Merge branch 'master' of https://github.com/iceman1001/proxmark3

2025-08-21 22:03:42 -07:00 · 2016-01-12 21:58:03 +01:00 · 2016-01-12 21:58:03 +01:00 · 63852b2f51
commit 63852b2f51
parent b725f2ca21 810f53792e
14 changed files with 183 additions and 161 deletions
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@ -21,6 +21,7 @@ SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
 SRC_ISO14443b = iso14443b.c
 SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
 SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c 
 SRC_EMV = tlv.c emvdataels.c emvutil.c emvcmd.c 									 
 #the FPGA bitstream files. Note: order matters!
 FPGA_BITSTREAMS = fpga_lf.bit fpga_hf.bit
@ -62,6 +63,7 @@ ARMSRC = fpgaloader.c \
 	optimized_cipher.c \
 	hfsnoop.c \
 	parity.c
 #  $(SRC_EMV)
 # Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
 include ../common/Makefile.common
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -406,7 +406,7 @@ void StandAloneMode14a()
 			SpinDelay(500);
 			/* Code for reading from 14a tag */
 			uint8_t uid[10] = {0};
-			uint32_t cuid;
+			uint32_t cuid = 0;
 			iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
 			for ( ; ; )
@ -1089,7 +1089,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 		case CMD_READER_MIFARE:
-            ReaderMifare(c->arg[0]);
+            ReaderMifare(c->arg[0], c->arg[1]);
 			break;
 		case CMD_MIFARE_READBL:
 			MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
@ -1186,7 +1186,19 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_MIFARE_COLLECT_NONCES:
 			break;
 #endif
-
+#ifdef WITH_EMV
 		case CMD_EMV_TRANSACTION:
 			EMVTransaction();
 			break;
        case CMD_EMV_GET_RANDOM_NUM:
            //EMVgetUDOL();
            break;
        case CMD_EMV_LOAD_VALUE:
            EMVloadvalue(c->arg[0], c->d.asBytes);  
            break;
        case CMD_EMV_DUMP_CARD:
            EMVdumpcard();
 #endif
 #ifdef WITH_ICLASS
 		// Makes use of ISO14443a FPGA Firmware
 		case CMD_SNOOP_ICLASS:
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -121,7 +121,8 @@ void EPA_PACE_Collect_Nonce(UsbCommand * c);
 void EPA_PACE_Replay(UsbCommand *c);
 // mifarecmd.h
-void ReaderMifare(bool first_try);
+//void ReaderMifare(bool first_try);
 void ReaderMifare(bool first_try, uint8_t block );
 int32_t dist_nt(uint32_t nt1, uint32_t nt2);
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
@ -211,5 +212,10 @@ bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* d
 /// util.h
 void HfSnoop(int , int);
 //EMV functions emvcmd.h
 void EMVTransaction(void);
 void EMVgetUDOL(void);
 void EMVloadvalue(uint32_t tag, uint8_t* datain);
 void EMVdumpcard(void);
 #endif
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@ -714,8 +714,8 @@ void SnoopHitag(uint32_t type) {
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	// Clean up trace and prepare it for storing frames
 	set_tracing(TRUE);
 	clear_trace();
 	set_tracing(TRUE);
 	auth_table_len = 0;
 	auth_table_pos = 0;
@ -928,8 +928,8 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	// Clean up trace and prepare it for storing frames
 	set_tracing(TRUE);
 	clear_trace();
 	set_tracing(TRUE);
 	auth_table_len = 0;
 	auth_table_pos = 0;
@ -1121,8 +1121,8 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 	bSuccessful = false;
 	// Clean up trace and prepare it for storing frames
 	set_tracing(TRUE);
 	clear_trace();
 	set_tracing(TRUE);
 	DbpString("Starting Hitag reader family");
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@ -653,8 +653,9 @@ void RAMFUNC SnoopIClass(void)
    // The DMA buffer, used to stream samples from the FPGA
    uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
 	set_tracing(TRUE);
 	clear_trace();
 	set_tracing(TRUE);
    iso14a_set_trigger(FALSE);
    int lastRxCounter;
@ -985,8 +986,9 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 	// Enable and clear the trace
 	set_tracing(TRUE);
 	clear_trace();
 	set_tracing(TRUE);
 	//Use the emulator memory for SIM
 	uint8_t *emulator = BigBuf_get_EM_addr();
@ -1323,10 +1325,8 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
 				GetParity(trace_data, trace_data_size, parity);
 				LogTrace(trace_data, trace_data_size, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE);
 			}
-			if(!tracing) {
+			if(!tracing)
 				DbpString("Trace full");
 				//break;
 			}
 		}
 	}
@ -1570,8 +1570,8 @@ void setupIclassReader()
 {
    FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
    // Reset trace buffer
 	set_tracing(TRUE);
 	clear_trace();
 	set_tracing(TRUE);
    // Setup SSC
    FpgaSetupSsc();
@ -1693,7 +1693,9 @@ void ReaderIClass(uint8_t arg0) {
    while(!BUTTON_PRESS())
    {
 		if (try_once && tryCnt > 5) break; 
 		tryCnt++;
 		if(!tracing) {
 			DbpString("Trace full");
 			break;
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -1211,10 +1211,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
 			//p_response = &responses[9];				
 		} else if(receivedCmd[0] == 0x50) {	// Received a HALT
 			if (tracing) {
 			LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
 			}
 			p_response = NULL;
 		} else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) {	// Received an authentication request
@ -1236,9 +1233,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
 				p_response = &responses[6]; order = 70;
 			}
 		} else if (order == 7 && len == 8) { // Received {nr] and {ar} (part of authentication)
 			if (tracing) {
 			LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
 			}
 			uint32_t nonce = bytes_to_num(response5,4);
 			uint32_t nr = bytes_to_num(receivedCmd,4);
 			uint32_t ar = bytes_to_num(receivedCmd+4,4);
@ -1352,9 +1347,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
 				default: {
 					// Never seen this command before
 					if (tracing) {
 					LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
 					}
 					Dbprintf("Received unknown command (len=%d):",len);
 					Dbhexdump(len,receivedCmd,false);
 					// Do not respond
@ -1372,9 +1365,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
 				if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
 					Dbprintf("Error preparing tag response");
 					if (tracing) {
 					LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
 					}
 					break;
 				}
 				p_response = &dynamic_response_info;
@ -1396,7 +1387,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
 		if (p_response != NULL) {
 			EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
 			// do the tracing for the previous reader request and this tag answer:
-			uint8_t par[MAX_PARITY_SIZE];
+			uint8_t par[MAX_PARITY_SIZE] = {0x00};
 			GetParity(p_response->response, p_response->response_n, par);
 			EmLogTrace(Uart.output, 
@ -1781,7 +1772,6 @@ int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){
 bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
 				 uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity)
 {
 	if (tracing) {
 	// we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
 	// end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
 	// with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
@ -1796,9 +1786,6 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start
 	else 
 		return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
 	} else {
 		return TRUE;
 	}
 }
 //-----------------------------------------------------------------------------
@ -1847,7 +1834,6 @@ void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t
 		LED_A_ON();
 	// Log reader command in trace buffer
 	if (tracing)
 	LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, TRUE);
 }
@ -1877,9 +1863,7 @@ int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parit
 	if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset)) 
 		return FALSE;
 	if (tracing)
 	LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
 	return Demod.len;
 }
@ -1888,9 +1872,7 @@ int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity)
 	if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) 
 		return FALSE;
 	if (tracing)
 	LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
 	return Demod.len;
 }
@ -2081,7 +2063,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
 }
 int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
-	uint8_t parity[MAX_PARITY_SIZE];
+	uint8_t parity[MAX_PARITY_SIZE] = {0x00};
 	uint8_t real_cmd[cmd_len+4];
 	real_cmd[0] = 0x0a; //I-Block
 	// put block number into the PCB
@ -2120,18 +2102,17 @@ void ReaderIso14443a(UsbCommand *c)
 	size_t lenbits = c->arg[1] >> 16;
 	uint32_t timeout = c->arg[2];
 	uint32_t arg0 = 0;
-	byte_t buf[USB_CMD_DATA_SIZE];
+	byte_t buf[USB_CMD_DATA_SIZE] = {0x00};
-	uint8_t par[MAX_PARITY_SIZE];
+	uint8_t par[MAX_PARITY_SIZE] = {0x00};
-	if(param & ISO14A_CONNECT) {
+	if (param & ISO14A_CONNECT)
 		clear_trace();
 	}
 	set_tracing(TRUE);
-	if(param & ISO14A_REQUEST_TRIGGER) {
+	if (param & ISO14A_REQUEST_TRIGGER)
 		iso14a_set_trigger(TRUE);
-	}
+
 	if (param & ISO14A_CONNECT) {
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -2142,9 +2123,8 @@ void ReaderIso14443a(UsbCommand *c)
 		}
 	}
-	if(param & ISO14A_SET_TIMEOUT) {
+	if (param & ISO14A_SET_TIMEOUT)
 		iso14a_set_timeout(timeout);
 	}
 	if (param & ISO14A_APDU) {
 		arg0 = iso14_apdu(cmd, len, buf);
@ -2190,13 +2170,12 @@ void ReaderIso14443a(UsbCommand *c)
 		cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
 	}
-	if(param & ISO14A_REQUEST_TRIGGER) {
+	if (param & ISO14A_REQUEST_TRIGGER)
 		iso14a_set_trigger(FALSE);
 	}
-	if(param & ISO14A_NO_DISCONNECT) {
+
 	if (param & ISO14A_NO_DISCONNECT)
 		return;
 	}
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	set_tracing(FALSE);
@ -2209,17 +2188,16 @@ void ReaderIso14443a(UsbCommand *c)
 // Therefore try in alternating directions.
 int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
 	uint16_t i;
 	uint32_t nttmp1, nttmp2;
 	if (nt1 == nt2) return 0;
-	nttmp1 = nt1;
+	uint16_t i;
-	nttmp2 = nt2;
+	uint32_t nttmp1 = nt1;
 	uint32_t nttmp2 = nt2;
-	for (i = 1; i < 0xFFFF; i++) {
+	for (i = 1; i < 0xFFFF; ++i) {
 		nttmp1 = prng_successor(nttmp1, 1);
 		if (nttmp1 == nt2) return i;
 		nttmp2 = prng_successor(nttmp2, 1);
 		if (nttmp2 == nt1) return -i;
 	}
@ -2234,13 +2212,18 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
 // Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
 // (article by Nicolas T. Courtois, 2009)
 //-----------------------------------------------------------------------------
-void ReaderMifare(bool first_try)
+void ReaderMifare(bool first_try, uint8_t block )
 {
 	// Mifare AUTH
-	uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
+	//uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
 	//uint8_t mf_auth[]    = { 0x60,0x05, 0x58, 0x2c };
 	uint8_t mf_auth[]    = { 0x60,0x00, 0x00, 0x00 };
 	uint8_t mf_nr_ar[]   = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
 	static uint8_t mf_nr_ar3;
 	mf_auth[1] = block;
 	AppendCrc14443a(mf_auth, 2);
 	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};
 	uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
@ -3006,15 +2989,14 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
-	if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK
+	// Interactive mode flag, means we need to send ACK
-	{
+	if(flags & FLAG_INTERACTIVE) {
 		//May just aswell send the collected ar_nr in the response aswell
 		uint8_t len = ar_nr_collected*5*4;
 		cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len);
 	}
-	if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 )
+	if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 ) {
 	{
 		if(ar_nr_collected > 1 ) {
 			Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
 			Dbprintf("../tools/mfkey/mfkey32 %06x%08x %08x %08x %08x %08x %08x",
@ -3063,9 +3045,8 @@ void RAMFUNC SniffMifare(uint8_t param) {
 	// param:
 	// bit 0 - trigger from first card answer
 	// bit 1 - trigger from first reader 7-bit request
 	// C(red) A(yellow) B(green)
 	LEDsoff();
 	// init trace buffer
 	clear_trace();
 	set_tracing(TRUE);
@ -3075,6 +3056,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
 	// So 32 should be enough!
 	uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};	
 	uint8_t receivedCmdPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
 	// The response (tag -> reader) that we're receiving.
 	uint8_t receivedResponse[MAX_MIFARE_FRAME_SIZE] = {0x00};
 	uint8_t receivedResponsePar[MAX_MIFARE_PARITY_SIZE] = {0x00};
@ -3083,6 +3065,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
 	// free eventually allocated BigBuf memory
 	BigBuf_free();
 	// allocate the DMA buffer, used to stream samples from the FPGA
 	uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
 	uint8_t *data = dmaBuf;
--- a/armsrc/iso14443b.c
+++ b/armsrc/iso14443b.c
@ -345,7 +345,7 @@ void SimulateIso14443bTag(void)
 	// response to HLTB and ATTRIB
 	static const uint8_t response2[] = {0x00, 0x78, 0xF0};
-	uint8_t parity[MAX_PARITY_SIZE];
+	uint8_t parity[MAX_PARITY_SIZE] = {0x00};
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@ -388,9 +388,7 @@ void SimulateIso14443bTag(void)
 			break;
 		}
 		if (tracing) {
 		LogTrace(receivedCmd, len, 0, 0, parity, TRUE);
 		}
 		// Good, look at the command now.
 		if ( (len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len) == 0)
@ -475,8 +473,7 @@ void SimulateIso14443bTag(void)
 			}
 		}
-		// trace the response:
+		LogTrace(resp, respLen, 0, 0, parity, FALSE);			
 		if (tracing) LogTrace(resp, respLen, 0, 0, parity, FALSE);			
 	}
 	FpgaDisableSscDma();
 	set_tracing(FALSE);	
@ -793,8 +790,8 @@ static void GetSamplesFor14443bDemod(int n, bool quiet)
 	}
 	//Tracing
-	if (tracing && Demod.len > 0) {
+	if (Demod.len > 0) {
-		uint8_t parity[MAX_PARITY_SIZE];
+		uint8_t parity[MAX_PARITY_SIZE] = {0x00};
 		LogTrace(Demod.output, Demod.len, 0, 0, parity, FALSE);
 	}
 }
@ -1216,7 +1213,7 @@ void RAMFUNC SnoopIso14443b(void)
 	upTo = dmaBuf;
 	lastRxCounter = ISO14443B_DMA_BUFFER_SIZE;
 	FpgaSetupSscDma((uint8_t*) dmaBuf, ISO14443B_DMA_BUFFER_SIZE);
-	uint8_t parity[MAX_PARITY_SIZE];
+	uint8_t parity[MAX_PARITY_SIZE] = {0x00};
 	bool TagIsActive = FALSE;
 	bool ReaderIsActive = FALSE;
@ -1245,10 +1242,12 @@ void RAMFUNC SnoopIso14443b(void)
 				Dbprintf("blew circular buffer! behindBy=%d", behindBy);
 				break;
 			}
 			if(!tracing) {
-				DbpString("Reached trace limit");
+				DbpString("Trace full");
 				break;
 			}
 			if(BUTTON_PRESS()) {
 				DbpString("cancelled");
 				break;
@ -1259,9 +1258,9 @@ void RAMFUNC SnoopIso14443b(void)
 		if (!TagIsActive) {							// no need to try decoding reader data if the tag is sending
 			if (Handle14443bUartBit(ci & 0x01)) {
-			if(triggered && tracing) {
+				if ( triggered)
 					LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, TRUE);
-			}
+
 				/* And ready to receive another command. */
 				UartReset();
 				/* And also reset the demod code, which might have been */
@ -1269,9 +1268,9 @@ void RAMFUNC SnoopIso14443b(void)
 				DemodReset();
 			}
 			if (Handle14443bUartBit(cq & 0x01)) {
-			if(triggered && tracing) {
+				if (triggered)
 					LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, TRUE);
-			}
+
 					/* And ready to receive another command. */
 					UartReset();
 					/* And also reset the demod code, which might have been */
@ -1286,11 +1285,8 @@ void RAMFUNC SnoopIso14443b(void)
 			if(Handle14443bSamplesDemod(ci & 0xfe, cq & 0xfe)) {
 				//Use samples as a time measurement
 			if(tracing)
 			{
 				//uint8_t parity[MAX_PARITY_SIZE];
 				LogTrace(Demod.output, Demod.len, samples, samples, parity, FALSE);
-			}
+
 				triggered = TRUE;
 				// And ready to receive another response.
@ -1302,7 +1298,6 @@ void RAMFUNC SnoopIso14443b(void)
 	FpgaDisableSscDma();
 	LEDsoff();
 	set_tracing(FALSE);	
 	AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
 	DbpString("Snoop statistics:");
@ -1311,6 +1306,7 @@ void RAMFUNC SnoopIso14443b(void)
 	Dbprintf("  Uart ByteCnt: %i", Uart.byteCnt);
 	Dbprintf("  Uart ByteCntMax: %i", Uart.byteCntMax);
 	Dbprintf("  Trace length: %i", BigBuf_get_traceLen());
 	set_tracing(FALSE);	
 }
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -44,6 +44,7 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	LED_A_ON();
 	LED_B_OFF();
@ -96,6 +97,7 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {
 		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
@ -131,6 +133,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	int len = iso14443a_select_card(NULL, NULL, NULL, true, 0);
 	if(!len) {
@ -202,6 +205,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	LED_A_ON();
 	LED_B_OFF();
@ -258,6 +262,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
 	// free eventually allocated BigBuf memory
 	BigBuf_free();
 	clear_trace();
 	set_tracing(true);
 	// params
 	uint8_t blockNo = arg0;
@ -368,6 +373,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	LED_A_ON();
 	LED_B_OFF();
@ -426,6 +432,7 @@ void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
 	LED_A_ON(); LED_B_OFF(); LED_C_OFF();
 	clear_trace();
 	set_tracing(true);
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	if(!iso14443a_select_card(uid, NULL, NULL, true, 0)) {
@ -473,6 +480,7 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {
 		if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
@ -532,6 +540,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {
 		if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
@ -982,7 +991,9 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	LED_C_OFF();
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
-	if (clearTrace) clear_trace();
+	if (clearTrace) 
 		clear_trace();
 	set_tracing(TRUE);
 	for (i = 0; i < keyCount; i++) {
@ -1354,6 +1365,7 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);
 	int len = iso14443a_select_card(uid, NULL, &cuid, true, 0);
 	if(!len) {
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@ -63,9 +63,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
 		print_result(" RX    : ", datain, datalen);
 	}
-	if ( flags & CLEARTRACE ){
+	if ( flags & CLEARTRACE )
 		clear_trace();
 	}
 	if ( flags & INIT ){
 		if ( !InitDesfireCard() )
@ -73,9 +72,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
 	}
 	int len = DesfireAPDU(datain, datalen, resp);
-	if (MF_DBGLEVEL >= 4) {
+	if (MF_DBGLEVEL >= 4)
 		print_result("ERR <--: ", resp, len);
 	}
 	if ( !len ) {
 		OnError(2);
@ -85,9 +83,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
 	// reset the pcb_blocknum,
 	pcb_blocknum = 0;
-	if ( flags & DISCONNECT ){
+	if ( flags & DISCONNECT )
 		OnSuccess();
 	}
 	cmd_send(CMD_ACK,1,len,0,resp,len);
 }
--- a/armsrc/mifaresniff.c
+++ b/armsrc/mifaresniff.c
@ -169,6 +169,5 @@ bool intMfSniffSend() {
 	LED_B_OFF();
 	clear_trace();
 	return TRUE;
 }
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@ -202,7 +202,7 @@ int CmdLegicLoad(const char *Cmd) {
    }
    char line[80]; 
-	int offset = 0, j; 
+	int offset = 0; 
 	uint32_t data[8] = {0x00};
    while ( fgets(line, sizeof(line), f) ) {
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@ -21,8 +21,17 @@ int CmdHF14AMifare(const char *Cmd)
 	uint64_t par_list = 0, ks_list = 0, r_key = 0;
 	int16_t isOK = 0;
 	int tmpchar; 
 	uint8_t blockNo = 0;
-	UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}};
+	char cmdp = param_getchar(Cmd, 0);	
 	if ( cmdp == 'H' || cmdp == 'h') {
 		PrintAndLog("Usage:  hf mf mifare <block number>");
 		PrintAndLog("        sample: hf mf mifare 0");
 		return 0;
 	}	
 	blockNo = param_get8(Cmd, 0);
 	UsbCommand c = {CMD_READER_MIFARE, {true, blockNo, 0}};
 	// message
 	printf("-------------------------------------------------------------------------\n");
@ -754,6 +763,8 @@ int CmdHF14AMfNested(const char *Cmd)
 				uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);
 				PrintAndLog("Reading block %d", sectrail);
 				UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};
 				num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A
 				clearCommandBuffer();
@ -1162,6 +1173,8 @@ int CmdHF14AMfChk(const char *Cmd)
 			uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);
 			PrintAndLog("Reading block %d", sectrail);
 			UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};
 			num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A
 			clearCommandBuffer();
--- a/client/cmdhfmfhard.c
+++ b/client/cmdhfmfhard.c
@ -88,7 +88,7 @@ typedef struct noncelist {
 } noncelist_t;
-static uint32_t cuid;
+static uint32_t cuid = 0;
 static noncelist_t nonces[256];
 static uint8_t best_first_bytes[256];
 static uint16_t first_byte_Sum = 0;