From fbbfa0c356a76fd2075347654e689bb095fff6e1 Mon Sep 17 00:00:00 2001 From: Yann GASCUEL <34003959+lnv42@users.noreply.github.com> Date: Thu, 25 Jan 2024 08:38:35 +0100 Subject: [PATCH 1/3] iso15 JSON dump loading: fix loaded size --- client/src/fileutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/fileutils.c b/client/src/fileutils.c index 5cf6d6e34..1f413c2d8 100644 --- a/client/src/fileutils.c +++ b/client/src/fileutils.c @@ -1755,7 +1755,7 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz sptr += len; } - *datalen = sptr; + *datalen = sizeof(iso15_tag_t); goto out; } From f4d4e975ee2a9fc47dfc7401689c8a2a744f9098 Mon Sep 17 00:00:00 2001 From: Yann GASCUEL <34003959+lnv42@users.noreply.github.com> Date: Thu, 25 Jan 2024 08:54:10 +0100 Subject: [PATCH 2/3] iso15sim: init earlier to prevent other FPGA loading issue --- armsrc/iso15693.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c index b7c07e0ea..bd2d1c345 100644 --- a/armsrc/iso15693.c +++ b/armsrc/iso15693.c @@ -2130,6 +2130,9 @@ void SimTagIso15693(uint8_t *uid, uint8_t block_size) { // free eventually allocated BigBuf memory BigBuf_free_keep_EM(); + // Init early to be sure FPGA is loaded before any EML operation + // usefull when eml memory is empty (UID supplied) + Iso15693InitTag(); // to be sure FPGA is loaded before any EML operation iso15_tag_t *tag = (iso15_tag_t *) BigBuf_get_EM_addr(); if (tag == NULL) { @@ -2176,8 +2179,6 @@ void SimTagIso15693(uint8_t *uid, uint8_t block_size) { return; } - Iso15693InitTag(); - LED_A_ON(); if (g_dbglevel >= DBG_DEBUG) { From 63afe5e97a4982f0ffe228f02422d60d99d1a322 Mon Sep 17 00:00:00 2001 From: Yann GASCUEL <34003959+lnv42@users.noreply.github.com> Date: Thu, 25 Jan 2024 08:56:47 +0100 Subject: [PATCH 3/3] iso15: add more sanity check in eload --- client/src/cmdhf15.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index 2b6092e58..2edf605a1 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -1164,21 +1164,31 @@ static int CmdHF15ELoad(const char *Cmd) { CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParserFree(ctx); - uint8_t *data = NULL; + iso15_tag_t *tag = NULL; size_t bytes_read = 0; - int res = pm3_load_dump(filename, (void **)&data, &bytes_read, CARD_MEMORY_SIZE); + int res = pm3_load_dump(filename, (void **)&tag, &bytes_read, sizeof(iso15_tag_t)); if (res != PM3_SUCCESS) { return res; } - if (bytes_read > CARD_MEMORY_SIZE || bytes_read > sizeof(iso15_tag_t)) { - PrintAndLogEx(FAILED, "Memory image too large."); - free(data); + if (bytes_read != sizeof(iso15_tag_t)) { + PrintAndLogEx(FAILED, "Memory image is not matching tag structure."); + free(tag); return PM3_EINVARG; } if (bytes_read == 0) { PrintAndLogEx(FAILED, "Memory image empty."); - free(data); + free(tag); + return PM3_EINVARG; + } + + if ((tag->pagesCount > ISO15693_TAG_MAX_PAGES) || + ((tag->pagesCount * tag->bytesPerPage) > ISO15693_TAG_MAX_SIZE) || + (tag->pagesCount == 0) || + (tag->bytesPerPage == 0)) { + PrintAndLogEx(FAILED, "Tag size error: pagesCount=%d, bytesPerPage=%d", + tag->pagesCount, tag->bytesPerPage); + free(tag); return PM3_EINVARG; } @@ -1202,9 +1212,9 @@ static int CmdHF15ELoad(const char *Cmd) { } uint16_t bytestosend = MIN(chuncksize, bytes_read); - if (hf15EmlSetMem(data + offset, bytestosend, offset) != PM3_SUCCESS) { + if (hf15EmlSetMem((uint8_t*)tag + offset, bytestosend, offset) != PM3_SUCCESS) { PrintAndLogEx(FAILED, "Can't set emulator memory at offest: %zu / 0x%zx", offset, offset); - free(data); + free(tag); return PM3_ESOFT; } PrintAndLogEx(NORMAL, "." NOLF); @@ -1213,7 +1223,7 @@ static int CmdHF15ELoad(const char *Cmd) { offset += bytestosend; bytes_read -= bytestosend; } - free(data); + free(tag); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(SUCCESS, "uploaded " _YELLOW_("%zu") " bytes to emulator memory", offset);