mirror of
https://github.com/Proxmark/proxmark3.git
synced 2024-09-21 07:16:24 +08:00
lf t55 bruteforce lots of resource leaks...
plus strlen(Cmd) can never be less than 0 iceman1001 fixes...
This commit is contained in:
marshmellow42
parent
8ea5706047
commit
735136e6a3
|
|
@ -1371,11 +1371,9 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
char buf[9];
|
char buf[9];
|
||||||
char filename[FILE_PATH_SIZE]={0};
|
char filename[FILE_PATH_SIZE]={0};
|
||||||
int keycnt = 0;
|
int keycnt = 0;
|
||||||
|
int ch;
|
||||||
uint8_t stKeyBlock = 20;
|
uint8_t stKeyBlock = 20;
|
||||||
uint8_t *keyBlock = NULL, *p;
|
uint8_t *keyBlock = NULL, *p = NULL;
|
||||||
keyBlock = calloc(stKeyBlock, 6);
|
|
||||||
if (keyBlock == NULL) return 1;
|
|
||||||
|
|
||||||
uint32_t start_password = 0x00000000; //start password
|
uint32_t start_password = 0x00000000; //start password
|
||||||
uint32_t end_password = 0xFFFFFFFF; //end password
|
uint32_t end_password = 0xFFFFFFFF; //end password
|
||||||
bool found = false;
|
bool found = false;
|
||||||
|
|
@ -1383,6 +1381,9 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
char cmdp = param_getchar(Cmd, 0);
|
char cmdp = param_getchar(Cmd, 0);
|
||||||
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();
|
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();
|
||||||
|
|
||||||
|
keyBlock = calloc(stKeyBlock, 6);
|
||||||
|
if (keyBlock == NULL) return 1;
|
||||||
|
|
||||||
if (cmdp == 'i' || cmdp == 'I') {
|
if (cmdp == 'i' || cmdp == 'I') {
|
||||||
|
|
||||||
int len = strlen(Cmd+2);
|
int len = strlen(Cmd+2);
|
||||||
|
|
@ -1417,6 +1418,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
if (!p) {
|
if (!p) {
|
||||||
PrintAndLog("Cannot allocate memory for defaultKeys");
|
PrintAndLog("Cannot allocate memory for defaultKeys");
|
||||||
free(keyBlock);
|
free(keyBlock);
|
||||||
|
fclose(f);
|
||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
keyBlock = p;
|
keyBlock = p;
|
||||||
|
|
@ -1431,6 +1433,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
|
|
||||||
if (keycnt == 0) {
|
if (keycnt == 0) {
|
||||||
PrintAndLog("No keys found in file");
|
PrintAndLog("No keys found in file");
|
||||||
|
free(keyBlock);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
PrintAndLog("Loaded %d keys", keycnt);
|
PrintAndLog("Loaded %d keys", keycnt);
|
||||||
|
|
@ -1440,8 +1443,10 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
for (uint16_t c = 0; c < keycnt; ++c ) {
|
for (uint16_t c = 0; c < keycnt; ++c ) {
|
||||||
|
|
||||||
if (ukbhit()) {
|
if (ukbhit()) {
|
||||||
getchar();
|
ch = getchar();
|
||||||
|
(void)ch;
|
||||||
printf("\naborted via keyboard!\n");
|
printf("\naborted via keyboard!\n");
|
||||||
|
free(keyBlock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1451,6 +1456,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
|
|
||||||
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {
|
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {
|
||||||
PrintAndLog("Aquireing data from device failed. Quitting");
|
PrintAndLog("Aquireing data from device failed. Quitting");
|
||||||
|
free(keyBlock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1458,10 +1464,12 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
|
|
||||||
if ( found ) {
|
if ( found ) {
|
||||||
PrintAndLog("Found valid password: [%08X]", testpwd);
|
PrintAndLog("Found valid password: [%08X]", testpwd);
|
||||||
|
free(keyBlock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
PrintAndLog("Password NOT found.");
|
PrintAndLog("Password NOT found.");
|
||||||
|
free(keyBlock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1471,8 +1479,10 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
start_password = param_get32ex(Cmd, 0, 0, 16);
|
start_password = param_get32ex(Cmd, 0, 0, 16);
|
||||||
end_password = param_get32ex(Cmd, 1, 0, 16);
|
end_password = param_get32ex(Cmd, 1, 0, 16);
|
||||||
|
|
||||||
if ( start_password >= end_password ) return usage_t55xx_bruteforce();
|
if ( start_password >= end_password ) {
|
||||||
|
free(keyBlock);
|
||||||
|
return usage_t55xx_bruteforce();
|
||||||
|
}
|
||||||
PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);
|
PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);
|
||||||
|
|
||||||
uint32_t i = start_password;
|
uint32_t i = start_password;
|
||||||
|
|
@ -1482,13 +1492,16 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
printf(".");
|
printf(".");
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
if (ukbhit()) {
|
if (ukbhit()) {
|
||||||
getchar();
|
ch = getchar();
|
||||||
|
(void)ch;
|
||||||
printf("\naborted via keyboard!\n");
|
printf("\naborted via keyboard!\n");
|
||||||
|
free(keyBlock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {
|
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {
|
||||||
PrintAndLog("Aquireing data from device failed. Quitting");
|
PrintAndLog("Aquireing data from device failed. Quitting");
|
||||||
|
free(keyBlock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
found = tryDetectModulation();
|
found = tryDetectModulation();
|
||||||
|
|
@ -1503,6 +1516,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
||||||
PrintAndLog("Found valid password: [%08x]", i);
|
PrintAndLog("Found valid password: [%08x]", i);
|
||||||
else
|
else
|
||||||
PrintAndLog("Password NOT found. Last tried: [%08x]", --i);
|
PrintAndLog("Password NOT found. Last tried: [%08x]", --i);
|
||||||
|
|
||||||
|
free(keyBlock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ int CmdVikingClone(const char *Cmd) {
|
||||||
uint64_t rawID = 0;
|
uint64_t rawID = 0;
|
||||||
bool Q5 = false;
|
bool Q5 = false;
|
||||||
char cmdp = param_getchar(Cmd, 0);
|
char cmdp = param_getchar(Cmd, 0);
|
||||||
if (strlen(Cmd) < 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_clone();
|
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_clone();
|
||||||
|
|
||||||
id = param_get32ex(Cmd, 0, 0, 16);
|
id = param_get32ex(Cmd, 0, 0, 16);
|
||||||
if (id == 0) return usage_lf_viking_clone();
|
if (id == 0) return usage_lf_viking_clone();
|
||||||
|
|
@ -74,8 +74,8 @@ int CmdVikingClone(const char *Cmd) {
|
||||||
Q5 = true;
|
Q5 = true;
|
||||||
|
|
||||||
rawID = getVikingBits(id);
|
rawID = getVikingBits(id);
|
||||||
PrintAndLog("Cloning - ID: %08X, Raw: %08X%08X",id,(uint32_t)(rawID >> 32),(uint32_t) (rawID & 0xFFFFFFFF));
|
|
||||||
UsbCommand c = {CMD_VIKING_CLONE_TAG,{rawID >> 32, rawID & 0xFFFFFFFF, Q5}};
|
UsbCommand c = {CMD_VIKING_CLONE_TAG,{rawID >> 32, rawID & 0xFFFF, Q5}};
|
||||||
clearCommandBuffer();
|
clearCommandBuffer();
|
||||||
SendCommand(&c);
|
SendCommand(&c);
|
||||||
//check for ACK
|
//check for ACK
|
||||||
|
|
@ -89,7 +89,7 @@ int CmdVikingSim(const char *Cmd) {
|
||||||
uint8_t clk = 32, encoding = 1, separator = 0, invert = 0;
|
uint8_t clk = 32, encoding = 1, separator = 0, invert = 0;
|
||||||
char cmdp = param_getchar(Cmd, 0);
|
char cmdp = param_getchar(Cmd, 0);
|
||||||
|
|
||||||
if (strlen(Cmd) < 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_sim();
|
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_sim();
|
||||||
id = param_get32ex(Cmd, 0, 0, 16);
|
id = param_get32ex(Cmd, 0, 0, 16);
|
||||||
if (id == 0) return usage_lf_viking_sim();
|
if (id == 0) return usage_lf_viking_sim();
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue