iceman1001 [Tue, 12 Jan 2016 22:35:06 +0000 (23:35 +0100)]
FIX: Coverity, out-of-bounds write, CID#121340, CID#121341, CID#121342, CID#121343, wrong size in check, sprintf always adds a null terminator, so if filepath would have been 996 chars long, this might had happend... but no more.
iceman1001 [Tue, 12 Jan 2016 22:27:42 +0000 (23:27 +0100)]
FIX: Coverity, CID#121314, Explicit null dereferenced, in really odd occasions buf would be NULL, and sending NULL to memcpy dereferences it. Not sure about this fix.
iceman1001 [Tue, 12 Jan 2016 22:05:10 +0000 (23:05 +0100)]
FIX: Coverity, out-of-bounds, CID#121330, CID#121331, CID#121332, CID#121333,
keyNbr has to be smaller then ICLASS_KEYS_MAX (since the Iclass_Key_Table array is initialised with it).
iceman1001 [Tue, 12 Jan 2016 21:33:54 +0000 (22:33 +0100)]
FIX: Coverity, unintended sign extention, CID #121363, (numbits << 16) becomes int, then uint64_t. But the signness might set all upper bits to 1 in the process.
iceman1001 [Sat, 9 Jan 2016 16:17:36 +0000 (17:17 +0100)]
ADD: a new pwdgen algo Nicknamed C, (Huge props to @Bettse for everything) also added to the "hf mfu info" command. However, that will not work given the system's lockbits.. :( Maybe I'll add a function to test all imp pwdgens given a UID without making a authentication call to tag.
iceman1001 [Fri, 8 Jan 2016 13:30:56 +0000 (14:30 +0100)]
FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return.
FIX: coverty scan, overflow in "hf 14a raw", added an extra len check against USB_CMD_DATA_SIZE
iceman1001 [Fri, 8 Jan 2016 13:28:13 +0000 (14:28 +0100)]
ADD: @go_tus 's code to generate wiegand codes from FacilityCode/SiteCode and Cardnumber. Almost there, formatlength supported is 26,34,35,37,38,40,44,75,84, when its finised.
iceman1001 [Fri, 8 Jan 2016 13:25:10 +0000 (14:25 +0100)]
FIX: coverty scan reveals some resourceleaks and overruns, which is supposed to be fixed now.
/armsrc/des.c overflow 7 instead of 6
/client/cmdlfhitag.c overflows traclen
/client/util.c sprint_bin_break overflows.
/client/cmdhficlass.c need to free memory after malloc.
iceman1001 [Mon, 21 Dec 2015 18:48:00 +0000 (19:48 +0100)]
CHG: some textual change to README.txt
ADD: a prng.c to collect some different PRNG's i've ran into
ADD: some changes the tea implementation
ADD: a enhanced version - SwapEndian64ex
iceman1001 [Mon, 14 Dec 2015 21:50:54 +0000 (22:50 +0100)]
REM: removed an unused doublett function "printBits" in util.c
ADD: added a new string helper function "sprint_hex_ascii" in util.c
ADD: added "LF AWID BRUTE", a very simple bruteforce command for the awid commands.
it takes a facility-code, and iterates all possible 0xFFFF cardnum by sending sim command. It also uses the usb_poll function to stop the bruteforce on keypress and not leaving the pm3 device running the simulation.
the command implements the help parameter.
iceman1001 [Wed, 2 Dec 2015 21:46:11 +0000 (22:46 +0100)]
CHG: updated helptext for lf t55xx bruteforce
ADD: a ROL function in util.c
ADD: two pwdgen functions in cmdhfmfu.c, call them with a 7byte UID and get a 4byte number back. Will see if it can be connected with the "hf mfu info" command, make data extraction easier later on.
ADD: added some more easy pwd in the dictionary file default_pwd.dic
iceman1001 [Tue, 1 Dec 2015 21:47:03 +0000 (22:47 +0100)]
ADD: Added the possibility to exit the bruteforce mode (either rangesearch or file) with the keyboard.
FIX: if not found, the range search printed wrong number.
iceman1001 [Tue, 1 Dec 2015 21:38:37 +0000 (22:38 +0100)]
FIX: the lfsampling.c for t55xx had a tendecy to enter a neverending loop. Moved exit branch into the while statement, which seems to solve it.
FIX: Strange int -> uint8_t casting behavior (0x05 gets the 25bit set and becomes 0x10005 instead) in fskdemod, removed int and sscanf.
iceman1001 [Tue, 1 Dec 2015 12:07:01 +0000 (13:07 +0100)]
ADD: added the possibility to load a default pwd file to be used with the "lf t55xx bruteforce" command.
new option:
lf t55xx brutefore i default_pwd.dic - will load default pwds from file and test against tag.
iceman1001 [Sun, 22 Nov 2015 17:13:26 +0000 (18:13 +0100)]
ADD: 'hf mfu info' now prints following settings:
NFC_COUNTER_EN - If set, every read,fast_read increases a counter.
NFC_COUNTER_PROT_PWD - If set, reading nfc_counter needs a successfull pwd authentication before
These new settings is only valid for NTAG213/215/216,
iceman1001 [Sun, 22 Nov 2015 16:33:41 +0000 (17:33 +0100)]
ADD: @marshmellow's fixes to awid, viking and T55x7
ADD: 'lf t55xx detect' now can be called with a password.
ADD: trying to add the read counter and increase counter commands for ntag sim.
iceman1001 [Sat, 21 Nov 2015 17:48:58 +0000 (18:48 +0100)]
ADD: lf indalademod output, The binary string is now printed with linebreaks every 16bits
ADD: lf awid code is modified, some minor changes in outputs
ADD: lf t55xx write now prints the password on the same row, looks better when using the new "lf t55xx wipe" command.
ADD: the ioprox T55X7_IOPROX_CONFIG_BLOCK block.
iceman1001 [Tue, 10 Nov 2015 10:45:45 +0000 (11:45 +0100)]
FIX: an error that I introduced to the csetblock command with wrong length of crc calcs.
CHG: variable name in csetblock change. just trying to be consistant.
ADD: code clean up in hf 14a, added some help text methods.