github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

FIX: Coverity scan fixes, hard to keep track of stringlengths while reading and copying in C.

Browse source
This commit is contained in:
iceman1001 2016-02-17 10:46:08 +01:00
commit aacb96d7ed
6 changed files with 60 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/desfire_crypto.c
View file

@ -580,7 +580,7 @@ void mifare_cypher_single_block (desfirekey_t key, uint8_t *data, uint8_t *ivect
{ {
AesCtx ctx; AesCtx ctx;
AesCtxIni(&ctx, ivect, key->data, KEY128,CBC); AesCtxIni(&ctx, ivect, key->data, KEY128,CBC);
AesEncrypt(&ctx, data, edata, sizeof(data) ); AesEncrypt(&ctx, data, edata, sizeof(edata) );
break; break;
} }
case MCO_DECYPHER: case MCO_DECYPHER:

54
client/cmdhflegic.c
View file

@ -68,7 +68,7 @@ int CmdLegicDecode(const char *Cmd) {
uint32_t calc_crc = CRC8Legic(data_buf, 4); uint32_t calc_crc = CRC8Legic(data_buf, 4);
PrintAndLog("\nCDF: System Area"); PrintAndLog("\nCDF: System Area");
PrintAndLog("------------------------------------------------------");
PrintAndLog("MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s", PrintAndLog("MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s",
data_buf[0], data_buf[0],
data_buf[1], data_buf[1],
@ -118,8 +118,22 @@ int CmdLegicDecode(const char *Cmd) {
uint32_t segCalcCRC = 0; uint32_t segCalcCRC = 0;
uint32_t segCRC = 0; uint32_t segCRC = 0;
// see if user area is xored or just zeros.
int numOfZeros = 0;
for (int index=22; index < 256; ++index){
if ( data_buf[index] == 0x00 )
++numOfZeros;
}
// if possible zeros is less then 60%, lets assume data is xored
// 256 - 22 (header) = 234
// 1024 - 22 (header) = 1002
int isXored = (numOfZeros*100/stamp_len) < 50;
PrintAndLog("is data xored? %d ( %d %)", isXored, (numOfZeros*100/stamp_len));
print_hex_break( data_buf, 33, 16);
PrintAndLog("\nADF: User Area"); PrintAndLog("\nADF: User Area");
printf("-------------------------------------\n"); PrintAndLog("------------------------------------------------------");
i = 22; i = 22;
// 64 potential segements // 64 potential segements
// how to detect there is no segments?!? // how to detect there is no segments?!?
@ -148,7 +162,7 @@ int CmdLegicDecode(const char *Cmd) {
segCalcCRC = CRC8Legic(segCrcBytes, 8); segCalcCRC = CRC8Legic(segCrcBytes, 8);
segCRC = data_buf[i+4]^crc; segCRC = data_buf[i+4]^crc;
PrintAndLog("Segment %02u \nraw header=0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u, Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)", PrintAndLog("Segment %02u \nraw header | 0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u, Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)",
segmentNum, segmentNum,
data_buf[i]^crc, data_buf[i]^crc,
data_buf[i+1]^crc, data_buf[i+1]^crc,
@ -169,9 +183,10 @@ int CmdLegicDecode(const char *Cmd) {
if ( hasWRC ) { if ( hasWRC ) {
PrintAndLog("WRC protected area: (I %d | K %d| WRC %d)", i, k, wrc); PrintAndLog("WRC protected area: (I %d | K %d| WRC %d)", i, k, wrc);
PrintAndLog("\nrow | data");
PrintAndLog("-----+------------------------------------------------");
// de-xor? if not zero, assume it needs xoring. // de-xor? if not zero, assume it needs xoring.
if ( data_buf[i] > 0) { if ( isXored) {
for ( k=i; k < wrc; ++k) for ( k=i; k < wrc; ++k)
data_buf[k] ^= crc; data_buf[k] ^= crc;
} }
@ -182,9 +197,10 @@ int CmdLegicDecode(const char *Cmd) {
if ( hasWRP ) { if ( hasWRP ) {
PrintAndLog("Remaining write protected area: (I %d | K %d | WRC %d | WRP %d WRP_LEN %d)",i, k, wrc, wrp, wrp_len); PrintAndLog("Remaining write protected area: (I %d | K %d | WRC %d | WRP %d WRP_LEN %d)",i, k, wrc, wrp, wrp_len);
PrintAndLog("\nrow | data");
PrintAndLog("-----+------------------------------------------------");
// de-xor? if not zero, assume it needs xoring. if (isXored) {
if ( data_buf[i] > 0) {
for (k=i; k < wrp_len; ++k) for (k=i; k < wrp_len; ++k)
data_buf[k] ^= crc; data_buf[k] ^= crc;
} }
@ -199,8 +215,9 @@ int CmdLegicDecode(const char *Cmd) {
} }
PrintAndLog("Remaining segment payload: (I %d | K %d | Remain LEN %d)", i, k, remain_seg_payload_len); PrintAndLog("Remaining segment payload: (I %d | K %d | Remain LEN %d)", i, k, remain_seg_payload_len);
PrintAndLog("\nrow | data");
if ( data_buf[i] > 0 ) { PrintAndLog("-----+------------------------------------------------");
if ( isXored ) {
for ( k=i; k < remain_seg_payload_len; ++k) for ( k=i; k < remain_seg_payload_len; ++k)
data_buf[k] ^= crc; data_buf[k] ^= crc;
} }
@ -209,7 +226,7 @@ int CmdLegicDecode(const char *Cmd) {
i += remain_seg_payload_len; i += remain_seg_payload_len;
printf("\n-------------------------------------\n"); PrintAndLog("-----+------------------------------------------------\n");
// end with last segment // end with last segment
if (segment_flag & 0x8) return 0; if (segment_flag & 0x8) return 0;
@ -332,18 +349,18 @@ int CmdLegicSave(const char *Cmd) {
return 0; return 0;
} }
FILE *f = fopen(filename, "w");
if(!f) {
PrintAndLog("couldn't open '%s'", Cmd+1);
return -1;
}
GetFromBigBuf(got, requested, offset); GetFromBigBuf(got, requested, offset);
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){ if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){
PrintAndLog("Command execute timeout"); PrintAndLog("Command execute timeout");
return 1; return 1;
} }
FILE *f = fopen(filename, "w");
if(!f) {
PrintAndLog("couldn't open '%s'", Cmd+1);
return -1;
}
for (int j = 0; j < requested; j += 8) { for (int j = 0; j < requested; j += 8) {
fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n", fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n",
got[j+0], got[j+1], got[j+2], got[j+3], got[j+0], got[j+1], got[j+2], got[j+3],
@ -409,10 +426,11 @@ int CmdLegicCalcCrc8(const char *Cmd){
int len = strlen(Cmd); int len = strlen(Cmd);
if (len & 1 ) return usage_legic_calccrc8(); if (len & 1 ) return usage_legic_calccrc8();
uint8_t *data = malloc(len); // add 1 for null terminator.
uint8_t *data = malloc(len+1);
if ( data == NULL ) return 1; if ( data == NULL ) return 1;
param_gethex(Cmd, 0, data, len ); if (!param_gethex(Cmd, 0, data, len )) return usage_legic_calccrc8();
uint32_t checksum = CRC8Legic(data, len/2); uint32_t checksum = CRC8Legic(data, len/2);
PrintAndLog("Bytes: %s || CRC8: %X", sprint_hex(data, len/2), checksum ); PrintAndLog("Bytes: %s || CRC8: %X", sprint_hex(data, len/2), checksum );

2
client/cmdparser.c
View file

@ -43,7 +43,7 @@ int CmdsParse(const command_t Commands[], const char *Cmd)
} }
char cmd_name[32]; char cmd_name[32];
int len = 0; int len = 0;
memset(cmd_name, 0, 32); memset(cmd_name, 0, sizeof(cmd_name));
sscanf(Cmd, "%31s%n", cmd_name, &len); sscanf(Cmd, "%31s%n", cmd_name, &len);
int i = 0; int i = 0;
while (Commands[i].Name && strcmp(Commands[i].Name, cmd_name)) while (Commands[i].Name && strcmp(Commands[i].Name, cmd_name))

9
client/nonce2key/crapto1.c
View file

@ -486,12 +486,11 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
odd = lfsr_prefix_ks(ks, 1); odd = lfsr_prefix_ks(ks, 1);
even = lfsr_prefix_ks(ks, 0); even = lfsr_prefix_ks(ks, 0);
s = statelist = malloc((sizeof *statelist) << 21); s = statelist = malloc((sizeof *statelist) << 20);
if(!s || !odd || !even) { if(!s || !odd || !even) {
free(statelist); free(statelist);
free(odd); statelist = 0;
free(even); goto out;
return 0;
} }
for(o = odd; *o + 1; ++o) for(o = odd; *o + 1; ++o)
@ -503,7 +502,7 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
} }
s->odd = s->even = 0; s->odd = s->even = 0;
out:
free(odd); free(odd);
free(even); free(even);
return statelist; return statelist;

2
client/nonce2key/crypto1.c
View file

@ -25,6 +25,8 @@ struct Crypto1State * crypto1_create(uint64_t key)
struct Crypto1State *s = malloc(sizeof(*s)); struct Crypto1State *s = malloc(sizeof(*s));
if ( !s ) return NULL; if ( !s ) return NULL;
s->odd = s->even = 0;
int i; int i;
//for(i = 47;s && i > 0; i -= 2) { //for(i = 47;s && i > 0; i -= 2) {
for(i = 47; i > 0; i -= 2) { for(i = 47; i > 0; i -= 2) {

20
client/proxmark3.c
View file

@ -127,8 +127,8 @@ static void *main_loop(void *targ) {
while(1) { while(1) {
// If there is a script file // If there is a script file
if (script_file) if (script_file) {
{
if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) { if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) {
fclose(script_file); fclose(script_file);
script_file = NULL; script_file = NULL;
@ -143,8 +143,9 @@ static void *main_loop(void *targ) {
if (nl) if (nl)
*nl = '\0'; *nl = '\0';
if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) { int newlen = strlen(script_cmd_buf);
memset(cmd, 0, strlen(script_cmd_buf)); if ((cmd = (char*) malloc( newlen + 1)) != NULL) {
memset(cmd, 0x00, newlen);
strcpy(cmd, script_cmd_buf); strcpy(cmd, script_cmd_buf);
printf("%s\n", cmd); printf("%s\n", cmd);
} }
@ -170,6 +171,12 @@ static void *main_loop(void *targ) {
printf("\n"); printf("\n");
break; break;
} }
free(cmd);
}
if (script_file) {
fclose(script_file);
script_file = NULL;
} }
write_history(".history"); write_history(".history");
@ -181,11 +188,6 @@ static void *main_loop(void *targ) {
pthread_join(reader_thread, NULL); pthread_join(reader_thread, NULL);
} }
if (script_file) {
fclose(script_file);
script_file = NULL;
}
ExitGraphics(); ExitGraphics();
pthread_exit(NULL); pthread_exit(NULL);
return NULL; return NULL;