From 3e952b80369483406f42974d5f8b5184226012ce Mon Sep 17 00:00:00 2001 From: DidierA <1620015+DidierA@users.noreply.github.com> Date: Tue, 21 Feb 2023 01:50:33 +0100 Subject: [PATCH 1/7] bugfix: wrong text in hf mfdes list when no data exists in trace --- client/src/cmdhflist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhflist.c b/client/src/cmdhflist.c index 232d4af19..fc3f94d7a 100644 --- a/client/src/cmdhflist.c +++ b/client/src/cmdhflist.c @@ -898,7 +898,7 @@ void annotateMfDesfire(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { snprintf(exp, size, "R-block NACK(%d)", (cmd[0] & 0x01)); } // I-block 000xCN1x - else if ((cmd[0] & 0xC0) == 0x00) { + else if (((cmd[0] & 0xC0) == 0x00) && (cmdsize > 2)) { // PCB [CID] [NAD] [INF] CRC CRC int pos = 1; From 49a475899acd1fdba06f04eb3f8c1fe99053615f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 21 Feb 2023 04:40:48 +0100 Subject: [PATCH 2/7] time is 64b better to accept the same size input timestamps --- tools/mfd_aes_brute/brute_key.c | 5 ++++- tools/mfd_aes_brute/mfd_aes_brute.c | 3 ++- tools/mfd_aes_brute/mfd_multi_brute.c | 5 +++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/tools/mfd_aes_brute/brute_key.c b/tools/mfd_aes_brute/brute_key.c index 41c91f3c7..654fed6c6 100644 --- a/tools/mfd_aes_brute/brute_key.c +++ b/tools/mfd_aes_brute/brute_key.c @@ -111,7 +111,8 @@ int main(int argc, char *argv[]) { uint8_t tag_challenge[16] = {0x00}; uint8_t lock_challenge[32] = {0x00}; - uint64_t timestamp = atoi(argv[1]); + uint64_t timestamp = 0; + sscanf(argv[1], "%lu", ×tamp); if (argc != 4) { printf("\nusage: %s <16 byte tag challenge> <32 byte lock challenge>\n\n", argv[0]); @@ -124,8 +125,10 @@ int main(int argc, char *argv[]) { if (hexstr_to_byte_array(argv[3], lock_challenge, sizeof(lock_challenge))) return 3; + // current time uint64_t start_time = time(NULL); + // from a time before up until current time. for (; timestamp < start_time; timestamp++) { make_key(timestamp, key); diff --git a/tools/mfd_aes_brute/mfd_aes_brute.c b/tools/mfd_aes_brute/mfd_aes_brute.c index d4bca2bb8..4eba06051 100644 --- a/tools/mfd_aes_brute/mfd_aes_brute.c +++ b/tools/mfd_aes_brute/mfd_aes_brute.c @@ -233,7 +233,8 @@ int main(int argc, char *argv[]) { if (argc != 4) return usage(argv[0]); - uint64_t start_time = atoi(argv[1]); + uint64_t start_time = 0; + sscanf(argv[1], "%lu", &start_time); uint8_t tag_challenge[16] = {0x00}; if (hexstr_to_byte_array(argv[2], tag_challenge, sizeof(tag_challenge))) diff --git a/tools/mfd_aes_brute/mfd_multi_brute.c b/tools/mfd_aes_brute/mfd_multi_brute.c index 704796255..bbd213a35 100644 --- a/tools/mfd_aes_brute/mfd_multi_brute.c +++ b/tools/mfd_aes_brute/mfd_multi_brute.c @@ -172,7 +172,7 @@ static void print_time(uint64_t at) { char res[32]; strftime(res, sizeof(res), "%Y-%m-%d %H:%M:%S", <); - printf("%u ( '%s' )\n", (unsigned)t, res); + printf("%"PRIu64" ( '%s' )\n", t, res); } static void *brute_thread(void *arguments) { @@ -378,7 +378,8 @@ int main(int argc, char *argv[]) { return 1; } - uint64_t start_time = atoi(argv[3]); + uint64_t start_time = 0; + sscanf(argv[3], "%lu", &start_time); printf("Crypto algo............ " _GREEN_("%s") "\n", algostr); printf("LCR Random generator... " _GREEN_("%s") "\n", generators[g_idx].Name); From 6ee817aa72779474fc60c7feb8f3936c1d93b300 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 21 Feb 2023 04:41:11 +0100 Subject: [PATCH 3/7] init array w zero --- armsrc/desfire_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/armsrc/desfire_crypto.c b/armsrc/desfire_crypto.c index 84361e2c3..2358fa8b1 100644 --- a/armsrc/desfire_crypto.c +++ b/armsrc/desfire_crypto.c @@ -755,7 +755,7 @@ void mifare_cypher_single_block(desfirekey_t key, uint8_t *data, uint8_t *ivect, memcpy(ovect, data, block_size); } - uint8_t edata[DESFIRE_MAX_CRYPTO_BLOCK_SIZE]; + uint8_t edata[DESFIRE_MAX_CRYPTO_BLOCK_SIZE] = {0}; switch (key->type) { case T_DES: From 64cc21b890ef12bf6c03bc94c0b5b315f1a5ee57 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 21 Feb 2023 04:41:42 +0100 Subject: [PATCH 4/7] init structure with zeros --- armsrc/mifaredesfire.c | 1 + 1 file changed, 1 insertion(+) diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 08d7a9379..3530dfd9b 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -139,6 +139,7 @@ void MifareDesfireGetInformation(void) { uint8_t details[14]; } PACKED payload; + memset(&payload, 0x00, sizeof(payload)); /* 1 = PCB 1 2 = cid 2 From 4807fae885f9800749b94771c4b13f700394edd3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 21 Feb 2023 04:42:24 +0100 Subject: [PATCH 5/7] in private case we calloc, need to free that memory --- client/src/cmdflashmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index 7bbdf74c9..e8db64885 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -643,6 +643,7 @@ static int CmdFlashMemInfo(const char *Cmd) { if (got_private == false) { mbedtls_rsa_free(rsa); + free(rsa); } mbedtls_pk_free(&pkctx); From b86e29fca1fef059d66445cc2de7ce515e544e0c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 21 Feb 2023 04:42:51 +0100 Subject: [PATCH 6/7] init structure with zeros --- client/src/cmdlfhid.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 1ce02f4ed..4cfa41ef8 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -80,12 +80,14 @@ static int sendTry(uint8_t format_idx, wiegand_card_t *card, uint32_t delay, boo ); } - lf_hidsim_t payload; - payload.Q5 = false; - payload.hi2 = packed.Top; - payload.hi = packed.Mid; - payload.lo = packed.Bot; - payload.longFMT = (packed.Mid > 0xFFF); + lf_hidsim_t payload = { + .EM = false, + .Q5 = false, + .hi2 = packed.Top, + .hi = packed.Mid, + .lo = packed.Bot, + .longFMT = (packed.Mid > 0xFFF) + }; clearCommandBuffer(); From 628140fd88f48c04e2bc8ab12e6980c172814e66 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 21 Feb 2023 16:20:34 +0100 Subject: [PATCH 7/7] correct string formatter in sscanf --- tools/mfd_aes_brute/brute_key.c | 2 +- tools/mfd_aes_brute/mfd_aes_brute.c | 2 +- tools/mfd_aes_brute/mfd_multi_brute.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/mfd_aes_brute/brute_key.c b/tools/mfd_aes_brute/brute_key.c index 654fed6c6..e02a597e2 100644 --- a/tools/mfd_aes_brute/brute_key.c +++ b/tools/mfd_aes_brute/brute_key.c @@ -112,7 +112,7 @@ int main(int argc, char *argv[]) { uint8_t lock_challenge[32] = {0x00}; uint64_t timestamp = 0; - sscanf(argv[1], "%lu", ×tamp); + sscanf(argv[1], "%"PRIu64, ×tamp); if (argc != 4) { printf("\nusage: %s <16 byte tag challenge> <32 byte lock challenge>\n\n", argv[0]); diff --git a/tools/mfd_aes_brute/mfd_aes_brute.c b/tools/mfd_aes_brute/mfd_aes_brute.c index 4eba06051..b92eee31c 100644 --- a/tools/mfd_aes_brute/mfd_aes_brute.c +++ b/tools/mfd_aes_brute/mfd_aes_brute.c @@ -234,7 +234,7 @@ int main(int argc, char *argv[]) { if (argc != 4) return usage(argv[0]); uint64_t start_time = 0; - sscanf(argv[1], "%lu", &start_time); + sscanf(argv[1], "%"PRIu64, &start_time); uint8_t tag_challenge[16] = {0x00}; if (hexstr_to_byte_array(argv[2], tag_challenge, sizeof(tag_challenge))) diff --git a/tools/mfd_aes_brute/mfd_multi_brute.c b/tools/mfd_aes_brute/mfd_multi_brute.c index bbd213a35..4279fba62 100644 --- a/tools/mfd_aes_brute/mfd_multi_brute.c +++ b/tools/mfd_aes_brute/mfd_multi_brute.c @@ -379,7 +379,7 @@ int main(int argc, char *argv[]) { } uint64_t start_time = 0; - sscanf(argv[3], "%lu", &start_time); + sscanf(argv[3], "%"PRIu64, &start_time); printf("Crypto algo............ " _GREEN_("%s") "\n", algostr); printf("LCR Random generator... " _GREEN_("%s") "\n", generators[g_idx].Name);