plus strlen(Cmd) can never be less than 0
iceman1001 fixes...
char buf[9];\r
char filename[FILE_PATH_SIZE]={0};\r
int keycnt = 0;\r
char buf[9];\r
char filename[FILE_PATH_SIZE]={0};\r
int keycnt = 0;\r
uint8_t stKeyBlock = 20;\r
uint8_t stKeyBlock = 20;\r
- uint8_t *keyBlock = NULL, *p;\r
- keyBlock = calloc(stKeyBlock, 6);\r
- if (keyBlock == NULL) return 1;\r
-\r
+ uint8_t *keyBlock = NULL, *p = NULL;\r
uint32_t start_password = 0x00000000; //start password\r
uint32_t end_password = 0xFFFFFFFF; //end password\r
bool found = false;\r
uint32_t start_password = 0x00000000; //start password\r
uint32_t end_password = 0xFFFFFFFF; //end password\r
bool found = false;\r
char cmdp = param_getchar(Cmd, 0);\r
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
\r
char cmdp = param_getchar(Cmd, 0);\r
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
\r
+ keyBlock = calloc(stKeyBlock, 6);\r
+ if (keyBlock == NULL) return 1;\r
+\r
if (cmdp == 'i' || cmdp == 'I') {\r
\r
int len = strlen(Cmd+2);\r
if (cmdp == 'i' || cmdp == 'I') {\r
\r
int len = strlen(Cmd+2);\r
if (!p) {\r
PrintAndLog("Cannot allocate memory for defaultKeys");\r
free(keyBlock);\r
if (!p) {\r
PrintAndLog("Cannot allocate memory for defaultKeys");\r
free(keyBlock);\r
return 2;\r
}\r
keyBlock = p;\r
return 2;\r
}\r
keyBlock = p;\r
\r
if (keycnt == 0) {\r
PrintAndLog("No keys found in file");\r
\r
if (keycnt == 0) {\r
PrintAndLog("No keys found in file");\r
return 1;\r
}\r
PrintAndLog("Loaded %d keys", keycnt);\r
return 1;\r
}\r
PrintAndLog("Loaded %d keys", keycnt);\r
for (uint16_t c = 0; c < keycnt; ++c ) {\r
\r
if (ukbhit()) {\r
for (uint16_t c = 0; c < keycnt; ++c ) {\r
\r
if (ukbhit()) {\r
+ ch = getchar();\r
+ (void)ch;\r
printf("\naborted via keyboard!\n");\r
printf("\naborted via keyboard!\n");\r
\r
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
\r
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
\r
if ( found ) {\r
PrintAndLog("Found valid password: [%08X]", testpwd);\r
\r
if ( found ) {\r
PrintAndLog("Found valid password: [%08X]", testpwd);\r
return 0;\r
}\r
}\r
PrintAndLog("Password NOT found.");\r
return 0;\r
}\r
}\r
PrintAndLog("Password NOT found.");\r
start_password = param_get32ex(Cmd, 0, 0, 16);\r
end_password = param_get32ex(Cmd, 1, 0, 16);\r
\r
start_password = param_get32ex(Cmd, 0, 0, 16);\r
end_password = param_get32ex(Cmd, 1, 0, 16);\r
\r
- if ( start_password >= end_password ) return usage_t55xx_bruteforce();\r
-\r
+ if ( start_password >= end_password ) {\r
+ free(keyBlock);\r
+ return usage_t55xx_bruteforce();\r
+ }\r
PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
\r
uint32_t i = start_password;\r
PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
\r
uint32_t i = start_password;\r
printf(".");\r
fflush(stdout);\r
if (ukbhit()) {\r
printf(".");\r
fflush(stdout);\r
if (ukbhit()) {\r
+ ch = getchar();\r
+ (void)ch;\r
printf("\naborted via keyboard!\n");\r
printf("\naborted via keyboard!\n");\r
return 0;\r
}\r
\r
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
return 0;\r
}\r
\r
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
return 0;\r
}\r
found = tryDetectModulation();\r
return 0;\r
}\r
found = tryDetectModulation();\r
PrintAndLog("Found valid password: [%08x]", i);\r
else\r
PrintAndLog("Password NOT found. Last tried: [%08x]", --i);\r
PrintAndLog("Found valid password: [%08x]", i);\r
else\r
PrintAndLog("Password NOT found. Last tried: [%08x]", --i);\r
uint64_t rawID = 0;
bool Q5 = false;
char cmdp = param_getchar(Cmd, 0);
uint64_t rawID = 0;
bool Q5 = false;
char cmdp = param_getchar(Cmd, 0);
- if (strlen(Cmd) < 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_clone();
+ if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_clone();
id = param_get32ex(Cmd, 0, 0, 16);
if (id == 0) return usage_lf_viking_clone();
id = param_get32ex(Cmd, 0, 0, 16);
if (id == 0) return usage_lf_viking_clone();
Q5 = true;
rawID = getVikingBits(id);
Q5 = true;
rawID = getVikingBits(id);
- PrintAndLog("Cloning - ID: %08X, Raw: %08X%08X",id,(uint32_t)(rawID >> 32),(uint32_t) (rawID & 0xFFFFFFFF));
- UsbCommand c = {CMD_VIKING_CLONE_TAG,{rawID >> 32, rawID & 0xFFFFFFFF, Q5}};
+
+ UsbCommand c = {CMD_VIKING_CLONE_TAG,{rawID >> 32, rawID & 0xFFFF, Q5}};
clearCommandBuffer();
SendCommand(&c);
//check for ACK
clearCommandBuffer();
SendCommand(&c);
//check for ACK
uint8_t clk = 32, encoding = 1, separator = 0, invert = 0;
char cmdp = param_getchar(Cmd, 0);
uint8_t clk = 32, encoding = 1, separator = 0, invert = 0;
char cmdp = param_getchar(Cmd, 0);
- if (strlen(Cmd) < 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_sim();
+ if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_viking_sim();
id = param_get32ex(Cmd, 0, 0, 16);
if (id == 0) return usage_lf_viking_sim();
id = param_get32ex(Cmd, 0, 0, 16);
if (id == 0) return usage_lf_viking_sim();