github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-07-30 19:40:37 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

and done

Browse source
This commit is contained in:
Doridian 2022-06-11 16:16:56 -07:00
parent 1a4437550b
commit 83943aafc8
21 changed files with 123 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

2
client/CMakeLists.txt
View file

@ -552,6 +552,8 @@ if (NOT SKIPPYTHON EQUAL 1)
endif (NOT SKIPPYTHON EQUAL 1) endif (NOT SKIPPYTHON EQUAL 1)
message(STATUS "===================================================================") message(STATUS "===================================================================")
add_definitions(-DHAVE_SNPRINTF)
add_executable(proxmark3 add_executable(proxmark3
${PM3_ROOT}/client/src/proxmark3.c ${PM3_ROOT}/client/src/proxmark3.c
${TARGET_SOURCES} ${TARGET_SOURCES}

4
client/Makefile
View file

@ -402,6 +402,8 @@ ifeq ($(SWIG_PYTHON_FOUND),1)
PM3CFLAGS += -DHAVE_PYTHON_SWIG PM3CFLAGS += -DHAVE_PYTHON_SWIG
endif endif
PM3CFLAGS += -DHAVE_SNPRINTF
CXXFLAGS ?= -Wall -Werror -O3 CXXFLAGS ?= -Wall -Werror -O3
PM3CXXFLAGS = $(CXXFLAGS) PM3CXXFLAGS = $(CXXFLAGS)
PM3CXXFLAGS += -I../include -I./include PM3CXXFLAGS += -I../include -I./include
@ -415,6 +417,8 @@ ifeq ($(QT_FOUND),1)
endif endif
endif endif
PM3CXXFLAGS += -DHAVE_SNPRINTF
LDFLAGS ?= $(DEFLDFLAGS) LDFLAGS ?= $(DEFLDFLAGS)
PM3LDFLAGS = $(LDFLAGS) PM3LDFLAGS = $(LDFLAGS)
ifeq ($(platform),Darwin) ifeq ($(platform),Darwin)

4
client/src/emv/emvcore.c
View file

@ -224,7 +224,7 @@ struct tlvdb *GetPANFromTrack2(const struct tlv *track2) {
return NULL; return NULL;
for (int i = 0; i < track2->len; ++i, tmp += 2) for (int i = 0; i < track2->len; ++i, tmp += 2)
sprintf(tmp, "%02x", (unsigned int)track2->value[i]); snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]);
int posD = strchr(track2Hex, 'd') - track2Hex; int posD = strchr(track2Hex, 'd') - track2Hex;
if (posD < 1) if (posD < 1)
@ -253,7 +253,7 @@ struct tlvdb *GetdCVVRawFromTrack2(const struct tlv *track2) {
return NULL; return NULL;
for (int i = 0; i < track2->len; ++i, tmp += 2) for (int i = 0; i < track2->len; ++i, tmp += 2)
sprintf(tmp, "%02x", (unsigned int)track2->value[i]); snprintf(tmp, sizeof(track2Hex) - (tmp - track2Hex), "%02x", (unsigned int)track2->value[i]);
int posD = strchr(track2Hex, 'd') - track2Hex; int posD = strchr(track2Hex, 'd') - track2Hex;
if (posD < 1) if (posD < 1)

2
client/src/emv/emvjson.c
View file

@ -206,7 +206,7 @@ int JsonSaveTLVTree(json_t *root, json_t *elm, const char *path, struct tlvdb *t
if (AppDataName) { if (AppDataName) {
char appdatalink[200] = {0}; char appdatalink[200] = {0};
sprintf(appdatalink, "$.ApplicationData.%s", AppDataName); snprintf(appdatalink, sizeof(appdatalink), "$.ApplicationData.%s", AppDataName);
JsonSaveBufAsHex(root, appdatalink, (uint8_t *)tlvpelm->value, tlvpelm->len); JsonSaveBufAsHex(root, appdatalink, (uint8_t *)tlvpelm->value, tlvpelm->len);
} }

62
client/src/fileutils.c
View file

@ -251,15 +251,19 @@ char *newfilenamemcopy(const char *preferredName, const char *suffix) {
if (str_endswith(preferredName, suffix)) if (str_endswith(preferredName, suffix))
p_namelen -= strlen(suffix); p_namelen -= strlen(suffix);
char *fileName = (char *) calloc(p_namelen + strlen(suffix) + 1 + 10, sizeof(uint8_t)); // 10: room for filenum to ensure new filename const size_t fileNameLen = p_namelen + strlen(suffix) + 1 + 10;
const size_t fileNameSize = fileNameLen * sizeof(uint8_t);
char *fileName = (char *) calloc(fileNameLen, sizeof(uint8_t)); // 10: room for filenum to ensure new filename
if (fileName == NULL) { if (fileName == NULL) {
return NULL; return NULL;
} }
int num = 1; int num = 1;
sprintf(fileName, "%.*s%s", p_namelen, preferredName, suffix); snprintf(fileName, fileNameSize, "%.*s%s", p_namelen, preferredName, suffix);
while (fileExists(fileName)) { while (fileExists(fileName)) {
sprintf(fileName, "%.*s-%d%s", p_namelen, preferredName, num, suffix); snprintf(fileName, fileNameSize, "%.*s-%d%s", p_namelen, preferredName, num, suffix);
num++; num++;
} }
return fileName; return fileName;
@ -361,7 +365,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
JsonSaveBufAsHexCompact(root, "$.Card.SAK", &(xdump->card_info.sak), 1); JsonSaveBufAsHexCompact(root, "$.Card.SAK", &(xdump->card_info.sak), 1);
for (size_t i = 0; i < (xdump->dumplen / 16); i++) { for (size_t i = 0; i < (xdump->dumplen / 16); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, &xdump->dump[i * 16], 16); JsonSaveBufAsHexCompact(root, path, &xdump->dump[i * 16], 16);
if (mfIsSectorTrailer(i)) { if (mfIsSectorTrailer(i)) {
snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyA", mfSectorNum(i)); snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyA", mfSectorNum(i));
@ -409,9 +413,9 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
JsonSaveBufAsHexCompact(root, "$.Card.TBO_1", tmp->tbo1, sizeof(tmp->tbo1)); JsonSaveBufAsHexCompact(root, "$.Card.TBO_1", tmp->tbo1, sizeof(tmp->tbo1));
JsonSaveBufAsHexCompact(root, "$.Card.Signature", tmp->signature, sizeof(tmp->signature)); JsonSaveBufAsHexCompact(root, "$.Card.Signature", tmp->signature, sizeof(tmp->signature));
for (uint8_t i = 0; i < 3; i ++) { for (uint8_t i = 0; i < 3; i ++) {
sprintf(path, "$.Card.Counter%d", i); snprintf(path, sizeof(path), "$.Card.Counter%d", i);
JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i], 3); JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i], 3);
sprintf(path, "$.Card.Tearing%d", i); snprintf(path, sizeof(path), "$.Card.Tearing%d", i);
JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i] + 3, 1); JsonSaveBufAsHexCompact(root, path, tmp->counter_tearing[i] + 3, 1);
} }
@ -419,7 +423,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
size_t len = (datalen - MFU_DUMP_PREFIX_LENGTH) / 4; size_t len = (datalen - MFU_DUMP_PREFIX_LENGTH) / 4;
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, tmp->data + (i * 4), 4); JsonSaveBufAsHexCompact(root, path, tmp->data + (i * 4), 4);
} }
break; break;
@ -433,7 +437,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
for (size_t i = 0; i < (datalen / 4); i++) { for (size_t i = 0; i < (datalen / 4); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4);
} }
break; break;
@ -458,7 +462,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
for (size_t i = 0; i < (datalen / 8); i++) { for (size_t i = 0; i < (datalen / 8); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, data + (i * 8), 8); JsonSaveBufAsHexCompact(root, path, data + (i * 8), 8);
} }
@ -472,7 +476,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
for (size_t i = 0; i < (datalen / 4); i++) { for (size_t i = 0; i < (datalen / 4); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4);
} }
break; break;
@ -500,7 +504,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
for (size_t i = 0; i < (datalen / 4); i++) { for (size_t i = 0; i < (datalen / 4); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4);
} }
break; break;
@ -514,7 +518,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
for (size_t i = 0; i < (datalen / 4); i++) { for (size_t i = 0; i < (datalen / 4); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4);
} }
break; break;
@ -527,7 +531,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
for (size_t i = 0; i < (datalen / 4); i++) { for (size_t i = 0; i < (datalen / 4); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4);
} }
break; break;
@ -541,7 +545,7 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
for (size_t i = 0; i < (datalen / 4); i++) { for (size_t i = 0; i < (datalen / 4); i++) {
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
sprintf(path, "$.blocks.%zu", i); snprintf(path, sizeof(path), "$.blocks.%zu", i);
JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4);
} }
break; break;
@ -562,14 +566,12 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
if (vdata[0][i][0]) { if (vdata[0][i][0]) {
memset(path, 0x00, sizeof(path)); snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyA", mfSectorNum(i));
sprintf(path, "$.SectorKeys.%d.KeyA", mfSectorNum(i));
JsonSaveBufAsHexCompact(root, path, &vdata[0][i][1], 16); JsonSaveBufAsHexCompact(root, path, &vdata[0][i][1], 16);
} }
if (vdata[1][i][0]) { if (vdata[1][i][0]) {
memset(path, 0x00, sizeof(path)); snprintf(path, sizeof(path), "$.SectorKeys.%d.KeyB", mfSectorNum(i));
sprintf(path, "$.SectorKeys.%d.KeyB", mfSectorNum(i));
JsonSaveBufAsHexCompact(root, path, &vdata[1][i][1], 16); JsonSaveBufAsHexCompact(root, path, &vdata[1][i][1], 16);
} }
} }
@ -591,24 +593,20 @@ int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data,
char path[PATH_MAX_LENGTH] = {0}; char path[PATH_MAX_LENGTH] = {0};
if (dvdata[0][i][0]) { if (dvdata[0][i][0]) {
memset(path, 0x00, sizeof(path)); snprintf(path, sizeof(path), "$.DES.%d.Key", i);
sprintf(path, "$.DES.%d.Key", i);
JsonSaveBufAsHexCompact(root, path, &dvdata[0][i][1], 8); JsonSaveBufAsHexCompact(root, path, &dvdata[0][i][1], 8);
} }
if (dvdata[1][i][0]) { if (dvdata[1][i][0]) {
memset(path, 0x00, sizeof(path)); snprintf(path, sizeof(path), "$.3DES.%d.Key", i);
sprintf(path, "$.3DES.%d.Key", i);
JsonSaveBufAsHexCompact(root, path, &dvdata[1][i][1], 16); JsonSaveBufAsHexCompact(root, path, &dvdata[1][i][1], 16);
} }
if (dvdata[2][i][0]) { if (dvdata[2][i][0]) {
memset(path, 0x00, sizeof(path)); snprintf(path, sizeof(path), "$.AES.%d.Key", i);
sprintf(path, "$.AES.%d.Key", i);
JsonSaveBufAsHexCompact(root, path, &dvdata[2][i][1], 16); JsonSaveBufAsHexCompact(root, path, &dvdata[2][i][1], 16);
} }
if (dvdata[3][i][0]) { if (dvdata[3][i][0]) {
memset(path, 0x00, sizeof(path)); snprintf(path, sizeof(path), "$.K3KDES.%d.Key", i);
sprintf(path, "$.K3KDES.%d.Key", i);
JsonSaveBufAsHexCompact(root, path, &dvdata[3][i][1], 24); JsonSaveBufAsHexCompact(root, path, &dvdata[3][i][1], 24);
} }
} }
@ -1097,7 +1095,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz
} }
char blocks[30] = {0}; char blocks[30] = {0};
sprintf(blocks, "$.blocks.%d", i); snprintf(blocks, sizeof(blocks), "$.blocks.%d", i);
size_t len = 0; size_t len = 0;
JsonLoadBufAsHex(root, blocks, &udata[sptr], 16, &len); JsonLoadBufAsHex(root, blocks, &udata[sptr], 16, &len);
@ -1134,7 +1132,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz
} }
char blocks[30] = {0}; char blocks[30] = {0};
sprintf(blocks, "$.blocks.%d", i); snprintf(blocks, sizeof(blocks), "$.blocks.%d", i);
size_t len = 0; size_t len = 0;
JsonLoadBufAsHex(root, blocks, &mem->data[sptr], MFU_BLOCK_SIZE, &len); JsonLoadBufAsHex(root, blocks, &mem->data[sptr], MFU_BLOCK_SIZE, &len);
@ -1159,7 +1157,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz
} }
char blocks[30] = {0}; char blocks[30] = {0};
sprintf(blocks, "$.blocks.%zu", i); snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i);
size_t len = 0; size_t len = 0;
JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len);
@ -1181,7 +1179,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz
} }
char blocks[30] = {0}; char blocks[30] = {0};
sprintf(blocks, "$.blocks.%zu", i); snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i);
size_t len = 0; size_t len = 0;
JsonLoadBufAsHex(root, blocks, &udata[sptr], 8, &len); JsonLoadBufAsHex(root, blocks, &udata[sptr], 8, &len);
@ -1202,7 +1200,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz
} }
char blocks[30] = {0}; char blocks[30] = {0};
sprintf(blocks, "$.blocks.%zu", i); snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i);
size_t len = 0; size_t len = 0;
JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len);
@ -1223,7 +1221,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz
} }
char blocks[30] = {0}; char blocks[30] = {0};
sprintf(blocks, "$.blocks.%zu", i); snprintf(blocks, sizeof(blocks), "$.blocks.%zu", i);
size_t len = 0; size_t len = 0;
JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len); JsonLoadBufAsHex(root, blocks, &udata[sptr], 4, &len);

2
client/src/iso7816/apduinfo.c
View file

@ -296,7 +296,7 @@ const APDUCode_t *GetAPDUCode(uint8_t sw1, uint8_t sw2) {
int mineq = ARRAYLEN(APDUCodeTable); int mineq = ARRAYLEN(APDUCodeTable);
int mineqindx = 0; int mineqindx = 0;
sprintf(buf, "%02X%02X", sw1, sw2); snprintf(buf, sizeof(buf), "%02X%02X", sw1, sw2);
for (int i = 0; i < ARRAYLEN(APDUCodeTable); i++) { for (int i = 0; i < ARRAYLEN(APDUCodeTable); i++) {
int res = CodeCmp(APDUCodeTable[i].ID, buf); int res = CodeCmp(APDUCodeTable[i].ID, buf);

9
client/src/mifare/aiddesfire.c
View file

@ -275,7 +275,7 @@ static const char *aiddf_json_get_str(json_t *data, const char *name) {
static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool verbose) { static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool verbose) {
char laid[7] = {0}; char laid[7] = {0};
sprintf(laid, "%02x%02x%02x", aid[2], aid[1], aid[0]); // must be lowercase snprintf(laid, sizeof(laid), "%02x%02x%02x", aid[2], aid[1], aid[0]); // must be lowercase
json_t *elm = NULL; json_t *elm = NULL;
@ -307,8 +307,9 @@ static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool
const char *type = aiddf_json_get_str(elm, "Type"); const char *type = aiddf_json_get_str(elm, "Type");
if (name && vendor) { if (name && vendor) {
char result[5 + strlen(name) + strlen(vendor)]; size_t result_len = 5 + strlen(name) + strlen(vendor);
sprintf(result, " %s [%s]", name, vendor); char result[result_len];
snprintf(result, result_len, " %s [%s]", name, vendor);
PrintAndLogEx(INFO, fmt, result); PrintAndLogEx(INFO, fmt, result);
} }
@ -332,7 +333,7 @@ int AIDDFDecodeAndPrint(uint8_t aid[3]) {
open_aiddf_file(&df_known_aids, false); open_aiddf_file(&df_known_aids, false);
char fmt[80]; char fmt[80];
sprintf(fmt, " DF AID Function %02X%02X%02X :" _YELLOW_("%s"), aid[2], aid[1], aid[0], "%s"); snprintf(fmt, sizeof(fmt), " DF AID Function %02X%02X%02X :" _YELLOW_("%s"), aid[2], aid[1], aid[0], "%s");
print_aiddf_description(df_known_aids, aid, fmt, false); print_aiddf_description(df_known_aids, aid, fmt, false);
close_aiddf_file(df_known_aids); close_aiddf_file(df_known_aids);
return PM3_SUCCESS; return PM3_SUCCESS;

8
client/src/mifare/desfirecore.c
View file

@ -322,12 +322,11 @@ const char *DesfireSelectWayToStr(DesfireISOSelectWay way) {
char *DesfireWayIDStr(DesfireISOSelectWay way, uint32_t id) { char *DesfireWayIDStr(DesfireISOSelectWay way, uint32_t id) {
static char str[200] = {0}; static char str[200] = {0};
memset(str, 0, sizeof(str));
if (way == ISWMF || way == ISWDFName) if (way == ISWMF || way == ISWDFName)
sprintf(str, "%s", DesfireSelectWayToStr(way)); snprintf(str, sizeof(str), "%s", DesfireSelectWayToStr(way));
else else
sprintf(str, "%s %0*x", DesfireSelectWayToStr(way), (way == ISW6bAID) ? 6 : 4, id); snprintf(str, sizeof(str), "%s %0*x", DesfireSelectWayToStr(way), (way == ISW6bAID) ? 6 : 4, id);
return str; return str;
} }
@ -2296,10 +2295,9 @@ static const char *GetDesfireKeyType(uint8_t keytype) {
const char *GetDesfireAccessRightStr(uint8_t right) { const char *GetDesfireAccessRightStr(uint8_t right) {
static char int_access_str[200]; static char int_access_str[200];
memset(int_access_str, 0, sizeof(int_access_str));
if (right <= 0x0d) { if (right <= 0x0d) {
sprintf(int_access_str, "key 0x%02x", right); snprintf(int_access_str, sizeof(int_access_str), "key 0x%02x", right);
return int_access_str; return int_access_str;
} }

13
client/src/mifare/mad.c
View file

@ -101,7 +101,7 @@ static const char *mad_json_get_str(json_t *data, const char *name) {
static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool verbose) { static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool verbose) {
char lmad[7] = {0}; char lmad[7] = {0};
sprintf(lmad, "0x%04x", aid); // must be lowercase snprintf(lmad, sizeof(lmad), "0x%04x", aid); // must be lowercase
json_t *elm = NULL; json_t *elm = NULL;
@ -132,8 +132,9 @@ static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool ver
const char *integrator = mad_json_get_str(elm, "system_integrator"); const char *integrator = mad_json_get_str(elm, "system_integrator");
if (application && company) { if (application && company) {
char result[4 + strlen(application) + strlen(company)]; size_t result_len = 4 + strlen(application) + strlen(company);
sprintf(result, " %s [%s]", application, company); char result[result_len];
snprintf(result, result_len, " %s [%s]", application, company);
PrintAndLogEx(INFO, fmt, result); PrintAndLogEx(INFO, fmt, result);
} }
@ -334,7 +335,7 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMA
PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i, aid); PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i, aid);
} else { } else {
char fmt[30]; char fmt[30];
sprintf(fmt, (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i, aid, "%s"); snprintf(fmt, sizeof(fmt), (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i, aid, "%s");
print_aid_description(mad_known_aids, aid, fmt, verbose); print_aid_description(mad_known_aids, aid, fmt, verbose);
prev_aid = aid; prev_aid = aid;
} }
@ -378,7 +379,7 @@ int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) {
PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i + 16, aid); PrintAndLogEx(INFO, (ibs == i) ? _MAGENTA_(" %02d [%04X] (continuation)") : " %02d [%04X] (continuation)", i + 16, aid);
} else { } else {
char fmt[30]; char fmt[30];
sprintf(fmt, (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i + 16, aid, "%s"); snprintf(fmt, sizeof(fmt), (ibs == i) ? _MAGENTA_(" %02d [%04X]%s") : " %02d [%04X]%s", i + 16, aid, "%s");
print_aid_description(mad_known_aids, aid, fmt, verbose); print_aid_description(mad_known_aids, aid, fmt, verbose);
prev_aid = aid; prev_aid = aid;
} }
@ -392,7 +393,7 @@ int MADDFDecodeAndPrint(uint32_t short_aid) {
open_mad_file(&mad_known_aids, false); open_mad_file(&mad_known_aids, false);
char fmt[50]; char fmt[50];
sprintf(fmt, " MAD AID Function 0x%04X :" _YELLOW_("%s"), short_aid, "%s"); snprintf(fmt, sizeof(fmt), " MAD AID Function 0x%04X :" _YELLOW_("%s"), short_aid, "%s");
print_aid_description(mad_known_aids, short_aid, fmt, false); print_aid_description(mad_known_aids, short_aid, fmt, false);
close_mad_file(mad_known_aids); close_mad_file(mad_known_aids);
return PM3_SUCCESS; return PM3_SUCCESS;

10
client/src/nfc/ndef.c
View file

@ -452,15 +452,15 @@ static int ndefDecodePayloadDeviceInfo(uint8_t *payload, size_t len) {
// record.uuid_string = '123e4567-e89b-12d3-a456-426655440000' // record.uuid_string = '123e4567-e89b-12d3-a456-426655440000'
// 8-4-4-4-12 // 8-4-4-4-12
char uuid[37] = {0}; char uuid[37] = {0};
sprintf(uuid, "%s-", sprint_hex_inrow(p, 4)); snprintf(uuid, sizeof(uuid), "%s-", sprint_hex_inrow(p, 4));
p += 4; p += 4;
sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2));
p += 2; p += 2;
sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2));
p += 2; p += 2;
sprintf(uuid + strlen(uuid), "%s-", sprint_hex_inrow(p, 2)); snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s-", sprint_hex_inrow(p, 2));
p += 2; p += 2;
sprintf(uuid + strlen(uuid), "%s", sprint_hex_inrow(p, 6)); snprintf(uuid + strlen(uuid), sizeof(uuid) - strlen(uuid), "%s", sprint_hex_inrow(p, 6));
p += 6; p += 6;
PrintAndLogEx(INFO, "UUID.......... " _YELLOW_("%s"), uuid); PrintAndLogEx(INFO, "UUID.......... " _YELLOW_("%s"), uuid);
p++; p++;

14
client/src/proxguiqt.cpp
View file

@ -612,7 +612,7 @@ void Plot::PlotDemod(uint8_t *buffer, size_t len, QRect plotRect, QRect annotati
} }
if (j == (int)clk / 2) { if (j == (int)clk / 2) {
//print label //print label
sprintf(str, "%u", buffer[i]); snprintf(str, sizeof(str), "%u", buffer[i]);
painter->drawText(x - 8, y + ((buffer[i] > 0) ? 18 : -6), str); painter->drawText(x - 8, y + ((buffer[i] > 0) ? 18 : -6), str);
} }
} }
@ -677,11 +677,11 @@ void Plot::PlotGraph(int *buffer, size_t len, QRect plotRect, QRect annotationRe
painter->drawLine(xo - 5, y0, xo + 5, y0); painter->drawLine(xo - 5, y0, xo + 5, y0);
sprintf(yLbl, "%d", v); snprintf(yLbl, sizeof(yLbl), "%d", v);
painter->drawText(xo + 8, y0 + 7, yLbl); painter->drawText(xo + 8, y0 + 7, yLbl);
painter->drawLine(xo - 5, y1, xo + 5, y1); painter->drawLine(xo - 5, y1, xo + 5, y1);
sprintf(yLbl, "%d", -v); snprintf(yLbl, sizeof(yLbl), "%d", -v);
painter->drawText(xo + 8, y1 + 5, yLbl); painter->drawText(xo + 8, y1 + 5, yLbl);
lasty0 = y0; lasty0 = y0;
} }
@ -689,7 +689,7 @@ void Plot::PlotGraph(int *buffer, size_t len, QRect plotRect, QRect annotationRe
//Graph annotations //Graph annotations
painter->drawPath(penPath); painter->drawPath(penPath);
char str[200]; char str[200];
sprintf(str, "max=%d min=%d mean=%" PRId64 " n=%u/%zu CursorAVal=[%d] CursorBVal=[%d]", snprintf(str, sizeof(str), "max=%d min=%d mean=%" PRId64 " n=%u/%zu CursorAVal=[%d] CursorBVal=[%d]",
vMax, vMin, vMean, g_GraphStop - g_GraphStart, len, buffer[CursorAPos], buffer[CursorBPos]); vMax, vMin, vMean, g_GraphStop - g_GraphStart, len, buffer[CursorAPos], buffer[CursorBPos]);
painter->drawText(20, annotationRect.bottom() - 23 - 20 * graphNum, str); painter->drawText(20, annotationRect.bottom() - 23 - 20 * graphNum, str);
//clock_t end = clock(); //clock_t end = clock();
@ -804,12 +804,12 @@ void Plot::paintEvent(QPaintEvent *event) {
char scalestr[30] = {0}; char scalestr[30] = {0};
if (g_CursorScaleFactor != 1) { if (g_CursorScaleFactor != 1) {
if (g_CursorScaleFactorUnit[0] == '\x00') { if (g_CursorScaleFactorUnit[0] == '\x00') {
sprintf(scalestr, "[%2.2f] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor); snprintf(scalestr, sizeof(scalestr), "[%2.2f] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor);
} else { } else {
sprintf(scalestr, "[%2.2f %s] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor, g_CursorScaleFactorUnit); snprintf(scalestr, sizeof(scalestr), "[%2.2f %s] ", ((int32_t)(CursorBPos - CursorAPos)) / g_CursorScaleFactor, g_CursorScaleFactorUnit);
} }
} }
sprintf(str, "@%u..%u dt=%i %szoom=%2.2f CursorAPos=%u CursorBPos=%u GridX=%lf GridY=%lf (%s) GridXoffset=%lf", snprintf(str, sizeof(str), "@%u..%u dt=%i %szoom=%2.2f CursorAPos=%u CursorBPos=%u GridX=%lf GridY=%lf (%s) GridXoffset=%lf",
g_GraphStart, g_GraphStart,
g_GraphStop, g_GraphStop,
CursorBPos - CursorAPos, CursorBPos - CursorAPos,

2
client/src/uart/uart_win32.c
View file

@ -75,7 +75,7 @@ serial_port uart_open(const char *pcPortName, uint32_t speed) {
return INVALID_SERIAL_PORT; return INVALID_SERIAL_PORT;
} }
// Copy the input "com?" to "\\.\COM?" format // Copy the input "com?" to "\\.\COM?" format
sprintf(acPortName, "\\\\.\\%s", pcPortName); snprintf(acPortName, sizeof(acPortName), "\\\\.\\%s", pcPortName);
_strupr(acPortName); _strupr(acPortName);
// Try to open the serial port // Try to open the serial port

10
client/src/ui.c
View file

@ -719,18 +719,13 @@ void print_progress(size_t count, uint64_t max, barMode_t style) {
snprintf(cbar, collen, "%s", bar); snprintf(cbar, collen, "%s", bar);
} }
size_t olen = strlen(cbar) + 40;
char *out = (char *)calloc(olen, sizeof(uint8_t));
switch (style) { switch (style) {
case STYLE_BAR: { case STYLE_BAR: {
sprintf(out, "%s", cbar); printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, cbar);
printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, out);
break; break;
} }
case STYLE_MIXED: { case STYLE_MIXED: {
sprintf(out, "%s [ %zu mV / %2u V / %2u Vmax ]", cbar, count, (uint32_t)(count / 1000), (uint32_t)(max / 1000)); printf("\b%c[2K\r[" _YELLOW_("=")"] %s [ %zu mV / %2u V / %2u Vmax ]", 27, cbar, count, (uint32_t)(count / 1000), (uint32_t)(max / 1000));
printf("\b%c[2K\r[" _YELLOW_("=")"] %s", 27, out);
break; break;
} }
case STYLE_VALUE: { case STYLE_VALUE: {
@ -739,7 +734,6 @@ void print_progress(size_t count, uint64_t max, barMode_t style) {
} }
} }
fflush(stdout); fflush(stdout);
free(out);
free(bar); free(bar);
free(cbar); free(cbar);
} }

43
client/src/util.c
View file

@ -102,8 +102,11 @@ void FillFileNameByUID(char *filenamePrefix, const uint8_t *uid, const char *ext
int len = strlen(filenamePrefix); int len = strlen(filenamePrefix);
for (int j = 0; j < uidlen; j++) for (int j = 0; j < uidlen; j++) {
sprintf(filenamePrefix + len + j * 2, "%02X", uid[j]); // This is technically not the safest option, but there is no way to make this work without changing the function signature
// Possibly todo for future PR, but given UID lenghts are defined by program and not variable, should not be an issue
snprintf(filenamePrefix + len + j * 2, 3, "%02X", uid[j]);
}
strcat(filenamePrefix, ext); strcat(filenamePrefix, ext);
} }
@ -153,15 +156,15 @@ void ascii_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len
if (buf == NULL) return; if (buf == NULL) return;
char *tmp = (char *)buf; char *tmp_base = (char *)buf;
memset(tmp, 0x00, hex_max_len); char *tmp = tmp_base;
size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len;
size_t i = 0; size_t i = 0;
for (i = 0; i < max_len; ++i, tmp++) { for (i = 0; i < max_len; ++i, tmp++) {
char c = hex_data[i]; char c = hex_data[i];
sprintf(tmp, "%c", ((c < 32) || (c == 127)) ? '.' : c); snprintf(tmp, hex_max_len - (tmp - tmp_base), "%c", ((c < 32) || (c == 127)) ? '.' : c);
} }
size_t m = (min_str_len > i) ? min_str_len : 0; size_t m = (min_str_len > i) ? min_str_len : 0;
@ -169,7 +172,7 @@ void ascii_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len
m = hex_max_len; m = hex_max_len;
for (; i < m; i++, tmp++) for (; i < m; i++, tmp++)
sprintf(tmp, " "); snprintf(tmp, hex_max_len - (tmp - tmp_base), " ");
// remove last space // remove last space
*tmp = '\0'; *tmp = '\0';
@ -180,17 +183,17 @@ void hex_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len,
if (buf == NULL) return; if (buf == NULL) return;
char *tmp = (char *)buf; char *tmp_base = (char *)buf;
memset(tmp, 0x00, hex_max_len); char *tmp = tmp_base;
size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len;
size_t i; size_t i;
for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) {
sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]);
for (size_t j = 0; j < spaces_between; j++) for (size_t j = 0; j < spaces_between; j++)
sprintf(tmp + 2 + j, " "); snprintf(tmp + 2 + j, hex_max_len - ((tmp + 2 + j) - tmp_base), " ");
} }
i *= (2 + spaces_between); i *= (2 + spaces_between);
@ -200,7 +203,7 @@ void hex_to_buffer(uint8_t *buf, const uint8_t *hex_data, const size_t hex_len,
m = hex_max_len; m = hex_max_len;
for (; i < m; i++, tmp++) for (; i < m; i++, tmp++)
sprintf(tmp, " "); snprintf(tmp, hex_max_len - (tmp - tmp_base), " ");
// remove last space // remove last space
*tmp = '\0'; *tmp = '\0';
@ -233,7 +236,6 @@ void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) {
if (mod) { if (mod) {
char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; char buf[UTIL_BUFFER_SIZE_SPRINT + 3];
memset(buf, 0, sizeof(buf));
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true); hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true);
// add the spaces... // add the spaces...
@ -255,8 +257,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui
break; break;
} }
// (16 * 3) + (16) + + 1 // (16 * 3) + (16) + + 1
memset(buf, 0, sizeof(buf)); snprintf(buf, sizeof(buf), "%*s%02x: ", (level * 4), " ", i);
sprintf(buf, "%*s%02x: ", (level * 4), " ", i);
hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, breaks, (sizeof(buf) - strlen(buf) - 1), 0, 1, true); hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, breaks, (sizeof(buf) - strlen(buf) - 1), 0, 1, true);
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "| %s", sprint_ascii(data + i, breaks)); snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "| %s", sprint_ascii(data + i, breaks));
@ -267,8 +268,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui
uint8_t mod = len % breaks; uint8_t mod = len % breaks;
if (mod) { if (mod) {
memset(buf, 0, sizeof(buf)); snprintf(buf, sizeof(buf), "%*s%02x: ", (level * 4), " ", i);
sprintf(buf, "%*s%02x: ", (level * 4), " ", i);
hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, mod, (sizeof(buf) - strlen(buf) - 1), 0, 1, true); hex_to_buffer((uint8_t *)(buf + strlen(buf)), data + i, mod, (sizeof(buf) - strlen(buf) - 1), 0, 1, true);
// add the spaces... // add the spaces...
@ -420,11 +420,10 @@ char *sprint_bin(const uint8_t *data, const size_t len) {
char *sprint_hex_ascii(const uint8_t *data, const size_t len) { char *sprint_hex_ascii(const uint8_t *data, const size_t len) {
static char buf[UTIL_BUFFER_SIZE_SPRINT]; static char buf[UTIL_BUFFER_SIZE_SPRINT];
char *tmp = buf;
memset(buf, 0x00, UTIL_BUFFER_SIZE_SPRINT); memset(buf, 0x00, UTIL_BUFFER_SIZE_SPRINT);
size_t max_len = (len > 1010) ? 1010 : len; size_t max_len = (len > 1010) ? 1010 : len;
snprintf(tmp, UTIL_BUFFER_SIZE_SPRINT, "%s| ", sprint_hex(data, max_len)); snprintf(buf, sizeof(buf), "%s| ", sprint_hex(data, max_len));
size_t i = 0; size_t i = 0;
size_t pos = (max_len * 3) + 2; size_t pos = (max_len * 3) + 2;
@ -435,7 +434,7 @@ char *sprint_hex_ascii(const uint8_t *data, const size_t len) {
if ((c < 32) || (c == 127)) if ((c < 32) || (c == 127))
c = '.'; c = '.';
sprintf(tmp + pos + i, "%c", c); snprintf(buf + pos + i, sizeof(buf) - (pos + 1), "%c", c);
++i; ++i;
} }
return buf; return buf;
@ -891,7 +890,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size
if (t >= targetlen - 2) { if (t >= targetlen - 2) {
return r; return r;
} }
sprintf(target + t, "%X", x); snprintf(target + t, targetlen - t, "%X", x);
t++; t++;
r += 4; r += 4;
x = 0; x = 0;
@ -902,7 +901,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size
if (t >= targetlen - 5) { if (t >= targetlen - 5) {
return r; return r;
} }
sprintf(target + t, "%X[%i]", x, i); snprintf(target + t, targetlen - t, "%X[%i]", x, i);
t += 4; t += 4;
r += i; r += i;
x = 0; x = 0;
@ -913,7 +912,7 @@ int binarraytohex(char *target, const size_t targetlen, const char *source, size
if (t >= targetlen - 2) { if (t >= targetlen - 2) {
return r; return r;
} }
sprintf(target + t, " "); snprintf(target + t, targetlen - t, " ");
t++; t++;
} }
r++; r++;

5
client/src/wiegand_formats.c
View file

@ -1293,8 +1293,9 @@ void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed) {
return; return;
} }
char *s = calloc(128, sizeof(uint8_t)); size_t s_len = 128;
sprintf(s, _YELLOW_("%-10s")" %-32s", fmt->Name, fmt->Descrp); char *s = calloc(s_len, sizeof(uint8_t));
snprintf(s, s_len * sizeof(uint8_t), _YELLOW_("%-10s")" %-32s", fmt->Name, fmt->Descrp);
if (packed->Top != 0) { if (packed->Top != 0) {
PrintAndLogEx(SUCCESS, "%s -> " _GREEN_("%X%08X%08X"), PrintAndLogEx(SUCCESS, "%s -> " _GREEN_("%X%08X%08X"),

12
common/iso15693tools.c
View file

@ -19,18 +19,26 @@
#include <stdio.h> #include <stdio.h>
#define ISO15693_SPRINTUID_BUFLEN (3 * 8 + 1)
// returns a string representation of the UID // returns a string representation of the UID
// UID is transmitted and stored LSB first, displayed MSB first // UID is transmitted and stored LSB first, displayed MSB first
// dest char* buffer, where to put the UID, if NULL a static buffer is returned // dest char* buffer, where to put the UID, if NULL a static buffer is returned
// uid[] the UID in transmission order // uid[] the UID in transmission order
// return: ptr to string // return: ptr to string
char *iso15693_sprintUID(char *dest, uint8_t *uid) { char *iso15693_sprintUID(char *dest, uint8_t *uid) {
static char tempbuf[3 * 8 + 1] = {0}; static char tempbuf[ISO15693_SPRINTUID_BUFLEN] = {0};
if (dest == NULL) if (dest == NULL)
dest = tempbuf; dest = tempbuf;
if (uid) { if (uid) {
sprintf(dest, "%02X %02X %02X %02X %02X %02X %02X %02X", #ifdef HAVE_SNPRINTF
snprintf(dest, ISO15693_SPRINTUID_BUFLEN,
#else
sprintf(dest,
#endif
"%02X %02X %02X %02X %02X %02X %02X %02X",
uid[7], uid[6], uid[5], uid[4], uid[7], uid[6], uid[5], uid[4],
uid[3], uid[2], uid[1], uid[0] uid[3], uid[2], uid[1], uid[0]
); );

12
tools/hitag2crack/crack2/ht2crack2buildtable.c
View file

@ -76,8 +76,8 @@ static void create_table(struct table *tt, int d_1, int d_2) {
} }
// create the path // create the path
// sprintf(tt->path, "/Volumes/2tb/%02X/%02X.bin", d_1 & 0xff, d_2 & 0xff); // snprintf(tt->path, sizeof(tt->path), "/Volumes/2tb/%02X/%02X.bin", d_1 & 0xff, d_2 & 0xff);
sprintf(tt->path, "table/%02x/%02x.bin", d_1 & 0xff, d_2 & 0xff); snprintf(tt->path, sizeof(tt->path), "table/%02x/%02x.bin", d_1 & 0xff, d_2 & 0xff);
} }
@ -341,12 +341,12 @@ static void makedirs(void) {
} }
for (i = 0; i < 0x100; i++) { for (i = 0; i < 0x100; i++) {
sprintf(path, "table/%02x", i); snprintf(path, sizeof(path), "table/%02x", i);
if (mkdir(path, 0755)) { if (mkdir(path, 0755)) {
printf("cannot make dir %s\n", path); printf("cannot make dir %s\n", path);
exit(1); exit(1);
} }
sprintf(path, "sorted/%02x", i); snprintf(path, sizeof(path), "sorted/%02x", i);
if (mkdir(path, 0755)) { if (mkdir(path, 0755)) {
printf("cannot make dir %s\n", path); printf("cannot make dir %s\n", path);
exit(1); exit(1);
@ -387,7 +387,7 @@ static void *sorttable(void *dd) {
printf("sorttable: processing bytes 0x%02x/0x%02x\n", i, j); printf("sorttable: processing bytes 0x%02x/0x%02x\n", i, j);
// open file, stat it and mmap it // open file, stat it and mmap it
sprintf(infile, "table/%02x/%02x.bin", i, j); snprintf(infile, sizeof(infile), "table/%02x/%02x.bin", i, j);
fdin = open(infile, O_RDONLY); fdin = open(infile, O_RDONLY);
if (fdin <= 0) { if (fdin <= 0) {
@ -424,7 +424,7 @@ static void *sorttable(void *dd) {
qsort_r(table, numentries, DATASIZE, datacmp, dummy); qsort_r(table, numentries, DATASIZE, datacmp, dummy);
// write to file // write to file
sprintf(outfile, "sorted/%02x/%02x.bin", i, j); snprintf(outfile, sizeof(outfile), "sorted/%02x/%02x.bin", i, j);
fdout = open(outfile, O_WRONLY | O_CREAT, 0644); fdout = open(outfile, O_WRONLY | O_CREAT, 0644);
if (fdout <= 0) { if (fdout <= 0) {
printf("cannot create outfile %s\n", outfile); printf("cannot create outfile %s\n", outfile);

4
tools/hitag2crack/crack2/ht2crack2gentest.c
View file

@ -25,7 +25,7 @@ static int makerandom(char *hex, unsigned int len, int fd) {
} }
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
sprintf(hex + (2 * i), "%02X", raw[i]); snprintf(hex + (2 * i), 3, "%02X", raw[i]);
} }
return 1; return 1;
@ -65,7 +65,7 @@ int main(int argc, char *argv[]) {
makerandom(key, 6, urandomfd); makerandom(key, 6, urandomfd);
makerandom(uid, 4, urandomfd); makerandom(uid, 4, urandomfd);
makerandom(nR, 4, urandomfd); makerandom(nR, 4, urandomfd);
sprintf(filename, "keystream.key-%s.uid-%s.nR-%s", key, uid, nR); snprintf(filename, sizeof(filename), "keystream.key-%s.uid-%s.nR-%s", key, uid, nR);
FILE *fp = fopen(filename, "w"); FILE *fp = fopen(filename, "w");
if (!fp) { if (!fp) {

2
tools/hitag2crack/crack2/ht2crack2search.c
View file

@ -166,7 +166,7 @@ static int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned cha
return 0; return 0;
} }
sprintf(file, INPUTFILE, c[0], c[1]); snprintf(file, sizeof(file), INPUTFILE, c[0], c[1]);
fd = open(file, O_RDONLY); fd = open(file, O_RDONLY);
if (fd <= 0) { if (fd <= 0) {

11
tools/mf_nonce_brute/mf_nonce_brute.c
View file

@ -153,17 +153,17 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz
if (buf == NULL) return; if (buf == NULL) return;
char *tmp = (char *)buf; char *tmp_base = (char *)buf;
char *tmp = tmp_base;
size_t i; size_t i;
memset(tmp, 0x00, hex_max_len);
size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len;
for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) {
sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]);
for (size_t j = 0; j < spaces_between; j++) for (size_t j = 0; j < spaces_between; j++)
sprintf(tmp + 2 + j, " "); snprintf(tmp + 2 + j, hex_max_len - (2 + j + (tmp - tmp_base)), " ");
} }
i *= (2 + spaces_between); i *= (2 + spaces_between);
@ -173,11 +173,10 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz
mlen = hex_max_len; mlen = hex_max_len;
for (; i < mlen; i++, tmp += 1) for (; i < mlen; i++, tmp += 1)
sprintf(tmp, " "); snprintf(tmp, hex_max_len - (tmp - tmp_base), " ");
// remove last space // remove last space
*tmp = '\0'; *tmp = '\0';
return;
} }
static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) { static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) {

11
tools/mf_nonce_brute/mf_trace_brute.c
View file

@ -139,17 +139,17 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz
if (buf == NULL) return; if (buf == NULL) return;
char *tmp = (char *)buf; char *tmp_base = (char *)buf;
char *tmp = tmp_base;
size_t i; size_t i;
memset(tmp, 0x00, hex_max_len);
size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len; size_t max_len = (hex_len > hex_max_len) ? hex_max_len : hex_len;
for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) { for (i = 0; i < max_len; ++i, tmp += 2 + spaces_between) {
sprintf(tmp, (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]); snprintf(tmp, hex_max_len - (tmp - tmp_base), (uppercase) ? "%02X" : "%02x", (unsigned int) hex_data[i]);
for (size_t j = 0; j < spaces_between; j++) for (size_t j = 0; j < spaces_between; j++)
sprintf(tmp + 2 + j, " "); snprintf(tmp + 2 + j, hex_max_len - (2 + j + (tmp - tmp_base)), " ");
} }
i *= (2 + spaces_between); i *= (2 + spaces_between);
@ -159,11 +159,10 @@ static void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const siz
mlen = hex_max_len; mlen = hex_max_len;
for (; i < mlen; i++, tmp += 1) for (; i < mlen; i++, tmp += 1)
sprintf(tmp, " "); snprintf(tmp, hex_max_len - (tmp - tmp_base), " ");
// remove last space // remove last space
*tmp = '\0'; *tmp = '\0';
return;
} }
static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) { static char *sprint_hex_inrow_ex(const uint8_t *data, const size_t len, const size_t min_str_len) {