github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

CHG: Syntax suger, space -> tabs. etc.

Browse source 
FIX: Coverity Scan says out-of-bounds,  Increased the databuffer. Legic List command needs to be re-done.
This commit is contained in:
iceman1001 2016-01-19 19:33:23 +01:00
commit 52cf34c1cc
1 changed files with 241 additions and 255 deletions
Download patch file Download diff file Expand all files Collapse all files

152
client/cmdhflegic.c
View file

@ -19,31 +19,6 @@
#include "util.h" #include "util.h"
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"decode", CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"},
{"reader", CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"},
{"save", CmdLegicSave, 0, "<filename> [<length>] -- Store samples"},
{"load", CmdLegicLoad, 0, "<filename> -- Restore samples"},
{"sim", CmdLegicRfSim, 0, "[phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)"},
{"write", CmdLegicRfWrite,0, "<offset> <length> -- Write sample buffer (user after load or read)"},
{"fill", CmdLegicRfFill, 0, "<offset> <length> <value> -- Fill/Write tag with constant value"},
{NULL, NULL, 0, NULL}
};
int CmdHFLegic(const char *Cmd)
{
CmdsParse(CommandTable, Cmd);
return 0;
}
int CmdHelp(const char *Cmd)
{
CmdsHelp(CommandTable);
return 0;
}
/* /*
* Output BigBuf and deobfuscate LEGIC RF tag data. * Output BigBuf and deobfuscate LEGIC RF tag data.
* This is based on information given in the talk held * This is based on information given in the talk held
@ -58,7 +33,7 @@ int CmdLegicDecode(const char *Cmd)
int crc = 0; int crc = 0;
int wrp = 0; int wrp = 0;
int wrc = 0; int wrc = 0;
uint8_t data_buf[1053]; // receiver buffer uint8_t data_buf[3076]; // receiver buffer
char out_string[3076]; // just use big buffer - bad practice char out_string[3076]; // just use big buffer - bad practice
char token_type[4]; char token_type[4];
@ -114,27 +89,11 @@ int CmdLegicDecode(const char *Cmd)
); );
PrintAndLog("Remaining Header Area"); PrintAndLog("Remaining Header Area");
PrintAndLog("%s", sprint_hex(data_buf+9, 13));
PrintAndLog("%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
data_buf[9],
data_buf[10],
data_buf[11],
data_buf[12],
data_buf[13],
data_buf[14],
data_buf[15],
data_buf[16],
data_buf[17],
data_buf[18],
data_buf[19],
data_buf[20],
data_buf[21]
);
PrintAndLog("\nADF: User Area"); PrintAndLog("\nADF: User Area");
i = 22; i = 22;
for (n=0; n<64; n++) { for ( n=0; n<64; n++ ) {
segment_len = ((data_buf[i+1]^crc)&0x0f) * 256 + (data_buf[i]^crc); segment_len = ((data_buf[i+1]^crc)&0x0f) * 256 + (data_buf[i]^crc);
segment_flag = ((data_buf[i+1]^crc)&0xf0)>>4; segment_flag = ((data_buf[i+1]^crc)&0xf0)>>4;
@ -159,19 +118,19 @@ int CmdLegicDecode(const char *Cmd)
i+=5; i+=5;
if (wrc>0) { if ( wrc>0 ) {
PrintAndLog("WRC protected area:"); PrintAndLog("WRC protected area:");
for (k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) { for ( k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' '; out_string[j+2] = ' ';
}; }
out_string[j] = '\0'; out_string[j] = '\0';
PrintAndLog("%s", out_string); PrintAndLog("%s", out_string);
} }
if (wrp>wrc) { if ( wrp>wrc ) {
PrintAndLog("Remaining write protected area:"); PrintAndLog("Remaining write protected area:");
for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) { for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) {
@ -182,14 +141,14 @@ int CmdLegicDecode(const char *Cmd)
out_string[j] = '\0'; out_string[j] = '\0';
PrintAndLog("%s", out_string); PrintAndLog("%s", out_string);
if((wrp-wrc) == 8) { if( (wrp-wrc) == 8 ) {
sprintf(out_string,"Card ID: %2X%02X%02X",data_buf[i-4]^crc,data_buf[i-3]^crc,data_buf[i-2]^crc); sprintf(out_string, "Card ID: %2X%02X%02X", data_buf[i-4]^crc, data_buf[i-3]^crc, data_buf[i-2]^crc);
PrintAndLog("%s", out_string); PrintAndLog("%s", out_string);
} }
} }
PrintAndLog("Remaining segment payload:"); PrintAndLog("Remaining segment payload:");
for (k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) { for ( k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' '; out_string[j+2] = ' ';
}; };
@ -199,29 +158,30 @@ int CmdLegicDecode(const char *Cmd)
PrintAndLog("%s", out_string); PrintAndLog("%s", out_string);
// end with last segment // end with last segment
if (segment_flag & 0x8) if (segment_flag & 0x8) return 0;
return 0;
}; } // end for loop
return 0; return 0;
} }
int CmdLegicRFRead(const char *Cmd) int CmdLegicRFRead(const char *Cmd) {
{ int byte_count=0, offset=0;
int byte_count=0,offset=0;
sscanf(Cmd, "%i %i", &offset, &byte_count); sscanf(Cmd, "%i %i", &offset, &byte_count);
if(byte_count == 0) byte_count = -1; if(byte_count == 0) byte_count = -1;
if(byte_count + offset > 1024) byte_count = 1024 - offset; if(byte_count + offset > 1024) byte_count = 1024 - offset;
UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}};
UsbCommand c= {CMD_READER_LEGIC_RF, {offset, byte_count, 0}};
clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
return 0; return 0;
} }
int CmdLegicLoad(const char *Cmd) int CmdLegicLoad(const char *Cmd) {
{
char filename[FILE_PATH_SIZE] = {0x00}; char filename[FILE_PATH_SIZE] = {0x00};
int len = 0; int len = 0;
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { char cmdp = param_getchar(Cmd, 0);
if ( cmdp == 'H' || cmdp == 'h' || cmdp == 0x00) {
PrintAndLog("It loads datasamples from the file `filename`"); PrintAndLog("It loads datasamples from the file `filename`");
PrintAndLog("Usage: hf legic load <file name>"); PrintAndLog("Usage: hf legic load <file name>");
PrintAndLog(" sample: hf legic load filename"); PrintAndLog(" sample: hf legic load filename");
@ -240,8 +200,12 @@ int CmdLegicLoad(const char *Cmd)
PrintAndLog("couldn't open '%s'", Cmd); PrintAndLog("couldn't open '%s'", Cmd);
return -1; return -1;
} }
char line[80]; int offset = 0; unsigned int data[8];
while(fgets(line, sizeof(line), f)) { char line[80];
int offset = 0, j;
uint32_t data[8] = {0x00};
while ( fgets(line, sizeof(line), f) ) {
int res = sscanf(line, "%x %x %x %x %x %x %x %x", int res = sscanf(line, "%x %x %x %x %x %x %x %x",
&data[0], &data[1], &data[2], &data[3], &data[0], &data[1], &data[2], &data[3],
&data[4], &data[5], &data[6], &data[7]); &data[4], &data[5], &data[6], &data[7]);
@ -250,10 +214,12 @@ int CmdLegicLoad(const char *Cmd)
fclose(f); fclose(f);
return -1; return -1;
} }
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}}; UsbCommand c = { CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
int j; for(j = 0; j < 8; j++) {
for( j = 0; j < 8; j++) {
c.d.asBytes[j] = data[j]; c.d.asBytes[j] = data[j];
} }
SendCommand(&c); SendCommand(&c);
WaitForResponse(CMD_ACK, NULL); WaitForResponse(CMD_ACK, NULL);
offset += 8; offset += 8;
@ -263,13 +229,12 @@ int CmdLegicLoad(const char *Cmd)
return 0; return 0;
} }
int CmdLegicSave(const char *Cmd) int CmdLegicSave(const char *Cmd) {
{
int requested = 1024; int requested = 1024;
int offset = 0; int offset = 0;
int delivered = 0; int delivered = 0;
char filename[FILE_PATH_SIZE]; char filename[FILE_PATH_SIZE];
uint8_t got[1024]; uint8_t got[1024] = {0x00};
sscanf(Cmd, " %s %i %i", filename, &requested, &offset); sscanf(Cmd, " %s %i %i", filename, &requested, &offset);
@ -278,10 +243,12 @@ int CmdLegicSave(const char *Cmd)
if (requested == 0) { if (requested == 0) {
requested = 1024; requested = 1024;
} }
if (requested % 8 != 0) { if (requested % 8 != 0) {
int remainder = requested % 8; int remainder = requested % 8;
requested = requested + 8 - remainder; requested = requested + 8 - remainder;
} }
if (offset + requested > sizeof(got)) { if (offset + requested > sizeof(got)) {
PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024"); PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024");
return 0; return 0;
@ -308,8 +275,7 @@ int CmdLegicSave(const char *Cmd)
got[j+7] got[j+7]
); );
delivered += 8; delivered += 8;
if (delivered >= requested) if (delivered >= requested) break;
break;
} }
fclose(f); fclose(f);
@ -317,32 +283,28 @@ int CmdLegicSave(const char *Cmd)
return 0; return 0;
} }
int CmdLegicRfSim(const char *Cmd) int CmdLegicRfSim(const char *Cmd) {
{ UsbCommand c= {CMD_SIMULATE_TAG_LEGIC_RF, {6,3,0}};
UsbCommand c={CMD_SIMULATE_TAG_LEGIC_RF};
c.arg[0] = 6;
c.arg[1] = 3;
c.arg[2] = 0;
sscanf(Cmd, " %"lli" %"lli" %"lli, &c.arg[0], &c.arg[1], &c.arg[2]); sscanf(Cmd, " %"lli" %"lli" %"lli, &c.arg[0], &c.arg[1], &c.arg[2]);
clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
return 0; return 0;
} }
int CmdLegicRfWrite(const char *Cmd) int CmdLegicRfWrite(const char *Cmd) {
{ UsbCommand c = {CMD_WRITER_LEGIC_RF};
UsbCommand c={CMD_WRITER_LEGIC_RF};
int res = sscanf(Cmd, " 0x%"llx" 0x%"llx, &c.arg[0], &c.arg[1]); int res = sscanf(Cmd, " 0x%"llx" 0x%"llx, &c.arg[0], &c.arg[1]);
if(res != 2) { if(res != 2) {
PrintAndLog("Please specify the offset and length as two hex strings"); PrintAndLog("Please specify the offset and length as two hex strings");
return -1; return -1;
} }
clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
return 0; return 0;
} }
int CmdLegicRfFill(const char *Cmd) int CmdLegicRfFill(const char *Cmd) {
{ UsbCommand cmd = {CMD_WRITER_LEGIC_RF};
UsbCommand cmd ={CMD_WRITER_LEGIC_RF};
int res = sscanf(Cmd, " 0x%"llx" 0x%"llx" 0x%"llx, &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]); int res = sscanf(Cmd, " 0x%"llx" 0x%"llx" 0x%"llx, &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]);
if(res != 3) { if(res != 3) {
PrintAndLog("Please specify the offset, length and value as two hex strings"); PrintAndLog("Please specify the offset, length and value as two hex strings");
@ -350,16 +312,40 @@ int CmdLegicRfFill(const char *Cmd)
} }
int i; int i;
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}}; UsbCommand c = {CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}};
for(i = 0; i < 48; i++) { for(i = 0; i < 48; i++) {
c.d.asBytes[i] = cmd.arg[2]; c.d.asBytes[i] = cmd.arg[2];
} }
for(i = 0; i < 22; i++) { for(i = 0; i < 22; i++) {
c.arg[0] = i*48; c.arg[0] = i*48;
SendCommand(&c); SendCommand(&c);
WaitForResponse(CMD_ACK,NULL); WaitForResponse(CMD_ACK,NULL);
} }
clearCommandBuffer();
SendCommand(&cmd); SendCommand(&cmd);
return 0; return 0;
} }
static command_t CommandTable[] = {
{"help", CmdHelp, 1, "This help"},
{"decode", CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"},
{"reader", CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"},
{"save", CmdLegicSave, 0, "<filename> [<length>] -- Store samples"},
{"load", CmdLegicLoad, 0, "<filename> -- Restore samples"},
{"sim", CmdLegicRfSim, 0, "[phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)"},
{"write", CmdLegicRfWrite,0, "<offset> <length> -- Write sample buffer (user after load or read)"},
{"fill", CmdLegicRfFill, 0, "<offset> <length> <value> -- Fill/Write tag with constant value"},
{NULL, NULL, 0, NULL}
};
int CmdHFLegic(const char *Cmd) {
clearCommandBuffer();
CmdsParse(CommandTable, Cmd);
return 0;
}
int CmdHelp(const char *Cmd) {
CmdsHelp(CommandTable);
return 0;
}