From ddb748a973bdcb84c6a0ab21e5fcd2b964e5c2e5 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 22:49:29 +0100 Subject: [PATCH 01/16] FIX, Coverity, Argument can't be negative, CID #212324, ftell(f) can be negative, not allowed in malloc. --- client/cmdhficlass.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 86524cd6..5f45ab1a 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -1316,8 +1316,13 @@ int CmdHFiClassReadTagFile(const char *Cmd) { long fsize = ftell(f); fseek(f, 0, SEEK_SET); - uint8_t *dump = malloc(fsize); + if ( fsize < 0 ) { + PrintAndLog("Error, when getting filesize"); + fclose(f); + return 1; + } + uint8_t *dump = malloc(fsize); size_t bytes_read = fread(dump, 1, fsize, f); fclose(f); -- 2.39.5 From 8b15860ed17bc9008e59bd9e9d581d30ded6bd93 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 22:53:13 +0100 Subject: [PATCH 02/16] FIX, Coverity, Unsigned compared against 0. CID #212326, keyNBr will never be negative. --- client/cmdhficlass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 5f45ab1a..22d443f8 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -1612,7 +1612,7 @@ int CmdHFiClassManageKeys(const char *Cmd) { case 'n': case 'N': keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr < 0) { + if (keyNbr == 0) { PrintAndLog("Wrong block number"); errors = true; } -- 2.39.5 From 3c4061697950f897e195dd77b6e471ca462dd3fb Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 22:57:23 +0100 Subject: [PATCH 03/16] FIX: Coverity, Dereference null return, CID #212329, filehandle could be NULL --- client/cmdhficlass.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 22d443f8..d0184335 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -374,12 +374,15 @@ int CmdHFiClassDecrypt(const char *Cmd) { //Open the tagdump-file FILE *f; char filename[FILE_PATH_SIZE]; - if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) - { - f = fopen(filename, "rb"); - }else{ + if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) { + if ( (f = fopen(filename, "rb")) == NULL) { + PrintAndLog("Could not find file %s", filename); + return 1; + } + + } else { return usage_hf_iclass_decrypt(); - } + } fseek(f, 0, SEEK_END); long fsize = ftell(f); -- 2.39.5 From f7c30d806c392836885807d8c28be58c82d27c10 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:05:10 +0100 Subject: [PATCH 04/16] FIX: Coverity, out-of-bounds, CID#121330, CID#121331, CID#121332, CID#121333, keyNbr has to be smaller then ICLASS_KEYS_MAX (since the Iclass_Key_Table array is initialised with it). --- client/cmdhficlass.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index d0184335..047bf137 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -601,7 +601,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { errors = param_gethex(tempStr, 0, CreditKEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(CreditKEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@ -635,7 +635,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@ -894,7 +894,7 @@ int CmdHFiClass_WriteBlock(const char *Cmd) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@ -997,7 +997,7 @@ int CmdHFiClassCloneTag(const char *Cmd) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@ -1182,7 +1182,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { errors = param_gethex(tempStr, 0, KEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); @@ -1450,7 +1450,7 @@ int CmdHFiClassCalcNewKey(const char *Cmd) { errors = param_gethex(tempStr, 0, NEWKEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(NEWKEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: NewKey Nbr is invalid\n"); @@ -1469,7 +1469,7 @@ int CmdHFiClassCalcNewKey(const char *Cmd) { errors = param_gethex(tempStr, 0, OLDKEY, dataLen); } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp+1); - if (keyNbr <= ICLASS_KEYS_MAX) { + if (keyNbr < ICLASS_KEYS_MAX) { memcpy(OLDKEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLog("\nERROR: Credit KeyNbr is invalid\n"); -- 2.39.5 From 628d1cb085d2f3eecf75e845fbee3d054e9b4cb5 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:06:53 +0100 Subject: [PATCH 05/16] FIX: Coverity, CID #121346, resouce leak, close filehandle. --- client/cmdhficlass.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 047bf137..8235ed22 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -1048,6 +1048,7 @@ int CmdHFiClassCloneTag(const char *Cmd) { if (startblock<5) { PrintAndLog("You cannot write key blocks this way. yet... make your start block > 4"); + fclose(f); return 0; } // now read data from the file from block 6 --- 19 -- 2.39.5 From 5cba446201ea8f27e696750e64cc0c864a664274 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:10:38 +0100 Subject: [PATCH 06/16] FIX: Coverity, uninitialized scalar variable, filename array could be NULL.. --- client/cmdhficlass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 8235ed22..ec1b2c8a 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -943,7 +943,7 @@ int usage_hf_iclass_clone(void) { } int CmdHFiClassCloneTag(const char *Cmd) { - char filename[FILE_PATH_SIZE]; + char filename[FILE_PATH_SIZE] = { 0x00 }; char tempStr[50]={0}; uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t keyNbr = 0; -- 2.39.5 From 395ec4e99ca757472fa962345552e3f01ea0c154 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:16:20 +0100 Subject: [PATCH 07/16] FIX: Coverity, CID# 121337, Out-of-bounds. In the loop, variable i, can be as much as 1051, overflowing the databuf with size 1024. --- client/cmdhflegic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 7ee601b2..4e52c35c 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -58,7 +58,7 @@ int CmdLegicDecode(const char *Cmd) int crc = 0; int wrp = 0; int wrc = 0; - uint8_t data_buf[1024]; // receiver buffer + uint8_t data_buf[1052]; // receiver buffer char out_string[3076]; // just use big buffer - bad practice char token_type[4]; -- 2.39.5 From e72d1fbba2281c5868c3cf6b9a93b4faaf18c2a7 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:27:42 +0100 Subject: [PATCH 08/16] FIX: Coverity, CID#121314, Explicit null dereferenced, in really odd occasions buf would be NULL, and sending NULL to memcpy dereferences it. Not sure about this fix. --- client/cmdhfmf.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 7736b9c5..cde20d79 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -2052,6 +2052,11 @@ int CmdHF14AMfSniff(const char *Cmd){ bufsize = traceLen; memset(buf, 0x00, traceLen); } + if (bufPtr == NULL) { + PrintAndLog("Cannot allocate memory for trace"); + free(buf); + return 2; + } memcpy(bufPtr, resp.d.asBytes, len); bufPtr += len; pckNum++; -- 2.39.5 From f1db8c2207da16ad78ae0c7741f31e608c925a2b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:29:05 +0100 Subject: [PATCH 09/16] CHG: Syntax suger --- client/cmdhfmf.c | 63 +++++++++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index cde20d79..a322e664 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -2133,40 +2133,38 @@ int CmdHf14MfDecryptBytes(const char *Cmd){ return tryDecryptWord( nt, ar_enc, at_enc, data, len); } -static command_t CommandTable[] = -{ - {"help", CmdHelp, 1, "This help"}, - {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"}, - {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"}, - {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"}, - {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"}, - {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"}, - {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"}, - {"chk", CmdHF14AMfChk, 0, "Test block keys"}, - {"mifare", CmdHF14AMifare, 0, "Read parity error messages."}, - {"nested", CmdHF14AMfNested, 0, "Test nested authentication"}, +static command_t CommandTable[] = { + {"help", CmdHelp, 1, "This help"}, + {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"}, + {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"}, + {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"}, + {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"}, + {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"}, + {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"}, + {"chk", CmdHF14AMfChk, 0, "Test block keys"}, + {"mifare", CmdHF14AMifare, 0, "Read parity error messages."}, + {"nested", CmdHF14AMfNested, 0, "Test nested authentication"}, {"hardnested", CmdHF14AMfNestedHard, 0, "Nested attack for hardened Mifare cards"}, - {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"}, - {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"}, - {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"}, - {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"}, - {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"}, - {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"}, - {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"}, - {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"}, - {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"}, - {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"}, - {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"}, - {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"}, - {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"}, - {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"}, - {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"}, - {"decrypt", CmdHf14MfDecryptBytes, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"}, - {NULL, NULL, 0, NULL} + {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"}, + {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"}, + {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"}, + {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"}, + {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"}, + {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"}, + {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"}, + {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"}, + {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"}, + {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"}, + {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"}, + {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"}, + {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"}, + {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"}, + {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"}, + {"decrypt", CmdHf14MfDecryptBytes, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"}, + {NULL, NULL, 0, NULL} }; -int CmdHFMF(const char *Cmd) -{ +int CmdHFMF(const char *Cmd) { // flush clearCommandBuffer(); //WaitForResponseTimeout(CMD_ACK,NULL,100); @@ -2174,8 +2172,7 @@ int CmdHFMF(const char *Cmd) return 0; } -int CmdHelp(const char *Cmd) -{ +int CmdHelp(const char *Cmd) { CmdsHelp(CommandTable); return 0; } -- 2.39.5 From 60daed79dbd2fd4da6e60d4e8dd50914075ff212 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:35:06 +0100 Subject: [PATCH 10/16] FIX: Coverity, out-of-bounds write, CID#121340, CID#121341, CID#121342, CID#121343, wrong size in check, sprintf always adds a null terminator, so if filepath would have been 996 chars long, this might had happend... but no more. --- client/cmdhfmf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index a322e664..abc88b86 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1364,7 +1364,7 @@ int CmdHF14AMfELoad(const char *Cmd) len = param_getstr(Cmd,nameParamNo,filename); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; fnameptr += len; @@ -1461,7 +1461,7 @@ int CmdHF14AMfESave(const char *Cmd) len = param_getstr(Cmd,nameParamNo,filename); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; // user supplied filename? if (len < 1) { @@ -1738,7 +1738,7 @@ int CmdHF14AMfCLoad(const char *Cmd) return 0; } else { len = strlen(Cmd); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; memcpy(filename, Cmd, len); fnameptr += len; @@ -1908,7 +1908,7 @@ int CmdHF14AMfCSave(const char *Cmd) { return 0; } else { len = strlen(Cmd); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; // get filename based on UID if (len < 1) { -- 2.39.5 From e683ecb6a56d5aaea9b3d6428dc8c8acdb64bc9f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:37:33 +0100 Subject: [PATCH 11/16] FIX: Coverity, Resource leak, CID# 121360, keyBlock needs to be free --- client/cmdhfmf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index abc88b86..e5592efa 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -988,6 +988,7 @@ int CmdHF14AMfChk(const char *Cmd) break; default: PrintAndLog("Key type must be A , B or ?"); + free(keyBlock); return 1; }; -- 2.39.5 From 3906036e11b6cfba19c043ae29ac1dcb3ea88414 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:38:47 +0100 Subject: [PATCH 12/16] FIX: Coverity, Resource leak, CID #121361, filehandle f needs to be free --- client/cmdhfmf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index e5592efa..83f26302 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1040,6 +1040,7 @@ int CmdHF14AMfChk(const char *Cmd) if (!p) { PrintAndLog("Cannot allocate memory for defKeys"); free(keyBlock); + free(f); return 2; } keyBlock = p; -- 2.39.5 From 95d96ea38a0aff0f3cd9a7c24b760f39071043b8 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:40:57 +0100 Subject: [PATCH 13/16] FIX: Coverity, Unintended sign extension, data[7] would have become int, then uint64_t. Should work better now with adding typecasting. --- client/cmdhfmf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 83f26302..267f323c 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1226,10 +1226,10 @@ int CmdHF14AMf1kSim(const char *Cmd) corr_uid |= (uint64_t)data[2] << 48; corr_uid |= (uint64_t)data[1] << 40; corr_uid |= (uint64_t)data[0] << 32; - corr_uid |= data[7] << 24; - corr_uid |= data[6] << 16; - corr_uid |= data[5] << 8; - corr_uid |= data[4]; + corr_uid |= (uint64_t)data[7] << 24; + corr_uid |= (uint64_t)data[6] << 16; + corr_uid |= (uint64_t)data[5] << 8; + corr_uid |= (uint64_t)data[4]; tryMfk64(corr_uid, data, key); } PrintAndLog("--"); -- 2.39.5 From 33db73516dd983734e6aba24ff1e861b6af5c7e3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:42:42 +0100 Subject: [PATCH 14/16] FIX: Coverity, logical vs bitwise operator, remove the extra '&' for it to become bitwise. --- client/cmdhfmfdes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index b8db1cab..9ab5a4af 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -352,7 +352,7 @@ void GetKeySettings( uint8_t *aid){ PrintAndLog(" Can't read Application Master key settings"); } else { // Access rights. - uint8_t rights = (resp.d.asBytes[3] >> 4 && 0xff); + uint8_t rights = (resp.d.asBytes[3] >> 4 & 0xff); switch (rights){ case 0x00: str = "AMK authentication is necessary to change any key (default)"; -- 2.39.5 From 6178e80e4a1d86d0633226cf4f9c244f968d3925 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:56:15 +0100 Subject: [PATCH 15/16] FIX: Coverity, resource leak, CID #121357, Mat needs to be free --- client/reveng/reveng.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/reveng/reveng.c b/client/reveng/reveng.c index 3c6da126..dd50987c 100644 --- a/client/reveng/reveng.c +++ b/client/reveng/reveng.c @@ -257,6 +257,7 @@ engini(int *resc, model_t **result, const poly_t divisor, int flags, int args, c palloc(&apoly, dlen); calini(resc, result, divisor, flags, apoly, args, argpolys); pfree(&apoly); + free(mat); return; } -- 2.39.5 From 978920b9fc813da9a3f9cd3a860f012b159bbba9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 13 Jan 2016 00:05:55 +0100 Subject: [PATCH 16/16] FIX: textual changes --- client/cmdlfawid.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/client/cmdlfawid.c b/client/cmdlfawid.c index 53980b23..4a200139 100644 --- a/client/cmdlfawid.c +++ b/client/cmdlfawid.c @@ -19,7 +19,7 @@ #include "util.h" // weigandparity #include "protocols.h" // for T55xx config register definitions #include "cmdmain.h" - #include "sleep.h" +#include "sleep.h" static int CmdHelp(const char *Cmd); @@ -67,8 +67,9 @@ int usage_lf_awid_clone(void) { } int usage_lf_awid_brute(void){ - PrintAndLog("Enables bruteforce of AWID26 card with specified facility-code."); + PrintAndLog("Enables bruteforce of AWID26 reader with specified facility-code."); PrintAndLog("Per AWID26 format, the facility-code (FC) is 8-bit and the card number is 16-bit."); + PrintAndLog("This is a incremental attack against reader."); PrintAndLog(""); PrintAndLog("Usage: lf awid brute "); PrintAndLog("Options :"); @@ -213,7 +214,7 @@ int CmdAWIDBrute(const char *Cmd){ fc = param_get8(Cmd, 0); if ( fc == 0) return usage_lf_awid_brute(); - PrintAndLog("Bruteforceing AWID26"); + PrintAndLog("Bruteforceing AWID26 Reader"); PrintAndLog("Press pm3-button to abort simulation or run another command"); uint64_t arg1 = (10<<8) + 8; // fcHigh = 10, fcLow = 8 -- 2.39.5