Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2014-12-06 14:33:15
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Fix for lf t55xx readblockPWD
Theres an issue in armsrc/lfops.c in T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) in the loop converting the PWD into bits due to a a wrong type for later shift:
998 int m=0, i=0;and then
1024 if (PwdMode == 1){
1025 // Pwd
1026 for (i = 0x80000000; i != 0; i >>= 1)
1027 T55xxWriteBit(Pwd & i);
1028 }This loop does never stop, because 0x80000000 is a negative value when taken as a signed int. When you right shift a signed representation the MSB is maintained to keep the sign, which makes us end at 0xFFFFFFFF (which is decimal -1 in 2s complement) after enough shifts, due to the breakout only at i==0 we dont get out of the loop.
It should be an unsigned int, or better the more clear typedef uint32_t.
Fix: http://pastebin.com/5uqagbKm
I have not tested this on the unmodified HEAD though as i cant run HEAD on my bootloader and dont want to mess too often with it, but it should go fine as these changes work on mine.
Last edited by Enio (2014-12-06 14:33:32)
Offline
#2 2014-12-13 18:20:47
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: Fix for lf t55xx readblockPWD
If you are into the "lf t55xx" commands, you can try my branch and give me feedback on what stuff works or not.
Offline
Pages: 1