github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 18:48:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

added bounds checking for when the proxmark3 is simulating a ISO14443a tag

Browse source
This commit is contained in:
iceman1001 2024-09-05 18:38:17 +02:00
commit 7a4bd03cc0
11 changed files with 55 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

36
armsrc/Standalone/hf_aveful.c
View file

@ -67,38 +67,38 @@ typedef struct {
uint8_t sak;
} PACKED card_clone_t;
int get_block_count(iso14a_card_select_t card, uint8_t version[], uint16_t version_len);
uint16_t get_ev1_version(iso14a_card_select_t card, uint8_t *version);
uint16_t get_ev1_signature(iso14a_card_select_t card, uint8_t *signature);
uint16_t get_ev1_counter(iso14a_card_select_t card, uint8_t counter, uint8_t *response);
uint16_t get_ev1_tearing(iso14a_card_select_t card, uint8_t counter, uint8_t *response);
int get_block_count(iso14a_card_select_t card, uint8_t *version, uint16_t version_len);
uint16_t get_ev1_version(iso14a_card_select_t card, uint8_t *version, uint16_t version_len);
uint16_t get_ev1_signature(iso14a_card_select_t card, uint8_t *signature, uint16_t sign_len);
uint16_t get_ev1_counter(iso14a_card_select_t card, uint8_t counter, uint8_t *response, uint16_t resp_len);
uint16_t get_ev1_tearing(iso14a_card_select_t card, uint8_t counter, uint8_t *response, uint16_t resp_len);
uint16_t get_ev1_version(iso14a_card_select_t card, uint8_t *version) {
return mifare_sendcmd(MIFARE_ULEV1_VERSION, NULL, 0, version, NULL, NULL);
uint16_t get_ev1_version(iso14a_card_select_t card, uint8_t *version, uint16_t version_len) {
return mifare_sendcmd(MIFARE_ULEV1_VERSION, NULL, 0, version, version_len, NULL, NULL);
}
uint16_t get_ev1_signature(iso14a_card_select_t card, uint8_t *signature) {
uint16_t get_ev1_signature(iso14a_card_select_t card, uint8_t *signature, uint16_t sign_len) {
uint8_t cmd[4] = {MIFARE_ULEV1_READSIG, 0x00, 0x00, 0x00};
AddCrc14A(cmd, 2);
ReaderTransmit(cmd, sizeof(cmd), NULL);
return ReaderReceive(signature, NULL);
return ReaderReceive(signature, sign_len, NULL);
}
uint16_t get_ev1_counter(iso14a_card_select_t card, uint8_t counter, uint8_t *response) {
uint16_t get_ev1_counter(iso14a_card_select_t card, uint8_t counter, uint8_t *response, uint16_t resp_len) {
uint8_t cmd[4] = {MIFARE_ULEV1_READ_CNT, counter, 0x00, 0x00};
AddCrc14A(cmd, 2);
ReaderTransmit(cmd, sizeof(cmd), NULL);
return ReaderReceive(response, NULL);
return ReaderReceive(response, resp_len, NULL);
}
uint16_t get_ev1_tearing(iso14a_card_select_t card, uint8_t counter, uint8_t *response) {
uint16_t get_ev1_tearing(iso14a_card_select_t card, uint8_t counter, uint8_t *response, uint16_t resp_len) {
uint8_t cmd[4] = {MIFARE_ULEV1_CHECKTEAR, counter, 0x00, 0x00};
AddCrc14A(cmd, 2);
ReaderTransmit(cmd, sizeof(cmd), NULL);
return ReaderReceive(response, NULL);
return ReaderReceive(response, resp_len, NULL);
}
int get_block_count(iso14a_card_select_t card, uint8_t version[], uint16_t version_len) {
int get_block_count(iso14a_card_select_t card, uint8_t *version, uint16_t version_len) {
// Default to MAX_DEFAULT_BLOCKS blocks
int block_count = MAX_DEFAULT_BLOCKS;
// Most of this code is from cmdhfmfu.c
@ -185,7 +185,7 @@ void RunMod(void) {
// Get version and re-select card as UL EV0s like to shut off after a 0x60
uint8_t version[10] = {0x00};
uint16_t version_len = 0;
version_len = get_ev1_version(card, version);
version_len = get_ev1_version(card, version, sizeof(version));
iso14443a_select_card(NULL, NULL, NULL, true, 0, true);
int block_count = get_block_count(card, version, version_len);
@ -212,7 +212,7 @@ void RunMod(void) {
if (read_successful) {
uint8_t signature[34] = {0x00};
if (is_ev1) {
get_ev1_signature(card, signature);
get_ev1_signature(card, signature, sizeof(signature));
}
Dbprintf("Preparing emulator memory with:");
// Fill first 14 blocks with 0x00 (see comment above)
@ -232,8 +232,8 @@ void RunMod(void) {
// On 11-14 read and set counter and tearing on EV1
uint8_t counter[5];
uint8_t tearing[3];
get_ev1_counter(card, i - 11, counter);
get_ev1_tearing(card, i - 11, tearing);
get_ev1_counter(card, i - 11, counter, sizeof(counter));
get_ev1_tearing(card, i - 11, tearing, sizeof(tearing));
memcpy(dataout, counter, 3);
memcpy(dataout + 3, tearing, 1);
}