]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
FIX: Coverity scan fixes, hard to keep track of stringlengths while reading and...
authoriceman1001 <iceman@iuse.se>
Wed, 17 Feb 2016 09:46:08 +0000 (10:46 +0100)
committericeman1001 <iceman@iuse.se>
Wed, 17 Feb 2016 09:46:08 +0000 (10:46 +0100)
armsrc/desfire_crypto.c
client/cmdhflegic.c
client/cmdparser.c
client/nonce2key/crapto1.c
client/nonce2key/crypto1.c
client/proxmark3.c

index acce980f3b768e3fe48f4f24ef4fd1e416ccd44e..18ed67f65393434952bfdd59914f273a1e288bf4 100644 (file)
@@ -580,7 +580,7 @@ void mifare_cypher_single_block (desfirekey_t key, uint8_t *data, uint8_t *ivect
                        {
                                AesCtx ctx;
                                AesCtxIni(&ctx, ivect, key->data, KEY128,CBC); 
-                               AesEncrypt(&ctx, data, edata, sizeof(data) );
+                               AesEncrypt(&ctx, data, edata, sizeof(edata) );
                                break;
                        }
                        case MCO_DECYPHER:
index 8310da8619f01ba53f07f214e88af5984b4410cd..ab9df4875f655d39e915e2e23dd016dfd035f61b 100644 (file)
@@ -68,7 +68,7 @@ int CmdLegicDecode(const char *Cmd) {
        uint32_t calc_crc =  CRC8Legic(data_buf, 4);    
        
        PrintAndLog("\nCDF: System Area");
-
+       PrintAndLog("------------------------------------------------------");
        PrintAndLog("MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s",
                data_buf[0],
                data_buf[1],
@@ -118,8 +118,22 @@ int CmdLegicDecode(const char *Cmd) {
        uint32_t segCalcCRC = 0;
        uint32_t segCRC = 0;
 
+       // see if user area is xored or just zeros.
+       int numOfZeros = 0;
+       for (int index=22; index < 256; ++index){
+               if ( data_buf[index] == 0x00 )
+                       ++numOfZeros;
+       }
+       // if possible zeros is less then 60%, lets assume data is xored
+       // 256  - 22 (header) = 234
+       // 1024 - 22 (header) = 1002
+       int isXored = (numOfZeros*100/stamp_len) < 50;
+       PrintAndLog("is data xored?  %d  ( %d %)", isXored, (numOfZeros*100/stamp_len));
+
+       print_hex_break( data_buf, 33, 16);
+       
        PrintAndLog("\nADF: User Area");
-       printf("-------------------------------------\n");
+       PrintAndLog("------------------------------------------------------");
        i = 22;  
        // 64 potential segements
        // how to detect there is no segments?!?
@@ -148,7 +162,7 @@ int CmdLegicDecode(const char *Cmd) {
                segCalcCRC = CRC8Legic(segCrcBytes, 8);
                segCRC = data_buf[i+4]^crc;
 
-               PrintAndLog("Segment %02u \nraw header=0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u,  Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)",
+               PrintAndLog("Segment %02u \nraw header | 0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u,  Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)",
                        segmentNum,
                        data_buf[i]^crc,
                        data_buf[i+1]^crc,
@@ -169,9 +183,10 @@ int CmdLegicDecode(const char *Cmd) {
     
                if ( hasWRC ) {
                        PrintAndLog("WRC protected area:   (I %d | K %d| WRC %d)", i, k, wrc);
-
+                       PrintAndLog("\nrow  | data");
+                       PrintAndLog("-----+------------------------------------------------");
                        // de-xor?  if not zero, assume it needs xoring.
-                       if ( data_buf[i] > 0) {
+                       if ( isXored) {
                                for ( k=i; k < wrc; ++k)
                                        data_buf[k] ^= crc;
                        }
@@ -182,9 +197,10 @@ int CmdLegicDecode(const char *Cmd) {
     
                if ( hasWRP ) {
                        PrintAndLog("Remaining write protected area:  (I %d | K %d | WRC %d | WRP %d  WRP_LEN %d)",i, k, wrc, wrp, wrp_len);
+                       PrintAndLog("\nrow  | data");
+                       PrintAndLog("-----+------------------------------------------------");
 
-                       // de-xor?  if not zero, assume it needs xoring.
-                       if ( data_buf[i] > 0) {
+                       if (isXored) {
                                for (k=i; k < wrp_len; ++k)
                                        data_buf[k] ^= crc;
                        }
@@ -199,8 +215,9 @@ int CmdLegicDecode(const char *Cmd) {
                }
     
                PrintAndLog("Remaining segment payload:  (I %d | K %d | Remain LEN %d)", i, k, remain_seg_payload_len);
-               
-               if ( data_buf[i] > 0 ) {
+               PrintAndLog("\nrow  | data");
+               PrintAndLog("-----+------------------------------------------------");
+               if ( isXored ) {
                        for ( k=i; k < remain_seg_payload_len; ++k)
                                data_buf[k] ^= crc;
                }
@@ -209,7 +226,7 @@ int CmdLegicDecode(const char *Cmd) {
     
                i += remain_seg_payload_len;
                
-               printf("\n-------------------------------------\n");
+               PrintAndLog("-----+------------------------------------------------\n");
 
                // end with last segment
                if (segment_flag & 0x8) return 0;
@@ -332,18 +349,18 @@ int CmdLegicSave(const char *Cmd) {
                return 0;
        }
 
-       FILE *f = fopen(filename, "w");
-       if(!f) {
-               PrintAndLog("couldn't open '%s'", Cmd+1);
-               return -1;
-       }
-
        GetFromBigBuf(got, requested, offset);
        if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){
-               PrintAndLog("Command execute timeout");
+               PrintAndLog("Command execute timeout"); 
                return 1;
        }
 
+       FILE *f = fopen(filename, "w");
+       if(!f) {
+               PrintAndLog("couldn't open '%s'", Cmd+1);
+               return -1;
+       }
+       
        for (int j = 0; j < requested; j += 8) {
                fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n",
                        got[j+0], got[j+1], got[j+2], got[j+3],
@@ -409,10 +426,11 @@ int CmdLegicCalcCrc8(const char *Cmd){
        int len =  strlen(Cmd); 
        if (len & 1 ) return usage_legic_calccrc8(); 
        
-       uint8_t *data = malloc(len);
+       // add 1 for null terminator.
+       uint8_t *data = malloc(len+1);
        if ( data == NULL ) return 1;
                
-       param_gethex(Cmd, 0, data, len );
+       if (!param_gethex(Cmd, 0, data, len )) return usage_legic_calccrc8(); 
        
        uint32_t checksum =  CRC8Legic(data, len/2);    
        PrintAndLog("Bytes: %s || CRC8: %X", sprint_hex(data, len/2), checksum );
index 90521931630d6deb0f6c964a73b2cecee431b13f..b622df4f700d7dad3d438e7c58fc841c7e54ec92 100644 (file)
@@ -43,7 +43,7 @@ int CmdsParse(const command_t Commands[], const char *Cmd)
   }
   char cmd_name[32];
   int len = 0;
-  memset(cmd_name, 0, 32);
+  memset(cmd_name, 0, sizeof(cmd_name));
   sscanf(Cmd, "%31s%n", cmd_name, &len);
   int i = 0;
   while (Commands[i].Name && strcmp(Commands[i].Name, cmd_name))
index f005a9e320e1a113e3d8f89a0be9c0f44e2348eb..626823f8022c43bc001f7d7b0c290c4a3aaa6208 100644 (file)
@@ -486,12 +486,11 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
        odd = lfsr_prefix_ks(ks, 1);\r
        even = lfsr_prefix_ks(ks, 0);\r
 \r
-       s = statelist = malloc((sizeof *statelist) << 21);\r
+       s = statelist = malloc((sizeof *statelist) << 20);\r
        if(!s || !odd || !even) {\r
                free(statelist);\r
-               free(odd);\r
-               free(even);\r
-               return 0;\r
+               statelist = 0;\r
+                goto out;\r
        }\r
 \r
        for(o = odd; *o + 1; ++o)\r
@@ -503,8 +502,8 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
                        }\r
 \r
        s->odd = s->even = 0;\r
-\r
+out:\r
        free(odd);\r
        free(even);\r
        return statelist;\r
-}
\ No newline at end of file
+}\r
index ba297b8df262a7ff2510b73dd5e8e6b332a74296..268d55a046378291cce7f2a40ca41ab59610b0d7 100644 (file)
@@ -24,7 +24,9 @@ struct Crypto1State * crypto1_create(uint64_t key)
 {
        struct Crypto1State *s = malloc(sizeof(*s));
        if ( !s ) return NULL;
-               
+
+       s->odd = s->even = 0;
+       
        int i;
        //for(i = 47;s && i > 0; i -= 2) {
        for(i = 47; i > 0; i -= 2) {
index 907f5e7f79925cff59149124be406535a554c8d1..70e09adacc15aba8534debd9f1443cbb45475442 100644 (file)
@@ -127,8 +127,8 @@ static void *main_loop(void *targ) {
        while(1)  {
 
                // If there is a script file
-               if (script_file)
-               {
+               if (script_file) {
+                       
                        if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) {
                                fclose(script_file);
                                script_file = NULL;
@@ -142,9 +142,10 @@ static void *main_loop(void *targ) {
                                
                                if (nl)
                                        *nl = '\0';
-
-                               if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) {
-                                       memset(cmd, 0, strlen(script_cmd_buf));
+                               
+                               int newlen = strlen(script_cmd_buf);
+                               if ((cmd = (char*) malloc( newlen + 1)) != NULL) {
+                                       memset(cmd, 0x00, newlen);
                                        strcpy(cmd, script_cmd_buf);
                                        printf("%s\n", cmd);
                                }
@@ -170,8 +171,14 @@ static void *main_loop(void *targ) {
                        printf("\n");
                        break;
                }
+               free(cmd);
        }
-  
+
+       if (script_file) {
+               fclose(script_file);
+               script_file = NULL;
+       }
+       
        write_history(".history");
 
        free(cmd);
@@ -181,11 +188,6 @@ static void *main_loop(void *targ) {
                pthread_join(reader_thread, NULL);
        }
 
-       if (script_file) {
-               fclose(script_file);
-               script_file = NULL;
-       }
-
        ExitGraphics();
        pthread_exit(NULL);
        return NULL;
Impressum, Datenschutz