search

timmerk / nfc-tools

Automatically exported from code.google.com/p/nfc-tools
0 stars 0 forks source link

Reading ultralightC: errors in handling read without auth #106

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
With ultralightC we could be in situations where read() is called without prior 
authentication and AUTH0 < MIFARE_ULTRALIGHT_C_PAGE_COUNT_READ + 1

Several situations may occur:
Let's put auth0 = value of AUTH0 at 0x2A

read(x) with x <= auth0 - 4:
  read done properly

read(x) with auth0 - 4 < x < auth0
  read result is wrapped
  bug in libfreefare: cached pages are not wrapped
  e.g. auth0=3, read(0) returns page0|page1|page2|page0 
  and libfreefare caches wrongly page4 with page0 content

read(x) with x >= auth0
  read fails
  bug in libfreefare: it doesn't fail and fills the cache with latest known page data

The difficulty to handle those cases, especially the early wrapping, is that 
0x2A cannot be read in such situations and must be deduced by trial & error.
E.g. by trying to access the latest cached page, we can see if we get an error 
or not and if cache is valid or not.
And probably we need to keep track of two other state values in the cache to 
avoid this extra check whenever it's possible:
* latest known valid page
* if we reach 0x2A we can remember its actual value
* if we're authenticated we don't need to check page validity

Original issue reported on code.google.com by yob...@gmail.com on 14 Nov 2012 at 8:46

GoogleCodeExporter commented 9 years ago 
Actually third case is handled properly, read() returns an error.
So it's only in the second case that we've a problem:
  read(x) with auth0 - 4 < x < auth0

Original comment by yob...@gmail.com on 14 Nov 2012 at 9:12

GoogleCodeExporter commented 9 years ago 
My proposal:
* use another temp buffer to hold read data
* reduce tag cache buffer to actual max size (today it's hacked =+3 to cope 
with wrapped read of last page)
* if (UL or (ULC and AUTHENTICATED)), copy data to cache with proper wrapping 
if required
* if (ULC and not AUTHENTICATED), copy one single page in cache and ignore rest 
of data

It's less efficient when reading without being authenticated but it keeps the 
code much clearer.
What do you think?

Original comment by yob...@gmail.com on 14 Nov 2012 at 9:24

GoogleCodeExporter commented 9 years ago 
Issue moved to https://code.google.com/p/libfreefare/issues/detail?id=7

Original comment by yob...@gmail.com on 15 Jan 2013 at 8:19