iceman1001 [Fri, 15 Jan 2016 11:43:29 +0000 (12:43 +0100)]
FIX: this should remove some warnings while compiling on linux and when running Travis-CI in a docker container.
some format specifier for uint64_t
and getting the git history in the perl script.
iceman1001 [Wed, 13 Jan 2016 13:53:32 +0000 (14:53 +0100)]
FIX: Coverity, out-of-bounds read, 124 is less than (0x10*8)+2 (130)
FIX: Coverity, dead-code, bitcomparison always false. Copy-paste error? but 0x0F can never be equal 0x10.. I guessing its 0x01. @pwpivi have to correct me if its wrong.
iceman1001 [Tue, 12 Jan 2016 22:35:06 +0000 (23:35 +0100)]
FIX: Coverity, out-of-bounds write, CID#121340, CID#121341, CID#121342, CID#121343, wrong size in check, sprintf always adds a null terminator, so if filepath would have been 996 chars long, this might had happend... but no more.
iceman1001 [Tue, 12 Jan 2016 22:27:42 +0000 (23:27 +0100)]
FIX: Coverity, CID#121314, Explicit null dereferenced, in really odd occasions buf would be NULL, and sending NULL to memcpy dereferences it. Not sure about this fix.
iceman1001 [Tue, 12 Jan 2016 22:05:10 +0000 (23:05 +0100)]
FIX: Coverity, out-of-bounds, CID#121330, CID#121331, CID#121332, CID#121333,
keyNbr has to be smaller then ICLASS_KEYS_MAX (since the Iclass_Key_Table array is initialised with it).
iceman1001 [Tue, 12 Jan 2016 21:33:54 +0000 (22:33 +0100)]
FIX: Coverity, unintended sign extention, CID #121363, (numbits << 16) becomes int, then uint64_t. But the signness might set all upper bits to 1 in the process.
iceman1001 [Sat, 9 Jan 2016 16:17:36 +0000 (17:17 +0100)]
ADD: a new pwdgen algo Nicknamed C, (Huge props to @Bettse for everything) also added to the "hf mfu info" command. However, that will not work given the system's lockbits.. :( Maybe I'll add a function to test all imp pwdgens given a UID without making a authentication call to tag.
iceman1001 [Fri, 8 Jan 2016 13:30:56 +0000 (14:30 +0100)]
FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return.
FIX: coverty scan, overflow in "hf 14a raw", added an extra len check against USB_CMD_DATA_SIZE
iceman1001 [Fri, 8 Jan 2016 13:28:13 +0000 (14:28 +0100)]
ADD: @go_tus 's code to generate wiegand codes from FacilityCode/SiteCode and Cardnumber. Almost there, formatlength supported is 26,34,35,37,38,40,44,75,84, when its finised.
iceman1001 [Fri, 8 Jan 2016 13:25:10 +0000 (14:25 +0100)]
FIX: coverty scan reveals some resourceleaks and overruns, which is supposed to be fixed now.
/armsrc/des.c overflow 7 instead of 6
/client/cmdlfhitag.c overflows traclen
/client/util.c sprint_bin_break overflows.
/client/cmdhficlass.c need to free memory after malloc.
iceman1001 [Mon, 21 Dec 2015 18:48:00 +0000 (19:48 +0100)]
CHG: some textual change to README.txt
ADD: a prng.c to collect some different PRNG's i've ran into
ADD: some changes the tea implementation
ADD: a enhanced version - SwapEndian64ex
iceman1001 [Mon, 14 Dec 2015 21:50:54 +0000 (22:50 +0100)]
REM: removed an unused doublett function "printBits" in util.c
ADD: added a new string helper function "sprint_hex_ascii" in util.c
ADD: added "LF AWID BRUTE", a very simple bruteforce command for the awid commands.
it takes a facility-code, and iterates all possible 0xFFFF cardnum by sending sim command. It also uses the usb_poll function to stop the bruteforce on keypress and not leaving the pm3 device running the simulation.
the command implements the help parameter.
iceman1001 [Wed, 2 Dec 2015 21:46:11 +0000 (22:46 +0100)]
CHG: updated helptext for lf t55xx bruteforce
ADD: a ROL function in util.c
ADD: two pwdgen functions in cmdhfmfu.c, call them with a 7byte UID and get a 4byte number back. Will see if it can be connected with the "hf mfu info" command, make data extraction easier later on.
ADD: added some more easy pwd in the dictionary file default_pwd.dic
iceman1001 [Tue, 1 Dec 2015 21:47:03 +0000 (22:47 +0100)]
ADD: Added the possibility to exit the bruteforce mode (either rangesearch or file) with the keyboard.
FIX: if not found, the range search printed wrong number.
iceman1001 [Tue, 1 Dec 2015 21:38:37 +0000 (22:38 +0100)]
FIX: the lfsampling.c for t55xx had a tendecy to enter a neverending loop. Moved exit branch into the while statement, which seems to solve it.
FIX: Strange int -> uint8_t casting behavior (0x05 gets the 25bit set and becomes 0x10005 instead) in fskdemod, removed int and sscanf.
iceman1001 [Tue, 1 Dec 2015 12:07:01 +0000 (13:07 +0100)]
ADD: added the possibility to load a default pwd file to be used with the "lf t55xx bruteforce" command.
new option:
lf t55xx brutefore i default_pwd.dic - will load default pwds from file and test against tag.