diff --git a/client/cmdcrc.c b/client/cmdcrc.c index a9bcdc878..fc0b80312 100644 --- a/client/cmdcrc.c +++ b/client/cmdcrc.c @@ -358,6 +358,30 @@ int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *res pfree(&apoly); return 1; } + +//test call to RunModel +int CmdrevengTestC(const char *Cmd){ + int cmdp = 0; + char inModel[30] = {0x00}; + char inHexStr[30] = {0x00}; + char result[30]; + int dataLen; + char endian = 0; + dataLen = param_getstr(Cmd, cmdp++, inModel, sizeof(inModel)); + if (dataLen < 4) return 0; + dataLen = param_getstr(Cmd, cmdp++, inHexStr, sizeof(inHexStr)); + if (dataLen < 4) return 0; + bool reverse = (param_get8(Cmd, cmdp++)) ? true : false; + endian = param_getchar(Cmd, cmdp++); + + //PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse); + int ans = RunModel(inModel, inHexStr, reverse, endian, result); + if (!ans) return 0; + + PrintAndLog("Result: %s",result); + return 1; +} + //returns a calloced string (needs to be freed) char *SwapEndianStr(const char *inStr, const size_t len, const uint8_t blockSize){ char *tmp = calloc(len+1, sizeof(char)); @@ -373,7 +397,7 @@ char *SwapEndianStr(const char *inStr, const size_t len, const uint8_t blockSize // takes hex string in and searches for a matching result (hex string must include checksum) int CmdrevengSearch(const char *Cmd){ char inHexStr[50] = {0x00}; - int dataLen = param_getstr(Cmd, 0, inHexStr); + int dataLen = param_getstr(Cmd, 0, inHexStr, sizeof(inHexStr)); if (dataLen < 4) return 0; char *Models[102]; diff --git a/client/cmdhf.c b/client/cmdhf.c index 8051ac463..c41e6bab7 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -924,7 +924,7 @@ int CmdHFList(const char *Cmd) { return usage_hf_list(); } - param_getstr(Cmd,0,type); + param_getstr(Cmd, 0, type, sizeof(type) ); // validate type of output if (strcmp(type, "iclass") == 0) protocol = ICLASS; diff --git a/client/cmdhf15.c b/client/cmdhf15.c index 50735a93c..6df289a77 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -650,7 +650,7 @@ int CmdHF15Dump(const char*Cmd) { return usage_15_dump(); case 'f': case 'F': - fileNameLen = param_getstr(Cmd, cmdp+1, filename); + fileNameLen = param_getstr(Cmd, cmdp+1, filename, FILE_PATH_SIZE); if (fileNameLen < 1) { PrintAndLog("Using UID as filename"); diff --git a/client/cmdhfemv.c b/client/cmdhfemv.c index 5385569a0..70b77ce43 100644 --- a/client/cmdhfemv.c +++ b/client/cmdhfemv.c @@ -207,7 +207,7 @@ int CmdHfEmvELoad(const char *Cmd) { return usage_hf_emv_eload(); case 'o': case 'O': - len = param_getstr(Cmd, cmdp+1, filename); + len = param_getstr(Cmd, cmdp+1, filename, FILE_PATH_SIZE); if (!len) errors = true; if (len > FILE_PATH_SIZE-5) diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c index 643a7b744..a1f5a69ed 100644 --- a/client/cmdhffelica.c +++ b/client/cmdhffelica.c @@ -289,14 +289,14 @@ uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) { PrintAndLog( "Memory Configuration (MC):"); PrintAndLog( "MAC needed to write state: %s", trace[3+12]? "on" : "off"); //order might be off here... - PrintAndLog("Write with MAC for S_PAD : %s ", sprint_bin(trace+3+10, 2) ); - PrintAndLog("Write with AUTH for S_PAD : %s ", sprint_bin(trace+3+8, 2) ); - PrintAndLog("Read after AUTH for S_PAD : %s ", sprint_bin(trace+3+6, 2) ); + PrintAndLog( "Write with MAC for S_PAD : %s ", sprint_bin(trace+3+10, 2) ); + PrintAndLog( "Write with AUTH for S_PAD : %s ", sprint_bin(trace+3+8, 2) ); + PrintAndLog( "Read after AUTH for S_PAD : %s ", sprint_bin(trace+3+6, 2) ); PrintAndLog( "MAC needed to write CK and CKV: %s", trace[3+5] ? "on" : "off"); PrintAndLog( "RF parameter: %02x", (trace[3+4] & 0x7) ); PrintAndLog( "Compatible with NDEF: %s", trace[3+3] ? "yes" : "no"); PrintAndLog( "Memory config writable : %s", (trace[3+2] == 0xff) ? "yes" : "no"); - PrintAndLog("RW access for S_PAD : %s ", sprint_bin(trace+3, 2) ); + PrintAndLog( "RW access for S_PAD : %s ", sprint_bin(trace+3, 2) ); } break; case 0x90: { @@ -307,16 +307,14 @@ uint16_t PrintFliteBlock(uint16_t tracepos, uint8_t *trace,uint16_t tracelen) { PrintAndLog( "MAC_A, RW (auth): %s ", line); } break; - case 0x92: { + case 0x92: PrintAndLog( "State:"); PrintAndLog( "Polling disabled: %s", trace[3+8] ? "yes" : "no"); PrintAndLog( "Authenticated: %s", trace[3] ? "yes" : "no"); - } - break; - case 0xa0: { + break; + case 0xa0: PrintAndLog( "CRC of all bloacks match : %s", (trace[3+2]==0xff) ? "no" : "yes"); - } - break; + break; default: PrintAndLog( "INVALID %d: %s", blocknum, line); break; diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 4fe6e3431..c15dd16f7 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -543,13 +543,13 @@ int CmdHFiClassELoad(const char *Cmd) { //File handling and reading FILE *f; char filename[FILE_PATH_SIZE]; - if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) { + if (opt == 'f' && param_getstr(Cmd, 1, filename, sizeof(filename)) > 0) { f = fopen(filename, "rb"); } else { return usage_hf_iclass_eload(); } - if(!f) { + if (!f) { PrintAndLog("Failed to read from file '%s'", filename); return 1; } @@ -632,7 +632,7 @@ int CmdHFiClassDecrypt(const char *Cmd) { //Open the tagdump-file FILE *f; char filename[FILE_PATH_SIZE]; - if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) { + if(opt == 'f' && param_getstr(Cmd, 1, filename, sizeof(filename)) > 0) { f = fopen(filename, "rb"); if (!f) { PrintAndLog("Could not find file %s", filename); @@ -846,7 +846,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { case 'c': case 'C': have_credit_key = true; - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { errors = param_gethex(tempStr, 0, CreditKEY, dataLen); } else if (dataLen == 1) { @@ -870,7 +870,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { break; case 'f': case 'F': - fileNameLen = param_getstr(Cmd, cmdp+1, filename); + fileNameLen = param_getstr(Cmd, cmdp+1, filename, sizeof(filename)); if (fileNameLen < 1) { PrintAndLog("No filename found after f"); errors = true; @@ -880,7 +880,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { case 'k': case 'K': have_debit_key = true; - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { @@ -923,7 +923,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { SendCommand(&c); if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) { PrintAndLog("Command execute timeout"); - ul_switch_off_field(); + DropField(); return 0; } uint8_t readStatus = resp.arg[0] & 0xff; @@ -931,7 +931,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { if(readStatus == 0){ PrintAndLog("No tag found..."); - ul_switch_off_field(); + DropField(); return 0; } @@ -943,13 +943,12 @@ int CmdHFiClassReader_Dump(const char *Cmd) { // large memory - not able to dump pages currently if (numblks > maxBlk) numblks = maxBlk; } - - ul_switch_off_field(); + DropField(); // authenticate debit key and get div_key - later store in dump block 3 if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){ //try twice - for some reason it sometimes fails the first time... if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){ - ul_switch_off_field(); + DropField(); return 0; } } @@ -960,14 +959,14 @@ int CmdHFiClassReader_Dump(const char *Cmd) { SendCommand(&w); if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) { PrintAndLog("Command execute time-out 1"); - ul_switch_off_field(); + DropField(); return 1; } uint32_t blocksRead = resp.arg[1]; uint8_t isOK = resp.arg[0] & 0xff; if (!isOK && !blocksRead) { PrintAndLog("Read Block Failed"); - ul_switch_off_field(); + DropField(); return 0; } uint32_t startindex = resp.arg[2]; @@ -983,13 +982,13 @@ int CmdHFiClassReader_Dump(const char *Cmd) { // try AA2 if (have_credit_key) { //turn off hf field before authenticating with different key - ul_switch_off_field(); + DropField(); memset(MAC,0,4); // AA2 authenticate credit key and git c_div_key - later store in dump block 4 if (!select_and_auth(CreditKEY, MAC, c_div_key, true, elite, rawkey, false)){ //try twice - for some reason it sometimes fails the first time... if (!select_and_auth(CreditKEY, MAC, c_div_key, true, elite, rawkey, false)){ - ul_switch_off_field(); + DropField(); return 0; } } @@ -1002,14 +1001,14 @@ int CmdHFiClassReader_Dump(const char *Cmd) { SendCommand(&w); if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) { PrintAndLog("Command execute timeout 2"); - ul_switch_off_field(); + DropField(); return 0; } uint8_t isOK = resp.arg[0] & 0xff; blocksRead = resp.arg[1]; if (!isOK && !blocksRead) { PrintAndLog("Read Block Failed 2"); - ul_switch_off_field(); + DropField(); return 0; } @@ -1024,7 +1023,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { gotBytes += blocksRead*8; } else { //field is still on - turn it off... - ul_switch_off_field(); + DropField(); } } @@ -1122,7 +1121,7 @@ int CmdHFiClass_WriteBlock(const char *Cmd) { break; case 'k': case 'K': - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { @@ -1153,7 +1152,7 @@ int CmdHFiClass_WriteBlock(const char *Cmd) { if (errors || cmdp < 6) return usage_hf_iclass_writeblock(); int ans = WriteBlock(blockno, bldata, KEY, use_credit_key, elite, rawkey, true); - ul_switch_off_field(); + DropField(); return ans; } @@ -1196,7 +1195,7 @@ int CmdHFiClassCloneTag(const char *Cmd) { break; case 'f': case 'F': - fileNameLen = param_getstr(Cmd, cmdp+1, filename); + fileNameLen = param_getstr(Cmd, cmdp+1, filename, sizeof(filename)); if (fileNameLen < 1) { PrintAndLog("No filename found after f"); errors = true; @@ -1205,7 +1204,7 @@ int CmdHFiClassCloneTag(const char *Cmd) { break; case 'k': case 'K': - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { @@ -1384,7 +1383,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { case 'k': case 'K': auth = true; - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { @@ -1428,7 +1427,7 @@ int CmdHFiClass_loclass(const char *Cmd) { char fileName[FILE_PATH_SIZE] = {0}; if (opt == 'f') { - if(param_getstr(Cmd, 1, fileName) > 0) { + if (param_getstr(Cmd, 1, fileName, sizeof(fileName)) > 0) { return bruteforceFileNoKeys(fileName); } else { PrintAndLog("You must specify a filename"); @@ -1486,15 +1485,15 @@ int CmdHFiClassReadTagFile(const char *Cmd) { char tempnum[5]; FILE *f; char filename[FILE_PATH_SIZE]; - if (param_getstr(Cmd, 0, filename) < 1) + if (param_getstr(Cmd, 0, filename, sizeof(filename)) < 1) return usage_hf_iclass_readtagfile(); - if (param_getstr(Cmd,1,(char *)&tempnum) < 1) + if (param_getstr(Cmd, 1, tempnum, sizeof(tempnum)) < 1) startblock = 0; else sscanf(tempnum,"%d",&startblock); - if (param_getstr(Cmd,2,(char *)&tempnum) < 1) + if (param_getstr(Cmd,2, tempnum, sizeof(tempnum)) < 1) endblock = 0; else sscanf(tempnum,"%d",&endblock); @@ -1588,7 +1587,7 @@ int CmdHFiClassCalcNewKey(const char *Cmd) { return usage_hf_iclass_calc_newkey(); case 'e': case 'E': - dataLen = param_getstr(Cmd, cmdp, tempStr); + dataLen = param_getstr(Cmd, cmdp, tempStr, sizeof(tempStr)); if (dataLen==2) oldElite = true; elite = true; @@ -1596,7 +1595,7 @@ int CmdHFiClassCalcNewKey(const char *Cmd) { break; case 'n': case 'N': - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { errors = param_gethex(tempStr, 0, NEWKEY, dataLen); } else if (dataLen == 1) { @@ -1615,7 +1614,7 @@ int CmdHFiClassCalcNewKey(const char *Cmd) { break; case 'o': case 'O': - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { errors = param_gethex(tempStr, 0, OLDKEY, dataLen); } else if (dataLen == 1) { @@ -1733,7 +1732,7 @@ int CmdHFiClassManageKeys(const char *Cmd) { return usage_hf_iclass_managekeys(); case 'f': case 'F': - fileNameLen = param_getstr(Cmd, cmdp+1, filename); + fileNameLen = param_getstr(Cmd, cmdp+1, filename, sizeof(filename)); if (fileNameLen < 1) { PrintAndLog("No filename found after f"); errors = true; @@ -1752,7 +1751,7 @@ int CmdHFiClassManageKeys(const char *Cmd) { case 'k': case 'K': operation += 3; //set key - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 16) { //ul-c or ev1/ntag key length errors = param_gethex(tempStr, 0, KEY, dataLen); } else { @@ -1819,7 +1818,7 @@ static command_t CommandTable[] = { {"loclass", CmdHFiClass_loclass, 1, "[options..] Use loclass to perform bruteforce of reader attack dump"}, {"managekeys", CmdHFiClassManageKeys, 1, "[options..] Manage the keys to use with iClass"}, {"readblk", CmdHFiClass_ReadBlock, 0, "[options..] Authenticate and Read iClass block"}, - {"reader", CmdHFiClassReader, 0, "Act like an iClass reader"}, + {"reader", CmdHFiClassReader, 0, " Act like an iClass reader"}, {"readtagfile", CmdHFiClassReadTagFile, 1, "[options..] Display Content from tagfile"}, {"replay", CmdHFiClassReader_Replay, 0, " Read an iClass tag via Reply Attack"}, {"sim", CmdHFiClassSim, 0, "[options..] Simulate iClass tag"}, diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 853383b23..d1769c110 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -869,7 +869,7 @@ int CmdLegicDump(const char *Cmd){ return usage_legic_dump(); case 'o': case 'O': - fileNlen = param_getstr(Cmd, cmdp+1, filename); + fileNlen = param_getstr(Cmd, cmdp+1, filename, FILE_PATH_SIZE); if (!fileNlen) errors = true; if (fileNlen > FILE_PATH_SIZE-5) @@ -970,7 +970,7 @@ int CmdLegicRestore(const char *Cmd){ break; case 'i': case 'I': - fileNlen = param_getstr(Cmd, cmdp+1, filename); + fileNlen = param_getstr(Cmd, cmdp+1, filename, FILE_PATH_SIZE); if (!fileNlen) errors = true; @@ -1099,7 +1099,7 @@ int CmdLegicELoad(const char *Cmd) { memset(data, 0, numofbytes); // set up file - len = param_getstr(Cmd, nameParamNo, filename); + len = param_getstr(Cmd, nameParamNo, filename, FILE_PATH_SIZE); if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; fnameptr += len; @@ -1154,7 +1154,7 @@ int CmdLegicESave(const char *Cmd) { default : numofbytes = 256; nameParamNo = 0; break; } - fileNlen = param_getstr(Cmd, nameParamNo, filename); + fileNlen = param_getstr(Cmd, nameParamNo, filename, FILE_PATH_SIZE); if (fileNlen > FILE_PATH_SIZE - 5) fileNlen = FILE_PATH_SIZE - 5; diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 55db2526a..8dd59f16a 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1256,7 +1256,7 @@ int CmdHF14AMfChk_fast(const char *Cmd) { keycnt++; } else { // May be a dic file - if ( param_getstr(Cmd, 1 + i,filename) >= FILE_PATH_SIZE ) { + if ( param_getstr(Cmd, 1 + i, filename, FILE_PATH_SIZE) >= FILE_PATH_SIZE ) { PrintAndLog("File name too long"); free(keyBlock); return 2; @@ -1525,7 +1525,7 @@ int CmdHF14AMfChk(const char *Cmd) { keycnt++; } else { // May be a dic file - if ( param_getstr(Cmd, 2 + i,filename) >= FILE_PATH_SIZE ) { + if ( param_getstr(Cmd, 2 + i, filename, sizeof(filename)) >= FILE_PATH_SIZE ) { PrintAndLog("File name too long"); free(keyBlock); return 2; @@ -2184,7 +2184,7 @@ int CmdHF14AMfELoad(const char *Cmd) { uint32_t numblk2 = param_get32ex(Cmd,2,0,10); if (numblk2 > 0) numBlocks = numblk2; - len = param_getstr(Cmd, nameParamNo, filename); + len = param_getstr(Cmd, nameParamNo, filename, sizeof(filename)); if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; @@ -2272,7 +2272,7 @@ int CmdHF14AMfESave(const char *Cmd) { } } - len = param_getstr(Cmd, nameParamNo, filename); + len = param_getstr(Cmd, nameParamNo, filename, sizeof(filename)); if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; @@ -2679,8 +2679,8 @@ int CmdHF14AMfCSave(const char *Cmd) { case 'o': case 'O': // input file - len = param_getstr(Cmd, cmdp+1, filename[0]); - len = param_getstr(Cmd, cmdp+1, filename[1]); + len = param_getstr(Cmd, cmdp+1, filename[0], FILE_PATH_SIZE); + len = param_getstr(Cmd, cmdp+1, filename[1], FILE_PATH_SIZE); if (len < 1) { errors = true; diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index 77296c22f..e1e78f804 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -214,9 +214,10 @@ static int ul_select( iso14a_card_select_t *card ){ UsbCommand resp; bool ans = false; ans = WaitForResponseTimeout(CMD_ACK, &resp, 1500); + if (!ans || resp.arg[0] < 1) { PrintAndLog("iso14443a card select failed"); - ul_switch_off_field(); + DropField(); return 0; } @@ -293,7 +294,7 @@ static int ul_auth_select( iso14a_card_select_t *card, TagTypeUL_t tagtype, bool if (hasAuthKey) { if ( ulev1_requestAuthentication(authkey, pack, packSize) == -1 ) { - ul_switch_off_field(); + DropField(); PrintAndLog("Error: Authentication Failed UL-EV1/NTAG"); return 0; } @@ -303,7 +304,6 @@ static int ul_auth_select( iso14a_card_select_t *card, TagTypeUL_t tagtype, bool } static int ulev1_getVersion( uint8_t *response, uint16_t responseLength ){ - uint8_t cmd[] = {MIFARE_ULEV1_VERSION}; int len = ul_send_cmd_raw(cmd, sizeof(cmd), response, responseLength); return len; @@ -619,7 +619,7 @@ static int ulc_magic_test(){ } else { returnValue = UL; } - ul_switch_off_field(); + DropField(); return returnValue; } */ @@ -632,7 +632,7 @@ static int ul_magic_test(){ if ( !ul_select(&card) ) return UL_ERROR; int status = ul_comp_write(0, NULL, 0); - ul_switch_off_field(); + DropField(); if ( status == 0 ) return MAGIC; return 0; @@ -651,14 +651,14 @@ uint32_t GetHF14AMfU_Type(void){ // Ultralight - ATQA / SAK if ( card.atqa[1] != 0x00 || card.atqa[0] != 0x44 || card.sak != 0x00 ) { //PrintAndLog("Tag is not Ultralight | NTAG | MY-D [ATQA: %02X %02X SAK: %02X]\n", card.atqa[1], card.atqa[0], card.sak); - ul_switch_off_field(); + DropField(); return UL_ERROR; } if ( card.uid[0] != 0x05) { len = ulev1_getVersion(version, sizeof(version)); - ul_switch_off_field(); + DropField(); switch (len) { case 0x0A: { @@ -702,7 +702,7 @@ uint32_t GetHF14AMfU_Type(void){ // do UL_C check first... uint8_t nonce[11] = {0x00}; status = ulc_requestAuthentication(nonce, sizeof(nonce)); - ul_switch_off_field(); + DropField(); if (status > 1) { tagtype = UL_C; } else { @@ -723,15 +723,15 @@ uint32_t GetHF14AMfU_Type(void){ tagtype = UNKNOWN; } } - ul_switch_off_field(); + DropField(); } } if (tagtype & UL) { tagtype = ul_fudan_check(); - ul_switch_off_field(); + DropField(); } } else { - ul_switch_off_field(); + DropField(); // Infinition MY-D tests Exam high nibble uint8_t nib = (card.uid[1] & 0xf0) >> 4; switch ( nib ){ @@ -775,7 +775,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ return usage_hf_mfu_info(); case 'k': case 'K': - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 32 || dataLen == 8) { //ul-c or ev1/ntag key length errors = param_gethex(tempStr, 0, authenticationkey, dataLen); dataLen /= 2; // handled as bytes from now on @@ -815,7 +815,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ // read pages 0,1,2,3 (should read 4pages) status = ul_read(0, data, sizeof(data)); if ( status == -1 ) { - ul_switch_off_field(); + DropField(); PrintAndLog("Error: tag didn't answer to READ"); return status; } else if (status == 16) { @@ -833,7 +833,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ status = ul_read(0x28, ulc_conf, sizeof(ulc_conf)); if ( status == -1 ){ PrintAndLog("Error: tag didn't answer to READ UL-C"); - ul_switch_off_field(); + DropField(); return status; } if (status == 16) ulc_print_configuration(ulc_conf); @@ -844,14 +844,14 @@ int CmdHF14AMfUInfo(const char *Cmd){ uint8_t ulc_deskey[16] = {0x00}; status = ul_read(0x2C, ulc_deskey, sizeof(ulc_deskey)); if ( status == -1 ) { - ul_switch_off_field(); + DropField(); PrintAndLog("Error: tag didn't answer to READ magic"); return status; } if (status == 16) ulc_print_3deskey(ulc_deskey); } else { - ul_switch_off_field(); + DropField(); // if we called info with key, just return if ( hasAuthKey ) return 1; @@ -887,7 +887,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ status = ulev1_readSignature( ulev1_signature, sizeof(ulev1_signature)); if ( status == -1 ) { PrintAndLog("Error: tag didn't answer to READ SIGNATURE"); - ul_switch_off_field(); + DropField(); return status; } if (status == 32) ulev1_print_signature( ulev1_signature, sizeof(ulev1_signature)); @@ -903,7 +903,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ status = ulev1_getVersion(version, sizeof(version)); if ( status == -1 ) { PrintAndLog("Error: tag didn't answer to GETVERSION"); - ul_switch_off_field(); + DropField(); return status; } else if (status == 10) { ulev1_print_version(version); @@ -923,7 +923,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ status = ul_read(startconfigblock, ulev1_conf, sizeof(ulev1_conf)); if ( status == -1 ) { PrintAndLog("Error: tag didn't answer to READ EV1"); - ul_switch_off_field(); + DropField(); return status; } else if (status == 16) { // save AUTHENTICATION LIMITS for later: @@ -978,7 +978,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ } } - ul_switch_off_field(); + DropField(); if (locked) PrintAndLog("\nTag appears to be locked, try using the key to get more info"); PrintAndLog(""); return 1; @@ -1529,7 +1529,7 @@ int CmdHF14AMfUDump(const char *Cmd){ return usage_hf_mfu_dump(); case 'k': case 'K': - dataLen = param_getstr(Cmd, cmdp+1, tempStr); + dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (dataLen == 32 || dataLen == 8) { //ul-c or ev1/ntag key length errors = param_gethex(tempStr, 0, authenticationkey, dataLen); dataLen /= 2; @@ -1547,7 +1547,7 @@ int CmdHF14AMfUDump(const char *Cmd){ break; case 'n': case 'N': - fileNlen = param_getstr(Cmd, cmdp+1, filename); + fileNlen = param_getstr(Cmd, cmdp+1, filename, sizeof(filename)); if (!fileNlen) errors = true; if (fileNlen > FILE_PATH_SIZE-5) fileNlen = FILE_PATH_SIZE-5; cmdp += 2; @@ -1639,7 +1639,7 @@ int CmdHF14AMfUDump(const char *Cmd){ get_pack[0]=0; get_pack[1]=0; } - ul_switch_off_field(); + DropField(); // add pack to block read memcpy(data + (Pages*4) - 4, get_pack, sizeof(get_pack)); @@ -1654,14 +1654,14 @@ int CmdHF14AMfUDump(const char *Cmd){ ulev1_readCounter(i, get_counter, sizeof(get_counter) ); } - ul_switch_off_field(); + DropField(); if ( hasAuthKey ) ul_auth_select( &card, tagtype, hasAuthKey, authKeyPtr, dummy_pack, sizeof(dummy_pack)); else ul_select(&card); ulev1_readSignature( get_signature, sizeof(get_signature)); - ul_switch_off_field(); + DropField(); } // format and add keys to block dump output @@ -1749,7 +1749,7 @@ int CmdHF14AMfURestore(const char *Cmd){ return usage_hf_mfu_restore(); case 'k': case 'K': - keylen = param_getstr(Cmd, cmdp+1, tempStr); + keylen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr)); if (keylen == 32 || keylen == 8) { //ul-c or ev1/ntag key length errors = param_gethex(tempStr, 0, authkey, keylen); keylen /= 2; @@ -1767,7 +1767,7 @@ int CmdHF14AMfURestore(const char *Cmd){ break; case 'f': case 'F': - filelen = param_getstr(Cmd, cmdp+1, filename); + filelen = param_getstr(Cmd, cmdp+1, filename, FILE_PATH_SIZE); if (filelen > FILE_PATH_SIZE-5) filelen = FILE_PATH_SIZE-5; @@ -1948,7 +1948,7 @@ int CmdHF14AMfURestore(const char *Cmd){ } } - ul_switch_off_field(); + DropField(); free(dump); return 0; } diff --git a/client/cmdlf.c b/client/cmdlf.c index 0b3930620..e872097a3 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -161,7 +161,7 @@ int CmdLFCommandRead(const char *Cmd) { cmdp++; break; case 'c': - param_getstr(Cmd, cmdp+1, (char *)&c.d.asBytes); + param_getstr(Cmd, cmdp+1, (char *)&c.d.asBytes, sizeof(c.d.asBytes)); cmdp+=2; break; case 'd': @@ -452,7 +452,7 @@ int CmdLFfskSim(const char *Cmd) { // otherwise will need FChigh, FClow, Clock, and bitstream uint8_t fcHigh = 0, fcLow = 0, clk = 0; bool errors = false, separator = false; - char hexData[32] = {0x00}; // store entered hex data + char hexData[64] = {0x00}; // store entered hex data uint8_t data[255] = {0x00}; int dataLen = 0; uint8_t cmdp = 0; @@ -478,7 +478,7 @@ int CmdLFfskSim(const char *Cmd) { cmdp++; break; case 'd': - dataLen = param_getstr(Cmd, cmdp+1, hexData); + dataLen = param_getstr(Cmd, cmdp+1, hexData, sizeof(hexData)); if (dataLen == 0) errors = true; else @@ -545,7 +545,7 @@ int CmdLFaskSim(const char *Cmd) { // needs clock, invert, manchester/raw as m or r, separator as s, and bitstream uint8_t encoding = 1, separator = 0, clk = 0, invert = 0; bool errors = false; - char hexData[32] = {0x00}; + char hexData[64] = {0x00}; uint8_t data[255]= {0x00}; // store entered hex data int dataLen = 0; uint8_t cmdp = 0; @@ -579,7 +579,7 @@ int CmdLFaskSim(const char *Cmd) { cmdp++; break; case 'd': - dataLen = param_getstr(Cmd, cmdp+1, hexData); + dataLen = param_getstr(Cmd, cmdp+1, hexData, sizeof(hexData)); if (dataLen == 0) errors = true; else @@ -639,7 +639,7 @@ int CmdLFpskSim(const char *Cmd) { uint8_t carrier=0, clk=0; uint8_t invert=0; bool errors = false; - char hexData[32] = {0x00}; // store entered hex data + char hexData[64] = {0x00}; // store entered hex data uint8_t data[255] = {0x00}; int dataLen = 0; uint8_t cmdp = 0; @@ -674,7 +674,7 @@ int CmdLFpskSim(const char *Cmd) { cmdp++; break; case 'd': - dataLen = param_getstr(Cmd, cmdp+1, hexData); + dataLen = param_getstr(Cmd, cmdp+1, hexData, sizeof(hexData)); if (dataLen == 0) errors = true; else diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 719bd5304..b0f4d06e2 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -484,7 +484,7 @@ int CmdEM410xBrute(const char *Cmd) { delay = param_get32ex(Cmd, 4, 1000, 10); } - param_getstr(Cmd, 0, filename); + param_getstr(Cmd, 0, filename, FILE_PATH_SIZE); if (strlen(filename) == 0) { PrintAndLog("Error: Please specify a filename"); diff --git a/client/cmdlfpresco.c b/client/cmdlfpresco.c index c4906b8d6..2f315013e 100644 --- a/client/cmdlfpresco.c +++ b/client/cmdlfpresco.c @@ -73,7 +73,7 @@ int GetWiegandFromPresco(const char *Cmd, uint32_t *sitecode, uint32_t *usercode case 'D': case 'd': //param get string int param_getstr(const char *line, int paramnum, char * str) - stringlen = param_getstr(Cmd, cmdp+1, id); + stringlen = param_getstr(Cmd, cmdp+1, id, sizeof(id)); if (stringlen < 2) return -1; cmdp += 2; break; diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 663a6216e..70b8910cc 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -225,7 +225,7 @@ int CmdT55xxSetConfig(const char *Cmd) { cmdp+=2; break; case 'd': - param_getstr(Cmd, cmdp+1, modulation); + param_getstr(Cmd, cmdp+1, modulation, sizeof(modulation)); cmdp += 2; if ( strcmp(modulation, "FSK" ) == 0) { diff --git a/client/util.c b/client/util.c index 05ed8f18e..913cb1e80 100644 --- a/client/util.c +++ b/client/util.c @@ -540,10 +540,19 @@ int param_gethex_to_eol(const char *line, int paramnum, uint8_t * data, int maxd return 0; } -int param_getstr(const char *line, int paramnum, char * str) +int param_getstr(const char *line, int paramnum, char * str, size_t buffersize) { int bg, en; - if (param_getptr(line, &bg, &en, paramnum)) return 0; + + if (param_getptr(line, &bg, &en, paramnum)) { + return 0; + } + + // Prevent out of bounds errors + if (en - bg + 1 >= buffersize) { + printf("out of bounds error: want %d bytes have %u bytes\n", en - bg + 1 + 1, buffersize); + return 0; + } memcpy(str, line + bg, en - bg + 1); str[en - bg + 1] = 0; @@ -560,6 +569,7 @@ https://github.com/ApertureLabsLtd/RFIDler/blob/master/firmware/Pic32/RFIDler.X/ int hextobinarray(char *target, char *source) { int length, i, count= 0; + char* start = source; char x; length = strlen(source); @@ -575,8 +585,10 @@ int hextobinarray(char *target, char *source) x -= '0'; else if (x >= 'A' && x <= 'F') x -= 'A' - 10; - else + else { + printf("Discovered unknown character %c %d at idx %d of %s\n", x, x, source - start, start); return 0; + } // output for(i= 0 ; i < 4 ; ++i, ++count) *(target++)= (x >> (3 - i)) & 1; diff --git a/client/util.h b/client/util.h index 137c57b90..92ab041ab 100644 --- a/client/util.h +++ b/client/util.h @@ -125,7 +125,7 @@ extern uint8_t param_isdec(const char *line, int paramnum); extern int param_gethex(const char *line, int paramnum, uint8_t * data, int hexcnt); extern int param_gethex_ex(const char *line, int paramnum, uint8_t * data, int *hexcnt); extern int param_gethex_to_eol(const char *line, int paramnum, uint8_t * data, int maxdatalen, int *datalen); -extern int param_getstr(const char *line, int paramnum, char * str); +extern int param_getstr(const char *line, int paramnum, char * str, size_t buffersize); extern int hextobinarray( char *target, char *source); extern int hextobinstring( char *target, char *source);