+//-----------------------------------------------------------------------------
+// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// High frequency Legic commands
+//-----------------------------------------------------------------------------
+
#include <stdio.h>
#include <string.h>
#include "proxusb.h"
* Output BigBuf and deobfuscate LEGIC RF tag data.
* This is based on information given in the talk held
* by Henryk Ploetz and Karsten Nohl at 26c3
- * FIXME: will crash if sample buffer does not contain valid legic data
*/
int CmdLegicDecode(const char *Cmd)
{
if (wrc>0) {
PrintAndLog("WRC protected area:");
- for (k=0, j=0; k < wrc; k++, i++, j += 3) {
+ for (k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' ';
};
if (wrp>wrc) {
PrintAndLog("Remaining write protected area:");
- for (k=0, j=0; k < (wrp-wrc); k++, i++, j += 3) {
+ for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' ';
};
}
PrintAndLog("Remaining segment payload:");
- for (k=0, j=0; k < (segment_len - wrp - 5); k++, i++, j += 3) {
+ for (k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' ';
};
{
int byte_count=0,offset=0;
sscanf(Cmd, "%i %i", &offset, &byte_count);
- if(byte_count == 0) byte_count = 256;
- if(byte_count + offset > 256) byte_count = 256 - offset;
+ if(byte_count == 0) byte_count = -1;
+ if(byte_count + offset > 1024) byte_count = 1024 - offset;
UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}};
SendCommand(&c);
return 0;
projects / proxmark3-svn / blobdiff