From cd777a0545066d87b1e0f838cdee0604941919d7 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 23 Apr 2016 18:23:46 +0200 Subject: [PATCH 1/1] FIX: Some Coverity Scan warnings. fread, not initialised etc etc --- armsrc/hitagS.c | 2 - client/cmdhfmf.c | 4 +- client/cmdhfmfhard.c | 53 +++++++++--------- client/cmdlfhitag.c | 100 ++++++++++++++++------------------ client/nonce2key/crapto1.c | 4 +- client/nonce2key/crypto1_bs.c | 4 +- client/nonce2key/crypto1_bs.h | 2 +- 7 files changed, 81 insertions(+), 88 deletions(-) diff --git a/armsrc/hitagS.c b/armsrc/hitagS.c index a5bce4b9..d760a400 100644 --- a/armsrc/hitagS.c +++ b/armsrc/hitagS.c @@ -10,8 +10,6 @@ //----------------------------------------------------------------------------- // Some code was copied from Hitag2.c //----------------------------------------------------------------------------- - - #include #include #include "proxmark3.h" diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 0e3024a0..67d2ab67 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -94,12 +94,14 @@ int usage_hf14_hardnested(void){ PrintAndLog(" w acquire nonces and write them to binary file nonces.bin"); PrintAndLog(" s slower acquisition (required by some non standard cards)"); PrintAndLog(" r read nonces.bin and start attack"); + PrintAndLog(" t tests?"); PrintAndLog(" "); PrintAndLog("samples:"); PrintAndLog(" hf mf hardnested 0 A FFFFFFFFFFFF 4 A"); PrintAndLog(" hf mf hardnested 0 A FFFFFFFFFFFF 4 A w"); PrintAndLog(" hf mf hardnested 0 A FFFFFFFFFFFF 4 A w s"); PrintAndLog(" hf mf hardnested r"); + PrintAndLog(" hf mf hardnested r a0a1a2a3a4a5"); PrintAndLog(" "); PrintAndLog("Add the known target key to check if it is present in the remaining key space:"); PrintAndLog(" sample5: hf mf hardnested 0 A A0A1A2A3A4A5 4 A FFFFFFFFFFFF"); @@ -937,7 +939,7 @@ int CmdHF14AMfNestedHard(const char *Cmd) { char ctmp; ctmp = param_getchar(Cmd, 0); - if (ctmp != 'H' && ctmp != 'h' ) return usage_hf14_hardnested(); + if (ctmp == 'H' || ctmp == 'h' ) return usage_hf14_hardnested(); if (ctmp != 'R' && ctmp != 'r' && ctmp != 'T' && ctmp != 't' && strlen(Cmd) < 20) return usage_hf14_hardnested(); bool know_target_key = false; diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index 0df1f157..1d642676 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -73,7 +73,6 @@ static const float p_K[257] = { // the probability that a random nonce has a Su 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0290 }; - typedef struct noncelistentry { uint32_t nonce_enc; @@ -92,7 +91,6 @@ typedef struct noncelist { float score1, score2; } noncelist_t; - static size_t nonces_to_bruteforce = 0; static noncelistentry_t *brute_force_nonces[256]; static uint32_t cuid = 0; @@ -130,10 +128,8 @@ typedef struct { static partial_indexed_statelist_t partial_statelist[17]; static partial_indexed_statelist_t statelist_bitflip; - static statelist_t *candidates = NULL; - static int add_nonce(uint32_t nonce_enc, uint8_t par_enc) { uint8_t first_byte = nonce_enc >> 24; @@ -448,32 +444,31 @@ static void Tests() // crypto1_destroy(pcs); - // printf("\nTests: number of states with BitFlipProperty: %d, (= %1.3f%% of total states)\n", statelist_bitflip.len[0], 100.0 * statelist_bitflip.len[0] / (1<<20)); - printf("\nTests: Actual BitFlipProperties odd/even:\n"); - for (uint16_t i = 0; i < 256; i++) { - printf("[%02x]:%c ", i, nonces[i].BitFlip[ODD_STATE]?'o':nonces[i].BitFlip[EVEN_STATE]?'e':' '); - if (i % 8 == 7) { - printf("\n"); - } - } + // printf("\nTests: Actual BitFlipProperties odd/even:\n"); + // for (uint16_t i = 0; i < 256; i++) { + // printf("[%02x]:%c ", i, nonces[i].BitFlip[ODD_STATE]?'o':nonces[i].BitFlip[EVEN_STATE]?'e':' '); + // if (i % 8 == 7) { + // printf("\n"); + // } + // } - printf("\nTests: Sorted First Bytes:\n"); - for (uint16_t i = 0; i < 256; i++) { - uint8_t best_byte = best_first_bytes[i]; - printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c\n", - //printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c, score1: %1.5f, score2: %1.0f\n", - i, best_byte, - nonces[best_byte].num, - nonces[best_byte].Sum, - nonces[best_byte].Sum8_guess, - nonces[best_byte].Sum8_prob * 100, - nonces[best_byte].BitFlip[ODD_STATE]?'o':nonces[best_byte].BitFlip[EVEN_STATE]?'e':' ' - //nonces[best_byte].score1, - //nonces[best_byte].score2 - ); - } + // printf("\nTests: Sorted First Bytes:\n"); + // for (uint16_t i = 0; i < 256; i++) { + // uint8_t best_byte = best_first_bytes[i]; + // printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c\n", + // //printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c, score1: %1.5f, score2: %1.0f\n", + // i, best_byte, + // nonces[best_byte].num, + // nonces[best_byte].Sum, + // nonces[best_byte].Sum8_guess, + // nonces[best_byte].Sum8_prob * 100, + // nonces[best_byte].BitFlip[ODD_STATE]?'o':nonces[best_byte].BitFlip[EVEN_STATE]?'e':' ' + // //nonces[best_byte].score1, + // //nonces[best_byte].score2 + // ); + // } // printf("\nTests: parity performance\n"); // time_t time1p = clock(); @@ -1628,7 +1623,7 @@ static void* crack_states_thread(void* x){ } return NULL; } -#define _USE_32BIT_TIME_T + static void brute_force(void) { if (known_target_key != -1) { @@ -1667,6 +1662,8 @@ static void brute_force(void) #ifndef __WIN32 thread_count = sysconf(_SC_NPROCESSORS_CONF); + if ( thread_count < 1) + thread_count = 1; #endif /* _WIN32 */ pthread_t threads[thread_count]; diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 2411fe5f..a5c3b8eb 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -28,8 +28,7 @@ size_t nbytes(size_t nbits) { return (nbits/8)+((nbits%8)>0); } -int CmdLFHitagList(const char *Cmd) -{ +int CmdLFHitagList(const char *Cmd) { uint8_t *got = malloc(USB_CMD_DATA_SIZE); // Query for the actual size of the trace @@ -58,13 +57,14 @@ int CmdLFHitagList(const char *Cmd) int len = strlen(Cmd); char filename[FILE_PATH_SIZE] = { 0x00 }; - FILE* pf = NULL; + FILE* f = NULL; if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; memcpy(filename, Cmd, len); if (strlen(filename) > 0) { - if ((pf = fopen(filename,"wb")) == NULL) { + f = fopen(filename,"wb"); + if (!f) { PrintAndLog("Error: Could not open file [%s]",filename); return 1; } @@ -129,8 +129,8 @@ int CmdLFHitagList(const char *Cmd) (isResponse ? "TAG" : " "), line); - if (pf) { - fprintf(pf," +%7d: %3d: %s %s\n", + if (f) { + fprintf(f," +%7d: %3d: %s %s\n", (prev < 0 ? 0 : (timestamp - prev)), bits, (isResponse ? "TAG" : " "), @@ -141,8 +141,8 @@ int CmdLFHitagList(const char *Cmd) i += (len + 9); } - if (pf) { - fclose(pf); + if (f) { + fclose(f); PrintAndLog("Recorded activity succesfully written to file: %s", filename); } @@ -161,7 +161,7 @@ int CmdLFHitagSim(const char *Cmd) { UsbCommand c = {CMD_SIMULATE_HITAG}; char filename[FILE_PATH_SIZE] = { 0x00 }; - FILE* pf; + FILE* f; bool tag_mem_supplied; int len = strlen(Cmd); @@ -169,25 +169,25 @@ int CmdLFHitagSim(const char *Cmd) { memcpy(filename, Cmd, len); if (strlen(filename) > 0) { - if ((pf = fopen(filename,"rb+")) == NULL) { + f = fopen(filename,"rb+"); + if (!f) { PrintAndLog("Error: Could not open file [%s]",filename); return 1; } tag_mem_supplied = true; - size_t bytes_read = fread(c.d.asBytes, 48, 1, pf); + size_t bytes_read = fread(c.d.asBytes, 48, 1, f); if ( bytes_read == 0) { PrintAndLog("Error: File reading error"); - fclose(pf); + fclose(f); return 1; } - fclose(pf); + fclose(f); } else { tag_mem_supplied = false; } // Does the tag comes with memory c.arg[0] = (uint32_t)tag_mem_supplied; - clearCommandBuffer(); SendCommand(&c); return 0; @@ -195,7 +195,6 @@ int CmdLFHitagSim(const char *Cmd) { int CmdLFHitagReader(const char *Cmd) { - UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}}; hitag_data* htd = (hitag_data*)c.d.asBytes; hitag_function htf = param_get32ex(Cmd,0,0,10); @@ -241,11 +240,8 @@ int CmdLFHitagReader(const char *Cmd) { // Copy the hitag2 function into the first argument c.arg[0] = htf; - clearCommandBuffer(); - // Send the command to the proxmark SendCommand(&c); - UsbCommand resp; WaitForResponse(CMD_ACK,&resp); @@ -253,28 +249,27 @@ int CmdLFHitagReader(const char *Cmd) { if (resp.arg[0] == false) return 1; uint32_t id = bytes_to_num(resp.d.asBytes,4); - char filename[FILE_PATH_SIZE]; - FILE* pf = NULL; + char filename[FILE_PATH_SIZE]; + FILE* f = NULL; sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff)); - if ((pf = fopen(filename,"wb")) == NULL) { + f = fopen(filename,"wb"); + if (!f) { PrintAndLog("Error: Could not open file [%s]",filename); return 1; } // Write the 48 tag memory bytes to file and finalize - fwrite(resp.d.asBytes,1,48,pf); - fclose(pf); - + fwrite(resp.d.asBytes, 1, 48, f); + fclose(f); PrintAndLog("Succesfully saved tag memory to [%s]",filename); return 0; } - int CmdLFHitagSimS(const char *Cmd) { UsbCommand c = { CMD_SIMULATE_HITAG_S }; char filename[FILE_PATH_SIZE] = { 0x00 }; - FILE* pf; + FILE* f; bool tag_mem_supplied; int len = strlen(Cmd); if (len > FILE_PATH_SIZE) @@ -282,24 +277,26 @@ int CmdLFHitagSimS(const char *Cmd) { memcpy(filename, Cmd, len); if (strlen(filename) > 0) { - if ((pf = fopen(filename, "rb+")) == NULL) { + f = fopen(filename, "rb+"); + if (!f) { PrintAndLog("Error: Could not open file [%s]", filename); return 1; } tag_mem_supplied = true; - if (fread(c.d.asBytes, 4*64, 1, pf) == 0) { + size_t bytes_read = fread(c.d.asBytes, 4*64, 1, f); + if ( bytes_read == 0) { PrintAndLog("Error: File reading error"); - fclose(pf); + fclose(f); return 1; } - fclose(pf); + fclose(f); } else { tag_mem_supplied = false; } // Does the tag comes with memory c.arg[0] = (uint32_t) tag_mem_supplied; - + clearCommandBuffer(); SendCommand(&c); return 0; } @@ -307,36 +304,37 @@ int CmdLFHitagSimS(const char *Cmd) { int CmdLFHitagCheckChallenges(const char *Cmd) { UsbCommand c = { CMD_TEST_HITAGS_TRACES }; char filename[FILE_PATH_SIZE] = { 0x00 }; - FILE* pf; + FILE* f; bool file_given; int len = strlen(Cmd); if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; memcpy(filename, Cmd, len); if (strlen(filename) > 0) { - if ((pf = fopen(filename,"rb+")) == NULL) { - PrintAndLog("Error: Could not open file [%s]",filename); + f = fopen(filename,"rb+"); + if( !f ) { + PrintAndLog("Error: Could not open file [%s]", filename); return 1; } file_given = true; - if (fread(c.d.asBytes,8*60,1,pf) == 0) { - PrintAndLog("Error: File reading error"); - fclose(pf); + size_t bytes_read = fread(c.d.asBytes, 8*60, 1, f); + if ( bytes_read == 0) { + PrintAndLog("Error: File reading error"); + fclose(f); return 1; } - fclose(pf); + fclose(f); } else { file_given = false; } //file with all the challenges to try c.arg[0] = (uint32_t)file_given; - - SendCommand(&c); - return 0; + clearCommandBuffer(); + SendCommand(&c); + return 0; } - int CmdLFHitagWP(const char *Cmd) { UsbCommand c = { CMD_WR_HITAG_S }; hitag_data* htd = (hitag_data*)c.d.asBytes; @@ -367,17 +365,15 @@ int CmdLFHitagWP(const char *Cmd) { // Copy the hitag function into the first argument c.arg[0] = htf; - // Send the command to the proxmark - SendCommand(&c); - - UsbCommand resp; - WaitForResponse(CMD_ACK,&resp); - - // Check the return status, stored in the first argument - if (resp.arg[0] == false) return 1; - return 0; -} + clearCommandBuffer(); + SendCommand(&c); + UsbCommand resp; + WaitForResponse(CMD_ACK,&resp); + // Check the return status, stored in the first argument + if (resp.arg[0] == false) return 1; + return 0; +} static command_t CommandTable[] = { diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c index 65e5d4b2..c17cea7a 100644 --- a/client/nonce2key/crapto1.c +++ b/client/nonce2key/crapto1.c @@ -383,7 +383,7 @@ uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb) /** nonce_distance * x,y valid tag nonces, then prng_successor(x, nonce_distance(x, y)) = y */ -static uint16_t *dist = 0; +static uint16_t *dist; int nonce_distance(uint32_t from, uint32_t to) { uint16_t x, i; @@ -391,7 +391,7 @@ int nonce_distance(uint32_t from, uint32_t to) dist = malloc(2 << 16); if(!dist) return -1; - for (x = i = 1; i; ++i) { + for (x = 1, i = 1; i; ++i) { dist[(x & 0xff) << 8 | x >> 8] = i; x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15; } diff --git a/client/nonce2key/crypto1_bs.c b/client/nonce2key/crypto1_bs.c index 2bb1194d..9a0272dd 100644 --- a/client/nonce2key/crypto1_bs.c +++ b/client/nonce2key/crypto1_bs.c @@ -80,7 +80,7 @@ inline const bitslice_value_t crypto1_bs_lfsr_rollback(const bitslice_value_t in // note that bytes are sliced and unsliced with reversed endianness inline void crypto1_bs_convert_states(bitslice_t bitsliced_states[], state_t regular_states[]){ size_t bit_idx = 0, slice_idx = 0; - state_t values[MAX_BITSLICES]; + state_t values[MAX_BITSLICES] = {{0x00}}; for(slice_idx = 0; slice_idx < MAX_BITSLICES; slice_idx++){ for(bit_idx = 0; bit_idx < STATE_SIZE; bit_idx++){ bool bit = get_vector_bit(slice_idx, bitsliced_states[bit_idx]); @@ -111,7 +111,7 @@ void crypto1_bs_bitslice_value32(uint32_t value, bitslice_t bitsliced_value[], s void crypto1_bs_print_states(bitslice_t bitsliced_states[]){ size_t slice_idx = 0; - state_t values[MAX_BITSLICES]; + state_t values[MAX_BITSLICES] = {{0x00}}; crypto1_bs_convert_states(bitsliced_states, values); for(slice_idx = 0; slice_idx < MAX_BITSLICES; slice_idx++){ printf("State %03zu: %012"llx"\n", slice_idx, values[slice_idx].value); diff --git a/client/nonce2key/crypto1_bs.h b/client/nonce2key/crypto1_bs.h index 8f332749..bef5c5e9 100644 --- a/client/nonce2key/crypto1_bs.h +++ b/client/nonce2key/crypto1_bs.h @@ -58,7 +58,7 @@ bitslice_t bs_zeroes; #define ROLLBACK_SIZE 8 // number of nonces required to test to cover entire 48-bit state // I would have said it's 12... but bla goes with 100, so I do too -#define NONCE_TESTS 100 +#define NONCE_TESTS 12 // state pointer management extern __thread bitslice_t states[KEYSTREAM_SIZE+STATE_SIZE]; -- 2.39.5