diff --git a/client/src/cmdhfmfhard.c b/client/src/cmdhfmfhard.c index f4ba72cbc..10e76e2d4 100644 --- a/client/src/cmdhfmfhard.c +++ b/client/src/cmdhfmfhard.c @@ -118,7 +118,7 @@ static void print_progress_header(void) { char progress_text[80]; char instr_set[12] = ""; get_SIMD_instruction_set(instr_set); - sprintf(progress_text, "Start using " _YELLOW_("%d") " threads and " _YELLOW_("%s") " SIMD core", num_CPUs(), instr_set); + snprintf(progress_text, sizeof(progress_text), "Start using " _YELLOW_("%d") " threads and " _YELLOW_("%s") " SIMD core", num_CPUs(), instr_set); PrintAndLogEx(INFO, "Hardnested attack starting..."); PrintAndLogEx(INFO, "---------+---------+---------------------------------------------------------+-----------------+-------"); @@ -136,13 +136,13 @@ void hardnested_print_progress(uint32_t nonces, const char *activity, float brut float brute_force_time = brute_force / brute_force_per_second; char brute_force_time_string[20]; if (brute_force_time < 90) { - sprintf(brute_force_time_string, "%2.0fs", brute_force_time); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fs", brute_force_time); } else if (brute_force_time < 60 * 90) { - sprintf(brute_force_time_string, "%2.0fmin", brute_force_time / 60); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fmin", brute_force_time / 60); } else if (brute_force_time < 60 * 60 * 36) { - sprintf(brute_force_time_string, "%2.0fh", brute_force_time / (60 * 60)); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fh", brute_force_time / (60 * 60)); } else { - sprintf(brute_force_time_string, "%2.0fd", brute_force_time / (60 * 60 * 24)); + snprintf(brute_force_time_string, sizeof(brute_force_time_string), "%2.0fd", brute_force_time / (60 * 60 * 24)); } PrintAndLogEx(INFO, " %7.0f | %7u | %-55s | %15.0f | %5s", (float)total_time / 1000.0, nonces, activity, brute_force, brute_force_time_string); } @@ -263,9 +263,9 @@ static void init_bitflip_bitarrays(void) { bitflip_bitarrays[odd_even][bitflip] = NULL; count_bitflip_bitarrays[odd_even][bitflip] = 1 << 24; - sprintf(state_file_name, STATE_FILE_TEMPLATE, odd_even, bitflip); - strcpy(state_files_path, STATE_FILES_DIRECTORY); - strcat(state_files_path, state_file_name); + snprintf(state_file_name, sizeof(state_file_name), STATE_FILE_TEMPLATE, odd_even, bitflip); + strncpy(state_files_path, STATE_FILES_DIRECTORY, sizeof(state_files_path) - 1); + strncat(state_files_path, state_file_name, sizeof(state_files_path) - (strlen(STATE_FILES_DIRECTORY) + 1)); char *path; if (searchFile(&path, RESOURCES_SUBDIR, state_files_path, "", true) != PM3_SUCCESS) { @@ -371,7 +371,7 @@ static void init_bitflip_bitarrays(void) { } #endif char progress_text[80]; - sprintf(progress_text, "Using %d precalculated bitflip state tables", num_all_effective_bitflips); + snprintf(progress_text, sizeof(progress_text), "Using %d precalculated bitflip state tables", num_all_effective_bitflips); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); } @@ -1080,9 +1080,9 @@ static int read_nonce_file(char *filename) { fclose(fnonces); char progress_string[80]; - sprintf(progress_string, "Read %u nonces from file. cuid = %08x", num_acquired_nonces, cuid); + snprintf(progress_string, sizeof(progress_string), "Read %u nonces from file. cuid = %08x", num_acquired_nonces, cuid); hardnested_print_progress(num_acquired_nonces, progress_string, (float)(1LL << 47), 0); - sprintf(progress_string, "Target Block=%d, Keytype=%c", trgBlockNo, trgKeyType == 0 ? 'A' : 'B'); + snprintf(progress_string, sizeof(progress_string), "Target Block=%d, Keytype=%c", trgBlockNo, trgKeyType == 0 ? 'A' : 'B'); hardnested_print_progress(num_acquired_nonces, progress_string, (float)(1LL << 47), 0); bool got_match = false; @@ -1311,7 +1311,7 @@ static int simulate_acquire_nonces(void) { } char progress_text[80]; - sprintf(progress_text, "Simulating key %012" PRIx64 ", cuid %08" PRIx32 " ...", known_target_key, cuid); + snprintf(progress_text, sizeof(progress_text), "Simulating key %012" PRIx64 ", cuid %08" PRIx32 " ...", known_target_key, cuid); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); fprintf(fstats, "%012" PRIx64 ";%" PRIx32 ";", known_target_key, cuid); @@ -1353,7 +1353,7 @@ static int simulate_acquire_nonces(void) { acquisition_completed = shrink_key_space(&brute_force_depth); if (!reported_suma8) { char progress_string[80]; - sprintf(progress_string, "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); + snprintf(progress_string, sizeof(progress_string), "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); hardnested_print_progress(num_acquired_nonces, progress_string, brute_force_depth, 0); reported_suma8 = true; } else { @@ -1491,7 +1491,7 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ acquisition_completed = shrink_key_space(&brute_force_depth); if (!reported_suma8) { char progress_string[80]; - sprintf(progress_string, "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); + snprintf(progress_string, sizeof(progress_string), "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]); hardnested_print_progress(num_acquired_nonces, progress_string, brute_force_depth, 0); reported_suma8 = true; } else { @@ -1662,7 +1662,7 @@ static inline bool bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_e #ifdef DEBUG_KEY_ELIMINATION if (!quiet && known_target_key != -1 && state == test_state[odd_even]) { PrintAndLogEx(INFO, "Initial state lists: " _YELLOW_("%s") " test state eliminated by bitflip property.", odd_even == EVEN_STATE ? "even" : "odd"); - sprintf(failstr, "Initial " _YELLOW_("%s") " byte Bitflip property", odd_even == EVEN_STATE ? "even" : "odd"); + snprintf(failstr, sizeof(failstr), "Initial " _YELLOW_("%s") " byte Bitflip property", odd_even == EVEN_STATE ? "even" : "odd"); } #endif return false; @@ -1713,7 +1713,7 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even byte2, num_common); if (failstr[0] == '\0') { - sprintf(failstr, "Other 1st Byte %s, all_bitflips_match(), no match", odd_even ? "odd" : "even"); + snprintf(failstr, sizeof(failstr), "Other 1st Byte %s, all_bitflips_match(), no match", odd_even ? "odd" : "even"); } } # endif @@ -2232,9 +2232,9 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc for (uint32_t i = 0; i < tests; i++) { start_time = msclock(); print_progress_header(); - sprintf(progress_text, "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); + snprintf(progress_text, sizeof(progress_text), "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); - sprintf(progress_text, "Starting Test #%" PRIu32 " ...", i + 1); + snprintf(progress_text, sizeof(progress_text), "Starting Test #%" PRIu32 " ...", i + 1); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); if (trgkey != NULL) { @@ -2298,10 +2298,10 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc prepare_bf_test_nonces(nonces, best_first_bytes[0]); for (uint8_t j = 0; j < NUM_SUMS && !key_found; j++) { float expected_brute_force = nonces[best_first_bytes[0]].expected_num_brute_force; - sprintf(progress_text, "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); + snprintf(progress_text, sizeof(progress_text), "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); if (sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx] != real_sum_a8) { - sprintf(progress_text, "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); + snprintf(progress_text, sizeof(progress_text), "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); } generate_candidates(first_byte_Sum, nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx); @@ -2344,7 +2344,7 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc } else { start_time = msclock(); print_progress_header(); - sprintf(progress_text, "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); + snprintf(progress_text, sizeof(progress_text), "Brute force benchmark: %1.0f million (2^%1.1f) keys/s", brute_force_per_second / 1000000, log(brute_force_per_second) / log(2.0)); hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0); init_bitflip_bitarrays(); init_part_sum_bitarrays(); @@ -2424,11 +2424,11 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc for (uint8_t j = 0; j < NUM_SUMS && !key_found; j++) { float expected_brute_force = nonces[best_first_bytes[0]].expected_num_brute_force; - sprintf(progress_text, "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); + snprintf(progress_text, sizeof(progress_text), "(%d. guess: Sum(a8) = %" PRIu16 ")", j + 1, sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx]); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); if (trgkey != NULL && sums[nonces[best_first_bytes[0]].sum_a8_guess[j].sum_a8_idx] != real_sum_a8) { - sprintf(progress_text, "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); + snprintf(progress_text, sizeof(progress_text), "(Estimated Sum(a8) is WRONG! Correct Sum(a8) = %" PRIu16 ")", real_sum_a8); hardnested_print_progress(num_acquired_nonces, progress_text, expected_brute_force, 0); } diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index e110554d6..38c2b7d4a 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -103,23 +103,18 @@ static uint8_t UL_MEMORY_ARRAY[ARRAYLEN(UL_TYPES_ARRAY)] = { //------------------------------------ // get version nxp product type -static char *getProductTypeStr(uint8_t id) { - +static const char *getProductTypeStr(uint8_t id) { static char buf[20]; - char *retStr = buf; switch (id) { case 3: - sprintf(retStr, "%02X, Ultralight", id); - break; + return "Ultralight"; case 4: - sprintf(retStr, "%02X, NTAG", id); - break; + return "NTAG"; default: - sprintf(retStr, "%02X, unknown", id); - break; + snprintf(buf, sizeof(buf), "%02X, unknown", id); + return buf; } - return buf; } static int ul_print_nxp_silicon_info(uint8_t *card_uid) { @@ -160,10 +155,9 @@ static int ul_print_nxp_silicon_info(uint8_t *card_uid) { the LSBit is set to '0' if the size is exactly 2^n and set to '1' if the storage size is between 2^n and 2^(n+1). */ -static char *getUlev1CardSizeStr(uint8_t fsize) { +static const char *getUlev1CardSizeStr(uint8_t fsize) { static char buf[40]; - char *retStr = buf; memset(buf, 0, sizeof(buf)); uint16_t usize = 1 << ((fsize >> 1) + 1); @@ -171,9 +165,9 @@ static char *getUlev1CardSizeStr(uint8_t fsize) { // is LSB set? if (fsize & 1) - sprintf(retStr, "%02X, (%u <-> %u bytes)", fsize, usize, lsize); + snprintf(buf, sizeof(buf), "%02X, (%u <-> %u bytes)", fsize, usize, lsize); else - sprintf(retStr, "%02X, (%u bytes)", fsize, lsize); + snprintf(buf, sizeof(buf), "%02X, (%u bytes)", fsize, lsize); return buf; } @@ -551,34 +545,38 @@ static int ndef_print_CC(uint8_t *data) { uint8_t cc_minor = (data[1] & 0x30) >> 4; uint8_t cc_major = (data[1] & 0xC0) >> 6; - char wStr[50]; - memset(wStr, 0, sizeof(wStr)); + const char *wStr; switch (cc_write) { case 0: - sprintf(wStr, "Write access granted without any security"); + wStr = "Write access granted without any security"; break; case 1: - sprintf(wStr, "RFU"); + wStr = "RFU"; break; case 2: - sprintf(wStr, "Proprietary"); + wStr = "Proprietary"; break; case 3: - sprintf(wStr, "No write access"); + wStr = "No write access"; + break; + default: + wStr = "Unknown"; break; } - char rStr[46]; - memset(rStr, 0, sizeof(rStr)); + const char *rStr; switch (cc_read) { case 0: - sprintf(rStr, "Read access granted without any security"); + rStr = "Read access granted without any security"; break; case 1: case 3: - sprintf(rStr, "RFU"); + rStr = "RFU"; break; case 2: - sprintf(rStr, "Proprietary"); + rStr = "Proprietary"; + break; + default: + rStr = "Unknown"; break; } @@ -1329,7 +1327,7 @@ static int mfu_fingerprint(TagTypeUL_t tagtype, bool hasAuthKey, uint8_t *authke if (item->Pwd) { char s[40] = {0}; - sprintf(s, item->hint, item->Pwd(uid)); + snprintf(s, sizeof(s), item->hint, item->Pwd(uid)); PrintAndLogEx(HINT, "Use `" _YELLOW_("%s") "`", s); } else { PrintAndLogEx(HINT, "Use `" _YELLOW_("%s") "`", item->hint); @@ -2708,12 +2706,13 @@ static int CmdHF14AMfUeLoad(const char *Cmd) { CLIExecWithReturn(ctx, Cmd, argtable, false); CLIParserFree(ctx); - char *nc = calloc(strlen(Cmd) + 6, 1); + size_t nc_len = strlen(Cmd) + 6; + char *nc = calloc(nc_len, 1); if (nc == NULL) { return CmdHF14AMfELoad(Cmd); } - sprintf(nc, "%s --ul", Cmd); + snprintf(nc, nc_len, "%s --ul", Cmd); int res = CmdHF14AMfELoad(nc); free(nc); @@ -3913,10 +3912,10 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) { PrintAndLogEx(INFO, "hf 14a raw -s -c 3e00 --> read tearing 0"); PrintAndLogEx(NORMAL, ""); char read_cnt_str[30]; - sprintf(read_cnt_str, "hf 14a raw -s -c 39%02x", counter); + snprintf(read_cnt_str, sizeof(read_cnt_str), "hf 14a raw -s -c 39%02x", counter); CommandReceived(read_cnt_str); char read_tear_str[30]; - sprintf(read_tear_str, "hf 14a raw -s -c 3e%02x", counter); + snprintf(read_tear_str, sizeof(read_tear_str), "hf 14a raw -s -c 3e%02x", counter); CommandReceived(read_tear_str); return PM3_SUCCESS; } diff --git a/client/src/cmdhfst.c b/client/src/cmdhfst.c index 28cfce0d4..6310b0b2f 100644 --- a/client/src/cmdhfst.c +++ b/client/src/cmdhfst.c @@ -23,55 +23,37 @@ #define TIMEOUT 2000 // get ST Microelectronics chip model (from UID) -char *get_st_chip_model(uint8_t pc) { - static char model[40]; - char *s = model; - memset(model, 0, sizeof(model)); +const char *get_st_chip_model(uint8_t pc) { switch (pc) { case 0x0: - sprintf(s, "SRIX4K (Special)"); - break; + return "SRIX4K (Special)"; case 0x2: - sprintf(s, "SR176"); - break; + return "SR176"; case 0x3: - sprintf(s, "SRIX4K"); - break; + return "SRIX4K"; case 0x4: - sprintf(s, "SRIX512"); - break; + return "SRIX512"; case 0x6: - sprintf(s, "SRI512"); - break; + return "SRI512"; case 0x7: - sprintf(s, "SRI4K"); - break; + return "SRI4K"; case 0xC: - sprintf(s, "SRT512"); - break; + return "SRT512"; case 0xC4: - sprintf(s, "ST25TA64K"); - break; + return "ST25TA64K"; case 0xE2: - sprintf(s, "ST25??? IKEA Rothult"); - break; + return "ST25??? IKEA Rothult"; case 0xE3: - sprintf(s, "ST25TA02KB"); - break; + return "ST25TA02KB"; case 0xE4: - sprintf(s, "ST25TA512B"); - break; + return "ST25TA512B"; case 0xA3: - sprintf(s, "ST25TA02KB-P"); - break; + return "ST25TA02KB-P"; case 0xF3: - sprintf(s, "ST25TA02KB-D"); - break; - default : - sprintf(s, "Unknown"); - break; + return "ST25TA02KB-D"; + default: + return "Unknown"; } - return s; } /* // print UID info from SRx chips (ST Microelectronics) diff --git a/client/src/cmdhfst.h b/client/src/cmdhfst.h index 4cf250076..2e8c3862e 100644 --- a/client/src/cmdhfst.h +++ b/client/src/cmdhfst.h @@ -21,6 +21,6 @@ #include "common.h" -char *get_st_chip_model(uint8_t pc); +const char *get_st_chip_model(uint8_t pc); #endif