From 0968b39243928ec24659660b64bc614189d145cd Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 16 Aug 2022 04:18:27 +0200 Subject: [PATCH] fix #1694 - take in consideration pointer could be called with NULL --- CHANGELOG.md | 1 + armsrc/Standalone/hf_mfcsim.c | 28 +++++++++++++++++++--------- armsrc/mifaresim.c | 7 +++++++ 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f87454e0..7b87b94fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fixed bad memory handling in MifareSim device side (@iceman1001) - Added json topaz file format (@iceman1001) - Added `hf topaz rdbl, wrbl, view` commands (@iceman1001) - Added more details to the annotations of `hf mfdes list` output (@nvx) diff --git a/armsrc/Standalone/hf_mfcsim.c b/armsrc/Standalone/hf_mfcsim.c index 34541a390..f4a8e73b5 100644 --- a/armsrc/Standalone/hf_mfcsim.c +++ b/armsrc/Standalone/hf_mfcsim.c @@ -56,10 +56,11 @@ static char cur_dump_file[22] = {0}; static bool fill_eml_from_file(char *dumpfile) { // check file exist - if (!exists_in_spiffs(dumpfile)) { + if (exists_in_spiffs(dumpfile) == false) { Dbprintf(_RED_("Dump file %s not found!"), dumpfile); return false; } + //check dumpfile size uint32_t size = size_in_spiffs(dumpfile); if (size != DUMP_SIZE) { @@ -67,9 +68,12 @@ static bool fill_eml_from_file(char *dumpfile) { BigBuf_free(); return false; } + //read and load dump file - if (g_dbglevel >= DBG_INFO) + if (g_dbglevel >= DBG_INFO) { Dbprintf(_YELLOW_("Found dump file %s. Uploading to emulator memory..."), dumpfile); + } + emlClearMem(); uint8_t *emCARD = BigBuf_get_EM_addr(); rdv40_spiffs_read_as_filetype(dumpfile, emCARD, size, RDV40_SPIFFS_SAFETY_SAFE); @@ -77,7 +81,7 @@ static bool fill_eml_from_file(char *dumpfile) { } static bool write_file_from_eml(char *dumpfile) { - if (!exists_in_spiffs(dumpfile)) { + if (exists_in_spiffs(dumpfile) == false) { Dbprintf(_RED_("Dump file %s not found!"), dumpfile); return false; } @@ -99,14 +103,18 @@ void RunMod(void) { bool flag_has_dumpfile = false; for (int i = 1;; i++) { + //Exit! usbcommand break if (data_available()) break; - //Infinite loop + // infinite loop if (i > 15) { - if (!flag_has_dumpfile) - break; //still no dump file found - i = 1; //next loop + // still no dump file found + if (flag_has_dumpfile == false) { + break; + } + // next loop + i = 1; } //Indicate which card will be simulated @@ -115,7 +123,7 @@ void RunMod(void) { //Try to load dump form flash sprintf(cur_dump_file, HF_MFCSIM_DUMPFILE_SIM, i); Dbprintf(_YELLOW_("[Slot: %d] Try to load dump file: %s"), i, cur_dump_file); - if (!fill_eml_from_file(cur_dump_file)) { + if (fill_eml_from_file(cur_dump_file) == false) { Dbprintf(_YELLOW_("[Slot: %d] Dump load Failed, Next one!"), i); LEDsoff(); continue; @@ -145,8 +153,10 @@ void RunMod(void) { } Dbprintf(_YELLOW_("[Slot: %d] Write Success! Change to next one!"), i); } - if (!flag_has_dumpfile) + + if (flag_has_dumpfile == false) { Dbprintf("No dump file found!"); + } Dbprintf("Breaked! Exit standalone mode!"); SpinErr(15, 200, 3); return; diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index 47cae98ed..c2f81df21 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -486,6 +486,13 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 uint8_t *rats = NULL; uint8_t rats_len = 0; + + // if fct is called with NULL we need to assign some memory since this pointer is passaed around + uint8_t datain_tmp[10] = {0}; + if (datain == NULL) { + datain = datain_tmp; + } + //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2 // This will be used in the reader-only attack.