diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index f14e48504..9bfbf9423 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -554,7 +554,7 @@ RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_t if (IsManchesterModulationNibble1(Demod.twoBits >> Demod.syncBit)) { // modulation in first half if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // ... and in second half = collision - if (!Demod.collisionPos) { + if (Demod.collisionPos == 0) { Demod.collisionPos = (Demod.len << 3) + Demod.bitCount; } } // modulation in first half only - Sequence D = 1 @@ -589,6 +589,7 @@ RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_t } Demod.endTime = Demod.startTime + 8 * (9 * Demod.len + Demod.bitCount + 1); } else { // no modulation in both halves - End of communication + if (Demod.bitCount > 0) { // there are some remaining data bits Demod.shiftReg >>= (9 - Demod.bitCount); // right align the decoded bits Demod.output[Demod.len++] = Demod.shiftReg & 0xff; // and add them to the output @@ -600,6 +601,7 @@ RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_t Demod.parityBits <<= (8 - (Demod.len & 0x0007)); // left align remaining parity bits Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them } + if (Demod.len) { return true; // we are finished with decoding the raw data sequence } else { // nothing received. Start over @@ -624,11 +626,13 @@ static RAMFUNC int ManchesterDecoding_Thinfilm(uint8_t bit) { if (Demod.state == DEMOD_14A_UNSYNCD) { if (Demod.highCnt < 2) { // wait for a stable unmodulated signal + if (Demod.twoBits == 0x0000) { Demod.highCnt++; } else { Demod.highCnt = 0; } + } else { Demod.syncBit = 0xFFFF; // not set if ((Demod.twoBits & 0x7700) == 0x7000) Demod.syncBit = 7; @@ -639,6 +643,7 @@ static RAMFUNC int ManchesterDecoding_Thinfilm(uint8_t bit) { else if ((Demod.twoBits & 0x03B8) == 0x0380) Demod.syncBit = 2; else if ((Demod.twoBits & 0x01DC) == 0x01C0) Demod.syncBit = 1; else if ((Demod.twoBits & 0x00EE) == 0x00E0) Demod.syncBit = 0; + if (Demod.syncBit != 0xFFFF) { Demod.startTime = (GetCountSspClk() & 0xfffffff8); Demod.startTime -= Demod.syncBit; @@ -647,38 +652,49 @@ static RAMFUNC int ManchesterDecoding_Thinfilm(uint8_t bit) { Demod.state = DEMOD_14A_MANCHESTER_DATA; } } + } else { if (IsManchesterModulationNibble1(Demod.twoBits >> Demod.syncBit)) { // modulation in first half + if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // ... and in second half = collision - if (!Demod.collisionPos) { + if (Demod.collisionPos == 0) { Demod.collisionPos = (Demod.len << 3) + Demod.bitCount; } } // modulation in first half only - Sequence D = 1 Demod.bitCount++; Demod.shiftReg = (Demod.shiftReg << 1) | 0x1; // in both cases, add a 1 to the shiftreg + if (Demod.bitCount == 8) { // if we decoded a full byte - Demod.output[Demod.len++] = (Demod.shiftReg & 0xff); + Demod.output[Demod.len++] = (Demod.shiftReg & 0xFF); Demod.bitCount = 0; Demod.shiftReg = 0; } + Demod.endTime = Demod.startTime + 8 * (8 * Demod.len + Demod.bitCount + 1) - 4; + } else { // no modulation in first half + if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // and modulation in second half = Sequence E = 0 Demod.bitCount++; Demod.shiftReg = (Demod.shiftReg << 1); // add a 0 to the shiftreg if (Demod.bitCount >= 8) { // if we decoded a full byte - Demod.output[Demod.len++] = (Demod.shiftReg & 0xff); + Demod.output[Demod.len++] = (Demod.shiftReg & 0xFF); Demod.bitCount = 0; Demod.shiftReg = 0; } Demod.endTime = Demod.startTime + 8 * (8 * Demod.len + Demod.bitCount + 1); + } else { // no modulation in both halves - End of communication - if (Demod.bitCount > 0) { // there are some remaining data bits + + if (Demod.bitCount) { // there are some remaining data bits Demod.shiftReg <<= (8 - Demod.bitCount); // left align the decoded bits - Demod.output[Demod.len++] = Demod.shiftReg & 0xff; // and add them to the output + Demod.output[Demod.len++] = Demod.shiftReg & 0xFF; // and add them to the output + + Dbprintf("A | len... %u - %u == 0x%02x", Demod.len, Demod.bitCount, Demod.output[0]); return true; } + if (Demod.len) { return true; // we are finished with decoding the raw data sequence } else { // nothing received. Start over @@ -2237,7 +2253,7 @@ int EmGetCmd(uint8_t *received, uint16_t received_max_len, uint16_t *len, uint8_ int EmSendCmd14443aRaw(const uint8_t *resp, uint16_t respLen) { volatile uint8_t b; uint16_t i = 0; - uint32_t ThisTransferTime; + uint32_t ThisTransferTime = 0; bool correction_needed; // Modulate Manchester @@ -2262,7 +2278,9 @@ int EmSendCmd14443aRaw(const uint8_t *resp, uint16_t respLen) { // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line) for (uint8_t j = 0; j < 5; j++) { // allow timeout - better late than never while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); - if (AT91C_BASE_SSC->SSC_RHR) break; + if (AT91C_BASE_SSC->SSC_RHR) { + break; + } } while ((ThisTransferTime = GetCountSspClk()) & 0x00000007); @@ -2288,7 +2306,7 @@ int EmSendCmd14443aRaw(const uint8_t *resp, uint16_t respLen) { } } LastTimeProxToAirStart = ThisTransferTime + (correction_needed ? 8 : 0); - return 0; + return PM3_SUCCESS; } int EmSend4bit(uint8_t resp) { @@ -2385,10 +2403,10 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start // If a response is captured return TRUE // If it takes too long return FALSE //----------------------------------------------------------------------------- -bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint16_t resp_len, uint8_t *received_len) { +bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint16_t rec_maxlen, uint8_t *received_len) { if (g_hf_field_active == false) { - Dbprintf("Warning: HF field is off, ignoring GetIso14443aAnswerFromTag_Thinfilm command"); + Dbprintf("Warning: HF field is off"); return false; } @@ -2399,7 +2417,7 @@ bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint16_t resp FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); // Now get the answer from the card - Demod14aInit(receivedResponse, resp_len, NULL); + Demod14aInit(receivedResponse, rec_maxlen, NULL); // clear RXRDY: uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; @@ -2415,18 +2433,17 @@ bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint16_t resp b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; if (ManchesterDecoding_Thinfilm(b)) { *received_len = Demod.len; - LogTrace(receivedResponse, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, NULL, false); return true; } } - if (GetTickCountDelta(receive_timer) > timeout + 100) + if (GetTickCountDelta(receive_timer) > timeout + 100) { break; } + } *received_len = Demod.len; - LogTrace(receivedResponse, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, NULL, false); return false; } diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index c550a4701..61d86b58b 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -176,7 +176,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype); void DetectNACKbug(void); void SimulateIso14443aTagAID(uint8_t tagType, uint16_t flags, uint8_t *data, uint8_t *iRATs, uint8_t *aid, uint8_t *resp, uint8_t *apdu, int aid_len, int respond_len, int apdu_len, bool enumerate); -bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint16_t resp_len, uint8_t *received_len); +bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint16_t rec_maxlen, uint8_t *received_len); extern iso14a_polling_parameters_t WUPA_POLLING_PARAMETERS; extern iso14a_polling_parameters_t REQA_POLLING_PARAMETERS; diff --git a/client/src/cmdhffido.c b/client/src/cmdhffido.c index a39b1157d..2032dca95 100644 --- a/client/src/cmdhffido.c +++ b/client/src/cmdhffido.c @@ -202,7 +202,7 @@ static int CmdHFFidoRegister(const char *cmd) { if (cpplain) { memset(cdata, 0x00, 32); - chlen = sizeof(cdata); + chlen = sizeof(cdata) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 5, cdata, &chlen); if (chlen > 16) { PrintAndLogEx(ERR, "ERROR: challenge parameter length in ASCII mode must be less than 16 chars instead of: %d", chlen); @@ -226,7 +226,7 @@ static int CmdHFFidoRegister(const char *cmd) { if (applain) { memset(adata, 0x00, 32); - applen = sizeof(adata); + applen = sizeof(adata) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 6, adata, &applen); if (applen > 16) { PrintAndLogEx(ERR, "ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", applen); @@ -245,8 +245,9 @@ static int CmdHFFidoRegister(const char *cmd) { return PM3_EINVARG; } } - if (applen) + if (applen) { memmove(&data[32], adata, 32); + } CLIParserFree(ctx); @@ -516,7 +517,7 @@ static int CmdHFFidoAuthenticate(const char *cmd) { if (cpplain) { memset(hdata, 0x00, 32); - hdatalen = sizeof(hdata); + hdatalen = sizeof(hdata) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 9, hdata, &hdatalen); if (hdatalen > 16) { PrintAndLogEx(ERR, "ERROR: challenge parameter length in ASCII mode must be less than 16 chars instead of: %d", hdatalen); @@ -542,7 +543,7 @@ static int CmdHFFidoAuthenticate(const char *cmd) { if (applain) { memset(hdata, 0x00, 32); - hdatalen = sizeof(hdata); + hdatalen = sizeof(hdata) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 10, hdata, &hdatalen); if (hdatalen > 16) { PrintAndLogEx(ERR, "ERROR: application parameter length in ASCII mode must be less than 16 chars instead of: %d", hdatalen); diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index dc5caa94b..245fae293 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -2005,7 +2005,7 @@ static int CmdHF14ADesSelectApp(const char *Cmd) { } uint8_t dfname[32] = {0}; - int dfnamelen = 16; + int dfnamelen = 16; // since max length is 16 chars we don't have to test for 32-1 null termination CLIGetStrWithReturn(ctx, 12, dfname, &dfnamelen); bool selectmf = arg_get_lit(ctx, 13); @@ -2614,8 +2614,8 @@ static int CmdHF14ADesCreateApp(const char *Cmd) { return PM3_EINVARG; } - uint8_t dfname[250] = {0}; - int dfnamelen = 16; + uint8_t dfname[32] = {0}; + int dfnamelen = 16; // since max length is 16 chars we don't have to test for 32-1 null termination CLIGetStrWithReturn(ctx, 14, dfname, &dfnamelen); if (dfnamelen == 0) { // no text DF Name supplied diff --git a/client/src/cmdlf.c b/client/src/cmdlf.c index af931d9d6..2f128cf63 100644 --- a/client/src/cmdlf.c +++ b/client/src/cmdlf.c @@ -288,10 +288,12 @@ int CmdLFCommandRead(const char *Cmd) { uint16_t period_1 = arg_get_u32_def(ctx, 4, 0); uint16_t period_0 = arg_get_u32_def(ctx, 5, 0); uint32_t samples = arg_get_u32_def(ctx, 6, 0); + bool verbose = arg_get_lit(ctx, 7); bool keep_field_on = arg_get_lit(ctx, 8); bool add_crc_ht = arg_get_lit(ctx, 9); bool cm = arg_get_lit(ctx, 10); + CLIParserFree(ctx); if (g_session.pm3_present == false) { @@ -1124,9 +1126,10 @@ int CmdLFfskSim(const char *Cmd) { uint8_t fchigh = arg_get_u32_def(ctx, 3, 0); bool separator = arg_get_lit(ctx, 4); - int raw_len = 64; - char raw[64] = {0}; + char raw[65] = {0}; + int raw_len = sizeof(raw) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 5, (uint8_t *)raw, &raw_len); + bool verbose = arg_get_lit(ctx, 6); CLIParserFree(ctx); @@ -1234,9 +1237,10 @@ int CmdLFaskSim(const char *Cmd) { bool use_ar = arg_get_lit(ctx, 5); bool separator = arg_get_lit(ctx, 6); - int raw_len = 64; - char raw[64] = {0}; + char raw[65] = {0}; + int raw_len = sizeof(raw) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 7, (uint8_t *)raw, &raw_len); + bool verbose = arg_get_lit(ctx, 8); CLIParserFree(ctx); @@ -1336,17 +1340,22 @@ int CmdLFpskSim(const char *Cmd) { arg_lit0("v", "verbose", "verbose output"), arg_param_end }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + bool use_psk1 = arg_get_lit(ctx, 1); bool use_psk2 = arg_get_lit(ctx, 2); bool use_psk3 = arg_get_lit(ctx, 3); bool invert = arg_get_lit(ctx, 4); + uint8_t clk = arg_get_u32_def(ctx, 5, 0); uint8_t carrier = arg_get_u32_def(ctx, 6, 2); - int raw_len = 64; - char raw[64] = {0}; + + char raw[65] = {0}; + int raw_len = sizeof(raw) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 7, (uint8_t *)raw, &raw_len); bool verbose = arg_get_lit(ctx, 8); + CLIParserFree(ctx); if ((use_psk1 + use_psk2 + use_psk3) > 1) { diff --git a/client/src/cmdlfem410x.c b/client/src/cmdlfem410x.c index 1acebd6ab..b8743998a 100644 --- a/client/src/cmdlfem410x.c +++ b/client/src/cmdlfem410x.c @@ -364,8 +364,8 @@ static int CmdEM410xDemod(const char *Cmd) { size_t max_len = arg_get_u32_def(ctx, 3, 0); bool invert = arg_get_lit(ctx, 4); bool amplify = arg_get_lit(ctx, 5); - int bin_len = 512; uint8_t bin[512] = {0}; + int bin_len = sizeof(bin) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 6, bin, &bin_len); CLIParserFree(ctx); diff --git a/client/src/cmdlfpac.c b/client/src/cmdlfpac.c index 0ba92534b..46c81876c 100644 --- a/client/src/cmdlfpac.c +++ b/client/src/cmdlfpac.c @@ -236,7 +236,7 @@ static int CmdPacClone(const char *Cmd) { }; CLIExecWithReturn(ctx, Cmd, argtable, false); - uint8_t cnstr[9] = {0}; + uint8_t cnstr[10] = {0}; int cnlen = sizeof(cnstr) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated memset(cnstr, 0x00, sizeof(cnstr)); CLIGetStrWithReturn(ctx, 1, cnstr, &cnlen); diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 9233ec660..48c2fa7a7 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -1952,7 +1952,7 @@ static int CmdT55xxDangerousRaw(const char *Cmd) { ng.bitlen = 0; memset(ng.data, 0x00, sizeof(ng.data)); - uint8_t bin[128] = {0}; + uint8_t bin[129] = {0}; int bin_len = sizeof(bin) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 1, bin, &bin_len); diff --git a/client/src/cmdsmartcard.c b/client/src/cmdsmartcard.c index a6a07c4c6..04b92a8f6 100644 --- a/client/src/cmdsmartcard.c +++ b/client/src/cmdsmartcard.c @@ -1259,7 +1259,7 @@ static int CmdPCSC(const char *Cmd) { strcpy((char *) host, "localhost"); } - uint8_t port[6] = {0}; + uint8_t port[7] = {0}; int portLen = sizeof(port) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated CLIGetStrWithReturn(ctx, 2, port, &portLen); if (portLen == 0) { diff --git a/client/src/emv/cmdemv.c b/client/src/emv/cmdemv.c index cac12083d..4e4aab42b 100644 --- a/client/src/emv/cmdemv.c +++ b/client/src/emv/cmdemv.c @@ -2040,9 +2040,9 @@ static int CmdEMVScan(const char *Cmd) { uint8_t psenum = (channel == CC_CONTACT) ? 1 : 2; - uint8_t filename[FILE_PATH_SIZE] = {0}; - int filenamelen = sizeof(filename) - 1; // CLIGetStrWithReturn does not guarantee string to be null-terminated - CLIGetStrWithReturn(ctx, 12, filename, &filenamelen); + char filename[FILE_PATH_SIZE] = {0}; + int fnlen = 0; + CLIParamStrToBuf(arg_get_str(ctx, 12), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParserFree(ctx);