From b7c0d6aa5e5cc0287096333790f7525526696182 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Wed, 25 Nov 2020 15:13:32 +0100
Subject: [PATCH] lf viking clone - now supports clone to EM4305/4469
 (untested)

---
 armsrc/appmain.c         |  3 ++-
 armsrc/lfops.c           |  7 +++++--
 armsrc/lfops.h           |  2 +-
 client/src/cmdlfviking.c | 26 ++++++++++++++++++++------
 4 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 69b628d7a..f43de6f47 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -1037,10 +1037,11 @@ static void PacketReceived(PacketCommandNG *packet) {
         case CMD_LF_VIKING_CLONE: {
             struct p {
                 bool Q5;
+                bool EM;
                 uint8_t blocks[8];
             } PACKED;
             struct p *payload = (struct p *)packet->data.asBytes;
-            CopyVikingtoT55xx(payload->blocks, payload->Q5);
+            CopyVikingtoT55xx(payload->blocks, payload->Q5, payload->EM);
             break;
         }
         case CMD_LF_COTAG_READ: {
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index a6fbb7bba..ac34c2a69 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -2252,11 +2252,14 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
 }
 
 // clone viking tag to T55xx
-void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) {
+void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em) {
 
     uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), 0, 0};
-    if (Q5)
+    if (q5) {
         data[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT;
+    } else if (em) {
+        data[0] = (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(2) );
+    }
 
     data[1] = bytes_to_num(blocks, 4);
     data[2] = bytes_to_num(blocks + 4, 4);
diff --git a/armsrc/lfops.h b/armsrc/lfops.h
index 0ec050158..703d48b21 100644
--- a/armsrc/lfops.h
+++ b/armsrc/lfops.h
@@ -41,7 +41,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
 
 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
 
-void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5);
+void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em);
 
 int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo);
 
diff --git a/client/src/cmdlfviking.c b/client/src/cmdlfviking.c
index d4ab057c8..2d60c4893 100644
--- a/client/src/cmdlfviking.c
+++ b/client/src/cmdlfviking.c
@@ -88,15 +88,17 @@ static int CmdVikingClone(const char *Cmd) {
 
     CLIParserContext *ctx;
     CLIParserInit(&ctx, "lf viking clone",
-                  "clone a Viking AM tag to a T55x7 or Q5/T5555 tag.",
+                  "clone a Viking AM tag to a T55x7, Q5/T5555 or EM4305/4469 tag.",
                   "lf viking clone --cn 01A337\n"
                   "lf viking clone --cn 01A337 --q5   -> encode for Q5/T5555 tag"
+                  "lf viking clone --cn 112233 --em   -> encode for EM4305/4469"
                  );
 
     void *argtable[] = {
         arg_param_begin,
         arg_strx0(NULL, "cn", "<hex>", "8 digit hex viking card number"),
         arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"),
+        arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"),        
         arg_param_end
     };
     CLIExecWithReturn(ctx, Cmd, argtable, false);
@@ -104,29 +106,41 @@ static int CmdVikingClone(const char *Cmd) {
     int raw_len = 0;
     uint8_t raw[4] = {0};
     CLIGetHexWithReturn(ctx, 1, raw, &raw_len);
+    bool q5 = arg_get_lit(ctx, 2);
+    bool em = arg_get_lit(ctx, 3);
+    CLIParserFree(ctx);
 
     uint32_t id = bytes_to_num(raw, raw_len);
     if (id == 0) {
         PrintAndLogEx(ERR, "Cardnumber can't be zero");
-        CLIParserFree(ctx);
         return PM3_EINVARG;
     }
 
-    bool q5 = arg_get_lit(ctx, 2);
-    CLIParserFree(ctx);
+    if (q5 && em) {
+        PrintAndLogEx(FAILED, "Can't specify both Q5 and EM4305 at the same time");
+        return PM3_EINVARG;
+    }
 
     uint64_t rawID = getVikingBits(id);
 
     struct p {
         bool Q5;
+        bool EM;
         uint8_t blocks[8];
     } PACKED payload;
     payload.Q5 = q5;
+    payload.EM = em;
 
     num_to_bytes(rawID, 8, &payload.blocks[0]);
 
+    char cardtype[16] = {"T55x7"};
+    if (q5) 
+        snprintf(cardtype, sizeof(cardtype), "Q5/T5555");
+    else if (em)
+        snprintf(cardtype, sizeof(cardtype), "EM4305/4469");
+
     PrintAndLogEx(INFO, "Preparing to clone Viking tag on " _YELLOW_("%s") " - ID " _YELLOW_("%08X")" raw " _YELLOW_("%s")
-                  , (q5) ? "Q5/T5555" : "T55x7"
+                  , cardtype
                   , id
                   ,  sprint_hex(payload.blocks, sizeof(payload.blocks))
                  );
@@ -228,7 +242,7 @@ uint64_t getVikingBits(uint32_t id) {
     ret |= checksum;
     return ret;
 }
-// by marshmellow
+
 // find viking preamble 0xF200 in already demoded data
 int detectViking(uint8_t *src, size_t *size) {
     //make sure buffer has data