the device side of iclass tear off is implemented. The base was done by @antiklesys. This version differs by the concept of trying to stabilize weak bits by performing a write operation in conjuction with the detected tear. Its untested but I can replicate most of the tears we performed client side. You will need to call the proxmark3 client with -f , ./pm3 -f to force flush out text which is needed for the inplace printing. I thought this was done automatically but it wasnt. hf iclass tear --arm + all the normal params to run on device side

include/iclass_cmd.h

@@ -87,6 +87,17 @@ typedef struct {
     uint8_t mac[4];
 } PACKED iclass_writeblock_req_t;
 
+// iCLASS tearoff block request data structure
+typedef struct {
+    iclass_auth_req_t req;
+    uint8_t data[8];
+    uint8_t mac[4];
+    int tear_start;
+    int tear_end;
+    int increment;
+    int tear_loop;
+} PACKED iclass_tearblock_req_t;
+
 // iCLASS write block request data structure
 typedef struct {
     iclass_auth_req_t req;

include/pm3_cmd.h

@@ -668,6 +668,7 @@ typedef struct {
 #define CMD_HF_ICLASS_RESTORE                                             0x039B
 #define CMD_HF_ICLASS_CREDIT_EPURSE                                       0x039C
 #define CMD_HF_ICLASS_RECOVER                                             0x039D
+#define CMD_HF_ICLASS_TEARBL                                              0x039E
 
 
 // For ISO1092 / FeliCa