From 789f807e83e05625c8d88e4ee60f4481e6573733 Mon Sep 17 00:00:00 2001 From: Doridian Date: Sat, 11 Jun 2022 15:32:08 -0700 Subject: [PATCH] 100 --- client/src/cmdlfem4x05.c | 40 ++++++++++++++++---------------- client/src/cmdlfem4x50.c | 26 ++++++++++----------- client/src/cmdlfhitag.c | 8 +++---- client/src/cmdlft55xx.c | 50 +++++++++++++++++++++------------------- 4 files changed, 63 insertions(+), 61 deletions(-) diff --git a/client/src/cmdlfem4x05.c b/client/src/cmdlfem4x05.c index 1dff74de0..8998e270c 100644 --- a/client/src/cmdlfem4x05.c +++ b/client/src/cmdlfem4x05.c @@ -698,11 +698,11 @@ int CmdEM4x05Dump(const char *Cmd) { if (strcmp(filename, "") == 0) { if (card_type == EM_4369) { - sprintf(filename, "lf-4369-%08X-dump", BSWAP_32(data[1])); + snprintf(filename, sizeof(filename), "lf-4369-%08X-dump", BSWAP_32(data[1])); } else if (card_type == EM_4469) { - sprintf(filename, "lf-4469-%08X-dump", BSWAP_32(data[1])); + snprintf(filename, sizeof(filename), "lf-4469-%08X-dump", BSWAP_32(data[1])); } else { - sprintf(filename, "lf-4x05-%08X-dump", BSWAP_32(data[1])); + snprintf(filename, sizeof(filename), "lf-4x05-%08X-dump", BSWAP_32(data[1])); } } @@ -1993,7 +1993,7 @@ int CmdEM4x05Sniff(const char *Cmd) { bool fwd = arg_get_lit(ctx, 2); CLIParserFree(ctx); - char cmdText[100]; + const char* cmdText; char dataText[100]; char blkAddr[4]; char bits[80]; @@ -2048,7 +2048,7 @@ int CmdEM4x05Sniff(const char *Cmd) { if ((CycleWidth > 300) || (CycleWidth < (ZeroWidth - 5))) { // to long or too short eop = true; bits[bitidx++] = '0'; // Append last zero from the last bit find - cmdText[0] = 0; + cmdText = ""; // EM4305 command lengths // Login 0011 => 4 + 45 => 49 @@ -2074,53 +2074,53 @@ int CmdEM4x05Sniff(const char *Cmd) { if ((strncmp(bits, "0011", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = true; - sprintf(cmdText, "Logon"); - sprintf(blkAddr, " "); + cmdText = "Logon"; + strncpy(blkAddr, " ", sizeof(blkAddr)); tmpValue = em4x05_Sniff_GetBlock(&bits[4], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // write if ((strncmp(bits, "0101", 4) == 0) && (bitidx == 56)) { haveData = true; - sprintf(cmdText, "Write"); + cmdText = "Write"; tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3); - sprintf(blkAddr, "%u", tmpValue); + snprintf(blkAddr, sizeof(blkAddr), "%u", tmpValue); if (tmpValue == 2) { pwd = true; } tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // read if ((strncmp(bits, "1001", 4) == 0) && (bitidx == 11)) { haveData = true; pwd = false; - sprintf(cmdText, "Read"); + cmdText = "Read"; tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3); - sprintf(blkAddr, "%u", tmpValue); - sprintf(dataText, " "); + snprintf(blkAddr, sizeof(blkAddr), "%u", tmpValue); + strncpy(dataText, " ", sizeof(dataText)); } // protect if ((strncmp(bits, "1100", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = false; - sprintf(cmdText, "Protect"); - sprintf(blkAddr, " "); + cmdText = "Protect"; + strncpy(blkAddr, " ", sizeof(blkAddr)); tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // disable if ((strncmp(bits, "1010", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = false; - sprintf(cmdText, "Disable"); - sprintf(blkAddr, " "); + cmdText = "Disable"; + strncpy(blkAddr, " ", sizeof(blkAddr)); tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); - sprintf(dataText, "%08X", tmpValue); + snprintf(dataText, sizeof(dataText), "%08X", tmpValue); } // bits[bitidx] = 0; diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index e12627d1b..b734ad89f 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -50,31 +50,32 @@ static void print_result(const em4x50_word_t *words, int fwr, int lwr) { for (int i = fwr; i <= lwr; i++) { - char s[50] = {0}; + const char* s; switch (i) { case EM4X50_DEVICE_PASSWORD: - sprintf(s, _YELLOW_("password, write only")); + s = _YELLOW_("password, write only"); break; case EM4X50_PROTECTION: - sprintf(s, _YELLOW_("protection cfg (locked)")); + s = _YELLOW_("protection cfg (locked)"); break; case EM4X50_CONTROL: - sprintf(s, _YELLOW_("control cfg (locked)")); + s = _YELLOW_("control cfg (locked)"); break; case EM4X50_DEVICE_SERIAL: - sprintf(s, _YELLOW_("device serial number (read only)")); + s = _YELLOW_("device serial number (read only)"); break; case EM4X50_DEVICE_ID: - sprintf(s, _YELLOW_("device identification (read only)")); + s = _YELLOW_("device identification (read only)"); break; default: - sprintf(s, "user data"); + s = "user data"; break; } char r[30] = {0}; for (int j = 3; j >= 0; j--) { - sprintf(r + strlen(r), "%02x ", reflect8(words[i].byte[j])); + int offset = strlen(r); + snprintf(r + offset, sizeof(r) - offset, "%02x ", reflect8(words[i].byte[j])); } PrintAndLogEx(INFO, " %2i | " _GREEN_("%s") "| %s| %s", @@ -708,7 +709,8 @@ int CmdEM4x50Reader(const char *Cmd) { char r[30]; memset(r, 0, sizeof(r)); for (int j = 3; j >= 0; j--) { - sprintf(r + strlen(r), "%02x ", reflect8(words[i].byte[j])); + int offset = strlen(r); + snprintf(r + offset, sizeof(r) - offset, "%02x ", reflect8(words[i].byte[j])); } PrintAndLogEx(INFO, _GREEN_(" %s") "| %s", sprint_hex(words[i].byte, 4), r); @@ -786,8 +788,7 @@ int CmdEM4x50Dump(const char *Cmd) { // user supplied filename? if (fnLen == 0) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "lf-4x50-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "lf-4x50-"); FillFileNameByUID(fptr, words[EM4X50_DEVICE_ID].byte, "-dump", 4); } @@ -1083,8 +1084,7 @@ int CmdEM4x50Restore(const char *Cmd) { if (uidLen) { PrintAndLogEx(INFO, "Using UID as filename"); - char *fptr = filename; - fptr += sprintf(fptr, "lf-4x50-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "lf-4x50-"); FillFileNameByUID(fptr, uid, "-dump", 4); } diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index 539bda10a..4f891ffda 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -156,11 +156,12 @@ static int CmdLFHitagList(const char *Cmd) { int j; for (j = 0; j < len; j++) { + int offset = j * 4; //if((parityBits >> (len - j - 1)) & 0x01) { if (isResponse && (oddparity8(frame[j]) != ((parityBits >> (len - j - 1)) & 0x01))) { - sprintf(line + (j * 4), "%02x! ", frame[j]); + snprintf(line + offset, sizeof(line) - offset, "%02x! ", frame[j]); } else { - sprintf(line + (j * 4), "%02x ", frame[j]); + snprintf(line + offset, sizeof(line) - offset, "%02x ", frame[j]); } } @@ -853,8 +854,7 @@ static int CmdLFHitag2Dump(const char *Cmd) { PacketResponseNG resp; uint8_t *data = resp.data.asBytes; if (fnlen < 1) { - char *fptr = filename; - fptr += sprintf(fptr, "lf-hitag-"); + char *fptr = filename + snprintf(filename, sizeof(filename), "lf-hitag-"); FillFileNameByUID(fptr, data, "-dump", 4); } diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 560582a11..2af8f18b7 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -78,16 +78,18 @@ void Set_t55xx_Config(t55xx_conf_block_t conf) { static int CmdHelp(const char *Cmd); static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, uint8_t dl_mode_def) { + const size_t r_count = 56; + const size_t r_len = r_count * sizeof(uint8_t); - char *r0 = (char *)calloc(56, sizeof(uint8_t)); - char *r1 = (char *)calloc(56, sizeof(uint8_t)); - char *r2 = (char *)calloc(56, sizeof(uint8_t)); - char *r3 = (char *)calloc(56, sizeof(uint8_t)); + char *r0 = (char *)calloc(r_count, sizeof(uint8_t)); + char *r1 = (char *)calloc(r_count, sizeof(uint8_t)); + char *r2 = (char *)calloc(r_count, sizeof(uint8_t)); + char *r3 = (char *)calloc(r_count, sizeof(uint8_t)); - sprintf(r0, "downlink - fixed bit length %s", (dl_mode_def == 0) ? "(detected def)" : ""); - sprintf(r1, "downlink - long leading reference %s", (dl_mode_def == 1) ? "(detected def)" : ""); - sprintf(r2, "downlink - leading zero %s", (dl_mode_def == 2) ? "(detected def)" : ""); - sprintf(r3, "downlink - 1 of 4 coding reference %s", (dl_mode_def == 3) ? "(detected def)" : ""); + snprintf(r0, r_len, "downlink - fixed bit length %s", (dl_mode_def == 0) ? "(detected def)" : ""); + snprintf(r1, r_len, "downlink - long leading reference %s", (dl_mode_def == 1) ? "(detected def)" : ""); + snprintf(r2, r_len, "downlink - leading zero %s", (dl_mode_def == 2) ? "(detected def)" : ""); + snprintf(r3, r_len, "downlink - 1 of 4 coding reference %s", (dl_mode_def == 3) ? "(detected def)" : ""); uint8_t n = *idx; at[n++] = arg_lit0(NULL, "r0", r0); @@ -96,8 +98,8 @@ static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, u at[n++] = arg_lit0(NULL, "r3", r3); if (show == T55XX_DLMODE_ALL) { - char *r4 = (char *)calloc(56, sizeof(uint8_t)); - sprintf(r4, "try all downlink modes %s", (dl_mode_def == 4) ? "(def)" : ""); + char *r4 = (char *)calloc(r_count, sizeof(uint8_t)); + snprintf(r4, r_len, "try all downlink modes %s", (dl_mode_def == 4) ? "(def)" : ""); at[n++] = arg_lit0(NULL, "all", r4); } at[n++] = arg_param_end; @@ -961,7 +963,7 @@ static int CmdT55xxDetect(const char *Cmd) { if (use_gb == false) { char wakecmd[20] = { 0x00 }; - sprintf(wakecmd, "-p %08" PRIx64, password); + snprintf(wakecmd, sizeof(wakecmd), "-p %08" PRIx64, password); bool usewake = false; bool try_with_pwd = false; @@ -4010,7 +4012,7 @@ static int CmdT55xxSniff(const char *Cmd) { size_t idx = 0; uint32_t usedPassword, blockData; int pulseSamples = 0, pulseIdx = 0; - char modeText[100]; + const char *modeText; char pwdText[100]; char dataText[100]; int pulseBuffer[80] = { 0 }; // max should be 73 +/- - Holds Pulse widths @@ -4036,9 +4038,9 @@ static int CmdT55xxSniff(const char *Cmd) { int maxWidth = 0; data[0] = 0; bool have_data = false; - sprintf(modeText, "Default"); - sprintf(pwdText, " "); - sprintf(dataText, " "); + modeText = "Default"; + strncpy(pwdText, " ", sizeof(pwdText)); + strncpy(dataText, " ", sizeof(dataText)); if (pulseSamples == 0) { idx++; @@ -4133,7 +4135,7 @@ static int CmdT55xxSniff(const char *Cmd) { } blockData = 0; have_data = true; - sprintf(modeText, "Default Read"); + modeText = "Default Read"; } // Password Write @@ -4161,9 +4163,9 @@ static int CmdT55xxSniff(const char *Cmd) { blockAddr |= 1; } have_data = true; - sprintf(modeText, "Default pwd write"); - sprintf(pwdText, "%08X", usedPassword); - sprintf(dataText, "%08X", blockData); + modeText = "Default pwd write"; + snprintf(pwdText, sizeof(pwdText), "%08X", usedPassword); + snprintf(dataText, sizeof(dataText), "%08X", blockData); } // Default Write (or password read ??) @@ -4185,8 +4187,8 @@ static int CmdT55xxSniff(const char *Cmd) { blockAddr |= 1; } have_data = true; - sprintf(modeText, "Default write"); - sprintf(dataText, "%08X", blockData); + modeText = "Default write"; + snprintf(dataText, sizeof(dataText), "%08X", blockData); } } } @@ -4221,9 +4223,9 @@ static int CmdT55xxSniff(const char *Cmd) { blockAddr |= 1; } have_data = true; - sprintf(modeText, "Leading 0 pwd write"); - sprintf(pwdText, "%08X", usedPassword); - sprintf(dataText, "%08X", blockData); + modeText = "Leading 0 pwd write"; + snprintf(pwdText, sizeof(pwdText), "%08X", usedPassword); + snprintf(dataText, sizeof(dataText), "%08X", blockData); } } }