diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index ab18aa168..162783489 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -818,9 +818,10 @@ static void PacketReceived(PacketCommandNG *packet) {
             CopyHIDtoT55x7(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes[0]);
             break;
         }
-        case CMD_LF_IO_DEMOD: {
+        case CMD_LF_IO_WATCH: {
             uint32_t high, low;
-            CmdIOdemodFSK(0, &high, &low, 1);
+            int res = lf_io_watch(0, &high, &low);
+            reply_ng(CMD_LF_IO_WATCH, res, NULL, 0);
             break;
         }
         case CMD_LF_EM410X_DEMOD: {
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index 03c6c5164..3f8d8bafc 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -1467,29 +1467,41 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
     if (ledcontrol) LED_A_OFF();
 }
 
-void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
-
-    uint8_t *dest = BigBuf_get_addr();
+int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
 
     int dummyIdx = 0;
     uint32_t code = 0, code2 = 0;
     uint8_t version = 0, facilitycode = 0, crc = 0;
     uint16_t number = 0, calccrc = 0;
 
-    size_t size = BigBuf_max_traceLen();
+    size_t size = 12000;
+    uint8_t *dest = BigBuf_malloc(size);
 
     BigBuf_Clear_keep_EM();
 
     // Configure to go in 125kHz listen mode
     LFSetupFPGAForADC(LF_DIVISOR_125, true);
 
-    while (!BUTTON_PRESS() && !data_available()) {
+    int res = PM3_SUCCESS;
+    uint16_t interval = 0;
+    while (BUTTON_PRESS() == false) {
+
         WDT_HIT();
-        if (ledcontrol) LED_A_ON();
+         
+        // cancel w usb command.
+        if (interval == 2000) {
+            if (data_available()) {
+                res = PM3_EOPABORTED;
+                break;
+            }
+            interval = 0;
+        } else {
+            interval++;
+        }
 
         DoAcquisition_default(-1, false);
 
-        size = MIN(12000, BigBuf_max_traceLen());
+        size = 12000;
 
         //fskdemod and get start index
         int idx = detectIOProx(dest, &size, &dummyIdx);
@@ -1530,17 +1542,17 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
         number = (bytebits_to_byte(dest + idx + 36, 8) << 8) | (bytebits_to_byte(dest + idx + 45, 8)); //36,9
 
         crc = bytebits_to_byte(dest + idx + 54, 8);
-        for (uint8_t i = 1; i < 6; ++i)
+        for (uint8_t i = 1; i < 6; ++i) {
             calccrc += bytebits_to_byte(dest + idx + 9 * i, 8);
+        }
         calccrc &= 0xff;
         calccrc = 0xff - calccrc;
 
-        const char *crcStr = (crc == calccrc) ? "ok" : "!crc";
+        const char *crcStr = (crc == calccrc) ? _GREEN_("ok") : _RED_("fail");
 
-        Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x)  [%02x %s]", version, facilitycode, number, code, code2, crc, crcStr);
+        Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) (%s)", version, facilitycode, number, code, code2, crcStr);
         // if we're only looking for one tag
         if (findone) {
-            if (ledcontrol) LED_A_OFF();
             *high = code;
             *low = code2;
             break;
@@ -1550,10 +1562,8 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
         number = 0;
         calccrc = 0;
     }
-
     FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-    DbpString("IOProx fsk demod stopped");
-    if (ledcontrol) LED_A_OFF();
+    return res;
 }
 
 /*------------------------------
@@ -2006,12 +2016,12 @@ void T55xx_ChkPwds(uint8_t flags) {
 
     DbpString("[+] T55XX Check pwds using flashmemory starting");
 
-    uint8_t ret = 0;
     // First get baseline and setup LF mode.
     // tends to mess up BigBuf
-    uint8_t  *buf           = BigBuf_get_addr();
-    uint32_t b1, baseline   = 0;
-    uint8_t  downlink_mode  = (flags >> 3) & 0x03;
+    uint8_t *buf = BigBuf_get_addr();
+    uint8_t ret = 0;
+    uint8_t downlink_mode = (flags >> 3) & 0x03;
+    uint32_t b1, baseline = 0;
 
     // collect baseline for failed attempt
     uint8_t x = 32;
diff --git a/armsrc/lfops.h b/armsrc/lfops.h
index eb31e54a6..4bc04bf8c 100644
--- a/armsrc/lfops.h
+++ b/armsrc/lfops.h
@@ -38,7 +38,8 @@ void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size,
 void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
 void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26
 void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol);
-void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
+int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
+
 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
 void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5);
 void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c
index f74101573..40ad29f93 100644
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@@ -132,6 +132,8 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
     } else {
         if (*sample_size == 0) {
             *sample_size = BigBuf_max_traceLen();
+        } else {
+            *sample_size = MIN(*sample_size, BigBuf_max_traceLen());
         }
         data.buffer = BigBuf_get_addr();
     }
@@ -256,11 +258,11 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
     uint32_t cancel_counter = 0;
     int16_t checked = 0;
 
-    while (!BUTTON_PRESS()) {
+    while (BUTTON_PRESS() == false) {
 
         // only every 1000th times, in order to save time when collecting samples.
         // interruptible only when logging not yet triggered
-        if ((checked == 1000) && (trigger_threshold > 0)) {
+        if ((checked == 2000) && (trigger_threshold > 0)) {
             if (data_available()) {
                 checked = -1;
                 break;
@@ -273,7 +275,6 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
         WDT_HIT();
 
         if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
-//			AT91C_BASE_SSC->SSC_THR = 0x43;
             LED_D_ON();
         }
 
diff --git a/client/src/cmdlfio.c b/client/src/cmdlfio.c
index e93a7cde3..a754e5aa4 100644
--- a/client/src/cmdlfio.c
+++ b/client/src/cmdlfio.c
@@ -79,8 +79,11 @@ static int CmdIOProxWatch(const char *Cmd) {
     uint8_t ctmp = tolower(param_getchar(Cmd, 0));
     if (ctmp == 'h') return usage_lf_io_watch();
     clearCommandBuffer();
-    SendCommandNG(CMD_LF_IO_DEMOD, NULL, 0);
-    return PM3_SUCCESS;
+    SendCommandNG(CMD_LF_IO_WATCH, NULL, 0);
+    PacketResponseNG resp;
+    WaitForResponse(CMD_LF_IO_WATCH, &resp);
+    PrintAndLogEx(INFO, "Done");
+    return resp.status;
 }
 
 //by marshmellow
diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h
index 3cafb9df1..daa05d8fe 100644
--- a/include/pm3_cmd.h
+++ b/include/pm3_cmd.h
@@ -399,7 +399,7 @@ typedef struct {
 #define CMD_LF_PCF7931_WRITE                                              0x0223
 #define CMD_LF_EM4X_READWORD                                              0x0218
 #define CMD_LF_EM4X_WRITEWORD                                             0x0219
-#define CMD_LF_IO_DEMOD                                                   0x021A
+#define CMD_LF_IO_WATCH                                                   0x021A
 #define CMD_LF_EM410X_DEMOD                                               0x021C
 // Sampling configuration for LF reader/sniffer
 #define CMD_LF_SAMPLING_SET_CONFIG                                        0x021D