github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-19 12:59:44 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #311 from marshmellow42/master

Browse source 
a few coverity scan bug fixes
This commit is contained in:
Iceman 2017-06-07 22:31:52 +02:00 committed by GitHub
commit 6b6aafabcf
6 changed files with 125 additions and 121 deletions
Download patch file Download diff file Expand all files Collapse all files

4
armsrc/iso14443a.c
View file

@ -2418,8 +2418,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
//Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2 //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
// This will be used in the reader-only attack. // This will be used in the reader-only attack.
//allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys //allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys
#define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack() #define ATTACK_KEY_COUNT 7 // keep same as define in cmdhfmf.c -> readerAttack() (Cannot be more than 7)
nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius) nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp)); memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));

224
client/cmdhf14a.c
View file

@ -561,72 +561,72 @@ int CmdHF14ASnoop(const char *Cmd) {
if (ctmp == 'r' || ctmp == 'R') param |= 0x02; if (ctmp == 'r' || ctmp == 'R') param |= 0x02;
} }
UsbCommand c = {CMD_SNOOP_ISO_14443a, {param, 0, 0}}; UsbCommand c = {CMD_SNOOP_ISO_14443a, {param, 0, 0}};
SendCommand(&c); SendCommand(&c);
return 0; return 0;
} }
int CmdHF14ACmdRaw(const char *cmd) { int CmdHF14ACmdRaw(const char *cmd) {
UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}}; UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
bool reply=1; bool reply=1;
bool crc = false; bool crc = false;
bool power = false; bool power = false;
bool active = false; bool active = false;
bool active_select = false; bool active_select = false;
uint16_t numbits = 0; uint16_t numbits = 0;
bool bTimeout = false; bool bTimeout = false;
uint32_t timeout = 0; uint32_t timeout = 0;
bool topazmode = false; bool topazmode = false;
char buf[5]=""; char buf[5]="";
int i = 0; int i = 0;
uint8_t data[USB_CMD_DATA_SIZE]; uint8_t data[USB_CMD_DATA_SIZE];
uint16_t datalen = 0; uint16_t datalen = 0;
uint32_t temp; uint32_t temp;
if (strlen(cmd)<2) { if (strlen(cmd)<2) {
PrintAndLog("Usage: hf 14a raw [-r] [-c] [-p] [-f] [-b] [-t] <number of bits> <0A 0B 0C ... hex>"); PrintAndLog("Usage: hf 14a raw [-r] [-c] [-p] [-f] [-b] [-t] <number of bits> <0A 0B 0C ... hex>");
PrintAndLog(" -r do not read response"); PrintAndLog(" -r do not read response");
PrintAndLog(" -c calculate and append CRC"); PrintAndLog(" -c calculate and append CRC");
PrintAndLog(" -p leave the signal field ON after receive"); PrintAndLog(" -p leave the signal field ON after receive");
PrintAndLog(" -a active signal field ON without select"); PrintAndLog(" -a active signal field ON without select");
PrintAndLog(" -s active signal field ON with select"); PrintAndLog(" -s active signal field ON with select");
PrintAndLog(" -b number of bits to send. Useful for send partial byte"); PrintAndLog(" -b number of bits to send. Useful for send partial byte");
PrintAndLog(" -t timeout in ms"); PrintAndLog(" -t timeout in ms");
PrintAndLog(" -T use Topaz protocol to send command"); PrintAndLog(" -T use Topaz protocol to send command");
return 0; return 0;
} }
// strip // strip
while (*cmd==' ' || *cmd=='\t') cmd++; while (*cmd==' ' || *cmd=='\t') cmd++;
while (cmd[i]!='\0') { while (cmd[i]!='\0') {
if (cmd[i]==' ' || cmd[i]=='\t') { i++; continue; } if (cmd[i]==' ' || cmd[i]=='\t') { i++; continue; }
if (cmd[i]=='-') { if (cmd[i]=='-') {
switch (cmd[i+1]) { switch (cmd[i+1]) {
case 'r': case 'r':
reply = false; reply = false;
break; break;
case 'c': case 'c':
crc = true; crc = true;
break; break;
case 'p': case 'p':
power = true; power = true;
break; break;
case 'a': case 'a':
active = true; active = true;
break; break;
case 's': case 's':
active_select = true; active_select = true;
break; break;
case 'b': case 'b':
sscanf(cmd+i+2,"%d",&temp); sscanf(cmd+i+2,"%d",&temp);
numbits = temp & 0xFFFF; numbits = temp & 0xFFFF;
i+=3; i+=3;
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; } while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i-=2; i-=2;
break; break;
case 't': case 't':
bTimeout = true; bTimeout = true;
sscanf(cmd+i+2,"%d",&temp); sscanf(cmd+i+2,"%d",&temp);
@ -635,93 +635,95 @@ int CmdHF14ACmdRaw(const char *cmd) {
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; } while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i-=2; i-=2;
break; break;
case 'T': case 'T':
topazmode = true; topazmode = true;
break; break;
default: default:
PrintAndLog("Invalid option"); PrintAndLog("Invalid option");
return 0; return 0;
} }
i+=2; i+=2;
continue; continue;
} }
if ((cmd[i]>='0' && cmd[i]<='9') || if ((cmd[i]>='0' && cmd[i]<='9') ||
(cmd[i]>='a' && cmd[i]<='f') || (cmd[i]>='a' && cmd[i]<='f') ||
(cmd[i]>='A' && cmd[i]<='F') ) { (cmd[i]>='A' && cmd[i]<='F') ) {
buf[strlen(buf)+1]=0; buf[strlen(buf)+1]=0;
buf[strlen(buf)]=cmd[i]; buf[strlen(buf)]=cmd[i];
i++; i++;
if (strlen(buf)>=2) { if (strlen(buf)>=2) {
sscanf(buf,"%x",&temp); sscanf(buf,"%x",&temp);
data[datalen]=(uint8_t)(temp & 0xff); data[datalen]=(uint8_t)(temp & 0xff);
*buf=0; *buf=0;
if (++datalen>sizeof(data)){ if (datalen > sizeof(data)-1) {
if (crc) if (crc)
PrintAndLog("Buffer is full, we can't add CRC to your data"); PrintAndLog("Buffer is full, we can't add CRC to your data");
break; break;
} else {
datalen++;
} }
} }
continue; continue;
} }
PrintAndLog("Invalid char on input"); PrintAndLog("Invalid char on input");
return 0; return 0;
} }
if(crc && datalen>0 && datalen<sizeof(data)-2) if(crc && datalen>0 && datalen<sizeof(data)-2)
{ {
uint8_t first, second; uint8_t first, second;
if (topazmode) { if (topazmode) {
ComputeCrc14443(CRC_14443_B, data, datalen, &first, &second); ComputeCrc14443(CRC_14443_B, data, datalen, &first, &second);
} else { } else {
ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second); ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
} }
data[datalen++] = first; data[datalen++] = first;
data[datalen++] = second; data[datalen++] = second;
} }
if(active || active_select) if(active || active_select)
{ {
c.arg[0] |= ISO14A_CONNECT; c.arg[0] |= ISO14A_CONNECT;
if(active) if(active)
c.arg[0] |= ISO14A_NO_SELECT; c.arg[0] |= ISO14A_NO_SELECT;
} }
if(bTimeout){ if(bTimeout){
#define MAX_TIMEOUT 40542464 // = (2^32-1) * (8*16) / 13560000Hz * 1000ms/s #define MAX_TIMEOUT 40542464 // = (2^32-1) * (8*16) / 13560000Hz * 1000ms/s
c.arg[0] |= ISO14A_SET_TIMEOUT; c.arg[0] |= ISO14A_SET_TIMEOUT;
if(timeout > MAX_TIMEOUT) { if(timeout > MAX_TIMEOUT) {
timeout = MAX_TIMEOUT; timeout = MAX_TIMEOUT;
PrintAndLog("Set timeout to 40542 seconds (11.26 hours). The max we can wait for response"); PrintAndLog("Set timeout to 40542 seconds (11.26 hours). The max we can wait for response");
} }
c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us) c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us)
} }
if(power) { if(power) {
c.arg[0] |= ISO14A_NO_DISCONNECT; c.arg[0] |= ISO14A_NO_DISCONNECT;
} }
if(datalen > 0) { if(datalen > 0) {
c.arg[0] |= ISO14A_RAW; c.arg[0] |= ISO14A_RAW;
} }
if(topazmode) { if(topazmode) {
c.arg[0] |= ISO14A_TOPAZMODE; c.arg[0] |= ISO14A_TOPAZMODE;
} }
// Max buffer is USB_CMD_DATA_SIZE // Max buffer is USB_CMD_DATA_SIZE (512)
c.arg[1] = (datalen & 0xFFFF) | (numbits << 16); c.arg[1] = (datalen & 0xFFFF) | ((uint32_t)numbits << 16);
memcpy(c.d.asBytes,data,datalen); memcpy(c.d.asBytes,data,datalen);
SendCommand(&c); SendCommand(&c);
if (reply) { if (reply) {
if(active_select) if(active_select)
waitCmd(1); waitCmd(1);
if(datalen>0) if(datalen>0)
waitCmd(0); waitCmd(0);
} // if reply } // if reply
return 0; return 0;
} }

4
client/cmdhfmf.c
View file

@ -970,6 +970,7 @@ int CmdHF14AMfChk(const char *Cmd)
break; break;
default: default:
PrintAndLog("Key type must be A , B or ?"); PrintAndLog("Key type must be A , B or ?");
free(keyBlock);
return 1; return 1;
}; };
@ -1120,7 +1121,8 @@ int CmdHF14AMfChk(const char *Cmd)
} }
void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack) { void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack) {
#define ATTACK_KEY_COUNT 8 // keep same as define in iso14443a.c -> Mifare1ksim() #define ATTACK_KEY_COUNT 7 // keep same as define in iso14443a.c -> Mifare1ksim()
// cannot be more than 7 or it will overrun c.d.asBytes(512)
uint64_t key = 0; uint64_t key = 0;
typedef struct { typedef struct {
uint64_t keyA; uint64_t keyA;

2
client/cmdhfmfu.c
View file

@ -1474,7 +1474,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
//Change key to user defined one //Change key to user defined one
if (cmdp == 'k' || cmdp == 'K'){ if (cmdp == 'k' || cmdp == 'K'){
keyNo = param_get8(Cmd, 1); keyNo = param_get8(Cmd, 1);
if(keyNo > KEYS_3DES_COUNT) if(keyNo > KEYS_3DES_COUNT-1)
errors = true; errors = true;
} }

6
client/cmdlfpresco.c
View file

@ -68,8 +68,8 @@ int GetWiegandFromPresco(const char *Cmd, uint32_t *sitecode, uint32_t *usercode
*fullcode = param_get32ex(Cmd, cmdp+1, 0, 10); *fullcode = param_get32ex(Cmd, cmdp+1, 0, 10);
cmdp+=2; cmdp+=2;
break; break;
case 'P': case 'D':
case 'p': case 'd':
//param get string int param_getstr(const char *line, int paramnum, char * str) //param get string int param_getstr(const char *line, int paramnum, char * str)
stringlen = param_getstr(Cmd, cmdp+1, id); stringlen = param_getstr(Cmd, cmdp+1, id);
if (stringlen < 2) return -1; if (stringlen < 2) return -1;
@ -91,7 +91,7 @@ int GetWiegandFromPresco(const char *Cmd, uint32_t *sitecode, uint32_t *usercode
if(cmdp == 0) errors = 1; if(cmdp == 0) errors = 1;
//Validations //Validations
if(errors) return -1; if(errors || (stringlen == 0 && !hex) ) return -1;
if (!hex) { if (!hex) {
for (int index =0; index < strlen(id); ++index) { for (int index =0; index < strlen(id); ++index) {

2
client/proxguiqt.h
View file

@ -128,7 +128,7 @@ public:
void run(); void run();
private: private:
char *script_cmds_file = NULL; char *script_cmds_file = NULL;
bool usb_present = false; bool usb_present;
}; };
#endif // PROXGUI_QT #endif // PROXGUI_QT