From a6beff18a5bbd2c6127afc1e20f1aedc4265c069 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <phil@teuwen.org>
Date: Tue, 20 Oct 2020 15:46:44 +0200
Subject: [PATCH] fix em 4x05 bf

---
 armsrc/lfops.c           | 3 ++-
 client/src/cmdlfem4x05.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index 3d7154eb3..1ccc1879a 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -2545,9 +2545,10 @@ void EM4xBruteforce(uint32_t start_pwd, uint32_t n) {
         DoPartialAcquisition(0, false, 350, 1000);
         uint8_t *mem = BigBuf_get_addr();
         if (mem[334] < 128) {
+            candidates_found++;
             Dbprintf("Password candidate: " _GREEN_("%08X"), pwd);
             if ((n != 0) && (candidates_found == n)) {
-                Dbprintf("EM4x05 Bruteforce Stopped. %i candidates found", candidates_found);
+                Dbprintf("EM4x05 Bruteforce Stopped. %i candidate%s found", candidates_found, candidates_found > 1 ? "s" : "");
                 break;
             }
         }
diff --git a/client/src/cmdlfem4x05.c b/client/src/cmdlfem4x05.c
index 7cb77803e..404a6af3d 100644
--- a/client/src/cmdlfem4x05.c
+++ b/client/src/cmdlfem4x05.c
@@ -1196,7 +1196,7 @@ int CmdEM4x05Brute(const char *Cmd) {
     };
     CLIExecWithReturn(ctx, Cmd, argtable, true);
     uint32_t start_pwd = arg_get_u64_def(ctx, 1, 0);
-    uint32_t n = arg_get_int_def(ctx, 1, 0);
+    uint32_t n = arg_get_int_def(ctx, 2, 0);
     CLIParserFree(ctx);
 
     PrintAndLogEx(NORMAL, "");