From 463ca973e7cf1e866bb60d7cc33d38e473aa4d3d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 16 Nov 2014 11:22:06 +0100 Subject: [PATCH 1/1] FIX: hf mf eload - now supports specifying 0,1,2,4 in card memory for the file to be loaded. FIX: hf mf esave - now supports specifying 0,1,2,4 in card memory for the file to be saved. ADD: data.h - added FILE_PATH_SIZE constant ADD: hf legic load - a command help and checks for FILE_PATH_SIZE ADD: hf legis save - now checks for FILE_PATH_SIZE ADD: lf hitag - now checks for FILE_PATH_SIZE ADD: util.c - AddLogLine now checks for FILE_PATH_SIZE ADD: data load / save - now checks for FILE_PATH_SIZE FIX: ui.c - added a case of closing a filehandle FIX: hf mf cload / csave now checks for FILE_PATH_SIZE FIX: armsrc/mifarecmd.c - adjusted the buffersize in MifareEMemget from 48 to USB_CMD_DATA_SIZE --- armsrc/mifarecmd.c | 8 +- client/cmddata.c | 29 ++++++-- client/cmdhflegic.c | 22 +++++- client/cmdhfmf.c | 140 +++++++++++++++++++++++------------ client/cmdlfhitag.c | 16 ++-- client/data.h | 1 + client/loclass/elite_crack.c | 1 - client/loclass/main.c | 2 - client/proxmark3.c | 2 +- client/ui.c | 1 + client/util.c | 14 +++- client/util.h | 1 + 12 files changed, 161 insertions(+), 76 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 0d1fb77a..4f3556b2 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -714,8 +714,8 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat crypto1_destroy(pcs); // add trace trailer -// memset(uid, 0x44, 4); -// LogTrace(uid, 4, 0, 0, TRUE); + memset(uid, 0x44, 4); + LogTrace(uid, 4, 0, 0, TRUE); byte_t buf[4 + 4 * 4]; memcpy(buf, &cuid, 4); @@ -826,11 +826,11 @@ void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) } void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){ - byte_t buf[48]; + byte_t buf[USB_CMD_DATA_SIZE]; emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4) LED_B_ON(); - cmd_send(CMD_ACK,arg0,arg1,0,buf,48); + cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE); LED_B_OFF(); } diff --git a/client/cmddata.c b/client/cmddata.c index 1df3486d..9fa26721 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -478,11 +478,18 @@ int CmdSamples(const char *Cmd) int CmdLoad(const char *Cmd) { - FILE *f = fopen(Cmd, "r"); - if (!f) { - PrintAndLog("couldn't open '%s'", Cmd); - return 0; - } + char filename[FILE_PATH_SIZE] = {0x00}; + int len = 0; + + len = strlen(Cmd); + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; + memcpy(filename, Cmd, len); + + FILE *f = fopen(filename, "r"); + if (!f) { + PrintAndLog("couldn't open '%s'", filename); + return 0; + } GraphTraceLen = 0; char line[80]; @@ -780,9 +787,17 @@ int CmdPlot(const char *Cmd) int CmdSave(const char *Cmd) { - FILE *f = fopen(Cmd, "w"); + char filename[FILE_PATH_SIZE] = {0x00}; + int len = 0; + + len = strlen(Cmd); + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; + memcpy(filename, Cmd, len); + + + FILE *f = fopen(filename, "w"); if(!f) { - PrintAndLog("couldn't open '%s'", Cmd); + PrintAndLog("couldn't open '%s'", filename); return 0; } int i; diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 340fd2b0..35ba1f28 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -218,7 +218,24 @@ int CmdLegicRFRead(const char *Cmd) int CmdLegicLoad(const char *Cmd) { - FILE *f = fopen(Cmd, "r"); + char filename[FILE_PATH_SIZE] = {0x00}; + int len = 0; + + if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { + PrintAndLog("It loads datasamples from the file `filename`"); + PrintAndLog("Usage: hf legic load "); + PrintAndLog(" sample: hf legic load filename"); + return 0; + } + + len = strlen(Cmd); + if (len > FILE_PATH_SIZE) { + PrintAndLog("Filepath too long (was %s bytes), max allowed is %s ", len, FILE_PATH_SIZE); + return 0; + } + memcpy(filename, Cmd, len); + + FILE *f = fopen(filename, "r"); if(!f) { PrintAndLog("couldn't open '%s'", Cmd); return -1; @@ -251,7 +268,7 @@ int CmdLegicSave(const char *Cmd) int requested = 1024; int offset = 0; int delivered = 0; - char filename[1024]; + char filename[FILE_PATH_SIZE]; uint8_t got[1024]; sscanf(Cmd, " %s %i %i", filename, &requested, &offset); @@ -265,7 +282,6 @@ int CmdLegicSave(const char *Cmd) int remainder = requested % 8; requested = requested + 8 - remainder; } - if (offset + requested > sizeof(got)) { PrintAndLog("Tried to read past end of buffer, + > 1024"); return 0; diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 35bf2a00..b7f336db 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -680,11 +680,10 @@ int CmdHF14AMfDump(const char *Cmd) int CmdHF14AMfRestore(const char *Cmd) { - uint8_t sectorNo,blockNo; uint8_t keyType = 0; - uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + uint8_t key[6] = {0xFF}; + uint8_t bldata[16] = {0x00}; uint8_t keyA[40][6]; uint8_t keyB[40][6]; uint8_t numSectors; @@ -702,7 +701,7 @@ int CmdHF14AMfRestore(const char *Cmd) default: numSectors = 16; } - if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') { + if (cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: hf mf restore [card memory]"); PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); PrintAndLog(""); @@ -710,11 +709,7 @@ int CmdHF14AMfRestore(const char *Cmd) PrintAndLog(" hf mf restore 4"); return 0; } - - if ((fdump = fopen("dumpdata.bin","rb")) == NULL) { - PrintAndLog("Could not find file dumpdata.bin"); - return 1; - } + if ((fkeys = fopen("dumpkeys.bin","rb")) == NULL) { PrintAndLog("Could not find file dumpkeys.bin"); return 1; @@ -734,6 +729,12 @@ int CmdHF14AMfRestore(const char *Cmd) } } + fclose(fkeys); + + if ((fdump = fopen("dumpdata.bin","rb")) == NULL) { + PrintAndLog("Could not find file dumpdata.bin"); + return 1; + } PrintAndLog("Restoring dumpdata.bin to card"); for (sectorNo = 0; sectorNo < numSectors; sectorNo++) { @@ -777,7 +778,7 @@ int CmdHF14AMfRestore(const char *Cmd) } fclose(fdump); - fclose(fkeys); + return 0; } @@ -1043,7 +1044,7 @@ int CmdHF14AMfChk(const char *Cmd) } FILE * f; - char filename[256]={0}; + char filename[FILE_PATH_SIZE]={0}; char buf[13]; uint8_t *keyBlock = NULL, *p; uint8_t stKeyBlock = 20; @@ -1135,7 +1136,7 @@ int CmdHF14AMfChk(const char *Cmd) keycnt++; } else { // May be a dic file - if ( param_getstr(Cmd, 2 + i,filename) > 255 ) { + if ( param_getstr(Cmd, 2 + i,filename) >= FILE_PATH_SIZE ) { PrintAndLog("File name too long"); free(keyBlock); return 2; @@ -1419,26 +1420,44 @@ int CmdHF14AMfESet(const char *Cmd) int CmdHF14AMfELoad(const char *Cmd) { FILE * f; - char filename[255]; + char filename[FILE_PATH_SIZE]; char *fnameptr = filename; char buf[64]; uint8_t buf8[64]; - int i, len, blockNum; + int i, len, blockNum, numBlocks; + int nameParamNo = 1; memset(filename, 0, sizeof(filename)); memset(buf, 0, sizeof(buf)); - if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { + char ctmp = param_getchar(Cmd, 0); + + if ( ctmp == 'h' || ctmp == 0x00) { PrintAndLog("It loads emul dump from the file `filename.eml`"); - PrintAndLog("Usage: hf mf eload "); + PrintAndLog("Usage: hf mf eload [card memory] "); + PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); + PrintAndLog(""); PrintAndLog(" sample: hf mf eload filename"); + PrintAndLog(" hf mf eload 4 filename"); return 0; } - len = strlen(Cmd); - if (len > 250) len = 250; + switch (ctmp) { + case '0' : numBlocks = 5*4; break; + case '1' : + case '\0': numBlocks = 16*4; break; + case '2' : numBlocks = 32*4; break; + case '4' : numBlocks = 256; break; + default: { + numBlocks = 16*4; + nameParamNo = 0; + } + } + + len = param_getstr(Cmd,nameParamNo,filename); + + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; - memcpy(filename, Cmd, len); fnameptr += len; sprintf(fnameptr, ".eml"); @@ -1446,43 +1465,49 @@ int CmdHF14AMfELoad(const char *Cmd) // open file f = fopen(filename, "r"); if (f == NULL) { - PrintAndLog("File not found or locked."); + PrintAndLog("File %s not found or locked", filename); return 1; } +// for (sectorNo = 0; sectorNo < numSectors; sectorNo++) { +// for(blockNo = 0; blockNo < NumBlocksPerSector(sectorNo); blockNo++) { + blockNum = 0; while(!feof(f)){ memset(buf, 0, sizeof(buf)); + if (fgets(buf, sizeof(buf), f) == NULL) { - if((blockNum == 16*4) || (blockNum == 32*4 + 8*16)) { // supports both old (1K) and new (4K) .eml files) - break; - } + + if (blockNum >= numBlocks) break; + PrintAndLog("File reading error."); fclose(f); return 2; } + if (strlen(buf) < 32){ if(strlen(buf) && feof(f)) break; PrintAndLog("File content error. Block data must include 32 HEX symbols"); return 2; } + for (i = 0; i < 32; i += 2) { sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]); -// PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16)); } + if (mfEmlSetMem(buf8, blockNum, 1)) { PrintAndLog("Cant set emul block: %3d", blockNum); return 3; } blockNum++; - if (blockNum >= 32*4 + 8*16) break; + if (blockNum >= numBlocks) break; } fclose(f); - if ((blockNum != 16*4) && (blockNum != 32*4 + 8*16)) { - PrintAndLog("File content error. There must be 64 or 256 blocks."); + if ((blockNum != numBlocks)) { + PrintAndLog("File content error. Got %d must be %d blocks.",blockNum, numBlocks); fclose(f); return 4; } @@ -1494,56 +1519,76 @@ int CmdHF14AMfELoad(const char *Cmd) int CmdHF14AMfESave(const char *Cmd) { FILE * f; - char filename[255]; + char filename[FILE_PATH_SIZE]; char * fnameptr = filename; uint8_t buf[64]; - int i, j, len; + int i, j, len, numBlocks; + int nameParamNo = 1; memset(filename, 0, sizeof(filename)); memset(buf, 0, sizeof(buf)); - if (param_getchar(Cmd, 0) == 'h') { - PrintAndLog("It saves emul dump into the file `filename.eml` or `cardID.eml`"); - PrintAndLog("Usage: hf mf esave [file name w/o `.eml`]"); + char ctmp = param_getchar(Cmd, 0); + + if ( ctmp == 'h') { + PrintAndLog("It saves emul dump into the file `filename.eml` or `cardID.eml`"); + PrintAndLog(" Usage: hf mf esave [card memory] [file name w/o `.eml`]"); + PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); + PrintAndLog(""); PrintAndLog(" sample: hf mf esave "); - PrintAndLog(" hf mf esave filename"); + PrintAndLog(" hf mf esave 4"); + PrintAndLog(" hf mf esave 4 filename"); return 0; } + + switch (ctmp) { + case '0' : numBlocks = 5*4; break; + case '1' : + case '\0': numBlocks = 16*4; break; + case '2' : numBlocks = 32*4; break; + case '4' : numBlocks = 256; break; + default: { + numBlocks = 16*4; + nameParamNo = 0; + } + } - len = strlen(Cmd); - if (len > 250) len = 250; + len = param_getstr(Cmd,nameParamNo,filename); + + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; + // user supplied filename? if (len < 1) { - // get filename + // get filename (UID from memory) if (mfEmlGetMem(buf, 0, 1)) { - PrintAndLog("Cant get block: %d", 0); - return 1; + PrintAndLog("Can\'t get UID from block: %d", 0); + sprintf(filename, "dump.eml"); } for (j = 0; j < 7; j++, fnameptr += 2) - sprintf(fnameptr, "%02x", buf[j]); + sprintf(fnameptr, "%02X", buf[j]); } else { - memcpy(filename, Cmd, len); fnameptr += len; } + // add file extension sprintf(fnameptr, ".eml"); // open file f = fopen(filename, "w+"); // put hex - for (i = 0; i < 32*4 + 8*16; i++) { + for (i = 0; i < numBlocks; i++) { if (mfEmlGetMem(buf, i, 1)) { PrintAndLog("Cant get block: %d", i); break; } for (j = 0; j < 16; j++) - fprintf(f, "%02x", buf[j]); + fprintf(f, "%02X", buf[j]); fprintf(f,"\n"); } fclose(f); - PrintAndLog("Saved to file: %s", filename); + PrintAndLog("Saved %d blocks to file: %s", numBlocks, filename); return 0; } @@ -1623,7 +1668,6 @@ int CmdHF14AMfEKeyPrn(const char *Cmd) if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) { PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1); break; - break; } keyA = bytes_to_num(data, 6); keyB = bytes_to_num(data + 10, 6); @@ -1709,7 +1753,7 @@ int CmdHF14AMfCSetBlk(const char *Cmd) int CmdHF14AMfCLoad(const char *Cmd) { FILE * f; - char filename[255]; + char filename[FILE_PATH_SIZE]; char * fnameptr = filename; char buf[64]; uint8_t buf8[64]; @@ -1750,7 +1794,7 @@ int CmdHF14AMfCLoad(const char *Cmd) return 0; } else { len = strlen(Cmd); - if (len > 250) len = 250; + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; memcpy(filename, Cmd, len); fnameptr += len; @@ -1873,7 +1917,7 @@ int CmdHF14AMfCGetSc(const char *Cmd) { int CmdHF14AMfCSave(const char *Cmd) { FILE * f; - char filename[255]; + char filename[FILE_PATH_SIZE]; char * fnameptr = filename; uint8_t fillFromEmulator = 0; uint8_t buf[64]; @@ -1915,7 +1959,7 @@ int CmdHF14AMfCSave(const char *Cmd) { return 0; } else { len = strlen(Cmd); - if (len > 250) len = 250; + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len < 1) { // get filename diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 331f2c87..ede03575 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -133,13 +133,17 @@ int CmdLFHitagSnoop(const char *Cmd) { } int CmdLFHitagSim(const char *Cmd) { - UsbCommand c = {CMD_SIMULATE_HITAG}; - char filename[256] = { 0x00 }; + + UsbCommand c = {CMD_SIMULATE_HITAG}; + char filename[FILE_PATH_SIZE] = { 0x00 }; FILE* pf; bool tag_mem_supplied; + int len = 0; - param_getstr(Cmd,0,filename); - + len = strlen(Cmd); + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; + memcpy(filename, Cmd, len); + if (strlen(filename) > 0) { if ((pf = fopen(filename,"rb+")) == NULL) { PrintAndLog("Error: Could not open file [%s]",filename); @@ -147,9 +151,9 @@ int CmdLFHitagSim(const char *Cmd) { } tag_mem_supplied = true; if (fread(c.d.asBytes,48,1,pf) == 0) { - PrintAndLog("Error: File reading error"); + PrintAndLog("Error: File reading error"); return 1; - } + } fclose(pf); } else { tag_mem_supplied = false; diff --git a/client/data.h b/client/data.h index 33ee9d04..eead3fa8 100644 --- a/client/data.h +++ b/client/data.h @@ -13,6 +13,7 @@ #include +#define FILE_PATH_SIZE 1000 #define SAMPLE_BUFFER_SIZE 64 extern uint8_t* sample_buf; diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index cba31808..a2bd6647 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -552,7 +552,6 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[]) */ int bruteforceFile(const char *filename, uint16_t keytable[]) { - FILE *f = fopen(filename, "rb"); if(!f) { prnlog("Failed to read from file '%s'", filename); diff --git a/client/loclass/main.c b/client/loclass/main.c index b7ea53e5..50671a19 100644 --- a/client/loclass/main.c +++ b/client/loclass/main.c @@ -78,8 +78,6 @@ int showHelp() int main (int argc, char **argv) { - - prnlog("IClass Cipher version 1.2, Copyright (C) 2014 Martin Holst Swende\n"); prnlog("Comes with ABSOLUTELY NO WARRANTY"); prnlog("Released as GPLv2\n"); diff --git a/client/proxmark3.c b/client/proxmark3.c index d2bb2011..66571144 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -115,7 +115,7 @@ static void *main_loop(void *targ) { } FILE *script_file = NULL; - char script_cmd_buf[256]; + char script_cmd_buf[256]; // iceman, needs lua script the same file_path_buffer as the rest if (arg->script_cmds_file) { diff --git a/client/ui.c b/client/ui.c index 5111e295..d4758525 100644 --- a/client/ui.c +++ b/client/ui.c @@ -79,6 +79,7 @@ void PrintAndLog(char *fmt, ...) vfprintf(logfile, fmt, argptr2); fprintf(logfile,"\n"); fflush(logfile); + fclose(logfile); // ICEMAN, this logfile is never closed?!? } va_end(argptr2); diff --git a/client/util.c b/client/util.c index 903791a0..56c4998d 100644 --- a/client/util.c +++ b/client/util.c @@ -46,12 +46,18 @@ int ukbhit(void) { #endif // log files functions -void AddLogLine(char *fileName, char *extData, char *c) { +void AddLogLine(char *file, char *extData, char *c) { FILE *fLog = NULL; - - fLog = fopen(fileName, "a"); + char filename[FILE_PATH_SIZE] = {0x00}; + int len = 0; + + len = strlen(file); + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; + memcpy(filename, file, len); + + fLog = fopen(filename, "a"); if (!fLog) { - printf("Could not append log file %s", fileName); + printf("Could not append log file %s", filename); return; } diff --git a/client/util.h b/client/util.h index 2677ab84..54562a07 100644 --- a/client/util.h +++ b/client/util.h @@ -15,6 +15,7 @@ #include #include #include +#include "data.h" #ifndef MIN # define MIN(a, b) (((a) < (b)) ? (a) : (b)) -- 2.39.2