diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c
index 44780a02c..4fbe74f5d 100644
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@@ -13,23 +13,27 @@
 int MF_DBGLEVEL = MF_DBG_ALL;
 
 // crypto1 helpers
-void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len){
+void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out){
 	uint8_t	bt = 0;
 	int i;
 	
 	if (len != 1) {
 		for (i = 0; i < len; i++)
-			data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];
+			data_out[i] = crypto1_byte(pcs, 0x00, 0) ^ data_in[i];
 	} else {
-		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data[0], 0)) << 0;
-		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data[0], 1)) << 1;
-		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data[0], 2)) << 2;
-		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data[0], 3)) << 3;
-		data[0] = bt;
+		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data_in[0], 0)) << 0;
+		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data_in[0], 1)) << 1;
+		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data_in[0], 2)) << 2;
+		bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data_in[0], 3)) << 3;
+		data_out[0] = bt;
 	}
 	return;
 }
 
+void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len){
+	mf_crypto1_decryptEx(pcs, data, len, data);
+}
+
 void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par) {
 	uint8_t bt = 0;
 	int i;
@@ -62,8 +66,7 @@ int mifare_sendcmd(uint8_t cmd, uint8_t* data, uint8_t data_size, uint8_t* answe
 	ReaderTransmit(dcmd, sizeof(dcmd), timing);
 	int len = ReaderReceive(answer, answer_parity);
 	if(!len) {
-		if (MF_DBGLEVEL >= MF_DBG_ERROR)
-			Dbprintf("%02X Cmd failed. Card timeout.", cmd);
+		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("%02X Cmd failed. Card timeout.", cmd);
 		len = ReaderReceive(answer,answer_parity);
     }
 	return len;
diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h
index fcab10e5a..268149f60 100644
--- a/armsrc/mifareutil.h
+++ b/armsrc/mifareutil.h
@@ -30,6 +30,16 @@
 #define AUTH_FIRST    0	
 #define AUTH_NESTED   2
 
+#define AUTHENTICATION_TIMEOUT 848			// card times out 1ms after wrong authentication (according to NXP documentation)
+#define PRE_AUTHENTICATION_LEADTIME 400		// some (non standard) cards need a pause after select before they are ready for first authentication
+
+// mifare 4bit card answers
+#define CARD_ACK      0x0A  // 1010 - ACK
+#define CARD_NACK_NA  0x04  // 0100 - NACK, not allowed (command not allowed)
+#define CARD_NACK_TR  0x05  // 0101 - NACK, transmission error
+
+
+
 //mifare emulator states
 #define MFEMUL_NOFIELD      0
 #define MFEMUL_IDLE         1
@@ -75,6 +85,7 @@ int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);
 
 // crypto functions
 void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
+void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out);
 void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par);
 uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data);