github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix out of bound

Browse source
This commit is contained in:
iceman1001 2020-05-27 22:33:16 +02:00
commit e7feadf32c
3 changed files with 18 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

25
client/src/cmdhfmfdes.c
View file

@ -1050,7 +1050,6 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign
}; };
uint8_t i; uint8_t i;
int res;
bool is_valid = false; bool is_valid = false;
for (i = 0; i < ARRAYLEN(nxp_desfire_public_keys); i++) { for (i = 0; i < ARRAYLEN(nxp_desfire_public_keys); i++) {
@ -1059,12 +1058,12 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign
uint8_t key[PUBLIC_DESFIRE_ECDA_KEYLEN]; uint8_t key[PUBLIC_DESFIRE_ECDA_KEYLEN];
param_gethex_to_eol(nxp_desfire_public_keys[i].value, 0, key, PUBLIC_DESFIRE_ECDA_KEYLEN, &dl); param_gethex_to_eol(nxp_desfire_public_keys[i].value, 0, key, PUBLIC_DESFIRE_ECDA_KEYLEN, &dl);
res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, 7, signature, signature_len, false); int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, 7, signature, signature_len, false);
is_valid = (res == 0); is_valid = (res == 0);
if (is_valid) if (is_valid)
break; break;
} }
if (is_valid == false) { if (is_valid == false || i == ARRAYLEN(nxp_desfire_public_keys)) {
PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed")); PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed"));
return PM3_ESOFT; return PM3_ESOFT;
} }
@ -3982,21 +3981,21 @@ static int CmdHF14aDesChk(const char *Cmd) {
// dictionary mode // dictionary mode
size_t endFilePosition = 0; size_t endFilePosition = 0;
if (dict_filenamelen) { if (dict_filenamelen) {
uint32_t keycnt = 0;
res = loadFileDICTIONARYEx((char *)dict_filename, deskeyList, sizeof(deskeyList), NULL, 8, &keycnt, 0, &endFilePosition, true); res = loadFileDICTIONARYEx((char *)dict_filename, deskeyList, sizeof(deskeyList), NULL, 8, &deskeyListLen, 0, &endFilePosition, true);
deskeyListLen = keycnt; if (res == PM3_SUCCESS && endFilePosition)
if (endFilePosition)
PrintAndLogEx(SUCCESS, "First part of des dictionary successfully loaded."); PrintAndLogEx(SUCCESS, "First part of des dictionary successfully loaded.");
endFilePosition = 0; endFilePosition = 0;
res = loadFileDICTIONARYEx((char *)dict_filename, aeskeyList, sizeof(aeskeyList), NULL, 16, &keycnt, 0, &endFilePosition, true); res = loadFileDICTIONARYEx((char *)dict_filename, aeskeyList, sizeof(aeskeyList), NULL, 16, &aeskeyListLen, 0, &endFilePosition, true);
aeskeyListLen = keycnt; if (res == PM3_SUCCESS && endFilePosition)
if (endFilePosition)
PrintAndLogEx(SUCCESS, "First part of aes dictionary successfully loaded."); PrintAndLogEx(SUCCESS, "First part of aes dictionary successfully loaded.");
endFilePosition = 0; endFilePosition = 0;
res = loadFileDICTIONARYEx((char *)dict_filename, k3kkeyList, sizeof(k3kkeyList), NULL, 24, &keycnt, 0, &endFilePosition, true); res = loadFileDICTIONARYEx((char *)dict_filename, k3kkeyList, sizeof(k3kkeyList), NULL, 24, &k3kkeyListLen, 0, &endFilePosition, true);
k3kkeyListLen = keycnt; if (PM3_SUCCESS && endFilePosition)
if (endFilePosition)
PrintAndLogEx(SUCCESS, "First part of k3kdes dictionary successfully loaded."); PrintAndLogEx(SUCCESS, "First part of k3kdes dictionary successfully loaded.");
endFilePosition = 0; endFilePosition = 0;
} }

5
client/src/cmdhfmfp.c
View file

@ -168,7 +168,6 @@ static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature
}; };
uint8_t i; uint8_t i;
int res;
bool is_valid = false; bool is_valid = false;
for (i = 0; i < ARRAYLEN(nxp_plus_public_keys); i++) { for (i = 0; i < ARRAYLEN(nxp_plus_public_keys); i++) {
@ -177,7 +176,7 @@ static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature
uint8_t key[PUBLIC_PLUS_ECDA_KEYLEN]; uint8_t key[PUBLIC_PLUS_ECDA_KEYLEN];
param_gethex_to_eol(nxp_plus_public_keys[i].value, 0, key, PUBLIC_PLUS_ECDA_KEYLEN, &dl); param_gethex_to_eol(nxp_plus_public_keys[i].value, 0, key, PUBLIC_PLUS_ECDA_KEYLEN, &dl);
res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false); int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false);
is_valid = (res == 0); is_valid = (res == 0);
if (is_valid) if (is_valid)
break; break;
@ -186,7 +185,7 @@ static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature"));
if (is_valid == false) { if (is_valid == false || i == ARRAYLEN(nxp_plus_public_keys)) {
PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed")); PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed"));
return PM3_ESOFT; return PM3_ESOFT;
} }

7
client/src/cmdhfmfu.c
View file

@ -347,8 +347,7 @@ static int ul_select(iso14a_card_select_t *card) {
ul_switch_on_field(); ul_switch_on_field();
PacketResponseNG resp; PacketResponseNG resp;
bool ans = false; bool ans = WaitForResponseTimeout(CMD_ACK, &resp, 1500);
ans = WaitForResponseTimeout(CMD_ACK, &resp, 1500);
if (!ans || resp.oldarg[0] < 1) { if (!ans || resp.oldarg[0] < 1) {
PrintAndLogEx(WARNING, "iso14443a card select failed"); PrintAndLogEx(WARNING, "iso14443a card select failed");
@ -946,7 +945,7 @@ static int ulev1_print_signature(TagTypeUL_t tagtype, uint8_t *uid, uint8_t *sig
} }
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
if (is_valid == false) { if (is_valid == false || i == ARRAYLEN(nxp_mfu_public_keys)) {
PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed")); PrintAndLogEx(SUCCESS, "Signature verification " _RED_("failed"));
return PM3_ESOFT; return PM3_ESOFT;
} }
@ -982,7 +981,9 @@ static int ntag_print_counter(void) {
uint8_t counter[3] = {0, 0, 0}; uint8_t counter[3] = {0, 0, 0};
uint16_t len; uint16_t len;
len = ulev1_readTearing(0x02, tear, sizeof(tear)); len = ulev1_readTearing(0x02, tear, sizeof(tear));
(void)len;
len = ulev1_readCounter(0x02, counter, sizeof(counter)); len = ulev1_readCounter(0x02, counter, sizeof(counter));
(void)len;
PrintAndLogEx(INFO, " [02]: %s", sprint_hex(counter, 3)); PrintAndLogEx(INFO, " [02]: %s", sprint_hex(counter, 3));
PrintAndLogEx(SUCCESS, " - %02X tearing (" _GREEN_("%s")")", tear[0], (tear[0] == 0xBD) ? "ok" : "failure"); PrintAndLogEx(SUCCESS, " - %02X tearing (" _GREEN_("%s")")", tear[0], (tear[0] == 0xBD) ? "ok" : "failure");
return len; return len;