 + msg1: - apdus.split(c) + apdu.split(c) + if apdu.state == apdu_states.APDU_S_FIN: + apdus.append(apdu) + apdu = Apdu_splitter() + for a in apdus: + print(' '.join(hex(x) for x in a.buf)) diff --git a/usb_application/constants.py b/usb_application/constants.py index ac5a0a2d..5013fd29 100644 --- a/usb_application/constants.py +++ b/usb_application/constants.py @@ -20,3 +20,7 @@ ATR_SYSMOCOM1 = array('B', [0x3B, 0x99, 0x18, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44 ATR_SYSMOCOM2 = array('B', [0x3B, 0x99, 0x11, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60]) NEW_ATR = ATR_SYSMOCOM2 ATR_STRANGE_SIM = array('B', [0x3B, 0x0B, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x68, 0x2E, 0x00, 0x20, 0x68]) + +# USB errors +ERR_TIMEOUT = 110 +ERR_NO_SUCH_DEV = 19 diff --git a/usb_application/mitm.py b/usb_application/mitm.py index abbe05c4..e0424e86 100755 --- a/usb_application/mitm.py +++ b/usb_application/mitm.py @@ -7,7 +7,7 @@ import phone from contextlib import closing from util import HEX -from constants import PHONE_WR, PHONE_RD, PHONE_INT, SIM_WR, SIM_RD, SIM_INT +from constants import * def find_dev(): dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004) @@ -31,8 +31,6 @@ def pattern_match(inpt): else: return inpt -ERR_TIMEOUT = 110 - def poll_ep(dev, ep): try: return dev.read(ep, 64, 10) diff --git a/usb_application/sniffer.py b/usb_application/sniffer.py index 85b5fb48..cbf3ad11 100755 --- a/usb_application/sniffer.py +++ b/usb_application/sniffer.py @@ -1,11 +1,13 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python3 import usb.core import usb.util import sys import array -from constants import PHONE_RD +from apdu_split import Apdu_splitter, apdu_states + +from constants import PHONE_RD, ERR_TIMEOUT, ERR_NO_SUCH_DEV def find_dev(): dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004) @@ -24,7 +26,7 @@ def find_eps(dev): intf = cfg[(0,0)] ep_in = usb.util.find_descriptor( - intf, + intf, custom_match = \ lambda e: \ usb.util.endpoint_direction(e.bEndpointAddress) == \ @@ -33,7 +35,7 @@ def find_eps(dev): assert ep_in is not None ep_out = usb.util.find_descriptor( - intf, + intf, custom_match = \ lambda e: \ usb.util.endpoint_direction(e.bEndpointAddress) == \ @@ -50,6 +52,9 @@ def sniff(): dev = find_dev() ans = array.array('B', []) + apdus = [] + apdu = Apdu_splitter() + while True: #ep_out.write("Hello") try: @@ -58,8 +63,15 @@ def sniff(): print("Bye") sys.exit() except Exception as e: + if e.errno != ERR_TIMEOUT and e.errno != ERR_NO_SUCH_DEV: + raise print e if len(ans) >= 1: - print("".join("%02x " % b for b in ans)) +# print("".join("%02x " % b for b in ans)) + for c in ans: + apdu.split(c) + if apdu.state == apdu_states.APDU_S_FIN: + apdus.append(apdu) + apdu = Apdu_splitter() ans = array.array('B', [])