github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 02:27:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1547 from merlokk/desf_buffer

Browse source 
Desfire dynamic buffer allocation
This commit is contained in:
Oleg Moiseenko 2021-12-24 20:56:13 +02:00 committed by GitHub
commit 7da4a34d7c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 99 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

13
client/src/cmdhfmfdes.c
View file

@ -4615,7 +4615,12 @@ static int DesfileReadFileAndPrint(DesfireContext_t *dctx, uint8_t fnum, int fil
PrintAndLogEx(INFO, "------------------------------- " _CYAN_("File %02x data") " -------------------------------", fnum);
uint8_t resp[2048] = {0};
uint8_t *resp = calloc(DESFIRE_BUFFER_SIZE, 1);
if (resp == NULL) {
PrintAndLogEx(ERR, "Desfire calloc " _RED_("error"));
DropField();
return PM3_EMALLOC;
}
size_t resplen = 0;
if (filetype == RFTData) {
@ -4623,6 +4628,7 @@ static int DesfileReadFileAndPrint(DesfireContext_t *dctx, uint8_t fnum, int fil
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire ReadFile command " _RED_("error") ". Result: %d", res);
DropField();
free(resp);
return PM3_ESOFT;
}
@ -4640,6 +4646,7 @@ static int DesfileReadFileAndPrint(DesfireContext_t *dctx, uint8_t fnum, int fil
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire GetValue operation " _RED_("error") ". Result: %d", res);
DropField();
free(resp);
return PM3_ESOFT;
}
PrintAndLogEx(SUCCESS, "Read file 0x%02x value: %d (0x%08x)", fnum, value, value);
@ -4652,6 +4659,7 @@ static int DesfileReadFileAndPrint(DesfireContext_t *dctx, uint8_t fnum, int fil
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire ReadRecords (len=1) command " _RED_("error") ". Result: %d", res);
DropField();
free(resp);
return PM3_ESOFT;
}
reclen = resplen;
@ -4666,6 +4674,7 @@ static int DesfileReadFileAndPrint(DesfireContext_t *dctx, uint8_t fnum, int fil
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire ReadRecords command " _RED_("error") ". Result: %d", res);
DropField();
free(resp);
return PM3_ESOFT;
}
}
@ -4690,6 +4699,7 @@ static int DesfileReadFileAndPrint(DesfireContext_t *dctx, uint8_t fnum, int fil
if (res != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Desfire ReadFile command " _RED_("error") ". Result: %d", res);
DropField();
free(resp);
return PM3_ESOFT;
}
@ -4717,6 +4727,7 @@ static int DesfileReadFileAndPrint(DesfireContext_t *dctx, uint8_t fnum, int fil
}
}
free(resp);
return PM3_SUCCESS;
}

55
client/src/mifare/desfirecore.c
View file

@ -530,7 +530,9 @@ static int DesfireExchangeNative(bool activate_field, DesfireContext_t *ctx, uin
if (respcode)
*respcode = 0xff;
uint8_t buf[255 * 5] = {0x00};
uint8_t *buf = calloc(DESFIRE_BUFFER_SIZE, 1);
if (buf == NULL)
return PM3_EMALLOC;
uint32_t buflen = 0;
uint32_t pos = 0;
uint32_t i = 1;
@ -560,10 +562,11 @@ static int DesfireExchangeNative(bool activate_field, DesfireContext_t *ctx, uin
cdata[sendindx] = MFDES_ADDITIONAL_FRAME;
}
res = DESFIRESendRaw(activate_field, &cdata[sendindx], sendlen, buf, sizeof(buf), &buflen, &rcode);
res = DESFIRESendRaw(activate_field, &cdata[sendindx], sendlen, buf, DESFIRE_BUFFER_SIZE, &buflen, &rcode);
if (res != PM3_SUCCESS) {
uint16_t ssw = DESFIRE_GET_ISO_STATUS(rcode);
PrintAndLogEx(DEBUG, "error DESFIRESendRaw %s", DesfireGetErrorString(res, &ssw));
free(buf);
return res;
}
@ -594,13 +597,14 @@ static int DesfireExchangeNative(bool activate_field, DesfireContext_t *ctx, uin
if (resplen)
*resplen = pos;
}
free(buf);
return PM3_SUCCESS;
}
while (rcode == MFDES_ADDITIONAL_FRAME) {
cdata[0] = MFDES_ADDITIONAL_FRAME; //0xAF
res = DESFIRESendRaw(false, cdata, 1, buf, sizeof(buf), &buflen, &rcode);
res = DESFIRESendRaw(false, cdata, 1, buf, DESFIRE_BUFFER_SIZE, &buflen, &rcode);
if (res != PM3_SUCCESS) {
uint16_t ssw = DESFIRE_GET_ISO_STATUS(rcode);
PrintAndLogEx(DEBUG, "error DESFIRESendRaw %s", DesfireGetErrorString(res, &ssw));
@ -627,6 +631,7 @@ static int DesfireExchangeNative(bool activate_field, DesfireContext_t *ctx, uin
if (resplen)
*resplen = (splitbysize) ? i : pos;
free(buf);
return PM3_SUCCESS;
}
@ -637,7 +642,9 @@ static int DesfireExchangeISONative(bool activate_field, DesfireContext_t *ctx,
*respcode = 0xff;
uint16_t sw = 0;
uint8_t buf[255 * 5] = {0x00};
uint8_t *buf = calloc(DESFIRE_BUFFER_SIZE, 1);
if (buf == NULL)
return PM3_EMALLOC;
uint32_t buflen = 0;
uint32_t pos = 0;
uint32_t i = 1;
@ -663,9 +670,10 @@ static int DesfireExchangeISONative(bool activate_field, DesfireContext_t *ctx,
if (sentdatalen > 0)
apdu.INS = MFDES_ADDITIONAL_FRAME;
res = DESFIRESendApdu(activate_field, apdu, buf, sizeof(buf), &buflen, &sw);
res = DESFIRESendApdu(activate_field, apdu, buf, DESFIRE_BUFFER_SIZE, &buflen, &sw);
if (res != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "error DESFIRESendApdu %s", DesfireGetErrorString(res, &sw));
free(buf);
return res;
}
@ -696,6 +704,7 @@ static int DesfireExchangeISONative(bool activate_field, DesfireContext_t *ctx,
if (resplen)
*resplen = pos;
}
free(buf);
return PM3_SUCCESS;
}
@ -707,9 +716,10 @@ static int DesfireExchangeISONative(bool activate_field, DesfireContext_t *ctx,
apdu.P2 = 0;
apdu.data = NULL;
res = DESFIRESendApdu(false, apdu, buf, sizeof(buf), &buflen, &sw);
res = DESFIRESendApdu(false, apdu, buf, DESFIRE_BUFFER_SIZE, &buflen, &sw);
if (res != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "error DESFIRESendApdu %s", DesfireGetErrorString(res, &sw));
free(buf);
return res;
}
@ -733,17 +743,21 @@ static int DesfireExchangeISONative(bool activate_field, DesfireContext_t *ctx,
if (resplen)
*resplen = (splitbysize) ? i : pos;
free(buf);
return PM3_SUCCESS;
}
static int DesfireExchangeISO(bool activate_field, DesfireContext_t *ctx, sAPDU_t apdu, uint16_t le, uint8_t *resp, size_t *resplen, uint16_t *sw) {
uint8_t data[1050] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return PM3_EMALLOC;
uint32_t datalen = 0;
int res = DESFIRESendApduEx(activate_field, apdu, le, data, sizeof(data), &datalen, sw);
int res = DESFIRESendApduEx(activate_field, apdu, le, data, DESFIRE_BUFFER_SIZE, &datalen, sw);
if (res == PM3_SUCCESS)
DesfireSecureChannelDecode(ctx, data, datalen, 0, resp, resplen);
free(data);
return res;
}
@ -785,7 +799,9 @@ int DesfireExchangeEx(bool activate_field, DesfireContext_t *ctx, uint8_t cmd, u
if (!PrintChannelModeWarning(cmd, ctx->secureChannel, ctx->cmdSet, ctx->commMode))
DesfirePrintContext(ctx);
uint8_t databuf[250 * 5] = {0};
uint8_t *databuf = calloc(DESFIRE_BUFFER_SIZE, 1);
if (databuf == NULL)
return PM3_EMALLOC;
size_t databuflen = 0;
switch (ctx->cmdSet) {
@ -814,10 +830,12 @@ int DesfireExchangeEx(bool activate_field, DesfireContext_t *ctx, uint8_t cmd, u
}
break;
case DCCISO:
free(databuf);
return PM3_EAPDU_FAIL;
break;
}
free(databuf);
return res;
}
@ -1843,20 +1861,31 @@ static int DesfireCommandEx(DesfireContext_t *dctx, uint8_t cmd, uint8_t *data,
*resplen = 0;
uint8_t respcode = 0xff;
uint8_t xresp[2050] = {0};
uint8_t *xresp = calloc(DESFIRE_BUFFER_SIZE, 1);
if (xresp == NULL)
return PM3_EMALLOC;
size_t xresplen = 0;
int res = DesfireExchangeEx(false, dctx, cmd, data, datalen, &respcode, xresp, &xresplen, true, splitbysize);
if (res != PM3_SUCCESS)
if (res != PM3_SUCCESS) {
free(xresp);
return res;
if (respcode != MFDES_S_OPERATION_OK)
}
if (respcode != MFDES_S_OPERATION_OK) {
free(xresp);
return PM3_EAPDU_FAIL;
if (checklength >= 0 && xresplen != checklength)
}
if (checklength >= 0 && xresplen != checklength) {
free(xresp);
return PM3_EAPDU_FAIL;
}
if (resplen)
*resplen = xresplen;
if (resp)
memcpy(resp, xresp, (splitbysize == 0) ? xresplen : xresplen * splitbysize);
free(xresp);
return PM3_SUCCESS;
}

1
client/src/mifare/desfirecore.h
View file

@ -18,6 +18,7 @@
#include "mifare/desfirecrypto.h"
#define DESFIRE_TX_FRAME_MAX_LEN 54
#define DESFIRE_BUFFER_SIZE 65538
enum DesfireISOSelectControlEnum {
ISSMFDFEF = 0x00,

54
client/src/mifare/desfiresecurechan.c
View file

@ -267,7 +267,9 @@ static bool DesfireISOChannelValidCmd(uint8_t cmd) {
}
static void DesfireSecureChannelEncodeD40(DesfireContext_t *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
uint8_t data[1024] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return;
size_t rlen = 0;
memcpy(dstdata, srcdata, srcdatalen);
@ -278,8 +280,10 @@ static void DesfireSecureChannelEncodeD40(DesfireContext_t *ctx, uint8_t cmd, ui
hdrlen = srcdatalen;
if (ctx->commMode == DCMMACed || (ctx->commMode == DCMEncrypted && srcdatalen <= hdrlen)) {
if (srcdatalen == 0)
if (srcdatalen == 0) {
free(data);
return;
}
rlen = srcdatalen + DesfireGetMACLength(ctx);
@ -294,8 +298,10 @@ static void DesfireSecureChannelEncodeD40(DesfireContext_t *ctx, uint8_t cmd, ui
*dstdatalen = rlen;
}
} else if (ctx->commMode == DCMEncrypted || ctx->commMode == DCMEncryptedWithPadding) {
if (srcdatalen <= hdrlen)
if (srcdatalen <= hdrlen) {
free(data);
return;
}
uint8_t paddinglen = (ctx->commMode == DCMEncryptedWithPadding) ? 1 : 0;
rlen = padded_data_length(srcdatalen + 2 + paddinglen - hdrlen, desfire_get_key_block_length(ctx->keyType)) + hdrlen; // 2 - crc16
@ -312,8 +318,10 @@ static void DesfireSecureChannelEncodeD40(DesfireContext_t *ctx, uint8_t cmd, ui
*dstdatalen = rlen;
} else if (ctx->commMode == DCMEncryptedPlain) {
if (srcdatalen == 0 || srcdatalen <= hdrlen)
if (srcdatalen == 0 || srcdatalen <= hdrlen) {
free(data);
return;
}
rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType)) + hdrlen;
memcpy(data, srcdata, srcdatalen);
@ -322,10 +330,13 @@ static void DesfireSecureChannelEncodeD40(DesfireContext_t *ctx, uint8_t cmd, ui
*dstdatalen = rlen;
ctx->commMode = DCMEncrypted;
}
free(data);
}
static void DesfireSecureChannelEncodeEV1(DesfireContext_t *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
uint8_t data[1024] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return;
size_t rlen = 0;
memcpy(dstdata, srcdata, srcdatalen);
@ -368,8 +379,10 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext_t *ctx, uint8_t cmd, ui
*dstdatalen = hdrlen + rlen;
ctx->commMode = DCMEncrypted;
} else if (ctx->commMode == DCMEncryptedPlain) {
if (srcdatalen <= hdrlen)
if (srcdatalen <= hdrlen) {
free(data);
return;
}
memcpy(dstdata, srcdata, hdrlen);
memcpy(data, &srcdata[hdrlen], srcdatalen);
@ -378,10 +391,13 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext_t *ctx, uint8_t cmd, ui
*dstdatalen = hdrlen + rlen;
ctx->commMode = DCMEncrypted;
}
free(data);
}
static void DesfireSecureChannelEncodeEV2(DesfireContext_t *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
uint8_t data[1050] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return;
size_t rlen = 0;
memcpy(dstdata, srcdata, srcdatalen);
@ -417,10 +433,13 @@ static void DesfireSecureChannelEncodeEV2(DesfireContext_t *ctx, uint8_t cmd, ui
*dstdatalen = hdrlen + rlen + DesfireGetMACLength(ctx);
ctx->commMode = DCMEncrypted;
}
free(data);
}
static void DesfireSecureChannelEncodeLRP(DesfireContext_t *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
uint8_t data[1050] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return;
size_t rlen = 0;
memcpy(dstdata, srcdata, srcdatalen);
@ -455,6 +474,7 @@ static void DesfireSecureChannelEncodeLRP(DesfireContext_t *ctx, uint8_t cmd, ui
*dstdatalen = hdrlen + rlen + DesfireGetMACLength(ctx);
ctx->commMode = DCMEncrypted;
}
free(data);
}
void DesfireSecureChannelEncode(DesfireContext_t *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
@ -482,7 +502,9 @@ void DesfireSecureChannelEncode(DesfireContext_t *ctx, uint8_t cmd, uint8_t *src
}
static void DesfireSecureChannelDecodeD40(DesfireContext_t *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
uint8_t data[1024] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return;
size_t rlen = 0;
memcpy(dstdata, srcdata, srcdatalen);
@ -514,6 +536,7 @@ static void DesfireSecureChannelDecodeD40(DesfireContext_t *ctx, uint8_t *srcdat
if (srcdatalen < desfire_get_key_block_length(ctx->keyType)) {
memcpy(dstdata, srcdata, srcdatalen);
*dstdatalen = srcdatalen;
free(data);
return;
}
@ -535,10 +558,13 @@ static void DesfireSecureChannelDecodeD40(DesfireContext_t *ctx, uint8_t *srcdat
*dstdatalen = srcdatalen;
break;
}
free(data);
}
static void DesfireSecureChannelDecodeEV1(DesfireContext_t *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
uint8_t data[1024] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return;
// if comm mode = plain --> response with MAC
// if request is not zero length --> response MAC
@ -546,6 +572,7 @@ static void DesfireSecureChannelDecodeEV1(DesfireContext_t *ctx, uint8_t *srcdat
if (srcdatalen < DesfireGetMACLength(ctx)) {
memcpy(dstdata, srcdata, srcdatalen);
*dstdatalen = srcdatalen;
free(data);
return;
}
@ -569,6 +596,7 @@ static void DesfireSecureChannelDecodeEV1(DesfireContext_t *ctx, uint8_t *srcdat
if (srcdatalen < desfire_get_key_block_length(ctx->keyType)) {
memcpy(dstdata, srcdata, srcdatalen);
*dstdatalen = srcdatalen;
free(data);
return;
}
@ -587,6 +615,7 @@ static void DesfireSecureChannelDecodeEV1(DesfireContext_t *ctx, uint8_t *srcdat
memcpy(dstdata, srcdata, srcdatalen);
*dstdatalen = srcdatalen;
}
free(data);
}
static void DesfireSecureChannelDecodeEV2(DesfireContext_t *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {
@ -707,7 +736,9 @@ static void DesfireSecureChannelDecodeLRP(DesfireContext_t *ctx, uint8_t *srcdat
static void DesfireISODecode(DesfireContext_t *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
memcpy(dstdata, srcdata, srcdatalen);
*dstdatalen = srcdatalen;
uint8_t data[1050] = {0};
uint8_t *data = calloc(DESFIRE_BUFFER_SIZE, 1);
if (data == NULL)
return;
if (srcdatalen < DesfireGetMACLength(ctx))
return;
@ -729,6 +760,7 @@ static void DesfireISODecode(DesfireContext_t *ctx, uint8_t *srcdata, size_t src
PrintAndLogEx(INFO, "Received MAC OK");
}
}
free(data);
}
void DesfireSecureChannelDecode(DesfireContext_t *ctx, uint8_t *srcdata, size_t srcdatalen, uint8_t respcode, uint8_t *dstdata, size_t *dstdatalen) {