From d6145d76e7d572743bce8eb75d84b09e00da1e47 Mon Sep 17 00:00:00 2001 From: Ray Lee Date: Tue, 24 Aug 2021 10:43:32 +0800 Subject: [PATCH 1/4] fix buffer overflow --- client/src/cmdhfmfdes.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 2685d7f0c..d4a8b4944 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -689,9 +689,10 @@ static int CmdHF14ADesInfo(const char *Cmd) { iso14a_card_select_t card; res = SelectCard14443A_4(true, false, &card); if (res == PM3_SUCCESS) { - static const char STANDALONE_DESFIRE[] = { 0x75, 0x77, 0x81, 0x02}; - static const char JCOP_DESFIRE[] = { 0x75, 0xf7, 0xb1, 0x02 }; - static const char JCOP3_DESFIRE[] = { 0x78, 0x77, 0x71, 0x02 }; + // convert to str by adding \0 to the end. so we can use strlen() to calc length + static const char STANDALONE_DESFIRE[] = { 0x75, 0x77, 0x81, 0x02, '\0' }; + static const char JCOP_DESFIRE[] = { 0x75, 0xf7, 0xb1, 0x02, '\0' }; + static const char JCOP3_DESFIRE[] = { 0x78, 0x77, 0x71, 0x02, '\0' }; if (card.sak == 0x20) { From 7b59029cdb225c1142b37e3e9d070ec327944b4b Mon Sep 17 00:00:00 2001 From: Ray Lee Date: Tue, 24 Aug 2021 13:22:50 +0800 Subject: [PATCH 2/4] maybe better --- client/src/cmdhfmfdes.c | 13 ++++++------- client/src/util.c | 9 +++++++++ client/src/util.h | 1 + 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index d4a8b4944..23bd3127a 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -689,23 +689,22 @@ static int CmdHF14ADesInfo(const char *Cmd) { iso14a_card_select_t card; res = SelectCard14443A_4(true, false, &card); if (res == PM3_SUCCESS) { - // convert to str by adding \0 to the end. so we can use strlen() to calc length - static const char STANDALONE_DESFIRE[] = { 0x75, 0x77, 0x81, 0x02, '\0' }; - static const char JCOP_DESFIRE[] = { 0x75, 0xf7, 0xb1, 0x02, '\0' }; - static const char JCOP3_DESFIRE[] = { 0x78, 0x77, 0x71, 0x02, '\0' }; + static const uint8_t STANDALONE_DESFIRE[] = { 0x75, 0x77, 0x81, 0x02 }; + static const uint8_t JCOP_DESFIRE[] = { 0x75, 0xf7, 0xb1, 0x02 }; + static const uint8_t JCOP3_DESFIRE[] = { 0x78, 0x77, 0x71, 0x02 }; if (card.sak == 0x20) { if (card.ats_len >= 5) { - if (str_startswith((const char *)card.ats + 1, STANDALONE_DESFIRE)) { + if (bytes_compare((const uint8_t *)card.ats + 1, STANDALONE_DESFIRE, 4)) { PrintAndLogEx(INFO, "Standalone DESFire"); } - if (str_startswith((const char *)card.ats + 1, JCOP_DESFIRE)) { + if (bytes_compare((const uint8_t *)card.ats + 1, JCOP_DESFIRE, 4)) { PrintAndLogEx(INFO, "JCOP DESFire"); } } if (card.ats_len == 4) { - if (str_startswith((const char *)card.ats + 1, JCOP3_DESFIRE)) { + if (bytes_compare((const uint8_t *)card.ats + 1, JCOP3_DESFIRE, 4)) { PrintAndLogEx(INFO, "JCOP3 DESFire"); } } diff --git a/client/src/util.c b/client/src/util.c index 65694db18..ff99baaf7 100644 --- a/client/src/util.c +++ b/client/src/util.c @@ -505,6 +505,15 @@ void bytes_to_bytebits(const void *src, const size_t srclen, void *dest) { } } +// Compare two arrays +bool bytes_compare(const uint8_t *b1, const uint8_t *b2, const size_t n) { + for (size_t i = 0; i < n; i++) { + if (b1[i] != b2[i]) + return false; + } + return true; +} + // aa,bb,cc,dd,ee,ff,gg,hh, ii,jj,kk,ll,mm,nn,oo,pp // to // hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii diff --git a/client/src/util.h b/client/src/util.h index 532f47313..a0b7237c2 100644 --- a/client/src/util.h +++ b/client/src/util.h @@ -61,6 +61,7 @@ int hex_to_bytes(const char *hexValue, uint8_t *bytesValue, size_t maxBytesValue void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest); void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest); void bytes_to_bytebits(const void *src, const size_t srclen, void *dest); +bool bytes_compare(const uint8_t *b1, const uint8_t *b2, const size_t n); // Swap endian on arrays up to 64bytes. uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize); From cc3e2cc3a9d45975d87b8e0d8aee5e0d47d3caaf Mon Sep 17 00:00:00 2001 From: Ray Lee Date: Tue, 24 Aug 2021 14:23:32 +0800 Subject: [PATCH 3/4] use memcmp --- client/src/cmdhfmfdes.c | 12 ++++++------ client/src/util.c | 9 --------- client/src/util.h | 1 - 3 files changed, 6 insertions(+), 16 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 23bd3127a..0d1e14d0b 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -689,22 +689,22 @@ static int CmdHF14ADesInfo(const char *Cmd) { iso14a_card_select_t card; res = SelectCard14443A_4(true, false, &card); if (res == PM3_SUCCESS) { - static const uint8_t STANDALONE_DESFIRE[] = { 0x75, 0x77, 0x81, 0x02 }; - static const uint8_t JCOP_DESFIRE[] = { 0x75, 0xf7, 0xb1, 0x02 }; - static const uint8_t JCOP3_DESFIRE[] = { 0x78, 0x77, 0x71, 0x02 }; + static const char STANDALONE_DESFIRE[] = { 0x75, 0x77, 0x81, 0x02 }; + static const char JCOP_DESFIRE[] = { 0x75, 0xf7, 0xb1, 0x02 }; + static const char JCOP3_DESFIRE[] = { 0x78, 0x77, 0x71, 0x02 }; if (card.sak == 0x20) { if (card.ats_len >= 5) { - if (bytes_compare((const uint8_t *)card.ats + 1, STANDALONE_DESFIRE, 4)) { + if (!memcmp(card.ats + 1, STANDALONE_DESFIRE, 4)) { PrintAndLogEx(INFO, "Standalone DESFire"); } - if (bytes_compare((const uint8_t *)card.ats + 1, JCOP_DESFIRE, 4)) { + if (!memcmp(card.ats + 1, JCOP_DESFIRE, 4)) { PrintAndLogEx(INFO, "JCOP DESFire"); } } if (card.ats_len == 4) { - if (bytes_compare((const uint8_t *)card.ats + 1, JCOP3_DESFIRE, 4)) { + if (!memcmp(card.ats + 1, JCOP3_DESFIRE, 4)) { PrintAndLogEx(INFO, "JCOP3 DESFire"); } } diff --git a/client/src/util.c b/client/src/util.c index ff99baaf7..65694db18 100644 --- a/client/src/util.c +++ b/client/src/util.c @@ -505,15 +505,6 @@ void bytes_to_bytebits(const void *src, const size_t srclen, void *dest) { } } -// Compare two arrays -bool bytes_compare(const uint8_t *b1, const uint8_t *b2, const size_t n) { - for (size_t i = 0; i < n; i++) { - if (b1[i] != b2[i]) - return false; - } - return true; -} - // aa,bb,cc,dd,ee,ff,gg,hh, ii,jj,kk,ll,mm,nn,oo,pp // to // hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii diff --git a/client/src/util.h b/client/src/util.h index a0b7237c2..532f47313 100644 --- a/client/src/util.h +++ b/client/src/util.h @@ -61,7 +61,6 @@ int hex_to_bytes(const char *hexValue, uint8_t *bytesValue, size_t maxBytesValue void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest); void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest); void bytes_to_bytebits(const void *src, const size_t srclen, void *dest); -bool bytes_compare(const uint8_t *b1, const uint8_t *b2, const size_t n); // Swap endian on arrays up to 64bytes. uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize); From 3c51ee4547e65e1c7ceaa8d7f87f47b644d0e2d2 Mon Sep 17 00:00:00 2001 From: Ray Lee Date: Tue, 24 Aug 2021 16:22:55 +0800 Subject: [PATCH 4/4] make style --- client/src/cmdhfmfdes.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 0d1e14d0b..8677ff8ab 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -696,15 +696,15 @@ static int CmdHF14ADesInfo(const char *Cmd) { if (card.sak == 0x20) { if (card.ats_len >= 5) { - if (!memcmp(card.ats + 1, STANDALONE_DESFIRE, 4)) { + if (0 == memcmp(card.ats + 1, STANDALONE_DESFIRE, 4)) { PrintAndLogEx(INFO, "Standalone DESFire"); } - if (!memcmp(card.ats + 1, JCOP_DESFIRE, 4)) { + if (0 == memcmp(card.ats + 1, JCOP_DESFIRE, 4)) { PrintAndLogEx(INFO, "JCOP DESFire"); } } if (card.ats_len == 4) { - if (!memcmp(card.ats + 1, JCOP3_DESFIRE, 4)) { + if (0 == memcmp(card.ats + 1, JCOP3_DESFIRE, 4)) { PrintAndLogEx(INFO, "JCOP3 DESFire"); } }