Merge 1365b3a35f into d2197f967a

2025-08-22 22:23:38 -07:00 · 2015-01-06 18:00:10 +00:00 · 2015-01-06 18:00:10 +00:00 · 225643168c
commit 225643168c
parent d2197f967a 1365b3a35f
69 changed files with 1105 additions and 847 deletions
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@ -10,7 +10,7 @@ APP_INCLUDES = apps.h
 #remove one of the following defines and comment out the relevant line
 #in the next section to remove that particular feature from compilation  
-APP_CFLAGS	= -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG
+APP_CFLAGS	= -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG	   -fno-strict-aliasing
 #-DWITH_LCD 
 #SRC_LCD = fonts.c LCD.c
@ -24,7 +24,8 @@ THUMBSRC = start.c \
 	$(SRC_LCD) \
 	$(SRC_ISO15693) \
 	$(SRC_LF) \
-	appmain.c printf.c \
+	appmain.c \
 	printf.c \
 	util.c \
 	string.c \
 	usb_cdc.c \
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -18,7 +18,6 @@
 #include "util.h"
 #include "printf.h"
 #include "string.h"
 #include <stdarg.h>
 #include "legicrf.h"
@ -82,40 +81,12 @@ void DbpString(char *str)
 {
  byte_t len = strlen(str);
  cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
 //	/* this holds up stuff unless we're connected to usb */
 //	if (!UsbConnected())
 //		return;
 //
 //	UsbCommand c;
 //	c.cmd = CMD_DEBUG_PRINT_STRING;
 //	c.arg[0] = strlen(str);
 //	if(c.arg[0] > sizeof(c.d.asBytes)) {
 //		c.arg[0] = sizeof(c.d.asBytes);
 //	}
 //	memcpy(c.d.asBytes, str, c.arg[0]);
 //
 //	UsbSendPacket((uint8_t *)&c, sizeof(c));
 //	// TODO fix USB so stupid things like this aren't req'd
 //	SpinDelay(50);
 }
 #if 0
 void DbpIntegers(int x1, int x2, int x3)
 {
  cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
 //	/* this holds up stuff unless we're connected to usb */
 //	if (!UsbConnected())
 //		return;
 //
 //	UsbCommand c;
 //	c.cmd = CMD_DEBUG_PRINT_INTEGERS;
 //	c.arg[0] = x1;
 //	c.arg[1] = x2;
 //	c.arg[2] = x3;
 //
 //	UsbSendPacket((uint8_t *)&c, sizeof(c));
 //	// XXX
 //	SpinDelay(50);
 }
 #endif
@ -332,7 +303,7 @@ extern struct version_information version_information;
 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
 void SendVersion(void)
 {
-	char temp[256]; /* Limited data payload in USB packets */
+	char temp[512]; /* Limited data payload in USB packets */
 	DbpString("Prox/RFID mark3 RFID instrument");
 	/* Try to find the bootrom version information. Expect to find a pointer at
@ -381,13 +352,13 @@ void SamyRun()
 	int selected = 0;
 	int playing = 0;
 	int cardRead = 0;
 	// Turn on selected LED
 	LED(selected + 1, 0);
 	for (;;)
 	{
 //		UsbPoll(FALSE);
 		usb_poll();
    WDT_HIT();
@ -396,7 +367,7 @@ void SamyRun()
 		SpinDelay(300);
 		// Button was held for a second, begin recording
-		if (button_pressed > 0)
+		if (button_pressed > 0 && cardRead == 0)
 		{
 			LEDsoff();
 			LED(selected + 1, 0);
@ -422,6 +393,40 @@ void SamyRun()
 			// If we were previously playing, set playing off
 			// so next button push begins playing what we recorded
 			playing = 0;
 			cardRead = 1;
 		}
 		else if (button_pressed > 0 && cardRead == 1)
 		{
 					LEDsoff();
 					LED(selected + 1, 0);
 					LED(LED_ORANGE, 0);
 					// record
 					Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
 					// wait for button to be released
 					while(BUTTON_PRESS())
 						WDT_HIT();
 					/* need this delay to prevent catching some weird data */
 					SpinDelay(500);
 					CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
 					Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
 					LEDsoff();
 					LED(selected + 1, 0);
 					// Finished recording
 					// If we were previously playing, set playing off
 					// so next button push begins playing what we recorded
 					playing = 0;
 					cardRead = 0;
 		}
 		// Change where to record (or begin playing)
@ -635,18 +640,18 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			cmd_send(CMD_ACK,0,0,0,0,0);
 			break;
 		case CMD_HID_DEMOD_FSK:
-			CmdHIDdemodFSK(c->arg[0], 0, 0, 1);					// Demodulate HID tag
+			CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
 			break;
 		case CMD_HID_SIM_TAG:
-			CmdHIDsimTAG(c->arg[0], c->arg[1], 1);					// Simulate HID tag by ID
+			CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
 			break;
-		case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
+		case CMD_HID_CLONE_TAG:
 			CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
 			break;
 		case CMD_IO_DEMOD_FSK:
-			CmdIOdemodFSK(c->arg[0], 0, 0, 1);					// Demodulate IO tag
+			CmdIOdemodFSK(c->arg[0], 0, 0, 1);
 			break;
-		case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
+		case CMD_IO_CLONE_TAG:
 			CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
 			break;
 		case CMD_EM410X_DEMOD:
@ -669,10 +674,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_LF_SIMULATE_BIDIR:
 			SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
 			break;
-		case CMD_INDALA_CLONE_TAG:					// Clone Indala 64-bit tag by UID to T55x7
+		case CMD_INDALA_CLONE_TAG:
 			CopyIndala64toT55x7(c->arg[0], c->arg[1]);					
 			break;
-		case CMD_INDALA_CLONE_TAG_L:					// Clone Indala 224-bit tag by UID to T55x7
+		case CMD_INDALA_CLONE_TAG_L:
 			CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
 			break;
 		case CMD_T55XX_READ_BLOCK:
@ -681,13 +686,12 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_T55XX_WRITE_BLOCK:
 			T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
 			break;
-		case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
+		case CMD_T55XX_READ_TRACE:
 			T55xxReadTrace();
 			break;
-		case CMD_PCF7931_READ: // Read PCF7931 tag
+		case CMD_PCF7931_READ:
 			ReadPCF7931();
 			cmd_send(CMD_ACK,0,0,0,0,0);
 //      	UsbSendPacket((uint8_t*)&ack, sizeof(ack));
 			break;
 		case CMD_EM4X_READ_WORD:
 			EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
@ -733,7 +737,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			ReaderIso15693(c->arg[0]);
 			break;
 		case CMD_SIMTAG_ISO_15693:
-			SimTagIso15693(c->arg[0]);
+			SimTagIso15693(c->arg[0], c->d.asBytes);
 			break;
 #endif
@ -782,6 +786,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_SIMULATE_TAG_ISO_14443a:
 			SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);  // ## Simulate iso14443a tag - pass tag type & UID
 			break;
 		case CMD_EPA_PACE_COLLECT_NONCE:
 			EPA_PACE_Collect_Nonce(c);
 			break;
@ -838,12 +843,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 		// Work with "magic Chinese" card
-		case CMD_MIFARE_EML_CSETBLOCK:
+		case CMD_MIFARE_CSETBLOCK:
 			MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
 			break;
-		case CMD_MIFARE_EML_CGETBLOCK:
+		case CMD_MIFARE_CGETBLOCK:
 			MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
 			break;
 		case CMD_MIFARE_CIDENT:
 			MifareCIdent();
 			break;
 		// mifare sniffer
 		case CMD_MIFARE_SNIFFER:
@ -894,18 +902,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 		case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
 //			UsbCommand n;
 //			if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
 //				n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
 //			} else {
 //				n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
 //			}
 //			n.arg[0] = c->arg[0];
      //			memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
      //			LED_B_ON();
      //      usb_write((uint8_t *)&n, sizeof(n));
      //			UsbSendPacket((uint8_t *)&n, sizeof(n));
      //			LED_B_OFF();
 			LED_B_ON();
 			for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
@ -919,9 +915,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
 			uint8_t *b = (uint8_t *)BigBuf;
-			memcpy(b+c->arg[0], c->d.asBytes, 48);
+			memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
 			//Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
 //			UsbSendPacket((uint8_t*)&ack, sizeof(ack));
 			cmd_send(CMD_ACK,0,0,0,0,0);
 			break;
 		}	
@ -979,7 +973,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_DEVICE_INFO: {
 			uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
 			if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
 //			UsbSendPacket((uint8_t*)&c, sizeof(c));
 			cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);	
 			break;
 		}
@ -1006,9 +999,8 @@ void  __attribute__((noreturn)) AppMain(void)
 	LED_B_OFF();
 	LED_A_OFF();
-  // Init USB device`
+	// Init USB device
  usb_enable();
 //	UsbStart();
 	// The FPGA gets its clock from us from PCK0 output, so set that up.
 	AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
@ -1044,8 +1036,6 @@ void  __attribute__((noreturn)) AppMain(void)
        UsbPacketReceived(rx,rx_len);
      }
    }
 //		UsbPoll(FALSE);
 		WDT_HIT();
 #ifdef WITH_LF
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -192,12 +192,13 @@ void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);  // Work with "magic Chinese" card
 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
 void MifareCIdent();  // is "magic chinese" card?
 /// iso15693.h
 void RecordRawAdcSamplesIso15693(void);
 void AcquireRawAdcSamplesIso15693(void);
 void ReaderIso15693(uint32_t parameter);	// Simulate an ISO15693 reader - greg
-void SimTagIso15693(uint32_t parameter);	// simulate an ISO15693 tag - greg
+void SimTagIso15693(uint32_t parameter, uint8_t *uid);	// simulate an ISO15693 tag - greg
 void BruteforceIso15693Afi(uint32_t speed); // find an AFI of a tag - atrox
 void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8_t data[]); // send arbitrary commands from CLI - atrox 
 void SetDebugIso15693(uint32_t flag);
--- a/armsrc/crapto1.c
+++ b/armsrc/crapto1.c
@ -44,12 +44,12 @@ static void quicksort(uint32_t* const start, uint32_t* const stop)
 		else if(*rit > *start)
 			--rit;
 		else
-			*it ^= (*it ^= *rit, *rit ^= *it);
+			*it ^= ( (*it ^= *rit ), *rit ^= *it);
 	if(*rit >= *start)
 		--rit;
 	if(rit != start)
-		*rit ^= (*rit ^= *start, *start ^= *rit);
+		*rit ^= ( (*rit ^= *start), *start ^= *rit);
 	quicksort(start, rit - 1);
 	quicksort(rit + 1, stop);
--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@ -185,6 +185,7 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
 	    || response_apdu[rapdu_length - 4] != 0x90
 	    || response_apdu[rapdu_length - 3] != 0x00)
 	{
 		Dbprintf("epa - no select cardaccess");
 		return -1;
 	}
@ -196,6 +197,7 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
 	    || response_apdu[rapdu_length - 4] != 0x90
 	    || response_apdu[rapdu_length - 3] != 0x00)
 	{
 		Dbprintf("epa - no read cardaccess");
 		return -1;
 	}
@ -223,7 +225,6 @@ static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
 	// send the USB packet
  cmd_send(CMD_ACK,step,func_return,0,0,0);
 //UsbSendPacket((void *)ack, sizeof(UsbCommand));
 }
 //-----------------------------------------------------------------------------
@ -243,7 +244,7 @@ void EPA_PACE_Collect_Nonce(UsbCommand *c)
 	 */
 	// return value of a function
-	int func_return;
+	int func_return = 0;
 //	// initialize ack with 0s
 //	memset(ack->arg, 0, 12);
@ -301,7 +302,6 @@ void EPA_PACE_Collect_Nonce(UsbCommand *c)
 	// save received information
 //	ack->arg[1] = func_return;
 //	memcpy(ack->d.asBytes, nonce, func_return);
 //	UsbSendPacket((void *)ack, sizeof(UsbCommand));
  cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
 }
@ -416,25 +416,27 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
 //-----------------------------------------------------------------------------
 int EPA_Setup()
 {
-	// return code
+
 	int return_code = 0;
 	// card UID
 	uint8_t uid[10];
-	// card select information
+	uint8_t pps_response[3];
 	uint8_t pps_response_par[1];
 	iso14a_card_select_t card_select_info;
 	// power up the field
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
 	iso14a_set_timeout(10500);
 	// select the card
 	return_code = iso14443a_select_card(uid, &card_select_info, NULL);
 	if (return_code != 1) {
 		Dbprintf("Epa: Can't select card");
 		return 1;
 	}
 	// send the PPS request
 	ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
 	uint8_t pps_response[3];
 	uint8_t pps_response_par[1];
 	return_code = ReaderReceive(pps_response, pps_response_par);
 	if (return_code != 3 || pps_response[0] != 0xD0) {
 		return return_code == 0 ? 2 : return_code;
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@ -990,18 +990,18 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
  // Disable timer during configuration	
 	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
-	// Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
+	// Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
 	// external trigger rising edge, load RA on rising edge of TIOA.
 	AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING;
 	// Enable and reset counter
 	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
 	// Reset the received frame, frame count and timing info
 	memset(rx,0x00,sizeof(rx));
 	frame_count = 0;
 	response = 0;
 	overflow = 0;
 	// Enable and reset counter
 	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
 	while(!BUTTON_PRESS()) {
 		// Watchdog hit
@ -1105,9 +1105,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
 	AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
 	AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-//	Dbprintf("frame received: %d",frame_count);
+	
-//	Dbprintf("Authentication Attempts: %d",(auth_table_len/8));
+	DbpString("Sim Stopped");
-//	DbpString("All done");
+	
 }
 void ReaderHitag(hitag_function htf, hitag_data* htd) {
@ -1158,7 +1158,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
 		case RHT2F_CRYPTO: {
 			DbpString("Authenticating using key:");
-			memcpy(key,htd->crypto.key,4);
+			memcpy(key,htd->crypto.key,4);	  //HACK; 4 or 6??  I read both in the code.
 			Dbhexdump(6,key,false);
      blocknr = 0;
 			bQuiet = false;
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@ -433,7 +433,6 @@ static RAMFUNC int ManchesterDecoding(int v)
 	else {
 		modulation = bit & Demod.syncBit;
 		modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
 		//modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
 		Demod.samples += 4;
@ -842,10 +841,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen)
        }
        if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
            uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-			/*if(OutOfNDecoding((b & 0xf0) >> 4)) {
+
 				*len = Uart.byteCnt;
 				return TRUE;
 			}*/
 			if(OutOfNDecoding(b & 0x0f)) {
 				*len = Uart.byteCnt;
 				return TRUE;
@ -1001,8 +997,6 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
 */
 int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf)
 {
 	// CSN followed by two CRC bytes
 	uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
 	uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0};
@ -1368,7 +1362,6 @@ void ReaderTransmitIClass(uint8_t* frame, int len)
 	int samples = 0;
 	// This is tied to other size changes
 	// 	uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
 	CodeIClassCommand(frame,len);
 	// Select the card
@ -1423,10 +1416,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
 			b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
 			skip = !skip;
 			if(skip) continue;
-			/*if(ManchesterDecoding((b>>4) & 0xf)) {
+		
 				*samples = ((c - 1) << 3) + 4;
 				return TRUE;
 			}*/
 			if(ManchesterDecoding(b & 0x0f)) {
 				*samples = c << 3;
 				return  TRUE;
--- a/armsrc/iso14443.c
+++ b/armsrc/iso14443.c
@ -293,8 +293,7 @@ static int GetIso14443CommandFromReader(uint8_t *received, int *len, int maxLen)
    // only, since we are receiving, not transmitting).
    // Signal field is off with the appropriate LED
    LED_D_OFF();
-    FpgaWriteConfWord(
+    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
    	FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
    // Now run a `software UART' on the stream of incoming samples.
@ -401,8 +400,7 @@ void SimulateIso14443Tag(void)
        // Modulate BPSK
        // Signal field is off with the appropriate LED
        LED_D_OFF();
-        FpgaWriteConfWord(
+        FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
        	FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
        AT91C_BASE_SSC->SSC_THR = 0xff;
        FpgaSetupSsc();
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -144,7 +144,6 @@ const uint8_t OddByteParity[256] = {
  1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
 };
 void iso14a_set_trigger(bool enable) {
 	trigger = enable;
 }
@ -310,6 +309,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
 	Uart.twoBits = (Uart.twoBits << 8) | bit;
 	if (Uart.state == STATE_UNSYNCD) {												// not yet synced
 		if (Uart.highCnt < 7) {													// wait for a stable unmodulated signal
 			if (Uart.twoBits == 0xffff) {
 				Uart.highCnt++;
@ -990,6 +990,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 			response1[1] = 0x00;
 			sak = 0x28;
 		} break;
 		case 5: { // MIFARE TNP3XXX
 			// Says: I am a toy
 			response1[0] = 0x01;
 			response1[1] = 0x0f;
 			sak = 0x01;
 		} break;		
 		default: {
 			Dbprintf("Error: unkown tagtype (%d)",tagType);
 			return;
@ -1123,7 +1129,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 			// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
 			p_response = NULL;
 		} else if(receivedCmd[0] == 0x50) {	// Received a HALT
-//			DbpString("Reader requested we HALT!:");
+
 			if (tracing) {
 				LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
 			}
@ -1308,13 +1314,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
 	// clear TXRDY
 	AT91C_BASE_SSC->SSC_THR = SEC_Y;
 	// for(uint16_t c = 0; c < 10;) {	// standard delay for each transfer (allow tag to be ready after last transmission)
 		// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
 			// AT91C_BASE_SSC->SSC_THR = SEC_Y;	
 			// c++;
 		// }
 	// }
 	uint16_t c = 0;
 	for(;;) {
 		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
@ -1327,7 +1326,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
 	}
 	NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
 }
@ -1669,7 +1667,6 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive
 void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
 {
 	CodeIso14443aBitsAsReaderPar(frame, bits, par);
 	// Send command to tag
@ -1744,7 +1741,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 	// Receive the ATQA
 	if(!ReaderReceive(resp, resp_par)) return 0;
 	//Dbprintf("atqa: %02x %02x",resp[1],resp[0]);
 	if(p_hi14a_card) {
 		memcpy(p_hi14a_card->atqa, resp, 2);
@ -1800,7 +1796,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 			memcpy(uid_resp, resp, 4);
 		}
 		uid_resp_len = 4;
 		//Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
 		// calculate crypto UID. Always use last 4 Bytes.
 		if(cuid_ptr) {
@ -1818,15 +1813,10 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 		if (!ReaderReceive(resp, resp_par)) return 0;
 		sak = resp[0];
-		// Test if more parts of the uid are comming
+    // Test if more parts of the uid are coming
 		if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
 			// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
 			// http://www.nxp.com/documents/application_note/AN10927.pdf
 			// This was earlier:
 			//memcpy(uid_resp, uid_resp + 1, 3);
 			// But memcpy should not be used for overlapping arrays, 
 			// and memmove appears to not be available in the arm build. 
 			// Therefore:
 			uid_resp[0] = uid_resp[1];
 			uid_resp[1] = uid_resp[2];
 			uid_resp[2] = uid_resp[3]; 
@ -1849,9 +1839,8 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 		p_hi14a_card->ats_len = 0;
 	}
-	if( (sak & 0x20) == 0) {
+	// non iso14443a compliant tag
-		return 2; // non iso14443a compliant tag
+	if( (sak & 0x20) == 0) return 2; 
 	}
 	// Request for answer to select
 	AppendCrc14443a(rats, 2);
@ -1859,6 +1848,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 	if (!(len = ReaderReceive(resp, resp_par))) return 0;
 	if(p_hi14a_card) {
 		memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
 		p_hi14a_card->ats_len = len;
@ -1866,7 +1856,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 	// reset the PCB block number
 	iso14_pcb_blocknum = 0;
 	return 1;	
 }
@ -1957,7 +1946,7 @@ void ReaderIso14443a(UsbCommand *c)
 	}
 	if(param & ISO14A_SET_TIMEOUT) {
-		iso14a_timeout = c->arg[2];
+		iso14a_set_timeout(c->arg[2]);
 	}
 	if(param & ISO14A_APDU) {
@ -2047,8 +2036,8 @@ void ReaderMifare(bool first_try)
 	uint32_t nt = 0;
 	uint32_t previous_nt = 0;
 	static uint32_t nt_attacked = 0;
-	byte_t par_list[8] = {0,0,0,0,0,0,0,0};
+	byte_t par_list[8] = {0x00};
-	byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
+	byte_t ks_list[8] = {0x00};
 	static uint32_t sync_time;
 	static uint32_t sync_cycles;
@ -2057,8 +2046,6 @@ void ReaderMifare(bool first_try)
 	uint16_t consecutive_resyncs = 0;
 	int isOK = 0;
 	if (first_try) { 
 		mf_nr_ar3 = 0;
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
--- a/armsrc/iso15693.c
+++ b/armsrc/iso15693.c
@ -263,13 +263,10 @@ static void TransmitTo15693Tag(const uint8_t *cmd, int len, int *samples, int *w
 //-----------------------------------------------------------------------------
 static void TransmitTo15693Reader(const uint8_t *cmd, int len, int *samples, int *wait)
 {
-    int c;
+    int c = 0;
-
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);
 //	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR);	// No requirement to energise my coils
 	if(*wait < 10) { *wait = 10; }
    c = 0;
    for(;;) {
        if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
            AT91C_BASE_SSC->SSC_THR = cmd[c];
@ -464,8 +461,7 @@ static int GetIso15693AnswerFromSniff(uint8_t *receivedResponse, int maxLen, int
 			AT91C_BASE_SSC->SSC_THR = 0x43;
 		}
 		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
-			int8_t b;
+			int8_t b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
 			b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
 			// The samples are correlations against I and Q versions of the
 			// tone that the tag AM-modulates, so every other sample is I,
@ -600,10 +596,10 @@ static void BuildIdentifyRequest(void);
 //-----------------------------------------------------------------------------
 void AcquireRawAdcSamplesIso15693(void)
 {
 	int c = 0;
 	uint8_t *dest = (uint8_t *)BigBuf;
 	int getNext = 0;
 	int c = 0;
 	int getNext = 0;
 	int8_t prev = 0;
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@ -682,10 +678,10 @@ void AcquireRawAdcSamplesIso15693(void)
 void RecordRawAdcSamplesIso15693(void)
 {
-	int c = 0;
+	uint8_t *dest =  (uint8_t *)BigBuf;
 	uint8_t *dest = (uint8_t *)BigBuf;
 	int getNext = 0;
 	int c = 0;
 	int getNext = 0;
 	int8_t prev = 0;
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@ -836,24 +832,25 @@ static void BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber )
 }
 // Now the VICC>VCD responses when we are simulating a tag
- static void BuildInventoryResponse(void)
+ static void BuildInventoryResponse( uint8_t *uid)
 {
 	uint8_t cmd[12];
 	uint16_t crc;
 	// one sub-carrier, inventory, 1 slot, fast rate
 	// AFI is at bit 5 (1<<4) when doing an INVENTORY
-	cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1);
+    //(1 << 2) | (1 << 5) | (1 << 1);
-	cmd[1] = 0;
+	cmd[0] = 0; // 
 	cmd[1] = 0; // DSFID (data storage format identifier).  0x00 = not supported
 	// 64-bit UID
-	cmd[2] = 0x32;
+	cmd[2] = uid[7]; //0x32;
-	cmd[3]= 0x4b;
+	cmd[3] = uid[6]; //0x4b;
-	cmd[4] = 0x03;
+	cmd[4] = uid[5]; //0x03;
-	cmd[5] = 0x01;
+	cmd[5] = uid[4]; //0x01;
-	cmd[6] = 0x00;
+	cmd[6] = uid[3]; //0x00;
-	cmd[7] = 0x10;
+	cmd[7] = uid[2]; //0x10;
-	cmd[8] = 0x05;
+	cmd[8] = uid[1]; //0x05;
-	cmd[9]= 0xe0;
+	cmd[9] = uid[0]; //0xe0;
 	//Now the CRC
 	crc = Crc(cmd, 10);
 	cmd[10] = crc & 0xff;
@ -1002,23 +999,27 @@ void ReaderIso15693(uint32_t parameter)
 	LED_C_OFF();
 	LED_D_OFF();
 //DbpString(parameter);
 	//uint8_t *answer0 = (((uint8_t *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)
 	uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
 	uint8_t *answer2 = (((uint8_t *)BigBuf) + 3760);
 	uint8_t *answer3 = (((uint8_t *)BigBuf) + 3860);
-	//uint8_t *TagUID= (((uint8_t *)BigBuf) + 3960);		// where we hold the uid for hi15reader
+
 //	int answerLen0 = 0;
 	int answerLen1 = 0;
 	int answerLen2 = 0;
 	int answerLen3 = 0;
-	int i=0; // counter
+	int i = 0;
 	int samples = 0;
 	int tsamples = 0;
 	int wait = 0;
 	int elapsed = 0;
 	uint8_t TagUID[8] = {0x00};
 	// Blank arrays
-	memset(BigBuf + 3660, 0, 300);
+	memset(BigBuf + 3660, 0x00, 300);
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	// Setup SSC
 	FpgaSetupSsc();
@ -1026,9 +1027,6 @@ void ReaderIso15693(uint32_t parameter)
    	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    	SpinDelay(200);
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	FpgaSetupSsc();
 	// Give the tags time to energize
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
 	SpinDelay(200);
@ -1038,44 +1036,19 @@ void ReaderIso15693(uint32_t parameter)
 	LED_C_OFF();
 	LED_D_OFF();
 	int samples = 0;
 	int tsamples = 0;
 	int wait = 0;
 	int elapsed = 0;
 	// FIRST WE RUN AN INVENTORY TO GET THE TAG UID
 	// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME
 	 uint8_t TagUID[8] = {0, 0, 0, 0, 0, 0, 0, 0};		// where we hold the uid for hi15reader
 //	BuildIdentifyRequest();
 //	//TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
 //	TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3
 //	// Now wait for a response
 //	responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ;
 //	if (responseLen0 >=12) // we should do a better check than this
 //	{
 //		// really we should check it is a valid mesg
 //		// but for now just grab what we think is the uid
 //		TagUID[0] = receivedAnswer0[2];
 //		TagUID[1] = receivedAnswer0[3];
 //		TagUID[2] = receivedAnswer0[4];
 //		TagUID[3] = receivedAnswer0[5];
 //		TagUID[4] = receivedAnswer0[6];
 //		TagUID[5] = receivedAnswer0[7];
 //		TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code
 //	DbpIntegers(TagUID[6],TagUID[5],TagUID[4]);
 //}
 	// Now send the IDENTIFY command
 	BuildIdentifyRequest();
-	//TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
+	
-	TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3
+	TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);
 	// Now wait for a response
 	answerLen1 = GetIso15693AnswerFromTag(answer1, 100, &samples, &elapsed) ;
 	if (answerLen1 >=12) // we should do a better check than this
 	{
 		TagUID[0] = answer1[2];
 		TagUID[1] = answer1[3];
 		TagUID[2] = answer1[4];
@ -1085,23 +1058,6 @@ void ReaderIso15693(uint32_t parameter)
 		TagUID[6] = answer1[8]; // IC Manufacturer code
 		TagUID[7] = answer1[9]; // always E0
 		// Now send the SELECT command
 		// since the SELECT command is optional, we should not rely on it.
 ////				BuildSelectRequest(TagUID);
 //		TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3
 		// Now wait for a response
 ///		answerLen2 = GetIso15693AnswerFromTag(answer2, 100, &samples, &elapsed);
 		// Now send the MULTI READ command
 //		BuildArbitraryRequest(*TagUID,parameter);
 ///		BuildArbitraryCustomRequest(TagUID,parameter);
 //		BuildReadBlockRequest(*TagUID,parameter);
 //		BuildSysInfoRequest(*TagUID);
 		//TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
 ///		TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3
 		// Now wait for a response
 ///		answerLen3 = GetIso15693AnswerFromTag(answer3, 100, &samples, &elapsed) ;
 	}
 	Dbprintf("%d octets read from IDENTIFY request:", answerLen1);
@ -1110,9 +1066,9 @@ void ReaderIso15693(uint32_t parameter)
 	// UID is reverse
 	if (answerLen1>=12) 
-		//Dbprintf("UID = %*D",8,TagUID," ");
+		Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",
-		Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",TagUID[7],TagUID[6],TagUID[5],
+			TagUID[7],TagUID[6],TagUID[5],TagUID[4],
-			TagUID[4],TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
+			TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
 	Dbprintf("%d octets read from SELECT request:", answerLen2);
@ -1123,7 +1079,6 @@ void ReaderIso15693(uint32_t parameter)
 	DbdecodeIso15693Answer(answerLen3,answer3);
 	Dbhexdump(answerLen3,answer3,true);
 	// read all pages
 	if (answerLen1>=12 && DEBUG) {
 		i=0;			
@ -1141,13 +1096,6 @@ void ReaderIso15693(uint32_t parameter)
 		} 
 	}
 //	str2[0]=0;
 //	for(i = 0; i < responseLen3; i++) {
 //		itoa(str1,receivedAnswer3[i]);
 //		strncat(str2,str1,8);
 //	}
 //	DbpString(str2);
 	LED_A_OFF();
 	LED_B_OFF();
 	LED_C_OFF();
@ -1156,32 +1104,31 @@ void ReaderIso15693(uint32_t parameter)
 // Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands
 // all demodulation performed in arm rather than host. - greg
-void SimTagIso15693(uint32_t parameter)
+void SimTagIso15693(uint32_t parameter, uint8_t *uid)
 {
 	LED_A_ON();
 	LED_B_ON();
 	LED_C_OFF();
 	LED_D_OFF();
-	uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
+	uint8_t *buf = (((uint8_t *)BigBuf) + 3660); //
 	int answerLen1 = 0;
 	int samples = 0;
 	int tsamples = 0;
 	int wait = 0;
 	int elapsed = 0;
-	// Blank arrays
+	memset(buf, 0x00, 100);
 	memset(answer1, 0, 100);
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
-	// Setup SSC
+
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	FpgaSetupSsc();
 	// Start from off (no field generated)
    	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    	SpinDelay(200);
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	FpgaSetupSsc();
 	// Give the tags time to energize
 //	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);	// NO GOOD FOR SIM TAG!!!!
 	SpinDelay(200);
 	LED_A_OFF();
@ -1189,24 +1136,26 @@ void SimTagIso15693(uint32_t parameter)
 	LED_C_ON();
 	LED_D_OFF();
-	int samples = 0;
+	// Listen to reader
-	int tsamples = 0;
+	answerLen1 = GetIso15693AnswerFromSniff(buf, 100, &samples, &elapsed) ;
 	int wait = 0;
 	int elapsed = 0;
 	answerLen1 = GetIso15693AnswerFromSniff(answer1, 100, &samples, &elapsed) ;
 	if (answerLen1 >=1) // we should do a better check than this
 	{
 		// Build a suitable reponse to the reader INVENTORY cocmmand
-		BuildInventoryResponse();
+		// not so obsvious, but in the call to BuildInventoryResponse,  the command is copied to the global ToSend buffer used below.
 		BuildInventoryResponse(uid);
 		TransmitTo15693Reader(ToSend,ToSendMax, &tsamples, &wait);
 	}
 	Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1,
-		answer1[0], answer1[1], answer1[2],
+		buf[0], buf[1], buf[2],	buf[3],
-		answer1[3], answer1[4], answer1[5],
+		buf[4], buf[5],	buf[6], buf[7], buf[8]);
-		answer1[6], answer1[7], answer1[8]);
+
 	Dbprintf("Simulationg uid: %x %x %x %x %x %x %x %x",
 		uid[0], uid[1], uid[2],	uid[3],
 		uid[4], uid[5],	uid[6], uid[7]);
 	LED_A_OFF();
 	LED_B_OFF();
@ -1275,12 +1224,8 @@ void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8
 	recvlen=SendDataTag(data,datalen,1,speed,(recv?&recvbuf:NULL));
 	if (recv) { 
 //		n.cmd=/* CMD_ISO_15693_COMMAND_DONE */ CMD_ACK;
 //		n.arg[0]=recvlen>48?48:recvlen;
 //		memcpy(n.d.asBytes, recvbuf, 48);
 		LED_B_ON();
    cmd_send(CMD_ACK,recvlen>48?48:recvlen,0,0,recvbuf,48);
 //		UsbSendPacket((uint8_t *)&n, sizeof(n));
 		LED_B_OFF();	
 		if (DEBUG) {
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -179,8 +179,6 @@ void ReadTItag(void)
    signed char *dest = (signed char *)BigBuf;
    int n = sizeof(BigBuf);
    //	int *dest = GraphBuffer;
    //	int n = GraphTraceLen;
    // 128 bit shift register [shift3:shift2:shift1:shift0]
    uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0;
@ -625,6 +623,7 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
    if (ledcontrol)
        LED_A_ON();
    SimulateTagLowFrequency(n, 0, ledcontrol);
    if (ledcontrol)
@ -1337,7 +1336,6 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
 // Clone Indala 64-bit tag by UID to T55x7
 void CopyIndala64toT55x7(int hi, int lo)
 {
    //Program the 2 data blocks for supplied 64bit UID
    // and the block 0 for Indala64 format
    T55xxWriteBlock(hi,1,0,0);
@ -1351,12 +1349,10 @@ void CopyIndala64toT55x7(int hi, int lo)
    //	T5567WriteBlock(0x603E1042,0);
    DbpString("DONE!");
 }	
 void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7)
 {
    //Program the 7 data blocks for supplied 224bit UID
    // and the block 0 for Indala224 format
    T55xxWriteBlock(uid1,1,0,0);
@ -1375,7 +1371,6 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
    //	T5567WriteBlock(0x603E10E2,0);
    DbpString("DONE!");
 }
@ -1525,7 +1520,6 @@ int IsBlock1PCF7931(uint8_t *Block) {
    return 0;
 }
 #define ALLOC 16
 void ReadPCF7931() {
@ -1785,6 +1779,7 @@ void SendForward(uint8_t fwd_bit_count) {
    }
 }
 void EM4xLogin(uint32_t Password) {
    uint8_t fwd_bit_count;
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -2,6 +2,9 @@
 // Merlok - June 2011, 2012
 // Gerhard de Koning Gans - May 2008
 // Hagen Fritsch - June 2010
 // Midnitesnake - Dec 2013
 // Andy Davies  - Apr 2014
 // Iceman - May 2014
 //
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
 // at your option, any later version. See the LICENSE.txt file for the text of
@ -36,8 +39,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	// clear trace
 	iso14a_clear_trace();
 //	iso14a_set_tracing(false);
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	LED_A_ON();
@ -81,8 +82,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	// Thats it...
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
 //  iso14a_set_tracing(TRUE);
 }
 void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
@ -129,14 +128,10 @@ void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
 	LED_B_ON();
    cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
 	LED_B_OFF();
    // Thats it...
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
 }
 //-----------------------------------------------------------------------------
 // Select, Authenticate, Read a MIFARE tag. 
 // read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)
@ -150,7 +145,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	ui64Key = bytes_to_num(datain, 6);
 	// variables
-	byte_t isOK;
+	byte_t isOK = 0;
 	byte_t dataoutbuf[16 * 16];
 	uint8_t uid[10];
 	uint32_t cuid;
@ -160,7 +155,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	// clear trace
 	iso14a_clear_trace();
 //	iso14a_set_tracing(false);
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -192,7 +186,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 		if (MF_DBGLEVEL >= 1)	Dbprintf("Halt error");
 	}
 	//  ----------------------------- crypto1 destroy
 	crypto1_destroy(pcs);
@ -205,7 +198,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	// Thats it...
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
 //  iso14a_set_tracing(TRUE);
 }
@ -222,7 +214,6 @@ void MifareUReadCard(uint8_t arg0, uint8_t *datain)
        // clear trace
        iso14a_clear_trace();
 //      iso14a_set_tracing(false);
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -288,7 +279,6 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	// clear trace
 	iso14a_clear_trace();
 //  iso14a_set_tracing(false);
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -334,11 +324,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 	// Thats it...
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
 //  iso14a_set_tracing(TRUE);
 }
 void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
 {
        // params
@ -355,7 +342,6 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
        // clear trace
        iso14a_clear_trace();
 	//  iso14a_set_tracing(false);
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -396,7 +382,6 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
 //  iso14a_set_tracing(TRUE);
 }
 void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
 {
 	// params
@ -412,7 +397,6 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
 	// clear trace
 	iso14a_clear_trace();
 	//  iso14a_set_tracing(false);
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -446,15 +430,11 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
 	cmd_send(CMD_ACK,isOK,0,0,0,0);
 	LED_B_OFF();
 	// Thats it...
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
 //  iso14a_set_tracing(TRUE);
 }
 // Return 1 if the nonce is invalid else return 0
 int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {
 	return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \
@ -510,6 +490,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
 	// statistics on nonce distance
 	if (calibrate) {	// for first call only. Otherwise reuse previous calibration
 		LED_B_ON();
 		WDT_HIT();
 		davg = dmax = 0;
 		dmin = 2000;
@ -733,7 +714,6 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
    cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);
 	LED_B_OFF();
  // Thats it...
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
@ -750,7 +730,6 @@ void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	Dbprintf("Debug level: %d", MF_DBGLEVEL);
 }
 //-----------------------------------------------------------------------------
 // Work with emulator memory
 // 
@ -759,23 +738,19 @@ void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
 	emlClearMem();
 }
 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
 	emlSetMem(datain, arg0, arg1); // data, block num, blocks count
 }
 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
-
+	byte_t buf[USB_CMD_DATA_SIZE];
 	byte_t buf[48];
 	emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)
 	LED_B_ON();
-	cmd_send(CMD_ACK,arg0,arg1,0,buf,48);
+	cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);
 	LED_B_OFF();
 }
 //-----------------------------------------------------------------------------
 // Load a card into the emulator memory
 // 
@ -884,32 +859,26 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	// variables
 	byte_t isOK = 0;
-	uint8_t uid[10];
+	uint8_t uid[10] = {0x00};
-	uint8_t d_block[18];
+	uint8_t d_block[18] = {0x00};
 	uint32_t cuid;
 	memset(uid, 0x00, 10);
 	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 	// reset FPGA and LED
 	if (workFlags & 0x08) {
 		// clear trace
 		iso14a_clear_trace();
 		iso14a_set_tracing(TRUE);
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 		LED_A_ON();
 		LED_B_OFF();
 		LED_C_OFF();
-		SpinDelay(300);
+		iso14a_clear_trace();
-		FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+		iso14a_set_tracing(TRUE);
-		SpinDelay(100);
+		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 		FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
 	}
 	while (true) {
 		// get UID from chip
 		if (workFlags & 0x01) {
 			if(!iso14443a_select_card(uid, NULL, &cuid)) {
@ -988,7 +957,6 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	LED_B_OFF();
 	if ((workFlags & 0x10) || (!isOK)) {
 		// Thats it...
 		FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 		LEDsoff();
 	}
@ -1011,28 +979,20 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	// variables
 	byte_t isOK = 0;
-	uint8_t data[18];
+	uint8_t data[18] = {0x00};
 	uint32_t cuid = 0;
 	memset(data, 0x00, 18);
 	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 	if (workFlags & 0x08) {
 		// clear trace
 		iso14a_clear_trace();
 		iso14a_set_tracing(TRUE);
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 		LED_A_ON();
 		LED_B_OFF();
 		LED_C_OFF();
-		SpinDelay(300);
+		iso14a_clear_trace();
-		FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+		iso14a_set_tracing(TRUE);
-		SpinDelay(100);
+		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 		FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
 	}
 	while (true) {
@ -1073,9 +1033,40 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	LED_B_OFF();
 	if ((workFlags & 0x10) || (!isOK)) {
 		// Thats it...
 		FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 		LEDsoff();
 	}
 }
 void MifareCIdent(){
 	// card commands
 	uint8_t wupC1[]       = { 0x40 }; 
 	uint8_t wupC2[]       = { 0x43 }; 
 	// variables
 	byte_t isOK = 1;
 	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 	ReaderTransmitBitsPar(wupC1,7,0, NULL);
 	if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
 		isOK = 0;
 	};
 	ReaderTransmit(wupC2, sizeof(wupC2), NULL);
 	if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
 		isOK = 0;
 	};
 	if (mifare_classic_halt(NULL, 0)) {
 		isOK = 0;
 	};
 	cmd_send(CMD_ACK,isOK,0,0,0,0);
 }
 			//
 // DESFIRE
 //
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@ -54,10 +54,12 @@ void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, u
 	uint8_t bt = 0;
 	int i;
 	par[0] = 0;
 	for (i = 0; i < len; i++) {
 		bt = data[i];
 		data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];
-		if((i&0x0007) == 0) par[i>>3] = 0;
+		if((i&0x0007) == 0) 
 			par[i>>3] = 0;
 		par[i>>3] |= (((filter(pcs->odd) ^ oddparity(bt)) & 0x01)<<(7-(i&0x0007)));
 	}	
 	return;
@ -81,9 +83,7 @@ int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd,
 int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
 {
-    uint8_t dcmd[8];//, ecmd[4];
+	uint8_t dcmd[8];
    //uint32_t par=0;
    dcmd[0] = cmd;
    dcmd[1] = data[0];
 	dcmd[2] = data[1];
@ -91,10 +91,6 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
 	dcmd[4] = data[3];
 	dcmd[5] = data[4];
 	AppendCrc14443a(dcmd, 6);
 	//Dbprintf("Data command: %02x", dcmd[0]);
 	//Dbprintf("Data R: %02x %02x %02x %02x %02x %02x %02x", dcmd[1],dcmd[2],dcmd[3],dcmd[4],dcmd[5],dcmd[6],dcmd[7]);
        //memcpy(ecmd, dcmd, sizeof(dcmd));
 	ReaderTransmit(dcmd, sizeof(dcmd), NULL);
 	int len = ReaderReceive(answer, answer_parity);
 	if(!len)
@ -165,7 +161,7 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN
 	int len;	
 	uint32_t pos;
 	uint8_t tmp4[4];
-	uint8_t par[1] = {0};
+	uint8_t par[1] = {0x00};
 	byte_t nr[4];
 	uint32_t nt, ntpp; // Supplied tag nonce
@ -210,7 +206,6 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN
 	if (ntptr)
 		*ntptr = nt;
 	// Generate (encrypted) nr+parity by loading it into the cipher (Nr)
 	par[0] = 0;
 	for (pos = 0; pos < 4; pos++)
@ -292,6 +287,7 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 	// command MIFARE_CLASSIC_READBLOCK
 	len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
 	if (len == 1) {
@ -318,7 +314,7 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
 {
 	// variables
-	int len, i;	
+	uint16_t len, i;	
 	uint32_t pos;
 	uint8_t par[3] = {0};		// enough for 18 Bytes to send
 	byte_t res;
@ -365,9 +361,8 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl
 int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
 {
    // variables
-    uint16_t len;     
+    uint16_t len;     
-    uint8_t par[3] = {0};  // enough for 18 parity bits
+    uint8_t par[3] = {0};  // enough for 18 parity bits
    uint8_t d_block[18];
    uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@ -399,8 +394,7 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 {
-    uint16_t len;
+    uint16_t len;
    uint8_t d_block[8];
    uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@ -418,16 +412,13 @@ int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *bloc
        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
        return 1;
    }
-
+
    return 0;
 }
 int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid) 
 {
 	// variables
 	uint16_t len;	
 	// Mifare HALT
 	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@ -442,13 +433,11 @@ int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
 int mifare_ultra_halt(uint32_t uid)
 {
-	uint16_t len;
+	uint16_t len;
 	// Mifare HALT
 	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
-	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
-	len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
+	len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
 	if (len != 0) {
 		if (MF_DBGLEVEL >= 1)	Dbprintf("halt error. response len: %x", len);
 		return 1;
@ -480,20 +469,17 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo)
 // work with emulator memory
 void emlSetMem(uint8_t *data, int blockNum, int blocksCount) {
-	uint8_t* emCARD = get_bigbufptr_emlcardmem();
+	uint8_t* emCARD = get_bigbufptr_emlcardmem();
 	memcpy(emCARD + blockNum * 16, data, blocksCount * 16);
 }
 void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {
 	uint8_t* emCARD = get_bigbufptr_emlcardmem();
 	memcpy(data, emCARD + blockNum * 16, blocksCount * 16);
 }
 void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount) {
 	uint8_t* emCARD = get_bigbufptr_emlcardmem();
 	memcpy(data, emCARD + bytePtr, byteCount);
 }
@ -522,7 +508,6 @@ int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) {
 	memcpy(blReg, data, 4);
 	*blBlock = data[12];
 	return 0;
 }
--- a/armsrc/string.c
+++ b/armsrc/string.c
@ -48,6 +48,11 @@ int memcmp(const void *av, const void *bv, int len)
 	return 0;
 }
 void memxor(uint8_t * dest, uint8_t * src, size_t len) {
   for( ; len > 0; len--,dest++,src++)
       *dest ^= *src;
 }
 int strlen(const char *str)
 {
 	int l = 0;
--- a/armsrc/string.h
+++ b/armsrc/string.h
@ -12,10 +12,14 @@
 #ifndef __STRING_H
 #define __STRING_H
 #include <stdint.h>
 #include <util.h>
 int strlen(const char *str);
-void *memcpy(void *dest, const void *src, int len);
+RAMFUNC void *memcpy(void *dest, const void *src, int len);
 void *memset(void *dest, int c, int len);
-int memcmp(const void *av, const void *bv, int len);
+RAMFUNC int memcmp(const void *av, const void *bv, int len);
 void memxor(uint8_t * dest, uint8_t * src, size_t len);
 char *strncat(char *dest, const char *src, unsigned int n);
 char *strcat(char *dest, const char *src);
 void strreverse(char s[]);
--- a/client/Makefile
+++ b/client/Makefile
@ -13,9 +13,9 @@ CXX=g++
 VPATH = ../common
 OBJDIR = obj
-LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread ../liblua/liblua.a
+LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lm -lreadline -lpthread -lcrypto
 LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 
+CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 
 LUAPLATFORM = generic
 ifneq (,$(findstring MINGW,$(platform)))
--- a/client/cmddata.c
+++ b/client/cmddata.c
@ -329,7 +329,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd)
 //prints binary found and saves in graphbuffer for further commands
 int Cmdaskrawdemod(const char *Cmd)
 {
-  uint32_t i;
+  
  int invert=0; 
  int clk=0; 
  uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
@ -340,7 +340,7 @@ int Cmdaskrawdemod(const char *Cmd)
  }
  int BitLen = getFromGraphBuf(BitStream);
  int errCnt=0;
-  errCnt = askrawdemod(BitStream, &BitLen,&clk,&invert);
+  errCnt = askrawdemod(BitStream, &BitLen, &clk, &invert);
  if (errCnt==-1){  //throw away static - allow 1 and -1 (in case of threshold command first)
    PrintAndLog("no data found"); 
    return 0;
@ -349,19 +349,14 @@ int Cmdaskrawdemod(const char *Cmd)
  PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
    //PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
    //move BitStream back to GraphBuffer
-    
+	setGraphBuf(BitStream, BitLen);
-  ClearGraph(0);
+	
  for (i=0; i < BitLen; ++i){
    GraphBuffer[i]=BitStream[i];
  }
  GraphTraceLen=BitLen;
  RepaintGraphWindow();
    //output
  if (errCnt>0){
    PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
  }
  PrintAndLog("ASK demoded bitstream:");
  // Now output the bitstream to the scrollback by line of 16 bits
  printBitStream(BitStream,BitLen);
@ -477,10 +472,6 @@ int CmdBitstream(const char *Cmd)
      bit ^= 1;
    AppendGraph(0, clock, bit);
  //    for (j = 0; j < (int)(clock/2); j++)
  //      GraphBuffer[(i * clock) + j] = bit ^ 1;
  //    for (j = (int)(clock/2); j < clock; j++)
  //      GraphBuffer[(i * clock) + j] = bit;
  }
  RepaintGraphWindow();
@ -510,8 +501,6 @@ int CmdDec(const char *Cmd)
 int CmdDetectClockRate(const char *Cmd)
 {
  GetClock("",0,0);
  //int clock = DetectASKClock(0);
  //PrintAndLog("Auto-detected clock rate: %d", clock);
  return 0;
 }
@ -773,8 +762,7 @@ int CmdFSKdemod(const char *Cmd) //old CmdFSKdemod needs updating
  PrintAndLog("actual data bits start at sample %d", maxPos);
  PrintAndLog("length %d/%d", highLen, lowLen);
-  uint8_t bits[46];
+  uint8_t bits[46] = {0x00};
  bits[sizeof(bits)-1] = '\0';
  // find bit pairs and manchester decode them
  for (i = 0; i < arraylen(bits) - 1; ++i) {
@ -881,22 +869,21 @@ int CmdHpf(const char *Cmd)
 int CmdSamples(const char *Cmd)
 {
-  int cnt = 0;
+	uint8_t got[40000] = {0x00};
  int n;
  uint8_t got[40000];
-  n = strtol(Cmd, NULL, 0);
+	int n = strtol(Cmd, NULL, 0);
-  if (n == 0) n = 6000;
+	if (n == 0) 
-  if (n > sizeof(got)) n = sizeof(got);
+		n = 20000;
 	if (n > sizeof(got)) 
 		n = sizeof(got);
-  PrintAndLog("Reading %d samples\n", n);
+	PrintAndLog("Reading %d samples from device memory\n", n);
  GetFromBigBuf(got,n,0);
  WaitForResponse(CMD_ACK,NULL);
-  for (int j = 0; j < n; j++) {
+	for (int j = 0; j < n; ++j) {
-    GraphBuffer[cnt++] = ((int)got[j]) - 128;
+		GraphBuffer[j] = ((int)got[j]) - 128;
  }
  PrintAndLog("Done!\n");
  GraphTraceLen = n;
  RepaintGraphWindow();
  return 0;
@ -904,21 +891,52 @@ int CmdSamples(const char *Cmd)
 int CmdTuneSamples(const char *Cmd)
 {
-  int cnt = 0;
+	int timeout = 0;
-  int n = 255;
+	printf("\nMeasuring antenna characteristics, please wait...");
  uint8_t got[255];
-  PrintAndLog("Reading %d samples\n", n);
+	UsbCommand c = {CMD_MEASURE_ANTENNA_TUNING};
-  GetFromBigBuf(got,n,7256); // armsrc/apps.h: #define FREE_BUFFER_OFFSET 7256
+	SendCommand(&c);
-  WaitForResponse(CMD_ACK,NULL);
+
-  for (int j = 0; j < n; j++) {
+	UsbCommand resp;
-    GraphBuffer[cnt++] = ((int)got[j]) - 128;
+	while(!WaitForResponseTimeout(CMD_MEASURED_ANTENNA_TUNING,&resp,1000)) {
 		timeout++;
 		printf(".");
 		if (timeout > 7) {
 			PrintAndLog("\nNo response from Proxmark. Aborting...");
 			return 1;
 		}
 	}
 	int peakv, peakf;
 	int vLf125, vLf134, vHf;
 	vLf125 = resp.arg[0] & 0xffff;
 	vLf134 = resp.arg[0] >> 16;
 	vHf = resp.arg[1] & 0xffff;;
 	peakf = resp.arg[2] & 0xffff;
 	peakv = resp.arg[2] >> 16;
 	PrintAndLog("");
 	PrintAndLog("# LF antenna: %5.2f V @   125.00 kHz", vLf125/1000.0);
 	PrintAndLog("# LF antenna: %5.2f V @   134.00 kHz", vLf134/1000.0);
 	PrintAndLog("# LF optimal: %5.2f V @%9.2f kHz", peakv/1000.0, 12000.0/(peakf+1));
 	PrintAndLog("# HF antenna: %5.2f V @    13.56 MHz", vHf/1000.0);
 	if (peakv<2000)
 		PrintAndLog("# Your LF antenna is unusable.");
 	else if (peakv<10000)
 		PrintAndLog("# Your LF antenna is marginal.");
 	if (vHf<2000)
 		PrintAndLog("# Your HF antenna is unusable.");
 	else if (vHf<5000)
 		PrintAndLog("# Your HF antenna is marginal.");
 	for (int i = 0; i < 256; i++) {
 		GraphBuffer[i] = resp.d.asBytes[i] - 128;
  }
  PrintAndLog("Done! Divisor 89 is 134khz, 95 is 125khz.\n");
  PrintAndLog("\n");
-  GraphTraceLen = n;
+	GraphTraceLen = 256;
-  RepaintGraphWindow();
+	ShowGraphWindow();
  return 0;
 }
@ -1340,8 +1358,8 @@ static command_t CommandTable[] =
  {"help",          CmdHelp,            1, "This help"},
  {"amp",           CmdAmp,             1, "Amplify peaks"},
  {"askdemod",      Cmdaskdemod,        1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
-  {"askmandemod",   Cmdaskmandemod,     1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional[clock will try Auto-detect])"},
+  {"askmandemod",   Cmdaskmandemod,     1, "[clock] [invert <0|1>] -- Attempt to demodulate ASK/Manchester tags and output binary"},
-  {"askrawdemod",   Cmdaskrawdemod,     1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK tags and output binary (args optional[clock will try Auto-detect])"},
+  {"askrawdemod",   Cmdaskrawdemod,     1, "[clock] [invert <0|1>] -- Attempt to demodulate ASK tags and output binary"},
  {"autocorr",      CmdAutoCorr,        1, "<window length> -- Autocorrelation over window"},
  {"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] Biphase decode binary stream already in graph buffer (offset = bit to start decode from)"},
  {"bitsamples",    CmdBitsamples,      0, "Get raw samples as bitstring"},
--- a/client/cmdhf.c
+++ b/client/cmdhf.c
@ -10,7 +10,6 @@
 #include <stdio.h>
 #include <string.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "graph.h"
 #include "ui.h"
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@ -27,6 +27,108 @@
 static int CmdHelp(const char *Cmd);
 static void waitCmd(uint8_t iLen);
 // structure and database for uid -> tagtype lookups 
 typedef struct { 
 	uint8_t uid;
 	char* desc;
 } manufactureName; 
 const manufactureName manufactureMapping[] = {
 	// ID,  "Vendor Country"
 	{ 0x01, "Motorola UK" },
 	{ 0x02, "ST Microelectronics SA France" },
 	{ 0x03, "Hitachi, Ltd Japan" }, 
 	{ 0x04, "NXP Semiconductors Germany" }, 
 	{ 0x05, "Infineon Technologies AG Germany" }, 
 	{ 0x06, "Cylink USA" }, 
 	{ 0x07, "Texas Instrument France" },
 	{ 0x08, "Fujitsu Limited Japan" }, 
 	{ 0x09, "Matsushita Electronics Corporation, Semiconductor Company Japan" }, 
 	{ 0x0A, "NEC Japan" }, 
 	{ 0x0B, "Oki Electric Industry Co. Ltd Japan" },
 	{ 0x0C, "Toshiba Corp. Japan" },
 	{ 0x0D, "Mitsubishi Electric Corp. Japan" },
 	{ 0x0E, "Samsung Electronics Co. Ltd Korea" },
 	{ 0x0F, "Hynix / Hyundai, Korea" },
 	{ 0x10, "LG-Semiconductors Co. Ltd Korea" },
 	{ 0x11, "Emosyn-EM Microelectronics USA" },
 	{ 0x12, "INSIDE Technology France" },
 	{ 0x13, "ORGA Kartensysteme GmbH Germany" },
 	{ 0x14, "SHARP Corporation Japan" },
 	{ 0x15, "ATMEL France" },
 	{ 0x16, "EM Microelectronic-Marin SA Switzerland" },
 	{ 0x17, "KSW Microtec GmbH Germany" },
 	{ 0x18, "ZMD AG Germany" },
 	{ 0x19, "XICOR, Inc. USA" },
 	{ 0x1A, "Sony Corporation Japan Identifier Company Country" },
 	{ 0x1B, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" },
 	{ 0x1C, "Emosyn USA" },
 	{ 0x1D, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" },
 	{ 0x1E, "Magellan Technology Pty Limited Australia" },
 	{ 0x1F, "Melexis NV BO Switzerland" },
 	{ 0x20, "Renesas Technology Corp. Japan" },
 	{ 0x21, "TAGSYS France" },
 	{ 0x22, "Transcore USA" },
 	{ 0x23, "Shanghai belling corp., ltd. China" },
 	{ 0x24, "Masktech Germany Gmbh Germany" },
 	{ 0x25, "Innovision Research and Technology Plc UK" },
 	{ 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" },
 	{ 0x27, "Cypak AB Sweden" },
 	{ 0x28, "Ricoh Japan" },
 	{ 0x29, "ASK France" },
 	{ 0x2A, "Unicore Microsystems, LLC Russian Federation" },
 	{ 0x2B, "Dallas Semiconductor/Maxim USA" },
 	{ 0x2C, "Impinj, Inc. USA" },
 	{ 0x2D, "RightPlug Alliance USA" },
 	{ 0x2E, "Broadcom Corporation USA" },
 	{ 0x2F, "MStar Semiconductor, Inc Taiwan, ROC" },
 	{ 0x30, "BeeDar Technology Inc. USA" },
 	{ 0x31, "RFIDsec Denmark" },
 	{ 0x32, "Schweizer Electronic AG Germany" },
 	{ 0x33, "AMIC Technology Corp Taiwan" }, 
 	{ 0x34, "Mikron JSC Russia" },
 	{ 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" },
 	{ 0x36, "IDS Microchip AG Switzerland" },
 	{ 0x37, "Kovio USA" },
 	{ 0x38, "HMT Microelectronic Ltd Switzerland Identifier Company Country" },
 	{ 0x39, "Silicon Craft Technology Thailand" },
 	{ 0x3A, "Advanced Film Device Inc. Japan" },
 	{ 0x3B, "Nitecrest Ltd UK" },
 	{ 0x3C, "Verayo Inc. USA" },
 	{ 0x3D, "HID Global USA" },
 	{ 0x3E, "Productivity Engineering Gmbh Germany" },
 	{ 0x3F, "Austriamicrosystems AG (reserved) Austria" }, 
 	{ 0x40, "Gemalto SA France" },
 	{ 0x41, "Renesas Electronics Corporation Japan" },
 	{ 0x42, "3Alogics Inc Korea" },
 	{ 0x43, "Top TroniQ Asia Limited Hong Kong" },
 	{ 0x44, "Gentag Inc (USA) USA" },
 	{ 0x00, "no tag-info available" } // must be the last entry
 };
 // get a product description based on the UID
 //		uid[8] 	tag uid
 // returns description of the best match	
 static char* getTagInfo(uint8_t uid) {
 	int i, best = -1;	
 	int len = sizeof(manufactureMapping) / sizeof(manufactureName);
 	for ( i = 0; i < len; ++i ) {
 		if ( uid == manufactureMapping[i].uid) {
 			if (best == -1) { 
 				best = i;
 			} 
 		} 
 	} 
 	if (best>=0) return manufactureMapping[best].desc;
 	return manufactureMapping[i].desc; 
 }
 int CmdHF14AList(const char *Cmd)
 {
 	PrintAndLog("Deprecated command, use 'hf list 14a' instead");
@ -65,8 +167,14 @@ int CmdHF14AReader(const char *Cmd)
 	PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
 	PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
 	// Double & triple sized UID, can be mapped to a manufacturer.
 	if ( card.uidlen > 4 ) {
 		PrintAndLog("MANUFACTURER : %s", getTagInfo(card.uid[0]));
 	}
 	switch (card.sak) {
 		case 0x00: PrintAndLog("TYPE : NXP MIFARE Ultralight | Ultralight C"); break;
 		case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break;
 		case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); break;
 		case 0x08: PrintAndLog("TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1"); break;
 		case 0x09: PrintAndLog("TYPE : NXP MIFARE Mini 0.3k"); break;
@ -82,7 +190,6 @@ int CmdHF14AReader(const char *Cmd)
 		default: ;
 	}
 	// try to request ATS even if tag claims not to support it
 	if (select_status == 2) {
 		uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
@ -97,13 +204,6 @@ int CmdHF14AReader(const char *Cmd)
 		card.ats_len = resp.arg[0];				// note: ats_len includes CRC Bytes
 	} 
 	// disconnect
 	c.arg[0] = 0;
 	c.arg[1] = 0;
 	c.arg[2] = 0;
 	SendCommand(&c);
 	if(card.ats_len >= 3) {			// a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
 		bool ta1 = 0, tb1 = 0, tc1 = 0;
 		int pos;
@ -242,6 +342,24 @@ int CmdHF14AReader(const char *Cmd)
 		PrintAndLog("proprietary non iso14443-4 card found, RATS not supported");
 	}
 	// try to see if card responses to "chinese magic backdoor" commands.
 	c.cmd = CMD_MIFARE_CIDENT;
 	c.arg[0] = 0;
 	c.arg[1] = 0;
 	c.arg[2] = 0;	
 	SendCommand(&c);
 	WaitForResponse(CMD_ACK,&resp);
 	uint8_t isOK  = resp.arg[0] & 0xff;
 	PrintAndLog(" Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") );
 	// disconnect
 	c.cmd = CMD_READER_ISO_14443a;
 	c.arg[0] = 0;
 	c.arg[1] = 0;
 	c.arg[2] = 0;
 	SendCommand(&c);
 	return select_status;
 }
@ -301,6 +419,7 @@ int CmdHF14ASim(const char *Cmd)
 		PrintAndLog("           2 = MIFARE Ultralight");
 		PrintAndLog("           3 = MIFARE DESFIRE");
 		PrintAndLog("           4 = ISO/IEC 14443-4");
 		PrintAndLog("           5 = MIFARE TNP3XXX");		
 		PrintAndLog("");
 		return 1;
 	}
@ -328,10 +447,6 @@ int CmdHF14ASim(const char *Cmd)
 		// At lease save the mandatory first part of the UID
 		c.arg[0] = long_uid & 0xffffffff;
 	// At lease save the mandatory first part of the UID
 	c.arg[0] = long_uid & 0xffffffff;
 	if (c.arg[1] == 0) {
 		PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
 	}
--- a/client/cmdhf14a.h
+++ b/client/cmdhf14a.h
@ -20,4 +20,5 @@ int CmdHF14AReader(const char *Cmd);
 int CmdHF14ASim(const char *Cmd);
 int CmdHF14ASnoop(const char *Cmd);
 #endif
--- a/client/cmdhf14b.c
+++ b/client/cmdhf14b.c
@ -14,15 +14,16 @@
 #include <string.h>
 #include <stdint.h>
 #include "iso14443crc.h"
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
 #include "util.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "cmdhf14b.h"
 #include "cmdmain.h"
 static int CmdHelp(const char *Cmd);
 int CmdHF14BDemod(const char *Cmd)
@ -387,6 +388,66 @@ int CmdHF14BCmdRaw (const char *cmd) {
    return 0;
 }
 int CmdHF14BWrite( const char *Cmd){
 /*
 * For SRIX4K  blocks 00 - 7F
 * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
 *
 * For SR512  blocks 00 - 0F
 * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
 * 
 * Special block FF =  otp_lock_reg block.
 * Data len 4 bytes-
 */
 	char cmdp = param_getchar(Cmd, 0);
 	uint8_t blockno = -1;
 	uint8_t data[4] = {0x00};
 	bool isSrix4k = true;
 	char str[20];	
 	if (cmdp == 'h' || cmdp == 'H') {
 		PrintAndLog("Usage:  hf 14b write <1|2> <BLOCK> <DATA>");
 		PrintAndLog("");
 		PrintAndLog("     sample: hf 14b write 1 127 11223344");
 		PrintAndLog("     sample: hf 14b write 1 255 11223344");
 		PrintAndLog("     sample: hf 14b write 2 15 11223344");
 		PrintAndLog("     sample: hf 14b write 2 255 11223344");
 		return 0;
 	}
 	if ( param_getchar(Cmd, 0) == '2' )
 		isSrix4k = false;
 	blockno = param_get8(Cmd, 1);
 	if ( isSrix4k ){
 		if ( blockno > 0x7f && blockno != 0xff ){
 			PrintAndLog("Block number out of range");
 			return 0;
 		}		
 	} else {
 		if ( blockno > 0x0f && blockno != 0xff ){
 			PrintAndLog("Block number out of range");
 			return 0;
 		}		
 	}
 	if (param_gethex(Cmd, 2, data, 8)) {
 		PrintAndLog("Data must include 8 HEX symbols");
 		return 0;
 	}
 	if ( blockno == 0xff)
 		PrintAndLog("Writing to special block %02X [ %s]", blockno,  sprint_hex(data,4) );
 	else
 		PrintAndLog("Writing to block %02X [ %s]", blockno,  sprint_hex(data,4) );
 	sprintf(str, "-c -p 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
 	CmdHF14BCmdRaw(str);
 	return 0;
 }
 static command_t CommandTable[] = 
 {
  {"help",        CmdHelp,        1, "This help"},
@ -399,6 +460,7 @@ static command_t CommandTable[] =
  {"sri512read",  CmdSri512Read,  0, "Read contents of a SRI512 tag"},
  {"srix4kread",  CmdSrix4kRead,  0, "Read contents of a SRIX4K tag"},
  {"raw",         CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
  {"write",       CmdHF14BWrite,  0, "Write data to a SRI512 | SRIX4K tag"},
  {NULL, NULL, 0, NULL}
 };
--- a/client/cmdhf14b.h
+++ b/client/cmdhf14b.h
@ -21,5 +21,6 @@ int CmdHFSimlisten(const char *Cmd);
 int CmdHF14BSnoop(const char *Cmd);
 int CmdSri512Read(const char *Cmd);
 int CmdSrix4kRead(const char *Cmd);
 int CmdHF14BWrite( const char *cmd);
 #endif
--- a/client/cmdhf15.c
+++ b/client/cmdhf15.c
@ -26,11 +26,12 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
-//#include "proxusb.h"
+
 #include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
 #include "ui.h"
 #include "util.h"
 #include "cmdparser.h"
 #include "cmdhf15.h"
 #include "iso15693tools.h"
@ -54,36 +55,135 @@ typedef struct {
 const productName uidmapping[] = {
 	// UID, #significant Bits, "Vendor(+Product)"
-	{ 0xE001000000000000LL, 16, "Motorola" },
+	{ 0xE001000000000000LL, 16, "Motorola UK" },
-	{ 0xE002000000000000LL, 16, "ST Microelectronics" },
+	
-	{ 0xE003000000000000LL, 16, "Hitachi" },
+	// E0 02 xx
-	{ 0xE004000000000000LL, 16, "Philips" },
+	//   02 = ST Microelectronics
-	{ 0xE004010000000000LL, 24, "Philips; IC SL2 ICS20" },
+	//   XX = IC id (Chip ID Family)
-	{ 0xE005000000000000LL, 16, "Infineon" },
+	{ 0xE002000000000000LL, 16, "ST Microelectronics SA France" },
-	{ 0xE005400000000000LL, 24, "Infineon; 56x32bit" },
+	{ 0xE002050000000000LL, 24, "ST Microelectronics; LRI64   [IC id = 05]"},
-	{ 0xE006000000000000LL, 16, "Cylinc" },
+	{ 0xE002080000000000LL, 24, "ST Microelectronics; LRI2K   [IC id = 08]"},
-	{ 0xE007000000000000LL, 16, "Texas Instrument; " },
+	{ 0xE0020A0000000000LL, 24, "ST Microelectronics; LRIS2K  [IC id = 10]"},
 	{ 0xE002440000000000LL, 24, "ST Microelectronics; LRIS64K [IC id = 68]"},
 	{ 0xE003000000000000LL, 16, "Hitachi, Ltd Japan" }, 
 	// E0 04 xx
 	//   04 = Manufacturer code (Philips/NXP)
 	//   XX = IC id (Chip ID Family)
 	//I-Code SLI SL2 ICS20 [IC id = 01]
 	//I-Code SLI-S         [IC id = 02]
 	//I-Code SLI-L         [IC id = 03]
 	//I-Code SLIX          [IC id = 01 + bit36 set to 1 (starting from bit0 - different from normal SLI)]
 	//I-Code SLIX-S        [IC id = 02 + bit36 set to 1]
 	//I-Code SLIX-L        [IC id = 03 + bit36 set to 1]
 	{ 0xE004000000000000LL, 16, "NXP Semiconductors Germany (Philips)" }, 
 	{ 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" },
 	{ 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" },
 	{ 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" },
 	// E0 05 XX .. .. ..
 	//   05 = Manufacturer code (Infineon)
 	//   XX = IC id (Chip ID Family)
 	{ 0xE005000000000000LL, 16, "Infineon Technologies AG Germany" }, 
 	{ 0xE005A10000000000LL, 24, "Infineon; SRF55V01P [IC id = 161] plain mode 1kBit"},
 	{ 0xE005A80000000000LL, 24, "Infineon; SRF55V01P [IC id = 168] pilot series 1kBit"},
 	{ 0xE005400000000000LL, 24, "Infineon; SRF55V02P [IC id = 64]  plain mode 2kBit"},
 	{ 0xE005000000000000LL, 24, "Infineon; SRF55V10P [IC id = 00]  plain mode 10KBit"},
 	{ 0xE005500000000000LL, 24, "Infineon; SRF55V02S [IC id = 80]  secure mode 2kBit"},
 	{ 0xE005100000000000LL, 24, "Infineon; SRF55V10S [IC id = 16]  secure mode 10KBit"},
 	{ 0xE0051E0000000000LL, 23, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"},
 	{ 0xE005200000000000LL, 21, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"},
 	{ 0xE006000000000000LL, 16, "Cylink USA" }, 
 	// E0 07 xx
 	//   07 = Texas Instruments
 	//   XX = from bit 41 to bit 43 = product configuration - from bit 44 to bit 47 IC id (Chip ID Family)
 	//Tag IT RFIDType-I Plus, 2kBit, TI Inlay
 	//Tag-it HF-I Plus Inlay             [IC id = 00] -> b'0000 000 2kBit
 	//Tag-it HF-I Plus Chip              [IC id = 64] -> b'1000 000 2kBit
 	//Tag-it HF-I Standard Chip / Inlays [IC id = 96] -> b'1100 000 256Bit
 	//Tag-it HF-I Pro Chip / Inlays      [IC id = 98] -> b'1100 010 256Bit, Password protection
 	{ 0xE007000000000000LL, 16, "Texas Instrument France" },
 	{ 0xE007000000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit" },
 	{ 0xE007100000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Chip; 64x32bit" },
 	{ 0xE007800000000000LL, 23, "Texas Instrument; Tag-it HF-I Plus (RF-HDT-DVBB tag or Third Party Products)" },
 	{ 0xE007C00000000000LL, 23, "Texas Instrument; Tag-it HF-I Standard; 8x32bit" },
 	{ 0xE007C40000000000LL, 23, "Texas Instrument; Tag-it HF-I Pro; 8x23bit; password" },	
-	{ 0xE008000000000000LL, 16, "Fujitsu" },
+
-	{ 0xE009000000000000LL, 16, "Matsushita" },
+	{ 0xE008000000000000LL, 16, "Fujitsu Limited Japan" }, 
-	{ 0xE00A000000000000LL, 16, "NEC" },
+	{ 0xE009000000000000LL, 16, "Matsushita Electronics Corporation, Semiconductor Company Japan" }, 
-	{ 0xE00B000000000000LL, 16, "Oki Electric" },
+	{ 0xE00A000000000000LL, 16, "NEC Japan" }, 
-	{ 0xE00C000000000000LL, 16, "Toshiba" },
+	{ 0xE00B000000000000LL, 16, "Oki Electric Industry Co. Ltd Japan" },
-	{ 0xE00D000000000000LL, 16, "Mitsubishi" },
+	{ 0xE00C000000000000LL, 16, "Toshiba Corp. Japan" },
-	{ 0xE00E000000000000LL, 16, "Samsung" },
+	{ 0xE00D000000000000LL, 16, "Mitsubishi Electric Corp. Japan" },
-	{ 0xE00F000000000000LL, 16, "Hyundai" },
+	{ 0xE00E000000000000LL, 16, "Samsung Electronics Co. Ltd Korea" },
-	{ 0xE010000000000000LL, 16, "LG-Semiconductors" },
+	{ 0xE00F000000000000LL, 16, "Hynix / Hyundai, Korea" },
 	{ 0xE010000000000000LL, 16, "LG-Semiconductors Co. Ltd Korea" },
 	{ 0xE011000000000000LL, 16, "Emosyn-EM Microelectronics USA" },
 	{ 0xE012000000000000LL, 16, "HID Corporation" },
-	{ 0xE016000000000000LL, 16, "EM-Marin SA (Skidata)" },
+	{ 0xE012000000000000LL, 16, "INSIDE Technology France" },
 	{ 0xE013000000000000LL, 16, "ORGA Kartensysteme GmbH Germany" },
 	{ 0xE014000000000000LL, 16, "SHARP Corporation Japan" },
 	{ 0xE015000000000000LL, 16, "ATMEL France" },
 	{ 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)" },
 	{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" },
 	{ 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" },
 	{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" },
 	{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },
 	{ 0xE017000000000000LL, 16, "KSW Microtec GmbH Germany" },
 	{ 0xE018000000000000LL, 16, "ZMD AG Germany" },
 	{ 0xE019000000000000LL, 16, "XICOR, Inc. USA" },
 	{ 0xE01A000000000000LL, 16, "Sony Corporation Japan Identifier Company Country" },
 	{ 0xE01B000000000000LL, 16, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" },
 	{ 0xE01C000000000000LL, 16, "Emosyn USA" },
 	{ 0xE01D000000000000LL, 16, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" },
 	{ 0xE01E000000000000LL, 16, "Magellan Technology Pty Limited Australia" },
 	{ 0xE01F000000000000LL, 16, "Melexis NV BO Switzerland" },
 	{ 0xE020000000000000LL, 16, "Renesas Technology Corp. Japan" },
 	{ 0xE021000000000000LL, 16, "TAGSYS France" },
 	{ 0xE022000000000000LL, 16, "Transcore USA" },
 	{ 0xE023000000000000LL, 16, "Shanghai belling corp., ltd. China" },
 	{ 0xE024000000000000LL, 16, "Masktech Germany Gmbh Germany" },
 	{ 0xE025000000000000LL, 16, "Innovision Research and Technology Plc UK" },
 	{ 0xE026000000000000LL, 16, "Hitachi ULSI Systems Co., Ltd. Japan" },
 	{ 0xE027000000000000LL, 16, "Cypak AB Sweden" },
 	{ 0xE028000000000000LL, 16, "Ricoh Japan" },
 	{ 0xE029000000000000LL, 16, "ASK France" },
 	{ 0xE02A000000000000LL, 16, "Unicore Microsystems, LLC Russian Federation" },
 	{ 0xE02B000000000000LL, 16, "Dallas Semiconductor/Maxim USA" },
 	{ 0xE02C000000000000LL, 16, "Impinj, Inc. USA" },
 	{ 0xE02D000000000000LL, 16, "RightPlug Alliance USA" },
 	{ 0xE02E000000000000LL, 16, "Broadcom Corporation USA" },
 	{ 0xE02F000000000000LL, 16, "MStar Semiconductor, Inc Taiwan, ROC" },
 	{ 0xE030000000000000LL, 16, "BeeDar Technology Inc. USA" },
 	{ 0xE031000000000000LL, 16, " RFIDsec Denmark" },
 	{ 0xE032000000000000LL, 16, " Schweizer Electronic AG Germany" },
 	{ 0xE033000000000000LL, 16, " AMIC Technology Corp Taiwan" }, 
 	{ 0xE034000000000000LL, 16, "Mikron JSC Russia" },
 	{ 0xE035000000000000LL, 16, "Fraunhofer Institute for Photonic Microsystems Germany" },
 	{ 0xE036000000000000LL, 16, "IDS Microchip AG Switzerland" },
 	{ 0xE037000000000000LL, 16, "Kovio USA" },
 	{ 0xE038000000000000LL, 16, "HMT Microelectronic Ltd Switzerland Identifier Company Country" },
 	{ 0xE039000000000000LL, 16, "Silicon Craft Technology Thailand" },
 	{ 0xE03A000000000000LL, 16, "Advanced Film Device Inc. Japan" },
 	{ 0xE03B000000000000LL, 16, "Nitecrest Ltd UK" },
 	{ 0xE03C000000000000LL, 16, "Verayo Inc. USA" },
 	{ 0xE03D000000000000LL, 16, "HID Global USA" },
 	{ 0xE03E000000000000LL, 16, "Productivity Engineering Gmbh Germany" },
 	{ 0xE03F000000000000LL, 16, "Austriamicrosystems AG (reserved) Austria" }, 
 	{ 0xE040000000000000LL, 16, "Gemalto SA France" },
 	{ 0xE041000000000000LL, 16, "Renesas Electronics Corporation Japan" },
 	{ 0xE042000000000000LL, 16, "3Alogics Inc Korea" },
 	{ 0xE043000000000000LL, 16, "Top TroniQ Asia Limited Hong Kong" },
 	{ 0xE044000000000000LL, 16, "Gentag Inc (USA) USA" },
 	{ 0,0,"no tag-info available" } // must be the last entry
 };
@ -273,7 +373,28 @@ int CmdHF15Reader(const char *Cmd)
 // Simulation is still not working very good
 int CmdHF15Sim(const char *Cmd)
 {
-	UsbCommand c = {CMD_SIMTAG_ISO_15693, {strtol(Cmd, NULL, 0), 0, 0}};
+	char cmdp = param_getchar(Cmd, 0);
 	uint8_t uid[8] = {0x00};
 	//E0 16 24 00 00 00 00 00
 	if (cmdp == 'h' || cmdp == 'H') {
 		PrintAndLog("Usage:  hf 15 sim <UID>");
 		PrintAndLog("");
 		PrintAndLog("     sample: hf 15 sim E016240000000000");
 		return 0;
 	}
 	if (param_gethex(Cmd, 0, uid, 16)) {
 		PrintAndLog("UID must include 16 HEX symbols");
 		return 0;
 	}
 	PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
 			uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
 	UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
 	memcpy(c.d.asBytes,uid,8);
 	SendCommand(&c);
 	return 0;
 }
@ -324,7 +445,7 @@ int CmdHF15DumpMem(const char*Cmd) {
 				if (!(recv[0] & ISO15_RES_ERROR)) {
 					retry=0;
 					*output=0; // reset outputstring
-					sprintf(output, "Block %2i   ",blocknum);
+					sprintf(output, "Block %02x   ",blocknum);
 					for ( int i=1; i<resp.arg[0]-2; i++) { // data in hex
 						sprintf(output+strlen(output),"%02X ",recv[i]);
 					}					
@ -421,8 +542,9 @@ int CmdHF15CmdInquiry(const char *Cmd)
 int CmdHF15CmdDebug( const char *cmd) {
 	int debug=atoi(cmd);
 	if (strlen(cmd)<1) {
-		PrintAndLog("Usage: hf 15 cmd debug  <0/1>");
+		PrintAndLog("Usage: hf 15 cmd debug  <0|1>");
-		PrintAndLog("	0..no debugging output  1..turn debugging on");	
+		PrintAndLog("	0 no debugging");
 		PrintAndLog("	1 turn debugging on");	
 		return 0;
 	}
@ -536,7 +658,7 @@ int CmdHF15CmdRaw (const char *cmd) {
 int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) {
 	int temp;
 	uint8_t *req=c->d.asBytes;
-	uint8_t uid[8] = {0};
+	uint8_t uid[8] = {0x00};
 	uint32_t reqlen=0;
 	// strip
--- a/client/cmdhfepa.c
+++ b/client/cmdhfepa.c
@ -45,7 +45,7 @@ int CmdHFEPACollectPACENonces(const char *Cmd)
 		SendCommand(&c);
 		UsbCommand resp;
-    WaitForResponse(CMD_ACK,&resp);
+		WaitForResponse(CMD_ACK,&resp);
 		// check if command failed
 		if (resp.arg[0] != 0) {
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -16,7 +16,6 @@
 #include <sys/stat.h>
 #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
 #include "data.h"
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "cmdparser.h"
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@ -10,7 +10,6 @@
 #include <stdio.h>
 #include <string.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "ui.h"
@ -266,7 +265,6 @@ int CmdLegicSave(const char *Cmd)
    int remainder = requested % 8;
    requested = requested + 8 - remainder;
  }
  if (offset + requested > sizeof(got)) {
    PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024");
    return 0;
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@ -36,7 +36,6 @@ start:
 	//flush queue
 	while (ukbhit())	getchar();
 	// wait cycle
 	while (true) {
        printf(".");
@ -78,6 +77,7 @@ start:
 		num_to_bytes(r_key, 6, keyBlock);
 		isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);
 	}
 	if (!isOK) 
 		PrintAndLog("Found valid key:%012"llx, r_key);
 	else
@ -88,6 +88,7 @@ start:
 		goto start;
 	}
 	PrintAndLog("");
 	return 0;
 }
@ -437,7 +438,6 @@ int CmdHF14AMfRdSc(const char *Cmd)
  return 0;
 }
 uint8_t FirstBlockOfSector(uint8_t sectorNo)
 {
 	if (sectorNo < 32) {
@ -447,7 +447,6 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo)
 	}
 }
 uint8_t NumBlocksPerSector(uint8_t sectorNo)
 {
 	if (sectorNo < 32) {
@ -457,7 +456,6 @@ uint8_t NumBlocksPerSector(uint8_t sectorNo)
 	}
 }
 int CmdHF14AMfDump(const char *Cmd)
 {
 	uint8_t sectorNo, blockNo;
@ -497,8 +495,7 @@ int CmdHF14AMfDump(const char *Cmd)
 		return 1;
 	}
-	// Read key file
+	// Read keys A from file
 	for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
 		if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {
 			PrintAndLog("File reading error.");
@ -507,6 +504,7 @@ int CmdHF14AMfDump(const char *Cmd)
 		}
 	}
 	// Read keys B from file
 	for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
 		if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {
 			PrintAndLog("File reading error.");
@ -556,6 +554,7 @@ int CmdHF14AMfDump(const char *Cmd)
 	for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
 		for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
 			bool received = false;
 			if (blockNo == NumBlocksPerSector(sectorNo) - 1) {		// sector trailer. At least the Access Conditions can always be read with key A. 
 				UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
 				memcpy(c.d.asBytes, keyA[sectorNo], 6);
@ -610,7 +609,6 @@ int CmdHF14AMfDump(const char *Cmd)
 				break;
 			}
 		}
 	}
 	if (isOK) {
@ -627,10 +625,8 @@ int CmdHF14AMfDump(const char *Cmd)
 	return 0;
 }
 int CmdHF14AMfRestore(const char *Cmd)
 {
 	uint8_t sectorNo,blockNo;
 	uint8_t keyType = 0;
 	uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
@ -737,7 +733,6 @@ int CmdHF14AMfRestore(const char *Cmd)
 	return 0;
 }
 int CmdHF14AMfNested(const char *Cmd)
 {
 	int i, j, res, iterations;
@ -886,6 +881,7 @@ int CmdHF14AMfNested(const char *Cmd)
 					PrintAndLog("-----------------------------------------------");
 					if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {
 						PrintAndLog("Nested error.\n");
 						free(e_sector);
 						return 2;
 					}
 					else {
@ -960,11 +956,9 @@ int CmdHF14AMfNested(const char *Cmd)
 		free(e_sector);
 	}
 	return 0;
 }
 int CmdHF14AMfChk(const char *Cmd)
 {
 	if (strlen(Cmd)<3) {
@ -1021,7 +1015,6 @@ int CmdHF14AMfChk(const char *Cmd)
 		num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));
 	}
 	if (param_getchar(Cmd, 0)=='*') {
 		blockNo = 3;
 		switch(param_getchar(Cmd+1, 0)) {
@ -1114,6 +1107,7 @@ int CmdHF14AMfChk(const char *Cmd)
 				PrintAndLog("File: %s: not found or locked.", filename);
 				free(keyBlock);
 				return 1;
 			}
 		}
 	}
@ -1191,11 +1185,10 @@ int CmdHF14AMfChk(const char *Cmd)
 	}
 	free(keyBlock);
-
+	PrintAndLog("");
 	return 0;
 }
 int CmdHF14AMf1kSim(const char *Cmd)
 {
 	uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};
@ -1261,7 +1254,6 @@ int CmdHF14AMf1kSim(const char *Cmd)
 	return 0;
 }
 int CmdHF14AMfDbg(const char *Cmd)
 {
 	int dbgMode = param_get32ex(Cmd, 0, 0, 10);
@ -1286,7 +1278,6 @@ int CmdHF14AMfDbg(const char *Cmd)
  return 0;
 }
 int CmdHF14AMfEGet(const char *Cmd)
 {
 	uint8_t blockNo = 0;
@ -1310,7 +1301,6 @@ int CmdHF14AMfEGet(const char *Cmd)
  return 0;
 }
 int CmdHF14AMfEClear(const char *Cmd)
 {
 	if (param_getchar(Cmd, 0) == 'h') {
@ -1383,7 +1373,7 @@ int CmdHF14AMfELoad(const char *Cmd)
 	// open file
 	f = fopen(filename, "r");
 	if (f == NULL) {
-		PrintAndLog("File not found or locked.");
+		PrintAndLog("File %s not found or locked", filename);
 		return 1;
 	}
@ -1407,8 +1397,8 @@ int CmdHF14AMfELoad(const char *Cmd)
 		}
 		for (i = 0; i < 32; i += 2) {
 			sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);
 //			PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16));
 		}
 		if (mfEmlSetMem(buf8, blockNum, 1)) {
 			PrintAndLog("Cant set emul block: %3d", blockNum);
 			fclose(f);
@ -1476,7 +1466,7 @@ int CmdHF14AMfESave(const char *Cmd)
 			break;
 		}
 		for (j = 0; j < 16; j++)
-			fprintf(f, "%02x", buf[j]); 
+			fprintf(f, "%02X", buf[j]); 
 		fprintf(f,"\n");
 	}
 	fclose(f);
@ -1554,8 +1544,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
 int CmdHF14AMfCSetUID(const char *Cmd)
 {
 	uint8_t wipeCard = 0;
-	uint8_t uid[8] = {0};
+	uint8_t uid[8] = {0x00};
-	uint8_t oldUid[8]= {0};
+	uint8_t oldUid[8] = {0x00};
 	int res;
 	if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
@ -1583,10 +1573,10 @@ int CmdHF14AMfCSetUID(const char *Cmd)
 		}
 	PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));
 	PrintAndLog("new UID:%s", sprint_hex(uid, 4));
 	return 0;
 }
 int CmdHF14AMfCSetBlk(const char *Cmd)
 {
 	uint8_t uid[8];
@ -1721,7 +1711,6 @@ int CmdHF14AMfCLoad(const char *Cmd)
 	}
 }
 int CmdHF14AMfCGetBlk(const char *Cmd) {
 	uint8_t memBlock[16];
 	uint8_t blockNo = 0;
@ -1877,7 +1866,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
 int CmdHF14AMfSniff(const char *Cmd){
-	// params
+
 	bool wantLogToFile = 0;
 	bool wantDecrypt = 0;
 	//bool wantSaveToEml = 0; TODO
@ -1904,8 +1893,8 @@ int CmdHF14AMfSniff(const char *Cmd){
 		PrintAndLog("    l - save encrypted sequence to logfile `uid.log`");
 		PrintAndLog("    d - decrypt sequence and put it to log file `uid.log`");
 		PrintAndLog(" n/a   e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");
-		PrintAndLog("    r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");
+		PrintAndLog("    f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");
-		PrintAndLog("Usage:  hf mf sniff [l][d][e][r]");
+		PrintAndLog("Usage:  hf mf sniff [l][d][e][f]");
 		PrintAndLog("  sample: hf mf sniff l d e");
 		return 0;
 	}	
@ -1961,8 +1950,9 @@ int CmdHF14AMfSniff(const char *Cmd){
 				PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);
 				num = 0;
 				while (bufPtr - buf < blockLen) {
-					bufPtr += 6;	// ignore void timing information
+					bufPtr += 6;
 					len = *((uint16_t *)bufPtr);
 					if(len & 0x8000) {
 						isTag = true;
 						len &= 0x7fff;
@ -1971,6 +1961,7 @@ int CmdHF14AMfSniff(const char *Cmd){
 					}
 					bufPtr += 2;
 					if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {
 						memcpy(uid, bufPtr + 2, 7);
 						memcpy(atqa, bufPtr + 2 + 7, 2);
 						uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;
@ -1985,18 +1976,21 @@ int CmdHF14AMfSniff(const char *Cmd){
 							FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);
 							AddLogCurrentDT(logHexFileName);
 						}						
-						if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);
+						if (wantDecrypt) 
 							mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);
 					} else {
 						PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));
-						if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);
+						if (wantLogToFile) 
-						if (wantDecrypt) mfTraceDecode(bufPtr, len, wantSaveToEmlFile);
+							AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);
 						if (wantDecrypt) 
 							mfTraceDecode(bufPtr, len, wantSaveToEmlFile);
 					}
 					bufPtr += len;
 					bufPtr += ((len-1)/8+1);	// ignore parity
 					num++;
 				}
 			}
-		} // resp not NILL
+		} // resp not NULL
 	} // while (true)
 	return 0;
--- a/client/cmdhfmf.h
+++ b/client/cmdhfmf.h
@ -18,7 +18,6 @@
 #include "proxmark3.h"
 #include "iso14443crc.h"
 #include "data.h"
 //#include "proxusb.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "common.h"
--- a/client/cmdhw.c
+++ b/client/cmdhw.c
@ -13,9 +13,9 @@
 #include <string.h>
 #include <limits.h>
 #include "ui.h"
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "cmdparser.h"
 #include "cmddata.h"
 #include "cmdhw.h"
 #include "cmdmain.h"
 #include "cmddata.h"
@ -418,7 +418,7 @@ static command_t CommandTable[] =
  {"setlfdivisor",  CmdSetDivisor,  0, "<19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)"},
  {"setmux",        CmdSetMux,      0, "<loraw|hiraw|lopkd|hipkd> -- Set the ADC mux to a specific value"},
  {"tune",          CmdTune,        0, "Measure antenna tuning"},
-  {"version",       CmdVersion,     0, "Show version inforation about the connected Proxmark"},
+  {"version",       CmdVersion,     0, "Show version information about the connected Proxmark"},
  {NULL, NULL, 0, NULL}
 };
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@ -12,7 +12,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <limits.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
@ -71,28 +70,24 @@ int CmdFlexdemod(const char *Cmd)
    }
  }
  if (start == GraphTraceLen - LONG_WAIT) {
-    PrintAndLog("nothing to wait for");
+		//PrintAndLog("nothing to wait for");
    return 0;
  }
  GraphBuffer[start] = 2;
  GraphBuffer[start+1] = -2;
 	uint8_t bits[64] = {0x00};
-  uint8_t bits[64];
+	int bit, sum;
  int bit;
  i = start;
  for (bit = 0; bit < 64; bit++) {
-    int j;
+		sum = 0;
-    int sum = 0;
+		for (int j = 0; j < 16; j++) {
    for (j = 0; j < 16; j++) {
      sum += GraphBuffer[i++];
    }
-    if (sum > 0) {
+
-      bits[bit] = 1;
+		bits[bit] = (sum > 0) ? 1 : 0;
-    } else {
+
      bits[bit] = 0;
    }
    PrintAndLog("bit %d sum %d", bit, sum);
  }
@ -110,15 +105,14 @@ int CmdFlexdemod(const char *Cmd)
    }
  }
 	// HACK writing back to graphbuffer.
  GraphTraceLen = 32*64;
  i = 0;
  int phase = 0;
  for (bit = 0; bit < 64; bit++) {
-    if (bits[bit] == 0) {
+	
-      phase = 0;
+		phase = (bits[bit] == 0) ? 0 : 1;
-    } else {
+		
      phase = 1;
    }
    int j;
    for (j = 0; j < 32; j++) {
      GraphBuffer[i++] = phase;
@ -137,8 +131,10 @@ int CmdIndalaDemod(const char *Cmd)
  int state = -1;
  int count = 0;
  int i, j;
  // worst case with GraphTraceLen=64000 is < 4096
  // under normal conditions it's < 2048
  uint8_t rawbits[4096];
  int rawbit = 0;
  int worst = 0, worstPos = 0;
@ -171,10 +167,14 @@ int CmdIndalaDemod(const char *Cmd)
      count = 0;
    }
  }
  if (rawbit>0){
    PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
    PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
-  } else return 0;
+	} else {
 		return 0;
 	}
  // Finding the start of a UID
  int uidlen, long_wait;
  if (strcmp(Cmd, "224") == 0) {
@ -184,6 +184,7 @@ int CmdIndalaDemod(const char *Cmd)
    uidlen = 64;
    long_wait = 29;
  }
  int start;
  int first = 0;
  for (start = 0; start <= rawbit - uidlen; start++) {
@ -197,8 +198,9 @@ int CmdIndalaDemod(const char *Cmd)
      break;
    }
  }
  if (start == rawbit - uidlen + 1) {
-    PrintAndLog("nothing to wait for");
+		//PrintAndLog("nothing to wait for");
    return 0;
  }
@ -210,12 +212,12 @@ int CmdIndalaDemod(const char *Cmd)
  }
  // Dumping UID
-  uint8_t bits[224];
+	uint8_t bits[224] = {0x00};
-  char showbits[225];
+	char showbits[225] = {0x00};
  showbits[uidlen]='\0';
  int bit;
  i = start;
  int times = 0;
  if (uidlen > rawbit) {
    PrintAndLog("Warning: not enough raw bits to get a full UID");
    for (bit = 0; bit < rawbit; bit++) {
@ -237,8 +239,8 @@ int CmdIndalaDemod(const char *Cmd)
  //convert UID to HEX
  uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
  int idx;
-  uid1=0;
+	uid1 = uid2 = 0;
-  uid2=0;
+	
  if (uidlen==64){
    for( idx=0; idx<64; idx++) {
        if (showbits[idx] == '0') {
@ -252,11 +254,8 @@ int CmdIndalaDemod(const char *Cmd)
    PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
  }
  else {
-    uid3=0;
+		uid3 = uid4 = uid5 = uid6 = uid7 = 0;
-    uid4=0;
+
    uid5=0;
    uid6=0;
    uid7=0;
    for( idx=0; idx<224; idx++) {
        uid1=(uid1<<1)|(uid2>>31);
        uid2=(uid2<<1)|(uid3>>31);
@ -264,15 +263,19 @@ int CmdIndalaDemod(const char *Cmd)
        uid4=(uid4<<1)|(uid5>>31);
        uid5=(uid5<<1)|(uid6>>31);
        uid6=(uid6<<1)|(uid7>>31);
-        if (showbits[idx] == '0') uid7=(uid7<<1)|0;
+			
-        else uid7=(uid7<<1)|1;
+			if (showbits[idx] == '0') 
 				uid7 = (uid7<<1) | 0;
 			else 
 				uid7 = (uid7<<1) | 1;
      }
    PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
  }
  // Checking UID against next occurrences
  for (; i + uidlen <= rawbit;) {
    int failed = 0;
 	for (; i + uidlen <= rawbit;) {
 		failed = 0;
    for (bit = 0; bit < uidlen; bit++) {
      if (bits[bit] != rawbits[i++]) {
        failed = 1;
@ -284,9 +287,12 @@ int CmdIndalaDemod(const char *Cmd)
    }
    times += 1;
  }
  PrintAndLog("Occurrences: %d (expected %d)", times, (rawbit - start) / uidlen);
  // Remodulating for tag cloning
 	// HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod) 
 	// since this changes graphbuffer data.
  GraphTraceLen = 32*uidlen;
  i = 0;
  int phase = 0;
@ -309,15 +315,10 @@ int CmdIndalaDemod(const char *Cmd)
 int CmdIndalaClone(const char *Cmd)
 {
  unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
  UsbCommand c;
-  uid1=0;
+	unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
-  uid2=0;
+
-  uid3=0;
+	uid1 =  uid2 = uid3 = uid4 = uid5 = uid6 = uid7 = 0;
  uid4=0;
  uid5=0;
  uid6=0;
  uid7=0;  
  int n = 0, i = 0;
  if (strchr(Cmd,'l') != 0) {
@ -339,9 +340,7 @@ int CmdIndalaClone(const char *Cmd)
    c.d.asDwords[4] = uid5;
    c.d.asDwords[5] = uid6;
    c.d.asDwords[6] = uid7;
-  } 
+	} else {
  else 
  {
    while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
      uid1 = (uid1 << 4) | (uid2 >> 28);
      uid2 = (uid2 << 4) | (n & 0xf);
@ -359,13 +358,16 @@ int CmdIndalaClone(const char *Cmd)
 int CmdLFRead(const char *Cmd)
 {
  UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
  // 'h' means higher-low-frequency, 134 kHz
  if(*Cmd == 'h') {
    c.arg[0] = 1;
  } else if (*Cmd == '\0') {
    c.arg[0] = 0;
  } else if (sscanf(Cmd, "%"lli, &c.arg[0]) != 1) {
-    PrintAndLog("use 'read' or 'read h', or 'read <divisor>'");
+		PrintAndLog("Samples 1: 'lf read'");
 		PrintAndLog("        2: 'lf read h'");
 		PrintAndLog("        3: 'lf read <divisor>'");
    return 0;
  }
  SendCommand(&c);
@ -390,7 +392,7 @@ static void ChkBitstream(const char *str)
 int CmdLFSim(const char *Cmd)
 {
-  int i;
+	int i,j;
  static int gap;
  sscanf(Cmd, "%i", &gap);
@ -398,18 +400,20 @@ int CmdLFSim(const char *Cmd)
  /* convert to bitstream if necessary */
  ChkBitstream(Cmd);
-  PrintAndLog("Sending data, please wait...");
+	printf("Sending [%d bytes]", GraphTraceLen);
-  for (i = 0; i < GraphTraceLen; i += 48) {
+	for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) {
    UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
-    int j;
+
-    for (j = 0; j < 48; j++) {
+		for (j = 0; j < USB_CMD_DATA_SIZE; j++) {
      c.d.asBytes[j] = GraphBuffer[i+j];
    }
    SendCommand(&c);
    WaitForResponse(CMD_ACK,NULL);
 		printf(".");
  }
-  PrintAndLog("Starting simulator...");
+	printf("\n");
 	PrintAndLog("Starting to simulate");
  UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
  SendCommand(&c);
  return 0;
@ -417,7 +421,9 @@ int CmdLFSim(const char *Cmd)
 int CmdLFSimBidir(const char *Cmd)
 {
-  /* Set ADC to twice the carrier for a slight supersampling */
+  // Set ADC to twice the carrier for a slight supersampling
  // HACK: not implemented in ARMSRC.
  PrintAndLog("Not implemented yet.");
  UsbCommand c = {CMD_LF_SIMULATE_BIDIR, {47, 384, 0}};
  SendCommand(&c);
  return 0;
@ -429,23 +435,17 @@ int CmdLFSimManchester(const char *Cmd)
  static int clock, gap;
  static char data[1024], gapstring[8];
  /* get settings/bits */
  sscanf(Cmd, "%i %s %i", &clock, &data[0], &gap);
  /* clear our graph */
  ClearGraph(0);
  /* fill it with our bitstream */
  for (int i = 0; i < strlen(data) ; ++i)
    AppendGraph(0, clock, data[i]- '0');
  /* modulate */
  CmdManchesterMod("");
  /* show what we've done */
  RepaintGraphWindow();
  /* simulate */
  sprintf(&gapstring[0], "%i", gap);
  CmdLFSim(gapstring);
  return 0;
@ -454,20 +454,23 @@ int CmdLFSimManchester(const char *Cmd)
 int CmdLFSnoop(const char *Cmd)
 {
  UsbCommand c = {CMD_LF_SNOOP_RAW_ADC_SAMPLES};
  // 'h' means higher-low-frequency, 134 kHz
  c.arg[0] = 0;
  c.arg[1] = -1;
-  if (*Cmd == 0) {
+
-    // empty
+	if (*Cmd == 'l') {
  } else if (*Cmd == 'l') {
    sscanf(Cmd, "l %"lli, &c.arg[1]);
  } else if(*Cmd == 'h') {
    c.arg[0] = 1;
    sscanf(Cmd, "h %"lli, &c.arg[1]);
  } else if (sscanf(Cmd, "%"lli" %"lli, &c.arg[0], &c.arg[1]) < 1) {
-    PrintAndLog("use 'snoop' or 'snoop {l,h} [trigger threshold]', or 'snoop <divisor> [trigger threshold]'");
+		PrintAndLog("usage 1:  snoop");
 		PrintAndLog("      2:  snoop {l,h} [trigger threshold]");
 		PrintAndLog("      3:  snoop <divisor> [trigger threshold]");
    return 0;
  }
  SendCommand(&c);
  WaitForResponse(CMD_ACK,NULL);
  return 0;
--- a/client/cmdlfem4x.c
+++ b/client/cmdlfem4x.c
@ -11,31 +11,31 @@
 #include <stdio.h>
 #include <string.h>
 #include <inttypes.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "graph.h"
 #include "cmdmain.h"
 #include "cmdparser.h"
 #include "cmddata.h"
 #include "cmdlf.h"
 #include "cmdlfem4x.h"
 #include "util.h"
 #include "data.h"
 #define LF_TRACE_BUFF_SIZE 12000
 #define LF_BITSSTREAM_LEN 1000
 static int CmdHelp(const char *Cmd);
 int CmdEMdemodASK(const char *Cmd)
 {
-  int findone=0;
+	char cmdp = param_getchar(Cmd, 0);
 	int findone = (cmdp == '1') ? 1 : 0;	
  UsbCommand c={CMD_EM410X_DEMOD};
  if(Cmd[0]=='1') findone=1;
  c.arg[0]=findone;
  SendCommand(&c);
  return 0;
 }
 /* Read the ID of an EM410x tag.
 * Format:
 *   1111 1111 1           <-- standard non-repeatable header
@ -48,8 +48,8 @@ int CmdEM410xRead(const char *Cmd)
 {
  int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low;
  int parity[4];
-  char id[11];
+  char id[11] = {0x00};
-  char id2[11];
+  char id2[11] = {0x00};
  int retested = 0;
  uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
  high = low = 0;
@ -81,9 +81,9 @@ int CmdEM410xRead(const char *Cmd)
    /* Find out if we hit both high and low peaks */
    for (j = 0; j < clock; j++)
    {
-      if (GraphBuffer[(i * clock) + j] == high)
+      if (GraphBuffer[(i * clock) + j] >= high)
        hithigh = 1;
-      else if (GraphBuffer[(i * clock) + j] == low)
+      else if (GraphBuffer[(i * clock) + j] <= low)
        hitlow = 1;
      /* it doesn't count if it's the first part of our read
@ -181,8 +181,10 @@ retest:
  }
  /* if we've already retested after flipping bits, return */
-  if (retested++)
+	if (retested++){
 		PrintAndLog("Failed to decode");
    return 0;
 	}
  /* if this didn't work, try flipping bits */
  for (i = 0; i < bit2idx; i++)
@ -201,7 +203,25 @@ retest:
 */
 int CmdEM410xSim(const char *Cmd)
 {
-  int i, n, j, h, binary[4], parity[4];
+	int i, n, j, binary[4], parity[4];
 	char cmdp = param_getchar(Cmd, 0);
 	uint8_t uid[5] = {0x00};
 	if (cmdp == 'h' || cmdp == 'H') {
 		PrintAndLog("Usage:  lf em4x 410xsim <UID>");
 		PrintAndLog("");
 		PrintAndLog("     sample: lf em4x 410xsim 0F0368568B");
 		return 0;
 	}
 	if (param_gethex(Cmd, 0, uid, 10)) {
 		PrintAndLog("UID must include 10 HEX symbols");
 		return 0;
 	}
 	PrintAndLog("Starting simulating UID %02X%02X%02X%02X%02X", uid[0],uid[1],uid[2],uid[3],uid[4]);
 	PrintAndLog("Press pm3-button to about simulation");
  /* clock is 64 in EM410x tags */
  int clock = 64;
@ -209,9 +229,6 @@ int CmdEM410xSim(const char *Cmd)
  /* clear our graph */
  ClearGraph(0);
  /* write it out a few times */
  for (h = 0; h < 4; h++)
  {
    /* write 9 start bits */
    for (i = 0; i < 9; i++)
      AppendGraph(0, clock, 1);
@ -248,38 +265,38 @@ int CmdEM410xSim(const char *Cmd)
    AppendGraph(0, clock, parity[3]);
    /* stop bit */
-    AppendGraph(0, clock, 0);
+  AppendGraph(1, clock, 0);
-  }
+ 
-
+  CmdLFSim("240"); //240 start_gap.
  /* modulate that biatch */
  CmdManchesterMod("");
  /* booyah! */
  RepaintGraphWindow();
  CmdLFSim("");
  return 0;
 }
-/* Function is equivalent of loread + losamples + em410xread
+/* Function is equivalent of lf read + data samples + em410xread
- * looped until an EM410x tag is detected */
+ * looped until an EM410x tag is detected 
 * 
 * Why is CmdSamples("16000")?
 *  TBD: Auto-grow sample size based on detected sample rate.  IE: If the
 *       rate gets lower, then grow the number of samples
 *  Changed by martin, 4000 x 4 = 16000, 
 *  see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
 */
 int CmdEM410xWatch(const char *Cmd)
 {
-  int read_h = (*Cmd == 'h');
+	char cmdp = param_getchar(Cmd, 0);
-  do
+	int read_h = (cmdp == 'h');
-  {
+	do {
-    CmdLFRead(read_h ? "h" : "");
+		if (ukbhit()) {
-    // 2000 samples is OK for clock=64, but not clock=32.  Probably want
+			printf("\naborted via keyboard!\n");
-		//   8000 for clock=16.  Don't want to go too high since old HID driver
+			break;
-		//   is very slow
+		}
-		// TBD: Auto-grow sample size based on detected sample rate.  IE: If the
+		
-		//   rate gets lower, then grow the number of samples
+		CmdLFRead(read_h ? "h" : "");
-
+		CmdSamples("6000");		
-    // Changed by martin, 4000 x 4 = 16000, 
+	} while (
-    // see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
+		!CmdEM410xRead("") 
-		CmdSamples("16000");
+	);
- } while ( ! CmdEM410xRead(""));
+	return 0;
  return 0;
 }
 /* Read the transmitted data of an EM4x50 tag
--- a/client/cmdlfhid.c
+++ b/client/cmdlfhid.c
@ -10,7 +10,6 @@
 #include <stdio.h>
 #include <string.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "graph.h"
@ -41,8 +40,8 @@ int CmdHIDDemod(const char *Cmd)
 int CmdHIDDemodFSK(const char *Cmd)
 {
  int findone=0;
 	if(Cmd[0]=='1') findone=1;
  UsbCommand c={CMD_HID_DEMOD_FSK};
  if(Cmd[0]=='1') findone=1;
  c.arg[0]=findone;
  SendCommand(&c);
  return 0;
@ -59,6 +58,7 @@ int CmdHIDSim(const char *Cmd)
  }
  PrintAndLog("Emulating tag with ID %x%16x", hi, lo);
  PrintAndLog("Press pm3-button to abort simulation");
  UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
  SendCommand(&c);
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@ -12,7 +12,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include "data.h"
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "cmdparser.h"
@ -225,7 +224,7 @@ int CmdLFHitagReader(const char *Cmd) {
  return 0;
 }
-static command_t CommandTableHitag[] = 
+static command_t CommandTable[] = 
 {
  {"help",    CmdHelp,           1, "This help"},
  {"list",    CmdLFHitagList,    1, "List Hitag trace history"},
@ -237,12 +236,12 @@ static command_t CommandTableHitag[] =
 int CmdLFHitag(const char *Cmd)
 {
-  CmdsParse(CommandTableHitag, Cmd);
+  CmdsParse(CommandTable, Cmd);
  return 0;
 }
 int CmdHelp(const char *Cmd)
 {
-  CmdsHelp(CommandTableHitag);
+  CmdsHelp(CommandTable);
  return 0;
 }
--- a/client/cmdlfio.c
+++ b/client/cmdlfio.c
@ -3,7 +3,6 @@
 #include <string.h>
 #include <inttypes.h>
 #include <limits.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
@ -19,26 +18,21 @@ int CmdIODemodFSK(const char *Cmd)
 {
  int findone=0;
  if(Cmd[0]=='1') findone=1;
  UsbCommand c={CMD_IO_DEMOD_FSK};
  c.arg[0]=findone;
  SendCommand(&c);
  return 0;
 }
 int CmdIOProxDemod(const char *Cmd){
  if (GraphTraceLen < 4800) {
    PrintAndLog("too short; need at least 4800 samples");
    return 0;
  }
  GraphTraceLen = 4800;
  for (int i = 0; i < GraphTraceLen; ++i) {
-    if (GraphBuffer[i] < 0) {
+    GraphBuffer[i] = (GraphBuffer[i] < 0) ? 0 : 1;
      GraphBuffer[i] = 0;
    } else {
      GraphBuffer[i] = 1;
    }
  }
  RepaintGraphWindow();
  return 0;
@ -61,7 +55,7 @@ int CmdIOClone(const char *Cmd)
  }
  PrintAndLog("Cloning tag with ID %08x %08x", hi, lo);
-
+  PrintAndLog("Press pm3-button to abort simulation");
  c.cmd = CMD_IO_CLONE_TAG;
  c.arg[0] = hi;
  c.arg[1] = lo;
--- a/client/cmdlfpcf7931.c
+++ b/client/cmdlfpcf7931.c
@ -10,7 +10,6 @@
 #include <stdio.h>
 #include <string.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "graph.h"
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@ -10,7 +10,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <inttypes.h>
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "graph.h"
--- a/client/cmdlfti.c
+++ b/client/cmdlfti.c
@ -11,7 +11,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include "crc16.h"
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "ui.h"
--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@ -28,9 +28,6 @@
 unsigned int current_command = CMD_UNKNOWN;
 //unsigned int received_command = CMD_UNKNOWN;
 //UsbCommand current_response;
 //UsbCommand current_response_user;
 static int CmdHelp(const char *Cmd);
 static int CmdQuit(const char *Cmd);
@ -47,9 +44,9 @@ static command_t CommandTable[] =
 {
  {"help",  CmdHelp,  1, "This help. Use '<command> help' for details of a particular command."},
  {"data",  CmdData,  1, "{ Plot window / data buffer manipulation... }"},
-  {"hf",    CmdHF,    1, "{ HF commands... }"},
+  {"hf",    	CmdHF,    	1, "{ High Frequency commands... }"},
  {"hw",    CmdHW,    1, "{ Hardware commands... }"},
-  {"lf",    CmdLF,    1, "{ LF commands... }"},
+  {"lf",    	CmdLF,    	1, "{ Low Frequency commands... }"},
  {"script", CmdScript,   1,"{ Scripting commands }"},
  {"quit",  CmdQuit,  1, "Exit program"},
  {"exit",  CmdQuit,  1, "Exit program"},
@ -134,22 +131,17 @@ int getCommand(UsbCommand* response)
 */
 bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
-  UsbCommand resp;
+	UsbCommand resp;
 	if (response == NULL)
 		response = &resp;
-  if (response == NULL) {
+	  // Wait until the command is received
-    response = &resp;
+	  for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
  }
-  // Wait until the command is received
+		while(getCommand(response)) {
  for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
      while(getCommand(response))
      {
          if(response->cmd == cmd){
          //We got what we expected
          return true;
          }
      }
        msleep(10); // XXX ugh
        if (dm_seconds == 200) { // Two seconds elapsed
@ -178,25 +170,12 @@ void CommandReceived(char *Cmd) {
 //-----------------------------------------------------------------------------
 void UsbCommandReceived(UsbCommand *UC)
 {
  /*
  //  Debug
  printf("UsbCommand length[len=%zd]\n",sizeof(UsbCommand));
  printf("  cmd[len=%zd]: %"llx"\n",sizeof(UC->cmd),UC->cmd);
  printf(" arg0[len=%zd]: %"llx"\n",sizeof(UC->arg[0]),UC->arg[0]);
  printf(" arg1[len=%zd]: %"llx"\n",sizeof(UC->arg[1]),UC->arg[1]);
  printf(" arg2[len=%zd]: %"llx"\n",sizeof(UC->arg[2]),UC->arg[2]);
  printf(" data[len=%zd]: %02x%02x%02x...\n",sizeof(UC->d.asBytes),UC->d.asBytes[0],UC->d.asBytes[1],UC->d.asBytes[2]);
  */
  //	printf("%s(%x) current cmd = %x\n", __FUNCTION__, c->cmd, current_command);
  // If we recognize a response, return to avoid further processing
  switch(UC->cmd) {
      // First check if we are handling a debug message
    case CMD_DEBUG_PRINT_STRING: {
-      char s[USB_CMD_DATA_SIZE+1];
+		  char s[USB_CMD_DATA_SIZE+1] = {0x00};
      size_t len = MIN(UC->arg[0],USB_CMD_DATA_SIZE);
      memcpy(s,UC->d.asBytes,len);
      s[len] = 0x00;
      PrintAndLog("#db# %s       ", s);
      return;
    } break;
@ -206,67 +185,15 @@ void UsbCommandReceived(UsbCommand *UC)
      return;
    } break;
    // case CMD_MEASURED_ANTENNA_TUNING: {
      // int peakv, peakf;
      // int vLf125, vLf134, vHf;
      // vLf125 = UC->arg[0] & 0xffff;
      // vLf134 = UC->arg[0] >> 16;
      // vHf = UC->arg[1] & 0xffff;;
      // peakf = UC->arg[2] & 0xffff;
      // peakv = UC->arg[2] >> 16;
      // PrintAndLog("");
      // PrintAndLog("# LF antenna: %5.2f V @   125.00 kHz", vLf125/1000.0);
      // PrintAndLog("# LF antenna: %5.2f V @   134.00 kHz", vLf134/1000.0);
      // PrintAndLog("# LF optimal: %5.2f V @%9.2f kHz", peakv/1000.0, 12000.0/(peakf+1));
      // PrintAndLog("# HF antenna: %5.2f V @    13.56 MHz", vHf/1000.0);
      // if (peakv<2000)
        // PrintAndLog("# Your LF antenna is unusable.");
      // else if (peakv<10000)
        // PrintAndLog("# Your LF antenna is marginal.");
      // if (vHf<2000)
        // PrintAndLog("# Your HF antenna is unusable.");
      // else if (vHf<5000)
        // PrintAndLog("# Your HF antenna is marginal.");
    // } break;
    case CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K: {
 //      printf("received samples: ");
 //      print_hex(UC->d.asBytes,512);
      sample_buf_len += UC->arg[1];
 //      printf("samples: %zd offset: %d\n",sample_buf_len,UC->arg[0]);
      memcpy(sample_buf+(UC->arg[0]),UC->d.asBytes,UC->arg[1]);
    } break;
-
+		default:
 //    case CMD_ACK: {
 //      PrintAndLog("Receive ACK\n");
 //    } break;
    default: {
      // Maybe it's a response
      /*
      switch(current_command) {
        case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: {
          if (UC->cmd != CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K) {
            PrintAndLog("unrecognized command %08x\n", UC->cmd);
            break;
          }
 //          int i;
          PrintAndLog("received samples %d\n",UC->arg[0]);
          memcpy(sample_buf+UC->arg[0],UC->d.asBytes,48);
          sample_buf_len += 48;
 //          for(i=0; i<48; i++) sample_buf[i] = UC->d.asBytes[i];
          //received_command = UC->cmd;
        } break;
        default: {
        } break;
      }*/
    }
      break;
  }
  storeCommand(UC);
 }
--- a/client/data.c
+++ b/client/data.c
@ -12,7 +12,6 @@
 #include <stdint.h>
 #include "data.h"
 #include "ui.h"
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "cmdmain.h"
@ -23,22 +22,6 @@ void GetFromBigBuf(uint8_t *dest, int bytes, int start_index)
 {
  sample_buf_len = 0;
  sample_buf = dest;
 //	start_index = ((start_index/12)*12);
 //    int n = start_index + bytes;
    /*
     if (n % 48 != 0) {
     PrintAndLog("bad len in GetFromBigBuf");
     return;
     }
     */
  UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {start_index, bytes, 0}};
  SendCommand(&c);
 /*
  for (int i = start_index; i < n; i += 48) {
        UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {i, 0, 0}};
        SendCommand(&c);
 //        WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K);
 //        memcpy(dest+(i*4), sample_buf, 48);
    }
 */
 }
--- a/client/data.h
+++ b/client/data.h
@ -13,6 +13,9 @@
 #include <stdint.h>
 //trace buffer size as defined in armsrc/apps.h TRACE_SIZE
 #define TRACE_BUFFER_SIZE 4096
 #define FILE_PATH_SIZE 1000
 #define SAMPLE_BUFFER_SIZE 64
 extern uint8_t* sample_buf;
--- a/client/flash.c
+++ b/client/flash.c
@ -13,7 +13,6 @@
 #include <stdlib.h>
 #include "proxmark3.h"
 #include "sleep.h"
 //#include "proxusb.h"
 #include "flash.h"
 #include "elf.h"
 #include "proxendian.h"
@ -276,7 +275,6 @@ static int get_proxmark_state(uint32_t *state)
 {
 	UsbCommand c;
 	c.cmd = CMD_DEVICE_INFO;
 //	SendCommand_(&c);
  SendCommand(&c);
 	UsbCommand resp;
 	ReceiveCommand(&resp);
@ -391,7 +389,6 @@ int flash_start_flashing(int enable_bl_writes,char *serial_port_name)
 			c.arg[2] = 0;
 		}
 		SendCommand(&c);
 //		SendCommand_(&c);
 		return wait_for_ack();
 	} else {
 		fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n");
@ -408,22 +405,8 @@ static int write_block(uint32_t address, uint8_t *data, uint32_t length)
 	memset(block_buf, 0xFF, BLOCK_SIZE);
 	memcpy(block_buf, data, length);
  UsbCommand c;
 /*
 	c.cmd = {CMD_SETUP_WRITE};
 	for (int i = 0; i < 240; i += 48) {
 		memcpy(c.d.asBytes, block_buf + i, 48);
 		c.arg[0] = i / 4;
 		SendCommand(&c);
 //		SendCommand_(&c);
 		if (wait_for_ack() < 0) {
 			return -1;
    }
 	}
 */
 	c.cmd = CMD_FINISH_WRITE;
 	c.arg[0] = address;
 //	memcpy(c.d.asBytes, block_buf+240, 16);
 //	SendCommand_(&c);
 	memcpy(c.d.asBytes, block_buf, length);
  SendCommand(&c);
  return wait_for_ack();
@ -486,7 +469,6 @@ void flash_free(flash_file_t *ctx)
 // just reset the unit
 int flash_stop_flashing(void) {
 	UsbCommand c = {CMD_HARDWARE_RESET};
 //	SendCommand_(&c);
  SendCommand(&c);
  msleep(100);
  return 0;
--- a/client/graph.c
+++ b/client/graph.c
@ -36,6 +36,8 @@ void AppendGraph(int redraw, int clock, int bit)
 int ClearGraph(int redraw)
 {
  int gtl = GraphTraceLen;
  memset(GraphBuffer, 0x00, GraphTraceLen);
  GraphTraceLen = 0;
  if (redraw)
--- a/client/loclass/elite_crack.c
+++ b/client/loclass/elite_crack.c
@ -514,7 +514,6 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
 */
 int bruteforceFile(const char *filename, uint16_t keytable[])
 {
 	FILE *f = fopen(filename, "rb");
 	if(!f) {
 		prnlog("Failed to read from file '%s'", filename);
--- a/client/loclass/fileutils.c
+++ b/client/loclass/fileutils.c
@ -11,8 +11,14 @@
 * @return
 */
 int fileExists(const char *filename) {
 #ifdef _WIN32
 	struct _stat st;
 	int result = _stat(filename, &st);
 #else
 	struct stat st;
 	int result = stat(filename, &st);
 #endif
 	return result == 0;
 }
--- a/client/loclass/iclass_dump.bin
+++ b/client/loclass/iclass_dump.bin
--- a/client/loclass/ikeys.c
+++ b/client/loclass/ikeys.c
@ -725,7 +725,6 @@ int doTestsWithKnownInputs()
 int readKeyFile(uint8_t key[8])
 {
 	FILE *f;
 	int retval = 1;
 	f = fopen("iclass_key.bin", "rb");
@ -738,7 +737,6 @@ int readKeyFile(uint8_t key[8])
 		fclose(f);
 	}
 	return retval;
 }
--- a/client/lualibs/commands.lua
+++ b/client/lualibs/commands.lua
@ -64,6 +64,7 @@ local _commands = {
 	CMD_ISO_15693_COMMAND_DONE =                                         0x0314,
 	CMD_ISO_15693_FIND_AFI =                                             0x0315,
 	CMD_ISO_15693_DEBUG =                                                0x0316,
 	CMD_LF_SNOOP_RAW_ADC_SAMPLES =                                       0x0317,
 	--// For Hitag2 transponders
 	CMD_SNOOP_HITAG =                                                    0x0370,
@ -80,10 +81,13 @@ local _commands = {
 	CMD_READER_LEGIC_RF =                                                0x0388,
 	CMD_WRITER_LEGIC_RF =                                                0x0389,
 	CMD_EPA_PACE_COLLECT_NONCE =                                         0x038A,
 	--//CMD_EPA_ =                                                         0x038B,
 	CMD_SNOOP_ICLASS =                                                   0x0392,
 	CMD_SIMULATE_TAG_ICLASS =                                            0x0393,
 	CMD_READER_ICLASS =                                                  0x0394,
 	CMD_READER_ICLASS_REPLAY =											 0x0395,
 	CMD_ICLASS_ISO14443A_WRITE =										 0x0397,
 	--// For measurements of the antenna tuning
 	CMD_MEASURE_ANTENNA_TUNING =                                         0x0400,
@ -100,8 +104,11 @@ local _commands = {
 	CMD_MIFARE_EML_MEMSET =                                              0x0602,
 	CMD_MIFARE_EML_MEMGET =                                              0x0603,
 	CMD_MIFARE_EML_CARDLOAD =                                            0x0604,
-	CMD_MIFARE_EML_CSETBLOCK =                                           0x0605,
+	
-	CMD_MIFARE_EML_CGETBLOCK =                                           0x0606,
+	--// magic chinese card commands
 	CMD_MIFARE_CSETBLOCK =                                               0x0605,
 	CMD_MIFARE_CGETBLOCK =                                               0x0606,
 	CMD_MIFARE_CIDENT =                                                  0x0607,
 	CMD_SIMULATE_MIFARE_CARD =                                           0x0610,
@ -109,12 +116,33 @@ local _commands = {
 	CMD_MIFARE_NESTED =                                                  0x0612,
 	CMD_MIFARE_READBL =                                                  0x0620,
 	CMD_MIFAREU_READBL =                                                 0x0720,
 	CMD_MIFARE_READSC =                                                  0x0621,
 	CMD_MIFAREU_READCARD =                                               0x0721,
 	CMD_MIFARE_WRITEBL =                                                 0x0622,
 	CMD_MIFAREU_WRITEBL =                                                0x0722,
 	CMD_MIFAREU_WRITEBL_COMPAT =                                         0x0723,
 	CMD_MIFARE_CHKKEYS =                                                 0x0623,
 	CMD_MIFARE_SNIFFER =                                                 0x0630,
 	--//ultralightC
 	CMD_MIFAREUC_AUTH1 =						                         0x0724,
 	CMD_MIFAREUC_AUTH2 =						                         0x0725,
 	CMD_MIFAREUC_READCARD =		   					                     0x0726,
 	--// mifare desfire
 	CMD_MIFARE_DESFIRE_READBL =                                          0x0728,
 	CMD_MIFARE_DESFIRE_WRITEBL =                                         0x0729,
 	CMD_MIFARE_DESFIRE_AUTH1 =                                           0x072a,
 	CMD_MIFARE_DESFIRE_AUTH2 =                                           0x072b,
 	CMD_MIFARE_DES_READER =                                              0x072c,
 	CMD_MIFARE_DESFIRE_INFO =                                            0x072d,
 	CMD_MIFARE_DESFIRE =                                                 0x072e,
 	CMD_UNKNOWN =                                                        0xFFFF,
 }
@ -184,7 +212,6 @@ function Command:getBytes()
 	local data  = self.data
 	local cmd = self.cmd 
 	local arg1, arg2, arg3 = self.arg1, self.arg2, self.arg3
 	return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data);
 end
--- a/client/lualibs/html_dumplib.lua
+++ b/client/lualibs/html_dumplib.lua
@ -47,6 +47,18 @@ local function save_HTML(javascript, filename)
 end
 local function save_TEXT(data,filename)
 	-- Open the output file
 	local outfile = io.open(filename, "wb")
 	if outfile == nil then 
 		return oops(string.format("Could not write to file %s",tostring(filename)))
 	end
 	outfile:write(data)
 	io.close(outfile)
 	return filename   
 end
 local function save_BIN(data, filename)
 	-- Open the output file
@ -181,4 +193,6 @@ return {
 	convert_bin_to_html = convert_bin_to_html,
 	convert_eml_to_html = convert_eml_to_html,
    convert_eml_to_bin = convert_eml_to_bin,	
    SaveAsBinary = save_BIN,
 	SaveAsText = save_TEXT,
 }
--- a/client/lualibs/htmlskel.lua
+++ b/client/lualibs/htmlskel.lua
@ -55,6 +55,7 @@ local skel_1 = [[
 			return "UNKNOWN"
 		}
 		add("04,,,Mifare TNP3xxx Activision 1K,0f01,01");
 		add("04,,,Mifare Mini,0004,09");
 		add("04,,,Mifare Classic 1k/Mifare Plus(4 byte UID) 2K SL1,0004,08");
 		add("04,,,Mifare Plus (4 byte UID) 2K SL2,0004,10");
--- a/client/lualibs/mf_default_keys.lua
+++ b/client/lualibs/mf_default_keys.lua
@ -141,6 +141,24 @@ local _keys = {
 	'200000000000',
 	'a00000000000',
 	'b00000000000',	
 	--[[
    Should be for Mifare TNP3xxx tags A KEY.
    --]]
 	'4b0b20107ccb',
 	--[[
    Kiev metro cards
    --]]	
 	'8fe644038790',
 	'f14ee7cae863',
 	'632193be1c3c',
 	'569369c5a0e5',
 	'9de89e070277',
 	'eff603e1efe9',
 	'644672bd4afe',
 	'b5ff67cba951',
  }
 ---
--- a/client/lualibs/read14a.lua
+++ b/client/lualibs/read14a.lua
@ -25,6 +25,7 @@ local ISO14A_COMMAND = {
 local ISO14443a_TYPES = {}		
 ISO14443a_TYPES[0x00] = "NXP MIFARE Ultralight | Ultralight C"
 ISO14443a_TYPES[0x01] = "NXP MIFARE TNP3xxx Activision Game Appliance"
 ISO14443a_TYPES[0x04] = "NXP MIFARE (various !DESFire !DESFire EV1)"
 ISO14443a_TYPES[0x08] = "NXP MIFARE CLASSIC 1k | Plus 2k"
 ISO14443a_TYPES[0x09] = "NXP MIFARE Mini 0.3k"
--- a/client/mifarehost.c
+++ b/client/mifarehost.c
@ -26,8 +26,6 @@ int compar_int(const void * a, const void * b) {
 	else return -1;
 }
 // Compare 16 Bits out of cryptostate
 int Compare16Bits(const void * a, const void * b) {
 	if ((*(uint64_t*)b & 0x00ff000000ff0000) == (*(uint64_t*)a & 0x00ff000000ff0000)) return 0;
@ -35,7 +33,6 @@ int Compare16Bits(const void * a, const void * b) {
 	else return -1;
 }
 typedef 
 	struct {
 		union {
@ -70,16 +67,12 @@ void* nested_worker_thread(void *arg)
 	return statelist->head.slhead;
 }
 int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKey, bool calibrate) 
 {
 	uint16_t i, len;
 	uint32_t uid;
 	UsbCommand resp;
 	StateList_t statelists[2];
 	struct Crypto1State *p1, *p2, *p3, *p4;
@ -239,12 +232,11 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
 // "MAGIC" CARD
 int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
-	uint8_t block0[16];
+	uint8_t block0[16] = {0x00};
 	memset(block0, 0, 16);
 	memcpy(block0, uid, 4); 
 	block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
 	// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
-	block0[5] = 0x88;
+	block0[5] = 0x08;
 	block0[6] = 0x04;
 	block0[7] = 0x00;
@ -252,9 +244,9 @@ int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
 }
 int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params) {
 	uint8_t isOK = 0;
-	UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
+	uint8_t isOK = 0;
 	UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
 	memcpy(c.d.asBytes, data, 16); 
 	SendCommand(&c);
@ -273,7 +265,7 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uin
 int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {
 	uint8_t isOK = 0;
-	UsbCommand c = {CMD_MIFARE_EML_CGETBLOCK, {params, 0, blockNo}};
+	UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
 	SendCommand(&c);
  UsbCommand resp;
@ -296,7 +288,7 @@ static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00};
 // variables
 char logHexFileName[200] = {0x00};
 static uint8_t traceCard[4096] = {0x00};
-static char traceFileName[200] = {0};
+static char traceFileName[200] = {0x00};
 static int traceState = TRACE_IDLE;
 static uint8_t traceCurBlock = 0;
 static uint8_t traceCurKey = 0;
@ -522,7 +514,6 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
 	case TRACE_AUTH1: 
 		if (len == 4) {
 			traceState = TRACE_AUTH2;
 			nt = bytes_to_num(data, 4);
 			return 0;
 		} else {
@ -558,6 +549,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
 			lfsr_rollback_word(revstate, 0, 0);
 			lfsr_rollback_word(revstate, nr_enc, 1);
 			lfsr_rollback_word(revstate, uid ^ nt, 0);
 			crypto1_get_lfsr(revstate, &lfsr);
 			printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));
 			AddLogUint64(logHexFileName, "key> ", lfsr); 
--- a/client/mifarehost.h
+++ b/client/mifarehost.h
@ -15,7 +15,6 @@
 #include "cmdmain.h"
 #include "ui.h"
 #include "data.h"
 //#include "proxusb.h"
 #include "util.h"
 #include "nonce2key/nonce2key.h"
 #include "nonce2key/crapto1.h"
--- a/client/nonce2key/crapto1.c
+++ b/client/nonce2key/crapto1.c
@ -549,7 +549,6 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8],
 				free(odd);
 				free(even);
                return 0;
 	}
 	s = statelist;
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@ -66,21 +66,6 @@ struct main_loop_arg {
  char *script_cmds_file;
 };
 //static void *usb_receiver(void *targ) {
 //  struct receiver_arg *arg = (struct receiver_arg*)targ;
 //  UsbCommand cmdbuf;
 //
 //  while (arg->run) {
 //    if (ReceiveCommandPoll(&cmdbuf)) {
 //      UsbCommandReceived(&cmdbuf);
 //      fflush(NULL);
 //    }
 //  }
 //
 //  pthread_exit(NULL);
 //  return NULL;
 //}
 byte_t rx[0x1000000];
 byte_t* prx = rx;
@ -129,7 +114,7 @@ static void *main_loop(void *targ) {
  }
  FILE *script_file = NULL;
-  char script_cmd_buf[256];
+  char script_cmd_buf[256];  // iceman, needs lua script the same file_path_buffer as the rest
  if (arg->script_cmds_file)
  {
@ -211,14 +196,6 @@ static void *main_loop(void *targ) {
  return NULL;
 }
 //static void dumpHelp(char  *parent, ...)
 //{
 //  printf("## %s\n\n", parent);
 //  CommandReceived(parent);
 //  
 //  printf("\n");
 //}
 static void dumpAllHelp(int markdown)
 {
  printf("\n%sProxmark3 command dump%s\n\n",markdown?"# ":"",markdown?"":"\n======================");
@ -258,17 +235,6 @@ int main(int argc, char* argv[]) {
 	};
 	pthread_t main_loop_t;
 /*
  usb_init();
  if (!OpenProxmark(1)) {
    fprintf(stderr,"PROXMARK3: NOT FOUND!\n");
    marg.usb_present = 0;
    offline = 1;
  } else {
    marg.usb_present = 1;
    offline = 0;
  }
 */
 	sp = uart_open(argv[1]);
 	if (sp == INVALID_SERIAL_PORT) {
@ -309,10 +275,6 @@ int main(int argc, char* argv[]) {
 	pthread_join(main_loop_t, NULL);
 //  if (marg.usb_present == 1) {
 //    CloseProxmark();
 //  }
 	// Clean up the port
 	uart_close(sp);
--- a/client/scripts/formatMifare.lua
+++ b/client/scripts/formatMifare.lua
@ -90,8 +90,10 @@ function GetCardInfo()
 	elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k
 		-- MIFARE Classic mini offers 320 bytes split into five sectors.
 		numSectors = 5
-	elseif  0x10 == result.sak then-- "NXP MIFARE Plus 2k"
+	elseif  0x10 == result.sak then -- NXP MIFARE Plus 2k
 		numSectors = 32
 	elseif  0x01 == sak then        -- NXP MIFARE TNP3xxx 1K
 		numSectors = 16
 	else
 		print("I don't know how many sectors there are on this type of card, defaulting to 16")
 	end	
--- a/client/scripts/mifare_autopwn.lua
+++ b/client/scripts/mifare_autopwn.lua
@ -133,6 +133,8 @@ function nested(key,sak)
 		typ = 0
 	elseif  0x10 == sak then-- "NXP MIFARE Plus 2k"
 		typ = 2
 	elseif  0x01 == sak then-- "NXP MIFARE TNP3xxx 1K"
 		typ = 1
 	else
 		print("I don't know how many sectors there are on this type of card, defaulting to 16")
 	end
--- a/client/scripts/test.lua
+++ b/client/scripts/test.lua
@ -1,10 +0,0 @@
 local foo = "This shows how to use some standard libraries"
 print(foo)
 local answer
 repeat
  	io.write("Continue with this operation (y/n)? ")
  	io.flush()
  	answer=io.read()
 until answer=="y" or answer=="n"
 local x = "Ok then, %s"
 print (x:format("whatever"))
--- a/client/util.c
+++ b/client/util.c
@ -13,6 +13,7 @@
 #ifndef _WIN32
 #include <termios.h>
 #include <sys/ioctl.h> 
 int ukbhit(void)
 {
  int cnt = 0;
@ -112,6 +113,19 @@ char * sprint_hex(const uint8_t * data, const size_t len) {
 	return buf;
 }
 char * sprint_bin(const uint8_t * data, const size_t len) {
 	int maxLen = ( len > 1024) ? 1024 : len;
 	static char buf[1024];
 	char * tmp = buf;
 	size_t i;
 	for (i=0; i < maxLen; ++i, ++tmp)
 		sprintf(tmp, "%u", data[i]);
 	return buf;
 }
 void num_to_bytes(uint64_t n, size_t len, uint8_t* dest)
 {
 	while (len--) {
@ -131,6 +145,28 @@ uint64_t bytes_to_num(uint8_t* src, size_t len)
 	return num;
 }
 //assumes little endian
 char * printBits(size_t const size, void const * const ptr)
 {
    unsigned char *b = (unsigned char*) ptr;	
    unsigned char byte;
 	static char buf[1024];
 	char * tmp = buf;
    int i, j;
    for (i=size-1;i>=0;i--)
    {
        for (j=7;j>=0;j--)
        {
            byte = b[i] & (1<<j);
            byte >>= j;
            sprintf(tmp, "%u", byte);
 			tmp++;
        }
    }
 	return buf;
 }
 //  -------------------------------------------------------------------------
 //  string parameters lib
 //  -------------------------------------------------------------------------
@ -248,3 +284,102 @@ int param_getstr(const char *line, int paramnum, char * str)
 	return en - bg + 1;
 }
 /*
 The following methods comes from Rfidler sourcecode.
 https://github.com/ApertureLabsLtd/RFIDler/blob/master/firmware/Pic32/RFIDler.X/src/
 */
 // convert hex to sequence of 0/1 bit values
 // returns number of bits converted
 int hextobinarray(char *target, char *source)
 {
    int length, i, count= 0;
    char x;
    length = strlen(source);
    // process 4 bits (1 hex digit) at a time
    while(length--)
    {
        x= *(source++);
        // capitalize
        if (x >= 'a' && x <= 'f')
            x -= 32;
        // convert to numeric value
        if (x >= '0' && x <= '9')
            x -= '0';
        else if (x >= 'A' && x <= 'F')
            x -= 'A' - 10;
        else
            return 0;
        // output
        for(i= 0 ; i < 4 ; ++i, ++count)
            *(target++)= (x >> (3 - i)) & 1;
    }
    return count;
 }
 // convert hex to human readable binary string
 int hextobinstring(char *target, char *source)
 {
    int length;
    if(!(length= hextobinarray(target, source)))
        return 0;
    binarraytobinstring(target, target, length);
    return length;
 }
 // convert binary array of 0x00/0x01 values to hex (safe to do in place as target will always be shorter than source)
 // return number of bits converted
 int binarraytohex(char *target, char *source, int length)
 {
    unsigned char i, x;
    int j = length;
    if(j % 4)
        return 0;
    while(j)
    {
        for(i= x= 0 ; i < 4 ; ++i)
            x +=  ( source[i] << (3 - i));
        sprintf(target,"%X", x);
        ++target;
        source += 4;
        j -= 4;
    }
    return length;
 }
 // convert binary array to human readable binary
 void binarraytobinstring(char *target, char *source,  int length)
 {
    int i;
    for(i= 0 ; i < length ; ++i)
        *(target++)= *(source++) + '0';
    *target= '\0';
 }
 // return parity bit required to match type
 uint8_t GetParity( char *bits, uint8_t type, int length)
 {
    int x;
    for(x= 0 ; length > 0 ; --length)
        x += bits[length - 1];
    x %= 2;
    return x ^ type;
 }
 // add HID parity to binary array: EVEN prefix for 1st half of ID, ODD suffix for 2nd half
 void wiegand_add_parity(char *target, char *source, char length)
 {
    *(target++)= GetParity(source, EVEN, length / 2);
    memcpy(target, source, length);
    target += length;
    *(target)= GetParity(source + length / 2, ODD, length / 2);
 }
--- a/client/util.h
+++ b/client/util.h
@ -15,6 +15,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <time.h>
 #include "data.h"
 #ifndef MIN
 # define MIN(a, b) (((a) < (b)) ? (a) : (b))
@ -22,6 +23,10 @@
 #ifndef MAX
 # define MAX(a, b) (((a) > (b)) ? (a) : (b))
 #endif
 #define TRUE                        1
 #define FALSE                       0
 #define EVEN                        0
 #define ODD                         1
 int ukbhit(void);
@ -33,9 +38,11 @@ void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount);
 void print_hex(const uint8_t * data, const size_t len);
 char * sprint_hex(const uint8_t * data, const size_t len);
 char * sprint_bin(const uint8_t * data, const size_t len);
 void num_to_bytes(uint64_t n, size_t len, uint8_t* dest);
 uint64_t bytes_to_num(uint8_t* src, size_t len);
 char * printBits(size_t const size, void const * const ptr);
 char param_getchar(const char *line, int paramnum);
 uint8_t param_get8(const char *line, int paramnum);
@ -45,3 +52,10 @@ uint64_t param_get64ex(const char *line, int paramnum, int deflt, int base);
 int param_gethex(const char *line, int paramnum, uint8_t * data, int hexcnt);
 int param_getstr(const char *line, int paramnum, char * str);
 int hextobinarray( char *target,  char *source);
 int hextobinstring( char *target,  char *source);
 int binarraytohex( char *target,  char *source,  int length);
 void binarraytobinstring(char *target,  char *source,  int length);
 uint8_t GetParity( char *string, uint8_t type,  int length);
 void wiegand_add_parity(char *target, char *source, char length);
--- a/common/Makefile.common
+++ b/common/Makefile.common
@ -54,7 +54,8 @@ DELETE=del /q
 MOVE=ren
 COPY=copy
 PATHSEP=\\#
-FLASH_TOOL=winsrc\\prox.exe
+#FLASH_TOOL=winsrc\\prox.exe
 FLASH_TOOL=winsrc\\flash.exe
 DETECTED_OS=Windows
 endif
@ -67,6 +68,7 @@ INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gp
 CFLAGS =  -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) -Os
 LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n
 LIBS = -lgcc
 THUMBOBJ = $(patsubst %.c,$(OBJDIR)/%.o,$(THUMBSRC))
--- a/common/cmd.c
+++ b/common/cmd.c
@ -34,8 +34,6 @@
 #include "string.h"
 #include "proxmark3.h"
 //static UsbCommand txcmd;
 bool cmd_receive(UsbCommand* cmd) {
  // Check if there is a usb packet available
--- a/common/crc16.c
+++ b/common/crc16.c
@ -8,6 +8,7 @@
 #include "crc16.h"
 unsigned short update_crc16( unsigned short crc, unsigned char c )
 {
  unsigned short i, v, tcrc = 0;
@ -20,3 +21,25 @@ unsigned short update_crc16( unsigned short crc, unsigned char c )
  return ((crc >> 8) ^ tcrc)&0xffff;
 }
 uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial) {
 	if (length == 0)
        return (~remainder);
    for (int byte = 0; byte < length; ++byte) {
        remainder ^= (message[byte] << 8);
        for (uint8_t bit = 8; bit > 0; --bit) {
            if (remainder & 0x8000) {
                remainder = (remainder << 1) ^ polynomial;
            } else {
                remainder = (remainder << 1);
            }
        }
    }
    return remainder;
 }
 uint16_t crc16_ccitt(uint8_t const *message, int length) {
    return crc16(message, length, 0xffff, 0x1021);
 }
--- a/common/crc16.h
+++ b/common/crc16.h
@ -5,10 +5,11 @@
 //-----------------------------------------------------------------------------
 // CRC16
 //-----------------------------------------------------------------------------
 #include <stdint.h>
 #ifndef __CRC16_H
 #define __CRC16_H
 unsigned short update_crc16(unsigned short crc, unsigned char c);
-
+uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial);
 uint16_t crc16_ccitt(uint8_t const *message, int length);
 #endif
--- a/common/usb_cdc.c
+++ b/common/usb_cdc.c
@ -223,7 +223,6 @@ byte_t btReceiveBank   = AT91C_UDP_RX_DATA_BK0;
 void usb_disable() {
  // Disconnect the USB device
  AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU;
 //  SpinDelay(100);
  // Clear all lingering interrupts
  if(pUdp->UDP_ISR & AT91C_UDP_ENDBUSRES) {
@ -257,7 +256,6 @@ void usb_enable() {
  // Wait for a short while
  for (volatile size_t i=0; i<0x100000; i++);
 //  SpinDelay(100);
  // Reconnect USB reconnect
  AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU;
@ -304,8 +302,7 @@ uint32_t usb_read(byte_t* data, size_t len) {
 	uint32_t packetSize, nbBytesRcv = 0;
  uint32_t time_out = 0;
-	while (len)
+	while (len)  {
  {
 		if (!usb_check()) break;
 		if ( pUdp->UDP_CSR[AT91C_EP_OUT] & bank ) {
@ -314,8 +311,7 @@ uint32_t usb_read(byte_t* data, size_t len) {
 			while(packetSize--)
 				data[nbBytesRcv++] = pUdp->UDP_FDR[AT91C_EP_OUT];
 			pUdp->UDP_CSR[AT91C_EP_OUT] &= ~(bank);
-			if (bank == AT91C_UDP_RX_DATA_BK0)
+			if (bank == AT91C_UDP_RX_DATA_BK0) {
      {
 				bank = AT91C_UDP_RX_DATA_BK1;
      } else {
 				bank = AT91C_UDP_RX_DATA_BK0;
--- a/include/at91sam7s512.h
+++ b/include/at91sam7s512.h
@ -428,7 +428,7 @@ typedef struct _AT91S_PIO {
 #define PIO_PDR         (AT91_CAST(AT91_REG *) 	0x00000004) // (PIO_PDR) PIO Disable Register
 #define PIO_PSR         (AT91_CAST(AT91_REG *) 	0x00000008) // (PIO_PSR) PIO Status Register
 #define PIO_OER         (AT91_CAST(AT91_REG *) 	0x00000010) // (PIO_OER) Output Enable Register
-#define PIO_ODR         (AT91_CAST(AT91_REG *) 	0x00000014) // (PIO_ODR) Output Disable Registerr
+#define PIO_ODR         (AT91_CAST(AT91_REG *) 	0x00000014) // (PIO_ODR) Output Disable Register
 #define PIO_OSR         (AT91_CAST(AT91_REG *) 	0x00000018) // (PIO_OSR) Output Status Register
 #define PIO_IFER        (AT91_CAST(AT91_REG *) 	0x00000020) // (PIO_IFER) Input Filter Enable Register
 #define PIO_IFDR        (AT91_CAST(AT91_REG *) 	0x00000024) // (PIO_IFDR) Input Filter Disable Register
--- a/include/crc.h
+++ b/include/crc.h
@ -1,48 +0,0 @@
 //-----------------------------------------------------------------------------
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
 // at your option, any later version. See the LICENSE.txt file for the text of
 // the license.
 //-----------------------------------------------------------------------------
 // Generic CRC calculation code.
 //-----------------------------------------------------------------------------
 #ifndef __CRC_H
 #define __CRC_H
 #include <stdint.h>
 typedef struct crc {
 	uint32_t state;
 	int order;
 	uint32_t polynom;
 	uint32_t initial_value;
 	uint32_t final_xor;
 	uint32_t mask;
 } crc_t;
 /* Initialize a crc structure. order is the order of the polynom, e.g. 32 for a CRC-32
 * polynom is the CRC polynom. initial_value is the initial value of a clean state.
 * final_xor is XORed onto the state before returning it from crc_result(). */
 extern void crc_init(crc_t *crc, int order, uint32_t polynom, uint32_t initial_value, uint32_t final_xor);
 /* Update the crc state. data is the data of length data_width bits (only the the
 * data_width lower-most bits are used).
 */
 extern void crc_update(crc_t *crc, uint32_t data, int data_width);
 /* Clean the crc state, e.g. reset it to initial_value */
 extern void crc_clear(crc_t *crc);
 /* Get the result of the crc calculation */
 extern uint32_t crc_finish(crc_t *crc);
 /* Static initialization of a crc structure */
 #define CRC_INITIALIZER(_order, _polynom, _initial_value, _final_xor) { \
 	.state = ((_initial_value) & ((1L<<(_order))-1)), \
 	.order = (_order), \
 	.polynom = (_polynom), \
 	.initial_value = (_initial_value), \
 	.final_xor = (_final_xor), \
 	.mask = ((1L<<(_order))-1) }
 #endif /* __CRC_H */
--- a/include/proxmark3.h
+++ b/include/proxmark3.h
@ -14,6 +14,7 @@
 // Might as well have the hardware-specific defines everywhere.
 #include "at91sam7s512.h"
 #include "config_gpio.h"
 #include "usb_cmd.h"
 #define WDT_HIT()								AT91C_BASE_WDTC->WDTC_WDCR = 0xa5000001
@ -67,8 +68,6 @@
 #define TRUE 1
 #define FALSE 0
 #include <usb_cmd.h>
 //#define PACKED __attribute__((__packed__))
 #define LED_A_ON()		HIGH(GPIO_LED_A)
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@ -81,7 +81,7 @@ typedef struct {
 #define CMD_EM4X_WRITE_WORD                                               0x0219
 #define CMD_IO_DEMOD_FSK                                                  0x021A
 #define CMD_IO_CLONE_TAG                                                  0x021B
-#define CMD_EM410X_DEMOD  																								0x021C
+#define CMD_EM410X_DEMOD  												  0x021c
 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
@ -137,8 +137,11 @@ typedef struct {
 #define CMD_MIFARE_EML_MEMSET                                             0x0602
 #define CMD_MIFARE_EML_MEMGET                                             0x0603
 #define CMD_MIFARE_EML_CARDLOAD                                           0x0604
-#define CMD_MIFARE_EML_CSETBLOCK                                          0x0605
+
-#define CMD_MIFARE_EML_CGETBLOCK                                          0x0606
+// magic chinese card commands
 #define CMD_MIFARE_CSETBLOCK                                              0x0605
 #define CMD_MIFARE_CGETBLOCK                                              0x0606
 #define CMD_MIFARE_CIDENT                                                 0x0607
 #define CMD_SIMULATE_MIFARE_CARD                                          0x0610
@ -147,14 +150,30 @@ typedef struct {
 #define CMD_MIFARE_READBL                                                 0x0620
 #define CMD_MIFAREU_READBL						  0x0720
 #define CMD_MIFARE_READSC                                                 0x0621
 #define CMD_MIFAREU_READCARD						  0x0721
 #define CMD_MIFARE_WRITEBL                                                0x0622
-#define CMD_MIFAREU_WRITEBL_COMPAT					  0x0722
+#define CMD_MIFAREU_WRITEBL						                          0x0722
-#define CMD_MIFAREU_WRITEBL						  0x0723
+#define CMD_MIFAREU_WRITEBL_COMPAT					                      0x0723
 #define CMD_MIFARE_CHKKEYS                                                0x0623
 #define CMD_MIFARE_SNIFFER                                                0x0630
 //ultralightC
 #define CMD_MIFAREUC_AUTH1						                          0x0724
 #define CMD_MIFAREUC_AUTH2						                          0x0725
 #define CMD_MIFAREUC_READCARD						                      0x0726
 // mifare desfire
 #define CMD_MIFARE_DESFIRE_READBL                                         0x0728
 #define CMD_MIFARE_DESFIRE_WRITEBL                                        0x0729
 #define CMD_MIFARE_DESFIRE_AUTH1                                          0x072a
 #define CMD_MIFARE_DESFIRE_AUTH2                                          0x072b
 #define CMD_MIFARE_DES_READER                                             0x072c
 #define CMD_MIFARE_DESFIRE_INFO                                           0x072d
 #define CMD_MIFARE_DESFIRE                                                0x072e
 #define CMD_UNKNOWN                                                       0xFFFF