From 56d0fb8e4d4f4a963928de36a12c519a09673bd1 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 1 Sep 2016 16:09:31 +0200 Subject: [PATCH 1/1] FIX: bug in nextwatch demod, which if the found psk bits was smaller than the preamble the client crashed. REM: removed some debugstatements --- client/cmddata.c | 17 +++++++++++------ client/cmdhfmfhard.c | 2 +- common/lfdemod.c | 4 ++-- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index f9aaa8db..378fb78f 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -258,8 +258,7 @@ void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx) for (; i < size; i++){ DemodBuffer[i]=buff[startIdx++]; } - DemodBufferLen=size; - return; + DemodBufferLen = size; } int CmdSetDebugMode(const char *Cmd) @@ -1761,7 +1760,8 @@ int CmdIndalaDecode(const char *Cmd) PrintAndLog("Error1: %d",ans); return 0; } - uint8_t invert=0; + + uint8_t invert = 0; size_t size = DemodBufferLen; int startIdx = indala26decode(DemodBuffer, &size, &invert); if (startIdx < 0 || size > 224) { @@ -1800,12 +1800,18 @@ int CmdIndalaDecode(const char *Cmd) int CmdPSKNexWatch(const char *Cmd) { if (!PSKDemod("", false)) return 0; + uint8_t preamble[28] = {0,0,0,0,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; size_t startIdx = 0, size = DemodBufferLen; + + // sanity check. + if ( size < sizeof(preamble) + 100) return 0; + bool invert = false; if (!preambleSearch(DemodBuffer, preamble, sizeof(preamble), &size, &startIdx)){ // if didn't find preamble try again inverting if (!PSKDemod("1", false)) return 0; + size = DemodBufferLen; if (!preambleSearch(DemodBuffer, preamble, sizeof(preamble), &size, &startIdx)) return 0; invert = true; @@ -1906,7 +1912,6 @@ int CmdPSK1rawDemod(const char *Cmd) if (g_debugMode) PrintAndLog("Error demoding: %d",ans); return 0; } - PrintAndLog("PSK1 demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits printDemodBuff(); @@ -1917,12 +1922,12 @@ int CmdPSK1rawDemod(const char *Cmd) // takes same args as cmdpsk1rawdemod int CmdPSK2rawDemod(const char *Cmd) { - int ans=0; + int ans = 0; char cmdp = param_getchar(Cmd, 0); if (strlen(Cmd) > 10 || cmdp == 'h' || cmdp == 'H') return usage_data_rawdemod_p2(); - ans=PSKDemod(Cmd, TRUE); + ans = PSKDemod(Cmd, TRUE); if (!ans){ if (g_debugMode) PrintAndLog("Error demoding: %d",ans); return 0; diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index 2af03f08..acdea715 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -1687,7 +1687,7 @@ static void brute_force(void) time(&end); double elapsed_time = difftime(end, start); - PrintAndLog("ICE %.f seconds", elapsed_time); + if(keys_found){ PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %.f seconds", total_states_tested, keys_found, elapsed_time); PrintAndLog("\nFound key: %012"PRIx64"\n", foundkey); diff --git a/common/lfdemod.c b/common/lfdemod.c index 7e31f53d..27bef1dd 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -148,8 +148,8 @@ uint32_t bytebits_to_byteLSBF(uint8_t *src, size_t numbits) //search for given preamble in given BitStream and return success=1 or fail=0 and startIndex and length uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx) { - uint8_t foundCnt=0; - for (int idx=0; idx < *size - pLen; idx++){ + uint8_t foundCnt = 0; + for (int idx = 0; idx < *size - pLen; idx++){ if (memcmp(BitStream+idx, preamble, pLen) == 0){ //first index found foundCnt++; -- 2.39.5