RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-03 19:43:09 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: 'hf snoop' - buffer overflow (@satuoni)

Browse source
This commit is contained in:
iceman1001 2017-10-08 14:56:04 +02:00
parent feea1a45d9
commit 674db8d5ac
3 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
armsrc/BigBuf.c
View file

@ -124,7 +124,10 @@ uint16_t BigBuf_max_traceLen(void)
void clear_trace() {
traceLen = 0;
}
void set_tracelen(uint16_t tl)
{
traceLen=tl;
}
void set_tracing(bool enable) {
tracing = enable;
}

1
armsrc/BigBuf.h
View file

@ -39,6 +39,7 @@ extern void BigBuf_print_status(void);
extern uint16_t BigBuf_get_traceLen(void);
extern void clear_trace(void);
extern void set_tracing(bool enable);
extern void set_tracelen(uint16_t tl);
extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader);
extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);

14
armsrc/hfsnoop.c
View file

@ -2,6 +2,7 @@
#include "apps.h"
#include "BigBuf.h"
#include "util.h"
#include "usb_cdc.h" // for usb_poll_validate_length
static void RAMFUNC optimizedSnoop(void);
@ -10,7 +11,7 @@ static void RAMFUNC optimizedSnoop(void)
int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
uint16_t *dest = (uint16_t *)BigBuf_get_addr();
uint16_t *destend = dest + n;
uint16_t *destend = dest + n-1;
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
// Reading data loop
@ -24,6 +25,8 @@ static void RAMFUNC optimizedSnoop(void)
}
//Resetting Frame mode (First set in fpgaloader.c)
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
//setting tracelen - importsnt! it was set by buffer overflow before
set_tracelen( BigBuf_max_traceLen());
}
void HfSnoop(int samplesToSkip, int triggersToSkip)
@ -41,7 +44,7 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
// connect Demodulated Signal to ADC:
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
SpinDelay(50);
SpinDelay(100);
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
@ -52,15 +55,12 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
r = MAX(r & 0xff, r >> 8);
if (r >= 240)
{
if (++trigger_cnt > triggersToSkip) {
if (r >= 180) {
if (++trigger_cnt > triggersToSkip)
break;
}
}
}
}
if(!BUTTON_PRESS()) {
int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0