From ba8a68f37c3dcf7ea8171e11b1ccc1ea4e155396 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 10 Sep 2024 14:29:47 +0200 Subject: [PATCH] fixes entering bootload messages to be less scary --- CHANGELOG.md | 5 ++++ armsrc/mifaresim.c | 2 +- client/src/comms.c | 3 +- client/src/flash.c | 72 +++++++++++++++++++++++++++++++--------------- doc/commands.json | 2 +- 5 files changed, 58 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1583b1c9f..cc3c547f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + +## [Backdoor][2024-09-10] +- Changed flashing messages to be less scary (@iceman1001) +- Fixed docker containers and their documentation (@doegox) +- Fixed `hf ict` - buffer overflow (@doegox) - Fixed `hf felica raw -s` - dont check crc for select tag response, thanks @RebornedBrian! (@iceman1001) - Added a multi-threaded of ht2crack2search (@iceman1001) - Fixed ISO14443a bounds-checking because @doegex found cards not following ISO14443a when fuzzed (@iceman1001) diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index 185e49ddf..2e16f1c96 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -763,7 +763,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 } // all commands must have a valid CRC - if (!CheckCrc14A(receivedCmd_dec, receivedCmd_len)) { + if (CheckCrc14A(receivedCmd_dec, receivedCmd_len) == false) { EmSend4bit(encrypted_data ? mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA) : CARD_NACK_NA); FpgaDisableTracing(); diff --git a/client/src/comms.c b/client/src/comms.c index 091f51d86..21e63402c 100644 --- a/client/src/comms.c +++ b/client/src/comms.c @@ -428,7 +428,8 @@ __attribute__((force_align_arg_pointer)) // Signal to main thread that communications seems off. // main thread will kill and restart this thread. if (commfailed) { - if (g_conn.last_command != CMD_HARDWARE_RESET) { + if (g_conn.last_command != CMD_HARDWARE_RESET && + g_conn.last_command != CMD_START_FLASH) { PrintAndLogEx(WARNING, "\nCommunicating with Proxmark3 device " _RED_("failed")); } __atomic_test_and_set(&comm_thread_dead, __ATOMIC_SEQ_CST); diff --git a/client/src/flash.c b/client/src/flash.c index 37dcd858d..d5e2b2fa1 100644 --- a/client/src/flash.c +++ b/client/src/flash.c @@ -428,21 +428,24 @@ static int get_proxmark_state(uint32_t *state) { // Enter the bootloader to be able to start flashing static int enter_bootloader(char *serial_port_name, bool wait_appear) { - uint32_t state; - int ret; - if ((ret = get_proxmark_state(&state)) != PM3_SUCCESS) + uint32_t state = 0; + int ret = get_proxmark_state(&state); + if (ret != PM3_SUCCESS) { return ret; + } /* Already in flash state, we're done. */ - if (state & DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) + if ((state & DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) == DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) { return PM3_SUCCESS; + } - if (state & DEVICE_INFO_FLAG_CURRENT_MODE_OS) { + if ((state & DEVICE_INFO_FLAG_CURRENT_MODE_OS) == DEVICE_INFO_FLAG_CURRENT_MODE_OS) { PrintAndLogEx(SUCCESS, _CYAN_("Entering bootloader...")); - if ((state & DEVICE_INFO_FLAG_BOOTROM_PRESENT) - && (state & DEVICE_INFO_FLAG_OSIMAGE_PRESENT)) { + if ( + ((state & DEVICE_INFO_FLAG_BOOTROM_PRESENT) == DEVICE_INFO_FLAG_BOOTROM_PRESENT) && + ((state & DEVICE_INFO_FLAG_OSIMAGE_PRESENT) == DEVICE_INFO_FLAG_OSIMAGE_PRESENT)) { // New style handover: Send CMD_START_FLASH, which will reset the board // and enter the bootrom on the next boot. SendCommandBL(CMD_START_FLASH, 0, 0, 0, NULL, 0); @@ -453,6 +456,7 @@ static int enter_bootloader(char *serial_port_name, bool wait_appear) { PrintAndLogEx(SUCCESS, "Press and hold down button NOW if your bootloader requires it."); } msleep(500); + PrintAndLogEx(SUCCESS, _CYAN_("Trigger restart...")); CloseProxmark(g_session.current_device); // Let time to OS to make the port disappear msleep(1000); @@ -487,8 +491,9 @@ static int wait_for_ack(PacketResponseNG *ack) { static bool gs_printed_msg = false; static void flash_suggest_update_bootloader(void) { - if (gs_printed_msg) + if (gs_printed_msg) { return; + } PrintAndLogEx(ERR, _RED_("It is recommended that you first" _YELLOW_(" update your bootloader") _RED_(" alone,"))); PrintAndLogEx(ERR, _RED_("reboot the Proxmark3 then only update the main firmware") "\n"); @@ -510,19 +515,21 @@ static void flash_suggest_update_flasher(void) { // Go into flashing mode int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t *max_allowed) { + + int ret = enter_bootloader(serial_port_name, true); + if (ret != PM3_SUCCESS) { + return ret; + } + uint32_t state; - uint32_t chipinfo = 0; - int ret; - - ret = enter_bootloader(serial_port_name, true); - if (ret != PM3_SUCCESS) - return ret; - ret = get_proxmark_state(&state); - if (ret != PM3_SUCCESS) + if (ret != PM3_SUCCESS) { return ret; + } - if (state & DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO) { + uint32_t chipinfo = 0; + + if ((state & DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO) == DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO) { SendCommandBL(CMD_CHIP_INFO, 0, 0, 0, NULL, 0); PacketResponseNG resp; WaitForResponse(CMD_CHIP_INFO, &resp); @@ -530,11 +537,14 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t } int version = BL_VERSION_INVALID; - if (state & DEVICE_INFO_FLAG_UNDERSTANDS_VERSION) { + + if ((state & DEVICE_INFO_FLAG_UNDERSTANDS_VERSION) == DEVICE_INFO_FLAG_UNDERSTANDS_VERSION) { + SendCommandBL(CMD_BL_VERSION, 0, 0, 0, NULL, 0); PacketResponseNG resp; WaitForResponse(CMD_BL_VERSION, &resp); version = resp.oldarg[0]; + if ((BL_VERSION_MAJOR(version) < BL_VERSION_FIRST_MAJOR) || (BL_VERSION_MAJOR(version) > BL_VERSION_LAST_MAJOR)) { // version info seems fishy version = BL_VERSION_INVALID; @@ -562,7 +572,9 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t int mem_avail = chipid_to_mem_avail(chipinfo); if (mem_avail != 0) { + PrintAndLogEx(INFO, "Available memory on this board: "_YELLOW_("%uK") " bytes\n", mem_avail); + if (mem_avail > 256) { if (BL_VERSION_MAJOR(version) < BL_VERSION_MAJOR(BL_VERSION_1_0_0)) { PrintAndLogEx(ERR, _RED_("====================== OBS ! ======================")); @@ -573,6 +585,7 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t *max_allowed = mem_avail; } } + } else { PrintAndLogEx(INFO, "Available memory on this board: "_RED_("UNKNOWN")"\n"); PrintAndLogEx(ERR, _RED_("====================== OBS ! ======================================")); @@ -585,15 +598,17 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t } else { PrintAndLogEx(INFO, "Permitted flash range: 0x%08x-0x%08x", BOOTLOADER_END, flash_end); } - if (state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) { - PacketResponseNG resp; + + if ((state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) == DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) { if (enable_bl_writes) { SendCommandBL(CMD_START_FLASH, FLASH_START, flash_end, START_FLASH_MAGIC, NULL, 0); } else { SendCommandBL(CMD_START_FLASH, BOOTLOADER_END, flash_end, 0, NULL, 0); } + PacketResponseNG resp; return wait_for_ack(&resp); + } else { PrintAndLogEx(ERR, _RED_("====================== OBS ! ========================================")); PrintAndLogEx(ERR, _RED_("Note: Your bootloader does not understand the new" _YELLOW_(" START_FLASH") _RED_(" command"))); @@ -664,8 +679,9 @@ int flash_write(flash_file_t *ctx) { while (length) { uint32_t block_size = length; - if (block_size > BLOCK_SIZE) + if (block_size > BLOCK_SIZE) { block_size = BLOCK_SIZE; + } if (write_block(baddr, data, block_size) < 0) { PrintAndLogEx(ERR, "Error writing block %d of %u", block, blocks); @@ -676,9 +692,11 @@ int flash_write(flash_file_t *ctx) { baddr += block_size; length -= block_size; block++; + if (len < ice3len) { fprintf(stdout, "%c", ice3[len++]); } else { + if ((len - ice3len) % 67 == 0) { fprintf(stdout, "\n"); } @@ -695,21 +713,29 @@ int flash_write(flash_file_t *ctx) { // free a file context void flash_free(flash_file_t *ctx) { - if (!ctx) + + if (!ctx) { return; + } + if (ctx->filename != NULL) { free(ctx->filename); ctx->filename = NULL; } + if (ctx->elf) { free(ctx->elf); ctx->elf = NULL; ctx->phdrs = NULL; ctx->num_phdrs = 0; } + if (ctx->segments) { - for (int i = 0; i < ctx->num_segs; i++) + + for (int i = 0; i < ctx->num_segs; i++) { free(ctx->segments[i].data); + } + free(ctx->segments); ctx->segments = NULL; ctx->num_segs = 0; diff --git a/doc/commands.json b/doc/commands.json index 369dfae7a..5fc774ada 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -12886,6 +12886,6 @@ "metadata": { "commands_extracted": 743, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2024-09-06T20:59:05" + "extracted_on": "2024-09-10T12:26:03" } }