mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-01-31 04:20:28 +08:00
FIX: if receiving array isnt large enough, previously this will smash the stack..
This commit is contained in:
iceman1001
parent
bb916aa999
commit
b89b3399dc
6 changed files with 57 additions and 26 deletions
|
|
@ -2162,6 +2162,7 @@ int CmdHF14AMfELoad(const char *Cmd) {
|
|||
int i, len, blockNum, numBlocks;
|
||||
int nameParamNo = 1;
|
||||
uint8_t blockWidth = 32;
|
||||
uint32_t tmp;
|
||||
char c = param_getchar(Cmd, 0);
|
||||
|
||||
if ( c == 'h' || c == 'H' || c == 0x00)
|
||||
|
|
@ -2220,7 +2221,8 @@ int CmdHF14AMfELoad(const char *Cmd) {
|
|||
}
|
||||
|
||||
for (i = 0; i < blockWidth; i += 2) {
|
||||
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);
|
||||
sscanf(&buf[i], "%02x", &tmp);
|
||||
buf8[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
if (mfEmlSetMem_xt(buf8, blockNum, 1, blockWidth/2)) {
|
||||
PrintAndLog("Cant set emul block: %3d", blockNum);
|
||||
|
|
@ -2468,6 +2470,7 @@ int CmdHF14AMfCLoad(const char *Cmd) {
|
|||
char buf[35] = {0x00}; // 32+newline chars+1 null terminator
|
||||
uint8_t buf8[16] = {0x00};
|
||||
uint8_t fillFromEmulator = 0;
|
||||
uint32_t tmp;
|
||||
int i, len, blockNum, flags=0;
|
||||
|
||||
memset(filename, 0, sizeof(filename));
|
||||
|
|
@ -2530,9 +2533,11 @@ int CmdHF14AMfCLoad(const char *Cmd) {
|
|||
fclose(f);
|
||||
return 2;
|
||||
}
|
||||
for (i = 0; i < 32; i += 2)
|
||||
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);
|
||||
|
||||
for (i = 0; i < 32; i += 2) {
|
||||
sscanf(&buf[i], "%02x", &tmp);
|
||||
buf8[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
|
||||
if (blockNum == 0) flags = MAGIC_INIT + MAGIC_WUPC; // switch on field and send magic sequence
|
||||
if (blockNum == 1) flags = 0; // just write
|
||||
if (blockNum == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF; // Done. Switch off field.
|
||||
|
|
|
|||
|
|
@ -202,7 +202,8 @@ int usage_lf_em4x05_info(void) {
|
|||
// Construct the graph for emulating an EM410X tag
|
||||
void ConstructEM410xEmulGraph(const char *uid,const uint8_t clock) {
|
||||
|
||||
int i, n, j, binary[4], parity[4];
|
||||
int i, j, binary[4], parity[4];
|
||||
uint32_t n;
|
||||
/* clear our graph */
|
||||
ClearGraph(0);
|
||||
|
||||
|
|
|
|||
|
|
@ -233,7 +233,7 @@ int CmdHIDRead_device(const char *Cmd) {
|
|||
|
||||
int CmdHIDSim(const char *Cmd) {
|
||||
uint32_t hi = 0, lo = 0;
|
||||
int n = 0, i = 0;
|
||||
uint32_t n = 0, i = 0;
|
||||
|
||||
uint8_t ctmp = param_getchar(Cmd, 0);
|
||||
if ( strlen(Cmd) == 0 || ctmp == 'H' || ctmp == 'h' ) return usage_lf_hid_sim();
|
||||
|
|
@ -255,7 +255,7 @@ int CmdHIDSim(const char *Cmd) {
|
|||
int CmdHIDClone(const char *Cmd) {
|
||||
|
||||
uint32_t hi2 = 0, hi = 0, lo = 0;
|
||||
int n = 0, i = 0;
|
||||
uint32_t n = 0, i = 0;
|
||||
UsbCommand c;
|
||||
|
||||
uint8_t ctmp = param_getchar(Cmd, 0);
|
||||
|
|
|
|||
|
|
@ -422,7 +422,7 @@ int CmdIndalaClone(const char *Cmd) {
|
|||
UsbCommand c;
|
||||
uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
|
||||
uid1 = uid2 = uid3 = uid4 = uid5 = uid6 = uid7 = 0;
|
||||
int n = 0, i = 0;
|
||||
uint32_t n = 0, i = 0;
|
||||
|
||||
if (strchr(Cmd,'l') != 0) {
|
||||
while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
|
||||
|
|
|
|||
|
|
@ -540,6 +540,7 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
|
|||
char buf[64] = {0x00};
|
||||
uint8_t buf8[64] = {0x00};
|
||||
int i, blockNum;
|
||||
uint32_t tmp;
|
||||
|
||||
if (!isTraceCardEmpty())
|
||||
saveTraceCard();
|
||||
|
|
@ -573,8 +574,10 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
|
|||
}
|
||||
return 2;
|
||||
}
|
||||
for (i = 0; i < 32; i += 2)
|
||||
sscanf(&buf[i], "%02X", (unsigned int *)&buf8[i / 2]);
|
||||
for (i = 0; i < 32; i += 2) {
|
||||
sscanf(&buf[i], "%02X", &tmp);
|
||||
buf8[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
|
||||
memcpy(traceCard + blockNum * 16, buf8, 16);
|
||||
|
||||
|
|
|
|||
|
|
@ -252,12 +252,15 @@ static int l_iso14443b_crc(lua_State *L) {
|
|||
unsigned char *TransmitFirst,
|
||||
unsigned char *TransmitSecond)
|
||||
*/
|
||||
uint32_t tmp;
|
||||
unsigned char buf[USB_CMD_DATA_SIZE] = {0x00};
|
||||
size_t size = 0;
|
||||
const char *data = luaL_checklstring(L, 1, &size);
|
||||
|
||||
for (int i = 0; i < size; i += 2)
|
||||
sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
|
||||
for (int i = 0; i < size; i += 2) {
|
||||
sscanf(&data[i], "%02x", &tmp);
|
||||
buf[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
|
||||
size /= 2;
|
||||
ComputeCrc14443(CRC_14443_B, buf, size, &buf[size], &buf[size+1]);
|
||||
|
|
@ -272,6 +275,7 @@ static int l_iso14443b_crc(lua_State *L) {
|
|||
static int l_aes128decrypt_cbc(lua_State *L) {
|
||||
//Check number of arguments
|
||||
int i;
|
||||
uint32_t tmp;
|
||||
size_t size;
|
||||
const char *p_key = luaL_checklstring(L, 1, &size);
|
||||
if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
|
||||
|
|
@ -285,8 +289,10 @@ static int l_aes128decrypt_cbc(lua_State *L) {
|
|||
|
||||
// convert key to bytearray and convert input to bytearray
|
||||
for (i = 0; i < 32; i += 2) {
|
||||
sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
|
||||
sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
|
||||
sscanf(&p_encTxt[i], "%02x", &tmp);
|
||||
indata[i / 2] = tmp & 0xFF;
|
||||
sscanf(&p_key[i], "%02x", &tmp);
|
||||
aes_key[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
|
||||
aes_context ctx;
|
||||
|
|
@ -301,6 +307,7 @@ static int l_aes128decrypt_ecb(lua_State *L)
|
|||
{
|
||||
//Check number of arguments
|
||||
int i;
|
||||
uint32_t tmp;
|
||||
size_t size;
|
||||
const char *p_key = luaL_checklstring(L, 1, &size);
|
||||
if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
|
||||
|
|
@ -313,8 +320,10 @@ static int l_aes128decrypt_ecb(lua_State *L)
|
|||
|
||||
// convert key to bytearray and convert input to bytearray
|
||||
for (i = 0; i < 32; i += 2) {
|
||||
sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
|
||||
sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
|
||||
sscanf(&p_encTxt[i], "%02x", &tmp);
|
||||
indata[i / 2] = tmp & 0xFF;
|
||||
sscanf(&p_key[i], "%02x", &tmp);
|
||||
aes_key[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
aes_context ctx;
|
||||
aes_init(&ctx);
|
||||
|
|
@ -330,6 +339,7 @@ static int l_aes128encrypt_cbc(lua_State *L)
|
|||
{
|
||||
//Check number of arguments
|
||||
int i;
|
||||
uint32_t tmp;
|
||||
size_t size;
|
||||
const char *p_key = luaL_checklstring(L, 1, &size);
|
||||
if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
|
||||
|
|
@ -342,8 +352,10 @@ static int l_aes128encrypt_cbc(lua_State *L)
|
|||
unsigned char iv[16] = {0x00};
|
||||
|
||||
for (i = 0; i < 32; i += 2) {
|
||||
sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
|
||||
sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
|
||||
sscanf(&p_txt[i], "%02x", &tmp);
|
||||
indata[i / 2] = tmp & 0xFF;
|
||||
sscanf(&p_key[i], "%02x", &tmp);
|
||||
aes_key[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
|
||||
aes_context ctx;
|
||||
|
|
@ -359,6 +371,7 @@ static int l_aes128encrypt_ecb(lua_State *L)
|
|||
{
|
||||
//Check number of arguments
|
||||
int i;
|
||||
uint32_t tmp;
|
||||
size_t size;
|
||||
const char *p_key = luaL_checklstring(L, 1, &size);
|
||||
if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
|
||||
|
|
@ -370,8 +383,10 @@ static int l_aes128encrypt_ecb(lua_State *L)
|
|||
unsigned char aes_key[16] = {0x00};
|
||||
|
||||
for (i = 0; i < 32; i += 2) {
|
||||
sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
|
||||
sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
|
||||
sscanf(&p_txt[i], "%02x", &tmp);
|
||||
indata[i / 2] = tmp & 0xFF;
|
||||
sscanf(&p_key[i], "%02x", &tmp);
|
||||
aes_key[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
aes_context ctx;
|
||||
aes_init(&ctx);
|
||||
|
|
@ -522,6 +537,7 @@ static int l_hardnested(lua_State *L){
|
|||
|
||||
bool haveTarget = true;
|
||||
size_t size;
|
||||
uint32_t tmp;
|
||||
const char *p_blockno = luaL_checklstring(L, 1, &size);
|
||||
if(size != 2) return returnToLuaWithError(L,"Wrong size of blockNo, got %d bytes, expected 2", (int) size);
|
||||
|
||||
|
|
@ -571,9 +587,12 @@ static int l_hardnested(lua_State *L){
|
|||
uint8_t key[6] = {0,0,0,0,0,0};
|
||||
uint8_t trgkey[6] = {0,0,0,0,0,0};
|
||||
for (int i = 0; i < 32; i += 2) {
|
||||
sscanf(&p_key[i], "%02x", (unsigned int *)&key[i / 2]);
|
||||
if (haveTarget)
|
||||
sscanf(&p_trgkey[i], "%02x", (unsigned int *)&trgkey[i / 2]);
|
||||
sscanf(&p_key[i], "%02x", &tmp);
|
||||
key[i / 2] = tmp & 0xFF;
|
||||
if (haveTarget) {
|
||||
sscanf(&p_trgkey[i], "%02x", &tmp);
|
||||
trgkey[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
}
|
||||
|
||||
uint64_t foundkey = 0;
|
||||
|
|
@ -609,13 +628,16 @@ static int l_detect_prng(lua_State *L) {
|
|||
*/
|
||||
static int l_keygen_algoD(lua_State *L) {
|
||||
size_t size;
|
||||
uint32_t tmp;
|
||||
const char *p_uid = luaL_checklstring(L, 1, &size);
|
||||
if(size != 14) return returnToLuaWithError(L,"Wrong size of UID, got %d bytes, expected 14", (int) size);
|
||||
if (size != 14) return returnToLuaWithError(L,"Wrong size of UID, got %d bytes, expected 14", (int) size);
|
||||
|
||||
uint8_t uid[7] = {0,0,0,0,0,0,0};
|
||||
|
||||
for (int i = 0; i < 14; i += 2)
|
||||
sscanf(&p_uid[i], "%02x", (unsigned int *)&uid[i / 2]);
|
||||
for (int i = 0; i < 14; i += 2) {
|
||||
sscanf(&p_uid[i], "%02x", &tmp);
|
||||
uid[i / 2] = tmp & 0xFF;
|
||||
}
|
||||
|
||||
uint32_t pwd = ul_ev1_pwdgenD(uid);
|
||||
uint16_t pack = ul_ev1_packgenD(uid);
|
||||
|
|
|
|||
Loading…
Reference in a new issue