github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: 'hf snoop' - buffer overflow (@satuoni)

Browse source
This commit is contained in:
iceman1001 2017-10-08 14:56:04 +02:00
commit 674db8d5ac
3 changed files with 12 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

5
armsrc/BigBuf.c
View file

@ -124,7 +124,10 @@ uint16_t BigBuf_max_traceLen(void)
void clear_trace() { void clear_trace() {
traceLen = 0; traceLen = 0;
} }
void set_tracelen(uint16_t tl)
{
traceLen=tl;
}
void set_tracing(bool enable) { void set_tracing(bool enable) {
tracing = enable; tracing = enable;
} }

1
armsrc/BigBuf.h
View file

@ -39,6 +39,7 @@ extern void BigBuf_print_status(void);
extern uint16_t BigBuf_get_traceLen(void); extern uint16_t BigBuf_get_traceLen(void);
extern void clear_trace(void); extern void clear_trace(void);
extern void set_tracing(bool enable); extern void set_tracing(bool enable);
extern void set_tracelen(uint16_t tl);
extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader); extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader);
extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length); extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);

14
armsrc/hfsnoop.c
View file

@ -2,6 +2,7 @@
#include "apps.h" #include "apps.h"
#include "BigBuf.h" #include "BigBuf.h"
#include "util.h" #include "util.h"
#include "usb_cdc.h" // for usb_poll_validate_length
static void RAMFUNC optimizedSnoop(void); static void RAMFUNC optimizedSnoop(void);
@ -10,7 +11,7 @@ static void RAMFUNC optimizedSnoop(void)
int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
uint16_t *dest = (uint16_t *)BigBuf_get_addr(); uint16_t *dest = (uint16_t *)BigBuf_get_addr();
uint16_t *destend = dest + n; uint16_t *destend = dest + n-1;
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
// Reading data loop // Reading data loop
@ -24,6 +25,8 @@ static void RAMFUNC optimizedSnoop(void)
} }
//Resetting Frame mode (First set in fpgaloader.c) //Resetting Frame mode (First set in fpgaloader.c)
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
//setting tracelen - importsnt! it was set by buffer overflow before
set_tracelen( BigBuf_max_traceLen());
} }
void HfSnoop(int samplesToSkip, int triggersToSkip) void HfSnoop(int samplesToSkip, int triggersToSkip)
@ -41,7 +44,7 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
// connect Demodulated Signal to ADC: // connect Demodulated Signal to ADC:
SetAdcMuxFor(GPIO_MUXSEL_HIPKD); SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
SpinDelay(50); SpinDelay(100);
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer. AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
@ -52,15 +55,12 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = (uint16_t)AT91C_BASE_SSC->SSC_RHR; r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
r = MAX(r & 0xff, r >> 8); r = MAX(r & 0xff, r >> 8);
if (r >= 240) if (r >= 180) {
{ if (++trigger_cnt > triggersToSkip)
if (++trigger_cnt > triggersToSkip) {
break; break;
} }
} }
} }
}
if(!BUTTON_PRESS()) { if(!BUTTON_PRESS()) {
int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0 int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0