Minor code clean ups

ADD: tnp3xx support in lua scripts FIX: hf 14a reader and identificate chinese backdoor, forgot to add the code.
2025-08-23 06:25:28 -07:00 · 2015-01-05 19:50:00 +01:00 · 2015-01-05 19:50:00 +01:00 · 26c8035142
commit 26c8035142
parent 5db9756676
34 changed files with 339 additions and 59 deletions
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@ -10,7 +10,7 @@ APP_INCLUDES = apps.h
 #remove one of the following defines and comment out the relevant line
 #in the next section to remove that particular feature from compilation  
-APP_CFLAGS	= -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG
+APP_CFLAGS	= -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG	   -fno-strict-aliasing
 #-DWITH_LCD 
 #SRC_LCD = fonts.c LCD.c
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -18,7 +18,6 @@
 #include "util.h"
 #include "printf.h"
 #include "string.h"
 #include <stdarg.h>
 #include "legicrf.h"
--- a/armsrc/crapto1.c
+++ b/armsrc/crapto1.c
@ -44,12 +44,12 @@ static void quicksort(uint32_t* const start, uint32_t* const stop)
 		else if(*rit > *start)
 			--rit;
 		else
-			*it ^= (*it ^= *rit, *rit ^= *it);
+			*it ^= ( (*it ^= *rit ), *rit ^= *it);
 	if(*rit >= *start)
 		--rit;
 	if(rit != start)
-		*rit ^= (*rit ^= *start, *start ^= *rit);
+		*rit ^= ( (*rit ^= *start), *start ^= *rit);
 	quicksort(start, rit - 1);
 	quicksort(rit + 1, stop);
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -1812,7 +1812,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 		if (!ReaderReceive(resp, resp_par)) return 0;
 		sak = resp[0];
-		// Test if more parts of the uid are comming
+    // Test if more parts of the uid are coming
 		if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
 			// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
 			// http://www.nxp.com/documents/application_note/AN10927.pdf
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -214,7 +214,6 @@ void MifareUReadCard(uint8_t arg0, uint8_t *datain)
        // clear trace
        iso14a_clear_trace();
 //      iso14a_set_tracing(false);
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
--- a/armsrc/string.c
+++ b/armsrc/string.c
@ -48,6 +48,11 @@ int memcmp(const void *av, const void *bv, int len)
 	return 0;
 }
 void memxor(uint8_t * dest, uint8_t * src, size_t len) {
   for( ; len > 0; len--,dest++,src++)
       *dest ^= *src;
 }
 int strlen(const char *str)
 {
 	int l = 0;
--- a/armsrc/string.h
+++ b/armsrc/string.h
@ -12,10 +12,14 @@
 #ifndef __STRING_H
 #define __STRING_H
 #include <stdint.h>
 #include <util.h>
 int strlen(const char *str);
-void *memcpy(void *dest, const void *src, int len);
+RAMFUNC void *memcpy(void *dest, const void *src, int len);
 void *memset(void *dest, int c, int len);
-int memcmp(const void *av, const void *bv, int len);
+RAMFUNC int memcmp(const void *av, const void *bv, int len);
 void memxor(uint8_t * dest, uint8_t * src, size_t len);
 char *strncat(char *dest, const char *src, unsigned int n);
 char *strcat(char *dest, const char *src);
 void strreverse(char s[]);
--- a/client/cmddata.c
+++ b/client/cmddata.c
@ -891,21 +891,52 @@ int CmdSamples(const char *Cmd)
 int CmdTuneSamples(const char *Cmd)
 {
-  int cnt = 0;
+	int timeout = 0;
-  int n = 255;
+	printf("\nMeasuring antenna characteristics, please wait...");
  uint8_t got[255];
-  PrintAndLog("Reading %d samples\n", n);
+	UsbCommand c = {CMD_MEASURE_ANTENNA_TUNING};
-  GetFromBigBuf(got,n,7256); // armsrc/apps.h: #define FREE_BUFFER_OFFSET 7256
+	SendCommand(&c);
-  WaitForResponse(CMD_ACK,NULL);
+
-  for (int j = 0; j < n; j++) {
+	UsbCommand resp;
-    GraphBuffer[cnt++] = ((int)got[j]) - 128;
+	while(!WaitForResponseTimeout(CMD_MEASURED_ANTENNA_TUNING,&resp,1000)) {
 		timeout++;
 		printf(".");
 		if (timeout > 7) {
 			PrintAndLog("\nNo response from Proxmark. Aborting...");
 			return 1;
 		}
 	}
 	int peakv, peakf;
 	int vLf125, vLf134, vHf;
 	vLf125 = resp.arg[0] & 0xffff;
 	vLf134 = resp.arg[0] >> 16;
 	vHf = resp.arg[1] & 0xffff;;
 	peakf = resp.arg[2] & 0xffff;
 	peakv = resp.arg[2] >> 16;
 	PrintAndLog("");
 	PrintAndLog("# LF antenna: %5.2f V @   125.00 kHz", vLf125/1000.0);
 	PrintAndLog("# LF antenna: %5.2f V @   134.00 kHz", vLf134/1000.0);
 	PrintAndLog("# LF optimal: %5.2f V @%9.2f kHz", peakv/1000.0, 12000.0/(peakf+1));
 	PrintAndLog("# HF antenna: %5.2f V @    13.56 MHz", vHf/1000.0);
 	if (peakv<2000)
 		PrintAndLog("# Your LF antenna is unusable.");
 	else if (peakv<10000)
 		PrintAndLog("# Your LF antenna is marginal.");
 	if (vHf<2000)
 		PrintAndLog("# Your HF antenna is unusable.");
 	else if (vHf<5000)
 		PrintAndLog("# Your HF antenna is marginal.");
 	for (int i = 0; i < 256; i++) {
 		GraphBuffer[i] = resp.d.asBytes[i] - 128;
  }
  PrintAndLog("Done! Divisor 89 is 134khz, 95 is 125khz.\n");
  PrintAndLog("\n");
-  GraphTraceLen = n;
+	GraphTraceLen = 256;
-  RepaintGraphWindow();
+	ShowGraphWindow();
  return 0;
 }
--- a/client/cmdhw.c
+++ b/client/cmdhw.c
@ -13,12 +13,11 @@
 #include <string.h>
 #include <limits.h>
 #include "ui.h"
 //#include "proxusb.h"
 #include "proxmark3.h"
 #include "cmdparser.h"
 #include "cmddata.h"
 #include "cmdhw.h"
 #include "cmdmain.h"
 #include "cmddata.h"
 /* low-level hardware control */
@ -418,7 +417,7 @@ static command_t CommandTable[] =
  {"setlfdivisor",  CmdSetDivisor,  0, "<19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)"},
  {"setmux",        CmdSetMux,      0, "<loraw|hiraw|lopkd|hipkd> -- Set the ADC mux to a specific value"},
  {"tune",          CmdTune,        0, "Measure antenna tuning"},
-  {"version",       CmdVersion,     0, "Show version inforation about the connected Proxmark"},
+  {"version",       CmdVersion,     0, "Show version information about the connected Proxmark"},
  {NULL, NULL, 0, NULL}
 };
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@ -70,7 +70,7 @@ int CmdFlexdemod(const char *Cmd)
    }
  }
  if (start == GraphTraceLen - LONG_WAIT) {
-    PrintAndLog("nothing to wait for");
+		//PrintAndLog("nothing to wait for");
    return 0;
  }
@ -200,7 +200,7 @@ int CmdIndalaDemod(const char *Cmd)
  }
  if (start == rawbit - uidlen + 1) {
-    PrintAndLog("nothing to wait for");
+		//PrintAndLog("nothing to wait for");
    return 0;
  }
@ -392,7 +392,7 @@ static void ChkBitstream(const char *str)
 int CmdLFSim(const char *Cmd)
 {
-  int i;
+	int i,j;
  static int gap;
  sscanf(Cmd, "%i", &gap);
@ -400,18 +400,20 @@ int CmdLFSim(const char *Cmd)
  /* convert to bitstream if necessary */
  ChkBitstream(Cmd);
-  PrintAndLog("Sending data, please wait...");
+	printf("Sending [%d bytes]", GraphTraceLen);
-  for (i = 0; i < GraphTraceLen; i += 48) {
+	for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) {
    UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
-    int j;
+
-    for (j = 0; j < 48; j++) {
+		for (j = 0; j < USB_CMD_DATA_SIZE; j++) {
      c.d.asBytes[j] = GraphBuffer[i+j];
    }
    SendCommand(&c);
    WaitForResponse(CMD_ACK,NULL);
 		printf(".");
  }
-  PrintAndLog("Starting simulator...");
+	printf("\n");
 	PrintAndLog("Starting to simulate");
  UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
  SendCommand(&c);
  return 0;
--- a/client/cmdlfem4x.c
+++ b/client/cmdlfem4x.c
@ -13,12 +13,16 @@
 #include <inttypes.h>
 #include "proxmark3.h"
 #include "ui.h"
 #include "util.h"
 #include "graph.h"
 #include "cmdmain.h"
 #include "cmdparser.h"
 #include "cmddata.h"
 #include "cmdlf.h"
 #include "cmdlfem4x.h"
 #include "util.h"
 #include "data.h"
 #define LF_TRACE_BUFF_SIZE 12000
 #define LF_BITSSTREAM_LEN 1000
 static int CmdHelp(const char *Cmd);
@ -77,9 +81,9 @@ int CmdEM410xRead(const char *Cmd)
    /* Find out if we hit both high and low peaks */
    for (j = 0; j < clock; j++)
    {
-      if (GraphBuffer[(i * clock) + j] == high)
+      if (GraphBuffer[(i * clock) + j] >= high)
        hithigh = 1;
-      else if (GraphBuffer[(i * clock) + j] == low)
+      else if (GraphBuffer[(i * clock) + j] <= low)
        hitlow = 1;
      /* it doesn't count if it's the first part of our read
@ -177,8 +181,10 @@ retest:
  }
  /* if we've already retested after flipping bits, return */
-  if (retested++)
+	if (retested++){
 		PrintAndLog("Failed to decode");
    return 0;
 	}
  /* if this didn't work, try flipping bits */
  for (i = 0; i < bit2idx; i++)
--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@ -133,15 +133,14 @@ bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeou
  UsbCommand resp;
-  if (response == NULL) {
+	if (response == NULL)
    response = &resp;
-  }
+
  // Wait until the command is received
  for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
-      while(getCommand(response))
+		while(getCommand(response)) {
      {
          if(response->cmd == cmd){
          return true;
          }
--- a/client/data.h
+++ b/client/data.h
@ -13,6 +13,9 @@
 #include <stdint.h>
 //trace buffer size as defined in armsrc/apps.h TRACE_SIZE
 #define TRACE_BUFFER_SIZE 4096
 #define FILE_PATH_SIZE 1000
 #define SAMPLE_BUFFER_SIZE 64
 extern uint8_t* sample_buf;
--- a/client/graph.c
+++ b/client/graph.c
@ -36,6 +36,8 @@ void AppendGraph(int redraw, int clock, int bit)
 int ClearGraph(int redraw)
 {
  int gtl = GraphTraceLen;
  memset(GraphBuffer, 0x00, GraphTraceLen);
  GraphTraceLen = 0;
  if (redraw)
--- a/client/loclass/elite_crack.c
+++ b/client/loclass/elite_crack.c
@ -514,7 +514,6 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
 */
 int bruteforceFile(const char *filename, uint16_t keytable[])
 {
 	FILE *f = fopen(filename, "rb");
 	if(!f) {
 		prnlog("Failed to read from file '%s'", filename);
--- a/client/loclass/ikeys.c
+++ b/client/loclass/ikeys.c
@ -725,7 +725,6 @@ int doTestsWithKnownInputs()
 int readKeyFile(uint8_t key[8])
 {
 	FILE *f;
 	int retval = 1;
 	f = fopen("iclass_key.bin", "rb");
@ -738,7 +737,6 @@ int readKeyFile(uint8_t key[8])
 		fclose(f);
 	}
 	return retval;
 }
--- a/client/lualibs/commands.lua
+++ b/client/lualibs/commands.lua
@ -64,6 +64,7 @@ local _commands = {
 	CMD_ISO_15693_COMMAND_DONE =                                         0x0314,
 	CMD_ISO_15693_FIND_AFI =                                             0x0315,
 	CMD_ISO_15693_DEBUG =                                                0x0316,
 	CMD_LF_SNOOP_RAW_ADC_SAMPLES =                                       0x0317,
 	--// For Hitag2 transponders
 	CMD_SNOOP_HITAG =                                                    0x0370,
@ -80,10 +81,13 @@ local _commands = {
 	CMD_READER_LEGIC_RF =                                                0x0388,
 	CMD_WRITER_LEGIC_RF =                                                0x0389,
 	CMD_EPA_PACE_COLLECT_NONCE =                                         0x038A,
 	--//CMD_EPA_ =                                                         0x038B,
 	CMD_SNOOP_ICLASS =                                                   0x0392,
 	CMD_SIMULATE_TAG_ICLASS =                                            0x0393,
 	CMD_READER_ICLASS =                                                  0x0394,
 	CMD_READER_ICLASS_REPLAY =											 0x0395,
 	CMD_ICLASS_ISO14443A_WRITE =										 0x0397,
 	--// For measurements of the antenna tuning
 	CMD_MEASURE_ANTENNA_TUNING =                                         0x0400,
@ -100,8 +104,11 @@ local _commands = {
 	CMD_MIFARE_EML_MEMSET =                                              0x0602,
 	CMD_MIFARE_EML_MEMGET =                                              0x0603,
 	CMD_MIFARE_EML_CARDLOAD =                                            0x0604,
-	CMD_MIFARE_EML_CSETBLOCK =                                           0x0605,
+	
-	CMD_MIFARE_EML_CGETBLOCK =                                           0x0606,
+	--// magic chinese card commands
 	CMD_MIFARE_CSETBLOCK =                                               0x0605,
 	CMD_MIFARE_CGETBLOCK =                                               0x0606,
 	CMD_MIFARE_CIDENT =                                                  0x0607,
 	CMD_SIMULATE_MIFARE_CARD =                                           0x0610,
@ -109,12 +116,33 @@ local _commands = {
 	CMD_MIFARE_NESTED =                                                  0x0612,
 	CMD_MIFARE_READBL =                                                  0x0620,
 	CMD_MIFAREU_READBL =                                                 0x0720,
 	CMD_MIFARE_READSC =                                                  0x0621,
 	CMD_MIFAREU_READCARD =                                               0x0721,
 	CMD_MIFARE_WRITEBL =                                                 0x0622,
 	CMD_MIFAREU_WRITEBL =                                                0x0722,
 	CMD_MIFAREU_WRITEBL_COMPAT =                                         0x0723,
 	CMD_MIFARE_CHKKEYS =                                                 0x0623,
 	CMD_MIFARE_SNIFFER =                                                 0x0630,
 	--//ultralightC
 	CMD_MIFAREUC_AUTH1 =						                         0x0724,
 	CMD_MIFAREUC_AUTH2 =						                         0x0725,
 	CMD_MIFAREUC_READCARD =		   					                     0x0726,
 	--// mifare desfire
 	CMD_MIFARE_DESFIRE_READBL =                                          0x0728,
 	CMD_MIFARE_DESFIRE_WRITEBL =                                         0x0729,
 	CMD_MIFARE_DESFIRE_AUTH1 =                                           0x072a,
 	CMD_MIFARE_DESFIRE_AUTH2 =                                           0x072b,
 	CMD_MIFARE_DES_READER =                                              0x072c,
 	CMD_MIFARE_DESFIRE_INFO =                                            0x072d,
 	CMD_MIFARE_DESFIRE =                                                 0x072e,
 	CMD_UNKNOWN =                                                        0xFFFF,
 }
@ -185,7 +213,6 @@ function Command:getBytes()
 	local cmd = self.cmd 
 	local arg1, arg2, arg3 = self.arg1, self.arg2, self.arg3
 	return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data);
 end
 return _commands
--- a/client/lualibs/html_dumplib.lua
+++ b/client/lualibs/html_dumplib.lua
@ -47,6 +47,18 @@ local function save_HTML(javascript, filename)
 end
 local function save_TEXT(data,filename)
 	-- Open the output file
 	local outfile = io.open(filename, "wb")
 	if outfile == nil then 
 		return oops(string.format("Could not write to file %s",tostring(filename)))
 	end
 	outfile:write(data)
 	io.close(outfile)
 	return filename   
 end
 local function save_BIN(data, filename)
 	-- Open the output file
@ -181,4 +193,6 @@ return {
 	convert_bin_to_html = convert_bin_to_html,
 	convert_eml_to_html = convert_eml_to_html,
    convert_eml_to_bin = convert_eml_to_bin,	
    SaveAsBinary = save_BIN,
 	SaveAsText = save_TEXT,
 }
--- a/client/lualibs/htmlskel.lua
+++ b/client/lualibs/htmlskel.lua
@ -55,6 +55,7 @@ local skel_1 = [[
 			return "UNKNOWN"
 		}
 		add("04,,,Mifare TNP3xxx Activision 1K,0f01,01");
 		add("04,,,Mifare Mini,0004,09");
 		add("04,,,Mifare Classic 1k/Mifare Plus(4 byte UID) 2K SL1,0004,08");
 		add("04,,,Mifare Plus (4 byte UID) 2K SL2,0004,10");
--- a/client/lualibs/mf_default_keys.lua
+++ b/client/lualibs/mf_default_keys.lua
@ -141,6 +141,24 @@ local _keys = {
 	'200000000000',
 	'a00000000000',
 	'b00000000000',	
 	--[[
    Should be for Mifare TNP3xxx tags A KEY.
    --]]
 	'4b0b20107ccb',
 	--[[
    Kiev metro cards
    --]]	
 	'8fe644038790',
 	'f14ee7cae863',
 	'632193be1c3c',
 	'569369c5a0e5',
 	'9de89e070277',
 	'eff603e1efe9',
 	'644672bd4afe',
 	'b5ff67cba951',
  }
 ---
--- a/client/lualibs/read14a.lua
+++ b/client/lualibs/read14a.lua
@ -25,6 +25,7 @@ local ISO14A_COMMAND = {
 local ISO14443a_TYPES = {}		
 ISO14443a_TYPES[0x00] = "NXP MIFARE Ultralight | Ultralight C"
 ISO14443a_TYPES[0x01] = "NXP MIFARE TNP3xxx Activision Game Appliance"
 ISO14443a_TYPES[0x04] = "NXP MIFARE (various !DESFire !DESFire EV1)"
 ISO14443a_TYPES[0x08] = "NXP MIFARE CLASSIC 1k | Plus 2k"
 ISO14443a_TYPES[0x09] = "NXP MIFARE Mini 0.3k"
--- a/client/nonce2key/crapto1.c
+++ b/client/nonce2key/crapto1.c
@ -549,7 +549,6 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8],
 				free(odd);
 				free(even);
                return 0;
 	}
 	s = statelist;
--- a/client/scripts/formatMifare.lua
+++ b/client/scripts/formatMifare.lua
@ -90,8 +90,10 @@ function GetCardInfo()
 	elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k
 		-- MIFARE Classic mini offers 320 bytes split into five sectors.
 		numSectors = 5
-	elseif  0x10 == result.sak then-- "NXP MIFARE Plus 2k"
+	elseif  0x10 == result.sak then -- NXP MIFARE Plus 2k
 		numSectors = 32
 	elseif  0x01 == sak then        -- NXP MIFARE TNP3xxx 1K
 		numSectors = 16
 	else
 		print("I don't know how many sectors there are on this type of card, defaulting to 16")
 	end	
--- a/client/scripts/mifare_autopwn.lua
+++ b/client/scripts/mifare_autopwn.lua
@ -133,6 +133,8 @@ function nested(key,sak)
 		typ = 0
 	elseif  0x10 == sak then-- "NXP MIFARE Plus 2k"
 		typ = 2
 	elseif  0x01 == sak then-- "NXP MIFARE TNP3xxx 1K"
 		typ = 1
 	else
 		print("I don't know how many sectors there are on this type of card, defaulting to 16")
 	end
--- a/client/util.c
+++ b/client/util.c
@ -13,6 +13,7 @@
 #ifndef _WIN32
 #include <termios.h>
 #include <sys/ioctl.h> 
 int ukbhit(void)
 {
  int cnt = 0;
@ -112,6 +113,19 @@ char * sprint_hex(const uint8_t * data, const size_t len) {
 	return buf;
 }
 char * sprint_bin(const uint8_t * data, const size_t len) {
 	int maxLen = ( len > 1024) ? 1024 : len;
 	static char buf[1024];
 	char * tmp = buf;
 	size_t i;
 	for (i=0; i < maxLen; ++i, ++tmp)
 		sprintf(tmp, "%u", data[i]);
 	return buf;
 }
 void num_to_bytes(uint64_t n, size_t len, uint8_t* dest)
 {
 	while (len--) {
@ -131,6 +145,28 @@ uint64_t bytes_to_num(uint8_t* src, size_t len)
 	return num;
 }
 //assumes little endian
 char * printBits(size_t const size, void const * const ptr)
 {
    unsigned char *b = (unsigned char*) ptr;	
    unsigned char byte;
 	static char buf[1024];
 	char * tmp = buf;
    int i, j;
    for (i=size-1;i>=0;i--)
    {
        for (j=7;j>=0;j--)
        {
            byte = b[i] & (1<<j);
            byte >>= j;
            sprintf(tmp, "%u", byte);
 			tmp++;
        }
    }
 	return buf;
 }
 //  -------------------------------------------------------------------------
 //  string parameters lib
 //  -------------------------------------------------------------------------
@ -248,3 +284,102 @@ int param_getstr(const char *line, int paramnum, char * str)
 	return en - bg + 1;
 }
 /*
 The following methods comes from Rfidler sourcecode.
 https://github.com/ApertureLabsLtd/RFIDler/blob/master/firmware/Pic32/RFIDler.X/src/
 */
 // convert hex to sequence of 0/1 bit values
 // returns number of bits converted
 int hextobinarray(char *target, char *source)
 {
    int length, i, count= 0;
    char x;
    length = strlen(source);
    // process 4 bits (1 hex digit) at a time
    while(length--)
    {
        x= *(source++);
        // capitalize
        if (x >= 'a' && x <= 'f')
            x -= 32;
        // convert to numeric value
        if (x >= '0' && x <= '9')
            x -= '0';
        else if (x >= 'A' && x <= 'F')
            x -= 'A' - 10;
        else
            return 0;
        // output
        for(i= 0 ; i < 4 ; ++i, ++count)
            *(target++)= (x >> (3 - i)) & 1;
    }
    return count;
 }
 // convert hex to human readable binary string
 int hextobinstring(char *target, char *source)
 {
    int length;
    if(!(length= hextobinarray(target, source)))
        return 0;
    binarraytobinstring(target, target, length);
    return length;
 }
 // convert binary array of 0x00/0x01 values to hex (safe to do in place as target will always be shorter than source)
 // return number of bits converted
 int binarraytohex(char *target, char *source, int length)
 {
    unsigned char i, x;
    int j = length;
    if(j % 4)
        return 0;
    while(j)
    {
        for(i= x= 0 ; i < 4 ; ++i)
            x +=  ( source[i] << (3 - i));
        sprintf(target,"%X", x);
        ++target;
        source += 4;
        j -= 4;
    }
    return length;
 }
 // convert binary array to human readable binary
 void binarraytobinstring(char *target, char *source,  int length)
 {
    int i;
    for(i= 0 ; i < length ; ++i)
        *(target++)= *(source++) + '0';
    *target= '\0';
 }
 // return parity bit required to match type
 uint8_t GetParity( char *bits, uint8_t type, int length)
 {
    int x;
    for(x= 0 ; length > 0 ; --length)
        x += bits[length - 1];
    x %= 2;
    return x ^ type;
 }
 // add HID parity to binary array: EVEN prefix for 1st half of ID, ODD suffix for 2nd half
 void wiegand_add_parity(char *target, char *source, char length)
 {
    *(target++)= GetParity(source, EVEN, length / 2);
    memcpy(target, source, length);
    target += length;
    *(target)= GetParity(source + length / 2, ODD, length / 2);
 }
--- a/client/util.h
+++ b/client/util.h
@ -15,6 +15,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <time.h>
 #include "data.h"
 #ifndef MIN
 # define MIN(a, b) (((a) < (b)) ? (a) : (b))
@ -22,6 +23,10 @@
 #ifndef MAX
 # define MAX(a, b) (((a) > (b)) ? (a) : (b))
 #endif
 #define TRUE                        1
 #define FALSE                       0
 #define EVEN                        0
 #define ODD                         1
 int ukbhit(void);
@ -33,9 +38,11 @@ void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount);
 void print_hex(const uint8_t * data, const size_t len);
 char * sprint_hex(const uint8_t * data, const size_t len);
 char * sprint_bin(const uint8_t * data, const size_t len);
 void num_to_bytes(uint64_t n, size_t len, uint8_t* dest);
 uint64_t bytes_to_num(uint8_t* src, size_t len);
 char * printBits(size_t const size, void const * const ptr);
 char param_getchar(const char *line, int paramnum);
 uint8_t param_get8(const char *line, int paramnum);
@ -45,3 +52,10 @@ uint64_t param_get64ex(const char *line, int paramnum, int deflt, int base);
 int param_gethex(const char *line, int paramnum, uint8_t * data, int hexcnt);
 int param_getstr(const char *line, int paramnum, char * str);
 int hextobinarray( char *target,  char *source);
 int hextobinstring( char *target,  char *source);
 int binarraytohex( char *target,  char *source,  int length);
 void binarraytobinstring(char *target,  char *source,  int length);
 uint8_t GetParity( char *string, uint8_t type,  int length);
 void wiegand_add_parity(char *target, char *source, char length);
--- a/common/Makefile.common
+++ b/common/Makefile.common
@ -54,7 +54,8 @@ DELETE=del /q
 MOVE=ren
 COPY=copy
 PATHSEP=\\#
-FLASH_TOOL=winsrc\\prox.exe
+#FLASH_TOOL=winsrc\\prox.exe
 FLASH_TOOL=winsrc\\flash.exe
 DETECTED_OS=Windows
 endif
@ -67,6 +68,7 @@ INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gp
 CFLAGS =  -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) -Os
 LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n
 LIBS = -lgcc
 THUMBOBJ = $(patsubst %.c,$(OBJDIR)/%.o,$(THUMBSRC))
--- a/common/cmd.c
+++ b/common/cmd.c
@ -34,8 +34,6 @@
 #include "string.h"
 #include "proxmark3.h"
 //static UsbCommand txcmd;
 bool cmd_receive(UsbCommand* cmd) {
  // Check if there is a usb packet available
--- a/common/crc16.c
+++ b/common/crc16.c
@ -8,6 +8,7 @@
 #include "crc16.h"
 unsigned short update_crc16( unsigned short crc, unsigned char c )
 {
  unsigned short i, v, tcrc = 0;
@ -20,3 +21,25 @@ unsigned short update_crc16( unsigned short crc, unsigned char c )
  return ((crc >> 8) ^ tcrc)&0xffff;
 }
 uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial) {
 	if (length == 0)
        return (~remainder);
    for (int byte = 0; byte < length; ++byte) {
        remainder ^= (message[byte] << 8);
        for (uint8_t bit = 8; bit > 0; --bit) {
            if (remainder & 0x8000) {
                remainder = (remainder << 1) ^ polynomial;
            } else {
                remainder = (remainder << 1);
            }
        }
    }
    return remainder;
 }
 uint16_t crc16_ccitt(uint8_t const *message, int length) {
    return crc16(message, length, 0xffff, 0x1021);
 }
--- a/common/crc16.h
+++ b/common/crc16.h
@ -5,10 +5,11 @@
 //-----------------------------------------------------------------------------
 // CRC16
 //-----------------------------------------------------------------------------
 #include <stdint.h>
 #ifndef __CRC16_H
 #define __CRC16_H
 unsigned short update_crc16(unsigned short crc, unsigned char c);
-
+uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial);
 uint16_t crc16_ccitt(uint8_t const *message, int length);
 #endif
--- a/common/usb_cdc.c
+++ b/common/usb_cdc.c
@ -223,7 +223,6 @@ byte_t btReceiveBank   = AT91C_UDP_RX_DATA_BK0;
 void usb_disable() {
  // Disconnect the USB device
  AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU;
 //  SpinDelay(100);
  // Clear all lingering interrupts
  if(pUdp->UDP_ISR & AT91C_UDP_ENDBUSRES) {
@ -257,7 +256,6 @@ void usb_enable() {
  // Wait for a short while
  for (volatile size_t i=0; i<0x100000; i++);
 //  SpinDelay(100);
  // Reconnect USB reconnect
  AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU;
@ -304,8 +302,7 @@ uint32_t usb_read(byte_t* data, size_t len) {
 	uint32_t packetSize, nbBytesRcv = 0;
  uint32_t time_out = 0;
-	while (len)
+	while (len)  {
  {
 		if (!usb_check()) break;
 		if ( pUdp->UDP_CSR[AT91C_EP_OUT] & bank ) {
@ -314,8 +311,7 @@ uint32_t usb_read(byte_t* data, size_t len) {
 			while(packetSize--)
 				data[nbBytesRcv++] = pUdp->UDP_FDR[AT91C_EP_OUT];
 			pUdp->UDP_CSR[AT91C_EP_OUT] &= ~(bank);
-			if (bank == AT91C_UDP_RX_DATA_BK0)
+			if (bank == AT91C_UDP_RX_DATA_BK0) {
      {
 				bank = AT91C_UDP_RX_DATA_BK1;
      } else {
 				bank = AT91C_UDP_RX_DATA_BK0;
--- a/include/at91sam7s512.h
+++ b/include/at91sam7s512.h
@ -428,7 +428,7 @@ typedef struct _AT91S_PIO {
 #define PIO_PDR         (AT91_CAST(AT91_REG *) 	0x00000004) // (PIO_PDR) PIO Disable Register
 #define PIO_PSR         (AT91_CAST(AT91_REG *) 	0x00000008) // (PIO_PSR) PIO Status Register
 #define PIO_OER         (AT91_CAST(AT91_REG *) 	0x00000010) // (PIO_OER) Output Enable Register
-#define PIO_ODR         (AT91_CAST(AT91_REG *) 	0x00000014) // (PIO_ODR) Output Disable Registerr
+#define PIO_ODR         (AT91_CAST(AT91_REG *) 	0x00000014) // (PIO_ODR) Output Disable Register
 #define PIO_OSR         (AT91_CAST(AT91_REG *) 	0x00000018) // (PIO_OSR) Output Status Register
 #define PIO_IFER        (AT91_CAST(AT91_REG *) 	0x00000020) // (PIO_IFER) Input Filter Enable Register
 #define PIO_IFDR        (AT91_CAST(AT91_REG *) 	0x00000024) // (PIO_IFDR) Input Filter Disable Register
--- a/include/proxmark3.h
+++ b/include/proxmark3.h
@ -14,6 +14,7 @@
 // Might as well have the hardware-specific defines everywhere.
 #include "at91sam7s512.h"
 #include "config_gpio.h"
 #include "usb_cmd.h"
 #define WDT_HIT()								AT91C_BASE_WDTC->WDTC_WDCR = 0xa5000001
@ -67,8 +68,6 @@
 #define TRUE 1
 #define FALSE 0
 #include <usb_cmd.h>
 //#define PACKED __attribute__((__packed__))
 #define LED_A_ON()		HIGH(GPIO_LED_A)
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@ -150,8 +150,10 @@ typedef struct {
 #define CMD_MIFARE_READBL                                                 0x0620
 #define CMD_MIFAREU_READBL						  0x0720
 #define CMD_MIFARE_READSC                                                 0x0621
 #define CMD_MIFAREU_READCARD						  0x0721
 #define CMD_MIFARE_WRITEBL                                                0x0622
 #define CMD_MIFAREU_WRITEBL						                          0x0722
 #define CMD_MIFAREU_WRITEBL_COMPAT					                      0x0723