RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-12-31 04:39:49 +08:00
Code Issues Projects Releases Packages Wiki Activity

chg: enforce stricter limit checks for available pwds in flash mem

Browse source
This commit is contained in:
iceman1001 2020-05-13 13:26:02 +02:00
parent e2671d5b50
commit 6e7a8e1bfc
1 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
armsrc/lfops.c
View file

@ -2030,7 +2030,7 @@ void T55xx_ChkPwds(uint8_t flags) {
Dbprintf("[=] Baseline determined [%u]", baseline);
uint8_t *pwds = BigBuf_get_EM_addr();
uint16_t pwdCount = 0;
uint16_t pwd_count = 0;
uint32_t candidate = 0;
#ifdef WITH_FLASH
@ -2041,20 +2041,27 @@ void T55xx_ChkPwds(uint8_t flags) {
if (isok != sizeof(counter))
goto OUT;
pwdCount = (uint16_t)(counter[1] << 8 | counter[0]);
pwd_count = (uint16_t)(counter[1] << 8 | counter[0]);
if (pwd_count == 0)
goto OUT;
// since flash can report way too many pwds, we need to limit it.
// bigbuff EM size is determined by CARD_MEMORY_SIZE
// a password is 4bytes.
uint16_t pwd_size_available = MIN(CARD_MEMORY_SIZE, pwd_count * 4);
// adjust available pwd_count
pwd_count = pwd_size_available / 4;
if (pwdCount == 0 || pwdCount == 0xFFFF)
isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET + 2, pwds, pwd_size_available);
if (isok != pwd_size_available)
goto OUT;
isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET + 2, pwds, pwdCount * 4);
if (isok != pwdCount * 4)
goto OUT;
Dbprintf("[=] Password dictionary count %d ", pwdCount);
Dbprintf("[=] Password dictionary count %d ", pwd_count);
#endif
uint32_t pwd = 0, curr = 0, prev = 0;
for (uint16_t i = 0; i < pwdCount; ++i) {
for (uint16_t i = 0; i < pwd_count; ++i) {
if (BUTTON_PRESS() && !data_available()) {
goto OUT;