github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

cppcheck reduce variable scopes

Browse source
This commit is contained in:
Philippe Teuwen 2021-09-05 23:42:14 +02:00
commit 9f36ce1b9d
15 changed files with 102 additions and 140 deletions
Download patch file Download diff file Expand all files Collapse all files

3
armsrc/Standalone/lf_nexid.c
View file

@ -259,9 +259,8 @@ static int demodNexWatch(void) {
// output
Dbprintf(" NexWatch raw id : " _YELLOW_("0x%08"PRIx32), rawid);
uint8_t temp_checksum;
for (; magic < 255; magic++) {
temp_checksum = nexwatch_checksum(magic, cn, calc_parity);
uint8_t temp_checksum = nexwatch_checksum(magic, cn, calc_parity);
if (temp_checksum == chk) {
Dbprintf(" Magic number : " _GREEN_("0x%X"), magic);
break;

3
armsrc/Standalone/lf_tharexde.c
View file

@ -126,11 +126,10 @@ static void append(const char *filename, uint8_t *entry, size_t entry_len) {
}
static void save_pwds(uint32_t *pwdlist, size_t no_pwd) {
uint8_t entry[10] = {0};
if (no_pwd > 0) {
Dbprintf("");
for (int i = 0; i < no_pwd; i++) {
uint8_t entry[10] = {0};
sprintf((char *)entry, "%08"PRIx32"\n", pwdlist[i]);
append(LF_EM4X50_LOGFILE_SIM, entry, strlen((char *)entry));
Dbprintf("received password: %08"PRIx32"", pwdlist[i]);

7
armsrc/hitag2crack.c
View file

@ -296,8 +296,6 @@ bool hitag2crack_read_page(uint8_t *responsestr, uint8_t pagenum, uint8_t *nrar,
uint8_t cmd[10];
uint8_t e_cmd[10];
uint8_t e_responsestr[9];
uint8_t e_response[32];
uint8_t response[32];
if (pagenum > 7) {
UserMessage("hitag2crack_read_page:\r\n invalid pagenum\r\n");
@ -326,6 +324,8 @@ bool hitag2crack_read_page(uint8_t *responsestr, uint8_t pagenum, uint8_t *nrar,
if (hitag2crack_send_e_cmd(e_responsestr, nrar, e_cmd, 10)) {
// check if it is valid
if (strcmp(e_responsestr, ERROR_RESPONSE) != 0) {
uint8_t e_response[32];
uint8_t response[32];
// convert to binarray
hextobinarray(e_response, e_responsestr);
// decrypt response
@ -792,13 +792,12 @@ bool hitag2crack_extend_keystream(uint8_t *keybits, int *kslen, int ksoffset, ui
bool hitag2_reader(uint8_t *response, uint8_t *key, bool interactive) {
uint8_t tmp[9];
int i;
response[0] = '\0';
// auth to tag
if (hitag2_crypto_auth(tmp, key)) {
// read tag, one page at a time
for (i = 0; i <= 7; ++i) {
for (int i = 0; i <= 7; ++i) {
if (!read_tag(tmp, i, i)) {
// if read fails, it could be because of auth,
// so try to reauth

7
armsrc/hitagS.c
View file

@ -858,7 +858,6 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
// int frame_count = 0;
int response = 0, overflow = 0;
int i, j;
uint8_t rx[HITAG_FRAME_LEN];
size_t rxlen = 0;
bQuiet = false;
@ -885,8 +884,8 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
// read tag data into memory
if (tag_mem_supplied) {
for (i = 0; i < 16; i++)
for (j = 0; j < 4; j++)
for (int i = 0; i < 16; i++)
for (int j = 0; j < 4; j++)
tag.pages[i][j] = 0x0;
DbpString("Loading hitagS memory...");
@ -912,7 +911,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) {
if ((tag.pages[1][0] & 0x2) == 0 && (tag.pages[1][0] & 0x1) == 0)
tag.max_page = 0;
if (g_dbglevel >= DBG_EXTENDED)
for (i = 0; i < tag.max_page; i++)
for (int i = 0; i < tag.max_page; i++)
Dbprintf("Page[%2d]: %02X %02X %02X %02X", i,
(tag.pages[i][3]) & 0xff,
(tag.pages[i][2]) & 0xff,

8
armsrc/iso14443a.c
View file

@ -1329,8 +1329,8 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data, uint8_t
int retval = PM3_SUCCESS;
// Just to allow some checks
int happened = 0;
int happened2 = 0;
// int happened = 0;
// int happened2 = 0;
int cmdsRecvd = 0;
uint32_t numReads = 0; //Counts numer of times reader reads a block
@ -1781,8 +1781,8 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data, uint8_t
BigBuf_free_keep_EM();
if (g_dbglevel >= DBG_EXTENDED) {
Dbprintf("-[ Wake ups after halt [%d]", happened);
Dbprintf("-[ Messages after halt [%d]", happened2);
// Dbprintf("-[ Wake ups after halt [%d]", happened);
// Dbprintf("-[ Messages after halt [%d]", happened2);
Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd);
Dbprintf("-[ Num of moebius tries [%d]", moebius_count);
}

3
armsrc/lfops.c
View file

@ -1871,9 +1871,8 @@ void T55xxDangerousRawTest(uint8_t *data) {
// Trigger T55x7 in mode.
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitUS(T55xx_Timing.m[0].start_gap);
uint8_t sendbits;
for (uint8_t i = 0; i < len; i++) {
sendbits = (bs[BITSTREAM_BYTE(i)] >> BITSTREAM_BIT(i));
uint8_t sendbits = (bs[BITSTREAM_BYTE(i)] >> BITSTREAM_BIT(i));
T55xxWriteBit(sendbits & 1, 0);
}
TurnReadLFOn(c->time);

43
client/src/cmdlfem4x05.c
View file

@ -539,10 +539,8 @@ int CmdEM4x05Dump(const char *Cmd) {
uint32_t data[16];
int success = PM3_SUCCESS;
int status, status14, status15;
uint32_t lock_bits = 0x00; // no blocks locked
bool gotLockBits = false;
bool lockInPW2 = false;
uint32_t word = 0;
const char *info[] = {"Info/User", "UID", "Password", "User", "Config", "User", "User", "User", "User", "User", "User", "User", "User", "User", "Lock", "Lock"};
@ -555,7 +553,7 @@ int CmdEM4x05Dump(const char *Cmd) {
if (usePwd) {
// Test first if the password is correct
status = em4x05_login_ext(pwd);
int status = em4x05_login_ext(pwd);
if (status == PM3_SUCCESS) {
PrintAndLogEx(INFO, "password is " _GREEN_("correct"));
} else if (status == PM3_EFAILED) {
@ -572,11 +570,10 @@ int CmdEM4x05Dump(const char *Cmd) {
PrintAndLogEx(INFO, "-----+----------+-------+---+-----");
if (card_type == EM_4205 || card_type == EM_4305 || card_type == EM_UNKNOWN) {
bool lockInPW2 = false;
// To flag any blocks locked we need to read blocks 14 and 15 first
// dont swap endian until we get block lock flags.
status14 = em4x05_read_word_ext(EM4305_PROT1_BLOCK, pwd, usePwd, &word);
int status14 = em4x05_read_word_ext(EM4305_PROT1_BLOCK, pwd, usePwd, &word);
if (status14 == PM3_SUCCESS) {
if ((word & 0x00008000) != 0x00) {
lock_bits = word;
@ -586,7 +583,7 @@ int CmdEM4x05Dump(const char *Cmd) {
} else {
success = PM3_ESOFT; // If any error ensure fail is set so not to save invalid data
}
status15 = em4x05_read_word_ext(EM4305_PROT2_BLOCK, pwd, usePwd, &word);
int status15 = em4x05_read_word_ext(EM4305_PROT2_BLOCK, pwd, usePwd, &word);
if (status15 == PM3_SUCCESS) {
if ((word & 0x00008000) != 0x00) { // assume block 15 is the current lock block
lock_bits = word;
@ -612,7 +609,7 @@ int CmdEM4x05Dump(const char *Cmd) {
}
} else {
// success &= em4x05_read_word_ext(addr, pwd, usePwd, &word);
status = em4x05_read_word_ext(addr, pwd, usePwd, &word); // Get status for single read
int status = em4x05_read_word_ext(addr, pwd, usePwd, &word); // Get status for single read
if (status != PM3_SUCCESS)
success = PM3_ESOFT; // If any error ensure fail is set so not to save invalid data
data[addr] = BSWAP_32(word);
@ -647,7 +644,7 @@ int CmdEM4x05Dump(const char *Cmd) {
// To flag any blocks locked we need to read block 3 first
// dont swap endian until we get block lock flags.
status14 = em4x05_read_word_ext(EM4469_PROT_BLOCK, pwd, usePwd, &word);
int status14 = em4x05_read_word_ext(EM4469_PROT_BLOCK, pwd, usePwd, &word);
if (status14 == PM3_SUCCESS) {
lock_bits = word;
gotLockBits = true;
@ -656,10 +653,8 @@ int CmdEM4x05Dump(const char *Cmd) {
success = PM3_ESOFT; // If any error ensure fail is set so not to save invalid data
}
uint32_t lockbit;
for (; addr < 16; addr++) {
lockbit = (lock_bits >> (addr * 2)) & 3;
uint32_t lockbit = (lock_bits >> (addr * 2)) & 3;
if (addr == 2) {
if (usePwd) {
data[addr] = BSWAP_32(pwd);
@ -671,7 +666,7 @@ int CmdEM4x05Dump(const char *Cmd) {
}
} else {
status = em4x05_read_word_ext(addr, pwd, usePwd, &word);
int status = em4x05_read_word_ext(addr, pwd, usePwd, &word);
if (status != PM3_SUCCESS) {
success = PM3_ESOFT; // If any error ensure fail is set so not to save invalid data
}
@ -1970,9 +1965,6 @@ uint32_t static em4x05_Sniff_GetBlock(char *bits, bool fwd) {
int CmdEM4x05Sniff(const char *Cmd) {
bool pwd = false, fwd = false;
bool haveData, sampleData = true;
CLIParserContext *ctx;
CLIParserInit(&ctx, "lf em 4x05 sniff",
"Sniff EM4x05 commands sent from a programmer",
@ -1988,8 +1980,8 @@ int CmdEM4x05Sniff(const char *Cmd) {
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
sampleData = (arg_get_lit(ctx, 1) == false);
fwd = arg_get_lit(ctx, 2);
bool sampleData = (arg_get_lit(ctx, 1) == false);
bool fwd = arg_get_lit(ctx, 2);
CLIParserFree(ctx);
char cmdText[100];
@ -1999,9 +1991,7 @@ int CmdEM4x05Sniff(const char *Cmd) {
int i, bitidx;
int ZeroWidth; // 32-42 "1" is 32
int CycleWidth;
size_t idx = 0, pulseSamples, pktOffset;
uint32_t tmpValue;
bool eop = false;
size_t pulseSamples;
// setup and sample data from Proxmark
// if not directed to existing sample/graphbuffer
@ -2019,15 +2009,16 @@ int CmdEM4x05Sniff(const char *Cmd) {
PrintAndLogEx(SUCCESS, "offset | Command | Data | blk | raw");
PrintAndLogEx(SUCCESS, "-------+-------------+----------+-----+------------------------------------------------------------");
idx = 0;
size_t idx = 0;
// loop though sample buffer
while (idx < g_GraphTraceLen) {
eop = false;
haveData = false;
pwd = false;
bool eop = false;
bool haveData = false;
bool pwd = false;
uint32_t tmpValue;
idx = em4x05_Sniff_GetNextBitStart(idx, g_GraphTraceLen, g_GraphBuffer, &pulseSamples);
pktOffset = idx;
size_t pktOffset = idx;
if (pulseSamples >= 10) { // Should be 18 so a bit less to allow for processing
// Use first bit to get "0" bit samples as a reference

78
client/src/cmdlfnedap.c
View file

@ -46,7 +46,7 @@ static uint8_t isEven_64_63(const uint8_t *data) { // 8
//NEDAP demod - ASK/Biphase (or Diphase), RF/64 with preamble of 1111111110 (always a 128 bit data stream)
int demodNedap(bool verbose) {
(void) verbose; // unused so far
uint8_t data[16], buffer[7], r0, r1, r2, r3, r4, r5, idxC1, idxC2, idxC3, idxC4, idxC5, fixed0, fixed1, unk1, unk2, subtype; // 4 bits
uint8_t data[16], buffer[7], subtype; // 4 bits
size_t size, offset = 0;
uint16_t checksum, customerCode; // 12 bits
uint32_t badgeId; // max 99999
@ -118,19 +118,19 @@ int demodNedap(bool verbose) {
ret = PM3_ESOFT;
}
idxC1 = invTranslateTable[(data[3] & 0x1e) >> 1];
idxC2 = invTranslateTable[(data[4] & 0x1e) >> 1];
idxC3 = invTranslateTable[(data[5] & 0x1e) >> 1];
idxC4 = invTranslateTable[(data[6] & 0x1e) >> 1];
idxC5 = invTranslateTable[(data[7] & 0x1e) >> 1];
uint8_t idxC1 = invTranslateTable[(data[3] & 0x1e) >> 1];
uint8_t idxC2 = invTranslateTable[(data[4] & 0x1e) >> 1];
uint8_t idxC3 = invTranslateTable[(data[5] & 0x1e) >> 1];
uint8_t idxC4 = invTranslateTable[(data[6] & 0x1e) >> 1];
uint8_t idxC5 = invTranslateTable[(data[7] & 0x1e) >> 1];
// validation
if ((idxC1 != 0xFF) && (idxC2 != 0xFF) && (idxC3 != 0xFF) && (idxC4 != 0xFF) && (idxC5 != 0xFF)) {
r1 = idxC1;
r2 = ((10 + idxC2) - (idxC1 + 1)) % 10;
r3 = ((10 + idxC3) - (idxC2 + 1)) % 10;
r4 = ((10 + idxC4) - (idxC3 + 1)) % 10;
r5 = ((10 + idxC5) - (idxC4 + 1)) % 10;
uint8_t r1 = idxC1;
uint8_t r2 = ((10 + idxC2) - (idxC1 + 1)) % 10;
uint8_t r3 = ((10 + idxC3) - (idxC2 + 1)) % 10;
uint8_t r4 = ((10 + idxC4) - (idxC3 + 1)) % 10;
uint8_t r5 = ((10 + idxC5) - (idxC4 + 1)) % 10;
badgeId = r1 * 10000 + r2 * 1000 + r3 * 100 + r4 * 10 + r5;
@ -171,18 +171,18 @@ int demodNedap(bool verbose) {
}
//
r4 = (data[8] >> 3) & 0x0F;
r5 = ((data[8] << 1) & 0x0F) | (data[9] >> 7);
r2 = (data[9] >> 2) & 0x0F;
r3 = ((data[9] << 2) & 0x0F) | (data[10] >> 6);
r0 = ((data[10] >> 1) & 0x0F);
r1 = ((data[10] << 3) & 0x0F) | (data[11] >> 5);
uint8_t r4 = (data[8] >> 3) & 0x0F;
uint8_t r5 = ((data[8] << 1) & 0x0F) | (data[9] >> 7);
uint8_t r2 = (data[9] >> 2) & 0x0F;
uint8_t r3 = ((data[9] << 2) & 0x0F) | (data[10] >> 6);
uint8_t r0 = ((data[10] >> 1) & 0x0F);
uint8_t r1 = ((data[10] << 3) & 0x0F) | (data[11] >> 5);
fixed0 = ((data[11] << 4) & 0xF0) | (data[12] >> 4);
fixed1 = ((data[12] << 5) & 0xE0) | (data[13] >> 3);
uint8_t fixed0 = ((data[11] << 4) & 0xF0) | (data[12] >> 4);
uint8_t fixed1 = ((data[12] << 5) & 0xE0) | (data[13] >> 3);
unk1 = ((data[13] << 6) & 0xC0) | (data[14] >> 2);
unk2 = ((data[14] << 7) & 0xC0) | (data[15] >> 1);
uint8_t unk1 = ((data[13] << 6) & 0xC0) | (data[14] >> 2);
uint8_t unk2 = ((data[14] << 7) & 0xC0) | (data[15] >> 1);
// validation 2
if (!r0 && (r1 < 10) && (r2 < 10) && (r3 < 10) && (r4 < 10) && (r5 < 10)) {
@ -293,21 +293,20 @@ static int CmdLFNedapReader(const char *Cmd) {
}
static void NedapGen(uint8_t subType, uint16_t customerCode, uint32_t id, bool isLong, uint8_t *data) { // 8 or 16
uint8_t buffer[7], r1, r2, r3, r4, r5, idxC1, idxC2, idxC3, idxC4, idxC5, i, tmp, carry, id2, id1, id0;
uint16_t checksum;
uint8_t buffer[7];
r1 = (uint8_t)(id / 10000);
r2 = (uint8_t)((id % 10000) / 1000);
r3 = (uint8_t)((id % 1000) / 100);
r4 = (uint8_t)((id % 100) / 10);
r5 = (uint8_t)(id % 10);
uint8_t r1 = (uint8_t)(id / 10000);
uint8_t r2 = (uint8_t)((id % 10000) / 1000);
uint8_t r3 = (uint8_t)((id % 1000) / 100);
uint8_t r4 = (uint8_t)((id % 100) / 10);
uint8_t r5 = (uint8_t)(id % 10);
// first part
idxC1 = r1;
idxC2 = (idxC1 + 1 + r2) % 10;
idxC3 = (idxC2 + 1 + r3) % 10;
idxC4 = (idxC3 + 1 + r4) % 10;
idxC5 = (idxC4 + 1 + r5) % 10;
uint8_t idxC1 = r1;
uint8_t idxC2 = (idxC1 + 1 + r2) % 10;
uint8_t idxC3 = (idxC2 + 1 + r3) % 10;
uint8_t idxC4 = (idxC3 + 1 + r4) % 10;
uint8_t idxC5 = (idxC4 + 1 + r5) % 10;
buffer[0] = 0xc0 | (subType & 0x0F);
buffer[1] = (customerCode & 0x0FF0) >> 4;
@ -317,7 +316,7 @@ static void NedapGen(uint8_t subType, uint16_t customerCode, uint32_t id, bool i
// checksum
init_table(CRC_XMODEM);
checksum = crc16_xmodem(buffer, 5);
uint16_t checksum = crc16_xmodem(buffer, 5);
buffer[6] = ((checksum & 0x000F) << 4) | (buffer[4] & 0x0F);
buffer[5] = (checksum & 0x00F0) | ((buffer[4] & 0xF0) >> 4);
@ -325,8 +324,9 @@ static void NedapGen(uint8_t subType, uint16_t customerCode, uint32_t id, bool i
buffer[3] = ((checksum & 0xF000) >> 8) | ((buffer[3] & 0xF0) >> 4);
// carry calc
for (i = 0, carry = 0; i < sizeof(buffer); i++) {
tmp = buffer[sizeof(buffer) - 1 - i];
uint8_t carry = 0;
for (uint8_t i = 0; i < sizeof(buffer); i++) {
uint8_t tmp = buffer[sizeof(buffer) - 1 - i];
data[7 - i] = ((tmp & 0x7F) << 1) | carry;
carry = (tmp & 0x80) >> 7;
}
@ -335,9 +335,9 @@ static void NedapGen(uint8_t subType, uint16_t customerCode, uint32_t id, bool i
// second part
if (isLong) {
id0 = r1;
id1 = (r2 << 4) | r3;
id2 = (r4 << 4) | r5;
uint8_t id0 = r1;
uint8_t id1 = (r2 << 4) | r3;
uint8_t id2 = (r4 << 4) | r5;
data[8] = (id2 >> 1);
data[9] = ((id2 & 0x01) << 7) | (id1 >> 2);

5
client/src/cmdlft55xx.c
View file

@ -4047,7 +4047,6 @@ static int CmdT55xxSniff(const char *Cmd) {
int minWidth = 1000;
int maxWidth = 0;
uint16_t dataLen = 0;
data[0] = 0;
bool have_data = false;
sprintf(modeText, "Default");
@ -4125,7 +4124,7 @@ static int CmdT55xxSniff(const char *Cmd) {
// Fixed bit - Default
if (have_data == false && (APPROX_EQ(pulseBuffer[0], maxWidth, tolerance))) {
dataLen = t55sniff_get_packet(pulseBuffer, data, minWidth, maxWidth, tolerance);
uint16_t dataLen = t55sniff_get_packet(pulseBuffer, data, minWidth, maxWidth, tolerance);
// if ((dataLen == 39) )
// printf ("Fixed | Data end of 80 samples | offset : %llu - datalen %-2d - data : %s --- - Bit 0 width : %d\n",idx,dataLen,data,pulseBuffer[0]);
@ -4209,7 +4208,7 @@ static int CmdT55xxSniff(const char *Cmd) {
if (have_data == false && (APPROX_EQ(pulseBuffer[0], minWidth, tolerance))) {
// leading 0 (should = 0 width)
// 1 of 4 (leads with 00)
dataLen = t55sniff_get_packet(pulseBuffer, data, minWidth, maxWidth, tolerance);
uint16_t dataLen = t55sniff_get_packet(pulseBuffer, data, minWidth, maxWidth, tolerance);
// **** Should check to 0 to be actual 0 as well i.e. 01 .... data ....
if ((data[0] == '0') && (data[1] == '1')) {
if (dataLen == 73) {

6
client/src/emv/emvcore.c
View file

@ -389,10 +389,9 @@ int EMVSearchPSE(Iso7816CommandChannel channel, bool ActivateField, bool LeaveFi
return 1;
}
bool fileFound = false;
struct tlvdb *t = tlvdb_parse_multi(data, datalen);
if (t) {
bool fileFound = false;
// PSE/PPSE with SFI
struct tlvdb *tsfi = tlvdb_find_path(t, (tlv_tag_t[]) {0x6f, 0xa5, 0x88, 0x00});
if (tsfi) {
@ -473,7 +472,6 @@ int EMVSearch(Iso7816CommandChannel channel, bool ActivateField, bool LeaveField
size_t datalen = 0;
uint16_t sw = 0;
int res = 0;
int retrycnt = 0;
for (int i = 0; i < ARRAYLEN(AIDlist); i ++) {
@ -483,7 +481,7 @@ int EMVSearch(Iso7816CommandChannel channel, bool ActivateField, bool LeaveField
}
param_gethex_to_eol(AIDlist[i].aid, 0, aidbuf, sizeof(aidbuf), &aidlen);
res = EMVSelect(channel, (i == 0) ? ActivateField : false, true, aidbuf, aidlen, data, sizeof(data), &datalen, &sw, tlv);
int res = EMVSelect(channel, (i == 0) ? ActivateField : false, true, aidbuf, aidlen, data, sizeof(data), &datalen, &sw, tlv);
// retry if error and not returned sw error
if (res && res != 5) {
if (++retrycnt < 3) {

3
client/src/loclass/elite_crack.c
View file

@ -329,10 +329,9 @@ static void *bf_thread(void *thread_arg) {
memcpy(bytes_to_recover, targ->bytes_to_recover, sizeof(bytes_to_recover));
memcpy(keytable, targ->keytable, sizeof(keytable));
int found;
while (!(brute & endmask)) {
found = __atomic_load_n(&loclass_found, __ATOMIC_SEQ_CST);
int found = __atomic_load_n(&loclass_found, __ATOMIC_SEQ_CST);
if (found != 0xFF) return NULL;

44
tools/hitag2crack/crack2/ht2crack2buildtable.c
View file

@ -100,16 +100,13 @@ static void create_tables(struct table *tt) {
// free the table memory
static void free_tables(struct table *tt) {
int i;
struct table *ttmp;
if (!tt) {
printf("free_tables: t is NULL\n");
printf("free_tables: tt is NULL\n");
exit(1);
}
for (i = 0; i < 0x10000; i++) {
ttmp = tt + i;
for (int i = 0; i < 0x10000; i++) {
struct table *ttmp = tt + i;
free(ttmp->data);
}
}
@ -279,10 +276,7 @@ static void jumpnsteps(Hitag_State *hstate, int table) {
static void *buildtable(void *dd) {
Hitag_State hstate;
Hitag_State hstate2;
unsigned long i;
unsigned long maxentries = 1;
uint32_t ks1;
uint32_t ks2;
int index = (int)(long)dd;
int tnum = NUM_BUILD_THREADS;
@ -291,7 +285,7 @@ static void *buildtable(void *dd) {
buildlfsr(&hstate);
/* jump to offset using jump table 2 (2048) */
for (i = 0; i < index; i++) {
for (unsigned long i = 0; i < index; i++) {
jumpnsteps(&hstate, 2);
}
@ -309,7 +303,7 @@ static void *buildtable(void *dd) {
}
/* make the entries */
for (i = 0; i < maxentries; i++) {
for (unsigned long i = 0; i < maxentries; i++) {
// copy the current state
hstate2.shiftreg = hstate.shiftreg;
@ -317,8 +311,8 @@ static void *buildtable(void *dd) {
// get 48 bits of keystream from hstate2
// this is split into 2 x 24 bit
ks1 = hitag2_nstep(&hstate2, 24);
ks2 = hitag2_nstep(&hstate2, 24);
uint32_t ks1 = hitag2_nstep(&hstate2, 24);
uint32_t ks2 = hitag2_nstep(&hstate2, 24);
write_ks_s(ks1, ks2, hstate.shiftreg);
@ -457,10 +451,6 @@ static void *sorttable(void *dd) {
int main(int argc, char *argv[]) {
pthread_t threads[NUM_BUILD_THREADS];
void *status;
long i;
int ret;
struct table *t1;
// make the table of tables
t = (struct table *)malloc(sizeof(struct table) * 65536);
@ -482,8 +472,8 @@ int main(int argc, char *argv[]) {
builddi(2048, 2);
// start the threads
for (i = 0; i < NUM_BUILD_THREADS; i++) {
ret = pthread_create(&(threads[i]), NULL, buildtable, (void *)(i));
for (long i = 0; i < NUM_BUILD_THREADS; i++) {
int ret = pthread_create(&(threads[i]), NULL, buildtable, (void *)(i));
if (ret) {
printf("cannot start buildtable thread %ld\n", i);
exit(1);
@ -493,8 +483,8 @@ int main(int argc, char *argv[]) {
if (debug) printf("main, started buildtable threads\n");
// wait for threads to finish
for (i = 0; i < NUM_BUILD_THREADS; i++) {
ret = pthread_join(threads[i], &status);
for (long i = 0; i < NUM_BUILD_THREADS; i++) {
int ret = pthread_join(threads[i], &status);
if (ret) {
printf("cannot join buildtable thread %ld\n", i);
exit(1);
@ -503,8 +493,8 @@ int main(int argc, char *argv[]) {
}
// write all remaining files
for (i = 0; i < 0x10000; i++) {
t1 = t + i;
for (long i = 0; i < 0x10000; i++) {
struct table *t1 = t + i;
if (t1->ptr > t1->data) {
writetable(t1);
}
@ -520,8 +510,8 @@ int main(int argc, char *argv[]) {
// start the threads
for (i = 0; i < NUM_SORT_THREADS; i++) {
ret = pthread_create(&(threads[i]), NULL, sorttable, (void *)(i));
for (long i = 0; i < NUM_SORT_THREADS; i++) {
int ret = pthread_create(&(threads[i]), NULL, sorttable, (void *)(i));
if (ret) {
printf("cannot start sorttable thread %ld\n", i);
exit(1);
@ -531,8 +521,8 @@ int main(int argc, char *argv[]) {
if (debug) printf("main, started sorttable threads\n");
// wait for threads to finish
for (i = 0; i < NUM_SORT_THREADS; i++) {
ret = pthread_join(threads[i], &status);
for (long i = 0; i < NUM_SORT_THREADS; i++) {
int ret = pthread_join(threads[i], &status);
if (ret) {
printf("cannot join sorttable thread %ld\n", i);
exit(1);

9
tools/hitag2crack/crack3/ht2crack3.c
View file

@ -124,9 +124,7 @@ static int is_kmiddle_badguess(uint64_t z, struct Tklower *Tk, int max, int aR0)
// function to test if a partial key is valid
static int testkey(uint64_t *out, uint64_t uid, uint64_t pkey, uint64_t nR, uint64_t aR) {
uint64_t kupper;
uint64_t key;
Hitag_State hstate;
uint64_t b;
uint32_t revaR;
uint32_t normaR;
@ -136,9 +134,9 @@ static int testkey(uint64_t *out, uint64_t uid, uint64_t pkey, uint64_t nR, uint
// search for remaining 14 bits
for (kupper = 0; kupper < 0x3fff; kupper++) {
key = (kupper << 34) | pkey;
uint64_t key = (kupper << 34) | pkey;
hitag2_init(&hstate, key, uid, nR);
b = hitag2_nstep(&hstate, 32);
uint64_t b = hitag2_nstep(&hstate, 32);
if ((normaR ^ b) == 0xffffffff) {
*out = key;
return 1;
@ -183,7 +181,6 @@ static void *crack(void *d) {
uint64_t klower, kmiddle, klowery;
uint64_t y, b, z, bit;
uint64_t ytmp;
unsigned int count;
uint64_t foundkey, revkey;
int ret;
unsigned int found;
@ -210,7 +207,7 @@ static void *crack(void *d) {
for (klower = data->klowerstart; klower < (data->klowerstart + data->klowerrange); klower++) {
printf("trying klower = 0x%05"PRIx64"\n", klower);
// build table
count = 0;
unsigned int count = 0;
for (y = 0; y < 0x40000; y++) {
// create klowery
klowery = (y << 16) | klower;

19
tools/hitag2crack/crack4/ht2crack4.c
View file

@ -429,9 +429,6 @@ static double score(uint64_t s, unsigned int size, uint64_t ks, unsigned int kss
/* score_traces runs score for each encrypted nonce */
static void score_traces(struct guess *g, unsigned int size) {
uint64_t lfsr;
unsigned int i;
double sc;
double total_score = 0.0;
// don't bother scoring traces that are already losers
@ -439,12 +436,12 @@ static void score_traces(struct guess *g, unsigned int size) {
return;
}
for (i = 0; i < num_nRaR; i++) {
for (unsigned int i = 0; i < num_nRaR; i++) {
// calc next b
// create lfsr - lower 32 bits is uid, upper 16 bits are lower 16 bits of key
// then shift by size - 16, insert upper key XOR enc_nonce XOR bitstream,
// and calc new bit b
lfsr = (uid >> (size - 16)) | ((g->key << (48 - size)) ^
uint64_t lfsr = (uid >> (size - 16)) | ((g->key << (48 - size)) ^
((nonces[i].enc_nR ^ g->b0to31[i]) << (64 - size)));
g->b0to31[i] = g->b0to31[i] | (ht2crypt(lfsr) << (size - 16));
@ -452,7 +449,7 @@ static void score_traces(struct guess *g, unsigned int size) {
// bits 16-47 are upper bits of key XOR enc_nonce XOR bitstream
lfsr = g->key ^ ((nonces[i].enc_nR ^ g->b0to31[i]) << 16);
sc = score(lfsr, size, nonces[i].ks, 32);
double sc = score(lfsr, size, nonces[i].ks, 32);
// look out for losers
if (sc == 0.0) {
@ -616,17 +613,13 @@ static void execute_round(unsigned int size) {
/* crack is the main cracking algo; it executes the rounds */
static void crack(void) {
unsigned int i;
uint64_t revkey;
uint64_t foundkey;
for (i = 16; i <= 48; i++) {
for (unsigned int i = 16; i <= 48; i++) {
fprintf(stderr, "round %2u, size=%2u\n", i - 16, i);
execute_round(i);
// print some metrics
revkey = rev64(guesses[0].key);
foundkey = ((revkey >> 40) & 0xff) | ((revkey >> 24) & 0xff00) | ((revkey >> 8) & 0xff0000) | ((revkey << 8) & 0xff000000) | ((revkey << 24) & 0xff00000000) | ((revkey << 40) & 0xff0000000000);
uint64_t revkey = rev64(guesses[0].key);
uint64_t foundkey = ((revkey >> 40) & 0xff) | ((revkey >> 24) & 0xff00) | ((revkey >> 8) & 0xff0000) | ((revkey << 8) & 0xff000000) | ((revkey << 24) & 0xff00000000) | ((revkey << 40) & 0xff0000000000);
fprintf(stderr, " guess=%012" PRIx64 ", num_guesses = %u, top score=%1.10f, min score=%1.10f\n", foundkey, num_guesses, guesses[0].score, guesses[num_guesses - 1].score);
}
}

4
tools/hitag2crack/crack5/ht2crack5.c
View file

@ -802,7 +802,7 @@ static void *find_state(void *thread_d) {
static void try_state(uint64_t s) {
Hitag_State hstate;
uint64_t keyrev, key, nR1xk;
uint64_t keyrev, nR1xk;
uint32_t b = 0;
hstate.shiftreg = s;
@ -820,7 +820,7 @@ static void try_state(uint64_t s) {
hitag2_init(&hstate, keyrev, uid, nR2);
if ((aR2 ^ hitag2_nstep(&hstate, 32)) == 0xffffffff) {
key = rev64(keyrev);
uint64_t key = rev64(keyrev);
printf("Key: ");
for (int i = 0; i < 6; i++) {