Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2014-12-06 14:33:15

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Fix for lf t55xx readblockPWD

Theres an issue in armsrc/lfops.c in T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) in the loop converting the PWD into bits due to a a wrong type for later shift:

998    int m=0, i=0;

and then

1024   if (PwdMode == 1){
1025     // Pwd
1026     for (i = 0x80000000; i != 0; i >>= 1)
1027       T55xxWriteBit(Pwd & i);
1028   }

This loop does never stop, because 0x80000000 is a negative value when taken as a signed int. When you right shift a signed representation the MSB is maintained to keep the sign, which makes us end at 0xFFFFFFFF (which is decimal -1 in 2s complement) after enough shifts, due to the breakout only at i==0 we dont get out of the loop.

It should be an unsigned int, or better the more clear typedef uint32_t.
Fix: http://pastebin.com/5uqagbKm


I have not tested this on the unmodified HEAD though as i cant run HEAD on my bootloader and dont want to mess too often with it, but it should go fine as these changes work on mine.

Last edited by Enio (2014-12-06 14:33:32)

Offline

#2 2014-12-13 18:20:47

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Fix for lf t55xx readblockPWD

If you are into the "lf t55xx" commands, you can try my branch and give me feedback on what stuff works or not.

Offline

Board footer

Powered by FluxBB