github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 18:48:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Temporary fix buffer overflow until new SIM firmware is released

Browse source
This commit is contained in:
Jean-Michel Picod 2022-12-04 21:31:06 +01:00
commit c2aed7900c
2 changed files with 17 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

25
armsrc/i2c.c
View file

@ -53,7 +53,7 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) {
#define I2C_DELAY_2CLK I2CSpinDelayClk(2)
#define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x))
#define ISO7618_MAX_FRAME 255
#define ISO7618_MAX_FRAME 260
// try i2c bus recovery at 100kHz = 5us high, 5us low
void I2C_recovery(void) {
@ -395,8 +395,8 @@ bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) {
}
//Sends array of data (Array, length, command to be written , SlaveDevice address ).
// len = uint8 (max buffer to write 256bytes)
bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) {
// len = uint16 because we need to write up to 256 bytes
bool I2C_BufferWrite(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) {
bool bBreak = true;
do {
if (!I2C_Start())
@ -433,8 +433,8 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev
}
// read one array of data (Data array, Readout length, command to be written , SlaveDevice address ).
// len = uint8 (max buffer to read 256bytes)
int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) {
// len = uint16 because we need to read up to 256bytes
int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) {
if (!data || len == 0)
return 0;
@ -631,7 +631,7 @@ int I2C_get_version(uint8_t *maj, uint8_t *min) {
}
// Will read response from smart card module, retries 3 times to get the data.
bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) {
bool sc_rx_bytes(uint8_t *dest, uint16_t *destlen) {
uint8_t i = 5;
int16_t len = 0;
@ -656,7 +656,7 @@ bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) {
if (len <= 1)
return false;
*destlen = (uint8_t)len & 0xFF;
*destlen = len;
return true;
}
@ -678,7 +678,10 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) {
return false;
// read bytes from module
uint8_t len = sizeof(card_ptr->atr);
uint16_t len = sizeof(card_ptr->atr);
if (len > sizeof(card_ptr->atr)) {
len = sizeof(card_ptr->atr);
}
if (sc_rx_bytes(card_ptr->atr, &len) == false)
return false;
@ -697,7 +700,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) {
uint8_t chksum = 0;
// xor property. will be zero when xored with chksum.
for (uint8_t i = 1; i < len; ++i)
for (uint16_t i = 1; i < len; ++i)
chksum ^= card_ptr->atr[i];
if (chksum) {
@ -706,7 +709,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) {
}
}
card_ptr->atr_len = len;
card_ptr->atr_len = (uint8_t) (len & 0xff);
if (verbose) {
LogTrace(card_ptr->atr, card_ptr->atr_len, 0, 0, NULL, false);
}
@ -732,7 +735,7 @@ void SmartCardAtr(void) {
void SmartCardRaw(smart_card_raw_t *p) {
LED_D_ON();
uint8_t len = 0;
uint16_t len = 0;
uint8_t *resp = BigBuf_malloc(ISO7618_MAX_FRAME);
// check if alloacted...
smartcard_command_t flags = p->flags;