mifarehost.c resolved

2025-08-22 22:23:38 -07:00 · 2017-09-19 17:34:20 +03:00 · 2017-09-19 17:34:20 +03:00 · 54b6bd1eef
commit 54b6bd1eef
parent 997f1e4886 08b7cd17a5
42 changed files with 251 additions and 1882 deletions
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@ -19,7 +19,7 @@ SRC_LF = lfops.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c protocols.c
 SRC_ISO15693 = iso15693.c iso15693tools.c
 SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
 SRC_ISO14443b = iso14443b.c
-SRC_CRAPTO1 = crypto1.c des.c aes.c
+SRC_CRAPTO1 = crypto1.c des.c
 SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c parity.c
 #the FPGA bitstream files. Note: order matters!
--- a/armsrc/aes.c
+++ b/armsrc/aes.c
--- a/armsrc/aes.h
+++ b/armsrc/aes.h
@ -1,30 +0,0 @@
 /*
 * AES Cryptographic Algorithm Header File. Include this header file in
 * your source which uses these given APIs. (This source is kept under
 * public domain)
 */
 // AES context structure
 typedef struct {
 unsigned int Ek[60];
 unsigned int Dk[60];
 unsigned int Iv[4];
 unsigned char Nr;
 unsigned char Mode;
 } AesCtx;
 // key length in bytes
 #define KEY128 16
 #define KEY192 24
 #define KEY256 32
 // block size in bytes
 #define BLOCKSZ 16
 // mode
 #define EBC 0
 #define CBC 1
 // AES API function prototype
 int AesCtxIni(AesCtx *pCtx, unsigned char *pIV, unsigned char *pKey, unsigned int KeyLen, unsigned char Mode);
 int AesEncrypt(AesCtx *pCtx, unsigned char *pData, unsigned char *pCipher, unsigned int DataLen);
 int AesDecrypt(AesCtx *pCtx, unsigned char *pCipher, unsigned char *pData, unsigned int CipherLen);
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -1294,6 +1294,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 		case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
 			// iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before.
 			// to be able to use this one for uploading data to device 
 			// arg1 = 0 upload for LF usage 
 			//        1 upload for HF usage
 			if (c->arg[1] == 0)
 				FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 			else
 				FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 			uint8_t *b = BigBuf_get_addr();
 			memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
 			cmd_send(CMD_ACK,0,0,0,0,0);
--- a/armsrc/des.c
+++ b/armsrc/des.c
@ -1,437 +0,0 @@
 /* des.c */
 /*
    This file is part of the ARM-Crypto-Lib.
    Copyright (C) 2006-2010  Daniel Otte (daniel.otte@rub.de)
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 /**
 * \file     des.c
 * \author   Daniel Otte
 * \email    daniel.otte@rub.de
 * \date     2007-06-16
 * \brief    DES and EDE-DES implementation
 * \license	 GPLv3 or later
 * 
 */
 #include <stdint.h>
 #include "string.h"
 const uint8_t sbox[256]  = {
  /* S-box 1 */
  0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07,
  0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38,
  0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50,
  0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D,
  /* S-box 2 */
  0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A,
  0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5,
  0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F,
  0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9,
  /* S-box 3 */
  0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28,
  0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1,
  0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7,
  0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C,
  /* S-box 4 */
  0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F,
  0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9,
  0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84,
  0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E,
  /* S-box 5 */
  0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9,
  0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86,
  0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E,
  0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53,
  /* S-box 6 */
  0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B,
  0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38,
  0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6,
  0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D,
  /* S-box 7 */
  0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61,
  0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86,
  0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92,
  0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C,
  /* S-box 8 */
  0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7,
  0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92,
  0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58,
  0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B
 };
 const uint8_t e_permtab[] ={
 	 4,  6, 					/* 4 bytes in 6 bytes out*/
 	32,  1,  2,  3,  4,  5,
 	 4,  5,  6,  7,  8,  9,
 	 8,  9, 10, 11, 12, 13,
 	12, 13, 14, 15, 16, 17,
 	16, 17, 18, 19, 20, 21,
 	20, 21, 22, 23, 24, 25,
 	24, 25, 26, 27, 28, 29,
 	28, 29, 30, 31, 32,  1
 };
 const uint8_t p_permtab[] ={
 	 4,  4,						/* 32 bit -> 32 bit */
 	16,  7, 20, 21,
 	29, 12, 28, 17,
 	 1, 15, 23, 26,
 	 5, 18, 31, 10,
 	 2,  8, 24, 14,
 	32, 27,  3,  9,
 	19, 13, 30,  6,
 	22, 11,  4, 25
 };
 const uint8_t ip_permtab[] ={
 	 8,  8,						/* 64 bit -> 64 bit */
 	58, 50, 42, 34, 26, 18, 10, 2,
 	60, 52, 44, 36, 28, 20, 12, 4,
 	62, 54, 46, 38, 30, 22, 14, 6,
 	64, 56, 48, 40, 32, 24, 16, 8,
 	57, 49, 41, 33, 25, 17,  9, 1,
 	59, 51, 43, 35, 27, 19, 11, 3,
 	61, 53, 45, 37, 29, 21, 13, 5,
 	63, 55, 47, 39, 31, 23, 15, 7
 };
 const uint8_t inv_ip_permtab[] ={
 	 8, 8,						/* 64 bit -> 64 bit */
 	40, 8, 48, 16, 56, 24, 64, 32,
 	39, 7, 47, 15, 55, 23, 63, 31,
 	38, 6, 46, 14, 54, 22, 62, 30,
 	37, 5, 45, 13, 53, 21, 61, 29,
 	36, 4, 44, 12, 52, 20, 60, 28,
 	35, 3, 43, 11, 51, 19, 59, 27,
 	34, 2, 42, 10, 50, 18, 58, 26,
 	33, 1, 41,  9, 49, 17, 57, 25
 };
 const uint8_t pc1_permtab[] ={
 	 8,  7, 					/* 64 bit -> 56 bit*/
 	57, 49, 41, 33, 25, 17,  9,
 	 1, 58, 50, 42, 34, 26, 18,
 	10,  2, 59, 51, 43, 35, 27,
 	19, 11,  3, 60, 52, 44, 36,
 	63, 55, 47, 39, 31, 23, 15,
 	 7, 62, 54, 46, 38, 30, 22,
 	14,  6, 61, 53, 45, 37, 29,
 	21, 13,  5, 28, 20, 12,  4
 };
 const uint8_t pc2_permtab[] ={
 	 7,	 6, 					/* 56 bit -> 48 bit */
 	14, 17, 11, 24,  1,  5,
 	 3, 28, 15,  6, 21, 10,
 	23, 19, 12,  4, 26,  8,
 	16,  7, 27, 20, 13,  2,
 	41, 52, 31, 37, 47, 55,
 	30, 40, 51, 45, 33, 48,
 	44, 49, 39, 56, 34, 53,
 	46, 42, 50, 36, 29, 32
 };
 const uint8_t splitin6bitword_permtab[] = {
 	 8,  8, 					/* 64 bit -> 64 bit */
 	64, 64,  1,  6,  2,  3,  4,  5, 
 	64, 64,  7, 12,  8,  9, 10, 11, 
 	64, 64, 13, 18, 14, 15, 16, 17, 
 	64, 64, 19, 24, 20, 21, 22, 23, 
 	64, 64, 25, 30, 26, 27, 28, 29, 
 	64, 64, 31, 36, 32, 33, 34, 35, 
 	64, 64, 37, 42, 38, 39, 40, 41, 
 	64, 64, 43, 48, 44, 45, 46, 47 
 };
 const uint8_t shiftkey_permtab[] = {
 	 7,  7, 					/* 56 bit -> 56 bit */
 	 2,  3,  4,  5,  6,  7,  8,  9,
 	10, 11, 12, 13, 14, 15, 16, 17,
 	18, 19, 20, 21, 22, 23, 24, 25, 
 	26, 27, 28,  1, 
 	30, 31, 32, 33, 34, 35, 36, 37, 
 	38, 39, 40, 41, 42, 43, 44, 45, 
 	46, 47, 48, 49, 50, 51, 52, 53, 
 	54, 55, 56, 29
 };
 const uint8_t shiftkeyinv_permtab[] = {
 	 7,  7,
 	28,  1,  2,  3,  4,  5,  6,  7,
 	 8,  9, 10, 11, 12, 13, 14, 15,
 	16, 17, 18, 19, 20, 21, 22, 23,
 	24, 25, 26, 27,
 	56, 29, 30, 31, 32, 33, 34, 35, 
 	36, 37, 38, 39, 40, 41, 42, 43, 
 	44, 45, 46, 47, 48, 49, 50, 51, 
 	52, 53, 54, 55
 };
 /*
 1 0
 1 0
 2 1
 2 1
 2 1
 2 1
 2 1
 2 1
 ----
 1 0
 2 1
 2 1
 2 1
 2 1
 2 1
 2 1
 1 0
 */
 #define ROTTABLE      0x7EFC 
 #define ROTTABLE_INV  0x3F7E
 /******************************************************************************/
 void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out){
 	uint8_t ob; /* in-bytes and out-bytes */
 	uint8_t byte, bit; /* counter for bit and byte */
 	ob = ptable[1];
 	ptable = &(ptable[2]);
 	for(byte=0; byte<ob; ++byte){
 		uint8_t x,t=0;
 		for(bit=0; bit<8; ++bit){
 			x=*ptable++ -1 ;
 				t<<=1;
 			if((in[x/8]) & (0x80>>(x%8)) ){
 				t|=0x01;
 			}
 		}
 		out[byte]=t;
 	}
 }
 /******************************************************************************/
 void changeendian32(uint32_t * a){
 	*a = (*a & 0x000000FF) << 24 |
 		 (*a & 0x0000FF00) <<  8 |
 		 (*a & 0x00FF0000) >>  8 |
 		 (*a & 0xFF000000) >> 24;
 }
 /******************************************************************************/
 static inline
 void shiftkey(uint8_t *key){
 	uint8_t k[7];
 	memcpy(k, key, 7);
 	permute((uint8_t*)shiftkey_permtab, k, key);	
 }
 /******************************************************************************/
 static inline
 void shiftkey_inv(uint8_t *key){
 	uint8_t k[7];
 	memcpy(k, key, 7);
 	permute((uint8_t*)shiftkeyinv_permtab, k, key);
 }
 /******************************************************************************/
 static inline
 uint64_t splitin6bitwords(uint64_t a){
 	uint64_t ret=0;
 	a &= 0x0000ffffffffffffLL;
 	permute((uint8_t*)splitin6bitword_permtab, (uint8_t*)&a, (uint8_t*)&ret);	
 	return ret;
 }
 /******************************************************************************/
 static inline
 uint8_t substitute(uint8_t a, uint8_t * sbp){
 	uint8_t x;	
 	x = sbp[a>>1];
 	x = (a&1)?x&0x0F:x>>4;
 	return x;
 }
 /******************************************************************************/
 uint32_t des_f(uint32_t r, uint8_t* kr){
 	uint8_t i;
 	uint32_t t=0,ret;
 	uint64_t data;
 	uint8_t *sbp; /* sboxpointer */ 
 	permute((uint8_t*)e_permtab, (uint8_t*)&r, (uint8_t*)&data);
 	for(i=0; i<6; ++i)
 		((uint8_t*)&data)[i] ^= kr[i];
 	/* Sbox substitution */
 	data = splitin6bitwords(data);
 	sbp=(uint8_t*)sbox;
 	for(i=0; i<8; ++i){
 		uint8_t x;
 		x = substitute(((uint8_t*)&data)[i], sbp);
 		t<<=4;
 		t |= x;
 		sbp += 32;
 	}
 	changeendian32(&t);
 	permute((uint8_t*)p_permtab,(uint8_t*)&t, (uint8_t*)&ret);
 	return ret;
 }
 /******************************************************************************/
 void des_enc(void* out, const void* in, const void* key){
 #define R *((uint32_t*)&(data[4]))
 #define L *((uint32_t*)&(data[0]))
 	uint8_t data[8],kr[6],k[7];
 	uint8_t i;
 	permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
 	permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
 	for(i=0; i<8; ++i){
 		shiftkey(k);
 		if(ROTTABLE&((1<<((i<<1)+0))) )
 			shiftkey(k);
 		permute((uint8_t*)pc2_permtab, k, kr);
 		L ^= des_f(R, kr);
 		shiftkey(k);
 		if(ROTTABLE&((1<<((i<<1)+1))) )
 			shiftkey(k);
 		permute((uint8_t*)pc2_permtab, k, kr);
 		R ^= des_f(L, kr);
 	}
 	/* L <-> R*/
 	R ^= L;
 	L ^= R;
 	R ^= L;
 	permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
 }
 /******************************************************************************/
 void des_dec(void* out, const void* in, const uint8_t* key){
 #define R *((uint32_t*)&(data[4]))
 #define L *((uint32_t*)&(data[0]))
 	uint8_t data[8],kr[6],k[7];
 	int8_t i;
 	permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
 	permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
 	for(i=7; i>=0; --i){
 		permute((uint8_t*)pc2_permtab, k, kr);
 		L ^= des_f(R, kr);
 		shiftkey_inv(k);
 		if(ROTTABLE&((1<<((i<<1)+1))) ){
 			shiftkey_inv(k);
 		}
 		permute((uint8_t*)pc2_permtab, k, kr);
 		R ^= des_f(L, kr);
 		shiftkey_inv(k);
 		if(ROTTABLE&((1<<((i<<1)+0))) ){
 			shiftkey_inv(k);
 		}
 	}
 	/* L <-> R*/
 	R ^= L;
 	L ^= R;
 	R ^= L;
 	permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
 }
 /******************************************************************************/
 void tdes_enc(void* out, void* in, const void* key){
 	des_enc(out,  in, (uint8_t*)key + 0);
 	des_dec(out, out, (uint8_t*)key + 8);
 	des_enc(out, out, (uint8_t*)key +16);
 }
 /******************************************************************************/
 void tdes_dec(void* out, void* in, const uint8_t* key){
 	des_dec(out,  in, (uint8_t*)key +16);
 	des_enc(out, out, (uint8_t*)key + 8);
 	des_dec(out, out, (uint8_t*)key + 0);
 }
 void tdes_2key_enc(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]){
 	if( length % 8 ) return; 
 	uint8_t i;
 	uint8_t* tin = (uint8_t*) in;
 	uint8_t* tout = (uint8_t*) out;
 	while( length > 0 )
 	{
 		for ( i = 0; i < 8; i++ )
 			tout[i] = (unsigned char)(tin[i] ^ iv[i]);
 		des_enc(tout,  tin, (uint8_t*)key + 0);
 		des_dec(tout, tout, (uint8_t*)key + 8);
 		des_enc(tout, tout, (uint8_t*)key + 0);
 		memcpy(iv, tout, 8);
 		tin  += 8;
 		tout += 8;
 		length -= 8;
 	}
 }
 void tdes_2key_dec(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]){
 	if( length % 8 ) return; 
 	uint8_t i;
 	unsigned char temp[8];
 	uint8_t* tin = (uint8_t*) in;
 	uint8_t* tout = (uint8_t*) out;
 	while( length > 0 )
 	{
 		memcpy(temp, tin, 8);
 		des_dec(tout,  tin, (uint8_t*)key + 0);
 		des_enc(tout, tout, (uint8_t*)key + 8);
 		des_dec(tout, tout, (uint8_t*)key + 0);	 	 
 		for (i = 0; i < 8; i++)
 			tout[i] = (unsigned char)(tout[i] ^ iv[i]);
 		memcpy(iv, temp, 8);
 		tin  += 8;
 		tout += 8;
 		length -= 8;
 	}
 }
 /******************************************************************************/
--- a/armsrc/des.h
+++ b/armsrc/des.h
@ -1,110 +0,0 @@
 /* des.h */
 /*
    This file is part of the ARM-Crypto-Lib.
    Copyright (C) 2008  Daniel Otte (daniel.otte@rub.de)
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 /**
 * \file	des.h
 * \author	Daniel Otte 
 * \date	2007-06-16
 * \brief 	des and tdes declarations
 * \license	GPLv3 or later
 * 
 */
 #ifndef DES_H_
 #define DES_H_
 /* the FIPS 46-3 (1999-10-25) name for triple DES is triple data encryption algorithm so TDEA.
 * Also we only implement the three key mode  */
 /** \def tdea_enc
 * \brief defining an alias for void tdes_enc(void* out, const void* in, const void* key)
 */
 /** \def tdea_dec
 * \brief defining an alias for void tdes_dec(void* out, const void* in, const void* key)
 */
 #define tdea_enc tdes_enc
 #define tdea_dec tdes_dec
 /** \fn void des_enc(void* out, const void* in, const void* key)
 * \brief encrypt a block with DES
 * 
 * This function encrypts a block of 64 bits (8 bytes) with the DES algorithm.
 * Key expansion is done automatically. The key is 64 bits long, but note that
 * only 56 bits are used (the LSB of each byte is dropped). The input and output
 * blocks may overlap.
 * 
 * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to
 * \param in  pointer to the block (64 bit = 8 byte) where the plaintext is read from
 * \param key pointer to the key (64 bit = 8 byte)
 */
 void des_enc(void* out, const void* in, const void* key);
 /** \fn void des_dec(void* out, const void* in, const void* key)
 * \brief decrypt a block with DES
 * 
 * This function decrypts a block of 64 bits (8 bytes) with the DES algorithm.
 * Key expansion is done automatically. The key is 64 bits long, but note that
 * only 56 bits are used (the LSB of each byte is dropped). The input and output
 * blocks may overlap.
 * 
 * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to
 * \param in  pointer to the block (64 bit = 8 byte) where the ciphertext is read from
 * \param key pointer to the key (64 bit = 8 byte)
 */
 void des_dec(void* out, const void* in, const void* key);
 /** \fn void tdes_enc(void* out, const void* in, const void* key)
 * \brief encrypt a block with Tripple-DES
 * 
 * This function encrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE)
 * algorithm. Key expansion is done automatically. The key is 192 bits long, but
 * note that only 178 bits are used (the LSB of each byte is dropped). The input
 * and output blocks may overlap.
 * 
 * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to
 * \param in  pointer to the block (64 bit = 8 byte) where the plaintext is read from
 * \param key pointer to the key (192 bit = 24 byte)
 */
 void tdes_enc(void* out, const void* in, const void* key);
 /** \fn void tdes_dec(void* out, const void* in, const void* key)
 * \brief decrypt a block with Tripple-DES
 * 
 * This function decrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE)
 * algorithm. Key expansion is done automatically. The key is 192 bits long, but
 * note that only 178 bits are used (the LSB of each byte is dropped). The input
 * and output blocks may overlap.
 * 
 * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to
 * \param in  pointer to the block (64 bit = 8 byte) where the ciphertext is read from
 * \param key pointer to the key (192 bit = 24 byte)
 */
 void tdes_dec(void* out, const void* in, const void* key);
 void tdes_2key_enc(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]);
 void tdes_2key_dec(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]);
 #endif /*DES_H_*/
 // Copied from des.h in desfire imp.
 typedef unsigned long DES_KS[16][2];   /* Single-key DES key schedule */
 typedef unsigned long DES3_KS[48][2];  /* Triple-DES key schedule */
 extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */
--- a/armsrc/fpgaloader.h
+++ b/armsrc/fpgaloader.h
@ -58,6 +58,7 @@ void SetAdcMuxFor(uint32_t whichGpio);
 // Options for the HF reader, correlating against rx from tag
 #define FPGA_HF_READER_RX_XCORR_848_KHZ				(1<<0)
 #define FPGA_HF_READER_RX_XCORR_SNOOP				(1<<1)
 #define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ		(1<<2)
 // Options for the HF simulated tag, how to modulate
 #define FPGA_HF_SIMULATOR_NO_MODULATION				(0<<0)
 #define FPGA_HF_SIMULATOR_MODULATE_BPSK				(1<<0)
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -2352,18 +2352,6 @@ void ReaderMifare(bool first_try)
 	set_tracing(false);
 }
 typedef struct {
  uint32_t cuid;
  uint8_t  sector;
  uint8_t  keytype;
  uint32_t nonce;
  uint32_t ar;
  uint32_t nr;
  uint32_t nonce2;
  uint32_t ar2;
  uint32_t nr2;
 } nonces_t;
 /**
  *MIFARE 1K simulate.
  *
@ -2562,7 +2550,10 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 				LED_A_ON();
 			}
 		}
-		if (cardSTATE == MFEMUL_NOFIELD) continue;
+		if (cardSTATE == MFEMUL_NOFIELD) {
 			button_pushed = BUTTON_PRESS();
 			continue;
 		}
 		//Now, get data
 		res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -387,7 +387,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
 	int i;
 	uint8_t *tab = BigBuf_get_addr();
-	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+	//note FpgaDownloadAndGo destroys the bigbuf so be sure this is called before now...
 	//FpgaDownloadAndGo(FPGA_BITSTREAM_LF);  
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
 	AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK;
@ -401,13 +402,19 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
 	i = 0;
 	for(;;) {
 		//wait until SSC_CLK goes HIGH
 		int ii = 0;
 		while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
-			if(BUTTON_PRESS() || (usb_poll_validate_length() )) {
+			//only check every 1000th time (usb_poll_validate_length on some systems was too slow)
 			if ( ii == 1000 ) {
 				if (BUTTON_PRESS() || usb_poll_validate_length() ) {
 					FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 					DbpString("Stopped");
 					return;
 				}
 				ii=0;
 			}
 			WDT_HIT();
 			ii++;
 		}
 		if (ledcontrol)
 			LED_D_ON();
@ -419,14 +426,20 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
 		if (ledcontrol)
 			LED_D_OFF();
 		ii=0;
 		//wait until SSC_CLK goes LOW
 		while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
-			if(BUTTON_PRESS() || (usb_poll_validate_length() )) {
+			//only check every 1000th time (usb_poll_validate_length on some systems was too slow)
-				DbpString("Stopped");
+			if ( ii == 1000 ) { 
 				if (BUTTON_PRESS() || usb_poll_validate_length() ) {
 					FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 					DbpString("Stopped");
 					return;
 				}
 				ii=0;
 			}
 			WDT_HIT();
 			ii++;
 		}
 		i++;
@ -545,6 +558,9 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
 		DbpString("Tags can only have 44 bits. - USE lf simfsk for larger tags");
 		return;
 	}
 	// set LF so we don't kill the bigbuf we are setting with simulation data.
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	fc(0,&n);
 	// special start of frame marker containing invalid bit sequences
 	fc(8,  &n);	fc(8,  &n); // invalid
@ -595,6 +611,9 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
 	uint8_t clk = arg2 & 0xFF;
 	uint8_t invert = (arg2 >> 8) & 1;
 	// set LF so we don't kill the bigbuf we are setting with simulation data.
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	for (i=0; i<size; i++){
 		if (BitStream[i] == invert){
 			fcAll(fcLow, &n, clk, &modCnt);
@ -670,6 +689,9 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
 	uint8_t separator = arg2 & 1;
 	uint8_t invert = (arg2 >> 8) & 1;
 	// set LF so we don't kill the bigbuf we are setting with simulation data.
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	if (encoding==2){  //biphase
 		uint8_t phase=0;
 		for (i=0; i<size; i++){
@ -741,6 +763,9 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
 	uint8_t carrier = arg1 & 0xFF;
 	uint8_t invert = arg2 & 0xFF;
 	uint8_t curPhase = 0;
 	// set LF so we don't kill the bigbuf we are setting with simulation data.
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 	for (i=0; i<size; i++){
 		if (BitStream[i] == curPhase){
 			pskSimBit(carrier, &n, clk, &curPhase, FALSE);
@ -1392,10 +1417,10 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
 	//Program the 7 data blocks for supplied 224bit UID
 	uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
 	// and the block 0 for Indala224 format	
-	//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
+	//Config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
-	data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
+	data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
 	//TODO add selection of chip for Q5 or T55x7
-	// data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT;
+	// data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK2 | 7 << T5555_MAXBLOCK_SHIFT;
 	WriteT55xx(data, 0, 8);
 	//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
 	//	T5567WriteBlock(0x603E10E2,0);
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@ -9,17 +9,17 @@
 // Work with mifare cards.
 //-----------------------------------------------------------------------------
 #include <string.h>
 #include "mifareutil.h"
 #include "proxmark3.h"
 #include "apps.h"
 #include "util.h"
 #include "parity.h"
 #include "string.h"
 #include "iso14443crc.h"
 #include "iso14443a.h"
 #include "crapto1/crapto1.h"
-#include "des.h"
+#include "polarssl/des.h"
 int MF_DBGLEVEL = MF_DBG_ALL;
@ -290,6 +290,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
 	/// 3des2k
 	des3_context ctx = { 0x00 };
 	uint8_t random_a[8] = {1,1,1,1,1,1,1,1};
 	uint8_t random_b[8] = {0x00};
 	uint8_t enc_random_b[8] = {0x00};
@ -313,7 +314,16 @@ int mifare_ultra_auth(uint8_t *keybytes){
 	memcpy(enc_random_b,resp+1,8);
 	// decrypt nonce.
-	tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );
+	// tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );
 	des3_set2key_dec(&ctx, key);
 	des3_crypt_cbc(&ctx  	// des3_context
 		, DES_DECRYPT    	// int mode
 		, sizeof(random_b)	// length
 		, IV            	// iv[8]
 		, enc_random_b		// input
 		, random_b			// output
 		);
 	rol(random_b,8);
 	memcpy(rnd_ab  ,random_a,8);
 	memcpy(rnd_ab+8,random_b,8);
@ -333,7 +343,16 @@ int mifare_ultra_auth(uint8_t *keybytes){
 	}
 	// encrypt    out, in, length, key, iv
-	tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);
+	//tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);
 	des3_set2key_enc(&ctx, key);
 	des3_crypt_cbc(&ctx  	// des3_context
 		, DES_ENCRYPT    	// int mode
 		, sizeof(rnd_ab)	// length
 		, enc_random_b     	// iv[8]
 		, rnd_ab			// input
 		, rnd_ab			// output
 		);
 	//len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);
 	len = mifare_sendcmd(0xAF, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL);
 	if (len != 11) {
@ -346,7 +365,15 @@ int mifare_ultra_auth(uint8_t *keybytes){
 	memcpy(enc_resp, resp+1, 8);
 	// decrypt    out, in, length, key, iv 
-	tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);
+	// tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);
 	des3_set2key_dec(&ctx, key);
 	des3_crypt_cbc(&ctx  	// des3_context
 		, DES_DECRYPT    	// int mode
 		, 8					// length
 		, enc_random_b     	// iv[8]
 		, enc_resp			// input
 		, resp_random_a		// output
 		);
 	if ( memcmp(resp_random_a, random_a, 8) != 0 ) {
 		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");
 		return 0;
--- a/client/Makefile
+++ b/client/Makefile
@ -85,10 +85,11 @@ CORESRCS = 	uart_posix.c \
 CMDSRCS = 	crapto1/crapto1.c\
 			crapto1/crypto1.c\
 			polarssl/des.c \
 			polarssl/aes.c\
 			mfkey.c\
 			loclass/cipher.c \
 			loclass/cipherutils.c \
 			loclass/des.c \
 			loclass/ikeys.c \
 			loclass/elite_crack.c\
 			loclass/fileutils.c\
@ -147,7 +148,6 @@ CMDSRCS = 	crapto1/crapto1.c\
 			cmdscript.c\
 			pm3_binlib.c\
 			pm3_bitlib.c\
 			aes.c\
 			protocols.c\
 			sha1.c\
 			cmdcrc.c\
@ -162,7 +162,7 @@ cpu_arch = $(shell uname -m)
 ifneq ($(findstring 86, $(cpu_arch)), )
 	MULTIARCHSRCS = hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c
 endif
-ifneq ($(findstring 64, $(cpu_arch)), )
+ifneq ($(findstring amd64, $(cpu_arch)), )
 	MULTIARCHSRCS = hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c
 endif
 ifeq ($(MULTIARCHSRCS), )
@ -184,14 +184,21 @@ MULTIARCHOBJS = $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_NOSIMD.o) \
 			$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX.o) \
 			$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX2.o)
-GCC_GTEQ_490 := $(shell expr `gcc -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
+GCC_VERSION := $(shell gcc --version | awk '/gcc/{print $$NF;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
 CLANG_VERSION := $(shell gcc --version | awk '/Apple LLVM version/{print $$4;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
 ifneq ($(CLANG_VERSION), )
 	SUPPORTS_AVX512 :=  $(shell [ $(CLANG_VERSION) -ge 80000 ] && echo "True" )
 endif
 ifneq ($(GCC_VERSION), )
 	SUPPORTS_AVX512 :=  $(shell [ $(GCC_VERSION) -ge 40900 ] && echo "True" )
 endif
 HARD_SWITCH_NOSIMD = -mno-mmx -mno-sse2 -mno-avx -mno-avx2
 HARD_SWITCH_MMX = -mmmx -mno-sse2 -mno-avx -mno-avx2
 HARD_SWITCH_SSE2 = -mmmx -msse2 -mno-avx -mno-avx2
 HARD_SWITCH_AVX = -mmmx -msse2 -mavx -mno-avx2
 HARD_SWITCH_AVX2 = -mmmx -msse2 -mavx -mavx2
 HARD_SWITCH_AVX512 = -mmmx -msse2 -mavx -mavx2 -mavx512f
-ifeq "$(GCC_GTEQ_490)" "1"
+ifeq "$(SUPPORTS_AVX512)" "True"
 	HARD_SWITCH_NOSIMD += -mno-avx512f
 	HARD_SWITCH_MMX += -mno-avx512f
 	HARD_SWITCH_SSE2 += -mno-avx512f
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -23,7 +23,7 @@
 #include "common.h"
 #include "util.h"
 #include "cmdmain.h"
-#include "loclass/des.h"
+#include "polarssl/des.h"
 #include "loclass/cipherutils.h"
 #include "loclass/cipher.h"
 #include "loclass/ikeys.h"
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@ -251,7 +251,7 @@ int CmdLegicLoad(const char *Cmd)
          fclose(f);
          return -1;
        }
-        UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
+        UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 1, 0}};
        int j; for(j = 0; j < 8; j++) {
            c.d.asBytes[j] = data[j];
        }
@ -351,7 +351,7 @@ int CmdLegicRfFill(const char *Cmd)
    }
    int i;
-    UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}};
+    UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 1, 0}};
    for(i = 0; i < 48; i++) {
      c.d.asBytes[i] = cmd.arg[2];
    }
--- a/client/cmdhfmfhard.c
+++ b/client/cmdhfmfhard.c
@ -72,7 +72,7 @@ static float brute_force_per_second;
 static void get_SIMD_instruction_set(char* instruction_set) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) strcpy(instruction_set, "AVX512F");
 	else if (__builtin_cpu_supports("avx2")) strcpy(instruction_set, "AVX2");
--- a/client/cmdhfmfu.c
+++ b/client/cmdhfmfu.c
@ -16,7 +16,7 @@
 #include "usb_cmd.h"
 #include "cmdmain.h"
 #include "ui.h"
-#include "loclass/des.h"
+#include "polarssl/des.h"
 #include "cmdhfmf.h"
 #include "cmdhf14a.h"
 #include "mifare.h"
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@ -411,7 +411,6 @@ int CmdLFSim(const char *Cmd)
 	sscanf(Cmd, "%i", &gap);
 	// convert to bitstream if necessary
 	ChkBitstream(Cmd);
 	//can send only 512 bits at a time (1 byte sent per bit...)
--- a/client/cmdlffdx.c
+++ b/client/cmdlffdx.c
@ -58,7 +58,7 @@ int usage_lf_fdx_clone(void){
 	// extended data
 	PrintAndLog("      <Q5>        : Specify write to Q5 (t5555 instead of t55x7)");
 	PrintAndLog("");
-	PrintAndLog("Sample: lf animal clone 999 112233");
+	PrintAndLog("Sample: lf fdx clone 999 112233");
 	return 0;
 }
--- a/client/cmdlfhid.c
+++ b/client/cmdlfhid.c
@ -120,7 +120,7 @@ int CmdHIDReadFSK(const char *Cmd)
 int CmdHIDSim(const char *Cmd)
 {
-  unsigned int hi = 0, lo = 0;
+	uint32_t hi = 0, lo = 0;
 	int n = 0, i = 0;
 	while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
@ -128,7 +128,7 @@ int CmdHIDSim(const char *Cmd)
 		lo = (lo << 4) | (n & 0xf);
 	}
-  PrintAndLog("Emulating tag with ID %x%16x", hi, lo);
+	PrintAndLog("Emulating tag with ID %x%08x", hi, lo);
 	PrintAndLog("Press pm3-button to abort simulation");
 	UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
--- a/client/cmdlfindala.c
+++ b/client/cmdlfindala.c
@ -40,11 +40,17 @@ int CmdIndalaDecode(const char *Cmd) {
 	}
 	uint8_t invert=0;
 	size_t size = DemodBufferLen;
-	int startIdx = indala26decode(DemodBuffer, &size, &invert);
+	int startIdx = indala64decode(DemodBuffer, &size, &invert);
-	if (startIdx < 0 || size > 224) {
+	if (startIdx < 0 || size != 64) {
 		// try 224 indala
 		invert = 0;
 		size = DemodBufferLen;
 		startIdx = indala224decode(DemodBuffer, &size, &invert);
 		if (startIdx < 0 || size != 224) {
 			if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
 			return -1;
 		}
 	}
 	setDemodBuf(DemodBuffer, size, (size_t)startIdx);
 	setClockGrid(g_DemodClock, g_DemodStartIdx + (startIdx*g_DemodClock));
 	if (invert)
--- a/client/cmdlfvisa2000.c
+++ b/client/cmdlfvisa2000.c
@ -29,26 +29,26 @@ static int CmdHelp(const char *Cmd);
 int usage_lf_visa2k_clone(void){
 	PrintAndLog("clone a Visa2000 tag to a T55x7 tag.");
-	PrintAndLog("Usage: lf visa2k clone [h] <card ID> <Q5>");
+	PrintAndLog("Usage: lf visa2000 clone [h] <card ID> <Q5>");
 	PrintAndLog("Options:");
 	PrintAndLog("      h          : This help");
-	PrintAndLog("      <card ID>  : Visa2k card ID");
+	PrintAndLog("      <card ID>  : Visa2000 card ID");
 	PrintAndLog("      <Q5>       : specify write to Q5 (t5555 instead of t55x7)");
 	PrintAndLog("");
-	PrintAndLog("Sample: lf visa2k clone 112233");
+	PrintAndLog("Sample: lf visa2000 clone 112233");
 	return 0;
 }
 int usage_lf_visa2k_sim(void) {
-	PrintAndLog("Enables simulation of visa2k card with specified card number.");
+	PrintAndLog("Enables simulation of visa2000 card with specified card number.");
 	PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
 	PrintAndLog("");
-	PrintAndLog("Usage:  lf visa2k sim [h] <card ID>");
+	PrintAndLog("Usage:  lf visa2000 sim [h] <card ID>");
 	PrintAndLog("Options:");
 	PrintAndLog("      h          : This help");
-	PrintAndLog("      <card ID>  : Visa2k card ID");
+	PrintAndLog("      <card ID>  : Visa2000 card ID");
 	PrintAndLog("");
-	PrintAndLog("Sample: lf visa2k sim 112233");
+	PrintAndLog("Sample: lf visa2000 sim 112233");
 	return 0;
 }
@ -100,7 +100,7 @@ int CmdVisa2kDemod(const char *Cmd) {
 	//ASK / Manchester
 	bool st = true;
 	if (!ASKDemod_ext("64 0 0", false, false, 1, &st)) {
-		if (g_debugMode) PrintAndLog("DEBUG: Error - Visa2k: ASK/Manchester Demod failed");
+		if (g_debugMode) PrintAndLog("DEBUG: Error - Visa2000: ASK/Manchester Demod failed");
 		return 0;
 	}
 	size_t size = DemodBufferLen;
@ -108,13 +108,13 @@ int CmdVisa2kDemod(const char *Cmd) {
 	if (ans < 0){
 		if (g_debugMode){
 			if (ans == -1)
-				PrintAndLog("DEBUG: Error - Visa2k: too few bits found");
+				PrintAndLog("DEBUG: Error - Visa2000: too few bits found");
 			else if (ans == -2)
-				PrintAndLog("DEBUG: Error - Visa2k: preamble not found");
+				PrintAndLog("DEBUG: Error - Visa2000: preamble not found");
 			else if (ans == -3)
-				PrintAndLog("DEBUG: Error - Visa2k: Size not correct: %d", size);
+				PrintAndLog("DEBUG: Error - Visa2000: Size not correct: %d", size);
 			else
-				PrintAndLog("DEBUG: Error - Visa2k: ans: %d", ans);
+				PrintAndLog("DEBUG: Error - Visa2000: ans: %d", ans);
 		}
 		return 0;
 	}
--- a/client/hardnested/hardnested_bf_core.c
+++ b/client/hardnested/hardnested_bf_core.c
@ -551,7 +551,7 @@ bitslice_test_nonces_t *bitslice_test_nonces_function_p = &bitslice_test_nonces_
 // determine the available instruction set at runtime and call the correct function
 const uint64_t crack_states_bitsliced_dispatch(uint32_t cuid, uint8_t *best_first_bytes, statelist_t *p, uint32_t *keys_found, uint64_t *num_keys_tested, uint32_t nonces_to_bruteforce, uint8_t *bf_test_nonce_2nd_byte, noncelist_t *nonces) {
 #if defined (__i386__) || defined (__x86_64__)
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2) 
 		if (__builtin_cpu_supports("avx512f")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX512;
 		else if (__builtin_cpu_supports("avx2")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX2;
@ -572,7 +572,7 @@ const uint64_t crack_states_bitsliced_dispatch(uint32_t cuid, uint8_t *best_firs
 void bitslice_test_nonces_dispatch(uint32_t nonces_to_bruteforce, uint32_t *bf_test_nonce, uint8_t *bf_test_nonce_par) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 		if (__builtin_cpu_supports("avx512f")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX512;
 		else if (__builtin_cpu_supports("avx2")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX2;
--- a/client/hardnested/hardnested_bitarray_core.c
+++ b/client/hardnested/hardnested_bitarray_core.c
@ -319,7 +319,7 @@ count_bitarray_AND4_t *count_bitarray_AND4_function_p = &count_bitarray_AND4_dis
 // determine the available instruction set at runtime and call the correct function
 uint32_t *malloc_bitarray_dispatch(uint32_t x) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) malloc_bitarray_function_p = &malloc_bitarray_AVX512;
 	else if (__builtin_cpu_supports("avx2")) malloc_bitarray_function_p = &malloc_bitarray_AVX2;
@ -340,7 +340,7 @@ uint32_t *malloc_bitarray_dispatch(uint32_t x) {
 void free_bitarray_dispatch(uint32_t *x) {
 #if defined (__i386__) || defined (__x86_64__)
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) free_bitarray_function_p = &free_bitarray_AVX512;
 	else if (__builtin_cpu_supports("avx2")) free_bitarray_function_p = &free_bitarray_AVX2;
@ -361,7 +361,7 @@ void free_bitarray_dispatch(uint32_t *x) {
 uint32_t bitcount_dispatch(uint32_t a) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) bitcount_function_p = &bitcount_AVX512;
 	else if (__builtin_cpu_supports("avx2")) bitcount_function_p = &bitcount_AVX2;
@ -382,7 +382,7 @@ uint32_t bitcount_dispatch(uint32_t a) {
 uint32_t count_states_dispatch(uint32_t *bitarray) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) count_states_function_p = &count_states_AVX512;
 	else if (__builtin_cpu_supports("avx2")) count_states_function_p = &count_states_AVX2;
@ -403,7 +403,7 @@ uint32_t count_states_dispatch(uint32_t *bitarray) {
 void bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) bitarray_AND_function_p = &bitarray_AND_AVX512;
 	else if (__builtin_cpu_supports("avx2")) bitarray_AND_function_p = &bitarray_AND_AVX2;
@ -424,7 +424,7 @@ void bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
 void bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
 #if defined (__i386__) || defined (__x86_64__)
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX512;
 	else if (__builtin_cpu_supports("avx2")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX2;
@ -445,7 +445,7 @@ void bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
 uint32_t count_bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX512;
 	else if (__builtin_cpu_supports("avx2")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX2;
@ -466,7 +466,7 @@ uint32_t count_bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
 uint32_t count_bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX512;
 	else if (__builtin_cpu_supports("avx2")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX2;
@ -487,7 +487,7 @@ uint32_t count_bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
 void bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) bitarray_AND4_function_p = &bitarray_AND4_AVX512;
 	else if (__builtin_cpu_supports("avx2")) bitarray_AND4_function_p = &bitarray_AND4_AVX2;
@ -508,7 +508,7 @@ void bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D)
 void bitarray_OR_dispatch(uint32_t *A, uint32_t *B) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) bitarray_OR_function_p = &bitarray_OR_AVX512;
 	else if (__builtin_cpu_supports("avx2")) bitarray_OR_function_p = &bitarray_OR_AVX2;
@ -529,7 +529,7 @@ void bitarray_OR_dispatch(uint32_t *A, uint32_t *B) {
 uint32_t count_bitarray_AND2_dispatch(uint32_t *A, uint32_t *B) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX512;
 	else if (__builtin_cpu_supports("avx2")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX2;
@ -550,7 +550,7 @@ uint32_t count_bitarray_AND2_dispatch(uint32_t *A, uint32_t *B) {
 uint32_t count_bitarray_AND3_dispatch(uint32_t *A, uint32_t *B, uint32_t *C) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX512;
 	else if (__builtin_cpu_supports("avx2")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX2;
@ -571,7 +571,7 @@ uint32_t count_bitarray_AND3_dispatch(uint32_t *A, uint32_t *B, uint32_t *C) {
 uint32_t count_bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
 #if defined (__i386__) || defined (__x86_64__)	
-	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
+	#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
 		#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
 	if (__builtin_cpu_supports("avx512f")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX512;
 	else if (__builtin_cpu_supports("avx2")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX2;
--- a/client/loclass/elite_crack.c
+++ b/client/loclass/elite_crack.c
@ -47,7 +47,7 @@
 #include "ikeys.h"
 #include "elite_crack.h"
 #include "fileutils.h"
-#include "des.h"
+#include "polarssl/des.h"
 /**
 * @brief Permutes a key from standard NIST format to Iclass specific format
--- a/client/loclass/ikeys.c
+++ b/client/loclass/ikeys.c
@ -69,7 +69,7 @@ From "Dismantling iclass":
 #include <inttypes.h>
 #include "fileutils.h"
 #include "cipherutils.h"
-#include "des.h"
+#include "polarssl/des.h"
 uint8_t pi[35] = {0x0F,0x17,0x1B,0x1D,0x1E,0x27,0x2B,0x2D,0x2E,0x33,0x35,0x39,0x36,0x3A,0x3C,0x47,0x4B,0x4D,0x4E,0x53,0x55,0x56,0x59,0x5A,0x5C,0x63,0x65,0x66,0x69,0x6A,0x6C,0x71,0x72,0x74,0x78};
--- a/client/mfkey.c
+++ b/client/mfkey.c
@ -12,6 +12,7 @@
 #include "mfkey.h"
 #include "mifare.h"
 #include "crapto1/crapto1.h"
--- a/client/mfkey.h
+++ b/client/mfkey.h
@ -15,19 +15,7 @@
 #include <stdint.h>
 #include <stdbool.h>
-
+#include "mifare.h"
 typedef struct {
 			  uint32_t cuid;
 			  uint8_t  sector;
 			  uint8_t  keytype;
 			  uint32_t nonce;
 			  uint32_t ar;
 			  uint32_t nr;
 			  uint32_t at;
 			  uint32_t nonce2;
 			  uint32_t ar2;
 			  uint32_t nr2;
 			} nonces_t;
 extern bool mfkey32(nonces_t data, uint64_t *outputkey);
 extern bool mfkey32_moebius(nonces_t data, uint64_t *outputkey);
--- a/client/obj/polarssl/.dummy
+++ b/client/obj/polarssl/.dummy
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@ -274,8 +274,22 @@ int main(int argc, char* argv[]) {
 	pthread_mutex_init(&print_lock, NULL);
 #ifdef HAVE_GUI
 #ifdef _WIN32
 	InitGraphics(argc, argv, script_cmds_file, usb_present);
 	MainGraphics();
 #else
 	char* display = getenv("DISPLAY");
 	if (display && strlen(display) > 1)
 	{
 		InitGraphics(argc, argv, script_cmds_file, usb_present);
 		MainGraphics();
 	}
 	else
 	{
 		main_loop(script_cmds_file, usb_present);
 	}
 #endif
 #else
 	main_loop(script_cmds_file, usb_present);
 #endif	
--- a/client/scripting.c
+++ b/client/scripting.c
@ -24,7 +24,7 @@
 #include "../common/crc16.h"
 #include "../common/crc64.h"
 #include "../common/sha1.h"
-#include "aes.h"
+#include "polarssl/aes.h"
 #include "cmdcrc.h"
 /**
 * The following params expected:
--- a/common/Makefile.common
+++ b/common/Makefile.common
@ -63,7 +63,7 @@ endif
 # Also search prerequisites in the common directory (for usb.c), the fpga directory (for fpga.bit), and the zlib directory
-VPATH = . ../common ../common/crapto1 ../fpga ../zlib
+VPATH = . ../common ../common/crapto1 ../common/polarssl ../fpga ../zlib
 INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/usb_cmd.h $(APP_INCLUDES)
--- a/common/lfdemod.c
+++ b/common/lfdemod.c
@ -1777,22 +1777,53 @@ int IOdemodFSK(uint8_t *dest, size_t size, int *waveStartIdx) {
 } 
 // redesigned by marshmellow adjusted from existing decode functions
-// indala id decoding - only tested on 26 bit tags, but attempted to make it work for more
+// indala id decoding
-int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
+int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
-	//26 bit 40134 format  (don't know other formats)
+	//standard 64 bit indala formats including 26 bit 40134 format
-	uint8_t preamble[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
+	uint8_t preamble64[] = {1,0,1,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 1};
-	uint8_t preamble_i[] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0};
+	uint8_t preamble64_i[] = {0,1,0,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 0};
 	size_t startidx = 0;
-	if (!preambleSearch(bitStream, preamble, sizeof(preamble), size, &startidx)){
+	size_t found_size = *size;
-		// if didn't find preamble try again inverting
+	bool found = preambleSearch(bitStream, preamble64, sizeof(preamble64), &found_size, &startidx);
-		if (!preambleSearch(bitStream, preamble_i, sizeof(preamble_i), size, &startidx)) return -1;
+	if (!found) {
 		found = preambleSearch(bitStream, preamble64_i, sizeof(preamble64_i), &found_size, &startidx);
 		if (!found) return -1;
 		*invert ^= 1;
 	}
-	if (*size != 64 && *size != 224) return -2;
+	if (found_size != 64) return -2;
 	if (*invert==1)
-		for (size_t i = startidx; i < *size + startidx; i++) 
+		for (size_t i = startidx; i < found_size + startidx; i++) 
 			bitStream[i] ^= 1;
 	// note: don't change *size until we are sure we got it... 
 	*size = found_size;
 	return (int) startidx;
 }
 int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
 	//large 224 bit indala formats (different preamble too...)
 	uint8_t preamble224[] = {1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,1};
 	uint8_t preamble224_i[] = {0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,0};
 	size_t startidx = 0;
 	size_t found_size = *size;
 	bool found = preambleSearch(bitStream, preamble224, sizeof(preamble224), &found_size, &startidx);
 	if (!found) {
 		found = preambleSearch(bitStream, preamble224_i, sizeof(preamble224_i), &found_size, &startidx);
 		if (!found) return -1;
 		*invert ^= 1;
 	}
 	if (found_size != 224) return -2;
 	if (*invert==1 && startidx > 0)
 		for (size_t i = startidx-1; i < found_size + startidx + 2; i++) 
 			bitStream[i] ^= 1;
 	// 224 formats are typically PSK2 (afaik 2017 Marshmellow)
 	// note loses 1 bit at beginning of transformation...
 	// don't need to verify array is big enough as to get here there has to be a full preamble after all of our data
 	psk1TOpsk2(bitStream + (startidx-1), found_size+2);
 	startidx++;
 	*size = found_size;
 	return (int) startidx;
 }
--- a/common/lfdemod.h
+++ b/common/lfdemod.h
@ -54,7 +54,8 @@ extern int FDXBdemodBI(uint8_t *dest, size_t *size);
 extern int gProxII_Demod(uint8_t BitStream[], size_t *size);
 extern int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
 extern int IOdemodFSK(uint8_t *dest, size_t size, int *waveStartIdx);
-extern int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
+extern int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
 extern int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
 extern int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
 extern int PrescoDemod(uint8_t *dest, size_t *size);
 extern int PyramiddemodFSK(uint8_t *dest, size_t *size, int *waveStartIdx);
--- a/common/polarssl/aes.c
+++ b/common/polarssl/aes.c
--- a/common/polarssl/aes.h
+++ b/common/polarssl/aes.h
--- a/common/polarssl/des.c
+++ b/common/polarssl/des.c
--- a/common/polarssl/des.h
+++ b/common/polarssl/des.h
--- a/common/polarssl/polarssl_config.h
+++ b/common/polarssl/polarssl_config.h
--- a/fpga/fpga_hf.bit
+++ b/fpga/fpga_hf.bit
--- a/fpga/fpga_hf.v
+++ b/fpga/fpga_hf.v
@ -73,6 +73,8 @@ wire hi_read_tx_shallow_modulation = conf_word[0];
 wire hi_read_rx_xcorr_848 = conf_word[0];
 // and whether to drive the coil (reader) or just short it (snooper)
 wire hi_read_rx_xcorr_snoop = conf_word[1];
 // divide subcarrier frequency by 4
 wire hi_read_rx_xcorr_quarter = conf_word[2];
 // For the high-frequency simulated tag: what kind of modulation to use.
 wire [2:0] hi_simulate_mod_type = conf_word[2:0];
@ -100,7 +102,7 @@ hi_read_rx_xcorr hrxc(
 	hrxc_ssp_frame, hrxc_ssp_din, ssp_dout, hrxc_ssp_clk,
 	cross_hi, cross_lo,
 	hrxc_dbg,
-	hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop
+	hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
 );
 hi_simulate hs(
--- a/fpga/hi_read_rx_xcorr.v
+++ b/fpga/hi_read_rx_xcorr.v
@ -10,7 +10,7 @@ module hi_read_rx_xcorr(
    ssp_frame, ssp_din, ssp_dout, ssp_clk,
    cross_hi, cross_lo,
    dbg,
-    xcorr_is_848, snoop
+    xcorr_is_848, snoop, xcorr_quarter_freq
 );
    input pck0, ck_1356meg, ck_1356megb;
    output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
@ -20,7 +20,7 @@ module hi_read_rx_xcorr(
    output ssp_frame, ssp_din, ssp_clk;
    input cross_hi, cross_lo;
    output dbg;
-    input xcorr_is_848, snoop;
+    input xcorr_is_848, snoop, xcorr_quarter_freq;
 // Carrier is steady on through this, unless we're snooping.
 assign pwr_hi = ck_1356megb & (~snoop);
@ -28,18 +28,20 @@ assign pwr_oe1 = 1'b0;
 assign pwr_oe3 = 1'b0;
 assign pwr_oe4 = 1'b0;
-// Clock divider
+reg [2:0] fc_div;
 reg [0:0] fc_divider;
 always @(negedge ck_1356megb)
-    fc_divider <= fc_divider + 1;
+    fc_div <= fc_div + 1;
 wire fc_div2 = fc_divider[0];
-reg adc_clk;
+(* clock_signal = "yes" *) reg adc_clk;				// sample frequency, always 16 * fc
-always @(ck_1356megb)
+always @(ck_1356megb, xcorr_is_848, xcorr_quarter_freq, fc_div)
-	if (xcorr_is_848)
+	if (xcorr_is_848 & ~xcorr_quarter_freq)			// fc = 847.5 kHz
 		adc_clk <= ck_1356megb;
-	else
+	else if (~xcorr_is_848 & ~xcorr_quarter_freq)	// fc = 424.25 kHz 
-		adc_clk <= fc_div2;
+		adc_clk <= fc_div[0];
 	else if (xcorr_is_848 & xcorr_quarter_freq)		// fc = 212.125 kHz
 		adc_clk <= fc_div[1];
 	else 											// fc = 106.0625 kHz
 		adc_clk <= fc_div[2];
 // When we're a reader, we just need to do the BPSK demod; but when we're an
 // eavesdropper, we also need to pick out the commands sent by the reader,
@ -71,8 +73,7 @@ end
 // so we need a 6-bit counter.
 reg [5:0] corr_i_cnt;
 // And a couple of registers in which to accumulate the correlations.
-// we would add at most 32 times adc_d, the result can be held in 13 bits. 
+// we would add/sub at most 32 times adc_d, the signed result can be held in 14 bits. 
 // Need one additional bit because it can be negative as well
 reg signed [13:0] corr_i_accum;
 reg signed [13:0] corr_q_accum;
 reg signed [7:0] corr_i_out;
--- a/include/mifare.h
+++ b/include/mifare.h
@ -37,4 +37,17 @@ typedef enum ISO14A_COMMAND {
 	ISO14A_TOPAZMODE =			(1 << 8)
 } iso14a_command_t;
 typedef struct {
 	uint32_t cuid;
 	uint8_t  sector;
 	uint8_t  keytype;
 	uint32_t nonce;
 	uint32_t ar;
 	uint32_t nr;
 	uint32_t at;
 	uint32_t nonce2;
 	uint32_t ar2;
 	uint32_t nr2;
 } nonces_t;
 #endif // _MIFARE_H_
--- a/tools/mfkey/Makefile
+++ b/tools/mfkey/Makefile
@ -1,7 +1,7 @@
 VPATH = ../../common ../../common/crapto1 ../../client
 CC = gcc
 LD = gcc
-CFLAGS = -std=c99 -D_ISOC99_SOURCE -I../../common -I../../client -Wall -O3
+CFLAGS = -std=c99 -D_ISOC99_SOURCE -I../../include -I../../common -I../../client -Wall -O3
 LDFLAGS =
 OBJS = crypto1.o crapto1.o parity.o util_posix.o mfkey.o