RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-06 13:03:19 +08:00
Code Issues Projects Releases Packages Wiki Activity

FIXED: Merged all Holimans code-review issues which should fix a lot of memoryleaks.

Browse source
This commit is contained in:
iceman1001 2014-10-30 00:09:01 +01:00
parent 7c756d6892
commit a61b4976bd
18 changed files with 142 additions and 137 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
armsrc/appmain.c
View file

@ -674,7 +674,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
case CMD_SIMULATE_TAG_125K:
LED_A_ON();
SimulateTagLowFrequency(c->arg[0], c->arg[1], 1);
SimulateTagLowFrequency(c->arg[0], c->arg[1], 0);
LED_A_OFF();
break;
case CMD_LF_SIMULATE_BIDIR:

2
armsrc/epa.c
View file

@ -419,7 +419,7 @@ int EPA_Setup()
// return code
int return_code = 0;
// card UID
uint8_t uid[8];
uint8_t uid[10];
// card select information
iso14a_card_select_t card_select_info;
// power up the field

11
armsrc/iso14443a.c
View file

@ -1717,7 +1717,13 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
// http://www.nxp.com/documents/application_note/AN10927.pdf
memcpy(uid_resp, uid_resp + 1, 3);
// This was earlier:
//memcpy(uid_resp, uid_resp + 1, 3);
// But memcpy should not be used for overlapping arrays,
// and memmove appears to not be available in the arm build.
// So this has been replaced with a for-loop:
for(int xx = 0; xx < 3; xx++)
uid_resp[xx] = uid_resp[xx+1];
uid_resp_len = 3;
}
@ -1928,7 +1934,8 @@ void ReaderMifare(bool first_try)
uint8_t uid[10];
uint32_t cuid;
uint32_t nt, previous_nt;
uint32_t nt = 0;
uint32_t previous_nt = 0;
static uint32_t nt_attacked = 0;
byte_t par_list[8] = {0,0,0,0,0,0,0,0};
byte_t ks_list[8] = {0,0,0,0,0,0,0,0};

66
armsrc/lfops.c
View file

@ -17,6 +17,9 @@
#include "crapto1.h"
#include "mifareutil.h"
#define SHORT_COIL() LOW(GPIO_SSC_DOUT)
#define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
void LFSetupFPGAForADC(int divisor, bool lf_field)
{
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@ -56,10 +59,9 @@ void DoAcquisition125k_internal(int trigger_threshold, bool silent)
{
uint8_t *dest = mifare_get_bigbufptr();
int n = 24000;
int i;
int i = 0;
memset(dest, 0x00, n);
i = 0;
for(;;) {
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
AT91C_BASE_SSC->SSC_THR = 0x43;
@ -289,17 +291,17 @@ void WriteTIbyte(uint8_t b)
{
if (b&(1<<i)) {
// stop modulating antenna
LOW(GPIO_SSC_DOUT);
SHORT_COIL();
SpinDelayUs(1000);
// modulate antenna
HIGH(GPIO_SSC_DOUT);
OPEN_COIL();
SpinDelayUs(1000);
} else {
// stop modulating antenna
LOW(GPIO_SSC_DOUT);
SHORT_COIL();
SpinDelayUs(300);
// modulate antenna
HIGH(GPIO_SSC_DOUT);
OPEN_COIL();
SpinDelayUs(1700);
}
}
@ -449,7 +451,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc)
void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
{
int i;
int i = 0;
uint8_t *buff = (uint8_t *)BigBuf;
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@ -457,51 +459,48 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// Give it a bit of time for the resonant antenna to settle.
SpinDelay(150);
// Configure output and enable pin that is connected to the FPGA (for modulating)
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK;
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK;
#define SHORT_COIL() LOW(GPIO_SSC_DOUT)
#define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
// Give it a bit of time for the resonant antenna to settle.
SpinDelay(30);
i = 0;
for(;;) {
while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
if(BUTTON_PRESS()) {
DbpString("Stopped");
return;
}
WDT_HIT();
if(BUTTON_PRESS()) {
DbpString("Stopped at 0");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
return;
}
WDT_HIT();
}
if (ledcontrol)
LED_D_ON();
if(buff[i])
if ( buff[i] )
OPEN_COIL();
else
SHORT_COIL();
if (ledcontrol)
LED_D_OFF();
while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
if(BUTTON_PRESS()) {
DbpString("Stopped");
while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
if(BUTTON_PRESS()) {
DbpString("Stopped at 1");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
return;
}
WDT_HIT();
}
}
i++;
++i;
if(i == period) {
i = 0;
if (gap) {
// turn of modulation
SHORT_COIL();
SpinDelayUs(gap);
// wait
SpinDelay(gap);
}
}
}
@ -609,6 +608,7 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
if (ledcontrol)
LED_A_ON();
SimulateTagLowFrequency(n, 0, ledcontrol);
if (ledcontrol)
@ -793,8 +793,6 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
LFSetupFPGAForADC(0, true);
while(!BUTTON_PRESS()) {
WDT_HIT();
if (ledcontrol) LED_A_ON();

2
armsrc/util.c
View file

@ -265,7 +265,7 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers
{
struct version_information *v = (struct version_information*)version_information;
dst[0] = 0;
strncat(dst, prefix, len);
strncat(dst, prefix, len-1);
if(v->magic != VERSION_INFORMATION_MAGIC) {
strncat(dst, "Missing/Invalid version information", len - strlen(dst) - 1);
return;

16
client/cmddata.c
View file

@ -552,7 +552,7 @@ int CmdManchesterDemod(const char *Cmd)
/* But it does not work if compiling on WIndows: therefore we just allocate a */
/* large array */
uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
uint8_t BitStream[MAX_GRAPH_TRACE_LEN] = {0x00};
/* Detect high and lows */
for (i = 0; i < GraphTraceLen; i++)
@ -565,7 +565,6 @@ int CmdManchesterDemod(const char *Cmd)
/* Get our clock */
clock = GetClock(Cmd, high, 1);
int tolerance = clock/4;
/* Detect first transition */
@ -584,8 +583,6 @@ int CmdManchesterDemod(const char *Cmd)
}
}
PrintAndLog("Clock: %d", clock);
/* If we're not working with 1/0s, demod based off clock */
if (high != 1)
{
@ -723,11 +720,12 @@ int CmdManchesterDemod(const char *Cmd)
int CmdManchesterMod(const char *Cmd)
{
int i, j;
int clock;
int bit, lastbit, wave;
int clock = GetClock(Cmd, 0, 1);
int clock1 = GetT55x7Clock( GraphBuffer, GraphTraceLen, 0 );
PrintAndLog("MAN MOD CLOCKS: %d ice %d", clock,clock1);
/* Get our clock */
clock = GetClock(Cmd, 0, 1);
int half = (int)(clock/2);
wave = 0;
lastbit = 1;
@ -735,9 +733,9 @@ int CmdManchesterMod(const char *Cmd)
{
bit = GraphBuffer[i * clock] ^ 1;
for (j = 0; j < (int)(clock/2); j++)
for (j = 0; j < half; ++j)
GraphBuffer[(i * clock) + j] = bit ^ lastbit ^ wave;
for (j = (int)(clock/2); j < clock; j++)
for (j = half; j < clock; ++j)
GraphBuffer[(i * clock) + j] = bit ^ lastbit ^ wave ^ 1;
/* Keep track of how we start our wave and if we changed or not this time */

5
client/cmdhf15.c
View file

@ -561,8 +561,9 @@ int CmdHF15CmdRaw (const char *cmd) {
*/
int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) {
int temp;
uint8_t *req=c->d.asBytes, uid[8];
uint32_t reqlen=0;
uint8_t *req = c->d.asBytes;
uint8_t uid[8] = {0x00};
uint32_t reqlen = 0;
// strip
while (**cmd==' ' || **cmd=='\t') (*cmd)++;

5
client/cmdhficlass.c
View file

@ -501,6 +501,8 @@ int CmdHFiClassReader_Dump(const char *Cmd)
SendCommand(&c);
UsbCommand resp;
uint8_t key_sel[8] = {0x00};
uint8_t key_sel_p[8] = {0x00};
if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
uint8_t isOK = resp.arg[0] & 0xff;
@ -519,8 +521,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
{
if(elite)
{
uint8_t key_sel[8] = {0};
uint8_t key_sel_p[8] = { 0 };
//Get the key index (hash1)
uint8_t key_index[8] = {0};

16
client/cmdhfmf.c
View file

@ -522,8 +522,6 @@ int CmdHF14AMfDump(const char *Cmd)
int size = GetCardSize();
char cmdp = param_getchar(Cmd, 0);
if ( size > -1)
cmdp = (char)(48+size);
@ -556,6 +554,7 @@ int CmdHF14AMfDump(const char *Cmd)
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {
PrintAndLog("File reading error.");
fclose(fin);
return 2;
}
}
@ -564,10 +563,13 @@ int CmdHF14AMfDump(const char *Cmd)
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {
PrintAndLog("File reading error.");
fclose(fin);
return 2;
}
}
fclose(fin);
PrintAndLog("|-----------------------------------------|");
PrintAndLog("|------ Reading sector access bits...-----|");
PrintAndLog("|-----------------------------------------|");
@ -673,7 +675,6 @@ int CmdHF14AMfDump(const char *Cmd)
PrintAndLog("Dumped %d blocks (%d bytes) to file dumpdata.bin", numblocks, 16*numblocks);
}
fclose(fin);
return 0;
}
@ -1169,11 +1170,12 @@ int CmdHF14AMfChk(const char *Cmd)
keycnt++;
memset(buf, 0, sizeof(buf));
}
fclose(f);
} else {
PrintAndLog("File: %s: not found or locked.", filename);
free(keyBlock);
return 1;
fclose(f);
}
}
}
@ -1454,6 +1456,7 @@ int CmdHF14AMfELoad(const char *Cmd)
break;
}
PrintAndLog("File reading error.");
fclose(f);
return 2;
}
if (strlen(buf) < 32){
@ -1478,6 +1481,7 @@ int CmdHF14AMfELoad(const char *Cmd)
if ((blockNum != 16*4) && (blockNum != 32*4 + 8*16)) {
PrintAndLog("File content error. There must be 64 or 256 blocks.");
fclose(f);
return 4;
}
PrintAndLog("Loaded %d blocks from file: %s", blockNum, filename);
@ -1610,8 +1614,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
int CmdHF14AMfCSetUID(const char *Cmd)
{
uint8_t wipeCard = 0;
uint8_t uid[8];
uint8_t oldUid[8];
uint8_t uid[8] = {0x00};
uint8_t oldUid[8] = {0x00};
int res;
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {

2
client/cmdlf.c
View file

@ -410,7 +410,7 @@ int CmdLFSim(const char *Cmd)
printf(".");
}
printf("\n");
PrintAndLog("Starting simulator...");
PrintAndLog("Starting to simulate");
UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
SendCommand(&c);
return 0;

20
client/cmdlfem4x.c
View file

@ -58,6 +58,7 @@ int CmdEM410xRead(const char *Cmd)
/* get clock */
clock = GetClock(Cmd, high, 0);
/* parity for our 4 columns */
parity[0] = parity[1] = parity[2] = parity[3] = 0;
header = rows = 0;
@ -220,8 +221,7 @@ int CmdEM410xSim(const char *Cmd)
int clock = 64;
/* clear our graph */
ClearGraph(0);
GraphTraceLen = 0;
ClearGraph(1);
/* write it out a few times */
for (h = 0; h < 4; h++)
@ -266,12 +266,12 @@ int CmdEM410xSim(const char *Cmd)
}
/* modulate that biatch */
CmdManchesterMod("");
CmdManchesterMod("64");
/* booyah! */
RepaintGraphWindow();
CmdLFSim("64");
CmdLFSim("");
return 0;
}
@ -296,10 +296,10 @@ int CmdEM410xWatch(const char *Cmd)
}
CmdLFRead(read_h ? "h" : "");
CmdSamples("12000");
CmdSamples("16000");
} while (
!CmdEM410xRead("64")
!CmdEM410xRead("")
);
return 0;
}
@ -363,7 +363,7 @@ int CmdEM4x50Read(const char *Cmd)
++i;
while ((GraphBuffer[i] > low) && (i<GraphTraceLen))
++i;
if (j>(MAX_GRAPH_TRACE_LEN/64)) {
if (j>=(MAX_GRAPH_TRACE_LEN/64)) {
break;
}
tmpbuff[j++]= i - start;
@ -616,7 +616,7 @@ int CmdWriteWord(const char *Cmd)
return 1;
}
PrintAndLog("Writting word %d with data %08X", Word, Data);
PrintAndLog("Writing word %d with data %08X", Word, Data);
c.cmd = CMD_EM4X_WRITE_WORD;
c.d.asBytes[0] = 0x0; //Normal mode
@ -629,7 +629,7 @@ int CmdWriteWord(const char *Cmd)
int CmdWriteWordPWD(const char *Cmd)
{
int Word = 8; //default to invalid word
int Word = 16; //default to invalid word
int Data = 0xFFFFFFFF; //default to blank data
int Password = 0xFFFFFFFF; //default to blank password
UsbCommand c;
@ -641,7 +641,7 @@ int CmdWriteWordPWD(const char *Cmd)
return 1;
}
PrintAndLog("Writting word %d with data %08X and password %08X", Word, Data, Password);
PrintAndLog("Writing word %d with data %08X and password %08X", Word, Data, Password);
c.cmd = CMD_EM4X_WRITE_WORD;
c.d.asBytes[0] = 0x1; //Password mode

4
client/cmdlft55xx.c
View file

@ -482,8 +482,8 @@ static command_t CommandTable[] =
{"rdpwd", CmdReadBlkPWD, 0, "<block> <password> -- Read T55xx block data with password mode"},
{"wr", CmdWriteBlk, 0, "<data> <block> -- Write T55xx block data (page 0)"},
{"wrpwd", CmdWriteBlkPWD, 0, "<data> <block> <password> -- Write T55xx block data with password"},
{"trace", CmdReadTrace, 0, "[1] Read T55xx traceability data (page 1 / blk 0-1) "},
{"info", CmdInfo, 0, "[1] Read T55xx configuration data (page0 /blk 0)"},
{"trace", CmdReadTrace, 0, "[1] Read T55xx traceability data (page 1/ blk 0-1)"},
{"info", CmdInfo, 0, "[1] Read T55xx configuration data (page 0/ blk 0)"},
{"dump", CmdDump, 0, "[password] Dump T55xx card block 0-7. optional with password"},
{"fsk", CmdIceFsk, 0, "FSK demod"},
{"man", CmdIceManchester, 0, "Manchester demod (with SST)"},

4
client/cmdmain.c
View file

@ -138,8 +138,10 @@ int getCommand(UsbCommand* response)
*/
bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
UsbCommand resp;
if (response == NULL) {
UsbCommand resp;
response = &resp;
}

25
client/graph.c
View file

@ -21,11 +21,13 @@ int GraphTraceLen;
void AppendGraph(int redraw, int clock, int bit)
{
int i;
int half = (int)(clock/2);
int firstbit = bit ^ 1;
for (i = 0; i < (int)(clock / 2); ++i)
GraphBuffer[GraphTraceLen++] = bit ^ 1;
for (i = 0; i < half; ++i)
GraphBuffer[GraphTraceLen++] = firstbit;
for (i = (int)(clock / 2); i < clock; ++i)
for (i = 0; i <= half; ++i)
GraphBuffer[GraphTraceLen++] = bit;
if (redraw)
@ -73,7 +75,22 @@ int DetectClock(int peak)
}
}
return clock;
int clockmod = clock%8;
if ( clockmod == 0)
return clock;
// When detected clock is 31 or 33 then return 32
printf("Found clock at %d ", clock);
switch( clockmod )
{
case 7: clock++; break;
case 6: clock += 2 ; break;
case 1: clock--; break;
case 2: clock -= 2; break;
}
printf("- adjusted it to %d \n", clock);
return clock;
}
/* Get or auto-detect clock rate */

6
client/loclass/ikeys.c
View file

@ -737,16 +737,14 @@ int doTestsWithKnownInputs()
int readKeyFile(uint8_t key[8])
{
FILE *f;
int retval = 1;
f = fopen("iclass_key.bin", "rb");
if (f)
{
if(fread(key, sizeof(key), 1, f) == 1) return 0;
}
return 1;
return retval;
}

31
client/mifarehost.c
View file

@ -296,7 +296,7 @@ static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00};
// variables
char logHexFileName[200] = {0x00};
static uint8_t traceCard[4096] = {0x00};
static char traceFileName[20];
static char traceFileName[200] = {0x00};
static int traceState = TRACE_IDLE;
static uint8_t traceCurBlock = 0;
static uint8_t traceCurKey = 0;
@ -449,7 +449,7 @@ int mfTraceDecode(uint8_t *data_src, int len, uint32_t parity, bool wantSaveToEm
}
// AUTHENTICATION
if ((len ==4) && ((data[0] == 0x60) || (data[0] == 0x61))) {
if ((len == 4) && ((data[0] == 0x60) || (data[0] == 0x61))) {
traceState = TRACE_AUTH1;
traceCurBlock = data[1];
traceCurKey = data[0] == 60 ? 1:0;
@ -497,7 +497,7 @@ int mfTraceDecode(uint8_t *data_src, int len, uint32_t parity, bool wantSaveToEm
break;
case TRACE_WRITE_OK:
if ((len == 1) && (data[0] = 0x0a)) {
if ((len == 1) && (data[0] == 0x0a)) {
traceState = TRACE_WRITE_DATA;
return 0;
@ -555,23 +555,14 @@ int mfTraceDecode(uint8_t *data_src, int len, uint32_t parity, bool wantSaveToEm
at_par = parity;
// decode key here)
if (!traceCrypto1) {
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
}else{
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
}
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
crypto1_get_lfsr(revstate, &lfsr);
printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));
AddLogUint64(logHexFileName, "key> ", lfsr);

7
client/nonce2key/crapto1.c
View file

@ -544,7 +544,12 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8],
statelist = malloc((sizeof *statelist) << 21); //how large should be?
if(!statelist || !odd || !even)
return 0;
{
free(statelist);
free(odd);
free(even);
return 0;
}
s = statelist;
for(o = odd; *o != -1; ++o)

25
client/ui.c
View file

@ -152,30 +152,13 @@ int manchester_decode( int * data, const size_t len, uint8_t * dataout, size_t
lastpeak = i;
}
}
//return clock;
//defaults clock to precise values.
switch(clock){
case 8:
case 16:
case 32:
case 40:
case 50:
case 64:
case 100:
case 128:
return clock;
break;
default: break;
}
//PrintAndLog(" Found Clock : %d - trying to adjust", clock);
// When detected clock is 31 or 33 then then return
int clockmod = clock%8;
if ( clockmod == 7 )
clock += 1;
else if ( clockmod == 1 )
clock -= 1;
if ( clockmod == 0) return clock;
if ( clockmod == 7 ) clock += 1;
else if ( clockmod == 1 ) clock -= 1;
return clock;
}