mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-10-24 12:36:16 +08:00
FIX: Coverity scan fixes, hard to keep track of stringlengths while reading and copying in C.
This commit is contained in:
parent
82885445b3
commit
aacb96d7ed
6 changed files with 60 additions and 39 deletions
|
@ -580,7 +580,7 @@ void mifare_cypher_single_block (desfirekey_t key, uint8_t *data, uint8_t *ivect
|
||||||
{
|
{
|
||||||
AesCtx ctx;
|
AesCtx ctx;
|
||||||
AesCtxIni(&ctx, ivect, key->data, KEY128,CBC);
|
AesCtxIni(&ctx, ivect, key->data, KEY128,CBC);
|
||||||
AesEncrypt(&ctx, data, edata, sizeof(data) );
|
AesEncrypt(&ctx, data, edata, sizeof(edata) );
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case MCO_DECYPHER:
|
case MCO_DECYPHER:
|
||||||
|
|
|
@ -68,7 +68,7 @@ int CmdLegicDecode(const char *Cmd) {
|
||||||
uint32_t calc_crc = CRC8Legic(data_buf, 4);
|
uint32_t calc_crc = CRC8Legic(data_buf, 4);
|
||||||
|
|
||||||
PrintAndLog("\nCDF: System Area");
|
PrintAndLog("\nCDF: System Area");
|
||||||
|
PrintAndLog("------------------------------------------------------");
|
||||||
PrintAndLog("MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s",
|
PrintAndLog("MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s",
|
||||||
data_buf[0],
|
data_buf[0],
|
||||||
data_buf[1],
|
data_buf[1],
|
||||||
|
@ -118,8 +118,22 @@ int CmdLegicDecode(const char *Cmd) {
|
||||||
uint32_t segCalcCRC = 0;
|
uint32_t segCalcCRC = 0;
|
||||||
uint32_t segCRC = 0;
|
uint32_t segCRC = 0;
|
||||||
|
|
||||||
|
// see if user area is xored or just zeros.
|
||||||
|
int numOfZeros = 0;
|
||||||
|
for (int index=22; index < 256; ++index){
|
||||||
|
if ( data_buf[index] == 0x00 )
|
||||||
|
++numOfZeros;
|
||||||
|
}
|
||||||
|
// if possible zeros is less then 60%, lets assume data is xored
|
||||||
|
// 256 - 22 (header) = 234
|
||||||
|
// 1024 - 22 (header) = 1002
|
||||||
|
int isXored = (numOfZeros*100/stamp_len) < 50;
|
||||||
|
PrintAndLog("is data xored? %d ( %d %)", isXored, (numOfZeros*100/stamp_len));
|
||||||
|
|
||||||
|
print_hex_break( data_buf, 33, 16);
|
||||||
|
|
||||||
PrintAndLog("\nADF: User Area");
|
PrintAndLog("\nADF: User Area");
|
||||||
printf("-------------------------------------\n");
|
PrintAndLog("------------------------------------------------------");
|
||||||
i = 22;
|
i = 22;
|
||||||
// 64 potential segements
|
// 64 potential segements
|
||||||
// how to detect there is no segments?!?
|
// how to detect there is no segments?!?
|
||||||
|
@ -148,7 +162,7 @@ int CmdLegicDecode(const char *Cmd) {
|
||||||
segCalcCRC = CRC8Legic(segCrcBytes, 8);
|
segCalcCRC = CRC8Legic(segCrcBytes, 8);
|
||||||
segCRC = data_buf[i+4]^crc;
|
segCRC = data_buf[i+4]^crc;
|
||||||
|
|
||||||
PrintAndLog("Segment %02u \nraw header=0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u, Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)",
|
PrintAndLog("Segment %02u \nraw header | 0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u, Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)",
|
||||||
segmentNum,
|
segmentNum,
|
||||||
data_buf[i]^crc,
|
data_buf[i]^crc,
|
||||||
data_buf[i+1]^crc,
|
data_buf[i+1]^crc,
|
||||||
|
@ -169,9 +183,10 @@ int CmdLegicDecode(const char *Cmd) {
|
||||||
|
|
||||||
if ( hasWRC ) {
|
if ( hasWRC ) {
|
||||||
PrintAndLog("WRC protected area: (I %d | K %d| WRC %d)", i, k, wrc);
|
PrintAndLog("WRC protected area: (I %d | K %d| WRC %d)", i, k, wrc);
|
||||||
|
PrintAndLog("\nrow | data");
|
||||||
|
PrintAndLog("-----+------------------------------------------------");
|
||||||
// de-xor? if not zero, assume it needs xoring.
|
// de-xor? if not zero, assume it needs xoring.
|
||||||
if ( data_buf[i] > 0) {
|
if ( isXored) {
|
||||||
for ( k=i; k < wrc; ++k)
|
for ( k=i; k < wrc; ++k)
|
||||||
data_buf[k] ^= crc;
|
data_buf[k] ^= crc;
|
||||||
}
|
}
|
||||||
|
@ -182,9 +197,10 @@ int CmdLegicDecode(const char *Cmd) {
|
||||||
|
|
||||||
if ( hasWRP ) {
|
if ( hasWRP ) {
|
||||||
PrintAndLog("Remaining write protected area: (I %d | K %d | WRC %d | WRP %d WRP_LEN %d)",i, k, wrc, wrp, wrp_len);
|
PrintAndLog("Remaining write protected area: (I %d | K %d | WRC %d | WRP %d WRP_LEN %d)",i, k, wrc, wrp, wrp_len);
|
||||||
|
PrintAndLog("\nrow | data");
|
||||||
|
PrintAndLog("-----+------------------------------------------------");
|
||||||
|
|
||||||
// de-xor? if not zero, assume it needs xoring.
|
if (isXored) {
|
||||||
if ( data_buf[i] > 0) {
|
|
||||||
for (k=i; k < wrp_len; ++k)
|
for (k=i; k < wrp_len; ++k)
|
||||||
data_buf[k] ^= crc;
|
data_buf[k] ^= crc;
|
||||||
}
|
}
|
||||||
|
@ -199,8 +215,9 @@ int CmdLegicDecode(const char *Cmd) {
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintAndLog("Remaining segment payload: (I %d | K %d | Remain LEN %d)", i, k, remain_seg_payload_len);
|
PrintAndLog("Remaining segment payload: (I %d | K %d | Remain LEN %d)", i, k, remain_seg_payload_len);
|
||||||
|
PrintAndLog("\nrow | data");
|
||||||
if ( data_buf[i] > 0 ) {
|
PrintAndLog("-----+------------------------------------------------");
|
||||||
|
if ( isXored ) {
|
||||||
for ( k=i; k < remain_seg_payload_len; ++k)
|
for ( k=i; k < remain_seg_payload_len; ++k)
|
||||||
data_buf[k] ^= crc;
|
data_buf[k] ^= crc;
|
||||||
}
|
}
|
||||||
|
@ -209,7 +226,7 @@ int CmdLegicDecode(const char *Cmd) {
|
||||||
|
|
||||||
i += remain_seg_payload_len;
|
i += remain_seg_payload_len;
|
||||||
|
|
||||||
printf("\n-------------------------------------\n");
|
PrintAndLog("-----+------------------------------------------------\n");
|
||||||
|
|
||||||
// end with last segment
|
// end with last segment
|
||||||
if (segment_flag & 0x8) return 0;
|
if (segment_flag & 0x8) return 0;
|
||||||
|
@ -332,18 +349,18 @@ int CmdLegicSave(const char *Cmd) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
FILE *f = fopen(filename, "w");
|
|
||||||
if(!f) {
|
|
||||||
PrintAndLog("couldn't open '%s'", Cmd+1);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
GetFromBigBuf(got, requested, offset);
|
GetFromBigBuf(got, requested, offset);
|
||||||
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){
|
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){
|
||||||
PrintAndLog("Command execute timeout");
|
PrintAndLog("Command execute timeout");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
FILE *f = fopen(filename, "w");
|
||||||
|
if(!f) {
|
||||||
|
PrintAndLog("couldn't open '%s'", Cmd+1);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
for (int j = 0; j < requested; j += 8) {
|
for (int j = 0; j < requested; j += 8) {
|
||||||
fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n",
|
fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n",
|
||||||
got[j+0], got[j+1], got[j+2], got[j+3],
|
got[j+0], got[j+1], got[j+2], got[j+3],
|
||||||
|
@ -409,10 +426,11 @@ int CmdLegicCalcCrc8(const char *Cmd){
|
||||||
int len = strlen(Cmd);
|
int len = strlen(Cmd);
|
||||||
if (len & 1 ) return usage_legic_calccrc8();
|
if (len & 1 ) return usage_legic_calccrc8();
|
||||||
|
|
||||||
uint8_t *data = malloc(len);
|
// add 1 for null terminator.
|
||||||
|
uint8_t *data = malloc(len+1);
|
||||||
if ( data == NULL ) return 1;
|
if ( data == NULL ) return 1;
|
||||||
|
|
||||||
param_gethex(Cmd, 0, data, len );
|
if (!param_gethex(Cmd, 0, data, len )) return usage_legic_calccrc8();
|
||||||
|
|
||||||
uint32_t checksum = CRC8Legic(data, len/2);
|
uint32_t checksum = CRC8Legic(data, len/2);
|
||||||
PrintAndLog("Bytes: %s || CRC8: %X", sprint_hex(data, len/2), checksum );
|
PrintAndLog("Bytes: %s || CRC8: %X", sprint_hex(data, len/2), checksum );
|
||||||
|
|
|
@ -43,7 +43,7 @@ int CmdsParse(const command_t Commands[], const char *Cmd)
|
||||||
}
|
}
|
||||||
char cmd_name[32];
|
char cmd_name[32];
|
||||||
int len = 0;
|
int len = 0;
|
||||||
memset(cmd_name, 0, 32);
|
memset(cmd_name, 0, sizeof(cmd_name));
|
||||||
sscanf(Cmd, "%31s%n", cmd_name, &len);
|
sscanf(Cmd, "%31s%n", cmd_name, &len);
|
||||||
int i = 0;
|
int i = 0;
|
||||||
while (Commands[i].Name && strcmp(Commands[i].Name, cmd_name))
|
while (Commands[i].Name && strcmp(Commands[i].Name, cmd_name))
|
||||||
|
|
|
@ -486,12 +486,11 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
|
||||||
odd = lfsr_prefix_ks(ks, 1);
|
odd = lfsr_prefix_ks(ks, 1);
|
||||||
even = lfsr_prefix_ks(ks, 0);
|
even = lfsr_prefix_ks(ks, 0);
|
||||||
|
|
||||||
s = statelist = malloc((sizeof *statelist) << 21);
|
s = statelist = malloc((sizeof *statelist) << 20);
|
||||||
if(!s || !odd || !even) {
|
if(!s || !odd || !even) {
|
||||||
free(statelist);
|
free(statelist);
|
||||||
free(odd);
|
statelist = 0;
|
||||||
free(even);
|
goto out;
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for(o = odd; *o + 1; ++o)
|
for(o = odd; *o + 1; ++o)
|
||||||
|
@ -503,7 +502,7 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
|
||||||
}
|
}
|
||||||
|
|
||||||
s->odd = s->even = 0;
|
s->odd = s->even = 0;
|
||||||
|
out:
|
||||||
free(odd);
|
free(odd);
|
||||||
free(even);
|
free(even);
|
||||||
return statelist;
|
return statelist;
|
||||||
|
|
|
@ -25,6 +25,8 @@ struct Crypto1State * crypto1_create(uint64_t key)
|
||||||
struct Crypto1State *s = malloc(sizeof(*s));
|
struct Crypto1State *s = malloc(sizeof(*s));
|
||||||
if ( !s ) return NULL;
|
if ( !s ) return NULL;
|
||||||
|
|
||||||
|
s->odd = s->even = 0;
|
||||||
|
|
||||||
int i;
|
int i;
|
||||||
//for(i = 47;s && i > 0; i -= 2) {
|
//for(i = 47;s && i > 0; i -= 2) {
|
||||||
for(i = 47; i > 0; i -= 2) {
|
for(i = 47; i > 0; i -= 2) {
|
||||||
|
|
|
@ -127,8 +127,8 @@ static void *main_loop(void *targ) {
|
||||||
while(1) {
|
while(1) {
|
||||||
|
|
||||||
// If there is a script file
|
// If there is a script file
|
||||||
if (script_file)
|
if (script_file) {
|
||||||
{
|
|
||||||
if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) {
|
if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) {
|
||||||
fclose(script_file);
|
fclose(script_file);
|
||||||
script_file = NULL;
|
script_file = NULL;
|
||||||
|
@ -143,8 +143,9 @@ static void *main_loop(void *targ) {
|
||||||
if (nl)
|
if (nl)
|
||||||
*nl = '\0';
|
*nl = '\0';
|
||||||
|
|
||||||
if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) {
|
int newlen = strlen(script_cmd_buf);
|
||||||
memset(cmd, 0, strlen(script_cmd_buf));
|
if ((cmd = (char*) malloc( newlen + 1)) != NULL) {
|
||||||
|
memset(cmd, 0x00, newlen);
|
||||||
strcpy(cmd, script_cmd_buf);
|
strcpy(cmd, script_cmd_buf);
|
||||||
printf("%s\n", cmd);
|
printf("%s\n", cmd);
|
||||||
}
|
}
|
||||||
|
@ -170,6 +171,12 @@ static void *main_loop(void *targ) {
|
||||||
printf("\n");
|
printf("\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
free(cmd);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (script_file) {
|
||||||
|
fclose(script_file);
|
||||||
|
script_file = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
write_history(".history");
|
write_history(".history");
|
||||||
|
@ -181,11 +188,6 @@ static void *main_loop(void *targ) {
|
||||||
pthread_join(reader_thread, NULL);
|
pthread_join(reader_thread, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (script_file) {
|
|
||||||
fclose(script_file);
|
|
||||||
script_file = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ExitGraphics();
|
ExitGraphics();
|
||||||
pthread_exit(NULL);
|
pthread_exit(NULL);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
Loading…
Add table
Reference in a new issue