catarrh/simtrace2
1
0
Fork 0
mirror of https://gitea.osmocom.org/sim-card/simtrace2.git synced 2026-03-23 16:58:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

sniffer.py: Added apdu_split support

Browse Source
This commit is contained in:
Christina Quast
2015-04-14 22:18:30 +02:00
parent 51925a6bec
commit 9547e9f149
4 changed files with 35 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
usb_application/apdu_split.py
View File

@@ -49,6 +49,7 @@ class Apdu_splitter:
def func_APDU_S_DATA(self, c): def func_APDU_S_DATA(self, c):
self.buf.append(c) self.buf.append(c)
self.data.append(c)
self.data_remaining -= 1 self.data_remaining -= 1
if self.data_remaining == 0: if self.data_remaining == 0:
self.state = apdu_states.APDU_S_SW1; self.state = apdu_states.APDU_S_SW1;
@@ -66,20 +67,22 @@ class Apdu_splitter:
if c == self.ins or c == self.ins + 1 or c == ~(self.ins+1): if c == self.ins or c == self.ins + 1 or c == ~(self.ins+1):
print("ACK") print("ACK")
self.state = apdu_states.APDU_S_DATA self.state = apdu_states.APDU_S_DATA
self.data = []
else: else:
# check for 'only next byte' type ACK */ # check for 'only next byte' type ACK */
if c == ~(self.ins): if c == ~(self.ins):
self.state = apdu_states.APDU_S_DATA_SINGLE self.state = apdu_states.APDU_S_DATA_SINGLE
else: else:
# must be SW1 # must be SW1
self.sw1 = c
self.buf.append(c) self.buf.append(c)
self.state = apdu_states.APDU_S_SW2 self.state = apdu_states.APDU_S_SW2
def func_APDU_S_SW2(self, c): def func_APDU_S_SW2(self, c):
self.buf.append(c) self.buf.append(c)
self.sw2 = c
print("APDU:", hex(self.ins), ' '.join(hex(x) for x in self.buf)) print("APDU:", hex(self.ins), ' '.join(hex(x) for x in self.buf))
self.state = apdu_states.APDU_S_CLA self.state = apdu_states.APDU_S_FIN
self.buf = []
Apdu_S = { Apdu_S = {
apdu_states.APDU_S_CLA : func_APDU_S_CLA_P1_P2, apdu_states.APDU_S_CLA : func_APDU_S_CLA_P1_P2,
@@ -103,7 +106,12 @@ if __name__ == '__main__':
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x09, 0x91, 0x00, 0x17, 0x04, 0x00, 0x00, 0x00, 0x09, 0x91, 0x00, 0x17, 0x04, 0x00, 0x00, 0x00,
0x83, 0x8A, 0x90, 0x00] 0x83, 0x8A, 0x90, 0x00]
apdus = Apdu_splitter() apdus = []
apdu = Apdu_splitter()
for c in msg2 + msg1: for c in msg2 + msg1:
apdus.split(c) apdu.split(c)
if apdu.state == apdu_states.APDU_S_FIN:
apdus.append(apdu)
apdu = Apdu_splitter()
for a in apdus:
print(' '.join(hex(x) for x in a.buf))

4
usb_application/constants.py
View File

@@ -20,3 +20,7 @@ ATR_SYSMOCOM1 = array('B', [0x3B, 0x99, 0x18, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44
ATR_SYSMOCOM2 = array('B', [0x3B, 0x99, 0x11, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60]) ATR_SYSMOCOM2 = array('B', [0x3B, 0x99, 0x11, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60])
NEW_ATR = ATR_SYSMOCOM2 NEW_ATR = ATR_SYSMOCOM2
ATR_STRANGE_SIM = array('B', [0x3B, 0x0B, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x68, 0x2E, 0x00, 0x20, 0x68]) ATR_STRANGE_SIM = array('B', [0x3B, 0x0B, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x68, 0x2E, 0x00, 0x20, 0x68])
# USB errors
ERR_TIMEOUT = 110
ERR_NO_SUCH_DEV = 19

4
usb_application/mitm.py
View File

@@ -7,7 +7,7 @@ import phone
from contextlib import closing from contextlib import closing
from util import HEX from util import HEX
from constants import PHONE_WR, PHONE_RD, PHONE_INT, SIM_WR, SIM_RD, SIM_INT from constants import *
def find_dev(): def find_dev():
dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004) dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004)
@@ -31,8 +31,6 @@ def pattern_match(inpt):
else: else:
return inpt return inpt
ERR_TIMEOUT = 110
def poll_ep(dev, ep): def poll_ep(dev, ep):
try: try:
return dev.read(ep, 64, 10) return dev.read(ep, 64, 10)

22
usb_application/sniffer.py
View File

@@ -1,11 +1,13 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import usb.core import usb.core
import usb.util import usb.util
import sys import sys
import array import array
from constants import PHONE_RD from apdu_split import Apdu_splitter, apdu_states
from constants import PHONE_RD, ERR_TIMEOUT, ERR_NO_SUCH_DEV
def find_dev(): def find_dev():
dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004) dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004)
@@ -24,7 +26,7 @@ def find_eps(dev):
intf = cfg[(0,0)] intf = cfg[(0,0)]
ep_in = usb.util.find_descriptor( ep_in = usb.util.find_descriptor(
intf, intf,
custom_match = \ custom_match = \
lambda e: \ lambda e: \
usb.util.endpoint_direction(e.bEndpointAddress) == \ usb.util.endpoint_direction(e.bEndpointAddress) == \
@@ -33,7 +35,7 @@ def find_eps(dev):
assert ep_in is not None assert ep_in is not None
ep_out = usb.util.find_descriptor( ep_out = usb.util.find_descriptor(
intf, intf,
custom_match = \ custom_match = \
lambda e: \ lambda e: \
usb.util.endpoint_direction(e.bEndpointAddress) == \ usb.util.endpoint_direction(e.bEndpointAddress) == \
@@ -50,6 +52,9 @@ def sniff():
dev = find_dev() dev = find_dev()
ans = array.array('B', []) ans = array.array('B', [])
apdus = []
apdu = Apdu_splitter()
while True: while True:
#ep_out.write("Hello") #ep_out.write("Hello")
try: try:
@@ -58,8 +63,15 @@ def sniff():
print("Bye") print("Bye")
sys.exit() sys.exit()
except Exception as e: except Exception as e:
if e.errno != ERR_TIMEOUT and e.errno != ERR_NO_SUCH_DEV:
raise
print e print e
if len(ans) >= 1: if len(ans) >= 1:
print("".join("%02x " % b for b in ans)) # print("".join("%02x " % b for b in ans))
for c in ans:
apdu.split(c)
if apdu.state == apdu_states.APDU_S_FIN:
apdus.append(apdu)
apdu = Apdu_splitter()
ans = array.array('B', []) ans = array.array('B', [])