diff --git a/armsrc/pcf7931.c b/armsrc/pcf7931.c
index 0d4c41048..d0edc2698 100644
--- a/armsrc/pcf7931.c
+++ b/armsrc/pcf7931.c
@@ -12,25 +12,19 @@ size_t DemodPCF7931(uint8_t **outBlocks) {
if (GraphTraceLen > 18000)
GraphTraceLen = 18000;
- int i, j, lastval, bitidx, half_switch;
+ int i = 2, j, lastval, bitidx, half_switch;
int clock = 64;
int tolerance = clock / 8;
int pmc, block_done;
int lc, warnings = 0;
size_t num_blocks = 0;
- int lmin = 128, lmax = 128;
+ int lmin = 64, lmax = 192;
uint8_t dir;
- //clear read buffer
- BigBuf_Clear_keep_EM();
+ BigBuf_Clear_keep_EM();
LFSetupFPGAForADC(95, true);
DoAcquisition_default(0, true);
- lmin = 64;
- lmax = 192;
-
- i = 2;
-
/* Find first local max/min */
if (dest[1] > dest[0]) {
while (i < GraphTraceLen) {
diff --git a/client/cmdhffelica.c b/client/cmdhffelica.c
index 33d506a58..dc9234001 100644
--- a/client/cmdhffelica.c
+++ b/client/cmdhffelica.c
@@ -425,38 +425,37 @@ int CmdHFFelicaDumpLite(const char *Cmd) {
}
uint64_t tracelen = resp.arg[1];
+ if (tracelen == 0)
+ return 1;
+
uint8_t *trace = calloc(tracelen, sizeof(uint8_t));
if (trace == NULL) {
PrintAndLogEx(WARNING, "Cannot allocate memory for trace");
return 1;
}
- // only download data if there is any.
- if (tracelen > 0) {
-
- if (!GetFromDevice(BIG_BUF, trace, tracelen, 0, NULL, 2500, false)) {
- PrintAndLogEx(WARNING, "command execution time out");
- free(trace);
- return 0;
- }
-
- PrintAndLogEx(SUCCESS, "Recorded Activity (trace len = %d bytes)", tracelen);
-
- print_hex_break(trace, tracelen, 32);
-
- printSep();
- uint16_t tracepos = 0;
- while (tracepos < tracelen)
- tracepos = PrintFliteBlock(tracepos, trace, tracelen);
-
- printSep();
+ if (!GetFromDevice(BIG_BUF, trace, tracelen, 0, NULL, 2500, false)) {
+ PrintAndLogEx(WARNING, "command execution time out");
+ free(trace);
+ return 0;
}
- free(trace);
+ PrintAndLogEx(SUCCESS, "Recorded Activity (trace len = %d bytes)", tracelen);
+
+ print_hex_break(trace, tracelen, 32);
+ printSep();
+
+ uint16_t tracepos = 0;
+ while (tracepos < tracelen)
+ tracepos = PrintFliteBlock(tracepos, trace, tracelen);
+
+ printSep();
+
+ free(trace);
return 0;
}
-int CmdHFFelicaCmdRaw(const char *cmd) {
+int CmdHFFelicaCmdRaw(const char *Cmd) {
UsbCommand c = {CMD_FELICA_COMMAND, {0, 0, 0}};
bool reply = 1;
bool crc = false;
@@ -470,15 +469,15 @@ int CmdHFFelicaCmdRaw(const char *cmd) {
uint16_t datalen = 0;
uint32_t temp;
- if (strlen(cmd) < 2) return usage_hf_felica_raw();
+ if (strlen(Cmd) < 2) return usage_hf_felica_raw();
// strip
- while (*cmd == ' ' || *cmd == '\t') cmd++;
+ while (*Cmd == ' ' || *Cmd == '\t') Cmd++;
- while (cmd[i] != '\0') {
- if (cmd[i] == ' ' || cmd[i] == '\t') { i++; continue; }
- if (cmd[i] == '-') {
- switch (cmd[i + 1]) {
+ while (Cmd[i] != '\0') {
+ if (Cmd[i] == ' ' || Cmd[i] == '\t') { i++; continue; }
+ if (Cmd[i] == '-') {
+ switch (Cmd[i + 1]) {
case 'H':
case 'h':
return usage_hf_felica_raw();
@@ -498,10 +497,10 @@ int CmdHFFelicaCmdRaw(const char *cmd) {
active_select = true;
break;
case 'b':
- sscanf(cmd + i + 2, "%d", &temp);
+ sscanf(Cmd + i + 2, "%d", &temp);
numbits = temp & 0xFFFF;
i += 3;
- while (cmd[i] != ' ' && cmd[i] != '\0') { i++; }
+ while (Cmd[i] != ' ' && Cmd[i] != '\0') { i++; }
i -= 2;
break;
default:
@@ -510,11 +509,11 @@ int CmdHFFelicaCmdRaw(const char *cmd) {
i += 2;
continue;
}
- if ((cmd[i] >= '0' && cmd[i] <= '9') ||
- (cmd[i] >= 'a' && cmd[i] <= 'f') ||
- (cmd[i] >= 'A' && cmd[i] <= 'F')) {
+ if ((Cmd[i] >= '0' && Cmd[i] <= '9') ||
+ (Cmd[i] >= 'a' && Cmd[i] <= 'f') ||
+ (Cmd[i] >= 'A' && Cmd[i] <= 'F')) {
buf[strlen(buf) + 1] = 0;
- buf[strlen(buf)] = cmd[i];
+ buf[strlen(buf)] = Cmd[i];
i++;
if (strlen(buf) >= 2) {
diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index db65447ac..7aa93f456 100644
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -230,21 +230,21 @@ int CmdLegicInfo(const char *Cmd) {
int fl = 0;
if (data[6] == 0xec) {
- strncpy(token_type, "XAM", sizeof(token_type));
+ strncpy(token_type, "XAM", sizeof(token_type) - 1);
fl = 1;
stamp_len = 0x0c - (data[5] >> 4);
} else {
switch (data[5] & 0x7f) {
case 0x00 ... 0x2f:
- strncpy(token_type, "IAM", sizeof(token_type));
+ strncpy(token_type, "IAM", sizeof(token_type) - 1);
fl = (0x2f - (data[5] & 0x7f)) + 1;
break;
case 0x30 ... 0x6f:
- strncpy(token_type, "SAM", sizeof(token_type));
+ strncpy(token_type, "SAM", sizeof(token_type) - 1);
fl = (0x6f - (data[5] & 0x7f)) + 1;
break;
case 0x70 ... 0x7f:
- strncpy(token_type, "GAM", sizeof(token_type));
+ strncpy(token_type, "GAM", sizeof(token_type) - 1);
fl = (0x7f - (data[5] & 0x7f)) + 1;
break;
}
@@ -266,9 +266,9 @@ int CmdLegicInfo(const char *Cmd) {
if (data[7] == 0x9F && data[8] == 0xFF) {
bIsSegmented = 1;
- strncpy(token_type, "IM-S", sizeof(token_type));
+ strncpy(token_type, "IM-S", sizeof(token_type) - 1);
} else {
- strncpy(token_type, "IM", sizeof(token_type));
+ strncpy(token_type, "IM", sizeof(token_type) - 1);
}
PrintAndLogEx(NORMAL, "DCF: %d (%02x %02x), Token Type=%s (OLE=%01u)",
@@ -614,8 +614,7 @@ int CmdLegicRfWrite(const char *Cmd) {
PrintAndLogEx(NORMAL, "############# DANGER ################");
PrintAndLogEx(NORMAL, "# changing the DCF is irreversible #");
PrintAndLogEx(NORMAL, "#####################################");
- char *answer = NULL;
- answer = readline("do you really want to continue? y(es) n(o) : ");
+ char *answer = readline("do you really want to continue? y(es) n(o) : ");
bool overwrite = (answer[0] == 'y' || answer[0] == 'Y');
if (!overwrite) {
PrintAndLogEx(NORMAL, "command cancelled");
@@ -1283,6 +1282,7 @@ int CmdLegicWipe(const char *Cmd) {
}
}
PrintAndLogEx(SUCCESS, "ok\n");
+ free(data);
return 0;
}
diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c
index e6f017763..85e73d034 100644
--- a/client/cmdhfmfu.c
+++ b/client/cmdhfmfu.c
@@ -322,6 +322,9 @@ static int ul_read(uint8_t page, uint8_t *response, uint16_t responseLength) {
static int ul_comp_write(uint8_t page, uint8_t *data, uint8_t datalen) {
+ if (data == NULL)
+ return -1;
+
uint8_t cmd[18];
memset(cmd, 0x00, sizeof(cmd));
datalen = (datalen > 16) ? 16 : datalen;
@@ -330,7 +333,7 @@ static int ul_comp_write(uint8_t page, uint8_t *data, uint8_t datalen) {
cmd[1] = page;
memcpy(cmd + 2, data, datalen);
- uint8_t response[1] = {0xff};
+ uint8_t response[1] = {0xFF};
ul_send_cmd_raw(cmd, 2 + datalen, response, sizeof(response));
// ACK
if (response[0] == 0x0a) return 0;
@@ -948,7 +951,7 @@ int CmdHF14AMfUInfo(const char *Cmd) {
uint8_t pwd[4] = {0, 0, 0, 0};
uint8_t *key = pwd;
uint8_t pack[4] = {0, 0, 0, 0};
- int len = 0;
+ int len;
char tempStr[50];
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
diff --git a/client/cmdlf.c b/client/cmdlf.c
index 2932caaab..049edb824 100644
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@@ -471,7 +471,7 @@ int CmdLFfskSim(const char *Cmd) {
cmdp += 2;
break;
case 's':
- separator = 1;
+ separator = true;
cmdp++;
break;
case 'd':
@@ -519,7 +519,7 @@ int CmdLFfskSim(const char *Cmd) {
uint16_t arg1, arg2;
arg1 = fcHigh << 8 | fcLow;
- arg2 = separator << 8 | clk;
+ arg2 = (separator << 8) | clk;
size_t size = DemodBufferLen;
if (size > USB_CMD_DATA_SIZE) {
PrintAndLogEx(NORMAL, "DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE);
diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h
index f0a438ef5..25b8c7c17 100644
--- a/client/cmdlft55xx.h
+++ b/client/cmdlft55xx.h
@@ -26,7 +26,6 @@
#include "lfdemod.h"
#include "cmdhf14a.h" //for getTagInfo
-
#define T55x7_CONFIGURATION_BLOCK 0x00
#define T55x7_PAGE0 0x00
#define T55x7_PAGE1 0x01
@@ -37,6 +36,7 @@
#define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // ASK, compat mode, data rate 32, manchester, STT, 7 data blocks
#define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // ASK, compat mode, data rate 32, manchester, 7 data blocks
#define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, emulate em4x02/unique - compat mode, manchester, data rate 64, 2 data blocks
+#define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, emulate em4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks
// FDXB requires data inversion and BiPhase 57 is simply BiPhase 50 inverted, so we can either do it using the modulation scheme or the inversion flag
// we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,
// and it should actually be "10000" (16)
@@ -53,6 +53,7 @@
#define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 5 data blocks, STT
#define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 3 data blocks
#define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 5 data blocks
+
#define T55X7_bin 0b0010
#define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // data rate 64 , ask, manchester, 2 data blocks?
diff --git a/client/fpga_compress.c b/client/fpga_compress.c
index 7c5a4a883..770005021 100644
--- a/client/fpga_compress.c
+++ b/client/fpga_compress.c
@@ -413,18 +413,22 @@ int main(int argc, char **argv) {
infiles = calloc(1, sizeof(FILE *));
if (argc != 4) {
usage();
+ free(infiles);
return (EXIT_FAILURE);
}
infiles[0] = fopen(argv[2], "rb");
if (infiles[0] == NULL) {
fprintf(stderr, "Error. Cannot open input file %s\n\n", argv[2]);
+ free(infiles);
return (EXIT_FAILURE);
}
outfile = fopen(argv[3], "wb");
if (outfile == NULL) {
fprintf(stderr, "Error. Cannot open output file %s\n\n", argv[3]);
+ free(infiles);
return (EXIT_FAILURE);
}
+
return zlib_decompress(infiles[0], outfile);
} else { // Compress or gemerate version info
@@ -453,6 +457,7 @@ int main(int argc, char **argv) {
infiles[i] = fopen(infile_names[i], "rb");
if (infiles[i] == NULL) {
fprintf(stderr, "Error. Cannot open input file %s\n\n", infile_names[i]);
+ free(infile_names);
return (EXIT_FAILURE);
}
}
diff --git a/client/hardnested/hardnested_tables.c b/client/hardnested/hardnested_tables.c
index 09de7f5d7..aacf0f63f 100644
--- a/client/hardnested/hardnested_tables.c
+++ b/client/hardnested/hardnested_tables.c
@@ -44,7 +44,7 @@ static uint16_t PartialSumProperty(uint32_t state, odd_even_t odd_even) {
uint32_t st = state;
uint16_t part_sum = 0;
if (odd_even == ODD_STATE) {
- for (uint16_t i = 0; i < 5; i++) {
+ for (uint16_t i = 0; i < 4; i++) {
part_sum ^= filter(st);
st = (st << 1) | ((j >> (3 - i)) & 0x01) ;
}
@@ -368,7 +368,7 @@ static void precalculate_bit0_bitflip_bitarrays(uint8_t const bitflip, uint16_t
if (count[odd_even] != 1 << 24) {
for (uint32_t state = 0; state < (1 << 24); state += 1 << 4) {
uint32_t line = test_bitarray[odd_even][state >> 5];
- uint16_t half_line = state & 0x000000010 ? line & 0x0000ffff : line >> 16;
+ uint16_t half_line = (state & 0x000000010) ? line & 0x0000ffff : line >> 16;
if (half_line != 0) {
for (uint32_t low_bits = 0; low_bits < (1 << 4); low_bits++) {
set_bit24(test_bitarray_2nd, low_bits << 20 | state >> 4);
@@ -480,7 +480,7 @@ static void precalculate_bit0_bitflip_bitarrays(uint8_t const bitflip, uint16_t
if (count[odd_even] != 1 << 24) {
for (uint32_t state = 0; state < (1 << 24); state += 1 << 4) {
uint32_t line = test_not_bitarray[odd_even][state >> 5];
- uint16_t half_line = state & 0x000000010 ? line & 0x0000ffff : line >> 16;
+ uint16_t half_line = (state & 0x000000010) ? line & 0x0000ffff : line >> 16;
if (half_line != 0) {
for (uint32_t low_bits = 0; low_bits < (1 << 4); low_bits++) {
set_bit24(test_bitarray_2nd, low_bits << 20 | state >> 4);
@@ -518,7 +518,7 @@ static void precalculate_bit0_bitflip_bitarrays(uint8_t const bitflip, uint16_t
int main(int argc, char *argv[]) {
unsigned int bitflip_in;
- int sum_a0;
+ int sum_a0 = 0;
printf("Create tables required by hardnested attack.\n");
printf("Expect a runtime in the range of days or weeks.\n");
diff --git a/client/loclass/cipher.c b/client/loclass/cipher.c
index da210d98f..2fe178829 100644
--- a/client/loclass/cipher.c
+++ b/client/loclass/cipher.c
@@ -87,9 +87,7 @@ bool B(State state) {
bool x2 = state.b & 0x20;
bool x3 = state.b & 0x10;
bool x7 = state.b & 0x01;
-
return x1 ^ x2 ^ x3 ^ x7;
-
}
diff --git a/client/scripting.c b/client/scripting.c
index 82378bf76..e9ebe1dea 100644
--- a/client/scripting.c
+++ b/client/scripting.c
@@ -69,6 +69,13 @@ static int l_GetFromBigBuf(lua_State *L) {
startindex = luaL_checknumber(L, 1);
len = luaL_checknumber(L, 2);
}
+
+ if ( len == 0 ) {
+ //signal error by returning Nil, errorstring
+ lua_pushnil(L);
+ lua_pushstring(L, "You need to supply number of bytes larger than zero");
+ return 2; // two return values
+ }
uint8_t *data = calloc(len, sizeof(uint8_t));
if (!data) {
@@ -118,6 +125,13 @@ static int l_GetFromFlashMem(lua_State *L) {
startindex = luaL_checknumber(L, 1);
len = luaL_checknumber(L, 2);
}
+
+ if ( len == 0 ) {
+ //signal error by returning Nil, errorstring
+ lua_pushnil(L);
+ lua_pushstring(L, "You need to supply number of bytes larger than zero");
+ return 2; // two return values
+ }
uint8_t *data = calloc(len, sizeof(uint8_t));
if (!data) {
@@ -627,7 +641,7 @@ static int l_hardnested(lua_State *L) {
uint8_t key[6] = {0, 0, 0, 0, 0, 0};
uint8_t trgkey[6] = {0, 0, 0, 0, 0, 0};
- for (int i = 0; i < 32; i += 2) {
+ for (int i = 0; i < 12; i += 2) {
sscanf(&p_key[i], "%02x", &tmp);
key[i / 2] = tmp & 0xFF;
if (haveTarget) {
diff --git a/common/crapto1/crapto1.c b/common/crapto1/crapto1.c
index ddc9f7be5..17355e162 100644
--- a/common/crapto1/crapto1.c
+++ b/common/crapto1/crapto1.c
@@ -38,8 +38,8 @@ static void __attribute__((constructor)) fill_lut() {
static inline void update_contribution(uint32_t *item, const uint32_t mask1, const uint32_t mask2) {
uint32_t p = *item >> 25;
- p = p << 1 | evenparity32(*item & mask1);
- p = p << 1 | evenparity32(*item & mask2);
+ p = p << 1 | (evenparity32(*item & mask1));
+ p = p << 1 | (evenparity32(*item & mask2));
*item = p << 24 | (*item & 0xffffff);
}
@@ -90,10 +90,10 @@ recover(uint32_t *o_head, uint32_t *o_tail, uint32_t oks,
if (rem == -1) {
for (e = e_head; e <= e_tail; ++e) {
- *e = *e << 1 ^ evenparity32(*e & LF_POLY_EVEN) ^ !!(in & 4);
+ *e = *e << 1 ^ (evenparity32(*e & LF_POLY_EVEN)) ^ !!(in & 4);
for (o = o_head; o <= o_tail; ++o, ++sl) {
sl->even = *o;
- sl->odd = *e ^ evenparity32(*o & LF_POLY_ODD);
+ sl->odd = *e ^ (evenparity32(*o & LF_POLY_ODD));
sl[1].odd = sl[1].even = 0;
}
}