CHG: Syntax suger, space -> tabs. etc.

FIX: Coverity Scan says out-of-bounds, Increased the databuffer. Legic List command needs to be re-done.
2025-08-21 13:53:55 -07:00 · 2016-01-19 19:33:23 +01:00 · 2016-01-19 19:33:23 +01:00 · 52cf34c1cc
commit 52cf34c1cc
parent 5f5aa82bb9
1 changed files with 241 additions and 255 deletions
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@ -19,31 +19,6 @@
 #include "util.h"
 static int CmdHelp(const char *Cmd);

-static command_t CommandTable[] = 
-{
-  {"help",        CmdHelp,        1, "This help"},
-  {"decode",      CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"},
-  {"reader",      CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"},
-  {"save",        CmdLegicSave,   0, "<filename> [<length>] -- Store samples"},
-  {"load",        CmdLegicLoad,   0, "<filename> -- Restore samples"},
-  {"sim",         CmdLegicRfSim,  0, "[phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)"},
-  {"write",       CmdLegicRfWrite,0, "<offset> <length> -- Write sample buffer (user after load or read)"},
-  {"fill",        CmdLegicRfFill, 0, "<offset> <length> <value> -- Fill/Write tag with constant value"},
-  {NULL, NULL, 0, NULL}
-};
-
-int CmdHFLegic(const char *Cmd)
-{
-  CmdsParse(CommandTable, Cmd);
-  return 0;
-}
-
-int CmdHelp(const char *Cmd)
-{
-  CmdsHelp(CommandTable);
-  return 0;
-}
-
 /*
 *  Output BigBuf and deobfuscate LEGIC RF tag data.
 *   This is based on information given in the talk held
@ -58,7 +33,7 @@ int CmdLegicDecode(const char *Cmd)
 	int crc = 0;
 	int wrp = 0;
 	int wrc = 0;
-  uint8_t data_buf[1053]; // receiver buffer
+	uint8_t data_buf[3076]; // receiver buffer
 	char out_string[3076]; // just use big buffer - bad practice
 	char token_type[4];

@ -114,23 +89,7 @@ int CmdLegicDecode(const char *Cmd)
 	);

 	PrintAndLog("Remaining Header Area");
-  
-  PrintAndLog("%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
-      data_buf[9],
-    data_buf[10],
-    data_buf[11],
-    data_buf[12],
-    data_buf[13],
-    data_buf[14],
-    data_buf[15],
-    data_buf[16],
-    data_buf[17],
-    data_buf[18],
-    data_buf[19],
-    data_buf[20],
-    data_buf[21]
-  );
-  
+	PrintAndLog("%s", sprint_hex(data_buf+9, 13));
 	PrintAndLog("\nADF: User Area");
  
 	i = 22;  
@ -164,7 +123,7 @@ int CmdLegicDecode(const char *Cmd)
 			for ( k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) {
 				sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
 				out_string[j+2] = ' ';
-      };
+			}

 			out_string[j] = '\0';

@ -199,29 +158,30 @@ int CmdLegicDecode(const char *Cmd)
 		PrintAndLog("%s", out_string);
    
 		// end with last segment
-    if (segment_flag & 0x8)
-      return 0;
-  };
+		if (segment_flag & 0x8) return 0;
+
+	} // end for loop
 	return 0;
 }

-int CmdLegicRFRead(const char *Cmd)
-{
+int CmdLegicRFRead(const char *Cmd) {
 	int byte_count=0, offset=0;
 	sscanf(Cmd, "%i %i", &offset, &byte_count);
 	if(byte_count == 0) byte_count = -1;
 	if(byte_count + offset > 1024) byte_count = 1024 - offset;
+
 	UsbCommand c= {CMD_READER_LEGIC_RF, {offset, byte_count, 0}};
+	clearCommandBuffer();
 	SendCommand(&c);
 	return 0;
 }

-int CmdLegicLoad(const char *Cmd)
-{
+int CmdLegicLoad(const char *Cmd) {
 	char filename[FILE_PATH_SIZE] = {0x00};
 	int len = 0;
 	
-	if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {
+	char cmdp = param_getchar(Cmd, 0);
+	if ( cmdp == 'H' || cmdp == 'h' || cmdp == 0x00) {
 		PrintAndLog("It loads datasamples from the file `filename`");
 		PrintAndLog("Usage:  hf legic load <file name>");
 		PrintAndLog(" sample: hf legic load filename");
@ -240,7 +200,11 @@ int CmdLegicLoad(const char *Cmd)
        PrintAndLog("couldn't open '%s'", Cmd);
        return -1;
    }
-    char line[80]; int offset = 0; unsigned int data[8];
+	
+    char line[80]; 
+	int offset = 0, j; 
+	uint32_t data[8] = {0x00};
+	
    while ( fgets(line, sizeof(line), f) ) {
        int res = sscanf(line, "%x %x %x %x %x %x %x %x", 
            &data[0], &data[1], &data[2], &data[3],
@ -251,9 +215,11 @@ int CmdLegicLoad(const char *Cmd)
          return -1;
        }
        UsbCommand c = { CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
-        int j; for(j = 0; j < 8; j++) {
+
+		for( j = 0; j < 8; j++) {
            c.d.asBytes[j] = data[j];
        }
+		
        SendCommand(&c);
        WaitForResponse(CMD_ACK, NULL);
        offset += 8;
@ -263,13 +229,12 @@ int CmdLegicLoad(const char *Cmd)
    return 0;
 }

-int CmdLegicSave(const char *Cmd)
-{
+int CmdLegicSave(const char *Cmd) {
 	int requested = 1024;
 	int offset = 0;
 	int delivered = 0;
 	char filename[FILE_PATH_SIZE];
-  uint8_t got[1024];
+	uint8_t got[1024] = {0x00};

 	sscanf(Cmd, " %s %i %i", filename, &requested, &offset);

@ -278,10 +243,12 @@ int CmdLegicSave(const char *Cmd)
 	if (requested == 0) {
 		requested = 1024;
 	}
+
 	if (requested % 8 != 0) {
 		int remainder = requested % 8;
 		requested = requested + 8 - remainder;
 	}
+
 	if (offset + requested > sizeof(got)) {
 		PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024");
 		return 0;
@ -308,8 +275,7 @@ int CmdLegicSave(const char *Cmd)
 			got[j+7]
 		);
 		delivered += 8;
-    if (delivered >= requested)
-      break;
+		if (delivered >= requested) break;
 	}

 	fclose(f);
@ -317,31 +283,27 @@ int CmdLegicSave(const char *Cmd)
 	return 0;
 }

-int CmdLegicRfSim(const char *Cmd)
-{
-   UsbCommand c={CMD_SIMULATE_TAG_LEGIC_RF};
-   c.arg[0] = 6;
-   c.arg[1] = 3;
-   c.arg[2] = 0;
+int CmdLegicRfSim(const char *Cmd) {
+	UsbCommand c= {CMD_SIMULATE_TAG_LEGIC_RF, {6,3,0}};
 	sscanf(Cmd, " %"lli" %"lli" %"lli, &c.arg[0], &c.arg[1], &c.arg[2]);
+	clearCommandBuffer();
 	SendCommand(&c);
 	return 0;
 }

-int CmdLegicRfWrite(const char *Cmd)
-{
+int CmdLegicRfWrite(const char *Cmd) {
    UsbCommand c = {CMD_WRITER_LEGIC_RF};
    int res = sscanf(Cmd, " 0x%"llx" 0x%"llx, &c.arg[0], &c.arg[1]);
 	if(res != 2) {
 		PrintAndLog("Please specify the offset and length as two hex strings");
        return -1;
    }
+	clearCommandBuffer();
    SendCommand(&c);
    return 0;
 }

-int CmdLegicRfFill(const char *Cmd)
-{
+int CmdLegicRfFill(const char *Cmd) {
    UsbCommand cmd = {CMD_WRITER_LEGIC_RF};
    int res = sscanf(Cmd, " 0x%"llx" 0x%"llx" 0x%"llx, &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]);
    if(res != 3) {
@ -354,12 +316,36 @@ int CmdLegicRfFill(const char *Cmd)
    for(i = 0; i < 48; i++) {
 		c.d.asBytes[i] = cmd.arg[2];
    }
+	
 	for(i = 0; i < 22; i++) {
 		c.arg[0] = i*48;
 		SendCommand(&c);
 		WaitForResponse(CMD_ACK,NULL);
 	}
+	clearCommandBuffer();
    SendCommand(&cmd);
    return 0;
 }

+static command_t CommandTable[] =  {
+	{"help",        CmdHelp,        1, "This help"},
+	{"decode",      CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"},
+	{"reader",      CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"},
+	{"save",        CmdLegicSave,   0, "<filename> [<length>] -- Store samples"},
+	{"load",        CmdLegicLoad,   0, "<filename> -- Restore samples"},
+	{"sim",         CmdLegicRfSim,  0, "[phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)"},
+	{"write",       CmdLegicRfWrite,0, "<offset> <length> -- Write sample buffer (user after load or read)"},
+	{"fill",        CmdLegicRfFill, 0, "<offset> <length> <value> -- Fill/Write tag with constant value"},
+	{NULL, NULL, 0, NULL}
+};
+
+int CmdHFLegic(const char *Cmd) {
+	clearCommandBuffer();
+	CmdsParse(CommandTable, Cmd);
+	return 0;
+}
+
+int CmdHelp(const char *Cmd) {
+	CmdsHelp(CommandTable);
+	return 0;
+}