Momentum-Apps/applications/plugins/picopass/picopass_device.c

#include "picopass_device.h"

#include <toolbox/path.h>
#include <flipper_format/flipper_format.h>
#include <picopass_icons.h>

#define TAG "PicopassDevice"

static const char* picopass_file_header = "Flipper Picopass device";
static const uint32_t picopass_file_version = 1;

const uint8_t picopass_iclass_decryptionkey[] =
    {0xb4, 0x21, 0x2c, 0xca, 0xb7, 0xed, 0x21, 0x0f, 0x7b, 0x93, 0xd4, 0x59, 0x39, 0xc7, 0xdd, 0x36};

PicopassDevice* picopass_device_alloc() {
    PicopassDevice* picopass_dev = malloc(sizeof(PicopassDevice));
    picopass_dev->dev_data.pacs.legacy = false;
    picopass_dev->dev_data.pacs.se_enabled = false;
    picopass_dev->dev_data.pacs.pin_length = 0;
    picopass_dev->storage = furi_record_open(RECORD_STORAGE);
    picopass_dev->dialogs = furi_record_open(RECORD_DIALOGS);
    picopass_dev->load_path = furi_string_alloc();
    return picopass_dev;
}

void picopass_device_set_name(PicopassDevice* dev, const char* name) {
    furi_assert(dev);

    strlcpy(dev->dev_name, name, PICOPASS_DEV_NAME_MAX_LEN);
}

static bool picopass_device_save_file(
    PicopassDevice* dev,
    const char* dev_name,
    const char* folder,
    const char* extension,
    bool use_load_path) {
    furi_assert(dev);

    bool saved = false;
    FlipperFormat* file = flipper_format_file_alloc(dev->storage);
    PicopassPacs* pacs = &dev->dev_data.pacs;
    PicopassBlock* AA1 = dev->dev_data.AA1;
    FuriString* temp_str;
    temp_str = furi_string_alloc();

    do {
        if(use_load_path && !furi_string_empty(dev->load_path)) {
            // Get directory name
            path_extract_dirname(furi_string_get_cstr(dev->load_path), temp_str);
            // Make path to file to save
            furi_string_cat_printf(temp_str, "/%s%s", dev_name, extension);
        } else {
            // First remove picopass device file if it was saved
            furi_string_printf(temp_str, "%s/%s%s", folder, dev_name, extension);
        }
        // Open file
        if(!flipper_format_file_open_always(file, furi_string_get_cstr(temp_str))) break;

        if(dev->format == PicopassDeviceSaveFormatHF) {
            uint32_t fc = pacs->record.FacilityCode;
            uint32_t cn = pacs->record.CardNumber;
            // Write header
            if(!flipper_format_write_header_cstr(file, picopass_file_header, picopass_file_version))
                break;
            if(pacs->record.valid) {
                if(!flipper_format_write_uint32(file, "Facility Code", &fc, 1)) break;
                if(!flipper_format_write_uint32(file, "Card Number", &cn, 1)) break;
                if(!flipper_format_write_hex(
                       file, "Credential", pacs->credential, PICOPASS_BLOCK_LEN))
                    break;
                if(pacs->pin_length > 0) {
                    if(!flipper_format_write_hex(file, "PIN\t\t", pacs->pin0, PICOPASS_BLOCK_LEN))
                        break;
                    if(!flipper_format_write_hex(
                           file, "PIN(cont.)\t", pacs->pin1, PICOPASS_BLOCK_LEN))
                        break;
                }
            }
            if(!flipper_format_write_comment_cstr(file, "Picopass blocks")) break;
            bool block_saved = true;

            size_t app_limit = AA1[PICOPASS_CONFIG_BLOCK_INDEX].data[0] < PICOPASS_MAX_APP_LIMIT ?
                                   AA1[PICOPASS_CONFIG_BLOCK_INDEX].data[0] :
                                   PICOPASS_MAX_APP_LIMIT;
            for(size_t i = 0; i < app_limit; i++) {
                furi_string_printf(temp_str, "Block %d", i);
                if(!flipper_format_write_hex(
                       file, furi_string_get_cstr(temp_str), AA1[i].data, PICOPASS_BLOCK_LEN)) {
                    block_saved = false;
                    break;
                }
            }
            if(!block_saved) break;
        } else if(dev->format == PicopassDeviceSaveFormatLF) {
            const char* lf_header = "Flipper RFID key";
            // Write header
            if(!flipper_format_write_header_cstr(file, lf_header, 1)) break;
            if(!flipper_format_write_comment_cstr(
                   file,
                   "This was generated from the Picopass plugin and may not match current lfrfid"))
                break;
            // When lfrfid supports more formats, update this
            if(!flipper_format_write_string_cstr(file, "Key type", "H10301")) break;
            uint8_t H10301[3] = {0};
            H10301[0] = pacs->record.FacilityCode;
            H10301[1] = pacs->record.CardNumber >> 8;
            H10301[2] = pacs->record.CardNumber & 0x00FF;
            if(!flipper_format_write_hex(file, "Data", H10301, 3)) break;
        }
        saved = true;
    } while(0);

    if(!saved) {
        dialog_message_show_storage_error(dev->dialogs, "Can not save\nfile");
    }
    furi_string_free(temp_str);
    flipper_format_free(file);
    return saved;
}

bool picopass_device_save(PicopassDevice* dev, const char* dev_name) {
    if(dev->format == PicopassDeviceSaveFormatHF) {
        return picopass_device_save_file(
            dev, dev_name, STORAGE_APP_DATA_PATH_PREFIX, PICOPASS_APP_EXTENSION, true);
    } else if(dev->format == PicopassDeviceSaveFormatLF) {
        return picopass_device_save_file(dev, dev_name, ANY_PATH("lfrfid"), ".rfid", true);
    }

    return false;
}

static bool picopass_device_load_data(PicopassDevice* dev, FuriString* path, bool show_dialog) {
    bool parsed = false;
    FlipperFormat* file = flipper_format_file_alloc(dev->storage);
    PicopassBlock* AA1 = dev->dev_data.AA1;
    PicopassPacs* pacs = &dev->dev_data.pacs;
    FuriString* temp_str;
    temp_str = furi_string_alloc();
    bool deprecated_version = false;

    if(dev->loading_cb) {
        dev->loading_cb(dev->loading_cb_ctx, true);
    }

    do {
        if(!flipper_format_file_open_existing(file, furi_string_get_cstr(path))) break;

        // Read and verify file header
        uint32_t version = 0;
        if(!flipper_format_read_header(file, temp_str, &version)) break;
        if(furi_string_cmp_str(temp_str, picopass_file_header) ||
           (version != picopass_file_version)) {
            deprecated_version = true;
            break;
        }

        // Parse header blocks
        bool block_read = true;
        for(size_t i = 0; i < 6; i++) {
            furi_string_printf(temp_str, "Block %d", i);
            if(!flipper_format_read_hex(
                   file, furi_string_get_cstr(temp_str), AA1[i].data, PICOPASS_BLOCK_LEN)) {
                block_read = false;
                break;
            }
        }

        size_t app_limit = AA1[PICOPASS_CONFIG_BLOCK_INDEX].data[0];
        // Fix for unpersonalized cards that have app_limit set to 0xFF
        if(app_limit > PICOPASS_MAX_APP_LIMIT) app_limit = PICOPASS_MAX_APP_LIMIT;
        for(size_t i = 6; i < app_limit; i++) {
            furi_string_printf(temp_str, "Block %d", i);
            if(!flipper_format_read_hex(
                   file, furi_string_get_cstr(temp_str), AA1[i].data, PICOPASS_BLOCK_LEN)) {
                block_read = false;
                break;
            }
        }
        if(!block_read) break;

        if(picopass_device_parse_credential(AA1, pacs) != ERR_NONE) break;
        if(picopass_device_parse_wiegand(pacs->credential, &pacs->record) != ERR_NONE) break;

        parsed = true;
    } while(false);

    if(dev->loading_cb) {
        dev->loading_cb(dev->loading_cb_ctx, false);
    }

    if((!parsed) && (show_dialog)) {
        if(deprecated_version) {
            dialog_message_show_storage_error(dev->dialogs, "File format deprecated");
        } else {
            dialog_message_show_storage_error(dev->dialogs, "Can not parse\nfile");
        }
    }

    furi_string_free(temp_str);
    flipper_format_free(file);

    return parsed;
}

void picopass_device_clear(PicopassDevice* dev) {
    furi_assert(dev);

    picopass_device_data_clear(&dev->dev_data);
    memset(&dev->dev_data, 0, sizeof(dev->dev_data));
    dev->format = PicopassDeviceSaveFormatHF;
    furi_string_reset(dev->load_path);
}

void picopass_device_free(PicopassDevice* picopass_dev) {
    furi_assert(picopass_dev);
    picopass_device_clear(picopass_dev);
    furi_record_close(RECORD_STORAGE);
    furi_record_close(RECORD_DIALOGS);
    furi_string_free(picopass_dev->load_path);
    free(picopass_dev);
}

bool picopass_file_select(PicopassDevice* dev) {
    furi_assert(dev);

    FuriString* picopass_app_folder;
    picopass_app_folder = furi_string_alloc_set(STORAGE_APP_DATA_PATH_PREFIX);

    DialogsFileBrowserOptions browser_options;
    dialog_file_browser_set_basic_options(&browser_options, PICOPASS_APP_EXTENSION, &I_Nfc_10px);
    browser_options.base_path = STORAGE_APP_DATA_PATH_PREFIX;

    bool res = dialog_file_browser_show(
        dev->dialogs, dev->load_path, picopass_app_folder, &browser_options);

    furi_string_free(picopass_app_folder);
    if(res) {
        FuriString* filename;
        filename = furi_string_alloc();
        path_extract_filename(dev->load_path, filename, true);
        strncpy(dev->dev_name, furi_string_get_cstr(filename), PICOPASS_DEV_NAME_MAX_LEN);
        res = picopass_device_load_data(dev, dev->load_path, true);
        if(res) {
            picopass_device_set_name(dev, dev->dev_name);
        }
        furi_string_free(filename);
    }

    return res;
}

void picopass_device_data_clear(PicopassDeviceData* dev_data) {
    for(size_t i = 0; i < PICOPASS_MAX_APP_LIMIT; i++) {
        memset(dev_data->AA1[i].data, 0, sizeof(dev_data->AA1[i].data));
    }
    dev_data->pacs.legacy = false;
    dev_data->pacs.se_enabled = false;
    dev_data->pacs.pin_length = 0;
}

bool picopass_device_delete(PicopassDevice* dev, bool use_load_path) {
    furi_assert(dev);

    bool deleted = false;
    FuriString* file_path;
    file_path = furi_string_alloc();

    do {
        // Delete original file
        if(use_load_path && !furi_string_empty(dev->load_path)) {
            furi_string_set(file_path, dev->load_path);
        } else {
            furi_string_printf(
                file_path, APP_DATA_PATH("%s%s"), dev->dev_name, PICOPASS_APP_EXTENSION);
        }
        if(!storage_simply_remove(dev->storage, furi_string_get_cstr(file_path))) break;
        deleted = true;
    } while(0);

    if(!deleted) {
        dialog_message_show_storage_error(dev->dialogs, "Can not remove file");
    }

    furi_string_free(file_path);
    return deleted;
}

void picopass_device_set_loading_callback(
    PicopassDevice* dev,
    PicopassLoadingCallback callback,
    void* context) {
    furi_assert(dev);

    dev->loading_cb = callback;
    dev->loading_cb_ctx = context;
}

ReturnCode picopass_device_decrypt(uint8_t* enc_data, uint8_t* dec_data) {
    uint8_t key[32] = {0};
    memcpy(key, picopass_iclass_decryptionkey, sizeof(picopass_iclass_decryptionkey));
    mbedtls_des3_context ctx;
    mbedtls_des3_init(&ctx);
    mbedtls_des3_set2key_dec(&ctx, key);
    mbedtls_des3_crypt_ecb(&ctx, enc_data, dec_data);
    mbedtls_des3_free(&ctx);
    return ERR_NONE;
}

ReturnCode picopass_device_parse_credential(PicopassBlock* AA1, PicopassPacs* pacs) {
    ReturnCode err;

    pacs->biometrics = AA1[6].data[4];
    pacs->pin_length = AA1[6].data[6] & 0x0F;
    pacs->encryption = AA1[6].data[7];

    if(pacs->encryption == PicopassDeviceEncryption3DES) {
        FURI_LOG_D(TAG, "3DES Encrypted");
        err = picopass_device_decrypt(AA1[7].data, pacs->credential);
        if(err != ERR_NONE) {
            FURI_LOG_E(TAG, "decrypt error %d", err);
            return err;
        }

        err = picopass_device_decrypt(AA1[8].data, pacs->pin0);
        if(err != ERR_NONE) {
            FURI_LOG_E(TAG, "decrypt error %d", err);
            return err;
        }

        err = picopass_device_decrypt(AA1[9].data, pacs->pin1);
        if(err != ERR_NONE) {
            FURI_LOG_E(TAG, "decrypt error %d", err);
            return err;
        }
    } else if(pacs->encryption == PicopassDeviceEncryptionNone) {
        FURI_LOG_D(TAG, "No Encryption");
        memcpy(pacs->credential, AA1[7].data, PICOPASS_BLOCK_LEN);
        memcpy(pacs->pin0, AA1[8].data, PICOPASS_BLOCK_LEN);
        memcpy(pacs->pin1, AA1[9].data, PICOPASS_BLOCK_LEN);
    } else if(pacs->encryption == PicopassDeviceEncryptionDES) {
        FURI_LOG_D(TAG, "DES Encrypted");
    } else {
        FURI_LOG_D(TAG, "Unknown encryption");
    }

    pacs->sio = (AA1[10].data[0] == 0x30); // rough check

    return ERR_NONE;
}

ReturnCode picopass_device_parse_wiegand(uint8_t* data, PicopassWiegandRecord* record) {
    uint32_t* halves = (uint32_t*)data;
    if(halves[0] == 0) {
        uint8_t leading0s = __builtin_clz(REVERSE_BYTES_U32(halves[1]));
        record->bitLength = 31 - leading0s;
    } else {
        uint8_t leading0s = __builtin_clz(REVERSE_BYTES_U32(halves[0]));
        record->bitLength = 63 - leading0s;
    }
    FURI_LOG_D(TAG, "bitLength: %d", record->bitLength);

    if(record->bitLength == 26) {
        uint8_t* v4 = data + 4;
        uint32_t bot = v4[3] | (v4[2] << 8) | (v4[1] << 16) | (v4[0] << 24);

        record->CardNumber = (bot >> 1) & 0xFFFF;
        record->FacilityCode = (bot >> 17) & 0xFF;
        FURI_LOG_D(TAG, "FC: %u CN: %u", record->FacilityCode, record->CardNumber);
        record->valid = true;
    } else {
        record->CardNumber = 0;
        record->FacilityCode = 0;
        record->valid = false;
    }
    return ERR_NONE;
}