proxmark3
proxmark3 copied to clipboard
RfidResearchGroup
eMRTD Checklist, issues and feature requests
This issue is intended to be a meta progress tracker and discussion space for the hf emrtd commands.
Checklist
- [x] ISO 14a/14b support
- [x] Non-BAC passport support
- [x] BAC passport support
- [x]
hf emrtd dump - [x]
hf emrtd infothat displays basic info (perhaps just based on EF_DG1) - [x]
hf emrtd dumpdumping more detailed data from the files by parsing them, such as extracting the JPG and the cert file - [x] Dumping EF_CardAccess when doing
hf emrtd dump, as suggested by doegox - [x] Automatically changing document number to uppercase and checking for length of DOB/Expiry, as suggested by doegox
- [x]
hf emrtd infothat displays extended info (EF_DG11, EF_DG12) - [x] Ability to view info from a dump folder, as suggested by doegox
- [x] Ability to provide full MRZ line as option, as alternative to doc_nr/birth_date/exp_date (only on passports/TD3)
- [x] File hash checks based on EF_SOD
- [x] Ability to
hf emrtd dumpto a different folder, as suggested by doegox - [ ]
hf emrtd infothat displays a GUI with extended info (EF_DG1, EF_DG2, EF_DG5, EF_DG11, EF_DG12) - [ ] PACE support
- [ ] Bruteforce support (might be interesting to look at bruteforcing CAN when we add PACE support)
- [ ] Various vulnerability checks as suggested by doegox
- [ ] Cert info display
- [ ] Cert verification as suggested by iceman
Test results
Working
- Turkey IDs (14a)
- Turkey ePassports (14a, 14b)
- Sweden ePassports (14b)
- Denmark ePassports (2020, 14b)
- Lithuania ePassports (14a)
- United States ePassports (14a)
- Pre-Brexit United Kingdom ePassports (14a)
- Canada ePassports (14a)
- Ukraine ePassports (14a)
- Serbia ePassports (14a)
- Belgium ePassports (14b)
- old Belgium ePassports without BAC (14a)
- Greek ePassports
- Russian ePassports (14b)
- Dutch ePassports (14a)
- Slovenia ePassports (14a)
- Taiwan ePassports (14a)
Not working
- Phillipines ePassports (14b) -> Can't read, external auth results in
[!!] APDU: Small APDU response. Len=0. ReadID android can read it, says BAC and AA are available, uses BAC. - Old Denmark ePassports -> Does not detect (coupling issue?)
- German Personalausweis -> PACE-only.
- German Aufenthaltstitel -> PACE-only even on those issued around ~2015, even though it has the chip inside symbol.
To try
- Italian IDs -> They have the chip inside symbol and have a CAN on them, would be interesting to try reading them.
- Post-brexit United Kingdom ePassports ("British Passport")
Whoops, accidentally picked the wrong option that added the wrong labels and assignees, please feel free to correct those.
Notes to ppl testing this feature
About passports not working at first sight:
- tag antenna can be at different places: front cover, back cover, second page with ID (page is thick), last page (page is thick)
- some passports require to be opened to unshield the antenna
- old passports don't have a tag, your passport must have this logo on the cover:
Greek passports work as well. Awesome work!
How easy would it be to implement emulation of a dumped passport? We have this client for example who want us to test some passport scanning app and obviously they're not going to ship real passports via mail. So using proxamrk to emulate a real one would be a great feature.
Just to keep track of it, there is an interesting bit of code here to be able to parse the PKCS#7 certificate with mbedtls https://github.com/qemu/skiboot/commit/9e7a4b327050101ec629b4028c2f7a452d7d5c0c
Pushed a fix for 14b, which influences emrtd cmds, I tested on my passport and it works.
I've checked 14a Russian passports (random ID, 0008-20). Works well
Confirmed China's ePassport system worked, though, it doesn't automatically generate a .jpg of the facial image from DG2. Reading from the passport can be a bit tricky, probably because of the antenna design.
I guess the image is because the pm3 client tries to show both facial image and signature image.
And we only have one image object in the client for now.