dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chg: enforce stricter limit checks for available pwds in flash mem

Browse Source
This commit is contained in:
iceman1001
2020-05-13 13:26:02 +02:00
parent e2671d5b50
commit 6e7a8e1bfc
1 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
armsrc/lfops.c
View File

@@ -2030,7 +2030,7 @@ void T55xx_ChkPwds(uint8_t flags) {
Dbprintf("[=] Baseline determined [%u]", baseline); Dbprintf("[=] Baseline determined [%u]", baseline);
uint8_t *pwds = BigBuf_get_EM_addr(); uint8_t *pwds = BigBuf_get_EM_addr();
uint16_t pwdCount = 0; uint16_t pwd_count = 0;
uint32_t candidate = 0; uint32_t candidate = 0;
#ifdef WITH_FLASH #ifdef WITH_FLASH
@@ -2041,20 +2041,27 @@ void T55xx_ChkPwds(uint8_t flags) {
if (isok != sizeof(counter)) if (isok != sizeof(counter))
goto OUT; goto OUT;
pwdCount = (uint16_t)(counter[1] << 8 | counter[0]); pwd_count = (uint16_t)(counter[1] << 8 | counter[0]);
if (pwd_count == 0)
if (pwdCount == 0 || pwdCount == 0xFFFF)
goto OUT; goto OUT;
isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET + 2, pwds, pwdCount * 4); // since flash can report way too many pwds, we need to limit it.
if (isok != pwdCount * 4) // bigbuff EM size is determined by CARD_MEMORY_SIZE
// a password is 4bytes.
uint16_t pwd_size_available = MIN(CARD_MEMORY_SIZE, pwd_count * 4);
// adjust available pwd_count
pwd_count = pwd_size_available / 4;
isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET + 2, pwds, pwd_size_available);
if (isok != pwd_size_available)
goto OUT; goto OUT;
Dbprintf("[=] Password dictionary count %d ", pwdCount); Dbprintf("[=] Password dictionary count %d ", pwd_count);
#endif #endif
uint32_t pwd = 0, curr = 0, prev = 0; uint32_t pwd = 0, curr = 0, prev = 0;
for (uint16_t i = 0; i < pwdCount; ++i) { for (uint16_t i = 0; i < pwd_count; ++i) {
if (BUTTON_PRESS() && !data_available()) { if (BUTTON_PRESS() && !data_available()) {
goto OUT; goto OUT;