Store authentication keys in RawClassicSector (#211)

codebutler · claude · web-flow · commit 549da3276df1 · 2026-02-15T10:29:06.000-05:00
* Port CEPASProtocol from Metrodroid to fix APDU framing Fixes #191 The old FareBot CEPASProtocol manually built APDU commands but omitted the Le (expected response length) byte, causing cards to reject with 6D00 (instruction not supported). Replaced with Metrodroid's approach that delegates to ISO7816Protocol.sendRequest() for proper APDU framing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Store authentication keys in RawClassicSector Add keyA and keyB fields to RawClassicSector to match Metrodroid's ClassicSectorRaw implementation. Track which keys successfully authenticated each sector during card reading and store them in the raw sector data. Changes: - Add keyA/keyB nullable ByteArray fields to RawClassicSector with @contextual serialization - Update factory methods (createData, createInvalid, createUnauthorized) to accept optional key parameters - Refactor ClassicCardReader to track successful authentication keys and pass them to RawClassicSector Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Apply ktlintFormat Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add regression tests for Classic auth key storage Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/card/classic/src/commonMain/kotlin/com/codebutler/farebot/card/classic/ClassicCardReader.kt b/card/classic/src/commonMain/kotlin/com/codebutler/farebot/card/classic/ClassicCardReader.kt
@@ -53,14 +53,22 @@ object ClassicCardReader {
         for (sectorIndex in 0 until tech.sectorCount) {
             try {
                 var authSuccess = false
+                var successfulKeyA: ByteArray? = null
+                var successfulKeyB: ByteArray? = null
 
                 // Try the default keys first
                 if (!authSuccess && sectorIndex == 0) {
                     authSuccess = tech.authenticateSectorWithKeyA(sectorIndex, PREAMBLE_KEY)
+                    if (authSuccess) {
+                        successfulKeyA = PREAMBLE_KEY
+                    }
                 }
 
                 if (!authSuccess) {
                     authSuccess = tech.authenticateSectorWithKeyA(sectorIndex, ClassicTechnology.KEY_DEFAULT)
+                    if (authSuccess) {
+                        successfulKeyA = ClassicTechnology.KEY_DEFAULT
+                    }
                 }
 
                 if (cardKeys != null) {
@@ -69,8 +77,13 @@ object ClassicCardReader {
                         val sectorKey: ClassicSectorKey? = cardKeys.keyForSector(sectorIndex)
                         if (sectorKey != null) {
                             authSuccess = tech.authenticateSectorWithKeyA(sectorIndex, sectorKey.keyA)
-                            if (!authSuccess) {
+                            if (authSuccess) {
+                                successfulKeyA = sectorKey.keyA
+                            } else {
                                 authSuccess = tech.authenticateSectorWithKeyB(sectorIndex, sectorKey.keyB)
+                                if (authSuccess) {
+                                    successfulKeyB = sectorKey.keyB
+                                }
                             }
                         }
                     }
@@ -94,12 +107,17 @@ object ClassicCardReader {
                                     keys[keyIndex].keyA,
                                 )
 
-                            if (!authSuccess) {
+                            if (authSuccess) {
+                                successfulKeyA = keys[keyIndex].keyA
+                            } else {
                                 authSuccess =
                                     tech.authenticateSectorWithKeyB(
                                         sectorIndex,
                                         keys[keyIndex].keyB,
                                     )
+                                if (authSuccess) {
+                                    successfulKeyB = keys[keyIndex].keyB
+                                }
                             }
 
                             if (authSuccess) {
@@ -118,7 +136,14 @@ object ClassicCardReader {
                         val data = tech.readBlock(firstBlockIndex + blockIndex)
                         blocks.add(RawClassicBlock.create(blockIndex, data))
                     }
-                    sectors.add(RawClassicSector.createData(sectorIndex, blocks))
+                    sectors.add(
+                        RawClassicSector.createData(
+                            sectorIndex,
+                            blocks,
+                            successfulKeyA,
+                            successfulKeyB,
+                        ),
+                    )
                 } else {
                     sectors.add(RawClassicSector.createUnauthorized(sectorIndex))
                 }
diff --git a/card/classic/src/commonMain/kotlin/com/codebutler/farebot/card/classic/raw/RawClassicSector.kt b/card/classic/src/commonMain/kotlin/com/codebutler/farebot/card/classic/raw/RawClassicSector.kt
@@ -27,13 +27,16 @@ import com.codebutler.farebot.card.classic.ClassicSector
 import com.codebutler.farebot.card.classic.DataClassicSector
 import com.codebutler.farebot.card.classic.InvalidClassicSector
 import com.codebutler.farebot.card.classic.UnauthorizedClassicSector
+import kotlinx.serialization.Contextual
 import kotlinx.serialization.Serializable
 
 @Serializable
 data class RawClassicSector(
     val type: String,
     val index: Int,
     val blocks: List<RawClassicBlock>? = null,
+    @Contextual val keyA: ByteArray? = null,
+    @Contextual val keyB: ByteArray? = null,
     val errorMessage: String? = null,
 ) {
     fun parse(): ClassicSector =
@@ -55,13 +58,21 @@ data class RawClassicSector(
         fun createData(
             index: Int,
             blocks: List<RawClassicBlock>,
-        ): RawClassicSector = RawClassicSector(TYPE_DATA, index, blocks, null)
+            keyA: ByteArray? = null,
+            keyB: ByteArray? = null,
+        ): RawClassicSector = RawClassicSector(TYPE_DATA, index, blocks, keyA, keyB, null)
 
         fun createInvalid(
             index: Int,
             errorMessage: String,
-        ): RawClassicSector = RawClassicSector(TYPE_INVALID, index, null, errorMessage)
+            keyA: ByteArray? = null,
+            keyB: ByteArray? = null,
+        ): RawClassicSector = RawClassicSector(TYPE_INVALID, index, null, keyA, keyB, errorMessage)
 
-        fun createUnauthorized(index: Int): RawClassicSector = RawClassicSector(TYPE_UNAUTHORIZED, index, null, null)
+        fun createUnauthorized(
+            index: Int,
+            keyA: ByteArray? = null,
+            keyB: ByteArray? = null,
+        ): RawClassicSector = RawClassicSector(TYPE_UNAUTHORIZED, index, null, keyA, keyB, null)
     }
 }
diff --git a/card/classic/src/commonTest/kotlin/com/codebutler/farebot/card/classic/raw/RawClassicSectorTest.kt b/card/classic/src/commonTest/kotlin/com/codebutler/farebot/card/classic/raw/RawClassicSectorTest.kt
@@ -0,0 +1,164 @@
+/*
+ * RawClassicSectorTest.kt
+ *
+ * Copyright 2025 Eric Butler <eric@codebutler.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.codebutler.farebot.card.classic.raw
+
+import com.codebutler.farebot.card.classic.DataClassicSector
+import com.codebutler.farebot.card.classic.InvalidClassicSector
+import com.codebutler.farebot.card.classic.UnauthorizedClassicSector
+import kotlin.test.Test
+import kotlin.test.assertContentEquals
+import kotlin.test.assertEquals
+import kotlin.test.assertNotNull
+import kotlin.test.assertNull
+import kotlin.test.assertTrue
+
+@OptIn(ExperimentalStdlibApi::class)
+class RawClassicSectorTest {
+    private val testKeyA = "A0A1A2A3A4A5".hexToByteArray()
+    private val testKeyB = "B0B1B2B3B4B5".hexToByteArray()
+
+    private fun createTestBlocks(): List<RawClassicBlock> =
+        listOf(
+            RawClassicBlock.create(0, ByteArray(16)),
+            RawClassicBlock.create(1, ByteArray(16)),
+            RawClassicBlock.create(2, ByteArray(16)),
+            RawClassicBlock.create(3, ByteArray(16)),
+        )
+
+    @Test
+    fun testCreateDataWithKeys() {
+        val sector = RawClassicSector.createData(0, createTestBlocks(), testKeyA, testKeyB)
+
+        assertEquals(RawClassicSector.TYPE_DATA, sector.type)
+        assertEquals(0, sector.index)
+        val blocks = sector.blocks
+        assertNotNull(blocks)
+        assertEquals(4, blocks.size)
+        assertContentEquals(testKeyA, sector.keyA)
+        assertContentEquals(testKeyB, sector.keyB)
+        assertNull(sector.errorMessage)
+    }
+
+    @Test
+    fun testCreateDataWithOnlyKeyA() {
+        val sector = RawClassicSector.createData(1, createTestBlocks(), keyA = testKeyA)
+
+        assertContentEquals(testKeyA, sector.keyA)
+        assertNull(sector.keyB)
+    }
+
+    @Test
+    fun testCreateDataWithOnlyKeyB() {
+        val sector = RawClassicSector.createData(2, createTestBlocks(), keyB = testKeyB)
+
+        assertNull(sector.keyA)
+        assertContentEquals(testKeyB, sector.keyB)
+    }
+
+    @Test
+    fun testCreateDataWithoutKeys() {
+        val sector = RawClassicSector.createData(0, createTestBlocks())
+
+        assertEquals(RawClassicSector.TYPE_DATA, sector.type)
+        assertNull(sector.keyA)
+        assertNull(sector.keyB)
+    }
+
+    @Test
+    fun testCreateUnauthorizedWithKeys() {
+        val sector = RawClassicSector.createUnauthorized(5, testKeyA, testKeyB)
+
+        assertEquals(RawClassicSector.TYPE_UNAUTHORIZED, sector.type)
+        assertEquals(5, sector.index)
+        assertNull(sector.blocks)
+        assertContentEquals(testKeyA, sector.keyA)
+        assertContentEquals(testKeyB, sector.keyB)
+        assertNull(sector.errorMessage)
+    }
+
+    @Test
+    fun testCreateUnauthorizedWithoutKeys() {
+        val sector = RawClassicSector.createUnauthorized(3)
+
+        assertEquals(RawClassicSector.TYPE_UNAUTHORIZED, sector.type)
+        assertNull(sector.keyA)
+        assertNull(sector.keyB)
+    }
+
+    @Test
+    fun testCreateInvalidWithKeys() {
+        val sector = RawClassicSector.createInvalid(7, "Read error", testKeyA, testKeyB)
+
+        assertEquals(RawClassicSector.TYPE_INVALID, sector.type)
+        assertEquals(7, sector.index)
+        assertNull(sector.blocks)
+        assertContentEquals(testKeyA, sector.keyA)
+        assertContentEquals(testKeyB, sector.keyB)
+        assertEquals("Read error", sector.errorMessage)
+    }
+
+    @Test
+    fun testCreateInvalidWithoutKeys() {
+        val sector = RawClassicSector.createInvalid(4, "Timeout")
+
+        assertEquals(RawClassicSector.TYPE_INVALID, sector.type)
+        assertNull(sector.keyA)
+        assertNull(sector.keyB)
+        assertEquals("Timeout", sector.errorMessage)
+    }
+
+    @Test
+    fun testParseDataSectorWithKeys() {
+        val sector = RawClassicSector.createData(0, createTestBlocks(), testKeyA, testKeyB)
+        val parsed = sector.parse()
+
+        assertTrue(parsed is DataClassicSector)
+        assertEquals(0, parsed.index)
+        assertEquals(4, parsed.blocks.size)
+    }
+
+    @Test
+    fun testParseUnauthorizedSectorWithKeys() {
+        val sector = RawClassicSector.createUnauthorized(5, testKeyA, testKeyB)
+        val parsed = sector.parse()
+
+        assertTrue(parsed is UnauthorizedClassicSector)
+        assertEquals(5, parsed.index)
+    }
+
+    @Test
+    fun testParseInvalidSectorWithKeys() {
+        val sector = RawClassicSector.createInvalid(7, "Read error", testKeyA, testKeyB)
+        val parsed = sector.parse()
+
+        assertTrue(parsed is InvalidClassicSector)
+        assertEquals(7, parsed.index)
+    }
+
+    @Test
+    fun testKeyDefaultKey() {
+        // Verify that the default MIFARE key (FF FF FF FF FF FF) can be stored
+        val defaultKey = "FFFFFFFFFFFF".hexToByteArray()
+        val sector = RawClassicSector.createData(0, createTestBlocks(), keyA = defaultKey)
+
+        assertContentEquals(defaultKey, sector.keyA)
+        assertNull(sector.keyB)
+    }
+}
