diff --git a/armsrc/Standalone/hf_15sim.c b/armsrc/Standalone/hf_15sim.c
index aa5c7dd10..b9fcca67a 100644
--- a/armsrc/Standalone/hf_15sim.c
+++ b/armsrc/Standalone/hf_15sim.c
@@ -184,7 +184,7 @@ void RunMod(void) {
     Dbprintf("Tag dumped");
     Dbprintf("Start simulation");
 
-    SimTagIso15693(0, 0);
+    SimTagIso15693(NULL, 0);
 
     Dbprintf("Simulation stopped");
     SpinDelay(200);
diff --git a/armsrc/Standalone/hf_tmudford.c b/armsrc/Standalone/hf_tmudford.c
index 0f20a5b86..661c1887b 100644
--- a/armsrc/Standalone/hf_tmudford.c
+++ b/armsrc/Standalone/hf_tmudford.c
@@ -75,7 +75,8 @@ void RunMod(void) {
             } else if (state == STATE_EMUL) {
                 Iso15693InitTag();
                 Dbprintf("Starting simulation, press " _GREEN_("pm3 button") " to stop and go back to search state.");
-                // default block size is 4
+                // default block size is 4.. 
+                // iceman:  which can be 4,8 all the way to 32
                 SimTagIso15693(card.uid, 4);
 
                 state = STATE_READ;
diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 40b313e40..4e5bb15ae 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -1317,6 +1317,27 @@ static void PacketReceived(PacketCommandNG *packet) {
             emlSet(payload->data, payload->offset, payload->count);
             break;
         }
+        case CMD_HF_ISO15693_EML_GETMEM: {
+            FpgaDownloadAndGo(FPGA_BITSTREAM_HF_15);
+            struct p {
+                uint32_t offset;
+                uint16_t length;
+            } PACKED;
+            struct p *payload = (struct p *) packet->data.asBytes;            
+
+            if (payload->length > PM3_CMD_DATA_SIZE) {
+                reply_ng(CMD_HF_ISO15693_EML_GETMEM, PM3_EMALLOC, NULL, 0);
+                return;
+            }
+
+            uint8_t *buf = BigBuf_malloc(payload->length);           
+            emlGet(buf, payload->offset, payload->length);
+            LED_B_ON();
+            reply_ng(CMD_HF_ISO15693_EML_GETMEM, PM3_SUCCESS, buf, payload->length);
+            LED_B_OFF();
+            BigBuf_free_keep_EM();                
+            break;
+        }
         case CMD_HF_ISO15693_SIMULATE: {
             struct p {
                 uint8_t uid[8];
diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c
index 911762a41..fe65b5739 100644
--- a/client/src/cmdhf15.c
+++ b/client/src/cmdhf15.c
@@ -1421,33 +1421,45 @@ static int CmdHF15Sim(const char *Cmd) {
 
     int uidlen = 0;
     CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
-    if (uidlen != 0 && uidlen != HF15_UID_LENGTH) {
-        PrintAndLogEx(WARNING, "UID must include 8 hex bytes");
-        CLIParserFree(ctx);
-        return PM3_EINVARG;
-    }
+    payload.block_size = arg_get_int_def(ctx, 2, 4);
     CLIParserFree(ctx);
 
-    if (uidlen == 0) { // get UID from emulator
-        // reserve memory
-        iso15_tag_t *tag = calloc(1, sizeof(iso15_tag_t));
-        if (tag == NULL) {
-            PrintAndLogEx(WARNING, "Fail, cannot allocate memory");
-            return PM3_EMALLOC;
-        }
+    // sanity checks
+    if (uidlen != 0 && uidlen != HF15_UID_LENGTH) {
+        PrintAndLogEx(WARNING, "UID must include 8 hex bytes, got ( " _RED_("%i") " )", uidlen);
+        return PM3_EINVARG;
+    }
 
-        if (GetFromDevice(BIG_BUF_EML, (uint8_t *)tag, sizeof(iso15_tag_t), 0, NULL, 0, NULL, 2500, false) == false) {
-            PrintAndLogEx(WARNING, "Fail, transfer from device time-out");
-            free(tag);
+    PacketResponseNG resp;
+
+    // get UID from emulator,  for printing??
+    // iceman:  downloading 2200 bytes just to get a 8 byte UID is overkill
+    if (uidlen == 0) {
+
+        struct {
+            uint32_t offset;
+            uint16_t length;
+        } PACKED payload_mem;
+
+        payload_mem.offset = 0;
+        payload_mem.length = 8;
+
+        clearCommandBuffer();
+        SendCommandNG(CMD_HF_ISO15693_EML_GETMEM, (uint8_t *)&payload_mem, sizeof(payload_mem));
+        if (WaitForResponseTimeout(CMD_HF_ISO15693_EML_GETMEM, &resp, 2000) == false) {
+            PrintAndLogEx(DEBUG, "iso15693 timeout");
             return PM3_ETIMEOUT;
         }
 
-        PrintAndLogEx(SUCCESS, "Starting simulating UID " _YELLOW_("%s"), iso15693_sprintUID(NULL, tag->uid));
-        free(tag);
+        if (resp.status != PM3_SUCCESS) {
+            PrintAndLogEx(WARNING, "Failed to get UID from emulator memory");
+            return resp.status;
+        }
+        PrintAndLogEx(SUCCESS, "Starting simulating UID " _YELLOW_("%s"), iso15693_sprintUID(NULL, resp.data.asBytes));
     }
+
     PrintAndLogEx(INFO, "Press " _YELLOW_("`pm3-button`") " to abort simulation");
 
-    PacketResponseNG resp;
     clearCommandBuffer();
     SendCommandNG(CMD_HF_ISO15693_SIMULATE, (uint8_t *)&payload, sizeof(payload));
     WaitForResponse(CMD_HF_ISO15693_SIMULATE, &resp);
diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h
index 80d6f50dd..f36abb04b 100644
--- a/include/pm3_cmd.h
+++ b/include/pm3_cmd.h
@@ -550,6 +550,7 @@ typedef struct {
 #define CMD_HF_TEXKOM_SIMULATE                                            0x0320
 #define CMD_HF_ISO15693_EML_CLEAR                                         0x0330
 #define CMD_HF_ISO15693_EML_SETMEM                                        0x0331
+#define CMD_HF_ISO15693_EML_GETMEM                                        0x0332
 
 #define CMD_LF_SNIFF_RAW_ADC                                              0x0360