github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix #905 - memory corruptions when generating filename

Browse source
This commit is contained in:
iceman1001 2020-07-16 10:54:30 +02:00
commit 1f3e671443
1 changed files with 25 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

61
client/src/cmdhflto.c
View file

@ -32,7 +32,7 @@ static int usage_lto_info(void) {
PrintAndLogEx(NORMAL, " h this help"); PrintAndLogEx(NORMAL, " h this help");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " hf lto info"); PrintAndLogEx(NORMAL, _YELLOW_(" hf lto info"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -44,7 +44,7 @@ static int usage_lto_rdbl(void) {
PrintAndLogEx(NORMAL, " e end block in decimal <= 254"); PrintAndLogEx(NORMAL, " e end block in decimal <= 254");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " hf lto rdbl s 0 e 254 - Read data block from 0 to 254"); PrintAndLogEx(NORMAL, _YELLOW_(" hf lto rdbl s 0 e 254") " - Read data block from 0 to 254");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -56,8 +56,7 @@ static int usage_lto_wrbl(void) {
PrintAndLogEx(NORMAL, " d 32 bytes of data to write (64 hex characters, no space)"); PrintAndLogEx(NORMAL, " d 32 bytes of data to write (64 hex characters, no space)");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " hf lto wrbl b 128 d 0001020304050607080910111213141516171819202122232425262728293031 - write 00..31 to block address 128"); PrintAndLogEx(NORMAL, _YELLOW_(" hf lto wrbl b 128 d 0001020304050607080910111213141516171819202122232425262728293031") " - write 00..31 to block address 128");
PrintAndLogEx(NORMAL, " Use 'hf lto rdbl' for verification");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -68,7 +67,7 @@ static int usage_lto_dump(void) {
PrintAndLogEx(NORMAL, " f file name"); PrintAndLogEx(NORMAL, " f file name");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " hf lto dump f myfile"); PrintAndLogEx(NORMAL, _YELLOW_(" hf lto dump f myfile"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -79,7 +78,7 @@ static int usage_lto_restore(void) {
PrintAndLogEx(NORMAL, " f file name [.bin|.eml]"); PrintAndLogEx(NORMAL, " f file name [.bin|.eml]");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " hf lto restore f hf_lto_92C7842CFF.bin|.eml"); PrintAndLogEx(NORMAL, _YELLOW_(" hf lto restore f hf_lto_92C7842CFF.bin|.eml"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -180,8 +179,7 @@ static int CmdHfLTOInfo(const char *Cmd) {
//Validations //Validations
if (errors) { if (errors) {
usage_lto_info(); return usage_lto_info();
return PM3_EINVARG;
} }
return infoLTO(true); return infoLTO(true);
@ -384,7 +382,7 @@ static int CmdHfLTOWriteBlock(const char *Cmd) {
bool b_opt_selected = false; bool b_opt_selected = false;
bool d_opt_selected = false; bool d_opt_selected = false;
uint8_t blk = 128; uint8_t blk = 128;
uint8_t blkData[32] = {0}; uint8_t block_data[32] = {0};
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -396,7 +394,7 @@ static int CmdHfLTOWriteBlock(const char *Cmd) {
cmdp += 2; cmdp += 2;
break; break;
case 'd': case 'd':
if (param_gethex(Cmd, cmdp + 1, blkData, 64)) { if (param_gethex(Cmd, cmdp + 1, block_data, 64)) {
PrintAndLogEx(WARNING, "block data must include 64 HEX symbols"); PrintAndLogEx(WARNING, "block data must include 64 HEX symbols");
errors = true; errors = true;
break; break;
@ -413,14 +411,17 @@ static int CmdHfLTOWriteBlock(const char *Cmd) {
//Validations //Validations
if (errors) { if (errors) {
usage_lto_wrbl(); return usage_lto_wrbl();
return PM3_EINVARG;
} else if (b_opt_selected == false || d_opt_selected == false) { } else if (b_opt_selected == false || d_opt_selected == false) {
PrintAndLogEx(WARNING, "Need to specify block address and data. See usage, h option"); PrintAndLogEx(WARNING, "Need to specify block address and data.");
return PM3_EINVARG; return usage_lto_wrbl();
} }
return wrblLTO(blk, blkData, true); int res = wrblLTO(blk, block_data, true);
if (res == PM3_SUCCESS)
PrintAndLogEx(HINT, "Try use 'hf lto rdbl' for verification");
return res;
} }
int dumpLTO(uint8_t *dump, bool verbose) { int dumpLTO(uint8_t *dump, bool verbose) {
@ -446,11 +447,9 @@ int dumpLTO(uint8_t *dump, bool verbose) {
ret_val = lto_rdbl(i, block_data_d00_d15, block_data_d16_d31, verbose); ret_val = lto_rdbl(i, block_data_d00_d15, block_data_d16_d31, verbose);
if (ret_val == PM3_SUCCESS) { if (ret_val == PM3_SUCCESS) {
//Remove CRCs // remove CRCs
for (int t = 0; t < 16; t++) { memcpy(dump + i * 32, block_data_d00_d15, 16);
dump[t + i * 32] = block_data_d00_d15[t]; memcpy(dump + (i * 32) + 16, block_data_d16_d31, 16);
dump[t + i * 32 + 16] = block_data_d16_d31[t];
}
} else { } else {
lto_switch_off_field(); lto_switch_off_field();
return ret_val; return ret_val;
@ -467,7 +466,6 @@ static int CmdHfLTODump(const char *Cmd) {
bool errors = false; bool errors = false;
uint32_t dump_len = CM_MEM_MAX_SIZE; uint32_t dump_len = CM_MEM_MAX_SIZE;
char filename[FILE_PATH_SIZE] = {0}; char filename[FILE_PATH_SIZE] = {0};
char serial_number[10] = {0};
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -488,39 +486,32 @@ static int CmdHfLTODump(const char *Cmd) {
} }
} }
//Validations
if (errors) { if (errors) {
usage_lto_dump(); usage_lto_dump();
return PM3_EINVARG; return PM3_EINVARG;
} }
// alloc memory
uint8_t *dump = calloc(dump_len, sizeof(uint8_t)); uint8_t *dump = calloc(dump_len, sizeof(uint8_t));
if (!dump) { if (!dump) {
PrintAndLogEx(ERR, "error, cannot allocate memory"); PrintAndLogEx(ERR, "error, cannot allocate memory");
return PM3_EMALLOC; return PM3_EMALLOC;
} }
// loop all blocks
int ret_val = dumpLTO(dump, true); int ret_val = dumpLTO(dump, true);
if (ret_val != PM3_SUCCESS) { if (ret_val != PM3_SUCCESS) {
free(dump); free(dump);
return ret_val; return ret_val;
} }
// save to file
if (filename[0] == '\0') { if (filename[0] == '\0') {
memcpy(serial_number, sprint_hex_inrow(dump, sizeof(serial_number)), sizeof(serial_number)); char *fptr = filename;
char tmp_name[17] = "hf_lto_"; fptr += sprintf(fptr, "hf-lto-");
strcat(tmp_name, serial_number); FillFileNameByUID(fptr, dump, "-dump", 5);
memcpy(filename, tmp_name, sizeof(tmp_name));
} }
saveFile(filename, ".bin", dump, dump_len); saveFile(filename, ".bin", dump, dump_len);
saveFileEML(filename, dump, dump_len, 32); saveFileEML(filename, dump, dump_len, 32);
// free memory
free(dump); free(dump);
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -539,16 +530,14 @@ int restoreLTO(uint8_t *dump, bool verbose) {
return ret_val; return ret_val;
} }
uint8_t blkData[32] = {0}; uint8_t block_data[32] = {0};
//Block address 0 and 1 are read-only //Block address 0 and 1 are read-only
for (uint8_t blk = 2; blk < 255; blk++) { for (uint8_t blk = 2; blk < 255; blk++) {
for (int i = 0; i < 32; i++) { memcpy(block_data, dump + (blk * 32), 32);
blkData[i] = dump[i + blk * 32];
}
ret_val = lto_wrbl(blk, blkData, verbose); ret_val = lto_wrbl(blk, block_data, verbose);
if (ret_val == PM3_SUCCESS) { if (ret_val == PM3_SUCCESS) {
PrintAndLogEx(SUCCESS, "Block %03d - " _YELLOW_("write success"), blk); PrintAndLogEx(SUCCESS, "Block %03d - " _YELLOW_("write success"), blk);