Skip to content

Aspasia1337/WG10B-Helper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
wg10b_helper.py
wg10b_helper.py
 
 

Repository files navigation

🛡️ Unified Secure Messaging APDU Generator

A Python tool to generate and log APDU commands using Secure Messaging, supporting both:

  • ✍️ Signature-only mode (command integrity via CBC-DES MAC)
  • 🔒 Ciphered mode (command confidentiality + integrity via CBC-3DES)

This tool is designed to work with smartcards following the WG10B/ISO 7816 specifications.

🚀 Features

  • Derives Session Keys (SK) from Administrative Keys and NTs (Number Tokens)
  • Computes MAC (Message Authentication Code) using CBC-DES
  • Encrypts data using CBC-3DES in ciphered mode
  • Builds full APDU command with proper headers and length (Lc)
  • Offers optional debug output and command logging to file
  • Modular and easy to integrate into larger card scripting workflows

📦 Usage

python3 wg10b_helper.py <NT> <DATA> --mode secure|ciphered [options]

🔧 Common Options

Option Description
nt 2-byte NT value in hex (e.g. 000A)
data ASCII (secure mode) or hex (ciphered mode) string
--mode Either secure or ciphered
--offset P2 offset in hex (default: 00)
--adminkey 16-byte Administrative Key in hex (default provided)
--iv 8-byte IV for CBC (used in ciphered mode only)
--debug Enables verbose output for educational/troubleshooting
--logfile Output log file (default: secure_messaging.log)

⚙️ Defaults

Several parameters are predefined by default to simplify usage:

Parameter Default value Description
--adminkey 434F44452D57473130422D4B45593132 Default Administrative Key (hex, 16 bytes) (change this for security!)
--offset 00 P2 offset
--iv 0000000000000000 IV for CBC (only used in ciphered mode)
--logfile secure_messaging.log Output log file name

These can be customized at runtime if needed.

  • 🔐 Warning: The default Administrative Key is for demonstration only. You must replace it with a secure value in production use.

🧪 Examples

1. Secure Messaging (Signature Only)

python3 wg10b_helper.py 000A "whatever" --mode secure --debug

2. Ciphered Secure Messaging

python3 wg10b_helper.py 000A 0101010101010101 --mode ciphered --iv 0000000000000000 --debug

📤 Output Example (Ciphered)

~/Doc/Gi/WG10B-Helper main ❯ python3 wg10b_helper.py 000A 0101010101010101 --mode ciphered --iv 0000000000000000 --debug

[STEP 1] 🔐 Session Key Derivation
  Administrative Key (AK): 434F44452D57473130422D4B45593132
  AK1: 434f44452d574731
  AK2: 30422d4b45593132
  NT: 000A
  Block for SK derivation: 000000000a000000
  SK1: 742edefc032a3366
  SK2: eaacabca4febf414
  ➤ Session Key: 742edefc032a3366eaacabca4febf414

[STEP 1.5] 🧱 Message Construction
  Plaintext Data: 0101010101010101
  Lc (length of Data + 3): 0b
  Header: 04d600000b
  Message for MAC: 04d600000b0101010101010101

[STEP 2] 🧾 MAC (CBC-MAC) Computation
  [i] Last block padded with zeros for CBC-MAC.
  Block 1: 04d600000b010101
  Block 2: 0101010101000000
  Encrypted Block 1: 882a02b9f3c4a39c
  XOR Final Block: 892b03b8f2c4a39c
  S2: 15ced6d24929d2d0
  ➤ MAC (last 3 bytes): 29d2d0

[STEP 3] 🔒 CBC Encryption
  IV: 0000000000000000
  Plaintext to Encrypt: 0101010101010101
  Encrypted Data: 42e2839cf61ef21d
  Final Data (Encrypted + MAC): 42e2839cf61ef21d29d2d0

[RESULT] ✉️ APDU Command (Ciphered Secure Messaging)
 CLA : 04
 INS : D6
 P1  : 00
 P2  : 00
 Lc  : 0B
 Data: 42E2839CF61EF21D29D2D0

📤 Output Example (Secure)

~/Doc/Gi/WG10B-Helper main !1 ❯ python3 wg10b_helper.py 000A "whatever" --mode secure --debug

[STEP 1] 🔐 Session Key Derivation
  Administrative Key (AK): 434F44452D57473130422D4B45593132
  AK1: 434f44452d574731
  AK2: 30422d4b45593132
  NT: 000A
  Block for SK derivation: 000000000a000000
  SK1: 742edefc032a3366
  SK2: eaacabca4febf414
  ➤ Session Key: 742edefc032a3366eaacabca4febf414

[STEP 1.5] 🧱 Message Construction
  ASCII Text: whatever
  Encoded Data: 7768617465766572
  Lc (length of Data + 3): 0b
  Header: 04d600000b
  Message (Header + Data): 04d600000b7768617465766572
  [i] Message padded with 3 null bytes
  Padded Message: 04d600000b7768617465766572000000

[STEP 2] 🧾 MAC (CBC-MAC) Computation
  [i] Last block padded with zeros for CBC-MAC.
  Block 1: 04d600000b776861
  Block 2: 7465766572000000
  Encrypted Block 1: 6896a8981e17f74f
  XOR Final Block: 1cf3defd6c17f74f
  S2: 0b4a366ed950755e
  ➤ MAC (last 3 bytes): 50755e

[STEP 4] 📦 Final APDU Data
  Final Data (Data + MAC): 776861746576657250755e

[RESULT] ✉️ APDU Command (Secure Messaging - Signature only)
 CLA : 04
 INS : D6
 P1  : 00
 P2  : 00
 Lc  : 0B
 Data: 776861746576657250755E

📄 Log Output Example

Each command is logged to a file with timestamp and parameters:

[2025-03-27 16:45:10] MODE=SECURE NT=000A OFFSET=00 LC=0C DATA=313030353337313437EF5E05

🔐 Technical Background

This tool implements key parts of WG10B Secure Messaging:

  • 3DES key derivation using Administrative Keys and NT
  • CBC-DES MAC calculation for command authentication
  • CBC-3DES encryption for data confidentiality
  • Construction of correct APDU structure (CLA, INS, P1, P2, Lc, Data)

📜 License

This tool is open-source and published under the MIT License.
Feel free to use, modify, and share it.

About

WG10B Smartcard helper

Topics

smartcard smartcard-library wg10b

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Contributors

Languages