fix reveng memory bug + @iceman1001 s scripting

2024-09-21 07:16:24 +08:00 · 2015-06-09 13:40:01 -04:00 · 2015-06-09 13:40:01 -04:00 · 2e16354693
parent 7a23fca13a
commit 2e16354693
5 changed files with 255 additions and 141 deletions
--- a/client/cmdcrc.c
+++ b/client/cmdcrc.c
@ -90,16 +90,11 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 		PZERO,		/* check value unused */
 		NULL		/* no model name */
 	};
+
 	int ibperhx = 8;//, obperhx = 8;
 	int rflags = 0, uflags = 0; /* search and UI flags */
-
-	//unsigned long width = 0UL;
-	//int c, mode = 0, args, psets, pass;
 	poly_t apoly, crc, qpoly = PZERO, *apolys = NULL, *pptr = NULL, *qptr = NULL;
 	model_t pset = model, *candmods, *mptr;
-	//char *string;
-
-	//myname = argv[0];

 	/* stdin must be binary */
 	#ifdef _WIN32
@ -108,14 +103,10 @@ int GetModels(char *Models[], int *count, uint32_t *width){

 	SETBMP();
 	
-	//pos=0;
-	//optind=1;
-
 	int args = 0, psets, pass;
 	int Cnt = 0;
 	if (*width == 0) { //reveng -D
 		*count = mcount();
-		//PrintAndLog("Count: %d",*count);
 		if(!*count)
 			return uerr("no preset models available");

@ -123,15 +114,14 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 			mbynum(&model, mode);
 			mcanon(&model);
 			size_t size = (model.name && *model.name) ? strlen(model.name) : 6;
-			//PrintAndLog("Size: %d, %s",size,model.name);
 			char *tmp = calloc(size+1, sizeof(char));
 			if (tmp==NULL)
 				return uerr("out of memory?");

 			memcpy(tmp, model.name, size);
 			Models[mode] = tmp;
-			//ufound(&model);
 		}
+		mfree(&model);
 	} else { //reveng -s

 		if(~model.flags & P_MULXN)
@ -150,7 +140,7 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 			rflags &= ~R_HAVEQ;


-			/* not going to be sending additional args
+		/* not going to be sending additional args at this time (maybe future?)

 		// allocate argument array 
 		args = argc - optind;
@ -193,9 +183,11 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 					if(rflags & R_HAVEX && psncmp(&model.xorout, &pset.xorout))
 						continue;
 			
+					//for additional args (not used yet, maybe future?)
 					apoly = pclone(pset.xorout);
 					if(pset.flags & P_REFOUT)
 						prev(&apoly);
+					
 					for(qptr = apolys; qptr < pptr; ++qptr) {
 						crc = pcrc(*qptr, pset.spoly, pset.init, apoly, 0);
 						if(ptst(crc)) {
@ -206,7 +198,9 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 					}
 					pfree(&apoly);
 					if(qptr == pptr) {
+
 						/* the selected model solved all arguments */
+
 						mcanon(&pset);
 						
 						size_t size = (pset.name && *pset.name) ? strlen(pset.name) : 6;
@ -219,7 +213,6 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 						memcpy(tmp, pset.name, size);
 						Models[Cnt++] = tmp;
 						*count = Cnt;
-							//ufound(&pset);
 						uflags |= C_RESULT;
 					}
 				}
@ -233,25 +226,21 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 				}
 			} while(~rflags & R_HAVERI && ++pass < 2);
 		}
+		//got everything now free the memory...
+
 		if(uflags & C_RESULT) {
 			for(qptr = apolys; qptr < pptr; ++qptr)
 				pfree(qptr);
-				return 1;
-				//exit(EXIT_SUCCESS);
 		}
 		if(!(model.flags & P_REFIN) != !(model.flags & P_REFOUT))
 			return uerr("cannot search for crossed-endian models");
+
 		pass = 0;
 		do {
 			mptr = candmods = reveng(&model, qpoly, rflags, args, apolys);
 			if(mptr && plen(mptr->spoly))
 				uflags |= C_RESULT;
 			while(mptr && plen(mptr->spoly)) {
-					/* results were printed by the callback
-					 * string = mtostr(mptr);
-					 * puts(string);
-					 * free(string);
-					 */
 				mfree(mptr++);
 			}
 			free(candmods);
@ -266,10 +255,8 @@ int GetModels(char *Models[], int *count, uint32_t *width){
 		free(apolys);
 		if(~uflags & C_RESULT)
 			return uerr("no models found");
-
-
+		mfree(&model);
 	}
-	//PrintAndLog("DONE");
 	return 1;
 }

--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@ -33,10 +33,10 @@ unsigned int current_command = CMD_UNKNOWN;
 static int CmdHelp(const char *Cmd);
 static int CmdQuit(const char *Cmd);
 static int CmdRev(const char *Cmd);
-/* // for testing reveng api - cmdcrc.c
+ // for testing reveng api - cmdcrc.c
 static int CmdrevengT(const char *Cmd);
 static int CmdrevengC(const char *Cmd);
-*/
+

 //For storing command that are received from the device
 static UsbCommand cmdBuffer[CMD_BUFFER_SIZE];
@ -53,10 +53,10 @@ static command_t CommandTable[] =
  {"hw",    CmdHW,    1, "{ Hardware commands... }"},
  {"lf",    CmdLF,    1, "{ Low Frequency commands... }"},
  {"reveng",CmdRev,   1, "Crc calculations from the software reveng1-30"},
-  /* // for testing reveng api - cmdcrc.c
-  {"revengt",CmdrevengT,1, "TEST Crc calculations from the software reveng1-30"},
-  {"revengc",CmdrevengC,1, "TEST Crc calculations from the software reveng1-30"},
-  */
+   // for testing reveng api - cmdcrc.c
+  //{"revengt",CmdrevengT,1, "TEST Crc calculations from the software reveng1-30"},
+  //{"revengc",CmdrevengC,1, "TEST Crc calculations from the software reveng1-30"},
+  
  {"script",CmdScript,1, "{ Scripting commands }"},
  {"quit",  CmdQuit,  1, "Exit program"},
  {"exit",  CmdQuit,  1, "Exit program"},
@ -84,7 +84,7 @@ int CmdRev(const char *Cmd)
  CmdCrc(Cmd);
  return 0;
 }
-/* // for testing reveng api - cmdcrc.c
+ // for testing reveng api - cmdcrc.c
 int CmdrevengT(const char *Cmd)
 {
  return CmdrevengTest(Cmd);
@ -93,7 +93,7 @@ int CmdrevengC(const char *Cmd)
 {
  return CmdrevengTestC(Cmd);
 }
-*/
+
 /**
 * @brief This method should be called when sending a new command to the pm3. In case any old
 *  responses from previous commands are stored in the buffer, a call to this method should clear them.
--- a/client/reveng/cli.c
+++ b/client/reveng/cli.c
@ -444,7 +444,7 @@ ippx:
 			if(uflags & C_RESULT) {
 				for(qptr = apolys; qptr < pptr; ++qptr)
 					pfree(qptr);
-				return 1;
+				//return 1;
 				//exit(EXIT_SUCCESS);
 			}
 			if(!(model.flags & P_REFIN) != !(model.flags & P_REFOUT)){
--- a/client/scripting.c
+++ b/client/scripting.c
@ -22,6 +22,7 @@
 #include "../common/crc64.h"
 #include "../common/sha1.h"
 #include "aes.h"
+#include "cmdcrc.h"
 /**
 * The following params expected:
 *  UsbCommand c
@ -388,6 +389,60 @@ static int l_sha1(lua_State *L)
 	return 1;
 }

+static int l_reveng_models(lua_State *L){
+
+	char *models[80];
+	int count = 0;
+	lua_Integer  in_width = luaL_checkinteger(L, 1);
+	
+	if( in_width > 89 ) return returnToLuaWithError(L,"Width cannot exceed 89, got %d", in_width);
+
+	uint32_t width = (uint32_t)in_width;
+	int ans = GetModels(models, &count, &width);
+	if (!ans) return 0;
+	
+	lua_newtable(L);
+	
+	for (int i = 0; i < count; i++){
+		lua_pushstring(L,  (const char*)models[i]);
+		lua_rawseti(L,-2,i+1);
+		free(models[i]);
+	}
+
+	return 1;
+}
+
+static int l_reveng_RunModel(lua_State *L){
+	//-c || -v
+	//inModel = valid model name string - CRC-8
+	//inHexStr = input hex string to calculate crc on
+	//reverse = reverse calc option if true
+	//endian = {0 = calc default endian input and output, b = big endian input and output, B = big endian output, r = right justified
+	//          l = little endian input and output, L = little endian output only, t = left justified}
+	//result = calculated crc hex string	
+	char result[50];
+	
+	size_t dataLen;
+	const char *inModel = luaL_checklstring(L, 1, &dataLen);
+	if ( dataLen < 4 ) return returnToLuaWithError(L,"Can't find model, got %s", inModel);
+	
+	const char *inHexStr = luaL_checklstring(L, 2, &dataLen);
+	if ( dataLen < 4 ) return returnToLuaWithError(L,"Hex string too short, got %d", dataLen);
+	
+	int reverse = luaL_checkinteger(L, 3);	
+	const char endian = luaL_checklstring(L, 4, &dataLen)[0];
+
+	//PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse);
+	//int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result)
+	int ans = RunModel( (char *)inModel, (char *)inHexStr, (bool)reverse, endian, result);
+	if (!ans) 	
+		return returnToLuaWithError(L,"Reveng failed");
+
+	lua_pushstring(L, (const char*)result); 
+	return 1;
+}
+
+
 /**
 * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
 * able to do "require('foobar')" if foobar.lua is within lualibs folder.
@ -433,6 +488,9 @@ int set_pm3_libraries(lua_State *L)
 		{"crc16",                       l_crc16},
 		{"crc64",                       l_crc64},
 		{"sha1",                        l_sha1},
+		{"reveng_models",               l_reveng_models},
+		{"reveng_runmodel",             l_reveng_RunModel},
+
 		{NULL, NULL}
 	};

--- a/client/scripts/e.lua
+++ b/client/scripts/e.lua
@ -0,0 +1,69 @@
+local getopt = require('getopt')
+local utils = require('utils')
+
+example = "script calculates many checksums (CRC) over the provided hex input"
+author = "Iceman"
+desc =
+[[
+This script calculates many checksums (CRS) over the provided hex input. 
+
+Arguments:
+	-b 				data in hex
+	-w				width of the CRC algorithm. <optional> defaults to all known CRC presets.
+Examples : 
+	script run e -b 010203040506070809
+	script run e -b 010203040506070809 -w 16
+]]
+
+--- 
+-- A debug printout-function
+function dbg(args)
+	if DEBUG then
+		print("###", args)
+	end
+end 
+--- 
+-- This is only meant to be used when errors occur
+function oops(err)
+	print("ERROR: ",err)
+	return nil,err
+end
+--- 
+-- Usage help
+function help()
+	print(desc)
+	print("Example usage")
+	print(example)
+end
+--- 
+-- The main entry point
+function main(args)
+
+	local data = '01020304'
+	local width = 0
+
+	-- Read the parameters
+	for o, a in getopt.getopt(args, 'hb:w:') do
+		if o == "h" then return help() end
+		if o == "b" then data = utils.ConvertHexToa end
+		if o == "w" then width = a end
+	end
+
+	print('Width of CRC: '..width..'  bytes: '..data)
+	print('')
+	print('Model','CRC', 'CRC_Reverse')
+	
+	local lists = core.reveng_models(width)
+	for _,i in pairs(lists) do
+		local one = core.reveng_runmodel(i, data, 0,0)
+		local two = core.reveng_runmodel(i, data, 1,0)
+		
+		print(i, one, two)
+	end
+	
+	if 1 == 1 then
+	 return
+	end 
+end
+
+main(args)