2025-08-20 13:23:51 -07:00
327 changed files with 4773 additions and 19594 deletions
--- a/.github/ISSUE_TEMPLATE/checklist-for-release.md
+++ b/.github/ISSUE_TEMPLATE/checklist-for-release.md
@ -31,13 +31,9 @@ Run `tools/release_tests.sh` on:
 - [ ] Kali
 - [ ] Debian Stable
 - [ ] Debian Testing
- [ ] Ubuntu 24.04 (LTS)
+- [ ] Ubuntu 22
 - [ ] Ubuntu 24.10
 - [ ] Ubuntu 25.04
 - [ ] ParrotOS
- [ ] Fedora 41 (till 2025-11-19)
+- [ ] Fedora 37
 - [ ] Fedora 42 (till 2026-05-13)
 - [ ] Fedora 43 (till 2026-12-02)
 - [ ] OpenSuse Leap
 - [ ] OpenSuse Tumbleweed
 - [ ] OSX (MacPorts)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,79 +2,11 @@
 All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
-## [unreleased][unreleased]
+## [Blue Ice][2025-03-25]
 - Changed from Bigbuf malloc to Bigbuf calloc calls on device side (@iceman1001)
 - Added `lf t55xx view` - now viewing of T55XX dump files is possible (@iceman1001)
 - Fixed `lf indala cone` - now writing the right bits when using `--fc` and `--cn`
 - Changed readline hack logic for async dbg msg to be ready for readline 8.3 (@doegox)
 - Improved To avoid conflicts with ModemManager on Linux, is recommended to masking the service (@grugnoymeme)
 - Changed `data crypto` - now also handles AES-256 (@iceman1001)
 - Changed `hf mfdes info` - add recognition of Swissbit iShield Key Mifare (@ah01)
 - Changed `hf mf info` - add detection for unknown backdoor keys and for some backdoor variants (@doegox)
 - Changed `mqtt` commnands - now honors preference settings (@iceman1001)
 - Changed `prefs` - now handles MQTT settings too (@iceman1001)
 - Fixed `mqtt` segfault and gdb warning under windows (proper thread stopping and socket handling). (@virtyvoid)
 - Added `mqtt` - the pm3 client can now send and receive MQTT messages or json files. (@iceman1001)
 - Changed `hf iclass wrbl` - replay behavior to use privilege escalation if the macs field is not passed empty(@antiklesys)
 - Changed `hf iclass restore` - it now supports privilege escalation to restore card content using replay (@antiklesys)
 - Fixed `hf 15 dump` - now reads sysinfo response correct (@iceman1001)
 - Changed `make clean` - it now removes all __pycache__ folders (@iceman1001)
 - Fixed `hf 15 readmulti` - fix block calculations (@iceman1001)
 - Changed `mem load` - now handles UL-C and UL-AES dictionary files (@iceman1001)
 - Changed `hf mfu sim` - now support UL-C simulation (@iceman1001)
 - Added `!` - run system commands from inside the client. Potentially dangerous if running client as SUDO, SU, ROOT (@iceman1001)
 - Implemented `hf felica scsvcode` - now dumps all service and area codes. (@zinongli)
 - Added `hf felica liteauth` - now support FeliCa Lite-S authentication(@q0jt)
 - Added `he felica dump` - partial support for dumping all blocks from unauth readable services (@zinongli)
 - Changed `hf 14b calypso` - now don't break the file id loop when one file can't be selected or read. Add new file ids to iterate through (@zinongli)
 ## [Daddy Iceman.4.20469][2025-06-16]
 - Fixed edge case in fm11rf08s key recovery tools (@doegox)
 - Removed `--par` from `lf em 4x70` commands.
 - Changed `hf 14a info` - refactored code to be able to detect card technology across the client easier (@iceman1001)
 - Changed `hf mf info` - now informs better if a different card technology is detected (@iceman1001)
 - Changed `hf mf autopwn` - now exits if desfire is detected and limit attacks if mifare plus is detected (@iceman1001)
 - Changed `hf mfp chk` - improved key handling and output (@iceman1001)
 - Fix `hf mf dump` - added a check for keyfile to contain enough keys for card (@iceman1001)
 - Fix `hf mf eview` - now viewing 2k, 4k cards doesn't get wrong background color (@iceman1001)
 - Changed `hf mf info` - skip checking if it detects a MIFARE Ultralight family card (@iceman1001)
 - Changed `hf mf rdsc` - it now addeds the used key to the output in the sector trailer (@iceman1001)
 - Added the `PM3ULTIMATE` platform in the build / docs. *untested* (@iceman1001)
 - Added fpga compilation for PM3ULTIMATE device (@n-hutton)
 - Updated the ATR list (@iceman1001)
 - Fixed fpga binary images to use fixed seed 2 (@n-hutton)
 - Added `hf iclass sam --info` - option that returns sam specific details (@antiklesys)
 - Changed `hf iclass sim -t 7` - implemented simulation that glitches key block responses (@antiklesys)
 - Changed `hf iclass sim -t 6` - implemented simulation that glitches sio block (@antiklesys)
 - Changed `hf iclass legbrute` - implemented multithreading support (@antiklesys)
 - Changed `hf iclass legrec` - added a --sl option for further speed increase by tweaking the communication delays (@antiklesys)
 - Changed `hf iclass legrec` - added a --fast option for further speed increase and automated AA2 block selection (@antiklesys)
 - Changed `hf iclass legrec` - additional code optimizations gaining a ~147% speed increase (@antiklesys)
 - Changed `hf iclass tear` - readability improvements for erase phase (@antiklesys)
 - Changed `hf iclass legrec` - code optimizations gaining a ~8% speed increase (@antiklesys)
 - Modified `hf iclass tear` - now has a device side implementation also. (@antiklesys) (@iceman1001)
 - Changed `hf iclass info` - now uses CSN values based checks (@antiklesys)
 - Changed `hf iclass dump` - now uses default AA1 key when called without a key or key index (@iceman1001)
 - Renamed `hf iclass trbl` to `hf iclass tear` (@iceman1001)
 - Changed `hw tearoff` - the device side message is now debug log controlled (@iceman1001)
 - Changed `pm3.sh` - Serial ports enumeration on Proxspace3.xx / MINGW environments,  now using powershell.exe since wmic is deprecated (@iceman1001)
 - Fixed `hf iclass trbl` - to correctly use the credit key when passed and show partial tearoff results (@antiklesys)
 - Fixed `hf iclass legbrute` was not correctly parsing the index value
 - Fixed `hf mf ekeyprn` - failed to download emulator memory due to wrong size calculation (@iceman1001)
 - Fixed `hf mf fchk --mem` to actually use flash dict (@doegox)
 - Fixed `make install` on OSX thanks DaveItsLong (@doegox)
 - Added new standalone mode `HF_ST25_TEAROFF` to store/restore ST25TB tags with tearoff for counters (@seclabz)
 - Added `hf_mfu_ultra.lua` script enables restoring dump to ULTRA/UL-5 tags and clearing previously written ULTRA tags (@mak-42)
 - Fixed `hf mfu sim` to make persistent the counter increases in the emulator memory (@sup3rgiu)
 - Fixed `hf mf mad` to correctly display MAD version 2 card publisher sector (@BIOS9)
 - Fixed `lf hitag dump` and related commands stability when tag is configured in public mode/TTF mode (@rfidgeek1337)
 ## [Blue Ice.4.20142][2025-03-25]
 - Added `des_talk.py` script for easier MIFARE DESFire handling (@trigat)
 - Fixed `hf 14b info` - wrong endianess when looking for lock bits etc (@gentilkiwi)
 - Changed `hf mf autopwn` - tries to detect static encrypted nonces and also user cancel during chk keys (@iceman1001)
- Changed `hf mf autopwn` - added option to use SPI flash dictionary (@jmichelp)
+- Added option to `hf mf autopwn` to use SPI flash dictionary (@jmichelp)
 - Changed `trace list -t seos` - now annotate ISO7816 (@iceman1001)
 - Updated aid and mad json files (@iceman1001)
 - Changed `hf 14a apdu` - now can be interrupted and dynamically adds time (@iceman1001)
@ -108,7 +40,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 - Changed `hf mf info` - now differentiates between full USCUID and cut down ZUID chips (@nvx)
 - Changed `lf hitag chk` - added key counter, client side abort and minor delay (@iceman1001) 
 - Added `hf seos sam` - Added support for HID SAM SEOS communications (@jkramarz)
- Changed the extended area accessible by spiffs into last page of FLASH (@piotrva)
+- Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva)
 - Changed flash-stored key dictionaries (Mifare, iClass, T55XX) and T55XX configurations to SPIFFS files (@piotrva)
 - Changed `lf em 410x sim` to use default gap value of 0 and extended help (@piotrva)
 - Changed `hf 14a info` - now identifies MIAFRE Duox (@iceman1001)
@ -122,14 +54,13 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 - Changed extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva)
 - Fixed DESFire D40 secure channel crypto (@nvx)
 - Fixed `hf mfp info` fix signature check on 4b UID cards (@doegox)
- Changed `hf_mf_ultimatecard` - it now automatically set maximum read/write block when using predefined types (@piotrva)
+- Automatically set maximum read/write block when using predefined types in `hf_mf_ultimatecard` script (@piotrva)
- Changed SPI flash detection to calculate the size instead of table lookup (@ANTodorov)
+- Changed SPI flash detection to calculate the size instead of table lookup, updated spi_flash_decode.py script with more ICs (@ANTodorov)
 - Changed `spi_flash_decode.py` script with more ICs (@ANTodorov)
 - Fixed `hf/lf tune` segfault when called from script (@doegox)
- Changed `hf_mf_ultimatecard` - added option to set and get maximum read/write block number (@piotrva)
+- Added option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva)
 - Added JEDEC information for SPI flash W25Q64JV (@ANTodorov)
- Changed `hf iclass configcard` - added special iclass legacy config cards (@antiklesys)
+- Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys)
- Changed `hf iclass legrec` - added simulation function (@antiklesys)
+- Added simulation function to `hf iclass legrec` (@antiklesys)
 - Added keys from Momentum firmware projects. (@onovy)
 - Added Dutch Statistics Agency default key (@eagle00789)
 - Fixed Wiegand decode with hex input dropping the first bit (@emilyastranova)
--- a/16
+++ b/16
@ -32,9 +32,6 @@ endif
 all clean install uninstall check: %: client/% bootrom/% armsrc/% recovery/% mfc_card_only/% mfc_card_reader/% mfd_aes_brute/% fpga_compress/% cryptorf/%
 # hitag2crack toolsuite is not yet integrated in "all", it must be called explicitly: "make hitag2crack"
 #all clean install uninstall check: %: hitag2crack/%
 clean: %: hitag2crack/%
 	find . -type d -name __pycache__ -exec rm -rfv \{\} +
 INSTALLTOOLS=mfc/pm3_eml2lower.sh mfc/pm3_eml2upper.sh mfc/pm3_mfdread.py mfc/pm3_mfd2eml.py mfc/pm3_eml2mfd.py pm3_amii_bin2eml.pl pm3_reblay-emulating.py pm3_reblay-reading.py
 INSTALLSIMFW=sim011.bin sim011.sha512.txt sim013.bin sim013.sha512.txt sim014.bin sim014.sha512.txt
@ -207,7 +204,7 @@ help:
 	@echo "+ fpga_compress   - Make tools/fpga_compress"
 	@echo
 	@echo "+ style           - Apply some automated source code formatting rules"
-	@echo "+ commands        - Regenerate commands documentation files and autocompletion data"
+	@echo "+ commands        - Regenerate commands documentation files and autocompletion data
 	@echo "+ check           - Run offline tests. Set CHECKARGS to pass arguments to the test script"
 	@echo "+ .../check       - Run offline tests against specific target. See above."
 	@echo "+ miscchecks      - Detect various encoding issues in source code"
@ -267,11 +264,8 @@ ifeq ($(PLATFORM_CHANGED),true)
 	$(Q)$(MAKE) --no-print-directory -C bootrom clean
 	$(Q)$(MAKE) --no-print-directory -C armsrc clean
 	$(Q)$(MAKE) --no-print-directory -C recovery clean
 	$(Q)$(MAKE) --no-print-directory -C tools/fpga_compress clean
 # clean the client only if PLATFORM got changed from or to PM3ICOPYX
 ifeq (PM3ICOPYX,$(filter PM3ICOPYX, $(PLATFORM) $(CACHED_PLATFORM)))
 	$(Q)$(MAKE) --no-print-directory -C client clean
-endif
+	$(Q)$(MAKE) --no-print-directory -C tools/fpga_compress clean
 	$(Q)$(ECHO) CACHED_PLATFORM=$(PLATFORM) > .Makefile.options.cache
 	$(Q)$(ECHO) CACHED_PLATFORM_EXTRAS=$(PLATFORM_EXTRAS) >> .Makefile.options.cache
 	$(Q)$(ECHO) CACHED_PLATFORM_DEFS=$(PLATFORM_DEFS) >> .Makefile.options.cache
@ -372,12 +366,10 @@ release:
 	@echo "# - Release Tag:  $(VERSION)"
 	@echo "# - Release Name: $(RELEASE_NAME)"
 	# - Removing -Werror...
-	@find . \( -path "./Makefile.defs" -or -path "./client/Makefile" -or -path "./common_arm/Makefile.common" -or -path "./tools/hitag2crack/*/Makefile" -or -path "./client/deps/*/Makefile" \) -exec sed -i 's/ -Werror//' {} \;
+	@find . \( -path "./Makefile.defs" -or -path "./client/Makefile" -or -path "./common_arm/Makefile.common" -or -path "./tools/hitag2crack/*/Makefile" \) -exec sed -i 's/ -Werror//' {} \;
-	@find . \( -path "./client/deps/*.cmake" -or -path "./client/CMakeLists.txt" -or -path "./client/experimental_lib/CMakeLists.txt" \) -exec sed -i 's/ -Werror//' {} \;
+	@find . \( -path "./client/deps/*.cmake" -or -path "./client/CMakeLists.txt" \) -exec sed -i 's/ -Werror//' {} \;
 	# - Changing banner...
 	@sed -i "s/^#define BANNERMSG2 .*/#define BANNERMSG2 \"  -----------------------------------\"/" client/src/proxmark3.c
 	@sed -i "s/^#define BANNERMSG3 .*/#define BANNERMSG3 \"Release $(VERSION) - $(RELEASE_NAME)\"/" client/src/proxmark3.c
 	@echo -n "#   ";grep "^#define BANNERMSG2" client/src/proxmark3.c
 	@echo -n "#   ";grep "^#define BANNERMSG3" client/src/proxmark3.c
 	# - Committing temporarily...
 	@git commit -a -m "Release $(VERSION) - $(RELEASE_NAME)"
--- a/Makefile.defs
+++ b/Makefile.defs
@ -112,8 +112,8 @@ ifeq ($(DEBUG),1)
  DEFCFLAGS = -g -O0 -fstrict-aliasing -pipe
  DEFLDFLAGS =
 else
-  DEFCXXFLAGS = -Wall -Werror -O3 -pipe
+  DEFCXXFLAGS = -Wall -O3 -pipe
-  DEFCFLAGS = -Wall -Werror -O3 -fstrict-aliasing -pipe
+  DEFCFLAGS = -Wall -O3 -fstrict-aliasing -pipe
  DEFLDFLAGS =
 endif
--- a/Makefile.platform.sample
+++ b/Makefile.platform.sample
@ -5,7 +5,7 @@
 # Comment the line below and uncomment further down according to which device you have
 PLATFORM=PM3RDV4
-# For PM3 RDV1, RDV2, Easy or rysccorps etc
+# For PM3 Easy:
 # uncomment the line below
 #PLATFORM=PM3GENERIC
@ -14,26 +14,19 @@ PLATFORM=PM3RDV4
 #PLATFORM=PM3ICOPYX
 #PLATFORM_EXTRAS=FLASH
 # For PM3 Ultimate:
 # uncomment the line below
 #PLATFORM=PM3ULTIMATE
 # If you want more than one PLATFORM_EXTRAS option, separate them by spaces:
 #PLATFORM_EXTRAS=BTADDON
 #PLATFORM_EXTRAS=FLASH
 #PLATFORM_EXTRAS=SMARTCARD
-#PLATFORM_EXTRAS=BTADDON FPC_USART_DEV FLASH
+#PLATFORM_EXTRAS=BTADDON FLASH
-#STANDALONE=HF_UNISNIFF
+#STANDALONE=LF_SAMYRUN
 # Uncomment the line below to set the correct LED order on board Proxmark3 Easy
 # Only available with PLATFORM=PM3GENERIC
 #LED_ORDER=PM3EASY
 # Uncomment a line below to change default USART baud rate
 # defaults to 115200 used by HC-05 in Blueshark
 #USART_BAUD_RATE=19200
 # Uncomment the lines below in order to make a 256KB image
 # and comment out the lines above
--- a/README.md
+++ b/README.md
@ -60,8 +60,7 @@ The Proxmark3 is the swiss-army tool of RFID, allowing for interactions with the
 |[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode)|[Notes on Magic UID cards](/doc/magic_cards_notes.md)|
 |[Notes on Color usage](/doc/colors_notes.md)|[Makefile vs CMake](/doc/md/Development/Makefile-vs-CMake.md)|[Notes on Cloner guns](/doc/cloner_notes.md)|
 |[Notes on cliparser usage](/doc/cliparser.md)|[Notes on clocks](/doc/clocks.md)|[Notes on MIFARE DESFire](/doc/desfire.md)|
-|[Notes on CIPURSE](/doc/cipurse.md)|[Notes on NDEF type4a](/doc/ndef_type4a.md)|[Unofficial MIFARE DESFire bible](/doc/unofficial_desfire_bible.md)|
+|[Notes on CIPURSE](/doc/cipurse.md)|[Notes on NDEF type4a](/doc/ndef_type4a.md)|[Notes on downgrade attacks](/doc/hid_downgrade.md)|
 [Notes on downgrade attacks](/doc/hid_downgrade.md)|||
 # How to build?
@ -97,14 +96,12 @@ We define generic Proxmark3 platforms as following devices.
   - **Note**: currently incompatible with iCopy-X GUI as Proxmark client commands using different syntax
   - **Note**: see also [icopyx-community repos](https://github.com/iCopy-X-Community/) for upstream sources, reversed hw etc.
   - **Note**: Uses DRM to lock down tags, ignores the open source licences. Use on your own risk. 
 -  ⚠ Proxmark3 Ultimate
   - **Note**: unknown device hw
   - **Note**: FPGA images is building for it.  Use on your own risk.
 **Unknown support status**
 - ⚠  VX
   - **Note**: unknown device hw
-
+-  ⚠ Proxmark3 Ultimate
   - **Note**: unknown device hw
 When it comes to these new unknown models we are depending on the community to report in if this repo works and what they did to make it work.
@ -183,11 +180,10 @@ We usually merge your contributions fast since we do like the idea of getting a
 The [public roadmap](https://github.com/RfidResearchGroup/proxmark3/wiki/Public-Roadmap) is an excellent start to read if you are interesting in contributing.
-## Supported operating systems 
+## Supported operative systems 
 This repo compiles nicely on 
   - WSL1 on Windows 10
   - WSL2 on Windows 10/11
   - Proxspace environment [release v3.xx](https://github.com/Gator96100/ProxSpace/releases)
   - Windows/MinGW environment
   - Ubuntu, ParrotOS, Gentoo, Pentoo, Kali, NetHunter, Arch Linux, Fedora, Debian, Raspbian
--- a/armsrc/BigBuf.c
+++ b/armsrc/BigBuf.c
@ -121,7 +121,7 @@ void BigBuf_Clear_ext(bool verbose) {
    memset(BigBuf, 0, s_bigbuf_size);
    clear_trace();
    if (verbose) {
-        if (g_dbglevel >= DBG_ERROR) Dbprintf("Buffer cleared (%i bytes)", s_bigbuf_size);
+        Dbprintf("Buffer cleared (%i bytes)", s_bigbuf_size);
    }
 }
@ -354,7 +354,7 @@ int emlGet(uint8_t *out, uint32_t offset, uint32_t length) {
 tosend_t *get_tosend(void) {
    if (s_toSend.buf == NULL) {
-        s_toSend.buf = BigBuf_calloc(TOSEND_BUFFER_SIZE);
+        s_toSend.buf = BigBuf_malloc(TOSEND_BUFFER_SIZE);
    }
    return &s_toSend;
 }
@ -377,9 +377,8 @@ void tosend_stuffbit(int b) {
        s_toSend.bit = 0;
    }
-    if (b) {
+    if (b)
        s_toSend.buf[s_toSend.max] |= (1 << (7 - s_toSend.bit));
    }
    s_toSend.bit++;
@ -390,14 +389,15 @@ void tosend_stuffbit(int b) {
 dmabuf16_t *get_dma16(void) {
    if (s_dma_16.buf == NULL) {
-        s_dma_16.buf = (uint16_t *)BigBuf_calloc(DMA_BUFFER_SIZE * sizeof(uint16_t));
+        s_dma_16.buf = (uint16_t *)BigBuf_malloc(DMA_BUFFER_SIZE * sizeof(uint16_t));
    }
    return &s_dma_16;
 }
 dmabuf8_t *get_dma8(void) {
-    if (s_dma_8.buf == NULL) {
+    if (s_dma_8.buf == NULL)
-        s_dma_8.buf = BigBuf_calloc(DMA_BUFFER_SIZE);
+        s_dma_8.buf = BigBuf_malloc(DMA_BUFFER_SIZE);
-    }
+
    return &s_dma_8;
 }
--- a/armsrc/BigBuf.h
+++ b/armsrc/BigBuf.h
@ -23,8 +23,8 @@
 #define MAX_FRAME_SIZE          256 // maximum allowed ISO14443 frame
 #define MAX_PARITY_SIZE         ((MAX_FRAME_SIZE + 7) / 8)
-#define MAX_MIFARE_FRAME_SIZE   19  // biggest Mifare frame is UL AES answer to AUTH (1 + 16 Bytes) + 2 Bytes CRC
+#define MAX_MIFARE_FRAME_SIZE   18  // biggest Mifare frame is answer to a read (one block = 16 Bytes) + 2 Bytes CRC
-#define MAX_MIFARE_PARITY_SIZE  3   // need 19 parity bits for the 19 Byte above. 3 Bytes are enough to store these
+#define MAX_MIFARE_PARITY_SIZE  3   // need 18 parity bits for the 18 Byte above. 3 Bytes are enough to store these
 #define CARD_MEMORY_SIZE        4096
 // For now we're storing FM11RF08S nonces in the upper 1k of CARD_MEMORY_SIZE
 // but we might have to allocate extra space if one day we've to support sth like a FM11RF32S
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@ -186,7 +186,7 @@ showinfo:
 # version_pm3.c should be checked on every time fullimage.stage1.elf should be remade
 version_pm3.c: default_version_pm3.c $(OBJDIR)/fpga_version_info.o $(OBJDIR)/fpga_all.o $(THUMBOBJ) $(ARMOBJ) .FORCE
 	$(info [-] CHECK $@)
-	$(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@
+	$(Q)$(CP) $< $@
 fpga_version_info.c: $(FPGA_BITSTREAMS) $(FPGA_COMPRESSOR)
 	$(info [-] GEN $@)
--- a/armsrc/Standalone/Makefile.hal
+++ b/armsrc/Standalone/Makefile.hal
@ -119,9 +119,6 @@ define KNOWN_STANDALONE_DEFINITIONS
 | HF_REBLAY       | 14A Relay over BT                      |
 | (RDV4 only)     |  - Salvador Mendoza                    |
 +----------------------------------------------------------+
 | HF_ST25_TEAROFF | Store/restore ST25TB tags with         |
 |                 | tear-off for counters - SecLabz        |
 +----------------------------------------------------------+
 | HF_TCPRST       | IKEA Rothult read/sim/dump/emul        |
 |                 | - Nick Draffen                         |
 +----------------------------------------------------------+
@ -142,11 +139,11 @@ endef
 STANDALONE_MODES := LF_SKELETON
 STANDALONE_MODES += LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_MULTIHID LF_NEDAP_SIM LF_NEXID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE
-STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_15SIM HF_AVEFUL HF_BOG HF_CARDHOPPER HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_ST25_TEAROFF HF_TCPRST HF_TMUDFORD HF_UNISNIFF HF_YOUNG
+STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_15SIM HF_AVEFUL HF_BOG HF_CARDHOPPER HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_TCPRST HF_TMUDFORD HF_UNISNIFF HF_YOUNG
 STANDALONE_MODES += DANKARMULTI
 STANDALONE_MODES_REQ_BT := HF_CARDHOPPER HF_REBLAY
 STANDALONE_MODES_REQ_SMARTCARD :=
-STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM HF_ST25_TEAROFF
+STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM
 ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),)
    STANDALONE_PLATFORM_DEFS += -DWITH_STANDALONE_$(STANDALONE)
    ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES_REQ_SMARTCARD)),)
--- a/armsrc/Standalone/Makefile.inc
+++ b/armsrc/Standalone/Makefile.inc
@ -157,10 +157,6 @@ endif
 ifneq (,$(findstring WITH_STANDALONE_HF_YOUNG,$(APP_CFLAGS)))
    SRC_STANDALONE = hf_young.c
 endif
 # WITH_STANDALONE_HF_ST25_TEAROFF
 ifneq (,$(findstring WITH_STANDALONE_HF_ST25_TEAROFF,$(APP_CFLAGS)))
    SRC_STANDALONE = hf_st25_tearoff.c
 endif
 ifneq (,$(findstring WITH_STANDALONE_DANKARMULTI,$(APP_CFLAGS)))
    SRC_STANDALONE = dankarmulti.c
--- a/armsrc/Standalone/hf_aveful.c
+++ b/armsrc/Standalone/hf_aveful.c
@ -157,7 +157,7 @@ void RunMod(void) {
            if (button_pressed != BUTTON_NO_CLICK || data_available())
                break;
            else if (state == STATE_SEARCH) {
-                if (iso14443a_select_card(NULL, &card, NULL, true, 0, true) == 0) {
+                if (!iso14443a_select_card(NULL, &card, NULL, true, 0, true)) {
                    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
                    LED_D_OFF();
                    SpinDelay(500);
@ -246,7 +246,7 @@ void RunMod(void) {
                FLAG_SET_UID_IN_DATA(flags, 7);
                Dbprintf("Starting simulation, press " _GREEN_("pm3 button") " to stop and go back to search state.");
-                SimulateIso14443aTag(7, flags, card.uid, 0, NULL, 0, false, false);
+                SimulateIso14443aTag(7, flags, card.uid, 0, NULL, 0);
                // Go back to search state if user presses pm3-button
                state = STATE_SEARCH;
--- a/armsrc/Standalone/hf_bog.c
+++ b/armsrc/Standalone/hf_bog.c
@ -63,18 +63,18 @@ static void RAMFUNC SniffAndStore(uint8_t param) {
    set_tracing(true);
    // Array to store the authpwds
-    uint8_t *capturedPwds = BigBuf_calloc(4 * MAX_PWDS_PER_SESSION);
+    uint8_t *capturedPwds = BigBuf_malloc(4 * MAX_PWDS_PER_SESSION);
    // The command (reader -> tag) that we're receiving.
-    uint8_t *receivedCmd = BigBuf_calloc(MAX_FRAME_SIZE);
+    uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
-    uint8_t *receivedCmdPar = BigBuf_calloc(MAX_PARITY_SIZE);
+    uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
    // The response (tag -> reader) that we're receiving.
-    uint8_t *receivedResp = BigBuf_calloc(MAX_FRAME_SIZE);
+    uint8_t *receivedResp = BigBuf_malloc(MAX_FRAME_SIZE);
-    uint8_t *receivedRespPar = BigBuf_calloc(MAX_PARITY_SIZE);
+    uint8_t *receivedRespPar = BigBuf_malloc(MAX_PARITY_SIZE);
    // The DMA buffer, used to stream samples from the FPGA
-    uint8_t *dmaBuf = BigBuf_calloc(DMA_BUFFER_SIZE);
+    uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
    uint8_t *data = dmaBuf;
    uint8_t previous_data = 0;
--- a/armsrc/Standalone/hf_cardhopper.c
+++ b/armsrc/Standalone/hf_cardhopper.c
@ -59,7 +59,7 @@ static const uint8_t magicCARD[4] = "CARD";
 static const uint8_t magicEND [4] = "\xff" "END";
 static const uint8_t magicRSRT[7] = "RESTART";
 static const uint8_t magicERR [4] = "\xff" "ERR";
-static const uint8_t magicACK [1] = "\xfe";
+static       uint8_t magicACK [1] = "\xfe"; // is constant, but must be passed to API that doesn't like that
 // Forward declarations
 static void become_reader(void);
@ -72,7 +72,7 @@ static bool try_use_canned_response(const uint8_t *, int, tag_response_info_t *)
 static void reply_with_packet(packet_t *);
 static void read_packet(packet_t *);
-static void write_packet(const packet_t *);
+static void write_packet(packet_t *);
 static bool GetIso14443aCommandFromReaderInterruptible(uint8_t *, uint16_t, uint8_t *, int *);
@ -146,7 +146,7 @@ static void become_reader(void) {
    packet_t packet = { 0 };
    packet_t *rx = &packet;
    packet_t *tx = &packet;
-    uint8_t toCard[MAX_FRAME_SIZE] = { 0 };
+    uint8_t toCard[256] = { 0 };
    uint8_t parity[MAX_PARITY_SIZE] = { 0 };
    while (1) {
@ -178,15 +178,11 @@ static void become_reader(void) {
        AddCrc14A(toCard, rx->len);
        ReaderTransmit(toCard, rx->len + 2, NULL);
-        // read to toCard instead of tx->dat directly to allow the extra byte for the CRC
+        tx->len = ReaderReceive(tx->dat, sizeof(tx->dat), parity);
-        uint16_t fromCardLen = ReaderReceive(toCard, sizeof(toCard), parity);
+        if (tx->len == 0) {
        if (fromCardLen <= 2) {
            tx->len = sizeof(magicERR);
            memcpy(tx->dat, magicERR, sizeof(magicERR));
-        } else {
+        } else tx->len -= 2; // cut off the CRC
            tx->len = fromCardLen - 2; // cut off the CRC
            memcpy(tx->dat, toCard, tx->len);
        }
        write_packet(tx);
    }
@ -233,15 +229,14 @@ static void become_card(void) {
    tag_response_info_t *canned;
    uint32_t cuid;
    uint32_t counters[3] = { 0 };
    uint8_t tearings[3] = { 0xbd, 0xbd, 0xbd };
    uint8_t pages;
-    if (SimulateIso14443aInit(tagType, flags, data, NULL, 0, &canned, &cuid, &pages, NULL) == false) {
+    SimulateIso14443aInit(tagType, flags, data, NULL, 0, &canned, &cuid, counters, tearings, &pages);
        DbpString(_RED_("Error initializing the emulation process!"));
        return;
    }
    DbpString(_CYAN_("[@]") " Setup done - entering emulation loop");
    int fromReaderLen;
-    uint8_t fromReaderDat[MAX_FRAME_SIZE] = { 0 };
+    uint8_t fromReaderDat[256] = { 0 };
    uint8_t parity[MAX_PARITY_SIZE] = { 0 };
    packet_t packet = { 0 };
    packet_t *tx = &packet;
@ -282,14 +277,8 @@ static void become_card(void) {
        memcpy(tx->dat, fromReaderDat, tx->len);
        write_packet(tx);
        if (no_reply) {
            // since the RATS reply has already been sent waiting here will can result in missing the next reader command
            // if we do get a reply later on while waiting for the next reader message it will be safely ignored
            continue;
        }
        read_packet(rx);
-        if (rx->len > 0) {
+        if (!no_reply && rx->len > 0) {
            reply_with_packet(rx);
        }
    }
@ -355,13 +344,7 @@ static void cook_ats(packet_t *ats, uint8_t fwi, uint8_t sfgi) {
        uint8_t orig_t0 = ats->dat[1];
        // Update FSCI in T0 from the received ATS
-        uint8_t fsci = orig_t0 & 0x0F;
+        t0 |= orig_t0 & 0x0F;
        if (fsci > 8) {
            // our packet length maxes out at 255 bytes, an FSCI of 8 requires 256 bytes
            // but since we drop the 2 byte CRC16 we're safe capping this at 8
            fsci = 8;
        }
        t0 |= fsci;
        uint8_t len = ats->len - 2;
        uint8_t *orig_ats_ptr = &ats->dat[2];
@ -466,12 +449,20 @@ static bool try_use_canned_response(const uint8_t *dat, int len, tag_response_in
 }
-static uint8_t g_responseBuffer  [MAX_FRAME_SIZE] = { 0 };
+static uint8_t g_responseBuffer  [512 ] = { 0 };
 static uint8_t g_modulationBuffer[1024] = { 0 };
 static void reply_with_packet(packet_t *packet) {
-    memcpy(g_responseBuffer, packet->dat, packet->len);
+    tag_response_info_t response = { 0 };
-    AddCrc14A(g_responseBuffer, packet->len);
+    response.response = g_responseBuffer;
-    EmSendCmd(g_responseBuffer, packet->len + 2);
+    response.modulation = g_modulationBuffer;
    memcpy(response.response, packet->dat, packet->len);
    AddCrc14A(response.response, packet->len);
    response.response_n = packet->len + 2;
    prepare_tag_modulation(&response, sizeof(g_modulationBuffer));
    EmSendPrecompiledCmd(&response);
 }
@ -505,27 +496,19 @@ static void read_packet(packet_t *packet) {
            // clear any remaining buffered data
            while (cardhopper_data_available()) {
-                cardhopper_read(packet->dat, sizeof(packet->dat));
+                cardhopper_read(packet->dat, 255);
            }
            packet->len = 0;
            return;
        }
    }
-
+    cardhopper_write(magicACK, sizeof(magicACK));
    if (packet->len > (MAX_FRAME_SIZE - 2)) {
        // this will overrun MAX_FRAME_SIZE once we re-add the CRC
        // in theory this should never happen but better to be defensive
        packet->len = 0;
        cardhopper_write(magicERR, sizeof(magicERR));
    } else {
        cardhopper_write(magicACK, sizeof(magicACK));
    }
 }
-static void write_packet(const packet_t *packet) {
+static void write_packet(packet_t *packet) {
-    cardhopper_write((const uint8_t *) packet, packet->len + 1);
+    cardhopper_write((uint8_t *) packet, packet->len + 1);
 }
--- a/armsrc/Standalone/hf_colin.c
+++ b/armsrc/Standalone/hf_colin.c
@ -250,7 +250,7 @@ static char *ReadSchemasFromSPIFFS(char *filename) {
    int changed = rdv40_spiffs_lazy_mount();
    uint32_t size = size_in_spiffs((char *)filename);
-    uint8_t *mem = BigBuf_calloc(size);
+    uint8_t *mem = BigBuf_malloc(size);
    rdv40_spiffs_read_as_filetype((char *)filename, (uint8_t *)mem, size, RDV40_SPIFFS_SAFETY_SAFE);
    if (changed) {
@ -292,7 +292,7 @@ static void ReadLastTagFromFlash(void) {
    DbprintfEx(FLAG_NEWLINE, "Button HELD ! Using LAST Known TAG for Simulation...");
    cjSetCursLeft();
-    uint8_t *mem = BigBuf_calloc(size);
+    uint8_t *mem = BigBuf_malloc(size);
    // this one will handle filetype (symlink or not) and resolving by itself
    rdv40_spiffs_read_as_filetype((char *)HFCOLIN_LASTTAG_SYMLINK, (uint8_t *)mem, len, RDV40_SPIFFS_SAFETY_SAFE);
@ -445,11 +445,11 @@ void RunMod(void) {
    };
    // Can remember something like that in case of Bigbuf
-    keyBlock = BigBuf_calloc(ARRAYLEN(mfKeys) * MF_KEY_LENGTH);
+    keyBlock = BigBuf_malloc(ARRAYLEN(mfKeys) * 6);
    int mfKeysCnt = ARRAYLEN(mfKeys);
    for (int mfKeyCounter = 0; mfKeyCounter < mfKeysCnt; mfKeyCounter++) {
-        num_to_bytes(mfKeys[mfKeyCounter], MF_KEY_LENGTH, (uint8_t *)(keyBlock + (mfKeyCounter * MF_KEY_LENGTH)));
+        num_to_bytes(mfKeys[mfKeyCounter], 6, (uint8_t *)(keyBlock + mfKeyCounter * 6));
    }
    // TODO : remember why we actually had need to initialize this array in such specific case
@ -498,7 +498,7 @@ failtag:
    SpinOff(50);
    LED_A_ON();
-    while (iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true) == 0) {
+    while (!iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true)) {
        WDT_HIT();
        if (BUTTON_HELD(10) == BUTTON_HOLD) {
            WDT_HIT();
@ -785,7 +785,7 @@ static int e_MifareECardLoad(uint32_t numofsectors, uint8_t keytype) {
    bool isOK = true;
-    if (iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true) == 0) {
+    if (!iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true)) {
        isOK = false;
    }
@ -844,7 +844,8 @@ static int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTr
    for (uint8_t i = 0; i < keyCount; i++) {
        /* no need for anticollision. just verify tag is still here */
-        if (iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true) == 0) {
+        // if (!iso14443a_fast_select_card(colin_cjuid, 0)) {
        if (!iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true)) {
            cjSetCursLeft();
            DbprintfEx(FLAG_NEWLINE, "%sFATAL%s : E_MF_LOSTTAG", _XRED_, _XWHITE_);
            break;
@ -962,7 +963,7 @@ static int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, const
        // get UID from chip
        if (workFlags & 0x01) {
-            if (iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true) == 0) {
+            if (!iso14443a_select_card(colin_cjuid, &colin_p_card, &colin_cjcuid, true, 0, true)) {
                DbprintfEx(FLAG_NEWLINE, "Can't select card");
                break;
            };
--- a/armsrc/Standalone/hf_craftbyte.c
+++ b/armsrc/Standalone/hf_craftbyte.c
@ -89,22 +89,22 @@ void RunMod(void) {
                Dbprintf("Starting simulation, press " _GREEN_("pm3 button") " to stop and go back to search state.");
                if (card.sak == 0x08 && card.atqa[0] == 0x04 && card.atqa[1] == 0) {
                    DbpString("Mifare Classic 1k");
-                    SimulateIso14443aTag(1, flags, card.uid, 0, NULL, 0, false, false);
+                    SimulateIso14443aTag(1, flags, card.uid, 0, NULL, 0);
                } else if (card.sak == 0x08 && card.atqa[0] == 0x44 && card.atqa[1] == 0) {
                    DbpString("Mifare Classic 4k ");
-                    SimulateIso14443aTag(8, flags, card.uid, 0, NULL, 0, false, false);
+                    SimulateIso14443aTag(8, flags, card.uid, 0, NULL, 0);
                } else if (card.sak == 0x00 && card.atqa[0] == 0x44 && card.atqa[1] == 0) {
                    DbpString("Mifare Ultralight");
-                    SimulateIso14443aTag(2, flags, card.uid, 0, NULL, 0, false, false);
+                    SimulateIso14443aTag(2, flags, card.uid, 0, NULL, 0);
                } else if (card.sak == 0x20 && card.atqa[0] == 0x04 && card.atqa[1] == 0x03) {
                    DbpString("Mifare DESFire");
-                    SimulateIso14443aTag(3, flags, card.uid, 0, NULL, 0, false, false);
+                    SimulateIso14443aTag(3, flags, card.uid, 0, NULL, 0);
                } else if (card.sak == 0x20 && card.atqa[0] == 0x44 && card.atqa[1] == 0x03) {
                    DbpString("Mifare DESFire Ev1/Plus/JCOP");
-                    SimulateIso14443aTag(3, flags, card.uid, 0, NULL, 0, false, false);
+                    SimulateIso14443aTag(3, flags, card.uid, 0, NULL, 0);
                } else {
                    Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
-                    SimulateIso14443aTag(1, flags, card.uid, 0, NULL, 0, false, false);
+                    SimulateIso14443aTag(1, flags, card.uid, 0, NULL, 0);
                }
                // Go back to search state if user presses pm3-button
--- a/armsrc/Standalone/hf_iceclass.c
+++ b/armsrc/Standalone/hf_iceclass.c
@ -238,7 +238,7 @@ static int reader_attack_mode(void) {
    BigBuf_free();
    uint16_t mac_response_len = 0;
-    uint8_t *mac_responses = BigBuf_calloc(MAC_RESPONSES_SIZE);
+    uint8_t *mac_responses = BigBuf_malloc(MAC_RESPONSES_SIZE);
    iclass_simulate(ICLASS_SIM_MODE_READER_ATTACK, NUM_CSNS, false, csns, mac_responses, &mac_response_len);
@ -250,7 +250,7 @@ static int reader_attack_mode(void) {
        size_t dumplen = NUM_CSNS * 24;
-        uint8_t *dump = BigBuf_calloc(dumplen);
+        uint8_t *dump = BigBuf_malloc(dumplen);
        if (dump == false) {
            Dbprintf("Failed to allocate memory");
            return PM3_EMALLOC;
@ -305,7 +305,6 @@ static int reader_dump_mode(void) {
        BigBuf_free();
        uint8_t *card_data = BigBuf_malloc(ICLASS_16KS_SIZE);
        // Don't use calloc since we set allocated memory to 0xFF's
        memset(card_data, 0xFF, ICLASS_16KS_SIZE);
        if (BUTTON_PRESS()) {
@ -443,7 +442,6 @@ static int dump_sim_mode(void) {
        BigBuf_free();
        uint8_t *card_data = BigBuf_malloc(ICLASS_16KS_SIZE);
        // Don't use calloc since we set allocated memory to 0xFF's
        memset(card_data, 0xFF, ICLASS_16KS_SIZE);
        if (BUTTON_PRESS()) {
--- a/armsrc/Standalone/hf_mattyrun.c
+++ b/armsrc/Standalone/hf_mattyrun.c
@ -33,7 +33,6 @@
 #include "mifaresim.h"  // mifare1ksim
 #include "mifareutil.h"
 #include "proxmark3_arm.h"
 #include "spiffs.h"
 #include "standalone.h" // standalone definitions
 #include "string.h"
 #include "ticks.h"
@ -247,7 +246,7 @@ void RunMod(void) {
    // usb_disable();
    // Allocate dictionary buffer
-    uint64_t *const mfcKeys = (uint64_t *)BigBuf_calloc(
+    uint64_t *const mfcKeys = (uint64_t *)BigBuf_malloc(
                                  sizeof(uint64_t) * (ARRAYLEN(MATTYRUN_MFC_ESSENTIAL_KEYS) +
                                                      ARRAYLEN(MATTYRUN_MFC_DEFAULT_KEYS) +
                                                      MIFARE_4K_MAXSECTOR * 2));
@ -535,14 +534,7 @@ void RunMod(void) {
                SpinErr(LED_D, 50, 8);
                partialEmulation = true;
            } else {
-#ifdef WITH_FLASH
+                DbpString("[" _GREEN_("+") "] " _GREEN_("Emulator memory filled completely."));
                DbpString("[" _GREEN_("+") "] " _GREEN_("Emulator memory filled completely. Start storing card in spiff memory."));
                uint8_t *emCARD = BigBuf_get_EM_addr();
                char dumpFileName[30] = {0};
                sprintf(dumpFileName, DUMP_FILE, mattyrun_card.uid[0], mattyrun_card.uid[1], mattyrun_card.uid[2], mattyrun_card.uid[3]);
                rdv40_spiffs_write(dumpFileName, emCARD, 1024, RDV40_SPIFFS_SAFETY_SAFE);
                Dbprintf("[" _GREEN_("+") "] " _GREEN_("Stored card on %s"), dumpFileName);
 #endif
            }
            state = STATE_EMULATE;
--- a/armsrc/Standalone/hf_mattyrun.h
+++ b/armsrc/Standalone/hf_mattyrun.h
@ -21,9 +21,6 @@
 #include <inttypes.h>
 // Filename to store the card info in spiff memory
 #define DUMP_FILE "hf_mattyrun_dump_%02x%02x%02x%02x.bin"
 // Set of standard keys to be used
 static uint64_t const MATTYRUN_MFC_DEFAULT_KEYS[] = {
    0xFFFFFFFFFFFF,  // Default key
--- a/armsrc/Standalone/hf_msdsal.c
+++ b/armsrc/Standalone/hf_msdsal.c
@ -379,7 +379,7 @@ void RunMod(void) {
            BigBuf_free_keep_EM();
            // tag type: 11 = ISO/IEC 14443-4 - javacard (JCOP)
-            if (SimulateIso14443aInit(11, flags, data, NULL, 0, &responses, &cuid, NULL, NULL) == false) {
+            if (SimulateIso14443aInit(11, flags, data, NULL, 0, &responses, &cuid, NULL, NULL, NULL) == false) {
                BigBuf_free_keep_EM();
                reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
                DbpString(_RED_("Error initializing the emulation process!"));
--- a/armsrc/Standalone/hf_reblay.c
+++ b/armsrc/Standalone/hf_reblay.c
@ -268,7 +268,7 @@ void RunMod() {
            BigBuf_free_keep_EM();
            // 4 = ISO/IEC 14443-4 - javacard (JCOP)
-            if (SimulateIso14443aInit(4, flags, data, NULL, 0, &responses, &cuid, NULL, NULL) == false) {
+            if (SimulateIso14443aInit(4, flags, data, NULL, 0, &responses, &cuid, NULL, NULL, NULL) == false) {
                BigBuf_free_keep_EM();
                reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
                DbpString(_RED_("Error initializing the emulation process!"));
--- a/armsrc/Standalone/hf_st25_tearoff.c
+++ b/armsrc/Standalone/hf_st25_tearoff.c
--- a/armsrc/Standalone/hf_tcprst.c
+++ b/armsrc/Standalone/hf_tcprst.c
@ -118,6 +118,8 @@ void RunMod(void) {
    uint8_t tagType = 10; // 10 = ST25TA IKEA Rothult
    tag_response_info_t *responses;
    uint32_t cuid = 0;
    uint32_t counters[3] = { 0x00, 0x00, 0x00 };
    uint8_t tearings[3] = { 0xbd, 0xbd, 0xbd };
    uint8_t pages = 0;
    // command buffers
@ -191,7 +193,7 @@ void RunMod(void) {
            memcpy(data, stuid, sizeof(stuid));
-            if (SimulateIso14443aInit(tagType, flags, data, NULL, 0, &responses, &cuid, &pages, NULL) == false) {
+            if (SimulateIso14443aInit(tagType, flags, data, NULL, 0, &responses, &cuid, counters, tearings, &pages) == false) {
                BigBuf_free_keep_EM();
                reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
                DbpString(_YELLOW_("!!") "Error initializing the simulation process!");
@ -369,7 +371,7 @@ void RunMod(void) {
            memcpy(data, stuid, sizeof(stuid));
-            if (SimulateIso14443aInit(tagType, flags, data, NULL, 0, &responses, &cuid, &pages, NULL) == false) {
+            if (SimulateIso14443aInit(tagType, flags, data, NULL, 0, &responses, &cuid, counters, tearings, &pages) == false) {
                BigBuf_free_keep_EM();
                reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
                DbpString(_YELLOW_("!!") "Error initializing the simulation process!");
--- a/armsrc/Standalone/hf_young.c
+++ b/armsrc/Standalone/hf_young.c
@ -96,7 +96,7 @@ void RunMod(void) {
                    }
                }
-                if (iso14443a_select_card(NULL, &card[selected], NULL, true, 0, true) == 0) {
+                if (!iso14443a_select_card(NULL, &card[selected], NULL, true, 0, true)) {
                    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
                    LED_D_OFF();
                    SpinDelay(500);
@ -253,25 +253,25 @@ void RunMod(void) {
                    if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0) {
                        DbpString("Mifare Classic 1k");
-                        SimulateIso14443aTag(1, flags, data, 0, NULL, 0, false, false);
+                        SimulateIso14443aTag(1, flags, data, 0, NULL, 0);
                    } else if (uids[selected].sak == 0x18 && uids[selected].atqa[0] == 0x02 && uids[selected].atqa[1] == 0) {
                        DbpString("Mifare Classic 4k (4b uid)");
-                        SimulateIso14443aTag(8, flags, data, 0, NULL, 0, false, false);
+                        SimulateIso14443aTag(8, flags, data, 0, NULL, 0);
                    } else if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
                        DbpString("Mifare Classic 4k (7b uid)");
-                        SimulateIso14443aTag(8, flags, data, 0, NULL, 0, false, false);
+                        SimulateIso14443aTag(8, flags, data, 0, NULL, 0);
                    } else if (uids[selected].sak == 0x00 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
                        DbpString("Mifare Ultralight");
-                        SimulateIso14443aTag(2, flags, data, 0, NULL, 0, false, false);
+                        SimulateIso14443aTag(2, flags, data, 0, NULL, 0);
                    } else if (uids[selected].sak == 0x20 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0x03) {
                        DbpString("Mifare DESFire");
-                        SimulateIso14443aTag(3, flags, data, 0, NULL, 0, false, false);
+                        SimulateIso14443aTag(3, flags, data, 0, NULL, 0);
                    } else if (uids[selected].sak == 0x20 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0x03) {
                        DbpString("Mifare DESFire Ev1/Plus/JCOP");
-                        SimulateIso14443aTag(3, flags, data, 0, NULL, 0, false, false);
+                        SimulateIso14443aTag(3, flags, data, 0, NULL, 0);
                    } else {
                        Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
-                        SimulateIso14443aTag(1, flags, data, 0, NULL, 0, false, false);
+                        SimulateIso14443aTag(1, flags, data, 0, NULL, 0);
                    }
                } else if (button_pressed == BUTTON_SINGLE_CLICK) {
--- a/armsrc/Standalone/lf_icehid.c
+++ b/armsrc/Standalone/lf_icehid.c
@ -199,7 +199,7 @@ static uint32_t IceIOdemod(void) {
    size_t size = MIN(12000, BigBuf_max_traceLen());
-//    uint8_t *dest = BigBuf_calloc(size);
+//    uint8_t *dest = BigBuf_malloc(size);
    uint8_t *dest = BigBuf_get_addr();
    //fskdemod and get start index
@ -243,7 +243,7 @@ static uint32_t IceHIDDemod(void) {
    // large enough to catch 2 sequences of largest format
 //    size_t size = 50 * 128 * 2;  // 12800 bytes
    size_t size = MIN(12800, BigBuf_max_traceLen());
-    //uint8_t *dest = BigBuf_calloc(size);
+    //uint8_t *dest = BigBuf_malloc(size);
    uint8_t *dest = BigBuf_get_addr();
    // FSK demodulator
--- a/armsrc/Standalone/lf_tharexde.c
+++ b/armsrc/Standalone/lf_tharexde.c
@ -103,9 +103,9 @@ static bool get_input_data_from_file(uint32_t *tag, char *inputfile) {
    if (exists_in_spiffs(inputfile)) {
        uint32_t size = size_in_spiffs(inputfile);
-        uint8_t *mem = BigBuf_calloc(size);
+        uint8_t *mem = BigBuf_malloc(size);
-        Dbprintf("found input file `" _YELLOW_("%s") "`", inputfile);
+        Dbprintf(_YELLOW_("found input file %s"), inputfile);
        rdv40_spiffs_read_as_filetype(inputfile, mem, size, RDV40_SPIFFS_SAFETY_SAFE);
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -99,13 +99,12 @@ int tearoff_hook(void) {
    if (g_tearoff_enabled) {
        if (g_tearoff_delay_us == 0) {
            Dbprintf(_RED_("No tear-off delay configured!"));
            g_tearoff_enabled = false;
            return PM3_SUCCESS; // SUCCESS = the hook didn't do anything
        }
        SpinDelayUsPrecision(g_tearoff_delay_us);
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        g_tearoff_enabled = false;
-        if (g_dbglevel >= DBG_ERROR) Dbprintf(_YELLOW_("Tear-off triggered!"));
+        Dbprintf(_YELLOW_("Tear-off triggered!"));
        return PM3_ETEAROFF;
    } else {
        return PM3_SUCCESS;     // SUCCESS = the hook didn't do anything
@ -255,7 +254,7 @@ static uint32_t MeasureAntennaTuningLfData(void) {
 void print_stack_usage(void) {
    for (uint32_t *p = _stack_start; ; ++p) {
        if (*p != 0xdeadbeef) {
-            Dbprintf("  Max stack usage..... %d / %d bytes", (uint32_t)_stack_end - (uint32_t)p, (uint32_t)_stack_end - (uint32_t)_stack_start);
+            Dbprintf("  Max stack usage......... %d / %d bytes", (uint32_t)_stack_end - (uint32_t)p, (uint32_t)_stack_end - (uint32_t)_stack_start);
            break;
        }
    }
@ -366,7 +365,7 @@ static void print_debug_level(void) {
            sprintf(dbglvlstr, "extended");
            break;
    }
-    Dbprintf("  Debug log level..... %d ( " _YELLOW_("%s")" )", g_dbglevel, dbglvlstr);
+    Dbprintf("  Debug log level......... %d ( " _YELLOW_("%s")" )", g_dbglevel, dbglvlstr);
 }
 // measure the Connection Speed by sending SpeedTestBufferSize bytes to client and measuring the elapsed time.
@ -422,11 +421,11 @@ static void SendStatus(uint32_t wait) {
    print_debug_level();
    tosend_t *ts = get_tosend();
-    Dbprintf("  ToSendMax........... %d", ts->max);
+    Dbprintf("  ToSendMax............... %d", ts->max);
-    Dbprintf("  ToSend BUFFERSIZE... %d", TOSEND_BUFFER_SIZE);
+    Dbprintf("  ToSend BUFFERSIZE....... %d", TOSEND_BUFFER_SIZE);
    while ((AT91C_BASE_PMC->PMC_MCFR & AT91C_CKGR_MAINRDY) == 0);       // Wait for MAINF value to become available...
    uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & AT91C_CKGR_MAINF;       // Get # main clocks within 16 slow clocks
-    Dbprintf("  Slow clock.......... %d Hz", (16 * MAINCK) / mainf);
+    Dbprintf("  Slow clock.............. %d Hz", (16 * MAINCK) / mainf);
    uint32_t delta_time = 0;
    uint32_t start_time = GetTickCount();
 #define SLCK_CHECK_MS 50
@ -450,11 +449,10 @@ static void SendStatus(uint32_t wait) {
    } else {
        num = 0;
    }
    if (num > 0) {
-        Dbprintf("  Mifare... "_YELLOW_("%u")" keys - "_GREEN_("%s"), num, MF_KEYS_FILE);
+        Dbprintf("  Mifare.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, MF_KEYS_FILE);
    } else {
-        Dbprintf("  Mifare... "_RED_("%u")" keys - "_RED_("%s"), num, MF_KEYS_FILE);
+        Dbprintf("  Mifare.................. "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, MF_KEYS_FILE);
    }
    if (exists_in_spiffs(T55XX_KEYS_FILE)) {
@ -462,11 +460,10 @@ static void SendStatus(uint32_t wait) {
    } else {
        num = 0;
    }
    if (num > 0) {
-        Dbprintf("  T55xx.... "_YELLOW_("%u")" keys - "_GREEN_("%s"), num, T55XX_KEYS_FILE);
+        Dbprintf("  T55xx................... "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, T55XX_KEYS_FILE);
    } else {
-        Dbprintf("  T55xx.... "_RED_("%u")" keys - "_RED_("%s"), num, T55XX_KEYS_FILE);
+        Dbprintf("  T55xx................... "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, T55XX_KEYS_FILE);
    }
    if (exists_in_spiffs(ICLASS_KEYS_FILE)) {
@ -474,38 +471,11 @@ static void SendStatus(uint32_t wait) {
    } else {
        num = 0;
    }
    if (num > 0) {
-        Dbprintf("  iClass... "_YELLOW_("%u")" keys - "_GREEN_("%s"), num, ICLASS_KEYS_FILE);
+        Dbprintf("  iClass.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, ICLASS_KEYS_FILE);
    } else {
-        Dbprintf("  iClass... "_RED_("%u")" keys - "_RED_("%s"), num, ICLASS_KEYS_FILE);
+        Dbprintf("  iClass.................. "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, ICLASS_KEYS_FILE);
    }
    if (exists_in_spiffs(MFULC_KEYS_FILE)) {
        num = size_in_spiffs(MFULC_KEYS_FILE) / MFULC_KEY_LENGTH;
    } else {
        num = 0;
    }
    if (num > 0) {
        Dbprintf("  UL-C..... "_YELLOW_("%u")" keys - "_GREEN_("%s"), num, MFULC_KEYS_FILE);
    } else {
        Dbprintf("  UL-C..... "_RED_("%u")" keys - "_RED_("%s"), num, MFULC_KEYS_FILE);
    }
    if (exists_in_spiffs(MFULAES_KEYS_FILE)) {
        num = size_in_spiffs(MFULAES_KEYS_FILE) / MFULAES_KEY_LENGTH;
    } else {
        num = 0;
    }
    if (num > 0) {
        Dbprintf("  UL-AES... "_YELLOW_("%u")" keys - "_GREEN_("%s"), num, MFULAES_KEYS_FILE);
    } else {
        Dbprintf("  UL-AES... "_RED_("%u")" keys - "_RED_("%s"), num, MFULAES_KEYS_FILE);
    }
 #endif
    DbpString("");
    reply_ng(CMD_STATUS, PM3_SUCCESS, NULL, 0);
@ -1694,13 +1664,13 @@ static void PacketReceived(PacketCommandNG *packet) {
            break;
        }
        case CMD_HF_ISO14443A_GET_CONFIG: {
-            hf14a_config_t *c = getHf14aConfig();
+            hf14a_config *hf14aconfig = getHf14aConfig();
-            reply_ng(CMD_HF_ISO14443A_GET_CONFIG, PM3_SUCCESS, (uint8_t *)c, sizeof(hf14a_config_t));
+            reply_ng(CMD_HF_ISO14443A_GET_CONFIG, PM3_SUCCESS, (uint8_t *)hf14aconfig, sizeof(hf14a_config));
            break;
        }
        case CMD_HF_ISO14443A_SET_CONFIG: {
-            hf14a_config_t c;
+            hf14a_config c;
-            memcpy(&c, packet->data.asBytes, sizeof(hf14a_config_t));
+            memcpy(&c, packet->data.asBytes, sizeof(hf14a_config));
            setHf14aConfig(&c);
            break;
        }
@ -1749,13 +1719,10 @@ static void PacketReceived(PacketCommandNG *packet) {
                uint8_t uid[10];
                uint8_t exitAfter;
                uint8_t rats[20];
                bool ulc_p1;
                bool ulc_p2;
            } PACKED;
            struct p *payload = (struct p *) packet->data.asBytes;
            SimulateIso14443aTag(payload->tagtype, payload->flags, payload->uid,
-                                 payload->exitAfter, payload->rats, sizeof(payload->rats),
+                                 payload->exitAfter, payload->rats, sizeof(payload->rats));  // ## Simulate iso14443a tag - pass tag type & UID
                                 payload->ulc_p1, payload->ulc_p2);  // ## Simulate iso14443a tag - pass tag type & UID
            break;
        }
        case CMD_HF_ISO14443A_SIM_AID: {
@ -1839,7 +1806,7 @@ static void PacketReceived(PacketCommandNG *packet) {
            struct p {
                bool turn_off_field;
                uint8_t keyno;
-                uint8_t key[16];
+                uint8_t key[18];
            } PACKED;
            struct p *payload = (struct p *) packet->data.asBytes;
            MifareUL_AES_Auth(payload->turn_off_field, payload->keyno, payload->key);
@ -2002,7 +1969,7 @@ static void PacketReceived(PacketCommandNG *packet) {
            struct p *payload = (struct p *) packet->data.asBytes;
            //
-            size_t size = payload->blockcnt * payload->blockwidth;
+            size_t size = payload->blockno * payload->blockwidth;
            if (size > PM3_CMD_DATA_SIZE) {
                reply_ng(CMD_HF_MIFARE_EML_MEMGET, PM3_EMALLOC, NULL, 0);
                return;
@ -2259,10 +2226,6 @@ static void PacketReceived(PacketCommandNG *packet) {
            iclass_credit_epurse((iclass_credit_epurse_t *)packet->data.asBytes);
            break;
        }
        case CMD_HF_ICLASS_TEARBL: {
            iClass_TearBlock((iclass_tearblock_req_t *)packet->data.asBytes);
            break;
        }
 #endif
 #ifdef WITH_HFSNIFF
@ -2391,7 +2354,7 @@ static void PacketReceived(PacketCommandNG *packet) {
            uint16_t available;
            uint16_t pre_available = 0;
-            uint8_t *dest = BigBuf_calloc(USART_FIFOLEN);
+            uint8_t *dest = BigBuf_malloc(USART_FIFOLEN);
            uint32_t wait = payload->waittime;
            StartTicks();
@ -2435,7 +2398,7 @@ static void PacketReceived(PacketCommandNG *packet) {
            uint16_t available;
            uint16_t pre_available = 0;
-            uint8_t *dest = BigBuf_calloc(USART_FIFOLEN);
+            uint8_t *dest = BigBuf_malloc(USART_FIFOLEN);
            uint32_t wait = payload->waittime;
            StartTicks();
@ -2731,7 +2694,7 @@ static void PacketReceived(PacketCommandNG *packet) {
            uint32_t size = packet->oldarg[1];
-            uint8_t *buff = BigBuf_calloc(size);
+            uint8_t *buff = BigBuf_malloc(size);
            if (buff == NULL) {
                if (g_dbglevel >= DBG_DEBUG) Dbprintf("Failed to allocate memory");
                // Trigger a finish downloading signal with an PM3_EMALLOC
@ -2936,7 +2899,7 @@ static void PacketReceived(PacketCommandNG *packet) {
        case CMD_FLASHMEM_DOWNLOAD: {
            LED_B_ON();
-            uint8_t *mem = BigBuf_calloc(PM3_CMD_DATA_SIZE);
+            uint8_t *mem = BigBuf_malloc(PM3_CMD_DATA_SIZE);
            uint32_t startidx = packet->oldarg[0];
            uint32_t numofbytes = packet->oldarg[1];
            // arg0 = startindex
@ -2968,7 +2931,7 @@ static void PacketReceived(PacketCommandNG *packet) {
        case CMD_FLASHMEM_INFO: {
            LED_B_ON();
-            rdv40_validation_t *info = (rdv40_validation_t *)BigBuf_calloc(sizeof(rdv40_validation_t));
+            rdv40_validation_t *info = (rdv40_validation_t *)BigBuf_malloc(sizeof(rdv40_validation_t));
            bool isok = Flash_ReadData(FLASH_MEM_SIGNATURE_OFFSET_P(spi_flash_pages64k), info->signature, FLASH_MEM_SIGNATURE_LEN);
--- a/armsrc/dbprint.c
+++ b/armsrc/dbprint.c
@ -102,7 +102,9 @@ void Dbhexdump(int len, const uint8_t *d, bool bAsci) {
    }
 #endif
 }
-void print_result(const char *name, const uint8_t *d, size_t n) {
+void print_result(const char *name, const uint8_t *d, size_t
                  n) {
    const uint8_t *p = d;
    uint16_t tmp = n & 0xFFF0;
--- a/armsrc/desfire_crypto.c
+++ b/armsrc/desfire_crypto.c
@ -334,7 +334,7 @@ void cmac(const desfirekey_t key, uint8_t *ivect, const uint8_t *data, size_t le
        return;
    }
-    uint8_t *buffer = BigBuf_calloc(padded_data_length(len, kbs));
+    uint8_t *buffer = BigBuf_malloc(padded_data_length(len, kbs));
    memcpy(buffer, data, len);
--- a/armsrc/em4x50.c
+++ b/armsrc/em4x50.c
@ -748,7 +748,7 @@ void em4x50_chk(const char *filename, bool ledcontrol) {
    uint16_t pwd_count = 0;
    uint32_t size = size_in_spiffs(filename);
    pwd_count = size / 4;
-    uint8_t *pwds = BigBuf_calloc(size);
+    uint8_t *pwds = BigBuf_malloc(size);
    rdv40_spiffs_read_as_filetype(filename, pwds, size, RDV40_SPIFFS_SAFETY_SAFE);
--- a/armsrc/em4x70.c
+++ b/armsrc/em4x70.c
@ -45,7 +45,7 @@
 #define DPRINTF_EXTENDED(x) do { if ((FORCE_ENABLE_LOGGING) || (g_dbglevel >= DBG_EXTENDED)) { Dbprintf x ; } } while (0);
 #define DPRINTF_PROLIX(x)   do { if ((FORCE_ENABLE_LOGGING) || (g_dbglevel >  DBG_EXTENDED)) { Dbprintf x ; } } while (0);
 // EM4170 requires a parity bit on commands, other variants do not.
-static bool g_deprecated_command_parity = false;
+static bool g_command_parity = true;
 static em4x70_tag_t g_tag = { 0 };
@ -905,7 +905,8 @@ static bool create_legacy_em4x70_bitstream_for_cmd_id(em4x70_command_bitstream_t
    bool result = true;
    memset(out_cmd_bitstream, 0, sizeof(em4x70_command_bitstream_t));
    out_cmd_bitstream->command = EM4X70_COMMAND_ID;
-    uint8_t cmd = 0x3u; // CMD + Parity bit == 0b001'1
+    //uint8_t cmd = with_command_parity ? 0x3u : 0x1u;
    uint8_t cmd = 0x3u;
    result = result && add_nibble_to_bitstream(&out_cmd_bitstream->to_send, cmd, false);
    out_cmd_bitstream->to_receive.bitcount = 32;
    if (out_cmd_bitstream->to_send.bitcount != expected_bits_to_send) {
@ -919,7 +920,8 @@ static bool create_legacy_em4x70_bitstream_for_cmd_um1(em4x70_command_bitstream_
    bool result = true;
    memset(out_cmd_bitstream, 0, sizeof(em4x70_command_bitstream_t));
    out_cmd_bitstream->command = EM4X70_COMMAND_UM1;
-    uint8_t cmd = 0x5u; // CMD + Parity bit == 0b010'1
+    //uint8_t cmd = with_command_parity ? 0x5u : 0x2u;
    uint8_t cmd = 0x5u;
    result = result && add_nibble_to_bitstream(&out_cmd_bitstream->to_send, cmd, false);
    out_cmd_bitstream->to_receive.bitcount = 32;
    if (out_cmd_bitstream->to_send.bitcount != expected_bits_to_send) {
@ -933,7 +935,8 @@ static bool create_legacy_em4x70_bitstream_for_cmd_um2(em4x70_command_bitstream_
    bool result = true;
    memset(out_cmd_bitstream, 0, sizeof(em4x70_command_bitstream_t));
    out_cmd_bitstream->command = EM4X70_COMMAND_UM2;
-    uint8_t cmd = 0xFu;  // CMD + Parity bit == 0b111'1
+    //uint8_t cmd = with_command_parity ? 0xFu : 0x7u;
    uint8_t cmd = 0xFu;
    result = result && add_nibble_to_bitstream(&out_cmd_bitstream->to_send, cmd, false);
    out_cmd_bitstream->to_receive.bitcount = 64;
    if (out_cmd_bitstream->to_send.bitcount != expected_bits_to_send) {
@ -951,7 +954,8 @@ static bool create_legacy_em4x70_bitstream_for_cmd_auth(em4x70_command_bitstream
    em4x70_bitstream_t *s = &out_cmd_bitstream->to_send;
-    uint8_t cmd = 0x6u; // CMD + Parity bit == 0b011'0
+    // uint8_t cmd = with_command_parity ? 0x6u : 0x3u;
    uint8_t cmd = 0x6u; // HACK - always sent with cmd parity
    result = result && add_nibble_to_bitstream(s, cmd, false);
    // Reader:     [RM][0][Command][N55..N0][0000000][f(RN)27..f(RN)0]
@ -1000,7 +1004,8 @@ static bool create_legacy_em4x70_bitstream_for_cmd_pin(em4x70_command_bitstream_
    out_cmd_bitstream->command = EM4X70_COMMAND_PIN;
-    uint8_t cmd = 0x9u; // CMD + Parity bit == 0b100'1
+    //uint8_t cmd = with_command_parity ? 0x9u : 0x4u;
    uint8_t cmd = 0x9u; // HACK - always sent with cmd parity, with extra zero bit in RM?
    result = result && add_nibble_to_bitstream(s, cmd, false);
    // Send tag's ID ... indexes 4 .. 35
@ -1032,7 +1037,8 @@ static bool create_legacy_em4x70_bitstream_for_cmd_write(em4x70_command_bitstrea
    em4x70_bitstream_t *s = &out_cmd_bitstream->to_send;
-    uint8_t cmd = 0xAu; // CMD + Parity bit == 0b101'0
+    //uint8_t cmd = with_command_parity ? 0xAu : 0x5u;
    uint8_t cmd = 0xAu; // HACK - always sent with cmd parity, with extra zero bit in RM?
    result = result && add_nibble_to_bitstream(s, cmd, false);
    if ((address & 0x0Fu) != address) {
@ -1091,7 +1097,7 @@ static int authenticate(const uint8_t *rnd, const uint8_t *frnd, uint8_t *respon
    em4x70_command_bitstream_t auth_cmd;
    const em4x70_command_generators_t *generator = &legacy_em4x70_command_generators;
-    generator->auth(&auth_cmd, g_deprecated_command_parity, rnd, frnd);
+    generator->auth(&auth_cmd, g_command_parity, rnd, frnd);
    bool result = send_bitstream_and_read(&auth_cmd);
    if (result) {
@ -1179,7 +1185,7 @@ static int bruteforce(const uint8_t address, const uint8_t *rnd, const uint8_t *
 static int send_pin(const uint32_t pin) {
    em4x70_command_bitstream_t send_pin_cmd;
    const em4x70_command_generators_t *generator = &legacy_em4x70_command_generators;
-    generator->pin(&send_pin_cmd, g_deprecated_command_parity, &g_tag.data[4], pin);
+    generator->pin(&send_pin_cmd, g_command_parity, &g_tag.data[4], pin);
    bool result = send_bitstream_wait_ack_wait_read(&send_pin_cmd);
    return result ? PM3_SUCCESS : PM3_ESOFT;
@ -1190,7 +1196,7 @@ static int write(const uint16_t word, const uint8_t address) {
    em4x70_command_bitstream_t write_cmd;
    const em4x70_command_generators_t *generator = &legacy_em4x70_command_generators;
-    generator->write(&write_cmd, g_deprecated_command_parity, word, address);
+    generator->write(&write_cmd, g_command_parity, word, address);
    bool result = send_bitstream_wait_ack_wait_ack(&write_cmd);
    if (!result) {
@ -1277,7 +1283,7 @@ static uint8_t encoded_bit_array_to_byte(const uint8_t *bits, int count_of_bits)
 static bool em4x70_read_id(void) {
    em4x70_command_bitstream_t read_id_cmd;
    const em4x70_command_generators_t *generator = &legacy_em4x70_command_generators;
-    generator->id(&read_id_cmd, g_deprecated_command_parity);
+    generator->id(&read_id_cmd, g_command_parity);
    bool result = send_bitstream_and_read(&read_id_cmd);
    if (result) {
@ -1294,7 +1300,7 @@ static bool em4x70_read_id(void) {
 static bool em4x70_read_um1(void) {
    em4x70_command_bitstream_t read_um1_cmd;
    const em4x70_command_generators_t *generator = &legacy_em4x70_command_generators;
-    generator->um1(&read_um1_cmd, g_deprecated_command_parity);
+    generator->um1(&read_um1_cmd, g_command_parity);
    bool result = send_bitstream_and_read(&read_um1_cmd);
    if (result) {
@ -1313,7 +1319,7 @@ static bool em4x70_read_um1(void) {
 static bool em4x70_read_um2(void) {
    em4x70_command_bitstream_t read_um2_cmd;
    const em4x70_command_generators_t *generator = &legacy_em4x70_command_generators;
-    generator->um2(&read_um2_cmd, g_deprecated_command_parity);
+    generator->um2(&read_um2_cmd, g_command_parity);
    bool result = send_bitstream_and_read(&read_um2_cmd);
    if (result) {
@ -1429,7 +1435,7 @@ void em4x70_info(const em4x70_data_t *etd, bool ledcontrol) {
    bool success_with_UM2 = false;
    // Support tags with and without command parity bits
-    g_deprecated_command_parity = false;
+    g_command_parity = etd->parity;
    init_tag();
    em4x70_setup_read();
@ -1457,10 +1463,10 @@ void em4x70_info(const em4x70_data_t *etd, bool ledcontrol) {
 void em4x70_write(const em4x70_data_t *etd, bool ledcontrol) {
    int status = PM3_ESOFT;
-    g_deprecated_command_parity = false;
+    g_command_parity = etd->parity;
    // Disable to prevent sending corrupted data to the tag.
-    if (g_deprecated_command_parity) {
+    if (g_command_parity) {
        DPRINTF_ALWAYS(("Use of `--par` option with `lf em 4x70 write` is  non-functional and may corrupt data on the tag."));
        // reply_ng(CMD_LF_EM4X70_WRITE, PM3_ENOTIMPL, NULL, 0);
        // return;
@ -1493,7 +1499,7 @@ void em4x70_unlock(const em4x70_data_t *etd, bool ledcontrol) {
    int status = PM3_ESOFT;
-    g_deprecated_command_parity = false;
+    g_command_parity = etd->parity;
    init_tag();
    em4x70_setup_read();
@ -1528,10 +1534,10 @@ void em4x70_auth(const em4x70_data_t *etd, bool ledcontrol) {
    uint8_t response[3] = {0};
-    g_deprecated_command_parity = false;
+    g_command_parity = etd->parity;
    // Disable to prevent sending corrupted data to the tag.
-    if (g_deprecated_command_parity) {
+    if (g_command_parity) {
        DPRINTF_ALWAYS(("Use of `--par` option with `lf em 4x70 auth` is  non-functional."));
        // reply_ng(CMD_LF_EM4X70_WRITE, PM3_ENOTIMPL, NULL, 0);
        // return;
@ -1556,10 +1562,10 @@ void em4x70_brute(const em4x70_data_t *etd, bool ledcontrol) {
    int status = PM3_ESOFT;
    uint8_t response[2] = {0};
-    g_deprecated_command_parity = false;
+    g_command_parity = etd->parity;
    // Disable to prevent sending corrupted data to the tag.
-    if (g_deprecated_command_parity) {
+    if (g_command_parity) {
        DPRINTF_ALWAYS(("Use of `--par` option with `lf em 4x70 brute` is  non-functional and may corrupt data on the tag."));
        // reply_ng(CMD_LF_EM4X70_WRITE, PM3_ENOTIMPL, NULL, 0);
        // return;
@ -1584,10 +1590,10 @@ void em4x70_write_pin(const em4x70_data_t *etd, bool ledcontrol) {
    int status = PM3_ESOFT;
-    g_deprecated_command_parity = false;
+    g_command_parity = etd->parity;
    // Disable to prevent sending corrupted data to the tag.
-    if (g_deprecated_command_parity) {
+    if (g_command_parity) {
        DPRINTF_ALWAYS(("Use of `--par` option with `lf em 4x70 setpin` is non-functional and may corrupt data on the tag."));
        // reply_ng(CMD_LF_EM4X70_WRITE, PM3_ENOTIMPL, NULL, 0);
        // return;
@ -1633,10 +1639,10 @@ void em4x70_write_key(const em4x70_data_t *etd, bool ledcontrol) {
    int status = PM3_ESOFT;
-    g_deprecated_command_parity = false;
+    g_command_parity = etd->parity;
    // Disable to prevent sending corrupted data to the tag.
-    if (g_deprecated_command_parity) {
+    if (g_command_parity) {
        DPRINTF_ALWAYS(("Use of `--par` option with `lf em 4x70 setkey` is non-functional and may corrupt data on the tag."));
        // reply_ng(CMD_LF_EM4X70_WRITE, PM3_ENOTIMPL, NULL, 0);
        // return;
--- a/armsrc/felica.c
+++ b/armsrc/felica.c
@ -497,7 +497,7 @@ static void iso18092_setup(uint8_t fpga_minor_mode) {
    BigBuf_Clear_ext(false);
    // Initialize Demod and Uart structs
-    // DemodInit(BigBuf_calloc(MAX_FRAME_SIZE));
+    // DemodInit(BigBuf_malloc(MAX_FRAME_SIZE));
    FelicaFrameinit(BigBuf_calloc(FELICA_MAX_FRAME_SIZE));
    felica_nexttransfertime = 2 * DELAY_ARM2AIR_AS_READER;  // 418
--- a/armsrc/fpgaloader.c
+++ b/armsrc/fpgaloader.c
@ -523,11 +523,10 @@ void FpgaDownloadAndGo(int bitstream_target) {
    lz4_stream_t compressed_fpga_stream;
    LZ4_streamDecode_t lz4StreamDecode_body = {{ 0 }};
    compressed_fpga_stream.lz4StreamDecode = &lz4StreamDecode_body;
-    uint8_t *output_buffer = BigBuf_calloc(FPGA_RING_BUFFER_BYTES);
+    uint8_t *output_buffer = BigBuf_malloc(FPGA_RING_BUFFER_BYTES);
-    if (reset_fpga_stream(bitstream_target, &compressed_fpga_stream, output_buffer) == false) {
+    if (!reset_fpga_stream(bitstream_target, &compressed_fpga_stream, output_buffer))
        return;
    }
    uint32_t bitstream_length;
    if (bitparse_find_section(bitstream_target, 'e', &bitstream_length, &compressed_fpga_stream, output_buffer)) {
--- a/armsrc/frozen.c
+++ b/armsrc/frozen.c
@ -26,7 +26,7 @@
 #include "nprintf.h"
 #include "BigBuf.h"
-#define malloc(X) BigBuf_calloc(X)
+#define malloc(X) BigBuf_malloc(X)
 #define free(X)
 #if !defined(WEAK)
--- a/armsrc/hfsnoop.c
+++ b/armsrc/hfsnoop.c
@ -107,7 +107,7 @@ int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len, uint
    SpinDelay(100);
    *len = BigBuf_max_traceLen();
-    uint8_t *mem = BigBuf_calloc(*len);
+    uint8_t *mem = BigBuf_malloc(*len);
    uint32_t trigger_cnt = 0;
    uint16_t r = 0, interval = 0;
--- a/armsrc/i2c.c
+++ b/armsrc/i2c.c
@ -857,7 +857,7 @@ void SmartCardRaw(const smart_card_raw_t *p) {
    LED_D_ON();
    uint16_t len = 0;
-    uint8_t *resp = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t *resp = BigBuf_malloc(ISO7816_MAX_FRAME);
    // check if alloacted...
    smartcard_command_t flags = p->flags;
@ -937,7 +937,7 @@ void SmartCardUpgrade(uint64_t arg0) {
    bool isOK = true;
    uint16_t length = arg0, pos = 0;
    const uint8_t *fwdata = BigBuf_get_addr();
-    uint8_t *verfiydata = BigBuf_calloc(I2C_BLOCK_SIZE);
+    uint8_t *verfiydata = BigBuf_malloc(I2C_BLOCK_SIZE);
    while (length) {
--- a/armsrc/i2c.h
+++ b/armsrc/i2c.h
@ -36,7 +36,7 @@
 // 8051 speaks with smart card.
 // 1000*50*3.07   = 153.5ms
 // 1 byte transfer == 1ms with max frame being 256 bytes
-#define SIM_WAIT_DELAY  150000 // about 270ms delay // 109773 -- about 337.7ms delay
+#define SIM_WAIT_DELAY  88000 // about 270ms delay // 109773 -- about 337.7ms delay
 void I2C_recovery(void);
--- a/armsrc/i2c_direct.c
+++ b/armsrc/i2c_direct.c
@ -40,7 +40,7 @@ static void SmartCardDirectSend(uint8_t prepend, const smart_card_raw_t *p, uint
    LED_D_ON();
    uint16_t len = 0;
-    uint8_t *resp = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t *resp = BigBuf_malloc(ISO7816_MAX_FRAME);
    resp[0] = prepend;
    // check if alloacted...
    smartcard_command_t flags = p->flags;
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
--- a/armsrc/iclass.h
+++ b/armsrc/iclass.h
@ -34,7 +34,6 @@
 // times in samples @ 212kHz when acting as reader
 #define ICLASS_READER_TIMEOUT_ACTALL     330 // 1558us, nominal 330us + 7slots*160us = 1450us
 #define ICLASS_READER_TIMEOUT_UPDATE    3390 // 16000us, nominal 4-15ms
 #define ICLASS_READER_TIMEOUT_UPDATE_FAST    1500 // A copy of ICLASS_READER_TIMEOUT_UPDATE with reduced timeout values
 #define ICLASS_READER_TIMEOUT_OTHERS      80 // 380us, nominal 330us
 // The length of a received command will in most cases be no more than 18 bytes.
@ -73,5 +72,4 @@ uint8_t get_pagemap(const picopass_hdr_t *hdr);
 void iclass_send_as_reader(uint8_t *frame, int len, uint32_t *start_time, uint32_t *end_time, bool shallow_mod);
 void iClass_Recover(iclass_recover_req_t *msg);
 void iClass_TearBlock(iclass_tearblock_req_t *msg);
 #endif
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
--- a/armsrc/iso14443a.h
+++ b/armsrc/iso14443a.h
@ -125,8 +125,8 @@ typedef enum {
 #endif
 void printHf14aConfig(void);
-void setHf14aConfig(const hf14a_config_t *hc);
+void setHf14aConfig(const hf14a_config *hc);
-hf14a_config_t *getHf14aConfig(void);
+hf14a_config *getHf14aConfig(void);
 void iso14a_set_timeout(uint32_t timeout);
 uint32_t iso14a_get_timeout(void);
@ -143,7 +143,7 @@ RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_t
 void RAMFUNC SniffIso14443a(uint8_t param);
 void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *useruid, uint8_t exitAfterNReads,
-                          uint8_t *ats, size_t ats_len, bool ulc_part1, bool ulc_part2);
+                          uint8_t *ats, size_t ats_len);
 void SimulateIso14443aTagAID(uint8_t tagType, uint16_t flags, uint8_t *uid,
                             uint8_t *ats, size_t ats_len,  uint8_t *aid, size_t aid_len,
@ -152,25 +152,21 @@ void SimulateIso14443aTagAID(uint8_t tagType, uint16_t flags, uint8_t *uid,
 bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data,
                           uint8_t *ats, size_t ats_len, tag_response_info_t **responses,
-                           uint32_t *cuid, uint8_t *pages,
+                           uint32_t *cuid, uint32_t counters[3], uint8_t tearings[3], uint8_t *pages);
                           uint8_t *ulc_key);
 bool GetIso14443aCommandFromReader(uint8_t *received, uint16_t received_maxlen, uint8_t *par, int *len);
 void iso14443a_antifuzz(uint32_t flags);
 void ReaderIso14443a(PacketCommandNG *c);
-void ReaderTransmit(const uint8_t *frame, uint16_t len, uint32_t *timing);
+void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
-void ReaderTransmitBitsPar(const uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
+void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
-void ReaderTransmitPar(const uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
+void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
 uint16_t ReaderReceive(uint8_t *receivedAnswer, uint16_t answer_maxlen, uint8_t *par);
 void iso14443a_setup(uint8_t fpga_minor_mode);
 int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint16_t data_len, uint8_t *res);
 int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
-int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr,
+int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats, iso14a_polling_parameters_t *polling_parameters);
-                            bool anticollision, uint8_t num_cascades, bool no_rats,
+int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades);
                            const iso14a_polling_parameters_t *polling_parameters, bool force_rats);
 int iso14443a_select_card_for_magic(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades);
 int iso14443a_fast_select_card(const uint8_t *uid_ptr, uint8_t num_cascades);
 void iso14a_set_trigger(bool enable);
 int EmSendCmd14443aRaw(const uint8_t *resp, uint16_t respLen);
@ -185,9 +181,8 @@ int EmSendPrecompiledCmd(tag_response_info_t *p_response);
 bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *max_buffer_size);
 bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffer_size);
-bool EmLogTrace(const uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime,
+bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
-                uint32_t reader_EndTime, const uint8_t *reader_Parity,  const uint8_t *tag_data,
+                uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity);
                uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, const uint8_t *tag_Parity);
 void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype);
 void DetectNACKbug(void);
--- a/armsrc/iso14443b.c
+++ b/armsrc/iso14443b.c
@ -786,14 +786,14 @@ void SimulateIso14443bTag(const uint8_t *pupi) {
    // prepare "ATQB" tag answer (encoded):
    CodeIso14443bAsTag(respATQB, sizeof(respATQB));
-    uint8_t *encodedATQB = BigBuf_calloc(ts->max);
+    uint8_t *encodedATQB = BigBuf_malloc(ts->max);
    uint16_t encodedATQBLen = ts->max;
    memcpy(encodedATQB, ts->buf, ts->max);
    // prepare "OK" tag answer (encoded):
    CodeIso14443bAsTag(respOK, sizeof(respOK));
-    uint8_t *encodedOK = BigBuf_calloc(ts->max);
+    uint8_t *encodedOK = BigBuf_malloc(ts->max);
    uint16_t encodedOKLen = ts->max;
    memcpy(encodedOK, ts->buf, ts->max);
@ -988,18 +988,18 @@ void Simulate_iso14443b_srx_tag(uint8_t *uid) {
    tosend_t *ts = get_tosend();
-    uint8_t *receivedCmd = BigBuf_calloc(MAX_FRAME_SIZE);
+    uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
    // prepare "ATQB" tag answer (encoded):
    CodeIso14443bAsTag(respATQB, sizeof(respATQB));
-    uint8_t *encodedATQB = BigBuf_calloc(ts->max);
+    uint8_t *encodedATQB = BigBuf_malloc(ts->max);
    uint16_t encodedATQBLen = ts->max;
    memcpy(encodedATQB, ts->buf, ts->max);
    // prepare "OK" tag answer (encoded):
    CodeIso14443bAsTag(respOK, sizeof(respOK));
-    uint8_t *encodedOK = BigBuf_calloc(ts->max);
+    uint8_t *encodedOK = BigBuf_malloc(ts->max);
    uint16_t encodedOKLen = ts->max;
    memcpy(encodedOK, ts->buf, ts->max);
@ -1585,7 +1585,7 @@ static void CodeIso14443bAsReader(const uint8_t *cmd, int len, bool framing) {
 /*
 *  Convenience function to encode, transmit and trace iso 14443b comms
 */
-void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len, uint32_t *start_time, uint32_t *eof_time, bool framing) {
+static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len, uint32_t *start_time, uint32_t *eof_time, bool framing) {
    const tosend_t *ts = get_tosend();
    CodeIso14443bAsReader(cmd, len, framing);
    TransmitFor14443b_AsReader(start_time);
@ -1800,7 +1800,7 @@ static int iso14443b_select_cts_card(iso14b_cts_card_select_t *card) {
 /**
 * SRx Initialise.
 */
-int iso14443b_select_srx_card(iso14b_card_select_t *card) {
+static int iso14443b_select_srx_card(iso14b_card_select_t *card) {
    // INITIATE command: wake up the tag using the INITIATE
    static const uint8_t init_srx[] = { ISO14443B_INITIATE, 0x00, 0x97, 0x5b };
    uint8_t r_init[3] = { 0x00 };
@ -2135,9 +2135,6 @@ static int iso14443b_select_picopass_card(picopass_hdr_t *hdr) {
    static uint8_t act_all[] = { ICLASS_CMD_ACTALL };
    static uint8_t identify[] = { ICLASS_CMD_READ_OR_IDENTIFY };
    static uint8_t read_conf[] = { ICLASS_CMD_READ_OR_IDENTIFY, 0x01, 0xfa, 0x22 };
    // ICLASS_CMD_SELECT  0x81 tells  ISO14443b/BPSK coding/106 kbits/s
    // ICLASS_CMD_SELECT  0x41 tells  ISO14443b/BPSK coding/423 kbits/s
    uint8_t select[] = { 0x80 | ICLASS_CMD_SELECT, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    uint8_t read_aia[] = { ICLASS_CMD_READ_OR_IDENTIFY, 0x05, 0xde, 0x64};
    uint8_t read_check_cc[] = { 0x80 | ICLASS_CMD_READCHECK, 0x02 };
@ -2310,7 +2307,7 @@ void iso14443b_setup(void) {
 //
 // I tried to be systematic and check every answer of the tag, every CRC, etc...
 //-----------------------------------------------------------------------------
-int read_14b_srx_block(uint8_t blocknr, uint8_t *block) {
+static int read_14b_srx_block(uint8_t blocknr, uint8_t *block) {
    uint8_t cmd[] = {ISO14443B_READ_BLK, blocknr, 0x00, 0x00};
    AddCrc14B(cmd, 2);
@ -2405,8 +2402,8 @@ void SniffIso14443b(void) {
    uint8_t ua_buf[MAX_FRAME_SIZE] = {0};
    Uart14bInit(ua_buf);
-    //Demod14bInit(BigBuf_calloc(MAX_FRAME_SIZE));
+    //Demod14bInit(BigBuf_malloc(MAX_FRAME_SIZE), MAX_FRAME_SIZE);
-    //Uart14bInit(BigBuf_calloc(MAX_FRAME_SIZE));
+    //Uart14bInit(BigBuf_malloc(MAX_FRAME_SIZE));
    // Set FPGA in the appropriate mode
    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_848_KHZ | FPGA_HF_READER_MODE_SNIFF_IQ);
--- a/armsrc/iso14443b.h
+++ b/armsrc/iso14443b.h
@ -45,11 +45,8 @@ int iso14443b_select_card(iso14b_card_select_t *card);
 void SimulateIso14443bTag(const uint8_t *pupi);
 void read_14b_st_block(uint8_t blocknr);
 int read_14b_srx_block(uint8_t blocknr, uint8_t *block);
 int iso14443b_select_srx_card(iso14b_card_select_t *card);
 void SniffIso14443b(void);
 void SendRawCommand14443B(iso14b_raw_cmd_t *p);
 void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len, uint32_t *start_time, uint32_t *eof_time, bool framing);
 // States for 14B SIM command
 #define SIM_POWER_OFF   0
--- a/armsrc/iso15693.c
+++ b/armsrc/iso15693.c
@ -180,7 +180,8 @@ static void CodeIso15693AsReaderEOF(void) {
 static int get_uid_slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid) {
-    uint8_t *answer = BigBuf_calloc(ISO15693_MAX_RESPONSE_LENGTH);
+    uint8_t *answer = BigBuf_malloc(ISO15693_MAX_RESPONSE_LENGTH);
    memset(answer, 0x00, ISO15693_MAX_RESPONSE_LENGTH);
    start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
@ -984,11 +985,10 @@ int GetIso15693AnswerFromTag(uint8_t *response, uint16_t max_len, uint16_t timeo
    DecodeTagFSK_t dtfm = { 0 };
    DecodeTagFSK_t *dtf = &dtfm;
-    if (fsk) {
+    if (fsk)
        DecodeTagFSKInit(dtf, response, max_len);
-    } else {
+    else
        DecodeTagInit(dt, response, max_len);
    }
    // wait for last transfer to complete
    while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY));
@ -1014,9 +1014,8 @@ int GetIso15693AnswerFromTag(uint8_t *response, uint16_t max_len, uint16_t timeo
    for (;;) {
        volatile uint16_t behindBy = ((uint16_t *)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (DMA_BUFFER_SIZE - 1);
-        if (behindBy == 0) {
+        if (behindBy == 0)
            continue;
        }
        samples++;
        if (samples == 1) {
@ -1483,7 +1482,7 @@ int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eo
    bool gotFrame = false;
    // the decoder data structure
-    DecodeReader_t *dr = (DecodeReader_t *)BigBuf_calloc(sizeof(DecodeReader_t));
+    DecodeReader_t *dr = (DecodeReader_t *)BigBuf_malloc(sizeof(DecodeReader_t));
    DecodeReaderInit(dr, received, max_len, 0, NULL);
    // wait for last transfer to complete
@ -1588,7 +1587,7 @@ void AcquireRawAdcSamplesIso15693(void) {
    LED_A_ON();
-    uint8_t *dest = BigBuf_calloc(4096);
+    uint8_t *dest = BigBuf_malloc(4000);
    // switch field on
    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER);
@ -2030,7 +2029,7 @@ void ReaderIso15693(iso15_card_select_t *p_card) {
    LED_A_ON();
    set_tracing(true);
-    uint8_t *answer = BigBuf_calloc(ISO15693_MAX_RESPONSE_LENGTH);
+    uint8_t *answer = BigBuf_malloc(ISO15693_MAX_RESPONSE_LENGTH);
    memset(answer, 0x00, ISO15693_MAX_RESPONSE_LENGTH);
    // FIRST WE RUN AN INVENTORY TO GET THE TAG UID
@ -2658,7 +2657,7 @@ void BruteforceIso15693Afi(uint32_t flags) {
            Dbprintf("AFI = %i  UID = %s", i, iso15693_sprintUID(NULL, recv + 2));
        }
-        aborted = (BUTTON_PRESS() || data_available());
+        aborted = (BUTTON_PRESS() && data_available());
        if (aborted) {
            break;
        }
--- a/armsrc/lfadc.c
+++ b/armsrc/lfadc.c
@ -236,13 +236,8 @@ void lf_init(bool reader, bool simulate, bool ledcontrol) {
    FpgaSetupSsc(FPGA_MAJOR_MODE_LF_READER);
    // When in reader mode, give the field a bit of time to settle.
-    // Optimal timing window for LF ADC measurements to be performed:
+    // 313T0 = 313 * 8us = 2504us = 2.5ms  Hitag2 tags needs to be fully powered.
-    // minimum: 313T0 = 313 * 8us = 2504us = 2.50ms - Hitag2 tag internal powerup time
+    SpinDelay(10);
    //          280T0 = 280 * 8us = 2240us = 2.24ms - HitagS minimum time before the first command (powerup time)
    // maximum: 545T0 = 545 * 8us = 4360us = 4.36ms - Hitag2 command waiting time before it starts transmitting in public mode (if configured so)
    //          565T0 = 565 * 8us = 4520us = 4.52ms - HitagS waiting time before entering TTF mode (if configured so)
    // Thus (2.50 ms + 4.36 ms) / 2 ~= 3 ms (rounded down to integer), should be a good timing for both tag models
    SpinDelay(3);
    // Steal this pin from the SSP (SPI communication channel with fpga) and use it to control the modulation
    AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -340,7 +340,7 @@ t55xx_configurations_t *getT55xxConfig(void) {
 void loadT55xxConfig(void) {
 #ifdef WITH_FLASH
-    uint8_t *buf = BigBuf_calloc(T55XX_CONFIG_LEN);
+    uint8_t *buf = BigBuf_malloc(T55XX_CONFIG_LEN);
    uint32_t size = 0;
    if (exists_in_spiffs(T55XX_CONFIG_FILE)) {
@ -2912,7 +2912,7 @@ void Cotag(uint32_t arg0, bool ledcontrol) {
            break;
        }
        case 1: {
-            uint8_t *dest = BigBuf_calloc(COTAG_BITS);
+            uint8_t *dest = BigBuf_malloc(COTAG_BITS);
            uint16_t bits = doCotagAcquisitionManchester(dest, COTAG_BITS);
            reply_ng(CMD_LF_COTAG_READ, PM3_SUCCESS, dest, bits);
            break;
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@ -149,7 +149,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
            data.buffer = BigBuf_get_addr();
        } else {
            *sample_size = MIN(*sample_size, BigBuf_max_traceLen());
-            data.buffer = BigBuf_calloc(*sample_size);
+            data.buffer = BigBuf_malloc(*sample_size);
        }
    } else {
@ -669,7 +669,7 @@ void doT55x7Acquisition(size_t sample_size, bool ledcontrol) {
 void doCotagAcquisition(void) {
    uint16_t bufsize = BigBuf_max_traceLen();
-    uint8_t *dest = BigBuf_calloc(bufsize);
+    uint8_t *dest = BigBuf_malloc(bufsize);
    dest[0] = 0;
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -83,14 +83,14 @@ static bool mifare_wakeup_auth(struct Crypto1State *pcs, MifareWakeupType wakeup
            break;
        }
        case MF_WAKE_WUPA: {
-            if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &WUPA_POLLING_PARAMETERS, false) == 0) {
+            if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &WUPA_POLLING_PARAMETERS) == 0) {
                if (g_dbglevel >= DBG_ERROR) Dbprintf("Can't select card");
                return false;
            };
            break;
        }
        case MF_WAKE_REQA: {
-            if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &REQA_POLLING_PARAMETERS, false) == 0) {
+            if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &REQA_POLLING_PARAMETERS) == 0) {
                if (g_dbglevel >= DBG_ERROR) Dbprintf("Can't select card");
                return false;
            };
@ -274,7 +274,7 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes) {
        return;
    };
-    if (mifare_ultra_auth(keybytes) == 0) {
+    if (!mifare_ultra_auth(keybytes)) {
        if (g_dbglevel >= DBG_ERROR) Dbprintf("Authentication failed");
        OnError(1);
        return;
@ -304,7 +304,7 @@ void MifareUL_AES_Auth(bool turn_off_field, uint8_t keyno, uint8_t *keybytes) {
        return;
    };
-    if (mifare_ultra_aes_auth(keyno, keybytes) == 0) {
+    if (!mifare_ultra_aes_auth(keyno, keybytes)) {
        if (g_dbglevel >= DBG_ERROR) Dbprintf("Authentication failed");
        OnErrorNG(CMD_HF_MIFAREULAES_AUTH, PM3_ESOFT);
        return;
@ -344,7 +344,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) {
        uint8_t key[16] = {0x00};
        memcpy(key, datain, sizeof(key));
-        if (mifare_ultra_auth(key) == 0) {
+        if (!mifare_ultra_auth(key)) {
            OnError(1);
            return;
        }
@ -1947,7 +1947,7 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da
        // Now append the SPI flash dictionnary
        if (SPIFFS_OK == rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, dictkeys + (keyCount * MF_KEY_LENGTH), (key_mem_available - keyCount) * MF_KEY_LENGTH, RDV40_SPIFFS_SAFETY_SAFE)) {
            if (g_dbglevel >= DBG_ERROR) {
-                Dbprintf("loaded " _GREEN_("%u") " keys from spiffs file `" _YELLOW_("%s") "`", key_mem_available - keyCount, MF_KEYS_FILE);
+                Dbprintf("loaded " _GREEN_("%u") " keys from spiffs file `" _YELLOW_("%s") "`", key_mem_available, MF_KEYS_FILE);
            }
        } else {
            Dbprintf("Spiffs file `" _RED_("%s") "` cannot be read", MF_KEYS_FILE);
@ -1955,7 +1955,6 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da
        }
        // Replace client provided keys
        datain = dictkeys;
        keyCount = key_mem_available;
    }
 #endif
@ -2252,7 +2251,7 @@ OUT:
            bar |= ((uint16_t)(found[m] & 1) << j++);
        }
-        uint8_t *tmp = BigBuf_calloc(480 + 10);
+        uint8_t *tmp = BigBuf_malloc(480 + 10);
        memcpy(tmp, k_sector, sectorcnt * sizeof(sector_t));
        num_to_bytes(foo, 8, tmp + 480);
        tmp[488] = bar & 0xFF;
@ -2409,7 +2408,7 @@ void MifareChkKeys_file(uint8_t *fn) {
    int changed = rdv40_spiffs_lazy_mount();
    uint32_t size = size_in_spiffs((char *)fn);
-    uint8_t *mem = BigBuf_calloc(size);
+    uint8_t *mem = BigBuf_malloc(size);
    rdv40_spiffs_read_as_filetype((char *)fn, mem, size, RDV40_SPIFFS_SAFETY_SAFE);
@ -2909,7 +2908,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain) {
        }
        // read block
-        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar, NULL) != MIFARE_BLOCK_SIZE + CRC16_SIZE)) {
+        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar, NULL) != MAX_MIFARE_FRAME_SIZE)) {
            if (g_dbglevel >= DBG_ERROR) Dbprintf("read block send command error");
            errormsg = 0;
            break;
@ -3022,10 +3021,9 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) {
    // reset card
    mf_reset_card();
-    // Use special magic detection function that always attempts RATS regardless of SAK
+
-    res = iso14443a_select_card_for_magic(uid, card, &cuid, true, 0);
+    res = iso14443a_select_card(uid, card, &cuid, true, 0, false);
    if (res) {
        mf_reset_card();
        if (cuid == 0xAA55C396) {
            flag |= MAGIC_FLAG_GEN_UNFUSED;
        }
@ -3221,7 +3219,7 @@ void MifareHasStaticNonce(void) {
    }
    if (counter) {
-        Dbprintf("Static nonce....... " _YELLOW_("%08x"), nt);
+        Dbprintf("Static nonce......... " _YELLOW_("%08x"), nt);
        data[0] = NONCE_STATIC;
    } else {
        data[0] = NONCE_NORMAL;
@ -3516,7 +3514,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {
    int retval = PM3_SUCCESS;
    uint8_t block_cmd[5] = { 0x90, 0xf0, 0xcc, 0xcc, 0x10 };
-    uint8_t cmdlen = sizeof(block_cmd) + MIFARE_BLOCK_SIZE + CRC16_SIZE;
+    uint8_t cmdlen = sizeof(block_cmd) + MAX_MIFARE_FRAME_SIZE;
    uint8_t *cmd = BigBuf_calloc(cmdlen);
    iso14a_card_select_t *card_info = (iso14a_card_select_t *) BigBuf_calloc(sizeof(iso14a_card_select_t));
@ -3533,7 +3531,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {
    bool doReselect = false;
    if (block_len < MIFARE_BLOCK_SIZE) {
-        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, 0, &cmd[sizeof(block_cmd)], MIFARE_BLOCK_SIZE + CRC16_SIZE, NULL, NULL) != MIFARE_BLOCK_SIZE + CRC16_SIZE)) {
+        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, 0, &cmd[sizeof(block_cmd)], MAX_MIFARE_FRAME_SIZE, NULL, NULL) != MAX_MIFARE_FRAME_SIZE)) {
            if (g_dbglevel >= DBG_ERROR) Dbprintf("Read manufacturer block failed");
            retval = PM3_ESOFT;
            goto OUT;
@ -3562,13 +3560,13 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {
        AddCrc14A(cmd, sizeof(block_cmd) + MIFARE_BLOCK_SIZE);
        if (doReselect) {
-            if (iso14443a_select_card(NULL, NULL, NULL, true, 0, true) == 0) {
+            if (!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {
                retval = PM3_ESOFT;
                goto OUT;
            }
        }
-        retval = DoGen3Cmd(cmd, sizeof(block_cmd) + MIFARE_BLOCK_SIZE + CRC16_SIZE);
+        retval = DoGen3Cmd(cmd, sizeof(block_cmd) + MAX_MIFARE_FRAME_SIZE);
    }
 OUT:
@ -3609,13 +3607,13 @@ void MifareG4ReadBlk(uint8_t blockno, uint8_t *pwd, uint8_t workFlags) {
    int res = 0;
    int retval = PM3_SUCCESS;
-    uint8_t *buf = BigBuf_calloc(PM3_CMD_DATA_SIZE);
+    uint8_t *buf = BigBuf_malloc(PM3_CMD_DATA_SIZE);
    if (buf == NULL) {
        retval = PM3_EMALLOC;
        goto OUT;
    }
-    uint8_t *par = BigBuf_calloc(MAX_PARITY_SIZE);
+    uint8_t *par = BigBuf_malloc(MAX_PARITY_SIZE);
    if (par == NULL) {
        retval = PM3_EMALLOC;
        goto OUT;
@ -3685,7 +3683,7 @@ void MifareG4WriteBlk(uint8_t blockno, uint8_t *pwd, uint8_t *data, uint8_t work
    int res = 0;
    int retval = PM3_SUCCESS;
-    uint8_t *buf = BigBuf_calloc(PM3_CMD_DATA_SIZE);
+    uint8_t *buf = BigBuf_malloc(PM3_CMD_DATA_SIZE);
    if (buf == NULL) {
        retval = PM3_EMALLOC;
        goto OUT;
@ -3697,7 +3695,7 @@ void MifareG4WriteBlk(uint8_t blockno, uint8_t *pwd, uint8_t *data, uint8_t work
        goto OUT;
    }
-    uint8_t *par = BigBuf_calloc(MAX_PARITY_SIZE);
+    uint8_t *par = BigBuf_malloc(MAX_PARITY_SIZE);
    if (par == NULL) {
        retval = PM3_EMALLOC;
        goto OUT;
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@ -60,7 +60,7 @@ bool InitDesfireCard(void) {
    iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
    set_tracing(true);
-    if (iso14443a_select_card(NULL, &card, NULL, true, 0, false) == 0) {
+    if (!iso14443a_select_card(NULL, &card, NULL, true, 0, false)) {
        if (g_dbglevel >= DBG_ERROR) DbpString("Can't select card");
        OnError(1);
        return false;
@ -157,7 +157,7 @@ void MifareDesfireGetInformation(void) {
    pcb_blocknum = 0;
    // card select - information
-    if (iso14443a_select_card(NULL, &card, NULL, true, 0, false) == 0) {
+    if (!iso14443a_select_card(NULL, &card, NULL, true, 0, false)) {
        if (g_dbglevel >= DBG_ERROR) {
            DbpString("Can't select card");
        }
--- a/armsrc/mifaresim.c
+++ b/armsrc/mifaresim.c
@ -459,7 +459,7 @@ bool MifareSimInit(uint16_t flags, uint8_t *uid, uint16_t atqa, uint8_t sak, tag
    // 53 * 8 data bits, 53 * 1 parity bits, 18 start bits, 18 stop bits, 18 correction bits  ->   need 571 bytes buffer
 #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 571
-    uint8_t *free_buffer = BigBuf_calloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
+    uint8_t *free_buffer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
    // modulation buffer pointer and current buffer free space size
    uint8_t *free_buffer_pointer = free_buffer;
    size_t free_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
@ -579,6 +579,21 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
            counter++;
        }
        /*
                // find reader field
                if (cardSTATE == MFEMUL_NOFIELD) {
                    vHf = (MAX_ADC_HF_VOLTAGE * SumAdc(ADC_CHAN_HF, 32)) >> 15;
                    if (vHf > MF_MINFIELDV) {
                        cardSTATE_TO_IDLE();
                        LED_A_ON();
                    }
                    button_pushed = BUTTON_PRESS();
                    continue;
                }
                */
        FpgaEnableTracing();
        //Now, get data
        int res = EmGetCmd(receivedCmd, sizeof(receivedCmd), &receivedCmd_len, receivedCmd_par);
@ -745,6 +760,10 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
            // WORK
            case MFEMUL_WORK: {
                if (g_dbglevel >= DBG_EXTENDED) {
                    // Dbprintf("[MFEMUL_WORK] Enter in case");
                }
                if (receivedCmd_len == 0) {
                    if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] NO CMD received");
                    break;
@ -790,11 +809,10 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
                    if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] KEY %c: %012" PRIx64, (cardAUTHKEY == 0) ? 'A' : 'B', emlGetKey(cardAUTHSC, cardAUTHKEY));
                    // sector out of range - do not respond
-                    if ((cardAUTHSC >= cardMaxSEC) && (flags & FLAG_MF_ALLOW_OOB_AUTH) == 0) {
+                    if (cardAUTHSC >= cardMaxSEC) {
                        cardAUTHKEY = AUTHKEYNONE; // not authenticated
                        cardSTATE_TO_IDLE();
-                        if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Out of range sector %d(0x%02x) >= %d(0x%02x)", cardAUTHSC, cardAUTHSC, cardMaxSEC, cardMaxSEC);
+                        if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Out of range sector %d(0x%02x)", cardAUTHSC, cardAUTHSC);
                        LogTrace(uart->output, uart->len, uart->startTime * 16 - DELAY_AIR2ARM_AS_TAG, uart->endTime * 16 - DELAY_AIR2ARM_AS_TAG, uart->parity, true);
                        break;
                    }
@ -1021,8 +1039,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
                        }
                    }
                    AddCrc14A(response, MIFARE_BLOCK_SIZE);
-                    mf_crypto1_encrypt(pcs, response, MIFARE_BLOCK_SIZE + CRC16_SIZE, response_par);
+                    mf_crypto1_encrypt(pcs, response, MAX_MIFARE_FRAME_SIZE, response_par);
-                    EmSendCmdPar(response, MIFARE_BLOCK_SIZE + CRC16_SIZE, response_par);
+                    EmSendCmdPar(response, MAX_MIFARE_FRAME_SIZE, response_par);
                    FpgaDisableTracing();
                    if (g_dbglevel >= DBG_EXTENDED) {
@ -1034,7 +1052,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
                    numReads++;
                    if (exitAfterNReads > 0 && numReads == exitAfterNReads) {
-                        Dbprintf("[MFEMUL_WORK] " _YELLOW_("%u") " reads done, exiting", numReads);
+                        Dbprintf("[MFEMUL_WORK] %d reads done, exiting", numReads);
                        finished = true;
                    }
                    break;
@ -1291,7 +1309,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
            // WRITE BL2
            case MFEMUL_WRITEBL2: {
-                if (receivedCmd_len == MIFARE_BLOCK_SIZE + CRC16_SIZE) {
+                if (receivedCmd_len == MAX_MIFARE_FRAME_SIZE) {
                    mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec);
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@ -100,7 +100,7 @@ uint16_t mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t
    uint16_t pos;
    uint8_t dcmd[4] = {cmd, data, 0x00, 0x00};
    uint8_t ecmd[4] = {0x00, 0x00, 0x00, 0x00};
-    uint8_t par[MAX_MIFARE_PARITY_SIZE] = {0x00}; // used for cmd and answer
+    uint8_t par[1] = {0x00}; // 1 Byte parity is enough here
    AddCrc14A(dcmd, 2);
    memcpy(ecmd, dcmd, sizeof(dcmd));
@ -440,17 +440,21 @@ int mifare_ultra_aes_auth(uint8_t keyno, uint8_t *keybytes) {
    uint8_t key[16] = { 0 };
    memcpy(key, keybytes, sizeof(key));
    uint16_t len = 0;
    // 1 cmd + 16 bytes + 2 crc
    uint8_t resp[19] = {0x00};
    uint8_t respPar[5] = {0};
    // setup AES
    mbedtls_aes_context actx;
    mbedtls_aes_init(&actx);
    mbedtls_aes_init(&actx);
    mbedtls_aes_setkey_dec(&actx, key, 128);
    // Send REQUEST AUTHENTICATION / receive tag nonce
-    uint16_t len = mifare_sendcmd_short(NULL, CRYPT_NONE, MIFARE_ULAES_AUTH_1, keyno, resp, sizeof(resp), respPar, NULL);
+    len = mifare_sendcmd_short(NULL, CRYPT_NONE, MIFARE_ULAES_AUTH_1, keyno, resp, sizeof(resp), respPar, NULL);
    if (len != 19) {
        if (g_dbglevel >= DBG_ERROR) Dbprintf("Cmd Error: %02x - expected 19 got " _RED_("%u"), resp[0], len);
        return 0;
--- a/armsrc/sam_common.c
+++ b/armsrc/sam_common.c
@ -218,19 +218,17 @@ out:
 *
 * @return Status code indicating success or failure of the operation.
 */
-int sam_get_version(bool info) {
+int sam_get_version(void) {
    int res = PM3_SUCCESS;
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("start sam_get_version");
    }
-    uint8_t *response = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t   *response =  BigBuf_malloc(ISO7816_MAX_FRAME);
    uint16_t response_len = ISO7816_MAX_FRAME;
    uint8_t payload[] = {
-        0xa0, // <- SAM command
+        0xa0, 0x02, // <- SAM command
        0x02, // <- Length
        0x82, 0x00 // <- get version
    };
    uint16_t payload_len = sizeof(payload);
@ -254,9 +252,8 @@ int sam_get_version(bool info) {
    //      82 01
    //       01
    // 90 00
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("end sam_get_version");
    }
    if (response[5] != 0xbd) {
        Dbprintf("Invalid SAM response");
@ -269,18 +266,18 @@ int sam_get_version(bool info) {
        }
        uint8_t *sam_version_an = sam_find_asn1_node(sam_response_an, 0x80);
        if (sam_version_an == NULL) {
-            if (g_dbglevel >= DBG_ERROR) DbpString(_RED_("SAM: get version failed"));
+            if (g_dbglevel >= DBG_ERROR) DbpString("SAM get version failed");
            goto error;
        }
        uint8_t *sam_build_an = sam_find_asn1_node(sam_response_an, 0x81);
        if (sam_build_an == NULL) {
-            if (g_dbglevel >= DBG_ERROR) DbpString(_RED_("SAM: get firmware ID failed"));
+            if (g_dbglevel >= DBG_ERROR) DbpString("SAM get firmware ID failed");
            goto error;
        }
-        if (g_dbglevel >= DBG_INFO || info) {
+        if (g_dbglevel >= DBG_INFO) {
-            DbpString(_BLUE_("-- SAM Information --"));
+            DbpString("SAM get version successful");
-            Dbprintf(_YELLOW_("Firmware version: ")"%d.%d", sam_version_an[2], sam_version_an[3]);
+            Dbprintf("Firmware version: %X.%X", sam_version_an[2], sam_version_an[3]);
-            Dbprintf(_YELLOW_("Firmware ID: "));
+            Dbprintf("Firmware ID: ");
            Dbhexdump(sam_build_an[1], sam_build_an + 2, false);
        }
        goto out;
@ -292,79 +289,8 @@ error:
 out:
    BigBuf_free();
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("end sam_get_version");
    }
    return res;
 }
 int sam_get_serial_number(void) {
    int res = PM3_SUCCESS;
    if (g_dbglevel >= DBG_DEBUG) {
        DbpString("start sam_get_serial_number");
    }
    uint8_t *response = BigBuf_calloc(ISO7816_MAX_FRAME);
    uint16_t response_len = ISO7816_MAX_FRAME;
    uint8_t payload[] = {
        0xa0, // <- SAM command
        0x02, // <- Length
        0x96, 0x00 // <- get serial number
    };
    uint16_t payload_len = sizeof(payload);
    sam_send_payload(
        0x44, 0x0a, 0x44,
        payload,
        &payload_len,
        response,
        &response_len
    );
    //resp:
    //c1 64 00 00 00
    //   bd 0e <- SAM response
    //    8a 0c <- get serial number response
    //      61 01 13 51 22 66 6e 15 3e 1b ff ff
    //90 00
    if (g_dbglevel >= DBG_DEBUG) {
        DbpString("end sam_get_serial_number");
    }
    if (response[5] != 0xbd) {
        Dbprintf("Invalid SAM response");
        goto error;
    } else {
        uint8_t *sam_response_an = sam_find_asn1_node(response + 5, 0x8a);
        if (sam_response_an == NULL) {
            if (g_dbglevel >= DBG_ERROR) DbpString(_RED_("SAM: get response failed"));
            goto error;
        }
        uint8_t *sam_serial_an = sam_response_an + 2;
        if (sam_serial_an == NULL) {
            if (g_dbglevel >= DBG_ERROR) DbpString(_RED_("SAM get serial number failed"));
            goto error;
        }
        Dbprintf(_YELLOW_("Serial Number: "));
        Dbhexdump(sam_response_an[1], sam_serial_an, false);
        goto out;
    }
 error:
    res = PM3_ESOFT;
 out:
    BigBuf_free();
    if (g_dbglevel >= DBG_DEBUG) {
        DbpString("end sam_get_serial_number");
    }
    return res;
 }
@ -424,10 +350,12 @@ void sam_append_asn1_node(const uint8_t *root, const uint8_t *node, uint8_t type
 }
 void sam_send_ack(void) {
-    uint8_t *response = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t   *response = BigBuf_malloc(ISO7816_MAX_FRAME);
    uint16_t response_len = ISO7816_MAX_FRAME;
-    uint8_t payload[] = { 0xa0, 0 };
+    uint8_t payload[] = {
        0xa0, 0
    };
    uint16_t payload_len = sizeof(payload);
    sam_send_payload(
--- a/armsrc/sam_common.h
+++ b/armsrc/sam_common.h
@ -39,8 +39,7 @@ int sam_send_payload(
    uint16_t *response_len
 );
-int sam_get_version(bool info);
+int sam_get_version(void);
 int sam_get_serial_number(void);
 uint8_t *sam_find_asn1_node(const uint8_t *root, const uint8_t type);
 void sam_append_asn1_node(const uint8_t *root, const uint8_t *node, uint8_t type, const uint8_t *const data, uint8_t len);
--- a/armsrc/sam_picopass.c
+++ b/armsrc/sam_picopass.c
@ -46,12 +46,11 @@
 */
 static int sam_send_request_iso15(const uint8_t *const request, const uint8_t request_len, uint8_t *response, uint8_t *response_len, const bool shallow_mod, const bool break_on_nr_mac, const bool prevent_epurse_update) {
    int res = PM3_SUCCESS;
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("start sam_send_request_iso14a");
    }
-    uint8_t *buf1 = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t *buf1 = BigBuf_malloc(ISO7816_MAX_FRAME);
-    uint8_t *buf2 = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t *buf2 = BigBuf_malloc(ISO7816_MAX_FRAME);
    if (buf1 == NULL || buf2 == NULL) {
        res = PM3_EMALLOC;
        goto out;
@ -103,13 +102,10 @@ static int sam_send_request_iso15(const uint8_t *const request, const uint8_t re
            nfc_tx_len = sam_copy_payload_sam2nfc(nfc_tx_buf, sam_rx_buf);
-            bool is_cmd_check = ((nfc_tx_buf[0] & 0x0F) == ICLASS_CMD_CHECK);
+            bool is_cmd_check = (nfc_tx_buf[0] & 0x0F) == ICLASS_CMD_CHECK;
            if (is_cmd_check && break_on_nr_mac) {
                memcpy(response, nfc_tx_buf, nfc_tx_len);
                *response_len = nfc_tx_len;
                if (g_dbglevel >= DBG_INFO) {
                    DbpString("NR-MAC: ");
                    Dbhexdump((*response_len) - 1, response + 1, false);
@ -118,8 +114,7 @@ static int sam_send_request_iso15(const uint8_t *const request, const uint8_t re
                goto out;
            }
-            bool is_cmd_update = ((nfc_tx_buf[0] & 0x0F) == ICLASS_CMD_UPDATE);
+            bool is_cmd_update = (nfc_tx_buf[0] & 0x0F) == ICLASS_CMD_UPDATE;
            if (is_cmd_update && prevent_epurse_update && nfc_tx_buf[0] == 0x87 && nfc_tx_buf[1] == 0x02) {
                // block update(2) command and fake the response to prevent update of epurse
@ -227,27 +222,18 @@ static int sam_send_request_iso15(const uint8_t *const request, const uint8_t re
    //              07
    // 90 00
    if (request_len == 0) {
-
+        if (
-        if (!(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0x8a && sam_rx_buf[5 + 4] == 0x03) &&
+            !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0x8a && sam_rx_buf[5 + 4] == 0x03)
-                !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0xb3 && sam_rx_buf[5 + 4] == 0xa0)) {
+            &&
-
+            !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0xb3 && sam_rx_buf[5 + 4] == 0xa0)
-            if (g_dbglevel >= DBG_ERROR) {
+        ) {
            if (g_dbglevel >= DBG_ERROR)
                Dbprintf("No PACS data in SAM response");
            }
            res = PM3_ESOFT;
        }
    }
-    if (sam_rx_buf[6] == 0x81 && sam_rx_buf[8] == 0x8a && sam_rx_buf[9] == 0x81) { //check if the response is an SNMP message
+    *response_len = sam_rx_buf[5 + 1] + 2;
        *response_len = sam_rx_buf[5 + 2] + 3;
    } else { //if not, use the old logic
        *response_len = sam_rx_buf[5 + 1] + 2;
    }
    if (sam_rx_buf[5] == 0xBD && sam_rx_buf[4] != 0x00) { //secure channel flag is not 0x00
        Dbprintf(_YELLOW_("Secure channel flag set to: ")"%02x", sam_rx_buf[4]);
    }
    memcpy(response, sam_rx_buf + 5, *response_len);
    goto out;
@ -269,10 +255,10 @@ out:
 */
 static int sam_set_card_detected_picopass(const picopass_hdr_t *card_select) {
    int res = PM3_SUCCESS;
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("start sam_set_card_detected");
-    }
+
-    uint8_t *response = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t   *response = BigBuf_malloc(ISO7816_MAX_FRAME);
    uint16_t response_len = ISO7816_MAX_FRAME;
    // a0 12
@ -328,9 +314,8 @@ error:
 out:
    BigBuf_free();
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("end sam_set_card_detected");
    }
    return res;
 }
@ -351,14 +336,11 @@ int sam_picopass_get_pacs(PacketCommandNG *c) {
    const bool breakOnNrMac = !!(flags & BITMASK(2));
    const bool preventEpurseUpdate = !!(flags & BITMASK(3));
    const bool shallow_mod = !!(flags & BITMASK(4));
    const bool info = !!(flags & BITMASK(5));
    uint8_t *cmd = c->data.asBytes + 1;
    uint16_t cmd_len = c->length - 1;
    int res = PM3_EFAILED;
    uint8_t sam_response[ISO7816_MAX_FRAME] = { 0x00 };
    uint8_t sam_response_len = 0;
    clear_trace();
    I2C_Reset_EnterMainProgram();
@ -367,21 +349,16 @@ int sam_picopass_get_pacs(PacketCommandNG *c) {
    StartTicks();
    // step 1: ping SAM
-    sam_get_version(info);
+    sam_get_version();
-    if (info) {
+    if (!skipDetect) {
        sam_get_serial_number();
        goto out;
    }
    if (skipDetect == false) {
        // step 2: get card information
        picopass_hdr_t card_a_info;
        uint32_t eof_time = 0;
        // implicit StartSspClk() happens here
        Iso15693InitReader();
-        if (select_iclass_tag(&card_a_info, false, &eof_time, shallow_mod) == false) {
+        if (!select_iclass_tag(&card_a_info, false, &eof_time, shallow_mod)) {
            goto err;
        }
@ -392,14 +369,14 @@ int sam_picopass_get_pacs(PacketCommandNG *c) {
    }
    // step 3: SamCommand RequestPACS, relay NFC communication
    uint8_t sam_response[ISO7816_MAX_FRAME] = { 0x00 };
    uint8_t sam_response_len = 0;
    res = sam_send_request_iso15(cmd, cmd_len, sam_response, &sam_response_len, shallow_mod, breakOnNrMac, preventEpurseUpdate);
    if (res != PM3_SUCCESS) {
        goto err;
    }
-
+    if (g_dbglevel >= DBG_INFO)
    if (g_dbglevel >= DBG_INFO) {
        print_result("Response data", sam_response, sam_response_len);
    }
    goto out;
--- a/armsrc/sam_seos.c
+++ b/armsrc/sam_seos.c
@ -51,14 +51,13 @@
 */
 static int sam_set_card_detected_seos(iso14a_card_select_t *card_select) {
    int res = PM3_SUCCESS;
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("start sam_set_card_detected");
    }
-    uint8_t *request = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t   *request = BigBuf_malloc(ISO7816_MAX_FRAME);
    uint16_t request_len = ISO7816_MAX_FRAME;
-    uint8_t *response = BigBuf_calloc(ISO7816_MAX_FRAME);
+    uint8_t   *response = BigBuf_malloc(ISO7816_MAX_FRAME);
    uint16_t response_len = ISO7816_MAX_FRAME;
    const uint8_t payload[] = {
@ -108,9 +107,8 @@ error:
 out:
    BigBuf_free();
-    if (g_dbglevel >= DBG_DEBUG) {
+    if (g_dbglevel >= DBG_DEBUG)
        DbpString("end sam_set_card_detected");
    }
    return res;
 }
@ -282,7 +280,7 @@ int sam_seos_get_pacs(PacketCommandNG *c) {
    StartTicks();
    // step 1: ping SAM
-    sam_get_version(false);
+    sam_get_version();
    if (skipDetect == false) {
        // step 2: get card information
--- a/armsrc/spiffs.c
+++ b/armsrc/spiffs.c
@ -312,7 +312,7 @@ static int is_valid_filename(const char *filename) {
 */
 static void copy_in_spiffs(const char *src, const char *dst) {
    uint32_t size = size_in_spiffs(src);
-    uint8_t *mem = BigBuf_calloc(size);
+    uint8_t *mem = BigBuf_malloc(size);
    read_from_spiffs(src, (uint8_t *)mem, size);
    write_to_spiffs(dst, (uint8_t *)mem, size);
 }
--- a/armsrc/usart.c
+++ b/armsrc/usart.c
@ -218,7 +218,7 @@ uint32_t usart_read_ng(uint8_t *data, size_t len) {
 }
 // transfer from device to client
-int usart_writebuffer_sync(const uint8_t *data, size_t len) {
+int usart_writebuffer_sync(uint8_t *data, size_t len) {
    // Wait for current PDC bank to be free
    // (and check next bank too, in case there will be a usart_writebuffer_async)
--- a/armsrc/usart.h
+++ b/armsrc/usart.h
@ -25,7 +25,7 @@ extern uint32_t g_usart_baudrate;
 extern uint8_t g_usart_parity;
 void usart_init(uint32_t baudrate, uint8_t parity);
-int usart_writebuffer_sync(const uint8_t *data, size_t len);
+int usart_writebuffer_sync(uint8_t *data, size_t len);
 uint32_t usart_read_ng(uint8_t *data, size_t len);
 uint16_t usart_rxdata_available(void);
--- a/bootrom/Makefile
+++ b/bootrom/Makefile
@ -56,7 +56,7 @@ OBJS = $(OBJDIR)/bootrom.s19
 # version_pm3.c should be checked on every compilation
 version_pm3.c: default_version_pm3.c .FORCE
 	$(info [=] CHECK $@)
-	$(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@
+	$(Q)$(CP) $< $@
 all: showinfo $(OBJS)
--- a/client/CMakeLists.txt
+++ b/client/CMakeLists.txt
@ -402,7 +402,6 @@ set (TARGET_SOURCES
        ${PM3_ROOT}/client/src/cmdlfvisa2000.c
        ${PM3_ROOT}/client/src/cmdlfzx8211.c
        ${PM3_ROOT}/client/src/cmdmain.c
        ${PM3_ROOT}/client/src/cmdmqtt.c
        ${PM3_ROOT}/client/src/cmdnfc.c
        ${PM3_ROOT}/client/src/cmdparser.c
        ${PM3_ROOT}/client/src/cmdpiv.c
@ -435,7 +434,7 @@ set (TARGET_SOURCES
 add_custom_command(
    OUTPUT  ${CMAKE_BINARY_DIR}/version_pm3.c
-    COMMAND sh ${PM3_ROOT}/tools/mkversion.sh ${CMAKE_BINARY_DIR}/version_pm3.c || ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c
+    COMMAND ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c
    DEPENDS ${PM3_ROOT}/common/default_version_pm3.c
 )
@ -693,7 +692,7 @@ add_executable(proxmark3
        ${ADDITIONAL_SRC}
 )
-target_compile_options(proxmark3 PUBLIC -Wall -Werror -O3)
+target_compile_options(proxmark3 PUBLIC -Wall -O3)
 if (EMBED_READLINE)
    if (NOT SKIPREADLINE EQUAL 1)
        add_dependencies(proxmark3 ncurses readline)
@ -773,7 +772,6 @@ target_link_libraries(proxmark3 PRIVATE
        pm3rrg_rdv4_reveng
        pm3rrg_rdv4_hardnested
        pm3rrg_rdv4_id48
        pm3rrg_rdv4_mqtt
        ${ADDITIONAL_LNK})
 if (NOT SKIPPTHREAD EQUAL 1)
--- a/client/Makefile
+++ b/client/Makefile
@ -17,8 +17,6 @@
 ifeq ($(PLTNAME),)
    -include ../Makefile.platform
    -include ../.Makefile.options.cache
 # Default platform if no platform specified
    PLATFORM?=PM3RDV4
    ifneq ($(PLATFORM), $(CACHED_PLATFORM))
        $(error platform definitions have been changed, please "make clean" at the root of the project)
    endif
@ -133,12 +131,6 @@ WHEREAMILIBINC = -I$(WHEREAMILIBPATH)
 WHEREAMILIB = $(WHEREAMILIBPATH)/libwhereami.a
 WHEREAMILIBLD =
 ## MQTT
 MQTTLIBPATH = ./deps/mqtt
 MQTTLIBINC = -I$(MQTTLIBPATH)
 MQTTLIB = $(MQTTLIBPATH)/mqtt.a
 MQTTLIBLD =
 ##########################
 # common local libraries #
 ##########################
@ -247,12 +239,6 @@ STATICLIBS += $(WHEREAMILIB)
 LDLIBS += $(WHEREAMILIBLD)
 PM3INCLUDES += $(WHEREAMILIBINC)
 ## MQTT
 # not distributed as system library
 STATICLIBS += $(MQTTLIB)
 LDLIBS += $(MQTTLIBLD)
 PM3INCLUDES += $(MQTTLIBINC)
 ####################
 # system libraries #
 ####################
@ -454,14 +440,13 @@ endif
 ifeq ($(SWIG_LUA_FOUND),1)
    PM3CFLAGS += -DHAVE_LUA_SWIG
 endif
 ifeq ($(SWIG_PYTHON_FOUND),1)
    PM3CFLAGS += -DHAVE_PYTHON_SWIG
 endif
 PM3CFLAGS += -DHAVE_SNPRINTF
-CXXFLAGS ?= -Wall -Werror
+CXXFLAGS ?= -Wall
 CXXFLAGS += $(MYDEFS) $(MYCXXFLAGS) $(MYINCLUDES)
 PM3CXXFLAGS = $(CXXFLAGS)
@ -597,7 +582,6 @@ endif
 ifeq ($(SWIG_LUA_FOUND),1)
        $(info Lua SWIG:          wrapper found)
 endif
 ifeq ($(SWIG_PYTHON_FOUND),1)
        $(info Python SWIG:       wrapper found)
 endif
@ -698,7 +682,6 @@ SRCS =  mifare/aiddesfire.c \
 		cmdlfvisa2000.c \
 		cmdlfzx8211.c \
 		cmdmain.c \
 		cmdmqtt.c \
 		cmdnfc.c \
 		cmdparser.c \
 		cmdpiv.c \
@ -894,7 +877,6 @@ endif
 	$(Q)$(MAKE) --no-print-directory -C $(REVENGLIBPATH) clean
 	$(Q)$(MAKE) --no-print-directory -C $(TINYCBORLIBPATH) clean
 	$(Q)$(MAKE) --no-print-directory -C $(WHEREAMILIBPATH) clean
 	$(Q)$(MAKE) --no-print-directory -C $(MQTTLIBPATH) clean
 	@# Just in case someone compiled within these dirs:
 	$(Q)$(MAKE) --no-print-directory -C $(MBEDTLSLIBPATH) clean
@ -907,19 +889,11 @@ endif
 ifneq (,$(INSTALLSHARE))
 	    $(Q)$(INSTALLSUDO) $(MKDIR) $(DESTDIR)$(PREFIX)$(PATHSEP)$(INSTALLSHARERELPATH)
 	    # hack ahead: inject installation path into pm3_resources.py
-    ifeq ($(platform),Darwin)
+	    $(Q)sed -i 's|^TOOLS_PATH \?= \?None|TOOLS_PATH="$(DESTDIR)$(PREFIX)$(PATHSEP)$(INSTALLTOOLSRELPATH)"|' pyscripts/pm3_resources.py
-	    $(Q)sed -E -i '' 's|^TOOLS_PATH \?= \?None|TOOLS_PATH="$(PREFIX)$(PATHSEP)$(INSTALLTOOLSRELPATH)"|' pyscripts/pm3_resources.py
+	    $(Q)sed -i 's|^DICTS_PATH \?= \?None|DICTS_PATH="$(DESTDIR)$(PREFIX)$(PATHSEP)$(INSTALLSHARERELPATH)/dictionaries"|' pyscripts/pm3_resources.py
 	    $(Q)sed -E -i '' 's|^DICTS_PATH \?= \?None|DICTS_PATH="$(PREFIX)$(PATHSEP)$(INSTALLSHARERELPATH)/dictionaries"|' pyscripts/pm3_resources.py
 	    $(Q)$(INSTALLSUDO) $(CP) $(INSTALLSHARE) $(DESTDIR)$(PREFIX)$(PATHSEP)$(INSTALLSHARERELPATH)
 	    $(Q)sed -E -i '' 's|^TOOLS_PATH \?=.*|TOOLS_PATH = None|' pyscripts/pm3_resources.py
 	    $(Q)sed -E -i '' 's|^DICTS_PATH \?=.*|DICTS_PATH = None|' pyscripts/pm3_resources.py
    else
 	    $(Q)sed -i 's|^TOOLS_PATH \?= \?None|TOOLS_PATH="$(PREFIX)$(PATHSEP)$(INSTALLTOOLSRELPATH)"|' pyscripts/pm3_resources.py
 	    $(Q)sed -i 's|^DICTS_PATH \?= \?None|DICTS_PATH="$(PREFIX)$(PATHSEP)$(INSTALLSHARERELPATH)/dictionaries"|' pyscripts/pm3_resources.py
 	    $(Q)$(INSTALLSUDO) $(CP) $(INSTALLSHARE) $(DESTDIR)$(PREFIX)$(PATHSEP)$(INSTALLSHARERELPATH)
 	    $(Q)sed -i 's|^TOOLS_PATH \?=.*|TOOLS_PATH = None|' pyscripts/pm3_resources.py
 	    $(Q)sed -i 's|^DICTS_PATH \?=.*|DICTS_PATH = None|' pyscripts/pm3_resources.py
    endif
 endif
 	@true
@ -992,10 +966,6 @@ ifneq ($(WHEREAMI_FOUND),1)
 	$(Q)$(MAKE) --no-print-directory -C $(WHEREAMILIBPATH) all
 endif
 $(MQTTLIB): .FORCE
 	$(info [*] MAKE $@)
 	$(Q)$(MAKE) --no-print-directory -C $(MQTTLIBPATH) all
 ########
 # SWIG #
 ########
@ -1017,7 +987,7 @@ src/pm3_pywrap.c: pm3.i
 # version_pm3.c should be checked on every compilation
 src/version_pm3.c: default_version_pm3.c .FORCE
 	$(info [=] CHECK $@)
-	$(Q)$(SH) ../tools/mkversion.sh $@ || $(CP) $< $@
+	$(Q)$(CP) $< $@
 # easy printing of MAKE VARIABLES
 print-%: ; @echo $* = $($*)
--- a/client/deps/CMakeLists.txt
+++ b/client/deps/CMakeLists.txt
@ -31,6 +31,3 @@ endif()
 if (NOT TARGET pm3rrg_rdv4_whereami)
  include(whereami.cmake)
 endif()
 if (NOT TARGET pm3rrg_rdv4_mqtt)
  include(mqtt.cmake)
 endif()
--- a/client/deps/amiibo.cmake
+++ b/client/deps/amiibo.cmake
@ -19,7 +19,7 @@ target_link_libraries(pm3rrg_rdv4_amiibo PRIVATE
        m
        pm3rrg_rdv4_mbedtls)
-target_compile_options(pm3rrg_rdv4_amiibo PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_amiibo PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_amiibo PROPERTY POSITION_INDEPENDENT_CODE ON)
 target_include_directories(pm3rrg_rdv4_amiibo PRIVATE amiitool
--- a/client/deps/cliparser.cmake
+++ b/client/deps/cliparser.cmake
@ -9,5 +9,5 @@ target_include_directories(pm3rrg_rdv4_cliparser PRIVATE
        ../../include
        ../src)
 target_include_directories(pm3rrg_rdv4_cliparser INTERFACE cliparser)
-target_compile_options(pm3rrg_rdv4_cliparser PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_cliparser PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_cliparser PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/hardnested.cmake
+++ b/client/deps/hardnested.cmake
@ -2,7 +2,7 @@ add_library(pm3rrg_rdv4_hardnested_nosimd OBJECT
        hardnested/hardnested_bf_core.c
        hardnested/hardnested_bitarray_core.c)
-target_compile_options(pm3rrg_rdv4_hardnested_nosimd PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_hardnested_nosimd PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_hardnested_nosimd PROPERTY POSITION_INDEPENDENT_CODE ON)
 target_include_directories(pm3rrg_rdv4_hardnested_nosimd PRIVATE
@ -32,7 +32,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS)
            hardnested/hardnested_bf_core.c
            hardnested/hardnested_bitarray_core.c)
-    target_compile_options(pm3rrg_rdv4_hardnested_mmx PRIVATE -Wall -Werror -O3)
+    target_compile_options(pm3rrg_rdv4_hardnested_mmx PRIVATE -Wall -O3)
    target_compile_options(pm3rrg_rdv4_hardnested_mmx BEFORE PRIVATE
            -mmmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f)
    set_property(TARGET pm3rrg_rdv4_hardnested_mmx PROPERTY POSITION_INDEPENDENT_CODE ON)
@ -47,7 +47,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS)
            hardnested/hardnested_bf_core.c
            hardnested/hardnested_bitarray_core.c)
-    target_compile_options(pm3rrg_rdv4_hardnested_sse2 PRIVATE -Wall -Werror -O3)
+    target_compile_options(pm3rrg_rdv4_hardnested_sse2 PRIVATE -Wall -O3)
    target_compile_options(pm3rrg_rdv4_hardnested_sse2 BEFORE PRIVATE
            -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f)
    set_property(TARGET pm3rrg_rdv4_hardnested_sse2 PROPERTY POSITION_INDEPENDENT_CODE ON)
@ -62,7 +62,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS)
            hardnested/hardnested_bf_core.c
            hardnested/hardnested_bitarray_core.c)
-    target_compile_options(pm3rrg_rdv4_hardnested_avx PRIVATE -Wall -Werror -O3)
+    target_compile_options(pm3rrg_rdv4_hardnested_avx PRIVATE -Wall -O3)
    target_compile_options(pm3rrg_rdv4_hardnested_avx BEFORE PRIVATE
            -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f)
    set_property(TARGET pm3rrg_rdv4_hardnested_avx PROPERTY POSITION_INDEPENDENT_CODE ON)
@ -77,7 +77,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS)
            hardnested/hardnested_bf_core.c
            hardnested/hardnested_bitarray_core.c)
-    target_compile_options(pm3rrg_rdv4_hardnested_avx2 PRIVATE -Wall -Werror -O3)
+    target_compile_options(pm3rrg_rdv4_hardnested_avx2 PRIVATE -Wall -O3)
    target_compile_options(pm3rrg_rdv4_hardnested_avx2 BEFORE PRIVATE
            -mmmx -msse2 -mavx -mavx2 -mno-avx512f)
    set_property(TARGET pm3rrg_rdv4_hardnested_avx2 PROPERTY POSITION_INDEPENDENT_CODE ON)
@ -92,7 +92,7 @@ if ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST X86_CPUS)
            hardnested/hardnested_bf_core.c
            hardnested/hardnested_bitarray_core.c)
-    target_compile_options(pm3rrg_rdv4_hardnested_avx512 PRIVATE -Wall -Werror -O3)
+    target_compile_options(pm3rrg_rdv4_hardnested_avx512 PRIVATE -Wall -O3)
    target_compile_options(pm3rrg_rdv4_hardnested_avx512 BEFORE PRIVATE
            -mmmx -msse2 -mavx -mavx2 -mavx512f)
    set_property(TARGET pm3rrg_rdv4_hardnested_avx512 PROPERTY POSITION_INDEPENDENT_CODE ON)
@ -116,7 +116,7 @@ elseif ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST ARM64_CPUS)
            hardnested/hardnested_bf_core.c
            hardnested/hardnested_bitarray_core.c)
-    target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -Werror -O3)
+    target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -O3)
    set_property(TARGET pm3rrg_rdv4_hardnested_neon PROPERTY POSITION_INDEPENDENT_CODE ON)
    target_include_directories(pm3rrg_rdv4_hardnested_neon PRIVATE
@ -134,7 +134,7 @@ elseif ("${CMAKE_SYSTEM_PROCESSOR}" IN_LIST ARM32_CPUS)
            hardnested/hardnested_bf_core.c
            hardnested/hardnested_bitarray_core.c)
-    target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -Werror -O3)
+    target_compile_options(pm3rrg_rdv4_hardnested_neon PRIVATE -Wall -O3)
    target_compile_options(pm3rrg_rdv4_hardnested_neon BEFORE PRIVATE
            -mfpu=neon)
    set_property(TARGET pm3rrg_rdv4_hardnested_neon PROPERTY POSITION_INDEPENDENT_CODE ON)
@ -155,7 +155,7 @@ add_library(pm3rrg_rdv4_hardnested STATIC
        hardnested/hardnested_bruteforce.c
        $<TARGET_OBJECTS:pm3rrg_rdv4_hardnested_nosimd>
        ${SIMD_TARGETS})
-target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_hardnested PROPERTY POSITION_INDEPENDENT_CODE ON)
 target_include_directories(pm3rrg_rdv4_hardnested PRIVATE
        ../../common
--- a/client/deps/hardnested/hardnested_bruteforce.c
+++ b/client/deps/hardnested/hardnested_bruteforce.c
@ -177,15 +177,14 @@ crack_states_thread(void *x) {
                char progress_text[80];
                char keystr[19];
-                snprintf(keystr, sizeof(keystr), "%012" PRIX64, key);
+                snprintf(keystr, sizeof(keystr), "%012" PRIX64 "  ", key);
                snprintf(progress_text, sizeof(progress_text), "Brute force phase completed.  Key found: " _GREEN_("%s"), keystr);
                hardnested_print_progress(thread_arg->num_acquired_nonces, progress_text, 0.0, 0);
                PrintAndLogEx(INFO, "---------+---------+---------------------------------------------------------+-----------------+-------");
                break;
            } else if (keys_found) {
                break;
            } else {
-                if (thread_arg->silent == false) {
+                if (!thread_arg->silent) {
                    char progress_text[80];
                    snprintf(progress_text, sizeof(progress_text), "Brute force phase: %6.02f%%  ", 100.0 * (float)num_keys_tested / (float)(thread_arg->maximum_states));
                    float remaining_bruteforce = thread_arg->nonces[thread_arg->best_first_bytes[0]].expected_num_brute_force - (float)num_keys_tested / 2;
@ -338,7 +337,7 @@ bool brute_force_bs(float *bf_rate, statelist_t *candidates, uint32_t cuid, uint
    bucket_count = 0;
    for (statelist_t *p = candidates; p != NULL; p = p->next) {
        if (p->states[ODD_STATE] != NULL && p->states[EVEN_STATE] != NULL) {
-            if (ensure_buckets_alloc(bucket_count + 1) == false) {
+            if (!ensure_buckets_alloc(bucket_count + 1)) {
                PrintAndLogEx(ERR, "Can't allocate buckets, abort!");
                return false;
            }
@ -376,7 +375,6 @@ bool brute_force_bs(float *bf_rate, statelist_t *candidates, uint32_t cuid, uint
        thread_args[i].best_first_bytes = best_first_bytes;
        pthread_create(&threads[i], NULL, crack_states_thread, (void *)&thread_args[i]);
    }
    for (uint32_t i = 0; i < num_brute_force_threads; i++) {
        pthread_join(threads[i], 0);
    }
@ -387,13 +385,11 @@ bool brute_force_bs(float *bf_rate, statelist_t *candidates, uint32_t cuid, uint
    uint64_t elapsed_time = msclock() - start_time;
-    if (bf_rate != NULL) {
+    if (bf_rate != NULL)
        *bf_rate = (float)num_keys_tested / ((float)elapsed_time / 1000.0);
    }
-    if (keys_found > 0) {
+    if (keys_found > 0)
        *found_key = found_bs_key;
    }
    return (keys_found != 0);
 }
--- a/client/deps/id48lib.cmake
+++ b/client/deps/id48lib.cmake
@ -3,7 +3,7 @@ add_library(pm3rrg_rdv4_id48 STATIC
        id48/id48_generator.c
        id48/id48_recover.c
 )
-target_compile_options(    pm3rrg_rdv4_id48 PRIVATE   -Wpedantic -Wall -Werror -O3 -Wno-unknown-pragmas -Wno-inline -Wno-unused-function -DID48_NO_STDIO)
+target_compile_options(    pm3rrg_rdv4_id48 PRIVATE   -Wpedantic -Wall -O3 -Wno-unknown-pragmas -Wno-inline -Wno-unused-function -DID48_NO_STDIO)
 target_include_directories(pm3rrg_rdv4_id48 PRIVATE   id48)
 target_include_directories(pm3rrg_rdv4_id48 INTERFACE id48)
 set_property(TARGET        pm3rrg_rdv4_id48 PROPERTY  POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/jansson.cmake
+++ b/client/deps/jansson.cmake
@ -14,5 +14,5 @@ add_library(pm3rrg_rdv4_jansson STATIC
 target_compile_definitions(pm3rrg_rdv4_jansson PRIVATE HAVE_STDINT_H)
 target_include_directories(pm3rrg_rdv4_jansson INTERFACE jansson)
-target_compile_options(pm3rrg_rdv4_jansson PRIVATE -Wall -Werror -Wno-unused-function -O3)
+target_compile_options(pm3rrg_rdv4_jansson PRIVATE -Wall -Wno-unused-function -O3)
 set_property(TARGET pm3rrg_rdv4_jansson PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/jansson/dump.c
+++ b/client/deps/jansson/dump.c
@ -440,32 +440,33 @@ int json_dumpfd(const json_t *json, int output, size_t flags) {
 }
 int json_dump_file(const json_t *json, const char *path, size_t flags) {
    int result;
-    FILE *f = fopen(path, "w");
+    FILE *output = fopen(path, "w");
-    if (f == NULL) {
+    if (!output)
        return -1;
    }
    int res = json_dumpf(json, f, flags);
    if (fclose(f) != 0)
        return -1;
-    return res;
+    result = json_dumpf(json, output, flags);
    if (fclose(output) != 0)
        return -1;
    return result;
 }
 int json_dump_callback(const json_t *json, json_dump_callback_t callback, void *data, size_t flags) {
    int res;
    hashtable_t parents_set;
    if (!(flags & JSON_ENCODE_ANY)) {
-        if (!json_is_array(json) && !json_is_object(json)) {
+        if (!json_is_array(json) && !json_is_object(json))
            return -1;
        }
    }
-    hashtable_t parents_set;
+    if (hashtable_init(&parents_set))
    if (hashtable_init(&parents_set)) {
        return -1;
-    }
+    res = do_dump(json, flags, 0, &parents_set, callback, data);
    int res = do_dump(json, flags, 0, &parents_set, callback, data);
    hashtable_close(&parents_set);
    return res;
 }
--- a/client/deps/lua.cmake
+++ b/client/deps/lua.cmake
@ -52,5 +52,5 @@ if (NOT MINGW)
 endif (NOT MINGW)
 target_include_directories(pm3rrg_rdv4_lua INTERFACE liblua)
-target_compile_options(pm3rrg_rdv4_lua PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_lua PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_lua PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/mbedtls.cmake
+++ b/client/deps/mbedtls.cmake
@ -44,10 +44,10 @@ add_library(pm3rrg_rdv4_mbedtls STATIC
        ../../common/mbedtls/x509.c
        ../../common/mbedtls/x509_crl.c
        ../../common/mbedtls/x509_crt.c
-		../../common/mbedtls/net_sockets.c
+				../../common/mbedtls/net_sockets.c
        )
 target_include_directories(pm3rrg_rdv4_mbedtls PRIVATE ../../common)
 target_include_directories(pm3rrg_rdv4_mbedtls INTERFACE ../../common/mbedtls)
-target_compile_options(pm3rrg_rdv4_mbedtls PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_mbedtls PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_mbedtls PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/mqtt.cmake
+++ b/client/deps/mqtt.cmake
@ -1,9 +0,0 @@
 add_library(pm3rrg_rdv4_mqtt STATIC
        mqtt/mqtt.c
        mqtt/mqtt_pal.c
        )
 target_compile_definitions(pm3rrg_rdv4_mqtt PRIVATE WAI_PM3_TUNED)
 target_include_directories(pm3rrg_rdv4_mqtt INTERFACE mqtt)
 target_compile_options(pm3rrg_rdv4_mqtt PRIVATE -Wall -Werror -O3)
 set_property(TARGET pm3rrg_rdv4_mqtt PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/mqtt/LICENSE
+++ b/client/deps/mqtt/LICENSE
@ -1,21 +0,0 @@
 MIT License
 Copyright (c) 2018 Liam Bindle
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/client/deps/mqtt/Makefile
+++ b/client/deps/mqtt/Makefile
@ -1,14 +0,0 @@
 MYSRCPATHS =
 MYINCLUDES =
 MYCFLAGS = -Wno-bad-function-cast -Wno-switch-enum
 MYDEFS = -DWAI_PM3_TUNED
 MYSRCS = \
 	mqtt.c \
 	mqtt_pal.c \
 LIB_A = mqtt.a
 # Transition: remove old directories and objects
 MYCLEANOLDPATH = ../../mqtt
 include ../../../Makefile.host
--- a/client/deps/mqtt/mbedtls_sockets.h
+++ b/client/deps/mqtt/mbedtls_sockets.h
@ -1,152 +0,0 @@
 #if !defined(__MBEDTLS_SOCKET_TEMPLATE_H__)
 #define __MBEDTLS_SOCKET_TEMPLATE_H__
 #include <inttypes.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <mbedtls/error.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/net_sockets.h>
 #include <mbedtls/ssl.h>
 #if !defined(MBEDTLS_NET_POLL_READ)
 /* compat for older mbedtls */
 #define	MBEDTLS_NET_POLL_READ	1
 #define	MBEDTLS_NET_POLL_WRITE	1
 int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout) {
    /* XXX this is not ideal but good enough for an example */
    msleep(300);
    return 1;
 }
 #endif
 struct mbedtls_context {
    mbedtls_net_context net_ctx;
    mbedtls_ssl_context ssl_ctx;
    mbedtls_ssl_config ssl_conf;
    mbedtls_x509_crt ca_crt;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
 };
 void failed(const char *fn, int rv);
 void cert_verify_failed(uint32_t rv);
 void open_nb_socket(struct mbedtls_context *ctx,
                    const char *hostname,
                    const char *port,
                    const char *ca_file);
 void failed(const char *fn, int rv) {
    char buf[100];
    mbedtls_strerror(rv, buf, sizeof(buf));
    printf("%s failed with %x (%s)\n", fn, -rv, buf);
    exit(1);
 }
 void cert_verify_failed(uint32_t rv) {
    char buf[512];
    mbedtls_x509_crt_verify_info(buf, sizeof(buf), "\t", rv);
    printf("Certificate verification failed (%0" PRIx32 ")\n%s\n", rv, buf);
    exit(1);
 }
 /*
    A template for opening a non-blocking mbed TLS connection.
 */
 void open_nb_socket(struct mbedtls_context *ctx,
                    const char *hostname,
                    const char *port,
                    const char *ca_file) {
    const unsigned char *additional = (const unsigned char *)"Pm3 Client";
    size_t additional_len = 6;
    int rv;
    mbedtls_net_context *net_ctx = &ctx->net_ctx;
    mbedtls_ssl_context *ssl_ctx = &ctx->ssl_ctx;
    mbedtls_ssl_config *ssl_conf = &ctx->ssl_conf;
    mbedtls_x509_crt *ca_crt = &ctx->ca_crt;
    mbedtls_entropy_context *entropy = &ctx->entropy;
    mbedtls_ctr_drbg_context *ctr_drbg = &ctx->ctr_drbg;
    mbedtls_entropy_init(entropy);
    mbedtls_ctr_drbg_init(ctr_drbg);
    rv = mbedtls_ctr_drbg_seed(ctr_drbg, mbedtls_entropy_func, entropy,
                               additional, additional_len);
    if (rv != 0) {
        failed("mbedtls_ctr_drbg_seed", rv);
    }
    mbedtls_x509_crt_init(ca_crt);
    rv = mbedtls_x509_crt_parse_file(ca_crt, ca_file);
    if (rv != 0) {
        failed("mbedtls_x509_crt_parse_file", rv);
    }
    mbedtls_ssl_config_init(ssl_conf);
    rv = mbedtls_ssl_config_defaults(ssl_conf,  MBEDTLS_SSL_IS_CLIENT,
                                     MBEDTLS_SSL_TRANSPORT_STREAM,
                                     MBEDTLS_SSL_PRESET_DEFAULT);
    if (rv != 0) {
        failed("mbedtls_ssl_config_defaults", rv);
    }
    mbedtls_ssl_conf_ca_chain(ssl_conf, ca_crt, NULL);
    mbedtls_ssl_conf_authmode(ssl_conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
    mbedtls_ssl_conf_rng(ssl_conf, mbedtls_ctr_drbg_random, ctr_drbg);
    mbedtls_net_init(net_ctx);
    rv = mbedtls_net_connect(net_ctx, hostname, port, MBEDTLS_NET_PROTO_TCP);
    if (rv != 0) {
        failed("mbedtls_net_connect", rv);
    }
    rv = mbedtls_net_set_nonblock(net_ctx);
    if (rv != 0) {
        failed("mbedtls_net_set_nonblock", rv);
    }
    mbedtls_ssl_init(ssl_ctx);
    rv = mbedtls_ssl_setup(ssl_ctx, ssl_conf);
    if (rv != 0) {
        failed("mbedtls_ssl_setup", rv);
    }
    rv = mbedtls_ssl_set_hostname(ssl_ctx, hostname);
    if (rv != 0) {
        failed("mbedtls_ssl_set_hostname", rv);
    }
    mbedtls_ssl_set_bio(ssl_ctx, net_ctx,
                        mbedtls_net_send, mbedtls_net_recv, NULL);
    for (;;) {
        rv = mbedtls_ssl_handshake(ssl_ctx);
        uint32_t want = 0;
        if (rv == MBEDTLS_ERR_SSL_WANT_READ) {
            want |= MBEDTLS_NET_POLL_READ;
        } else if (rv == MBEDTLS_ERR_SSL_WANT_WRITE) {
            want |= MBEDTLS_NET_POLL_WRITE;
        } else {
            break;
        }
        rv = mbedtls_net_poll(net_ctx, want, (uint32_t) -1);
        if (rv < 0) {
            failed("mbedtls_net_poll", rv);
        }
    }
    if (rv != 0) {
        failed("mbedtls_ssl_handshake", rv);
    }
    uint32_t result = mbedtls_ssl_get_verify_result(ssl_ctx);
    if (result != 0) {
        if (result == (uint32_t) -1) {
            failed("mbedtls_ssl_get_verify_result", (int)result);
        } else {
            cert_verify_failed(result);
        }
    }
 }
 #endif
--- a/client/deps/mqtt/mqtt.c
+++ b/client/deps/mqtt/mqtt.c
--- a/client/deps/mqtt/mqtt.h
+++ b/client/deps/mqtt/mqtt.h
--- a/client/deps/mqtt/mqtt_pal.c
+++ b/client/deps/mqtt/mqtt_pal.c
@ -1,235 +0,0 @@
 /*
 MIT License
 Copyright(c) 2018 Liam Bindle
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files(the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions :
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 */
 #include "mqtt.h"
 /**
 * @file
 * @brief Implements @ref mqtt_pal_sendall and @ref mqtt_pal_recvall and
 *        any platform-specific helpers you'd like.
 * @cond Doxygen_Suppress
 */
 #if defined(MQTT_USE_CUSTOM_SOCKET_HANDLE)
 /*
 * In case of MQTT_USE_CUSTOM_SOCKET_HANDLE, a pal implemantation is
 * provided by the user.
 */
 /* Note: Some toolchains complain on an object without symbols */
 int _mqtt_pal_dummy;
 #else /* defined(MQTT_USE_CUSTOM_SOCKET_HANDLE) */
 #if defined(MQTT_USE_MBEDTLS)
 #include <mbedtls/ssl.h>
 ssize_t mqtt_pal_sendall(mqtt_pal_socket_handle fd, const void *buf, size_t len, int flags) {
    enum MQTTErrors error = 0;
    size_t sent = 0;
    while (sent < len) {
        int rv = mbedtls_ssl_write(fd, (const unsigned char *)buf + sent, len - sent);
        if (rv < 0) {
            if (rv == MBEDTLS_ERR_SSL_WANT_READ ||
                    rv == MBEDTLS_ERR_SSL_WANT_WRITE
 #if defined(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS)
                    || rv == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS
 #endif
 #if defined(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS)
                    || rv == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS
 #endif
               ) {
                /* should call mbedtls_ssl_write later again */
                break;
            }
            error = MQTT_ERROR_SOCKET_ERROR;
            break;
        }
        /*
         * Note: rv can be 0 here eg. when mbedtls just flushed
         * the previous incomplete record.
         *
         * Note: we never send an empty TLS record.
         */
        sent += (size_t) rv;
    }
    if (sent == 0) {
        return error;
    }
    return (ssize_t)sent;
 }
 ssize_t mqtt_pal_recvall(mqtt_pal_socket_handle fd, void *buf, size_t bufsz, int flags) {
    const void *const start = buf;
    enum MQTTErrors error = 0;
    int rv;
    do {
        rv = mbedtls_ssl_read(fd, (unsigned char *)buf, bufsz);
        if (rv == 0) {
            /*
             * Note: mbedtls_ssl_read returns 0 when the underlying
             * transport was closed without CloseNotify.
             *
             * Raise an error to trigger a reconnect.
             */
            error = MQTT_ERROR_SOCKET_ERROR;
            break;
        }
        if (rv < 0) {
            if (rv == MBEDTLS_ERR_SSL_WANT_READ ||
                    rv == MBEDTLS_ERR_SSL_WANT_WRITE
 #if defined(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS)
                    || rv == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS
 #endif
 #if defined(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS)
                    || rv == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS
 #endif
               ) {
                /* should call mbedtls_ssl_read later again */
                break;
            }
            /* Note: MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY is handled here. */
            error = MQTT_ERROR_SOCKET_ERROR;
            break;
        }
        buf = (char *)buf + rv;
        bufsz -= (unsigned long)rv;
    } while (bufsz > 0);
    if (buf == start) {
        return error;
    }
    return (const char *)buf - (const char *)start;
 }
 #elif defined(__unix__) || defined(__APPLE__) || defined(__NuttX__)
 #include <errno.h>
 ssize_t mqtt_pal_sendall(mqtt_pal_socket_handle fd, const void *buf, size_t len, int flags) {
    enum MQTTErrors error = 0;
    size_t sent = 0;
    while (sent < len) {
        ssize_t rv = send(fd, (const char *)buf + sent, len - sent, flags);
        if (rv < 0) {
            if (errno == EAGAIN) {
                /* should call send later again */
                break;
            }
            error = MQTT_ERROR_SOCKET_ERROR;
            break;
        }
        if (rv == 0) {
            /* is this possible? maybe OS bug. */
            error = MQTT_ERROR_SOCKET_ERROR;
            break;
        }
        sent += (size_t) rv;
    }
    if (sent == 0) {
        return error;
    }
    return (ssize_t)sent;
 }
 ssize_t mqtt_pal_recvall(mqtt_pal_socket_handle fd, void *buf, size_t bufsz, int flags) {
    const void *const start = buf;
    enum MQTTErrors error = 0;
    ssize_t rv;
    do {
        rv = recv(fd, buf, bufsz, flags);
        if (rv == 0) {
            /*
             * recv returns 0 when the socket is (half) closed by the peer.
             *
             * Raise an error to trigger a reconnect.
             */
            error = MQTT_ERROR_SOCKET_ERROR;
            break;
        }
        if (rv < 0) {
            if (errno == EAGAIN || errno == EWOULDBLOCK) {
                /* should call recv later again */
                break;
            }
            /* an error occurred that wasn't "nothing to read". */
            error = MQTT_ERROR_SOCKET_ERROR;
            break;
        }
        buf = (char *)buf + rv;
        bufsz -= (unsigned long)rv;
    } while (bufsz > 0);
    if (buf == start) {
        return error;
    }
    return (char *)buf - (const char *)start;
 }
 #elif defined(_MSC_VER) || defined(WIN32)
 #include <errno.h>
 ssize_t mqtt_pal_sendall(mqtt_pal_socket_handle fd, const void *buf, size_t len, int flags) {
    size_t sent = 0;
    while (sent < len) {
        ssize_t tmp = send(fd, (char *)buf + sent, len - sent, flags);
        if (tmp < 1) {
            return MQTT_ERROR_SOCKET_ERROR;
        }
        sent += (size_t) tmp;
    }
    return sent;
 }
 ssize_t mqtt_pal_recvall(mqtt_pal_socket_handle fd, void *buf, size_t bufsz, int flags) {
    const char *const start = buf;
    ssize_t rv;
    do {
        rv = recv(fd, buf, bufsz, flags);
        if (rv > 0) {
            /* successfully read bytes from the socket */
            buf = (char *)buf + rv;
            bufsz -= rv;
        } else if (rv < 0) {
            int err = WSAGetLastError();
            if (err != WSAEWOULDBLOCK) {
                /* an error occurred that wasn't "nothing to read". */
                return MQTT_ERROR_SOCKET_ERROR;
            }
        }
    } while (rv > 0 && bufsz > 0);
    return (ssize_t)((char *)buf - start);
 }
 #else
 #error No PAL!
 #endif
 #endif /* defined(MQTT_USE_CUSTOM_SOCKET_HANDLE) */
 /** @endcond */
--- a/client/deps/mqtt/mqtt_pal.h
+++ b/client/deps/mqtt/mqtt_pal.h
@ -1,173 +0,0 @@
 #if !defined(__MQTT_PAL_H__)
 #define __MQTT_PAL_H__
 /*
 MIT License
 Copyright(c) 2018 Liam Bindle
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files(the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions :
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 */
 #if defined(__cplusplus)
 extern "C" {
 #endif
 /**
 * @file
 * @brief Includes/supports the types/calls required by the MQTT-C client.
 *
 * @note This is the \em only file included in mqtt.h, and mqtt.c. It is therefore
 *       responsible for including/supporting all the required types and calls.
 *
 * @defgroup pal Platform abstraction layer
 * @brief Documentation of the types and calls required to port MQTT-C to a new platform.
 *
 * mqtt_pal.h is the \em only header file included in mqtt.c. Therefore, to port MQTT-C to a
 * new platform the following types, functions, constants, and macros must be defined in
 * mqtt_pal.h:
 *  - Types:
 *      - \c size_t, \c ssize_t
 *      - \c uint8_t, \c uint16_t, \c uint32_t
 *      - \c va_list
 *      - \c mqtt_pal_time_t : return type of \c MQTT_PAL_TIME()
 *      - \c mqtt_pal_mutex_t : type of the argument that is passed to \c MQTT_PAL_MUTEX_LOCK and
 *        \c MQTT_PAL_MUTEX_RELEASE
 *  - Functions:
 *      - \c memcpy, \c strlen
 *      - \c va_start, \c va_arg, \c va_end
 *  - Constants:
 *      - \c INT_MIN
 *
 * Additionally, three macro's are required:
 *  - \c MQTT_PAL_HTONS(s) : host-to-network endian conversion for uint16_t.
 *  - \c MQTT_PAL_NTOHS(s) : network-to-host endian conversion for uint16_t.
 *  - \c MQTT_PAL_TIME()   : returns [type: \c mqtt_pal_time_t] current time in seconds.
 *  - \c MQTT_PAL_MUTEX_LOCK(mtx_pointer) : macro that locks the mutex pointed to by \c mtx_pointer.
 *  - \c MQTT_PAL_MUTEX_RELEASE(mtx_pointer) : macro that unlocks the mutex pointed to by
 *    \c mtx_pointer.
 *
 * Lastly, \ref mqtt_pal_sendall and \ref mqtt_pal_recvall, must be implemented in mqtt_pal.c
 * for sending and receiving data using the platforms socket calls.
 */
 /* UNIX-like platform support */
 #if defined(__unix__) || defined(__APPLE__) || defined(__NuttX__)
 #include <limits.h>
 #include <string.h>
 #include <stdarg.h>
 #include <time.h>
 #include <arpa/inet.h>
 #include <pthread.h>
 #define MQTT_PAL_HTONS(s) htons(s)
 #define MQTT_PAL_NTOHS(s) ntohs(s)
 #define MQTT_PAL_TIME() time(NULL)
 typedef time_t mqtt_pal_time_t;
 typedef pthread_mutex_t mqtt_pal_mutex_t;
 #define MQTT_PAL_MUTEX_INIT(mtx_ptr) pthread_mutex_init(mtx_ptr, NULL)
 #define MQTT_PAL_MUTEX_LOCK(mtx_ptr) pthread_mutex_lock(mtx_ptr)
 #define MQTT_PAL_MUTEX_UNLOCK(mtx_ptr) pthread_mutex_unlock(mtx_ptr)
 #if !defined(MQTT_USE_CUSTOM_SOCKET_HANDLE)
 #if defined(MQTT_USE_MBEDTLS)
 struct mbedtls_ssl_context;
 typedef struct mbedtls_ssl_context *mqtt_pal_socket_handle;
 #else
 typedef int mqtt_pal_socket_handle;
 #endif
 #endif
 #elif defined(_MSC_VER) || defined(WIN32)
 #include <limits.h>
 #include <winsock2.h>
 #include <windows.h>
 #include <time.h>
 #include <stdint.h>
 typedef SSIZE_T ssize_t;
 #define MQTT_PAL_HTONS(s) htons(s)
 #define MQTT_PAL_NTOHS(s) ntohs(s)
 #define MQTT_PAL_TIME() time(NULL)
 typedef time_t mqtt_pal_time_t;
 typedef CRITICAL_SECTION mqtt_pal_mutex_t;
 #define MQTT_PAL_MUTEX_INIT(mtx_ptr) InitializeCriticalSection(mtx_ptr)
 #define MQTT_PAL_MUTEX_LOCK(mtx_ptr) EnterCriticalSection(mtx_ptr)
 #define MQTT_PAL_MUTEX_UNLOCK(mtx_ptr) LeaveCriticalSection(mtx_ptr)
 #if !defined(MQTT_USE_CUSTOM_SOCKET_HANDLE)
 typedef SOCKET mqtt_pal_socket_handle;
 #endif
 #endif
 /**
 * @brief Sends all the bytes in a buffer.
 * @ingroup pal
 *
 * @param[in] fd The file-descriptor (or handle) of the socket.
 * @param[in] buf A pointer to the first byte in the buffer to send.
 * @param[in] len The number of bytes to send (starting at \p buf).
 * @param[in] flags Flags which are passed to the underlying socket.
 *
 * @returns The number of bytes sent if successful, an \ref MQTTErrors otherwise.
 *
 * Note about the error handling:
 * - On an error, if some bytes have been processed already,
 *   this function should return the number of bytes successfully
 *   processed. (partial success)
 * - Otherwise, if the error is an equivalent of EAGAIN, return 0.
 * - Otherwise, return MQTT_ERROR_SOCKET_ERROR.
 */
 ssize_t mqtt_pal_sendall(mqtt_pal_socket_handle fd, const void *buf, size_t len, int flags);
 /**
 * @brief Non-blocking receive all the byte available.
 * @ingroup pal
 *
 * @param[in] fd The file-descriptor (or handle) of the socket.
 * @param[in] buf A pointer to the receive buffer.
 * @param[in] bufsz The max number of bytes that can be put into \p buf.
 * @param[in] flags Flags which are passed to the underlying socket.
 *
 * @returns The number of bytes received if successful, an \ref MQTTErrors otherwise.
 *
 * Note about the error handling:
 * - On an error, if some bytes have been processed already,
 *   this function should return the number of bytes successfully
 *   processed. (partial success)
 * - Otherwise, if the error is an equivalent of EAGAIN, return 0.
 * - Otherwise, return MQTT_ERROR_SOCKET_ERROR.
 */
 ssize_t mqtt_pal_recvall(mqtt_pal_socket_handle fd, void *buf, size_t bufsz, int flags);
 #if defined(__cplusplus)
 }
 #endif
 #endif
--- a/client/deps/mqtt/posix_sockets.h
+++ b/client/deps/mqtt/posix_sockets.h
@ -1,73 +0,0 @@
 #if !defined(__POSIX_SOCKET_TEMPLATE_H__)
 #define __POSIX_SOCKET_TEMPLATE_H__
 #ifndef _WIN32
 #include <stdio.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <netinet/tcp.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <fcntl.h>
 //  A template for opening a non-blocking POSIX socket.
 void close_nb_socket(int sockfd);
 int open_nb_socket(const char *addr, const char *port);
 int open_nb_socket(const char *addr, const char *port) {
    struct addrinfo hints;
    memset(&hints, 0, sizeof(hints));
    hints.ai_family = AF_UNSPEC; /* IPv4 or IPv6 */
    hints.ai_socktype = SOCK_STREAM; /* Must be TCP */
    struct addrinfo *p, *servinfo;
    /* get address information */
    int rv = getaddrinfo(addr, port, &hints, &servinfo);
    if (rv != 0) {
        fprintf(stderr, "Failed to open socket (getaddrinfo): %s\n", gai_strerror(rv));
        return -1;
    }
    /* open the first possible socket */
    int sockfd = -1;
    for (p = servinfo; p != NULL; p = p->ai_next) {
        sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
        if (sockfd == -1) {
            continue;
        }
        /* connect to server */
        rv = connect(sockfd, p->ai_addr, p->ai_addrlen);
        if (rv == -1) {
            close(sockfd);
            sockfd = -1;
            continue;
        }
        break;
    }
    // free servinfo
    freeaddrinfo(servinfo);
    // make non-blocking
    if (sockfd != -1) {
        fcntl(sockfd, F_SETFL, fcntl(sockfd, F_GETFL) | O_NONBLOCK);
    }
    return sockfd;
 }
 void close_nb_socket(int sockfd) {
    if (sockfd != -1) {
        close(sockfd);
    }
 }
 #endif
 #endif
--- a/client/deps/mqtt/readme.md
+++ b/client/deps/mqtt/readme.md
@ -1,15 +0,0 @@
 # Information
 Source:   https://github.com/LiamBindle/MQTT-C
 License:  MIT
 Authors: 
 MQTT-C was initially developed as a CMPT 434 (Winter Term, 2018) final project at the University of Saskatchewan by:
  - Liam Bindle
  - Demilade Adeoye
 # about
 MQTT-C is an MQTT v3.1.1 client written in C. MQTT is a lightweight publisher-subscriber-based messaging protocol that is commonly used in IoT and networking applications where high-latency and low data-rate links are expected. The purpose of MQTT-C is to provide a portable MQTT client, written in C, for embedded systems and PC's alike. MQTT-C does this by providing a transparent Platform Abstraction Layer (PAL) which makes porting to new platforms easy. MQTT-C is completely thread-safe but can also run perfectly fine on single-threaded systems making MQTT-C well-suited for embedded systems and microcontrollers. Finally, MQTT-C is small; there are only two source files totalling less than 2000 lines.
--- a/client/deps/mqtt/win32_sockets.h
+++ b/client/deps/mqtt/win32_sockets.h
@ -1,92 +0,0 @@
 #if !defined(__WIN32_SOCKET_TEMPLATE_H__)
 #define __WIN32_SOCKET_TEMPLATE_H__
 #include <stdio.h>
 #include <unistd.h>
 #ifdef _WIN32
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
 #include <winsock2.h>
 #include <ws2tcpip.h>
 void close_nb_socket(mqtt_pal_socket_handle sockfd);
 mqtt_pal_socket_handle open_nb_socket(const char *addr, const char *port);
 mqtt_pal_socket_handle open_nb_socket(const char *addr, const char *port) {
    WSADATA wsaData;
    int res = WSAStartup(MAKEWORD(2, 2), &wsaData);
    if (res != 0) {
        fprintf(stderr, "error: WSAStartup failed with error: %i", res);
        return INVALID_SOCKET;
    }
    struct addrinfo hints;
    memset(&hints, 0, sizeof(hints));
    hints.ai_family = AF_UNSPEC;      // IPv4 or IPv6
    hints.ai_socktype = SOCK_STREAM;  // Must be TCP
    hints.ai_protocol = IPPROTO_TCP;  //
    struct addrinfo *p, *servinfo;
    // get address information
    int rv = getaddrinfo(addr, port, &hints, &servinfo);
    if (rv != 0) {
        fprintf(stderr, "error: getaddrinfo: %s", gai_strerror(rv));
        WSACleanup();
        return INVALID_SOCKET;
    }
    /* open the first possible socket */
    SOCKET hSocket = INVALID_SOCKET;
    for (p = servinfo; p != NULL; p = p->ai_next) {
        hSocket = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
        if (hSocket == INVALID_SOCKET) {
            continue;
        }
        // connect to server
        if (connect(hSocket, p->ai_addr, (int)p->ai_addrlen) != INVALID_SOCKET) {
            break;
        }
        closesocket(hSocket);
        hSocket = INVALID_SOCKET;
    }
    // free servinfo
    freeaddrinfo(servinfo);
    if (p == NULL) {               // No address succeeded
        fprintf(stderr, "error: Could not connect");
        WSACleanup();
        return INVALID_SOCKET;
    }
    // make non-blocking
    if (hSocket != INVALID_SOCKET) {
        u_long mode = 1;  // FIONBIO returns size on 32b
        ioctlsocket(hSocket, FIONBIO, &mode);
    }
    int flag = 1;
    res = setsockopt(hSocket, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(flag));
    if (res != 0) {
        closesocket(hSocket);
        WSACleanup();
        return INVALID_SOCKET;
    }
    return hSocket;
 }
 void close_nb_socket(mqtt_pal_socket_handle sockfd) {
    if (sockfd != INVALID_SOCKET) {
        closesocket(sockfd);
    }
 }
 #endif
 #endif
--- a/client/deps/reveng.cmake
+++ b/client/deps/reveng.cmake
@ -13,5 +13,5 @@ target_include_directories(pm3rrg_rdv4_reveng PRIVATE
        ../src
        ../../include)
 target_include_directories(pm3rrg_rdv4_reveng INTERFACE reveng)
-target_compile_options(pm3rrg_rdv4_reveng PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_reveng PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_reveng PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/tinycbor.cmake
+++ b/client/deps/tinycbor.cmake
@ -11,5 +11,5 @@ add_library(pm3rrg_rdv4_tinycbor STATIC
 target_include_directories(pm3rrg_rdv4_tinycbor INTERFACE tinycbor)
 # Strange errors on Mingw when compiling with -O3
-target_compile_options(pm3rrg_rdv4_tinycbor PRIVATE -Wall -Werror -O2)
+target_compile_options(pm3rrg_rdv4_tinycbor PRIVATE -Wall -O2)
 set_property(TARGET pm3rrg_rdv4_tinycbor PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/deps/tinycbor/compilersupport_p.h
+++ b/client/deps/tinycbor/compilersupport_p.h
@ -179,9 +179,7 @@
 #ifndef unlikely
 #  define unlikely(x)   __builtin_expect(!!(x), 0)
 #endif
 #ifndef unreachable
 #  define unreachable() __builtin_unreachable()
 #endif
 #elif defined(_MSC_VER)
 #  define likely(x)     (x)
 #  define unlikely(x)   (x)
--- a/client/deps/whereami.cmake
+++ b/client/deps/whereami.cmake
@ -2,5 +2,5 @@ add_library(pm3rrg_rdv4_whereami STATIC whereami/whereami.c)
 target_compile_definitions(pm3rrg_rdv4_whereami PRIVATE WAI_PM3_TUNED)
 target_include_directories(pm3rrg_rdv4_whereami INTERFACE whereami)
-target_compile_options(pm3rrg_rdv4_whereami PRIVATE -Wall -Werror -O3)
+target_compile_options(pm3rrg_rdv4_whereami PRIVATE -Wall -O3)
 set_property(TARGET pm3rrg_rdv4_whereami PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/client/dictionaries/mfc_default_keys.dic
+++ b/client/dictionaries/mfc_default_keys.dic
@ -1905,14 +1905,15 @@ FF16014FEFC7
 # Food GEM
 6686FADE5566
 #
-# Samsung Data Systems (SDS)
+# Samsung Data Systems (SDS) — Electronic Locks
-# 10-11 A/B (Gen 2)
+# Gen 1 S10 KA/KB is FFFFFFFFFFFF, incompatible with Gen 2 locks
-9B7C25052FC3
+#
 # SDS Gen 2 S10 KB
 C22E04247D9A
 6C4F77534170
 704153564F6C
 #
 # Data from Discord, French pool
 # SDS Gen 2 S10 KA
 9B7C25052FC3
 494446555455
 #
 # Data from Discord, seems to be related to ASSA
@ -2542,7 +2543,7 @@ FAB943906E9C
 # R.A.T.T transport card key A/B
 AA034F342A55
 456776908C48
-#
+
 # BusFacil - Brazilian public transport card for some cities
 fae9b14365a9
 c567dd4a6004
@ -3107,106 +3108,3 @@ AB921CF0752C
 265A5F32DE73
 567D734C403C
 2426217B3B3B
 #
 # German Aral Gas Station Car-Wash cards
 080507020706
 0100815D8D00
 2459514AED5B
 5D493F6B0352
 1CEC0F0ACC0E
 922B5D1BF2BC
 2D7E76C7B8EC
 5E59896806FF
 097EEA4FE51B
 688FC86BAB79
 C01D1DBEEE79
 2529BF8544C2
 C6052FBAA150
 A1D7B3A95605
 00D0BF748E77
 C082C0F35CE6
 3C86C78541A7
 5632DCC517E1
 9310191C338F
 2761858C02D7
 8C64B49C7638
 B1BA3E778930
 2037627D9260
 28C4D7170FCD
 #
 # Card keys from Andalusian public transport system (Consorcio de Transportes)
 1848A8D1E4C5
 16EE1FE134E4
 5246B8F4ACFC
 515A8209843C
 0EF7636AA829
 E59D0F78C413
 5AF68604DD6B
 B0BCB22DCBA3
 51B3EF60BF56
 99100225D83B
 63C88F562B97
 B30B6A5AD434
 D33E4A4A0041
 9C0A4CC89D61
 5204D83D8CD3
 A662F9DC0D3D
 #
 # Card keys from EMT Malaga (Spain) bus system
 41534E354936
 454D41343253
 4541444C4130
 46305234324E
 505444505232
 5239425A3546
 454449434631
 414F4544384C
 344E4F4E4937
 45444E413254
 3255534D3033
 4F554D523935
 3141544D3735
 494E47463539
 32414F4E3341
 41534C473637
 534E41395430
 41364C38364F
 525241414D39
 41304532334F
 4D4545494F35
 4E324C453045
 394143494E32
 5352554E3245
 324553553036
 444D414E3539
 324745413232
 4E4E41455236
 394C52493639
 4D4941413236
 414D504F3243
 434C414E3639
 # Key for Waferlock shadow programming card and shadow user card
 333030313536
 #
 # Poland Warsaw public transport card keys
 2481118e5355
 b6f0fc87f57f
 e4fdac292bed
 5888180adbe6
 d572c9491137
 64ea317b7abd
 a39a286285db
 898989890823
 898989891789
 898989893089
 b6e56bad206a
 8fe6fa230c69
 4d1095f1af34
 1ad2f99bb9e9
 891089898989
 896389898989
 890163898989
 898927638989
 898989063889
 898989428989
 898989048989
--- a/client/dictionaries/mfdes_default_keys.dic
+++ b/client/dictionaries/mfdes_default_keys.dic
@ -4,12 +4,10 @@ ffffffffffffffff
 0011223344556677
 1122334455667788
 a0a1a2a3a4a5a6a7
 d3f7d3f7d3f7d3f7
 00000000000000000000000000000000                    #NXP Default 3DES/AES
 000000000000000000000000000000000000000000000000    #NXP Default 3K3DES
 00112233445566778899AABBCCDDEEFF0102030405060708
 ffffffffffffffffffffffffffffffffffffffffffffffff
 d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7
 425245414B4D454946594F5543414E21                    # default UL-C key
 00112233445566778899AABBCCDDEEFF                    #TI TRF7970A sloa213
 79702553797025537970255379702553                    #TI TRF7970A sloa213
--- a/client/experimental_lib/CMakeLists.txt
+++ b/client/experimental_lib/CMakeLists.txt
@ -434,7 +434,7 @@ set (TARGET_SOURCES
 add_custom_command(
    OUTPUT  ${CMAKE_BINARY_DIR}/version_pm3.c
-    COMMAND sh ${PM3_ROOT}/tools/mkversion.sh ${CMAKE_BINARY_DIR}/version_pm3.c || ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c
+    COMMAND ${CMAKE_COMMAND} -E copy ${PM3_ROOT}/common/default_version_pm3.c ${CMAKE_BINARY_DIR}/version_pm3.c
    DEPENDS ${PM3_ROOT}/common/default_version_pm3.c
 )
--- a/client/luascripts/hf_mf_keycheck.lua
+++ b/client/luascripts/hf_mf_keycheck.lua
@ -216,7 +216,7 @@ local function perform_check(uid, numsectors)
    for sector = 0, #keys do
        -- Check if user aborted
        if core.kbd_enter_pressed() then
-            print('Aborted via keyboard!')
+            print('Aborted by user')
            break
        end
--- a/client/luascripts/hf_mfu_ultra.lua
+++ b/client/luascripts/hf_mfu_ultra.lua
@ -1,357 +0,0 @@
 local ansicolors  = require('ansicolors')
 local cmds = require('commands')
 local getopt = require('getopt')
 local lib14a = require('read14a')
 local utils = require('utils')
 -- globals
 copyright = ''
 author = 'Dmitry Malenok'
 version = 'v1.0.0'
 desc =  [[
 The script provides functionality for writing Mifare Ultralight Ultra/UL-5 tags.
 ]]
 example = [[
    -- restpre (write) dump to tag
    ]]..ansicolors.yellow..[[script run hf_mfu_ultra -f hf-mfu-3476FF1514D866-dump.bin -k ffffffff -r]]..ansicolors.reset..[[
    -- wipe tag (]]..ansicolors.red..[[Do not use it with UL-5!]]..ansicolors.reset..[[)
    ]]..ansicolors.yellow..[[script run hf_mfu_ultra -k 1d237f76 -w ]]..ansicolors.reset..[[
 ]]
 usage = [[
 script run hf_mfu_ultra -h -f <dump filename> -k <passwd> -w -r
 ]]
 arguments = [[
    -h      this help
    -f      filename for the datadump to read (bin)
    -k      pwd to use with the restore and wipe operations
    -r      restore a binary dump to tag
    -w      wipe tag (]]..ansicolors.red..[[Do not use it with UL-5!]]..ansicolors.reset..[[)
 ]]
 local _password = nil
 local _defaultPassword = 'FFFFFFFF'
 local _dumpstart = 0x38*2 + 1
 ---
 --- Handles errors
 local function error(err)
    print(ansicolors.red.."ERROR:"..ansicolors.reset, err)
    core.clearCommandBuffer()
    return nil, err
 end
 ---
 -- sets the global password variable
 local function setPassword(password)
    if password == nil or #password == 0 then
        _password = nil;
    elseif #password ~= 8 then
        return false, 'Password must be 4 hex bytes'
    else
        _password = password
    end
    return true, 'Sets'
 end
 --- Parses response data
 local function parseResponse(rawResponse)
    local resp = Command.parse(rawResponse)
    local len = tonumber(resp.arg1) * 2
    return string.sub(tostring(resp.data), 0, len);
 end
 ---
 --- Sends raw data to PM3 and returns raw response if any
 local function sendRaw(rawdata, options)
    local flags = lib14a.ISO14A_COMMAND.ISO14A_RAW
    if options.keep_signal then
        flags = flags + lib14a.ISO14A_COMMAND.ISO14A_NO_DISCONNECT
    end
    if options.connect then
        flags = flags + lib14a.ISO14A_COMMAND.ISO14A_CONNECT
    end
    if options.no_select then
        flags = flags + lib14a.ISO14A_COMMAND.ISO14A_NO_SELECT
    end
    if options.append_crc then
        flags = flags + lib14a.ISO14A_COMMAND.ISO14A_APPEND_CRC
    end
    local arg2 = #rawdata / 2
    if options.bits7 then
       arg2 = arg2 | tonumber(bit32.lshift(7, 16))
    end
    local command = Command:newMIX{cmd = cmds.CMD_HF_ISO14443A_READER,
                    arg1 = flags,
                    arg2 = arg2,
                    data = rawdata}
    return command:sendMIX(options.ignore_response)
 end
 ---
 --- Sends raw data to PM3 and returns parsed response
 local function sendWithResponse(payload, options)
    local opts;
    if options then
        opts = options
    else
        opts = {ignore_response = false, keep_signal = true, append_crc = true}
    end
    local rawResp, err = sendRaw(payload, opts)
    if err then return err end
    return parseResponse(rawResp)
 end
 ---
 -- Authenticates if password is provided
 local function authenticate(password)
    if password then
        local resp, err = sendWithResponse('1B'..password)
        if err then return err end
        -- looking for 2 bytes (4 symbols) of PACK and 2 bytes (4 symbols) of CRC
        if not resp or #resp ~=8 then return false, 'It seems that password is wrong' end
        return true
    end
    return true
 end
 --
 -- selects tag and authenticates if password is provided
 local function connect()
    core.clearCommandBuffer()
    local info, err = lib14a.read(true, true)
    if err then
        lib14a.disconnect()
        return false, err
    end
    core.clearCommandBuffer()
    return authenticate(_password)
 end
 --
 -- reconnects and selects tag again
 local function reconnect()
    lib14a.disconnect()
    utils.Sleep(1)
    local info, err = connect()
    if not info then return false, "Unable to select tag: "..err end
    return true
 end
 --
 -- checks tag version
 local function checkTagVersion()
    local resp, err = sendWithResponse('60');
    if err or resp == nil then return false, err end
    if string.find(resp, '0034210101000E03') ~= 1 then return false, 'Wrong tag version: '..string.sub(resp,1,-5) end
    return true
 end
 --
 -- sends magic wakeup command
 local function magicWakeup()
    io.write('Sending magic wakeup command...')
    local resp, err = sendRaw('5000', {ignore_response = false, append_crc = true})
    if err or resp == nil then return false, "Unable to send first magic wakeup command: "..err end
    resp, err = sendRaw('40', {connect = true, no_select = true, ignore_response = false, keep_signal = true, append_crc = false, bits7 = true})
    if err or resp == nil then return false, "Unable to send first magic wakeup command: "..err end
    resp, err = sendRaw('43', {ignore_response = false, keep_signal = true, append_crc = false})
    if err or resp == nil then return false, "Unable to send second magic wakeup command: "..err end
    print(ansicolors.green..'done'..ansicolors.reset..'.')
    return true
 end
 --
 -- Writes dump to tag
 local function writeDump(filename)
    print(string.rep('--',20))
    local info, err = connect()
    if not info then return false, "Unable to select tag: "..err end
    info, err = checkTagVersion()
    if not info then return info, err end
    -- load dump from file
    if not filename then return false, 'No dump filename provided' end
    io.write('Loading dump from file '..filename..'...')
    local dump
    dump, err = utils.ReadDumpFile(filename)
    if not dump then return false, err end
    if #dump ~= _dumpstart - 1 + 0xa4*2 then return false, 'Invalid dump file' end
    print(ansicolors.green..'done'..ansicolors.reset..'.')
    local resp
    for i = 3, 0x23 do
        local blockStart = i * 8 + _dumpstart
        local block = string.sub(dump, blockStart, blockStart + 7)
        local cblock = string.format('%02x',i)
        io.write('Writing block 0x'..cblock..'...')
        resp, err = sendWithResponse('A2'..cblock..block)
        if err ~= nil then return false, err end
        print(ansicolors.green..'done'..ansicolors.reset..'.')
    end
    -- set password
    io.write('Setting password and pack ')
    info, err = reconnect()
    if not info then return false, err end
    local passwordStart = 0x27*8 + _dumpstart
    local password = string.sub(dump, passwordStart, passwordStart + 7)
    local packBlock = string.sub(dump, passwordStart+8, passwordStart + 15)
    io.write('(password: '..password..') (pack block: '..packBlock..')...')
    resp, err = sendWithResponse('A227'..password)
    if err ~= nil then return false, err end
    resp, err = sendWithResponse('A228'..packBlock)
    if err ~= nil then return false, err end
    if not setPassword(password) then return false, 'Unable to set password' end
    info, err = reconnect()
    if not info then return false, err end
    print(ansicolors.green..'done'..ansicolors.reset..'.')
    -- set configs and locks
    for i = 0x24, 0x26 do
        local blockStart = i * 8 + _dumpstart
        local block = string.sub(dump, blockStart, blockStart + 7)
        local cblock = string.format('%02x',i)
        io.write('Writing block 0x'..cblock..'...')
        resp, err = sendWithResponse('A2'..cblock..block)
        if err ~= nil then return false, err end
        info, err = reconnect()
        if not info then return false, err end
            print(ansicolors.green..'done'..ansicolors.reset..'.')
    end
    info, err = magicWakeup()
    if not info then return false, err end
    -- set uid and locks
    for i = 0x2, 0x0, -1 do
        local blockStart = i * 8 + _dumpstart
        local block = string.sub(dump, blockStart, blockStart + 7)
        local cblock = string.format('%02x',i)
        io.write('Writing block 0x'..cblock..'...')
        resp, err = sendWithResponse('A2'..cblock..block, {connect = i == 0x2, ignore_response = false, keep_signal = i ~= 0, append_crc = true})
        if err ~= nil then return false, err end
        print(ansicolors.green..'done'..ansicolors.reset..'.')
    end
    print(ansicolors.green..'The dump has been written to the tag.'..ansicolors.reset)
    return true
 end
 --
 -- Wipes tag
 local function wipe()
    print(string.rep('--',20))
    print('Wiping tag')
    local info, err = connect()
    if not info then return false, "Unable to select tag: "..err end
    info, err = checkTagVersion()
    if not info then return info, err end
    local resp
    -- clear lock bytes on page 0x02
    resp, err = sendWithResponse('3000')
    if err or resp == nil then return false, err end
    local currentLowLockPage = string.sub(resp,17,24)
    if(string.sub(currentLowLockPage,5,8) ~= '0000') then
        info, err = magicWakeup()
        if not info then return false, err end
        local newLowLockPage = string.sub(currentLowLockPage,1,4)..'0000'
        io.write('Clearing lock bytes on page 0x02...')
        resp, err = sendWithResponse('A202'..newLowLockPage, {connect = true, ignore_response = false, keep_signal = true, append_crc = true})
        if err ~= nil then return false, err end
        print(ansicolors.green..'done'..ansicolors.reset..'.')
    end
    -- clear lock bytes on page 0x24
    io.write('Clearing lock bytes on page 0x24...')
    info, err = reconnect()
    if not info then return false, err end
    resp, err = sendWithResponse('A224000000BD')
    if err ~= nil then return false, err end
    print(ansicolors.green..'done'..ansicolors.reset..'.')
    -- clear configs
    io.write('Clearing cfg0 and cfg1...')
    resp, err = sendWithResponse('A225000000FF')
    if err ~= nil then return false, err end
    resp, err = sendWithResponse('A22600050000')
    if err ~= nil then return false, err end
    print(ansicolors.green..'done'..ansicolors.reset..'.')
    -- clear password
    io.write('Reseting password (and pack) to default ('.._defaultPassword..') and 0000...')
    info, err = reconnect()
    if not info then return false, err end
    resp, err = sendWithResponse('A227'.._defaultPassword)
    if err ~= nil then return false, err end
    resp, err = sendWithResponse('A22800000000')
    if err ~= nil then return false, err end
    if not setPassword(_defaultPassword) then return false, 'Unable to set password' end
    info, err = reconnect()
    if not info then return false, err end
    print(ansicolors.green..'done'..ansicolors.reset..'.')
    -- clear other blocks
    for i = 3, 0x23 do
        local cblock = string.format('%02x',i)
        io.write('Clearing block 0x'..cblock..'...')
        resp, err = sendWithResponse('A2'..cblock..'00000000')
        if err ~= nil then return false, err end
        print(ansicolors.green..'done'..ansicolors.reset..'.')
    end
    print(ansicolors.green..'The tag has been wiped.'..ansicolors.reset)
    lib14a.disconnect()
    return true
 end
 --
 -- Prints help
 local function help()
    print(copyright)
    print(author)
    print(version)
    print(desc)
    print(ansicolors.cyan..'Usage'..ansicolors.reset)
    print(usage)
    print(ansicolors.cyan..'Arguments'..ansicolors.reset)
    print(arguments)
    print(ansicolors.cyan..'Example usage'..ansicolors.reset)
    print(example)
 end
 ---
 -- The main entry point
 local function main(args)
    if #args == 0 then return help() end
    local dumpFilename = nil
    for opt, value in getopt.getopt(args, 'hf:k:rw') do
        local res, err
        res = true
        if opt == "h" then return help() end
        if opt == "f" then dumpFilename = value end
        if opt == 'k' then res, err = setPassword(value) end
        if opt == 'r' then res, err = writeDump(dumpFilename) end
        if opt == 'w' then res, err = wipe() end
        if not res then return error(err) end
    end
 end
 main(args)
--- a/client/luascripts/kybercrystals.lua
+++ b/client/luascripts/kybercrystals.lua
@ -1,747 +0,0 @@
 --[[
    Simple script to program DIY kyber crystals
    works on real kyber crystals and EM4305 2.12x12mm chips
    simply run the program and select a profile via a number
    issues
    if you are getting errors when trying to read or write a chip
    run the cmd "lf tune" with no chip on the device, then move the chip over the coils till you see the lowest voltage. try different angles and in the center and or the edge of the antenna ring.
    once you find the lowest voltage then try running the script again.
    if thats still not working run "lf tune" again and put the chip in the best position like before
    the total voltage may be too high to reduce it slowly lower tin foil over the antenna and watch the voltage.
    the foil should be a bit bigger than the coil exact size does not matter.
    data pulled from here
    https://docs.google.com/spreadsheets/d/13P_GE6tNYpGvoVUTEQvA3SQzMqpZ-SoiWaTNoJoTV9Q/edit?usp=sharing
 --]]
 local cmds = require('commands')
 local utils = require('utils')
 function send_command(cmd)
    core.console(cmd)
    return ""
 end
 function get_profile_data(profile_name)
    local profiles = {
        ["wipe chip"] = {
            [0] = "00000000",
            [1] = "00000000",
            [2] = "00000000",
            [3] = "00000000",
            [4] = "00000000",
            [5] = "00000000",
            [6] = "00000000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Qui-Gon Jinn"] = {
            [0] = "00040072",
            [1] = "6147FBB3",
            [2] = "00000000",
            [3] = "000064FC",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "0C803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Qui-Gon Jinn 2"] = {
            [0] = "00040072",
            [1] = "6148C1EF",
            [2] = "00000000",
            [3] = "000050C2",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "0C803000",
            [7] = "00000000",
            [8] = "10000040",
            [9] = "00000000"
        },
        ["Yoda"] = {
            [0] = "00040072",
            [1] = "660A50D6",
            [2] = "00000000",
            [3] = "0000379F",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "00C03000",
            [7] = "00000000",
            [8] = "00100040",
            [9] = "00000000"
        },
        ["Yoda 2"] = {
            [0] = "00040072",
            [1] = "667B2FEE",
            [2] = "00000000",
            [3] = "0000BDB6",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "00C03000",
            [7] = "00000000",
            [8] = "00100040",
            [9] = "00000000"
        },
        ["Yoda 8-Ball"] = {
            [0] = "00040072",
            [1] = "67AD7FC8",
            [2] = "00000000",
            [3] = "0000E0FE",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "5D183000",
            [7] = "00000000",
            [8] = "00000140",
            [9] = "00000000"
        },
        ["Old Obi-Wan"] = {
            [0] = "00040072",
            [1] = "6147BBB9",
            [2] = "00000000",
            [3] = "0000BE24",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "29803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Old Luke"] = {
            [0] = "00040072",
            [1] = "614097AE",
            [2] = "00000000",
            [3] = "0000C134",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "25C03000",
            [7] = "00000000",
            [8] = "00100060",
            [9] = "00000000"
        },
        ["Old Obi-Wan 2"] = {
            [0] = "00040072",
            [1] = "614009A2",
            [2] = "00000000",
            [3] = "0000CF62",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "29803000",
            [7] = "00000000",
            [8] = "01000060",
            [9] = "00000000"
        },
        ["Old Luke 2"] = {
            [0] = "00040072",
            [1] = "75952DE5",
            [2] = "00000000",
            [3] = "00009988",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "25C03000",
            [7] = "00000000",
            [8] = "00010060",
            [9] = "00000000"
        },
        ["Old Obi-Wan 3"] = {
            [0] = "00040072",
            [1] = "65413B42",
            [2] = "00000000",
            [3] = "00001702",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "29803000",
            [7] = "00000000",
            [8] = "01000060",
            [9] = "00000000"
        },
        ["Mace Windu"] = {
            [0] = "00040072",
            [1] = "6147CCD4",
            [2] = "00000000",
            [3] = "0000A092",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "63C03000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Mace Windu 2"] = {
            [0] = "00040072",
            [1] = "6609B150",
            [2] = "00000000",
            [3] = "0000287E",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "63C03000",
            [7] = "00000000",
            [8] = "00010070",
            [9] = "00000000"
        },
        ["Mace Windu 3"] = {
            [0] = "00040072",
            [1] = "613F42AD",
            [2] = "00000000",
            [3] = "00002147",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "6F803000",
            [7] = "00000000",
            [8] = "01000070",
            [9] = "00000000"
        },
        ["Mace Windu 4"] = {
            [0] = "00040072",
            [1] = "667B5B82",
            [2] = "00000000",
            [3] = "000050DF",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "6F803000",
            [7] = "00000000",
            [8] = "10000070",
            [9] = "00000000"
        },
        ["Mace Windu 5"] = {
            [0] = "00040072",
            [1] = "614869C4",
            [2] = "00000000",
            [3] = "0000D691",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "6F803000",
            [7] = "00000000",
            [8] = "01000070",
            [9] = "00000000"
        },
        ["Mace Windu 6"] = {
            [0] = "00040072",
            [1] = "759BEA43",
            [2] = "00000000",
            [3] = "00006CA0",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "63C03000",
            [7] = "00000000",
            [8] = "00100070",
            [9] = "00000000"
        },
        ["Mace Windu 7"] = {
            [0] = "00040072",
            [1] = "768E0D9D",
            [2] = "00000000",
            [3] = "0000668C",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "6F803000",
            [7] = "00000000",
            [8] = "01000070",
            [9] = "00000000"
        },
        ["Temple Guard"] = {
            [0] = "00040072",
            [1] = "60954FDA",
            [2] = "00000000",
            [3] = "0000905A",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "7B003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Maz Kanata"] = {
            [0] = "00040072",
            [1] = "6679DFF4",
            [2] = "00000000",
            [3] = "0000D691",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "77403000",
            [7] = "00000000",
            [8] = "00100030",
            [9] = "00000000"
        },
        ["Maz Kanata 2"] = {
            [0] = "00040072",
            [1] = "60953999",
            [2] = "00000000",
            [3] = "0000F521",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "77403000",
            [7] = "00000000",
            [8] = "00100030",
            [9] = "00000000"
        },
        ["Temple Guard 2"] = {
            [0] = "00040072",
            [1] = "667A67C5",
            [2] = "00000000",
            [3] = "00002B9C",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "7B003000",
            [7] = "00000000",
            [8] = "10000030",
            [9] = "00000000"
        },
        ["Maz Kanata 3"] = {
            [0] = "00040072",
            [1] = "7A213721",
            [2] = "00000000",
            [3] = "000083AB",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "77403000",
            [7] = "00000000",
            [8] = "00010030",
            [9] = "00000000"
        },
        ["Chirrut Îmwe"] = {
            [0] = "00040072",
            [1] = "6094F399",
            [2] = "00000000",
            [3] = "00009519",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "14403000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Chirrut Îmwe 2"] = {
            [0] = "00040072",
            [1] = "667A9AB7",
            [2] = "00000000",
            [3] = "00003BE4",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "14403000",
            [7] = "00000000",
            [8] = "00010000",
            [9] = "00000000"
        },
        ["Ahsoka Tano"] = {
            [0] = "00040072",
            [1] = "667B1626",
            [2] = "00000000",
            [3] = "00007907",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "18003000",
            [7] = "00000000",
            [8] = "10000000",
            [9] = "00000000"
        },
        ["Chirrut Îmwe 3"] = {
            [0] = "00040072",
            [1] = "667B7E07",
            [2] = "00000000",
            [3] = "00002960",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "14403000",
            [7] = "00000000",
            [8] = "00100000",
            [9] = "00000000"
        },
        ["Darth Vader"] = {
            [0] = "00040072",
            [1] = "6148C4F8",
            [2] = "00000000",
            [3] = "0000FDFF",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "5E003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Darth Sidious"] = {
            [0] = "00040072",
            [1] = "613F8964",
            [2] = "00000000",
            [3] = "0000C0C1",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "52403000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Darth Maul"] = {
            [0] = "00040072",
            [1] = "613FD2A9",
            [2] = "00000000",
            [3] = "0000DAD2",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "46C03000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "00000000"
        },
        ["Count Dooku"] = {
            [0] = "00040072",
            [1] = "6140880C",
            [2] = "00000000",
            [3] = "0000952D",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "31403000",
            [7] = "00000000",
            [8] = "00010010",
            [9] = "00000000"
        },
        ["Darth Vader 2"] = {
            [0] = "00040072",
            [1] = "667B33DC",
            [2] = "00000000",
            [3] = "0000E804",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "5E003000",
            [7] = "00000000",
            [8] = "01000010",
            [9] = "00000000"
        },
        ["Darth Maul 2"] = {
            [0] = "00040072",
            [1] = "667B26E9",
            [2] = "00000000",
            [3] = "00007689",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "46C03000",
            [7] = "00000000",
            [8] = "00100010",
            [9] = "00000000"
        },
        ["Vader 8-Ball"] = {
            [0] = "00040072",
            [1] = "6A92B478",
            [2] = "00000000",
            [3] = "00004CD1",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "3E183000",
            [7] = "00000000",
            [8] = "00000110",
            [9] = "00000000"
        },
        ["Darth Maul 3"] = {
            [0] = "00040072",
            [1] = "7597EF7E",
            [2] = "00000000",
            [3] = "00003BC0",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "46C03000",
            [7] = "00000000",
            [8] = "00100010",
            [9] = "00000000"
        },
        ["Darth Sidious 2"] = {
            [0] = "00040072",
            [1] = "768E4402",
            [2] = "00000000",
            [3] = "0000A0D2",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "52403000",
            [7] = "00000000",
            [8] = "10000010",
            [9] = "00000000"
        },
        ["Snoke"] = {
            [0] = "00040072",
            [1] = "6540BD8F",
            [2] = "00000000",
            [3] = "000064B9",
            [4] = "0001805F",
            [5] = "000001FF",
            [6] = "1B183000",
            [7] = "00000000",
            [8] = "00001010",
            [9] = "00000000"
        },
        ["Luke Skywalker"] = {
            [0] = "00040072",
            [1] = "804B08F0",
            [2] = "00000000",
            [3] = "00006BF1",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "0C803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "050D0000"
        },
        ["Luminara Unduli"] = {
            [0] = "00040072",
            [1] = "7B83C85A",
            [2] = "00000000",
            [3] = "000052CE",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "0C803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "180D0000"
        },
        ["Plo Koon"] = {
            [0] = "00040072",
            [1] = "7B8998F3",
            [2] = "00000000",
            [3] = "00007703",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "29803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "040D0000"
        },
        ["Plo Koon 2"] = {
            [0] = "00040072",
            [1] = "7B8413EA",
            [2] = "00000000",
            [3] = "0000D8F3",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "29803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "040D0000"
        },
        ["Plo Koon 3"] = {
            [0] = "00040072",
            [1] = "7B84222B",
            [2] = "00000000",
            [3] = "000023E3",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "29803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "040D0000"
        },
        ["Mace Windu S2"] = {
            [0] = "00040072",
            [1] = "7B8936EA",
            [2] = "00000000",
            [3] = "0000520D",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "6F803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "070D0000"
        },
        ["General Grievous"] = {
            [0] = "00040072",
            [1] = "7B896284",
            [2] = "00000000",
            [3] = "00008529",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "6F803000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "060D0000"
        },
        ["Rey Skywalker"] = {
            [0] = "00040072",
            [1] = "7B88F3F4",
            [2] = "00000000",
            [3] = "00001511",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "7B003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "170D0000"
        },
        ["Rey Skywalker 2"] = {
            [0] = "00040072",
            [1] = "7B841039",
            [2] = "00000000",
            [3] = "0000EA22",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "7B003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "170D0000"
        },
        ["Krin Dagbard"] = {
            [0] = "00040072",
            [1] = "7B894F46",
            [2] = "00000000",
            [3] = "00007BC2",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "18003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "140D0000"
        },
        ["Krin Dagbard 2"] = {
            [0] = "00040072",
            [1] = "7B841797",
            [2] = "00000000",
            [3] = "00006A58",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "18003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "140D0000"
        },
        ["Grand Inquisitor"] = {
            [0] = "00040072",
            [1] = "7B841185",
            [2] = "00000000",
            [3] = "00004656",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "5E003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "130D0000"
        },
        ["Maul"] = {
            [0] = "00040072",
            [1] = "7B895525",
            [2] = "00000000",
            [3] = "00003104",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "5E003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "110D0000"
        },
        ["Grand Inquisitor 2"] = {
            [0] = "00040072",
            [1] = "804B091A",
            [2] = "00000000",
            [3] = "00005909",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "5E003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "130D0000"
        },
        ["Asajj Ventress"] = {
            [0] = "00040072",
            [1] = "7A1C1F46",
            [2] = "00000000",
            [3] = "00008E4D",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "5E003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "080D0000"
        },
        ["Darth Sidious s2"] = {
            [0] = "00040072",
            [1] = "00000000",
            [2] = "00000000",
            [3] = "00000000",
            [4] = "0001805F",
            [5] = "18C631FF",
            [6] = "5E003000",
            [7] = "00000000",
            [8] = "00000000",
            [9] = "010D0000"
        }
    }
    -- When called without arguments, return the whole table
    if not profile_name then
        return profiles
    end
    -- Otherwise return the specific profile or wipe chip
    return profiles[profile_name] or profiles["wipe chip"]
 end
 function get_profile_names()
    -- Get the complete profiles table from get_profile_data
    local all_profiles = get_profile_data()
    local names = {}
    for name, _ in pairs(all_profiles) do
        table.insert(names, name)
    end
    table.sort(names)
    return names
 end
 function select_profile()
    local profile_names = get_profile_names()
    print("\nAvailable profiles:")
    for i, name in ipairs(profile_names) do
        print(string.format("%d. %s", i, name))
    end
    while true do
        io.write("\nSelect profile (1-" .. #profile_names .. "): ")
        local choice = tonumber(io.read())
        if choice and choice >= 1 and choice <= #profile_names then
            return profile_names[choice]
        else
            print("Invalid selection. Please try again.")
        end
    end
 end
 function main()
    print("\n[=== kyber crystal programmer ===]")
    -- Get profile from command line argument or prompt user
    local profile_name = args and args[1]
    if not profile_name then
        --print("\nNo profile specified as argument.")
        profile_name = select_profile()
    end
    local data_to_write = get_profile_data(profile_name)
    print("\n[+] Using profile: " .. profile_name)
    -- Display what will be written
    print("\n[+] Data to be written:")
    for addr, data in pairs(data_to_write) do
        print(string.format("Address %d: %s", addr, data))
    end
    -- Step 1: Wipe the tag
    print("\n[+] Wiping tag...")
    send_command("lf em 4x05 wipe --4305")
    -- Step 2: Write data
    print("\n[+] Writing data...")
    for addr, data in pairs(data_to_write) do
        send_command("lf em 4x05 write -a " .. addr .. " -d " .. data)
        utils.Sleep(0.5)
    end
    -- Step 3: Read back and display data for verification
    print("\n[+] Verifying writes by reading back data...")
    for addr, expected_data in pairs(data_to_write) do
        local output = send_command("lf em 4x05 read -a " .. addr)
    end
    print("\n[+] Read complete. Review output above.")
 end
 main()
--- a/client/luascripts/lf_electra.lua
+++ b/client/luascripts/lf_electra.lua
@ -145,7 +145,7 @@ local function readfile()
    local f = io.open(ID_STATUS, "r")
    for line in f:lines() do
        id = line:match"^(%x+)"
-    if id then break end
+        if id then break end
    end
    f:close()
    if not id then
@ -299,7 +299,7 @@ local function main(args)
        if answer == 'n' then
            core.console('clear')
            print( string.rep('--',39) )
-            print(ac.red..'                                  Aborted via keyboard!'..ac.reset)
+            print(ac.red..'                                  USER ABORTED'..ac.reset)
            print( string.rep('--',39) )
            break
        end
--- a/client/luascripts/lf_em4100_bulk.lua
+++ b/client/luascripts/lf_em4100_bulk.lua
@ -198,7 +198,7 @@ local function main(args)
                core.console('lf em 410x reader')
            end
        else
-            print(ac.red..'aborted via keyboard!'..ac.reset)
+            print(ac.red..'User aborted'..ac.reset)
            low = i
            break
        end
--- a/client/luascripts/lf_t55xx_fix.lua
+++ b/client/luascripts/lf_t55xx_fix.lua
@ -18,7 +18,7 @@ desc = [[
  is found, it uses the wipe command to erase the T5577. Then the reanimation
  procedure is applied. If the password is not found or doesn't exist the script
  only performs the reanimation procedure. The script revives 99% of blocked tags.
- ]]
+]]
 usage = [[
  script run lf_t55xx_fix
 ]]
@ -87,7 +87,7 @@ local function reanimate_t5577(password)
        p:console('lf t55 wipe -p ' .. password)
        print("T5577 wiped using a password: " ..ac.green.. password ..ac.reset)
    else
-        print(ac.yellow.."  No valid password found, proceeding with reanimation."..ac.reset)
+        print(ac.yellow.."No valid password found, proceeding with reanimation."..ac.reset)
    end
    p:console('lf t55 write -b 0 -d 000880E8 -p 00000000')
--- a/client/luascripts/paxton_clone.lua
+++ b/client/luascripts/paxton_clone.lua
@ -4,16 +4,7 @@ local ac = require('ansicolors')
 local os = require('os')
 local dash = string.rep('--', 32)
 local dir = os.getenv('HOME') .. '/.proxmark3/logs/'
-local logfilecmd
+local logfile = (io.popen('dir /a-d /o-d /tw /b/s "' .. dir .. '" 2>nul:'):read("*a"):match("%C+"))
 --Determine platform for logfile handling (Windows vs Unix/Linux)
 if package.config:sub(1,1) == "\\" then
  logfilecmd = 'dir /a-d /o-d /tw /b/s "' .. dir .. '" 2>nul:'
 else
  logfilecmd = 'find "' .. dir .. '" -type f -printf "%T@ %p\\n" | sort -nr | cut -d" " -f2-'
 end
 local logfile = (io.popen(logfilecmd):read("*a"):match("%C+"))
 local log_file_path = dir .. "Paxton_log.txt"
 local nam = ""
 local pm3 = require('pm3')
--- a/client/pyscripts/des_talk.py
+++ b/client/pyscripts/des_talk.py
@ -28,7 +28,6 @@ Full license text: <https://www.gnu.org/licenses/gpl-3.0.html>
 import subprocess
 import time
 import sys
 import os
 import re
@ -101,33 +100,24 @@ def send_proxmark_command(command):
 def authenticate_and_menu():
    com_mode = input("Enter communication mode (PLAIN, MAC, ENCRYPT) (Default: PLAIN): ").strip() or "plain"
    key_type = input("Enter key type (DES, 2TDEA, 3TDEA, AES): ").strip()
-    key = input("Enter 8, 16, or 24-byte hex key (no spaces): ").strip()
+    key = input("Enter 8, 16, 24 or 32-byte hex key (no spaces): ").strip()
    # Authenticate
-    auth_command = f"hf mfdes auth -t {key_type} -k {key} -m {com_mode}"
+    auth_command = f"hf mfdes auth -t {key_type} -k {key}"
    auth_response = send_proxmark_command(auth_command)
    print(auth_response)
    # print("DEBUG: Raw Proxmark response:\n", repr(auth_response))
    # Check for Proxmark failure messages
    if "error" in auth_response.lower() or "must have" in auth_response.lower():
-        print("❌ Authentication failed. Check your connection, mode, key type, and key.")
+        print("❌ Authentication failed. Check your connection, key, and key type.")
        return
    while True:
        # Get AIDs
-        aids_command = f"hf mfdes getaids -n 0 -t {key_type} -k {key} -m {com_mode}"
+        aids_command = f"hf mfdes getaids -n 0 -t {key_type} -k {key}"
        aids_response = send_proxmark_command(aids_command)
        # Check for communication mode errors
        com_mode_error_match = re.search(r"Wrong communication mode", aids_response)
        crc_error_match = re.search(r"CRC32 error", aids_response)
        if com_mode_error_match or crc_error_match:
            print("❌ Incorrect communication mode.\n")
            return
        print(aids_response)
        # Regex to match valid 6-character hex AIDs
@ -154,8 +144,7 @@ def authenticate_and_menu():
        print("3. Delete an AID")
        print("4. Format PICC")
        print("5. Show free memory")
-        print("6. Change keys")
+        print("6. Exit")
        print("7. Exit")
        choice = input("Enter your choice: ").strip()
@ -168,39 +157,32 @@ def authenticate_and_menu():
            selected_aid = aids[selected_index]
            print(f"\nSelecting AID: {selected_aid}")
-            select_command = f"hf mfdes selectapp --aid {selected_aid} -t {key_type} -k {key} -m {com_mode}"
+            select_command = f"hf mfdes selectapp --aid {selected_aid} -t {key_type} -k {key}"
            select_response = send_proxmark_command(select_command)
            print(select_response)
            # Retrieve AID key 0
            aid_key_type = input(f"Enter AID encryption algorithm (DES, 2TDEA, 3TDEA, AES) (Default: {key_type.upper()}): ").strip() or key_type
            aid_key = input(f"Enter AID key (Default: {key}): ").strip() or key
            # Show file menu
-            aid_file_menu(selected_aid, key_type, key, com_mode, aid_key_type, aid_key)
+            aid_file_menu(selected_aid, key_type, key)
        elif choice == "2":
-            create_aid(key_type, key, com_mode)
+            create_aid(key_type, key)
        elif choice == "3":
-            delete_aid(key_type, key, com_mode)
+            delete_aid(key_type, key)
        elif choice == "4":
-            format_picc(key_type, key, com_mode)
+            format_picc(key_type, key)
        elif choice == "5":
-            free_memory(key_type, key, com_mode)
+            free_memory(key_type, key)
        elif choice == "6":
            change_key(key_type, key, com_mode)
        elif choice == "7":
            print("Exiting...")
            break
        else:
            print("Invalid choice, please try again.")
-def aid_file_menu(selected_aid, key_type, key, com_mode, aid_key_type, aid_key):
+def aid_file_menu(selected_aid, key_type, key):
    while True:
        print(f"\n[ AID {selected_aid} is open ]")
@ -209,52 +191,50 @@ def aid_file_menu(selected_aid, key_type, key, com_mode, aid_key_type, aid_key):
        print("2. Read a File")
        print("3. Create a File")
        print("4. Write to a File")
-        print("5. Edit File Restrictions")
+        print("5. Delete a File")
-        print("6. Delete a File")
+        print("6. Exit")
        print("7. Back")
        choice = input("Enter your choice: ").strip()
        if choice == "1":
-            list_files(selected_aid, key_type, key, com_mode, aid_key_type, aid_key)
+            list_files(selected_aid, key_type, key)
        elif choice == "2":
-            read_file(selected_aid, key_type, key, com_mode, aid_key_type, aid_key)
+            read_file(selected_aid, key_type, key)
        elif choice == "3":
-            create_file(selected_aid, key_type, key, com_mode, aid_key_type, aid_key)
+            create_file(selected_aid, key_type, key)
        elif choice == "4":
-            write_to_file(selected_aid, key_type, key, com_mode, aid_key_type, aid_key)
+            write_to_file(selected_aid, key_type, key)
        elif choice == "5":
-            edit_file_restriction(selected_aid, key_type, key, com_mode, aid_key_type, aid_key)
+            delete_file(selected_aid, key_type, key)
        elif choice == "6":
            delete_file(selected_aid, key_type, key, com_mode, aid_key_type, aid_key)
        elif choice == "7":
            print("Returning to AID selection...")
            break
        else:
            print("Invalid choice, please try again.")
-def create_aid(key_type, key, com_mode):
+def create_aid(key_type, key):
    aid = input("Enter new AID (6 hex characters, e.g., 112233): ").strip()
    iso_fid = input("Enter ISO File ID (4 hex characters, e.g., 1234): ").strip()
-    dstalgo = input(f"Enter encryption algorithm (DES, 2TDEA, 3TDEA, AES) (Default: {key_type.upper()}): ").strip() or key_type
+    dstalgo = input("Enter encryption algorithm (DES, 2TDEA, 3TDEA, AES): ").strip().upper()
-    create_command = f"hf mfdes createapp -n 0 --aid {aid} --fid {iso_fid} --dstalgo {dstalgo} -t {key_type} -k {key} -m {com_mode} -a"
+
    create_command = f"hf mfdes createapp -n 0 --aid {aid} --fid {iso_fid} --dstalgo {dstalgo} -t {key_type} -k {key} -a"
    response = send_proxmark_command(create_command)
    print(response)
-def delete_aid(key_type, key, com_mode):
+def delete_aid(key_type, key):
    aid = input("Enter AID to delete (6 hex characters): ").strip()
-    delete_command = f"hf mfdes deleteapp --aid {aid} -n 0 -t {key_type} -k {key} -m {com_mode}"
+    delete_command = f"hf mfdes deleteapp --aid {aid} -n 0 -t {key_type} -k {key}"
    response = send_proxmark_command(delete_command)
    print(response)
-def format_picc(key_type, key, com_mode):
+def format_picc(key_type, key):
    confirm = input("Are you sure you want to format the PICC? This will erase all data. (y/n): ").strip().lower()
    if confirm == "y":
-        format_command = f"hf mfdes formatpicc -t {key_type} -k {key} -m {com_mode} -v"
+        format_command = f"hf mfdes formatpicc -t {key_type} -k {key} -v"
        response = send_proxmark_command(format_command)
        print(response)
    elif confirm == "n":
@ -262,9 +242,9 @@ def format_picc(key_type, key, com_mode):
    else:
        print("Invalid input. Please enter 'y' or 'n'.")
-def free_memory(key_type, key, com_mode):
+def free_memory(key_type, key):
-    memory_command = f"hf mfdes freemem -t {key_type} -k {key} -m {com_mode}"
+    memory_command = f"hf mfdes freemem -t {key_type} -k {key}"
    response = send_proxmark_command(memory_command)
    for line in response.splitlines():
@ -274,54 +254,10 @@ def free_memory(key_type, key, com_mode):
    print("❌ Unable to retrieve free memory information.")
-def change_key(key_type, key, com_mode):
+def list_files(aid, key_type, key):
    print("\nChange Key - Choose Target:")
    print("1. PICC (Card Master Key)")
    print("2. Application Key")
    target = input("Change key for (1/2)? (Default: 1): ").strip() or "1"
    aid = ""
    if target == "2":
        aid = input("Enter 6-digit AID (e.g., 010203): ").strip()
    print("\n!! Verify and securely store the new key !!")
    print("Key length guide:")
    print("  DES    : 8 bytes (16 hex chars)")
    print("  2TDEA  : 16 bytes (32 hex chars)")
    print("  3TDEA  : 24 bytes (48 hex chars)")
    print("  AES    : 16 bytes (32 hex chars)")
    newalgo = input(f"Enter new key encryption algorithm (DES, 2TDEA, 3TDEA, AES) "
                    f"(Default: {key_type.upper()}): ").strip() or key_type
    newkey = input(f"Enter new 8, 16, or 24-byte hex key (no spaces) (Default: {key}): ").strip() or key
    confirm = input("Are you sure you want to change the key? (Key 0) (y or n): ").strip().lower()
    if confirm == "y":
        changekey_command = f"hf mfdes changekey -n 0 -t {key_type} -k {key} -m {com_mode} " \
                            f"--newalgo {newalgo} --newkey {newkey} --newver 00 -v"
        if aid:
            app_key_type = input(f"Enter original application encryption algorithm (DES, 2TDEA, 3TDEA, AES) "
                             f"(Default: DES): ").strip() or "DES"
            app_key = input(f"Enter original application key "
                             f"(Default: 0000000000000000): ").strip() or "0000000000000000"
            changekey_command = f"hf mfdes changekey -n 0 -t {app_key_type} -k {app_key} -m {com_mode} " \
                                f"--newalgo {newalgo} --newkey {newkey} --newver 00 --aid {aid} -v"
        response = send_proxmark_command(changekey_command)
        print(response)
        print("\nReauthenticate with the master key.")
        sys.exit()
    elif confirm == "n":
        print("Cancelled.")
    else:
        print("Invalid input. Please enter 'y' or 'n'.")
 def list_files(aid, key_type, key, com_mode, aid_key_type, aid_key):
    print("\nFetching file list...")
-    command = f"hf mfdes getfileids --aid {aid} -t {aid_key_type} -k {aid_key} -m {com_mode}"
+    command = f"hf mfdes getfileids --aid {aid} -t {key_type} -k {key}"
    response = send_proxmark_command(command)
    # Extract file IDs by looking for "File ID:" regex
@ -340,7 +276,7 @@ def list_files(aid, key_type, key, com_mode, aid_key_type, aid_key):
        print("No files found in this AID.")
        return []
-def read_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
+def read_file(aid, key_type, key):
    file_id = input("Enter file ID to read: ").strip()
@ -352,8 +288,7 @@ def read_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
    length_input = input("Enter length to read (e.g., 16 for 16 bytes, 64 for 64 bytes, default full read): ").strip() or "0"
    length_hex = format(int(length_input), '06X')  # Convert to 3-byte hex
-    read_command = f"hf mfdes read --aid {aid} --fid {file_id} -t {aid_key_type} -k {aid_key} " \
+    read_command = f"hf mfdes read --aid {aid} --fid {file_id} -t {key_type} -k {key} --offset {offset_hex} --length {length_hex}"
                   f"--offset {offset_hex} --length {length_hex} -m {com_mode}"
    response = send_proxmark_command(read_command)
    # Extract and display file content
@ -364,7 +299,7 @@ def read_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
    return response
-def create_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
+def create_file(aid, key_type, key):
    # Prompt for file ID in hex format
    file_id = input("Enter file ID (2 hex characters, e.g., 01, 02): ").strip()
@ -397,17 +332,16 @@ def create_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
        print(f"Invalid file size: {e}")
        return
-    create_command = f"hf mfdes createfile --aid {aid} --fid {file_id} --isofid {iso_file_id} " \
+    create_command = f"hf mfdes createfile --aid {aid} --fid {file_id} --isofid {iso_file_id} --size {file_size_hex} -t {key_type} -k {key}"
                     f"--size {file_size_hex} -t {aid_key_type} -k {aid_key} -m {com_mode}"
    response = send_proxmark_command(create_command)
    print(response)
-def write_to_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
+def write_to_file(aid, key_type, key):
    file_id = input("Enter file ID to write to: ").strip()
    # Get file size
-    file_size_command = f"hf mfdes getfilesettings --aid {aid} --fid {file_id} -t {aid_key_type} -k {aid_key} -m {com_mode}"
+    file_size_command = f"hf mfdes getfilesettings --aid {aid} --fid {file_id} -t {key_type} -k {key}"
    response = send_proxmark_command(file_size_command)
    # Extract the file size from the response
@ -442,49 +376,15 @@ def write_to_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
        else:
            print("❌ Invalid choice. Please choose 1 for text or 2 for hex.")
-    write_command = f"hf mfdes write --aid {aid} --fid {file_id} -t {aid_key_type} -k {aid_key} -d {write_data_hex} -m {com_mode}"
+    write_command = f"hf mfdes write --aid {aid} --fid {file_id} -t {key_type} -k {key} -d {write_data_hex}"
    response = send_proxmark_command(write_command)
    print(response)
-def edit_file_restriction(aid, key_type, key, com_mode, aid_key_type, aid_key):
+def delete_file(aid, key_type, key):
    while True:
        print("\nNOTE: This only works if you have changed the default keys.")
        print("The Proxmark3 and other tools will automatically attempt to read files using DESFire default keys.")
        print("\nWould you like to apply or remove a key from the file?")
        print("1. Apply key 0 (Requires authentication for access)")
        print("2. Remove key (Make file freely accessible)")
        print("3. Back")
        choice = input("Enter your choice (1, 2, or 3): ").strip()
        if choice == "3":
            print("Returning to the previous menu.")
            break
        file_id = input("Enter file ID to update: ").strip()
        if choice == "1":
            edit_file_command = f"hf mfdes chfilesettings --rawrights 0000 --aid {aid} --fid {file_id} -t {aid_key_type} -k {aid_key} -m {com_mode}"
            print("Applying key 0 for read, write, and change access. This ensures authentication is required to access the file.")
        elif choice == "2":
            # Must use encrypt communications mode to remove restrictions
            edit_file_command = f"hf mfdes chfilesettings --rawrights EEEE --aid {aid} --fid {file_id} -t {aid_key_type} -k {aid_key} -m encrypt"
            print("Removing key restrictions. File will be freely accessible.")
        else:
            print("❌ Invalid choice. Please enter 1, 2, or 3.")
            continue
        response = send_proxmark_command(edit_file_command)
        print(response)
        break
 def delete_file(aid, key_type, key, com_mode, aid_key_type, aid_key):
    file_id = input("Enter file ID to delete: ").strip()
-    delete_command = f"hf mfdes deletefile --aid {aid} --fid {file_id} -t {aid_key_type} -k {aid_key} -m {com_mode}"
+    delete_command = f"hf mfdes deletefile --aid {aid} --fid {file_id} -t {key_type} -k {key}"
    response = send_proxmark_command(delete_command)
    print(response)
--- a/client/pyscripts/fm11rf08s_full.py
+++ b/client/pyscripts/fm11rf08s_full.py
@ -90,14 +90,13 @@ def lprint(s='',  end='\n', flush=False, prompt="[" + color("=", fg="yellow") +
    - logfile (R)
    """
    s = f"{prompt}" + f"\n{prompt}".join(s.split('\n'))
-    safe_s = s.encode('utf-8', errors='ignore').decode('utf-8')
+    print(s, end=end, flush=flush)
    print(safe_s, end=end, flush=flush)
    if log is True:
        global logbuffer
        if logfile is not None:
-            with open(logfile, 'a', encoding='utf-8') as f:
+            with open(logfile, 'a') as f:
-                f.write(safe_s + end)
+                f.write(s + end)
        else:
            # buffering
            logbuffer += s + end
--- a/client/pyscripts/fm11rf08s_recovery.py
+++ b/client/pyscripts/fm11rf08s_recovery.py
@ -216,7 +216,7 @@ def recovery(init_check=False, final_check=False, keep=False, no_oob=False,
        with open(dict_path, 'r', encoding='utf-8') as file:
            for line in file:
                if line[0] != '#' and len(line) >= 12:
-                    DEFAULT_KEYS.add(line[:12].lower())
+                    DEFAULT_KEYS.add(line[:12])
        show(f"Loaded {dict_def}")
    except FileNotFoundError:
        show(f"Warning, {dict_def} not found.")
@ -226,7 +226,6 @@ def recovery(init_check=False, final_check=False, keep=False, no_oob=False,
    dict_dnwd = None
    def_nt = ["" for _ in range(NUM_SECTORS)]
    if supply_chain:
        default_nonces = ''
        try:
            default_nonces = f'{save_path}hf-mf-{uid:04X}-default_nonces.json'
            with open(default_nonces, 'r') as file:
@ -585,6 +584,8 @@ def recovery(init_check=False, final_check=False, keep=False, no_oob=False,
            if "Found keys have been dumped to" in line:
                keyfile = line[line.index("`"):].strip("`")
    else:
        show()
        show(color("found keys:", fg="green"), prompt=plus)
        show(prompt=plus)
        show("-----+-----+--------------+---+--------------+----", prompt=plus)
        show(" Sec | Blk | key A        |res| key B        |res", prompt=plus)
--- a/Show more
+++ b/Show more