Merge branch 'master' of github.com:RfidResearchGroup/proxmark3 into fpga

2025-08-19 21:03:48 -07:00 · 2020-08-03 21:22:13 +02:00 · 2020-08-03 21:22:13 +02:00 · 62d9b403b4
commit 62d9b403b4
parent d93364bc22 3ae8dedd7c
14 changed files with 368 additions and 240 deletions
--- a/README.md
+++ b/README.md
@ -57,7 +57,7 @@ On the software side: quite a lot, see the [Changelog file](CHANGELOG.md).
 This repo compiles nicely on 
   - Proxspace v3.x
-     - [latest release v3.4](https://github.com/Gator96100/ProxSpace/releases)
+     - [latest release v3.5](https://github.com/Gator96100/ProxSpace/releases)
   - Windows/mingw environment with Qt5.6.1 & GCC 4.9
   - Ubuntu 1604 -> 2004
   - ParrotOS, Gentoo, Pentoo, Kali, Nethunter, Archlinux, Fedora, Debian
@ -109,8 +109,9 @@ Offical channels
   - [Proxmark3 IRC channel](http://webchat.freenode.net/?channels=#proxmark3)
   - [Proxmark3 sub reddit](https://www.reddit.com/r/proxmark3/)
   - [Twitter](https://twitter.com/proxmark3/)
-   
+   - [Proxmark3 community discord server](https://discord.gg/zjxc8ZB)
- _no discord or slack channel_
+ 
 _no slack channel_
 Iceman has quite a few videos on his [youtube channel](https://www.youtube.com/c/ChrisHerrmann1001)
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@ -20,7 +20,7 @@ endif
 #in the next section to remove that particular feature from compilation.
 # NO space,TABs after the "\" sign.
 APP_CFLAGS = $(PLATFORM_DEFS) \
-             -ffunction-sections -fdata-sections -fno-common
+             -ffunction-sections -fdata-sections
 SRC_LF = lfops.c lfsampling.c pcf7931.c lfdemod.c lfadc.c
 SRC_ISO15693 = iso15693.c iso15693tools.c
--- a/client/gen_pm3mfsim_script.sh
+++ b/client/gen_pm3mfsim_script.sh
@ -11,7 +11,7 @@ show_usage()
 {
    echo
    echo "Usage:"
-    echo "${0##/} input_eml_without_extension output.pm3scr"
+    echo "${0##/} input_eml_without_extension output.cmd"
    exit
 }
@ -32,4 +32,4 @@ rm $2
 echo "hf mf eclr" >> $2
 echo "hf mf eload" $1 >> $2
 echo "hf mf ekeyprn" >> $2
-echo "hf mf sim" `cat $1.eml | (read -n 8 uid; echo $uid)` >> $2
+echo "hf mf sim u" `cat $1.eml | (read -n 8 uid; echo $uid)` >> $2
--- a/client/src/cmdhflto.c
+++ b/client/src/cmdhflto.c
@ -32,7 +32,7 @@ static int usage_lto_info(void) {
    PrintAndLogEx(NORMAL, "           h    this help");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "           hf lto info");
+    PrintAndLogEx(NORMAL, _YELLOW_("           hf lto info"));
    return PM3_SUCCESS;
 }
@ -44,7 +44,7 @@ static int usage_lto_rdbl(void) {
    PrintAndLogEx(NORMAL, "           e     end block in decimal <= 254");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "           hf lto rdbl s 0 e 254 - Read data block from 0 to 254");
+    PrintAndLogEx(NORMAL, _YELLOW_("           hf lto rdbl s 0 e 254") " - Read data block from 0 to 254");
    return PM3_SUCCESS;
 }
@ -56,8 +56,7 @@ static int usage_lto_wrbl(void) {
    PrintAndLogEx(NORMAL, "           d     32 bytes of data to write (64 hex characters, no space)");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "           hf lto wrbl b 128 d 0001020304050607080910111213141516171819202122232425262728293031 - write 00..31 to block address 128");
+    PrintAndLogEx(NORMAL, _YELLOW_("           hf lto wrbl b 128 d 0001020304050607080910111213141516171819202122232425262728293031") " - write 00..31 to block address 128");
    PrintAndLogEx(NORMAL, "           Use 'hf lto rdbl' for verification");
    return PM3_SUCCESS;
 }
@ -68,7 +67,7 @@ static int usage_lto_dump(void) {
    PrintAndLogEx(NORMAL, "           f     file name");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "           hf lto dump f myfile");
+    PrintAndLogEx(NORMAL, _YELLOW_("           hf lto dump f myfile"));
    return PM3_SUCCESS;
 }
@ -79,7 +78,7 @@ static int usage_lto_restore(void) {
    PrintAndLogEx(NORMAL, "           f     file name [.bin|.eml]");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "           hf lto restore f hf_lto_92C7842CFF.bin|.eml");
+    PrintAndLogEx(NORMAL, _YELLOW_("           hf lto restore f hf_lto_92C7842CFF.bin|.eml"));
    return PM3_SUCCESS;
 }
@ -180,8 +179,7 @@ static int CmdHfLTOInfo(const char *Cmd) {
    //Validations
    if (errors) {
-        usage_lto_info();
+        return usage_lto_info();
        return PM3_EINVARG;
    }
    return infoLTO(true);
@ -384,7 +382,7 @@ static int CmdHfLTOWriteBlock(const char *Cmd) {
    bool b_opt_selected = false;
    bool d_opt_selected = false;
    uint8_t blk = 128;
-    uint8_t blkData[32] = {0};
+    uint8_t block_data[32] = {0};
    while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
        switch (tolower(param_getchar(Cmd, cmdp))) {
@ -396,7 +394,7 @@ static int CmdHfLTOWriteBlock(const char *Cmd) {
                cmdp += 2;
                break;
            case 'd':
-                if (param_gethex(Cmd, cmdp + 1, blkData, 64)) {
+                if (param_gethex(Cmd, cmdp + 1, block_data, 64)) {
                    PrintAndLogEx(WARNING, "block data must include 64 HEX symbols");
                    errors = true;
                    break;
@ -413,14 +411,17 @@ static int CmdHfLTOWriteBlock(const char *Cmd) {
    //Validations
    if (errors) {
-        usage_lto_wrbl();
+        return usage_lto_wrbl();
        return PM3_EINVARG;
    } else if (b_opt_selected == false || d_opt_selected == false) {
-        PrintAndLogEx(WARNING, "Need to specify block address and data. See usage, h option");
+        PrintAndLogEx(WARNING, "Need to specify block address and data.");
-        return PM3_EINVARG;
+        return usage_lto_wrbl();
    }
-    return wrblLTO(blk, blkData, true);
+    int res = wrblLTO(blk, block_data, true);
    if (res == PM3_SUCCESS)
        PrintAndLogEx(HINT, "Try use 'hf lto rdbl' for verification");
    return res;
 }
 int dumpLTO(uint8_t *dump, bool verbose) {
@ -446,11 +447,9 @@ int dumpLTO(uint8_t *dump, bool verbose) {
        ret_val = lto_rdbl(i, block_data_d00_d15,  block_data_d16_d31, verbose);
        if (ret_val == PM3_SUCCESS) {
-            //Remove CRCs
+            // remove CRCs
-            for (int t = 0; t < 16; t++) {
+            memcpy(dump + i * 32, block_data_d00_d15, 16);
-                dump[t + i * 32] = block_data_d00_d15[t];
+            memcpy(dump + (i * 32) + 16, block_data_d16_d31, 16);
                dump[t + i * 32 + 16] = block_data_d16_d31[t];
            }
        } else {
            lto_switch_off_field();
            return ret_val;
@ -467,7 +466,6 @@ static int CmdHfLTODump(const char *Cmd) {
    bool errors = false;
    uint32_t dump_len = CM_MEM_MAX_SIZE;
    char filename[FILE_PATH_SIZE] = {0};
    char serial_number[10] = {0};
    while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
        switch (tolower(param_getchar(Cmd, cmdp))) {
@ -488,39 +486,32 @@ static int CmdHfLTODump(const char *Cmd) {
        }
    }
    //Validations
    if (errors) {
        usage_lto_dump();
        return PM3_EINVARG;
    }
    // alloc memory
    uint8_t *dump = calloc(dump_len, sizeof(uint8_t));
    if (!dump) {
        PrintAndLogEx(ERR, "error, cannot allocate memory");
        return PM3_EMALLOC;
    }
    // loop all blocks
    int ret_val = dumpLTO(dump, true);
    if (ret_val != PM3_SUCCESS) {
        free(dump);
        return ret_val;
    }
    // save to file
    if (filename[0] == '\0') {
-        memcpy(serial_number, sprint_hex_inrow(dump, sizeof(serial_number)), sizeof(serial_number));
+        char *fptr = filename;
-        char tmp_name[17] = "hf_lto_";
+        fptr += sprintf(fptr, "hf-lto-");
-        strcat(tmp_name, serial_number);
+        FillFileNameByUID(fptr, dump, "-dump", 5);
        memcpy(filename, tmp_name, sizeof(tmp_name));
    }
    saveFile(filename, ".bin", dump, dump_len);
    saveFileEML(filename, dump, dump_len, 32);
    // free memory
    free(dump);
    return PM3_SUCCESS;
 }
@ -539,16 +530,14 @@ int restoreLTO(uint8_t *dump, bool verbose) {
        return ret_val;
    }
-    uint8_t blkData[32] = {0};
+    uint8_t block_data[32] = {0};
    //Block address 0 and 1 are read-only
    for (uint8_t blk = 2; blk < 255; blk++) {
-        for (int i = 0; i < 32; i++) {
+        memcpy(block_data, dump + (blk * 32), 32);
            blkData[i] = dump[i + blk * 32];
        }
-        ret_val = lto_wrbl(blk, blkData, verbose);
+        ret_val = lto_wrbl(blk, block_data, verbose);
        if (ret_val == PM3_SUCCESS) {
            PrintAndLogEx(SUCCESS, "Block %03d - " _YELLOW_("write success"), blk);
--- a/client/src/cmdsmartcard.c
+++ b/client/src/cmdsmartcard.c
@ -27,7 +27,7 @@
 static int CmdHelp(const char *Cmd);
 static int usage_sm_raw(void) {
-    PrintAndLogEx(NORMAL, "Usage: sc raw [h|r|c] d <0A 0B 0C ... hex>");
+    PrintAndLogEx(NORMAL, "Usage: smart raw [h|r|c] d <0A 0B 0C ... hex>");
    PrintAndLogEx(NORMAL, "       h          :  this help");
    PrintAndLogEx(NORMAL, "       r          :  do not read response");
    PrintAndLogEx(NORMAL, "       a          :  active smartcard without select (reset sc module)");
@ -37,58 +37,58 @@ static int usage_sm_raw(void) {
    PrintAndLogEx(NORMAL, "       d <bytes>  :  bytes to send");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "        sc raw s 0 d 00a404000e315041592e5359532e4444463031  - `1PAY.SYS.DDF01` PPSE directory with get ATR");
+    PrintAndLogEx(NORMAL, "        smart raw s 0 d 00a404000e315041592e5359532e4444463031  - `1PAY.SYS.DDF01` PPSE directory with get ATR");
-    PrintAndLogEx(NORMAL, "        sc raw 0 d 00a404000e325041592e5359532e4444463031    - `2PAY.SYS.DDF01` PPSE directory");
+    PrintAndLogEx(NORMAL, "        smart raw 0 d 00a404000e325041592e5359532e4444463031    - `2PAY.SYS.DDF01` PPSE directory");
-    PrintAndLogEx(NORMAL, "        sc raw 0 t d 00a4040007a0000000041010              - Mastercard");
+    PrintAndLogEx(NORMAL, "        smart raw 0 t d 00a4040007a0000000041010              - Mastercard");
-    PrintAndLogEx(NORMAL, "        sc raw 0 t d 00a4040007a0000000031010                - Visa");
+    PrintAndLogEx(NORMAL, "        smart raw 0 t d 00a4040007a0000000031010                - Visa");
    return PM3_SUCCESS;
 }
 static int usage_sm_reader(void) {
-    PrintAndLogEx(NORMAL, "Usage: sc reader [h|s]");
+    PrintAndLogEx(NORMAL, "Usage: smart reader [h|s]");
    PrintAndLogEx(NORMAL, "       h          :  this help");
    PrintAndLogEx(NORMAL, "       s          :  silent (no messages)");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "        sc reader");
+    PrintAndLogEx(NORMAL, "        smart reader");
    return PM3_SUCCESS;
 }
 static int usage_sm_info(void) {
-    PrintAndLogEx(NORMAL, "Usage: sc info [h|s]");
+    PrintAndLogEx(NORMAL, "Usage: smart info [h|s]");
    PrintAndLogEx(NORMAL, "       h          :  this help");
    PrintAndLogEx(NORMAL, "       s          :  silent (no messages)");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "        sc info");
+    PrintAndLogEx(NORMAL, "        smart info");
    return PM3_SUCCESS;
 }
 static int usage_sm_upgrade(void) {
    PrintAndLogEx(NORMAL, "Upgrade RDV4.0 Sim module firmware");
-    PrintAndLogEx(NORMAL, "Usage:  sc upgrade f <file name>");
+    PrintAndLogEx(NORMAL, "Usage:  smart upgrade f <file name>");
    PrintAndLogEx(NORMAL, "       h               :  this help");
    PrintAndLogEx(NORMAL, "       f <filename>    :  firmware file name");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "        sc upgrade f ../tools/simmodule/sim011.bin");
+    PrintAndLogEx(NORMAL, "        smart upgrade f ../tools/simmodule/sim011.bin");
    return PM3_SUCCESS;
 }
 static int usage_sm_setclock(void) {
-    PrintAndLogEx(NORMAL, "Usage: sc setclock [h] c <clockspeed>");
+    PrintAndLogEx(NORMAL, "Usage: smart setclock [h] c <clockspeed>");
    PrintAndLogEx(NORMAL, "       h          :  this help");
    PrintAndLogEx(NORMAL, "       c <>       :  clockspeed (0 = 16MHz, 1=8MHz, 2=4MHz) ");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "        sc setclock c 2");
+    PrintAndLogEx(NORMAL, "        smart setclock c 2");
    return PM3_SUCCESS;
 }
 static int usage_sm_brute(void) {
    PrintAndLogEx(NORMAL, "Tries to bruteforce SFI, using a known list of AID's ");
-    PrintAndLogEx(NORMAL, "Usage: sc brute [h]");
+    PrintAndLogEx(NORMAL, "Usage: smart brute [h]");
    PrintAndLogEx(NORMAL, "       h          :  this help");
    PrintAndLogEx(NORMAL, "       t          :  executes TLV decoder if it possible");
 //  PrintAndLogEx(NORMAL, "       0          :  use protocol T=0");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Examples:");
-    PrintAndLogEx(NORMAL, "        sc brute t");
+    PrintAndLogEx(NORMAL, "        smart brute t");
    return PM3_SUCCESS;
 }
@ -1203,3 +1203,4 @@ bool smart_select(bool silent, smart_card_atr_t *atr) {
    return true;
 }
--- a/client/src/cmdusart.c
+++ b/client/src/cmdusart.c
@ -36,7 +36,7 @@ static int usage_usart_bt_pin(void) {
    PrintAndLogEx(NORMAL, "           d NNNN     Desired PIN");
    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(NORMAL, "Example:");
-    PrintAndLogEx(NORMAL, "      usart btpin 1234");
+    PrintAndLogEx(NORMAL, "      usart btpin d 1234");
    PrintAndLogEx(NORMAL, "expected output: nothing");
    return PM3_SUCCESS;
 }
--- a/common/crapto1/crapto1.c
+++ b/common/crapto1/crapto1.c
@ -332,41 +332,43 @@ uint8_t lfsr_rollback_byte(struct Crypto1State *s, uint32_t in, int fb) {
 uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb) {
    uint32_t ret = 0;
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 31), fb) << (31 ^ 24);
+    // note: xor args have been swapped because some compilers emit a warning
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 30), fb) << (30 ^ 24);
+    // for 10^x and 2^x as possible misuses for exponentiation. No comment.
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 29), fb) << (29 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 31), fb) << (24 ^ 31);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 28), fb) << (28 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 30), fb) << (24 ^ 30);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 27), fb) << (27 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 29), fb) << (24 ^ 29);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 26), fb) << (26 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 28), fb) << (24 ^ 28);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 25), fb) << (25 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 27), fb) << (24 ^ 27);
    ret |= lfsr_rollback_bit(s, BEBIT(in, 26), fb) << (24 ^ 26);
    ret |= lfsr_rollback_bit(s, BEBIT(in, 25), fb) << (24 ^ 25);
    ret |= lfsr_rollback_bit(s, BEBIT(in, 24), fb) << (24 ^ 24);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 23), fb) << (23 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 23), fb) << (24 ^ 23);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 22), fb) << (22 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 22), fb) << (24 ^ 22);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 21), fb) << (21 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 21), fb) << (24 ^ 21);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 20), fb) << (20 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 20), fb) << (24 ^ 20);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 19), fb) << (19 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 19), fb) << (24 ^ 19);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 18), fb) << (18 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 18), fb) << (24 ^ 18);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 17), fb) << (17 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 17), fb) << (24 ^ 17);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 16), fb) << (16 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 16), fb) << (24 ^ 16);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 15), fb) << (15 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 15), fb) << (24 ^ 15);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 14), fb) << (14 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 14), fb) << (24 ^ 14);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 13), fb) << (13 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 13), fb) << (24 ^ 13);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 12), fb) << (12 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 12), fb) << (24 ^ 12);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 11), fb) << (11 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 11), fb) << (24 ^ 11);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 10), fb) << (10 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 10), fb) << (24 ^ 10);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 9), fb) << (9 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 9), fb) << (24 ^ 9);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 8), fb) << (8 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 8), fb) << (24 ^ 8);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 7), fb) << (7 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 7), fb) << (24 ^ 7);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 6), fb) << (6 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 6), fb) << (24 ^ 6);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 5), fb) << (5 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 5), fb) << (24 ^ 5);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 4), fb) << (4 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 4), fb) << (24 ^ 4);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 3), fb) << (3 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 3), fb) << (24 ^ 3);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 2), fb) << (2 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 2), fb) << (24 ^ 2);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 1), fb) << (1 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 1), fb) << (24 ^ 1);
-    ret |= lfsr_rollback_bit(s, BEBIT(in, 0), fb) << (0 ^ 24);
+    ret |= lfsr_rollback_bit(s, BEBIT(in, 0), fb) << (24 ^ 0);
    return ret;
 }
--- a/common/crapto1/crypto1.c
+++ b/common/crapto1/crypto1.c
@ -103,41 +103,43 @@ uint8_t crypto1_byte(struct Crypto1State *s, uint8_t in, int is_encrypted) {
 }
 uint32_t crypto1_word(struct Crypto1State *s, uint32_t in, int is_encrypted) {
    uint32_t ret = 0;
-    ret |= crypto1_bit(s, BEBIT(in, 0), is_encrypted) << (0 ^ 24);
+    // note: xor args have been swapped because some compilers emit a warning
-    ret |= crypto1_bit(s, BEBIT(in, 1), is_encrypted) << (1 ^ 24);
+    // for 10^x and 2^x as possible misuses for exponentiation. No comment.
-    ret |= crypto1_bit(s, BEBIT(in, 2), is_encrypted) << (2 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 0), is_encrypted) << (24 ^ 0);
-    ret |= crypto1_bit(s, BEBIT(in, 3), is_encrypted) << (3 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 1), is_encrypted) << (24 ^ 1);
-    ret |= crypto1_bit(s, BEBIT(in, 4), is_encrypted) << (4 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 2), is_encrypted) << (24 ^ 2);
-    ret |= crypto1_bit(s, BEBIT(in, 5), is_encrypted) << (5 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 3), is_encrypted) << (24 ^ 3);
-    ret |= crypto1_bit(s, BEBIT(in, 6), is_encrypted) << (6 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 4), is_encrypted) << (24 ^ 4);
-    ret |= crypto1_bit(s, BEBIT(in, 7), is_encrypted) << (7 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 5), is_encrypted) << (24 ^ 5);
    ret |= crypto1_bit(s, BEBIT(in, 6), is_encrypted) << (24 ^ 6);
    ret |= crypto1_bit(s, BEBIT(in, 7), is_encrypted) << (24 ^ 7);
-    ret |= crypto1_bit(s, BEBIT(in, 8), is_encrypted) << (8 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 8), is_encrypted) << (24 ^ 8);
-    ret |= crypto1_bit(s, BEBIT(in, 9), is_encrypted) << (9 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 9), is_encrypted) << (24 ^ 9);
-    ret |= crypto1_bit(s, BEBIT(in, 10), is_encrypted) << (10 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 10), is_encrypted) << (24 ^ 10);
-    ret |= crypto1_bit(s, BEBIT(in, 11), is_encrypted) << (11 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 11), is_encrypted) << (24 ^ 11);
-    ret |= crypto1_bit(s, BEBIT(in, 12), is_encrypted) << (12 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 12), is_encrypted) << (24 ^ 12);
-    ret |= crypto1_bit(s, BEBIT(in, 13), is_encrypted) << (13 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 13), is_encrypted) << (24 ^ 13);
-    ret |= crypto1_bit(s, BEBIT(in, 14), is_encrypted) << (14 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 14), is_encrypted) << (24 ^ 14);
-    ret |= crypto1_bit(s, BEBIT(in, 15), is_encrypted) << (15 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 15), is_encrypted) << (24 ^ 15);
-    ret |= crypto1_bit(s, BEBIT(in, 16), is_encrypted) << (16 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 16), is_encrypted) << (24 ^ 16);
-    ret |= crypto1_bit(s, BEBIT(in, 17), is_encrypted) << (17 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 17), is_encrypted) << (24 ^ 17);
-    ret |= crypto1_bit(s, BEBIT(in, 18), is_encrypted) << (18 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 18), is_encrypted) << (24 ^ 18);
-    ret |= crypto1_bit(s, BEBIT(in, 19), is_encrypted) << (19 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 19), is_encrypted) << (24 ^ 19);
-    ret |= crypto1_bit(s, BEBIT(in, 20), is_encrypted) << (20 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 20), is_encrypted) << (24 ^ 20);
-    ret |= crypto1_bit(s, BEBIT(in, 21), is_encrypted) << (21 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 21), is_encrypted) << (24 ^ 21);
-    ret |= crypto1_bit(s, BEBIT(in, 22), is_encrypted) << (22 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 22), is_encrypted) << (24 ^ 22);
-    ret |= crypto1_bit(s, BEBIT(in, 23), is_encrypted) << (23 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 23), is_encrypted) << (24 ^ 23);
    ret |= crypto1_bit(s, BEBIT(in, 24), is_encrypted) << (24 ^ 24);
-    ret |= crypto1_bit(s, BEBIT(in, 25), is_encrypted) << (25 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 25), is_encrypted) << (24 ^ 25);
-    ret |= crypto1_bit(s, BEBIT(in, 26), is_encrypted) << (26 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 26), is_encrypted) << (24 ^ 26);
-    ret |= crypto1_bit(s, BEBIT(in, 27), is_encrypted) << (27 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 27), is_encrypted) << (24 ^ 27);
-    ret |= crypto1_bit(s, BEBIT(in, 28), is_encrypted) << (28 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 28), is_encrypted) << (24 ^ 28);
-    ret |= crypto1_bit(s, BEBIT(in, 29), is_encrypted) << (29 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 29), is_encrypted) << (24 ^ 29);
-    ret |= crypto1_bit(s, BEBIT(in, 30), is_encrypted) << (30 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 30), is_encrypted) << (24 ^ 30);
-    ret |= crypto1_bit(s, BEBIT(in, 31), is_encrypted) << (31 ^ 24);
+    ret |= crypto1_bit(s, BEBIT(in, 31), is_encrypted) << (24 ^ 31);
    return ret;
 }
--- a/doc/cheatsheet.md
+++ b/doc/cheatsheet.md
@ -3,8 +3,8 @@
 |Generic|Low Frequence 125 kHz|High Frequence 13.56 MHz|
 |---|---|---|
-|[Generic](#Generic)|[T55XX](#T55XX)|[Mifare](#Mifare)|
+|[Generic](#Generic)|[T55XX](#T55XX)|[MIFARE](#MIFARE)|
-|[Data](#Data)|[HID Prox](#HID-Prox)|[iClass](#iClass)|
+|[Data](#Data)|[HID Prox](#HID-Prox)|[iCLASS](#iCLASS)|
 |[Memory](#Memory)|[Indala](#Indala)||
 |[Sim Module](#Sim-Module)|[Hitag](#Hitag)||
 |[Lua Scripts](#Lua-Scripts)|||
@ -39,10 +39,10 @@ Check overall status
 pm3 --> hw status
 ```
-## iClass
+## iCLASS
 ^[Top](#top)
-Reverse permute iClass master key
+Reverse permute iCLASS master key
 ```
 Options
 ---
@ -51,12 +51,13 @@ r          reverse permuted key
 pm3 --> hf iclass permute r 3F90EBF0910F7B6F
 ```
-iClass Reader
+iCLASS Reader
 ```
 pm3 --> hf iclass reader
 ```
-Dump iClass card contents
+Dump iCLASS card contents
 ```
 Options
 ---
@ -65,7 +66,7 @@ k <key>      : *Access Key as 16 hex symbols or 1 hex to select key from memory
 m3 --> hf iclass dump k 0
 ```
-Read iClass Block
+Read iCLASS Block
 ```
 Options
 ---
@ -75,7 +76,7 @@ k <key>    : Access Key as 16 hex symbols or 1 hex to select key from memory
 pm3 --> hf iclass rdbl b 7 k 0
 ```
-Write to iClass Block
+Write to iCLASS Block
 ```
 Options
 ---
@ -105,21 +106,44 @@ k <key>       : set a key in memory
 pm3 --> hf iclass managekeys n 3 k AFA785A7DAB33378
 ```
-Encrypt iClass Block
+Encrypt iCLASS Block
 ```
 pm3 --> hf iclass encrypt 0000000f2aa3dba8
 ```
 Load iClass dump into memory for simulation
 ```
 Options
 ---
-f <filename>     : load iclass tag-dump filename
+d <block data>    : 16 bytes hex
 k <transport key> : 16 bytes hex
 pm3 --> hf iclass encrypt d 0000000f2aa3dba8
 ```
 Decrypt iCLASS Block / file
 ```
 Options
 ---
 d <encrypted blk> : 16 bytes hex
 f <filename>      : filename of dump
 k <transport key> : 16 bytes hex
 pm3 --> hf iclass decrypt d 2AD4C8211F996871
 pm3 --> hf iclass decrypt f hf-iclass-db883702f8ff12e0.bin
 ```
 Load iCLASS dump into memory for simulation
 ```
 Options
 ---
 f <filename>     : load iCLASS tag-dump filename
 pm3 --> hf iclass eload f hf-iclass-db883702f8ff12e0.bin
 ```
-Simulate iClass
+Clone iCLASS Legacy Sequence
 ```
 pm3 --> hf iclass rdbl b 7 k 0
 pm3 --> hf iclass wrbl b 7 d 6ce099fe7e614fd0 k 0
 ```
 Simulate iCLASS
 ```
 Options
 ---
@ -132,20 +156,14 @@ Options
 pm3 --> hf iclass sim 3
 ```
-Clone iClass Legacy Sequence
+Simulate iCLASS Sequence
 ```
 pm3 --> hf iclass rdbl b 7 k 0
 pm3 --> hf iclass wrbl b 7 d 6ce099fe7e614fd0 k 0
 ```
 Simulate iClass Sequence
 ```
 pm3 --> hf iclass dump k 0
 pm3 --> hf iclass eload f hf-iclass-db883702f8ff12e0.bin
 pm3 --> hf iclass sim 3
 ```
-Extract custom iClass key (loclass attack)
+Extract custom iCLASS key (loclass attack)
 ```
 Options
 ---
@ -155,14 +173,15 @@ e              : If 'e' is specified, elite computations applied to key
 pm3 --> hf iclass sim 2
 pm3 --> hf iclass loclass f iclass_mac_attack.bin
-pm3 --> hf iclass dump k <Kcus> e
+pm3 --> hf iclass managekeys n 7 k <Kcus>
 pm3 --> hf iclass dump k 7 e
 ```
-Verify custom iClass key
+Verify custom iCLASS key
 ```
 Options
 ---
-f <filename> : Dictionary file with default iclass keys
+f <filename> : Dictionary file with default iCLASS keys
 u            : CSN
 p            : EPURSE
 m            : macs
@ -171,7 +190,7 @@ e            : elite
 pm3 --> hf iclass lookup u 010a0ffff7ff12e0 p feffffffffffffff m 66348979153c41b9 f iclass_default_keys e
 ```
-## Mifare
+## MIFARE
 ^[Top](#top)
 Check for default keys
@ -196,11 +215,11 @@ m             : use dictionary from flashmemory
 pm3 --> hf mf fchk 1 m
 ```
-Dump Mifare card contents
+Dump MIFARE card contents
 ```
 Options
 ---
-<card memory> : 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K
+<card memory> : 0 = 320 bytes (MIFARE Mini), 1 = 1K (default), 2 = 2K, 4 = 4K
 k <name>      : key filename, if no <name> given, UID will be used as filename"
 f <name>      : data filename, if no <name> given, UID will be used as filename
@ -217,7 +236,7 @@ i <file>     : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is us
 pm3 --> script run dumptoemul -i dumpdata.bin
 ```
-Write to Mifare block
+Write to MIFARE block
 ```
 Options
 ---
@ -226,7 +245,7 @@ Options
 pm3 --> hf mf wrbl 0 A FFFFFFFFFFFF d3a2859f6b880400c801002000000016
 ```
-Run autopwn
+Run autopwn, to backup a MIFARE tag
 ```
 Options
 ---
@ -234,7 +253,7 @@ Options
 pm3 --> hf mf autopwn
 ```
-Run Hardnested attack
+Run hardnested attack
 ```
 Options
 ---
@ -244,25 +263,25 @@ w          : Acquire nonces and write them to binary file nonces.bin
 pm3 --> hf mf hardnested 0 A 8829da9daf76 0 A w
 ```
-Load Mifare emul dump file into memory for simulation
+Load MIFARE emul dump file into memory for simulation
 ```
 Options
 ---
 <card memory> <file name w/o `.eml`>
-[card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL
+[card memory]: 0 = 320 bytes (MIFARE Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL
 pm3 --> hf mf eload hf-mf-353C2AA6
 pm3 --> hf mf eload 1 hf-mf-353C2AA6
 ```
-Simulate Mifare
+Simulate MIFARE
 ```
 u     : (Optional) UID 4,7 or 10 bytes. If not specified, the UID 4B from emulator memory will be used
 pm3 --> hf mf sim u 353c2aa6
 ```
-Simulate Mifare Sequence
+Simulate MIFARE Sequence
 ```
 pm3 --> hf mf chk *1 ? d mfc_default_keys
 pm3 --> hf mf dump 1
@ -271,19 +290,19 @@ pm3 --> hf mf eload 353C2AA6
 pm3 --> hf mf sim u 353c2aa6
 ```
-Clone Mifare 1K Sequence
+Clone MIFARE 1K Sequence
 ```
 pm3 --> hf mf chk *1 ? d mfc_default_keys
 pm3 --> hf mf dump
 pm3 --> hf mf restore 1 u 4A6CE843 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-dump.bin
 ```
-Read Mifare Ultralight EV1
+Read MIFARE Ultralight EV1
 ```
 pm3 --> hf mfu info
 ```
-Clone Mifare Ultralight EV1 Sequence
+Clone MIFARE Ultralight EV1 Sequence
 ```
 pm3 --> hf mfu dump k FFFFFFFF
 pm3 --> script run dumptoemul-mfu -i hf-mfu-XXXX-dump.bin -o hf-mfu-XXXX-dump.eml
@ -291,12 +310,12 @@ pm3 --> hf mfu eload u hf-mfu-XXXX-dump.eml
 pm3 --> hf mfu sim t 7 u hf-mfu-XXXX-dump.eml
 ```
-Bruteforce Mifare Classic card numbers from 11223344 to 11223346
+Bruteforce MIFARE Classic card numbers from 11223344 to 11223346
 ```
 pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
 ```
-Bruteforce Mifare Ultralight EV1 card numbers from 11223344556677 to 11223344556679
+Bruteforce MIFARE Ultralight EV1 card numbers from 11223344556677 to 11223344556679
 ```
 pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
 ```
@ -524,29 +543,47 @@ pm3 --> data load <filename>
 ## Lua Scripts
 ^[Top](#top)
-List Lua Scripts
+List lua Scripts
 ```
 pm3 --> script list
 ```
 View lua helptext
 ```
 pm3 --> script run  <nameofscript> -h
 ```
 Convert .bin to .eml
 ```
 Options
 ---
-i <file>    : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
+-i <file>       Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
 -o <filename>   Specifies the output file. If omitted, <uid>.eml is used
 pm3 --> script run dumptoemul -i xxxxxxxxxxxxxx.bin
 ```
 Convert .eml to .bin
 ```
 Options
 ---
 -i <filename>   Specifies the dump-file (input). If omitted, 'dumpdata.eml' is used
 -o <filename>   Specifies the output file. If omitted, <currdate>.bin is used
 pm3 --> script run emul2dump -i myfile.eml -o myfile.bin
 ```
 Format Mifare card
 ```
 Options
 ---
-k <key>       : the current six byte key with write access
+-k <key>        The current six byte key with write access
-n <key>       : the new key that will be written to the card
+-n <key>        The new key that will be written to the card
-a <access>    : the new access bytes that will be written to the card
+-a <access>     The new access bytes that will be written to the card
-x             : execute the commands aswell.
+-x              Execute the commands aswell
 pm3 --> script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x
 ```
@ -554,7 +591,7 @@ pm3 --> script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x
 ## Memory
 ^[Top](#top)
-Load default keys into memory
+Load default keys into flash memory (RDV4 only)
 ```
 Options
 ---
@ -574,7 +611,7 @@ pm3 --> mem load f iclass_default_keys i
 Upgrade Sim Module firmware
 ```
-pm3 --> sc upgrade f ../tools/simmodule/sim011.bin
+pm3 --> smart upgrade f ../tools/simmodule/sim011.bin
 ```
 ## Smart Card
@ -582,12 +619,12 @@ pm3 --> sc upgrade f ../tools/simmodule/sim011.bin
 Get Smart Card Information
 ```
-pm3 --> sc info
+pm3 --> smart info
 ```
 Act like an IS07816 reader
 ```
-pm3 --> sc reader
+pm3 --> smart reader
 ```
 Set clock speed
@ -596,7 +633,7 @@ Options
 ---
 c <speed>       : clockspeed (0 = 16MHz, 1=8MHz, 2=4MHz)
-pm3 --> sc setclock c 2
+pm3 --> smart setclock c 2
 ```
 Send raw hex data
@ -604,16 +641,16 @@ Send raw hex data
 Options
 ---
 r           : do not read response
-a           : active smartcard without select (reset sc module)
+a           : active smartcard without select (reset smart module)
 s           : active smartcard with select (get ATR)
 t           : executes TLV decoder if it possible
 0           : use protocol T=0
 d <bytes>   : bytes to send
-pm3 --> sc raw s 0 d 00a404000e315041592e5359532e4444463031 : 1PAY.SYS.DDF01 PPSE directory with get ATR
+pm3 --> smart raw s 0 d 00a404000e315041592e5359532e4444463031 : 1PAY.SYS.DDF01 PPSE directory with get ATR
-pm3 --> sc raw 0 d 00a404000e325041592e5359532e4444463031   : 2PAY.SYS.DDF01 PPSE directory
+pm3 --> smart raw 0 d 00a404000e325041592e5359532e4444463031   : 2PAY.SYS.DDF01 PPSE directory
-pm3 --> sc raw 0 t d 00a4040007a0000000041010               : Mastercard
+pm3 --> smart raw 0 t d 00a4040007a0000000041010               : Mastercard
-pm3 --> sc raw 0 t d 00a4040007a0000000031010               : Visa
+pm3 --> smart raw 0 t d 00a4040007a0000000031010               : Visa
 ````
 Bruteforce SPI
@ -622,6 +659,6 @@ Options
 ---
 t          : executes TLV decoder if it possible
-pm3 --> sc brute
+pm3 --> smart brute
-pm3 --> sc brute t
+pm3 --> smart brute t
 ```
--- a/doc/commands.md
+++ b/doc/commands.md
@ -845,14 +845,14 @@ Check column "offline" for their availability.
 |command                  |offline |description          
 |-------                  |------- |-----------          
-|`sc help                `|Y       |`This help`          
+|`smart help             `|Y       |`This help`          
-|`sc list                `|N       |`List ISO 7816 history`          
+|`smart list             `|N       |`List ISO 7816 history`          
-|`sc info                `|N       |`Tag information`          
+|`smart info             `|N       |`Tag information`          
-|`sc reader              `|N       |`Act like an IS07816 reader`          
+|`smart reader           `|N       |`Act like an IS07816 reader`          
-|`sc raw                 `|N       |`Send raw hex data to tag`          
+|`smart raw              `|N       |`Send raw hex data to tag`          
-|`sc upgrade             `|Y       |`Upgrade sim module firmware`          
+|`smart upgrade          `|Y       |`Upgrade sim module firmware`          
-|`sc setclock            `|N       |`Set clock speed`          
+|`smart setclock         `|N       |`Set clock speed`          
-|`sc brute               `|N       |`Bruteforce SFI`          
+|`smart brute            `|N       |`Bruteforce SFI`          
 ### script
--- a/doc/md/Installation_Instructions/Troubleshooting.md
+++ b/doc/md/Installation_Instructions/Troubleshooting.md
@ -127,9 +127,9 @@ proxmark3 <YOUR_PORT_HERE> --flash --image /usr/local/share/proxmark3/firmware/f
 <>
 proxmark3 <YOUR_PORT_HERE> --flash --image /usr/share/proxmark3/firmware/fullimage.elf
-pm3 --> sc upgrade f /usr/local/share/proxmark3/firmware/sim011.bin
+pm3 --> smart upgrade f /usr/local/share/proxmark3/firmware/sim011.bin
 <>
-pm3 --> sc upgrade f /usr/share/proxmark3/firmware/sim011.bin
+pm3 --> smart upgrade f /usr/share/proxmark3/firmware/sim011.bin
 ```
 If you didn't install the PRoxmark but you're working from the sources directory and depending how you launch the client, your working directory might be the root of the repository:
@ -152,9 +152,9 @@ client/proxmark3 <YOUR_PORT_HERE> --flash --image armsrc/obj/fullimage.elf
 <>
 ./proxmark3 <YOUR_PORT_HERE> --flash --image ../armsrc/obj/fullimage.elf
-pm3 --> sc upgrade f tools/simmodule/sim011.bin
+pm3 --> smart upgrade f tools/simmodule/sim011.bin
 <>
-pm3 --> sc upgrade f ../tools/simmodule/sim011.bin
+pm3 --> smart upgrade f ../tools/simmodule/sim011.bin
 ```
 etc.
--- a/doc/md/Use_of_Proxmark/2_Configuration-and-Verification.md
+++ b/doc/md/Use_of_Proxmark/2_Configuration-and-Verification.md
@ -46,9 +46,9 @@ Don't not turn off your device during the execution of this command!!
 Even its a quite fast command you should be warned.  You may brick it if you interrupt it.
 ```
-[usb] pm3 --> sc upgrade f /usr/local/share/proxmark3/firmware/sim011.bin
+[usb] pm3 --> smart upgrade f /usr/local/share/proxmark3/firmware/sim011.bin
 # or if from local repo
-[usb] pm3 --> sc upgrade f tools/simmodule/sim011.bin
+[usb] pm3 --> smart upgrade f tools/simmodule/sim011.bin
 ```
 You get the following output if the execution was successful:
--- a/doc/termux_notes.md
+++ b/doc/termux_notes.md
@ -12,22 +12,27 @@
  * [ Setup ](#setup)
    * [ Setting up Termux ](#setting-up-termux)
    * [ Install Proxmark3 package ](#install-proxmark3-package)
  * [ PC-like method ](#pc-like-method)
    * [ Specific requirements ](#specific-requirements)
    * [ USB_ACM ](#usb_acm)
    * [ Enable the driver ](#enable-the-driver)
    * [ Building the kernel ](#building-the-kernel)
    * [ Flashing the kernel ](#flashing-the-kernel)
-  * [ Testing ](#testing)
+    * [ Testing ](#testing)
-  * [ Troubleshooting ](#troubleshooting)
+    * [ Troubleshooting ](#troubleshooting)
  * [ TCP bridge method ](#tcp-bridge-method)
    * [ USB connection ](#usb-connection)
    * [ USB-UART bridge application ](#usb-uart-bridge-application)
    * [ Setting up usb socket ](#setting-up-usb-socket)
    * [ Bluetooth connection ](#bluetooth-connection)
    * [ BT-UART bridge application ](#bt-uart-bridge-application)
    * [ Setting up bt socket ](#setting-up-bt-socket)
    * [ Termux connection ](#termux-connection)
 ## Requirements
 ^[Top](#top)
 - Android phone
 - Kernel with one of:
    - USB_ACM driver
    - module loading enabled
    - published sources
 - Root
 - [Termux](https://play.google.com/store/apps/details?id=com.termux)
 ## Notes
@ -81,16 +86,33 @@ Install [Termux](https://play.google.com/store/apps/details?id=com.termux) and s
 Run the following commands:
 ```
-pkg install proxmark3 tsu
+pkg install proxmark3
 ```
 ### Optional: Building Proxmark3 client from source
 ```
-pkg install make clang clang++ readline libc++ git tsu
+pkg install make clang clang++ readline libc++ git
 git clone https://github.com/RfidResearchGroup/proxmark3.git
 cd proxmark
 make clean && make client
 ```
 ## PC-like method
 ^[Top](#top)
 ### Specific requirements
 ^[Top](#top)
 - Kernel with one of:
    - USB_ACM driver
    - module loading enabled
    - published sources
 - Root
 termux shell:
 ```
 pkg install tsu
 ```
 ### USB_ACM
 ^[Top](#top)
@ -125,3 +147,53 @@ Everything should work just like if it was your PC!
 - `dmesg | grep usb` - useful debug info
 - `/proc/config.gz` - contains your kernel's build configuration. Look for `CONFIG_USB_ACM`, which should be enabled
 ## TCP bridge method
 ^[Top](#top)
 Termux doesn't come with usb serial neither bluetooth serial drivers.
 However, it is fully integrated with phone's network, so we need to talk to the proxmark using serial to tcp sockets (carried out by android apps).
 ### USB connection
 ^[Top](#top)
 ### USB-UART Bridge Application
 ^[Top](#top)
 Install [this free app](https://play.google.com/store/apps/details?id=com.hardcodedjoy.tcpuart) on the Play Store
 ### Setting up usb socket
 ^[Top](#top)
 The app lets you choose the baudrate. Default value (115 200 baud) is fine.
 Plug the PM3 in and click connect.
 Set the toggle in server mode and choose a random port not used by system (e.g. 4321) and start the server.
 ### Bluetooth connection
 ^[Top](#top)
 ### BT-UART Bridge Application
 ^[Top](#top)
 Install [this free app](https://play.google.com/store/apps/details?id=masar.bb) or [the paid version](https://play.google.com/store/apps/details?id=masar.bluetoothbridge.pro) (which includes usb bridge)
 ### Setting up bt socket
 ^[Top](#top)
 You need to pair the proxmark3 in the Android settings.
 In the app choose your registred PM3 device as 'device A'.
 Select TCP server as 'Device B' and choose an unused port (e.g. 4321).
 Ensure 'Retransmission' is set to 'both ways'.
 ### Termux connection
 ^[Top](#top)
 Start a new session, then:
 ```
 proxmark3 tcp:localhost:<chosenPort>
 ```
 Alternatively, if you have made the client in the git repo:
 ```
 ./client/proxmark3 tcp:localhost:<chosenPort>
 ```
 ENJOY !
--- a/tools/pm3_amii_bin2eml.pl
+++ b/tools/pm3_amii_bin2eml.pl
@ -12,12 +12,13 @@
 # perl -lne 'chomp; s/\s+(\S+)$//;$f=$1;if($f=~s/-(\S+)//){$g=hex($1);}else{$g=hex($f)}$f=hex($f); for$m($f..$g){print "0x" . substr(unpack("H4",pack("n",$m)),1) ." => \"$_\","}' /tmp/game  >> game2
 # perl -lne 'if(/^(\S.*?)\s+\w?\w\w\w\w(\s*-\s*\w?\w\w\w\w)?\s*$/){$l=$1} s/(\w{4,5}\s*-\s*)?(\w{4,5})$//; $a=$1;$b=$2; $b=hex($b); $a=$a?hex($a):$b; for$m($a..$b){print "0x" . substr(unpack("H4",pack("n",$m)),0) ." => \"$l\","}' /tmp/g2
 my $BLOCKS = 255;
 my $UIDLOC = -540; # UID is 540 bytes from the end
 my $BLOCKSIZE = 4; # in bytes
 my $AMIITOOL = '../client/amiitool/amiitool'; # path to amiitool (unless in $PATH)
 my $KEYFILE = '../client/amiitool/key_retail.bin'; # path to retail key file
-my $ADDHDR = 1; # add 48 byte header?
+my $ADDHDR = 1; # add 56 byte header?
 my $FIXPWD = 1; # recalculate PWD if dump value is 0
 my $FIXACK = 1; # set ACK if dump value is 0
 my $DECRYPT = 0; # auto-decrypt
 my %game = (
@ -605,59 +606,80 @@ elsif (!$dec_check && !$enc_check)
  die "Does not look like proper file format! Exiting.\n";
 }
-my $lines = $BLOCKS;
+my @blocks = ();
 my $uid = unpack("H14",
  substr($file, length($file) + $UIDLOC, 3) .
  substr($file, (length($file) + $UIDLOC) + 4, 4));
 my $pwd = unpack("H8", substr($file, length($file) - 8, 4));
 my $ack = unpack("H8", substr($file, length($file) - 4, 4));
-# file does not contain our 48 byte header, let's add it
+my $fixedpwd = 0;
 if ($FIXPWD && hex($pwd) == 0) {
  # calculate correct amiibo password according to UID
  err "PWD is blank, recalculating";
  my $uid_a = hex(substr $uid, 2, 8);
  my $uid_b = hex(substr $uid, 6, 8);
  $pwd = sprintf("%08x", $uid_a ^ $uid_b ^ 0xaa55aa55);
  $fixedpwd = 1;
 }
 my $fixedack = 0;
 if ($FIXACK && hex($ack) == 0) {
  # this is the command to be sent back to the Switch if
  # the Switch sends the correct PWD
  err "ACK is blank, fixing";
  $ack = "80808080";
  $fixedack = 1;
 }
 # file does not contain our 56 byte header, let's add it
 my $addedhdr = 0;
 if ($ADDHDR && length($file) == -1 * $UIDLOC)
 {
  err "Does not contain header, adding";
  while (<DATA>)
  {
    $lines--;
    chomp; # there may not be a newline so chomp and add below
-    print "$_\n";
+    push @blocks, $_;
  }
  $addedhdr = 1;
 }
 my $pages = 0;
 while (length($file))
 {
  my $out = substr($file, 0, $BLOCKSIZE, ""); # was 16
  $out = unpack("H*", $out);
-  print "$out\n";
+  push @blocks, $out;
-  # grab UID
+  $pages++;
 =cut
  if ($BLOCKS - $lines == 12)
  {
    $uid = substr($out, 0, 6);
  }
  elsif ($BLOCKS - $lines == 13)
  {
    $uid .= substr($out, 0, 8);
  }
 =cut
  $lines--;
 }
-# still need to pad to 255 4-byte (8 hex char) blocks
+if ($fixedpwd) {
-if ($lines > 0)
+  @blocks[-2] = $pwd;
 {
  while ($lines--)
  {
    print "00000000\n";
  }
 }
 if ($fixedack) {
  @blocks[-1] = $ack;
 }
 if ($addedhdr) {
  @blocks[2] .= sprintf "%02X", ($pages - 1);
 }
 # finally, output the data
 foreach(@blocks) {
  print "$_\n";
 }
 print STDERR "\n";
 print STDERR "$_\n" for @err;
 print STDERR "UID: $uid\n";
 print STDERR "PWD: $pwd\n";
 print STDERR "ACK: $ack\n";
 print STDERR "\n";
 $uid = uc $uid;
 #print STDERR "amiitool -d -k ../client/amiitool/key_retail.bin -i $input -o $input.decrypted\n";
@ -669,13 +691,15 @@ print STDERR "hf 14a sim t 7 u $uid\n";
 __DATA__
 00040402
 01001103
-01000000
+010000
-00808000
+92580B4C
-92580b4c
+45A9C42F
-45a9c42f
+A90145CE
-a90145ce
+5E5F9C43
-5e5f9c43
+09A43D47
-09a43d47
+D232A3D1
-d232a3d1
+68CBADE6
-68cbade6
+7F8185C6
-7f8185c6
+00000000
 00000000
 00000000