From 67da1c8ca56073579e9df2c58f882c7fb4706f84 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <phil@teuwen.org>
Date: Mon, 16 Jun 2025 10:51:40 +0200
Subject: [PATCH] Make CRC size explicit in some cmd/reply size calculations

---
 armsrc/iso14443a.c | 4 ++--
 armsrc/mifarecmd.c | 8 ++++----
 armsrc/mifaresim.c | 6 +++---
 common/crc16.h     | 1 +
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index 85bc28b97..5a1e66b74 100644
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -1764,7 +1764,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *useruid, uin
                 } else {
                     // first blocks of emu are header
                     uint16_t start = (block * 4) + MFU_DUMP_PREFIX_LENGTH;
-                    uint8_t emdata[MIFARE_BLOCK_SIZE + 2] = {0};
+                    uint8_t emdata[MIFARE_BLOCK_SIZE + CRC16_SIZE] = {0};
                     emlGet(emdata, start, MIFARE_BLOCK_SIZE);
                     AddCrc14A(emdata, MIFARE_BLOCK_SIZE);
                     EmSendCmd(emdata, sizeof(emdata));
@@ -1783,7 +1783,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *useruid, uin
                 //   block1 = 4byte UID.
                 p_response = &responses[RESP_INDEX_UIDC1];
             } else { // all other tags (16 byte block tags)
-                uint8_t emdata[MIFARE_BLOCK_SIZE + 2] = {0};
+                uint8_t emdata[MIFARE_BLOCK_SIZE + CRC16_SIZE] = {0};
                 emlGet(emdata, block, MIFARE_BLOCK_SIZE);
                 AddCrc14A(emdata, MIFARE_BLOCK_SIZE);
                 EmSendCmd(emdata, sizeof(emdata));
diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 3cb9824f9..d0fe1e524 100644
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -2909,7 +2909,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain) {
         }
 
         // read block
-        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar, NULL) != MIFARE_BLOCK_SIZE + 2)) {
+        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar, NULL) != MIFARE_BLOCK_SIZE + CRC16_SIZE)) {
             if (g_dbglevel >= DBG_ERROR) Dbprintf("read block send command error");
             errormsg = 0;
             break;
@@ -3515,7 +3515,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {
 
     int retval = PM3_SUCCESS;
     uint8_t block_cmd[5] = { 0x90, 0xf0, 0xcc, 0xcc, 0x10 };
-    uint8_t cmdlen = sizeof(block_cmd) + MIFARE_BLOCK_SIZE + 2;
+    uint8_t cmdlen = sizeof(block_cmd) + MIFARE_BLOCK_SIZE + CRC16_SIZE;
     uint8_t *cmd = BigBuf_calloc(cmdlen);
 
     iso14a_card_select_t *card_info = (iso14a_card_select_t *) BigBuf_calloc(sizeof(iso14a_card_select_t));
@@ -3532,7 +3532,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {
 
     bool doReselect = false;
     if (block_len < MIFARE_BLOCK_SIZE) {
-        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, 0, &cmd[sizeof(block_cmd)], MIFARE_BLOCK_SIZE + 2, NULL, NULL) != MIFARE_BLOCK_SIZE + 2)) {
+        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, 0, &cmd[sizeof(block_cmd)], MIFARE_BLOCK_SIZE + CRC16_SIZE, NULL, NULL) != MIFARE_BLOCK_SIZE + CRC16_SIZE)) {
             if (g_dbglevel >= DBG_ERROR) Dbprintf("Read manufacturer block failed");
             retval = PM3_ESOFT;
             goto OUT;
@@ -3567,7 +3567,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {
             }
         }
 
-        retval = DoGen3Cmd(cmd, sizeof(block_cmd) + MIFARE_BLOCK_SIZE + 2);
+        retval = DoGen3Cmd(cmd, sizeof(block_cmd) + MIFARE_BLOCK_SIZE + CRC16_SIZE);
     }
 
 OUT:
diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c
index 303491bcf..7b7a48550 100644
--- a/armsrc/mifaresim.c
+++ b/armsrc/mifaresim.c
@@ -1039,8 +1039,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
                         }
                     }
                     AddCrc14A(response, MIFARE_BLOCK_SIZE);
-                    mf_crypto1_encrypt(pcs, response, MIFARE_BLOCK_SIZE + 2, response_par);
-                    EmSendCmdPar(response, MIFARE_BLOCK_SIZE + 2, response_par);
+                    mf_crypto1_encrypt(pcs, response, MIFARE_BLOCK_SIZE + CRC16_SIZE, response_par);
+                    EmSendCmdPar(response, MIFARE_BLOCK_SIZE + CRC16_SIZE, response_par);
                     FpgaDisableTracing();
 
                     if (g_dbglevel >= DBG_EXTENDED) {
@@ -1309,7 +1309,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
             // WRITE BL2
             case MFEMUL_WRITEBL2: {
 
-                if (receivedCmd_len == MIFARE_BLOCK_SIZE + 2) {
+                if (receivedCmd_len == MIFARE_BLOCK_SIZE + CRC16_SIZE) {
 
                     mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec);
 
diff --git a/common/crc16.h b/common/crc16.h
index c8aecaf21..5e0686fca 100644
--- a/common/crc16.h
+++ b/common/crc16.h
@@ -20,6 +20,7 @@
 
 #include "common.h"
 
+#define CRC16_SIZE 2
 #define CRC16_POLY_CCITT     0x1021
 #define CRC16_POLY_KERMIT    0x8408
 #define CRC16_POLY_LEGIC     0xc6c6 //0x6363