Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buggy and useless cs computation in read_data() #151

Open
vinriviere opened this issue Oct 9, 2024 · 0 comments
Open

Buggy and useless cs computation in read_data() #151

vinriviere opened this issue Oct 9, 2024 · 0 comments

Comments

@vinriviere
Copy link

While debugging another issue, I stumbled upon that code in read_data():

libfreefare/libfreefare/mifare_desfire.c

Line 1708 in c2b0cfa

if ((MIFARE_DESFIRE(tag)->session_key) && (cs | MDCM_MACED)) {

The (cs | MDCM_MACED) expression is obviously wrong as it is is always true.

Furthermore, there is something wrong in the main logic:

libfreefare/libfreefare/mifare_desfire.c

Lines 1707 to 1718 in c2b0cfa

uint8_t ocs = cs;
if ((MIFARE_DESFIRE(tag)->session_key) && (cs | MDCM_MACED)) {
switch (MIFARE_DESFIRE(tag)->authentication_scheme) {
case AS_LEGACY:
break;
case AS_NEW:
cs = MDCM_PLAIN;
break;
}
}
uint8_t *p = mifare_cryto_preprocess_data(tag, cmd, &__cmd_n, 8, MDCM_PLAIN | CMAC_COMMAND);
cs = ocs;

The whole cs computation is useless, because its value is never used. Its initial value is saved into ocs at the beginning of the block, then restored afterwards. So there must be something missing (or just old unused code).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vinriviere