Merge pull request #82 from marshmellow42/master

lf ata55x7 commands and more
2025-07-16 02:03:00 -07:00 · 2015-03-24 11:10:16 +01:00 · 2015-03-24 11:10:16 +01:00 · 90a8b82fb4
commit 90a8b82fb4
parent 29a7954177 9680b11d9e
17 changed files with 2063 additions and 607 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -648,7 +648,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			setSamplingConfig((sample_config *) c->d.asBytes);
 			break;
 		case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
-			cmd_send(CMD_ACK,SampleLF(),0,0,0,0);
+			cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0);
 			break;
 		case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
 			ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -1030,10 +1030,12 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 * To compensate antenna falling times shorten the write times
 * and enlarge the gap ones.
 */
-#define START_GAP 250
+#define START_GAP 50*8 // 10 - 50fc 250
-#define WRITE_GAP 160
+#define WRITE_GAP 20*8 //    - 30fc 160
-#define WRITE_0   144 // 192
+#define WRITE_0   24*8 // 16 - 63fc 54fc 144
-#define WRITE_1   400 // 432 for T55x7; 448 for E5550
+#define WRITE_1   54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 //400
 #define T55xx_SAMPLES_SIZE      12000 // 32 x 32 x 10  (32 bit times numofblock (7), times clock skip..)
 // Write one bit to card
 void T55xxWriteBit(int bit)
@ -1052,16 +1054,11 @@ void T55xxWriteBit(int bit)
 // Write one card block in page 0, no lock
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
 {
-    //unsigned int i;  //enio adjustment 12/10/14
+    uint32_t i = 0;
    uint32_t i;
-    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+    // Set up FPGA, 125kHz
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+    // Wait for config.. (192+8190xPOW)x8 == 67ms
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+    LFSetupFPGAForADC(0, true);
    // Give it a bit of time for the resonant antenna to settle.
    // And for the tag to fully power up
    SpinDelay(150);
    // Now start writting
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -1094,30 +1091,28 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 }
 void TurnReadLFOn(){
    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
    // Give it a bit of time for the resonant antenna to settle.
    SpinDelayUs(8*150);
 }
 // Read one card block in page 0
 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
 {
    uint32_t i = 0;
    uint8_t *dest = BigBuf_get_addr();
-    //int m=0, i=0; //enio adjustment 12/10/14
+    uint16_t bufferlength = BigBuf_max_traceLen();
-    uint32_t m=0, i=0;
+    if ( bufferlength > T55xx_SAMPLES_SIZE )
-    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+        bufferlength = T55xx_SAMPLES_SIZE;
-    m = BigBuf_max_traceLen();
+
    // Clear destination buffer before sending the command
-    memset(dest, 128, m);
+    memset(dest, 0x80, bufferlength);
    // Connect the A/D to the peak-detected low-frequency path.
    SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
    // Now set up the SSC to get the ADC samples that are now streaming at us.
    FpgaSetupSsc();
-    LED_D_ON();
+    // Set up FPGA, 125kHz
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+    // Wait for config.. (192+8190xPOW)x8 == 67ms
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+    LFSetupFPGAForADC(0, true);
    // Give it a bit of time for the resonant antenna to settle.
    // And for the tag to fully power up
    SpinDelay(150);
    // Now start writting
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    SpinDelayUs(START_GAP);
@ -1136,53 +1131,40 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
        T55xxWriteBit(Block & i);
    // Turn field on to read the response
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+    TurnReadLFOn();
    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
    // Now do the acquisition
    i = 0;
    for(;;) {
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
            AT91C_BASE_SSC->SSC_THR = 0x43;
            LED_D_ON();
        }
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
            dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
            // we don't care about actual value, only if it's more or less than a
            // threshold essentially we capture zero crossings for later analysis
            //			if(dest[i] < 127) dest[i] = 0; else dest[i] = 1;
            i++;
-            if (i >= m) break;
+            LED_D_OFF();
            if (i >= bufferlength) break;
        }
    }
    cmd_send(CMD_ACK,0,0,0,0,0);    
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
    LED_D_OFF();
    DbpString("DONE!");
 }
 // Read card traceability data (page 1)
 void T55xxReadTrace(void){
    uint32_t i = 0;
    uint8_t *dest = BigBuf_get_addr();
-    int m=0, i=0;
+    uint16_t bufferlength = BigBuf_max_traceLen();
    if ( bufferlength > T55xx_SAMPLES_SIZE )
        bufferlength= T55xx_SAMPLES_SIZE;
    FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
    m = BigBuf_max_traceLen();
    // Clear destination buffer before sending the command
-    memset(dest, 128, m);
+    memset(dest, 0x80, bufferlength);
    // Connect the A/D to the peak-detected low-frequency path.
    SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
    // Now set up the SSC to get the ADC samples that are now streaming at us.
    FpgaSetupSsc();
-    LED_D_ON();
+    LFSetupFPGAForADC(0, true);
    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
    // Give it a bit of time for the resonant antenna to settle.
    // And for the tag to fully power up
    SpinDelay(150);
    // Now start writting
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    SpinDelayUs(START_GAP);
@ -1191,25 +1173,26 @@ void T55xxReadTrace(void){
    T55xxWriteBit(1); //Page 1
    // Turn field on to read the response
-    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+    TurnReadLFOn();
    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
    // Now do the acquisition
    i = 0;
    for(;;) {
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
            AT91C_BASE_SSC->SSC_THR = 0x43;
            LED_D_ON();
        }
        if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
            dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
            i++;
-            if (i >= m) break;
+            LED_D_OFF();
            if (i >= bufferlength) break;
        }
    }
    cmd_send(CMD_ACK,0,0,0,0,0);
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
    LED_D_OFF();
    DbpString("DONE!");
 }
 /*-------------- Cloning routines -----------*/
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@ -224,21 +224,21 @@ uint32_t DoAcquisition_config( bool silent)
 				  ,silent);
 }
-uint32_t ReadLF(bool activeField)
+uint32_t ReadLF(bool activeField, bool silent)
 {
-	printConfig();
+	if (!silent) printConfig();
 	LFSetupFPGAForADC(config.divisor, activeField);
 	// Now call the acquisition routine
-	return DoAcquisition_config(false);
+	return DoAcquisition_config(silent);
 }
 /**
 * Initializes the FPGA for reader-mode (field on), and acquires the samples.
 * @return number of bits sampled
 **/
-uint32_t SampleLF()
+uint32_t SampleLF(bool printCfg)
 {
-	return ReadLF(true);
+	return ReadLF(true, printCfg);
 }
 /**
 * Initializes the FPGA for snoop-mode (field off), and acquires the samples.
@ -247,5 +247,5 @@ uint32_t SampleLF()
 uint32_t SnoopLF()
 {
-	return ReadLF(false);
+	return ReadLF(false, true);
 }
--- a/armsrc/lfsampling.h
+++ b/armsrc/lfsampling.h
@ -5,7 +5,7 @@
 * Initializes the FPGA for reader-mode (field on), and acquires the samples.
 * @return number of bits sampled
 **/
-uint32_t SampleLF();
+uint32_t SampleLF(bool silent);
 /**
 * Initializes the FPGA for snoop-mode (field off), and acquires the samples.
--- a/client/cmddata.c
+++ b/client/cmddata.c
@ -33,6 +33,12 @@ static int CmdHelp(const char *Cmd);
 //by marshmellow
 void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx)
 {
 	if (buff == NULL) 
 		return;
 	if ( size >= MAX_DEMOD_BUF_LEN)
 		size = MAX_DEMOD_BUF_LEN;
 	size_t i = 0;
 	for (; i < size; i++){
 		DemodBuffer[i]=buff[startIdx++];
@ -279,18 +285,101 @@ void printEM410x(uint32_t hi, uint64_t id)
      //output 40 bit em id
      PrintAndLog("EM TAG ID    : %010llx", id);
      PrintAndLog("Unique TAG ID: %010llx",  id2lo);
      PrintAndLog("");
      PrintAndLog("Possible de-scramble patterns");
      PrintAndLog("HoneyWell IdentKey");
      PrintAndLog("DEZ 8        : %08lld",id & 0xFFFFFF);
-      PrintAndLog("DEZ 10       : %010lld",id & 0xFFFFFF);
+      PrintAndLog("DEZ 10       : %010lld",id & 0xFFFFFFFF);
      PrintAndLog("DEZ 5.5      : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF));
      PrintAndLog("DEZ 3.5A     : %03lld.%05lld",(id>>32ll),(id & 0xFFFF));
      PrintAndLog("DEZ 3.5B     : %03lld.%05lld",(id & 0xFF000000) >> 24,(id & 0xFFFF));
      PrintAndLog("DEZ 3.5C     : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF));
      PrintAndLog("DEZ 14/IK2   : %014lld",id);
      PrintAndLog("DEZ 15/IK3   : %015lld",id2lo);
      PrintAndLog("Other        : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));  
      PrintAndLog("DEZ 20/ZK    : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld",
        (id2lo & 0xf000000000) >> 36,
        (id2lo & 0x0f00000000) >> 32,
        (id2lo & 0x00f0000000) >> 28,
        (id2lo & 0x000f000000) >> 24,
        (id2lo & 0x0000f00000) >> 20,
        (id2lo & 0x00000f0000) >> 16,
        (id2lo & 0x000000f000) >> 12,
        (id2lo & 0x0000000f00) >> 8,
        (id2lo & 0x00000000f0) >> 4,
        (id2lo & 0x000000000f)
      );
      PrintAndLog("");			
      uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff))  + 0x143e00;
      PrintAndLog("Pattern Paxton  : %0d", paxton);	
      uint32_t p1id = (id & 0xFFFFFF);
      uint8_t arr[32] = {0x00};
      int i =0; 
      int j = 23;
      for (; i < 24; ++i, --j	){
      	arr[i] = (p1id >> i) & 1;
      }
      uint32_t p1  = 0;	
      p1 |= arr[23] << 21;
      p1 |= arr[22] << 23;
      p1 |= arr[21] << 20;
      p1 |= arr[20] << 22;
      p1 |= arr[19] << 18;
      p1 |= arr[18] << 16;
      p1 |= arr[17] << 19;
      p1 |= arr[16] << 17;
      p1 |= arr[15] << 13;
      p1 |= arr[14] << 15;
      p1 |= arr[13] << 12;
      p1 |= arr[12] << 14;	
      p1 |= arr[11] << 6;
      p1 |= arr[10] << 2;
      p1 |= arr[9]  << 7;
      p1 |= arr[8]  << 1;
      p1 |= arr[7]  << 0;
      p1 |= arr[6]  << 8;
      p1 |= arr[5]  << 11;
      p1 |= arr[4]  << 3;	
      p1 |= arr[3]  << 10;
      p1 |= arr[2]  << 4;
      p1 |= arr[1]  << 5;
      p1 |= arr[0]  << 9;	
      PrintAndLog("Pattern 1       : 0x%X - %d", p1, p1);
      uint16_t sebury1 = id & 0xFFFF;
      uint8_t  sebury2 = (id >> 16) & 0x7F;
      uint32_t sebury3 = id & 0x7FFFFF;
      PrintAndLog("Pattern Sebury  : %d %d %d  (hex: %X %X %X)", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3);
    }
  }
  return;
 }
 int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo)
 {
  int ans = ASKmanDemod(Cmd, FALSE, FALSE);
  if (!ans) return 0;
  size_t idx=0;
  if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, hi, lo)){
    if (g_debugMode){
      PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen);
      printDemodBuff();
    }
    return 1;
  }
  return 0;	
 }
 //by marshmellow
 //takes 3 arguments - clock, invert and maxErr as integers
 //attempts to demodulate ask while decoding manchester
@ -311,17 +400,9 @@ int CmdAskEM410xDemod(const char *Cmd)
    PrintAndLog("          : data askem410xdemod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
    return 0;
  }
-  int ans = ASKmanDemod(Cmd, FALSE, FALSE);
+  uint32_t hi;
-  if (!ans) return 0;
+  uint64_t lo;
-
+  if (AskEm410xDemod(Cmd, &hi, &lo)) {
  uint64_t lo =0;
  uint32_t hi =0;
  size_t idx=0;
  if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, &hi, &lo)){
    if (g_debugMode){
      PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen);
      printDemodBuff();
    }
    PrintAndLog("EM410x pattern found: ");
    printEM410x(hi, lo);
    return 1;
@ -477,6 +558,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd)
 		PrintAndLog("Usage:  data biphaserawdecode [offset] [invert] [maxErr]");
 		PrintAndLog("     Converts 10 or 01 to 1 and 11 or 00 to 0");
 		PrintAndLog("     --must have binary sequence in demodbuffer (run data askrawdemod first)");
    PrintAndLog("     --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester");
 		PrintAndLog("");
 		PrintAndLog("     [offset <0|1>], set to 0 not to adjust start position or to 1 to adjust decode start position");
 		PrintAndLog("     [invert <0|1>], set to 1 to invert output");
@ -639,6 +721,8 @@ int Cmdaskbiphdemod(const char *Cmd)
    PrintAndLog("     NOTE: <amplify> can be entered as first, second or last argument");
    PrintAndLog("     NOTE: any other arg must have previous args set to work");
    PrintAndLog("");
    PrintAndLog("     NOTE: --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester");
    PrintAndLog("");
    PrintAndLog("    sample: data rawdemod ab            = demod an ask/biph tag from GraphBuffer");
    PrintAndLog("          : data rawdemod ab a          = demod an ask/biph tag from GraphBuffer, amplified");
    PrintAndLog("          : data rawdemod ab 1 32       = demod an ask/biph tag from GraphBuffer using an offset of 1 and a clock of RF/32");
@ -1339,7 +1423,19 @@ int CmdFSKdemodIO(const char *Cmd)
  uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4
  uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ;
  uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9
-  PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
+  uint8_t crc = bytebits_to_byte(BitStream+idx+54,8);
  uint16_t calccrc = 0;
  for (uint8_t i=1; i<6; ++i){
    calccrc += bytebits_to_byte(BitStream+idx+9*i,8);
    //PrintAndLog("%d", calccrc);
  }
  calccrc &= 0xff;
  calccrc = 0xff - calccrc;
  char *crcStr = (crc == calccrc) ? "crc ok": "!crc";
  PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
  setDemodBuf(BitStream,64,idx);
  if (g_debugMode){
    PrintAndLog("DEBUG: idx: %d, Len: %d, Printing demod buffer:",idx,64);
@ -1859,21 +1955,19 @@ int NRZrawDemod(const char *Cmd, bool verbose)
  int errCnt=0;
  errCnt = nrzRawDemod(BitStream, &BitLen, &clk, &invert, maxErr);
  if (errCnt > maxErr){
-    if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
+    if (g_debugMode) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
    return 0;
  } 
  if (errCnt<0|| BitLen<16){  //throw away static - allow 1 and -1 (in case of threshold command first)
-    if (g_debugMode==1 && verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
+    if (g_debugMode) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
    return 0;
  }
-  PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
+  if (verbose || g_debugMode) PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
  //prime demod buffer for output
  setDemodBuf(BitStream,BitLen,0);
-  if (errCnt>0 && verbose){
+  if (errCnt>0 && (verbose || g_debugMode)) PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
-    PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
+  if (verbose || g_debugMode) {
  }
  if (verbose) {
    PrintAndLog("NRZ demoded bitstream:");
    // Now output the bitstream to the scrollback by line of 16 bits
    printDemodBuff();
@ -1977,7 +2071,7 @@ int CmdRawDemod(const char *Cmd)
 		PrintAndLog("   <help> as 'h', prints the help for the specific modulation");	
 		PrintAndLog("   <options> see specific modulation help for optional parameters");				
 		PrintAndLog("");
-		PrintAndLog("    sample: data rawdemod fs h         = print help for ask/raw demod");
+		PrintAndLog("    sample: data rawdemod fs h         = print help specific to fsk demod");
 		PrintAndLog("          : data rawdemod fs           = demod GraphBuffer using: fsk - autodetect");
 		PrintAndLog("          : data rawdemod ab           = demod GraphBuffer using: ask/biphase - autodetect");
 		PrintAndLog("          : data rawdemod am           = demod GraphBuffer using: ask/manchester - autodetect");
@ -2106,57 +2200,64 @@ uint8_t getByte(uint8_t bits_per_sample, BitstreamOut* b)
 	return val;
 }
 int getSamples(const char *Cmd, bool silent)
 {
  //If we get all but the last byte in bigbuf,
  // we don't have to worry about remaining trash
  // in the last byte in case the bits-per-sample
  // does not line up on byte boundaries
  uint8_t got[BIGBUF_SIZE-1] = { 0 };
  int n = strtol(Cmd, NULL, 0);
  if (n == 0)
    n = sizeof(got);
  if (n > sizeof(got))
    n = sizeof(got);
  PrintAndLog("Reading %d bytes from device memory\n", n);
  GetFromBigBuf(got,n,0);
  PrintAndLog("Data fetched");
  UsbCommand response;
  WaitForResponse(CMD_ACK, &response);
  uint8_t bits_per_sample = 8;
  //Old devices without this feature would send 0 at arg[0]
  if(response.arg[0] > 0)
  {
    sample_config *sc = (sample_config *) response.d.asBytes;
    PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample
          , sc->decimation);
    bits_per_sample = sc->bits_per_sample;
  }
  if(bits_per_sample < 8)
  {
    PrintAndLog("Unpacking...");
    BitstreamOut bout = { got, bits_per_sample * n,  0};
    int j =0;
    for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) {
      uint8_t sample = getByte(bits_per_sample, &bout);
      GraphBuffer[j] = ((int) sample )- 128;
    }
    GraphTraceLen = j;
    PrintAndLog("Unpacked %d samples" , j );
  }else
  {
    for (int j = 0; j < n; j++) {
      GraphBuffer[j] = ((int)got[j]) - 128;
    }
    GraphTraceLen = n;
  }
  RepaintGraphWindow();
  return 0;
 }
 int CmdSamples(const char *Cmd)
 {
-	//If we get all but the last byte in bigbuf,
+  return getSamples(Cmd, false);
 	// we don't have to worry about remaining trash
 	// in the last byte in case the bits-per-sample
 	// does not line up on byte boundaries
 	uint8_t got[BIGBUF_SIZE-1] = { 0 };
 	int n = strtol(Cmd, NULL, 0);
 	if (n == 0)
 		n = sizeof(got);
 	if (n > sizeof(got))
 		n = sizeof(got);
 	PrintAndLog("Reading %d bytes from device memory\n", n);
 	GetFromBigBuf(got,n,0);
 	PrintAndLog("Data fetched");
 	UsbCommand response;
 	WaitForResponse(CMD_ACK, &response);
 	uint8_t bits_per_sample = 8;
 	//Old devices without this feature would send 0 at arg[0]
 	if(response.arg[0] > 0)
 	{
 		sample_config *sc = (sample_config *) response.d.asBytes;
 		PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample
 					, sc->decimation);
 		bits_per_sample = sc->bits_per_sample;
 	}
 	if(bits_per_sample < 8)
 	{
 		PrintAndLog("Unpacking...");
 		BitstreamOut bout = { got, bits_per_sample * n,  0};
 		int j =0;
 		for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) {
 			uint8_t sample = getByte(bits_per_sample, &bout);
 			GraphBuffer[j] = ((int) sample )- 128;
 		}
 		GraphTraceLen = j;
 		PrintAndLog("Unpacked %d samples" , j );
 	}else
 	{
 		for (int j = 0; j < n; j++) {
 			GraphBuffer[j] = ((int)got[j]) - 128;
 		}
 		GraphTraceLen = n;
 	}
 	RepaintGraphWindow();
 	return 0;
 }
 int CmdTuneSamples(const char *Cmd)
@ -2652,60 +2753,52 @@ int CmdZerocrossings(const char *Cmd)
 static command_t CommandTable[] =
 {
-  {"help",          CmdHelp,            1, "This help"},
+  {"help",            CmdHelp,            1, "This help"},
-  {"amp",           CmdAmp,             1, "Amplify peaks"},
+  {"amp",             CmdAmp,             1, "Amplify peaks"},
  //{"askdemod",      Cmdaskdemod,        1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
-  {"askedgedetect", CmdAskEdgeDetect,   1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"},
+  {"askedgedetect",   CmdAskEdgeDetect,   1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"},
-  {"askem410xdemod",CmdAskEM410xDemod,  1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"},
+  {"askem410xdemod",  CmdAskEM410xDemod,  1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"},
-  {"askgproxiidemod",CmdG_Prox_II_Demod,1, "Demodulate a G Prox II tag from GraphBuffer"},
+  {"askgproxiidemod", CmdG_Prox_II_Demod, 1, "Demodulate a G Prox II tag from GraphBuffer"},
-  //{"askmandemod",   Cmdaskmandemod,     1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)"},
+  {"autocorr",        CmdAutoCorr,        1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"},
  //{"askrawdemod",   Cmdaskrawdemod,     1, "[clock] [invert<0|1>] -- Attempt to demodulate ASK tags and output bin (args optional)"},
  {"autocorr",      CmdAutoCorr,        1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"},
  {"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] [invert<0|1>] Biphase decode bin stream in DemodBuffer (offset = 0|1 bits to shift the decode start)"},
-  {"bitsamples",    CmdBitsamples,      0, "Get raw samples as bitstring"},
+  {"bitsamples",      CmdBitsamples,      0, "Get raw samples as bitstring"},
  //{"bitstream",     CmdBitstream,       1, "[clock rate] -- Convert waveform into a bitstream"},
-  {"buffclear",     CmdBuffClear,       1, "Clear sample buffer and graph window"},
+  {"buffclear",       CmdBuffClear,       1, "Clear sample buffer and graph window"},
-  {"dec",           CmdDec,             1, "Decimate samples"},
+  {"dec",             CmdDec,             1, "Decimate samples"},
-  {"detectclock",   CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"},
+  {"detectclock",     CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"},
  //{"fskdemod",      CmdFSKdemod,        1, "Demodulate graph window as a HID FSK"},
-  {"fskawiddemod",  CmdFSKdemodAWID,    1, "Demodulate an AWID FSK tag from GraphBuffer"},
+  {"fskawiddemod",    CmdFSKdemodAWID,    1, "Demodulate an AWID FSK tag from GraphBuffer"},
  //{"fskfcdetect",   CmdFSKfcDetect,     1, "Try to detect the Field Clock of an FSK wave"},
-  {"fskhiddemod",   CmdFSKdemodHID,     1, "Demodulate a HID FSK tag from GraphBuffer"},
+  {"fskhiddemod",     CmdFSKdemodHID,     1, "Demodulate a HID FSK tag from GraphBuffer"},
-  {"fskiodemod",    CmdFSKdemodIO,      1, "Demodulate an IO Prox FSK tag from GraphBuffer"},
+  {"fskiodemod",      CmdFSKdemodIO,      1, "Demodulate an IO Prox FSK tag from GraphBuffer"},
-  {"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"},
+  {"fskpyramiddemod", CmdFSKdemodPyramid, 1, "Demodulate a Pyramid FSK tag from GraphBuffer"},
-  {"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"},
+  {"fskparadoxdemod", CmdFSKdemodParadox, 1, "Demodulate a Paradox FSK tag from GraphBuffer"},
-  //{"fskrawdemod",   CmdFSKrawdemod,     1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"},
+  {"getbitstream",    CmdGetBitStream,    1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"},
-  {"getbitstream",  CmdGetBitStream,    1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"},
+  {"grid",            CmdGrid,            1, "<x> <y> -- overlay grid on graph window, use zero value to turn off either"},
-  {"grid",          CmdGrid,            1, "<x> <y> -- overlay grid on graph window, use zero value to turn off either"},
+  {"hexsamples",      CmdHexsamples,      0, "<bytes> [<offset>] -- Dump big buffer as hex bytes"},
-  {"hexsamples",    CmdHexsamples,      0, "<bytes> [<offset>] -- Dump big buffer as hex bytes"},
+  {"hide",            CmdHide,            1, "Hide graph window"},
-  {"hide",          CmdHide,            1, "Hide graph window"},
+  {"hpf",             CmdHpf,             1, "Remove DC offset from trace"},
-  {"hpf",           CmdHpf,             1, "Remove DC offset from trace"},
+  {"load",            CmdLoad,            1, "<filename> -- Load trace (to graph window"},
-  {"load",          CmdLoad,            1, "<filename> -- Load trace (to graph window"},
+  {"ltrim",           CmdLtrim,           1, "<samples> -- Trim samples from left of trace"},
-  {"ltrim",         CmdLtrim,           1, "<samples> -- Trim samples from left of trace"},
+  {"rtrim",           CmdRtrim,           1, "<location to end trace> -- Trim samples from right of trace"},
  {"rtrim",         CmdRtrim,           1, "<location to end trace> -- Trim samples from right of trace"},
  //{"mandemod",      CmdManchesterDemod, 1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)"},
-  {"manrawdecode",  Cmdmandecoderaw,    1, "Manchester decode binary stream in DemodBuffer"},
+  {"manrawdecode",    Cmdmandecoderaw,    1, "Manchester decode binary stream in DemodBuffer"},
-  {"manmod",        CmdManchesterMod,   1, "[clock rate] -- Manchester modulate a binary stream"},
+  {"manmod",          CmdManchesterMod,   1, "[clock rate] -- Manchester modulate a binary stream"},
-  {"norm",          CmdNorm,            1, "Normalize max/min to +/-128"},
+  {"norm",            CmdNorm,            1, "Normalize max/min to +/-128"},
-  //{"nrzdetectclock",CmdDetectNRZClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"},
+  {"plot",            CmdPlot,            1, "Show graph window (hit 'h' in window for keystroke help)"},
-  //{"nrzrawdemod",   CmdNRZrawDemod,     1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"},
+  {"printdemodbuffer",CmdPrintDemodBuff,  1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"},
-  {"plot",          CmdPlot,            1, "Show graph window (hit 'h' in window for keystroke help)"},
+  {"pskindalademod",  CmdIndalaDecode,    1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
-  //{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"},
+  {"rawdemod",        CmdRawDemod,        1, "[modulation] ... <options> -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"},  
-  {"printdemodbuffer",CmdPrintDemodBuff,1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"},
+  {"samples",         CmdSamples,         0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"},
-  {"pskindalademod",CmdIndalaDecode,    1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
+  {"save",            CmdSave,            1, "<filename> -- Save trace (from graph window)"},
-  //{"psk1rawdemod",  CmdPSK1rawDemod,    1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"},
+  {"scale",           CmdScale,           1, "<int> -- Set cursor display scale"},
-  //{"psk2rawdemod",  CmdPSK2rawDemod,    1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"},
+  {"setdebugmode",    CmdSetDebugMode,    1, "<0|1> -- Turn on or off Debugging Mode for demods"},
-  {"rawdemod",      CmdRawDemod,        1, "[modulation] ... <options> -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"},  
+  {"shiftgraphzero",  CmdGraphShiftZero,  1, "<shift> -- Shift 0 for Graphed wave + or - shift value"},
  {"samples",       CmdSamples,         0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"},
  {"save",          CmdSave,            1, "<filename> -- Save trace (from graph window)"},
  {"scale",         CmdScale,           1, "<int> -- Set cursor display scale"},
  {"setdebugmode",  CmdSetDebugMode,    1, "<0|1> -- Turn on or off Debugging Mode for demods"},
  {"shiftgraphzero",CmdGraphShiftZero,  1, "<shift> -- Shift 0 for Graphed wave + or - shift value"},
  //{"threshold",     CmdThreshold,       1, "<threshold> -- Maximize/minimize every value in the graph window depending on threshold"},
-  {"dirthreshold",  CmdDirectionalThreshold,   1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
+  {"dirthreshold",    CmdDirectionalThreshold,   1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
-  {"tune",          CmdTuneSamples,     0, "Get hw tune samples for graph window"},
+  {"tune",            CmdTuneSamples,     0, "Get hw tune samples for graph window"},
-  {"undec",         CmdUndec,           1, "Un-decimate samples by 2"},
+  {"undec",           CmdUndec,           1, "Un-decimate samples by 2"},
-  {"zerocrossings", CmdZerocrossings,   1, "Count time between zero-crossings"},
+  {"zerocrossings",   CmdZerocrossings,   1, "Count time between zero-crossings"},
  {NULL, NULL, 0, NULL}
 };
--- a/client/cmddata.h
+++ b/client/cmddata.h
@ -63,12 +63,16 @@ int CmdThreshold(const char *Cmd);
 int CmdDirectionalThreshold(const char *Cmd);
 int CmdZerocrossings(const char *Cmd);
 int CmdIndalaDecode(const char *Cmd);
 int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo);
 int ASKbiphaseDemod(const char *Cmd, bool verbose);
 int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch);
 int ASKrawDemod(const char *Cmd, bool verbose);
 int FSKrawDemod(const char *Cmd, bool verbose);
 int PSKDemod(const char *Cmd, bool verbose);
 int NRZrawDemod(const char *Cmd, bool verbose);
 void printEM410x(uint32_t hi, uint64_t id);
 int getSamples(const char *Cmd, bool silent);
 #define MAX_DEMOD_BUF_LEN (1024*128)
 extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN];
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@ -362,6 +362,7 @@ int usage_lf_read()
 	PrintAndLog("Usage: lf read");
 	PrintAndLog("Options:        ");
 	PrintAndLog("       h            This help");
 	PrintAndLog("       s            silent run no printout");
 	PrintAndLog("This function takes no arguments. ");
 	PrintAndLog("Use 'lf config' to set parameters.");
 	return 0;
@ -481,13 +482,15 @@ int CmdLFSetConfig(const char *Cmd)
 int CmdLFRead(const char *Cmd)
 {
-	uint8_t cmdp =0;
+	uint8_t cmdp = 0;
-	if(param_getchar(Cmd, cmdp) == 'h')
+	bool arg1 = false;
 	if (param_getchar(Cmd, cmdp) == 'h')
 	{
 		return usage_lf_read();
 	}
 	if (param_getchar(Cmd, cmdp) == 's') arg1 = true; //suppress print
 	//And ship it to device
-	UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
+	UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K, {arg1,0,0}};
 	SendCommand(&c);
 	WaitForResponse(CMD_ACK,NULL);
 	return 0;
@ -1016,7 +1019,7 @@ int CmdLFfind(const char *Cmd)
  int ans=0;
  char cmdp = param_getchar(Cmd, 0);
  char testRaw = param_getchar(Cmd, 1);
-  if (strlen(Cmd) > 2 || cmdp == 'h' || cmdp == 'H') {
+  if (strlen(Cmd) > 3 || cmdp == 'h' || cmdp == 'H') {
    PrintAndLog("Usage:  lf search <0|1> [u]");
    PrintAndLog("     <use data from Graphbuffer> , if not set, try reading data from tag.");
    PrintAndLog("     [Search for Unknown tags] , if not set, reads only known tags.");
@ -1037,50 +1040,60 @@ int CmdLFfind(const char *Cmd)
    return 0;
  }
  if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
  PrintAndLog("NOTE: some demods output possible binary\n  if it finds something that looks like a tag");
  PrintAndLog("False Positives ARE possible\n");  
  PrintAndLog("\nChecking for known tags:\n");
  ans=CmdFSKdemodIO("");
  if (ans>0) {
    PrintAndLog("\nValid IO Prox ID Found!");
    return 1;
  }
  ans=CmdFSKdemodPyramid("");
  if (ans>0) {
    PrintAndLog("\nValid Pyramid ID Found!");
    return 1;
  }
  ans=CmdFSKdemodParadox("");
  if (ans>0) {
    PrintAndLog("\nValid Paradox ID Found!");
    return 1;
  }
  ans=CmdFSKdemodAWID("");
  if (ans>0) {
    PrintAndLog("\nValid AWID ID Found!");
    return 1;
  }
  ans=CmdFSKdemodHID("");
  if (ans>0) {
    PrintAndLog("\nValid HID Prox ID Found!");
    return 1;
  }
  //add psk and indala
  ans=CmdIndalaDecode("");
  if (ans>0) {
    PrintAndLog("\nValid Indala ID Found!");
    return 1;
  }
  ans=CmdAskEM410xDemod("");
  if (ans>0) {
    PrintAndLog("\nValid EM410x ID Found!");
    return 1;
  }
  ans=CmdG_Prox_II_Demod("");
  if (ans>0) {
    PrintAndLog("\nValid G Prox II ID Found!");
    return 1;
  }
  PrintAndLog("\nNo Known Tags Found!\n");
  if (testRaw=='u' || testRaw=='U'){
    //test unknown tag formats (raw mode)
@ -1127,7 +1140,7 @@ static command_t CommandTable[] =
  {"io",       	  CmdLFIO,	          1, "{ ioProx tags... }"},
  {"indalademod", CmdIndalaDemod,     1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
  {"indalaclone", CmdIndalaClone,     0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
-  {"read",        CmdLFRead,          0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
+  {"read",        CmdLFRead,          0, "['s' silent] Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
  {"search",      CmdLFfind,          1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"},
  {"sim",         CmdLFSim,           0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
  {"simask",      CmdLFaskSim,        0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d <hexdata>] -- Simulate LF ASK tag from demodbuffer or input"},
--- a/client/cmdlfem4x.c
+++ b/client/cmdlfem4x.c
@ -43,163 +43,24 @@ int CmdEMdemodASK(const char *Cmd)
 */
 int CmdEM410xRead(const char *Cmd)
 {
-  int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low;
+  uint32_t hi=0;
-  int parity[4];
+  uint64_t lo=0;
  char id[11] = {0x00};
  char id2[11] = {0x00};
  int retested = 0;
  uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
  high = low = 0;
-  /* Detect high and lows and clock */
+  if(!AskEm410xDemod("", &hi, &lo)) return 0;
-  for (i = 0; i < GraphTraceLen; i++)
+  PrintAndLog("EM410x pattern found: ");
-  {
+  printEM410x(hi, lo);
-    if (GraphBuffer[i] > high)
+  if (hi){
-      high = GraphBuffer[i];
+    PrintAndLog ("EM410x XL pattern found");
    else if (GraphBuffer[i] < low)
      low = GraphBuffer[i];
  }
  /* get clock */
  clock = GetAskClock(Cmd, false, false);
  /* parity for our 4 columns */
  parity[0] = parity[1] = parity[2] = parity[3] = 0;
  header = rows = 0;
  // manchester demodulate
  bit = bit2idx = 0;
  for (i = 0; i < (int)(GraphTraceLen / clock); i++)
  {
    hithigh = 0;
    hitlow = 0;
    first = 1;
    /* Find out if we hit both high and low peaks */
    for (j = 0; j < clock; j++)
    {
      if (GraphBuffer[(i * clock) + j] >= high)
        hithigh = 1;
      else if (GraphBuffer[(i * clock) + j] <= low)
        hitlow = 1;
      /* it doesn't count if it's the first part of our read
       because it's really just trailing from the last sequence */
      if (first && (hithigh || hitlow))
        hithigh = hitlow = 0;
      else
        first = 0;
      if (hithigh && hitlow)
        break;
    }
    /* If we didn't hit both high and low peaks, we had a bit transition */
    if (!hithigh || !hitlow)
      bit ^= 1;
    BitStream[bit2idx++] = bit;
  }
 retest:
  /* We go till 5 before the graph ends because we'll get that far below */
  for (i = 1; i < bit2idx - 5; i++)
  {
    /* Step 2: We have our header but need our tag ID */
    if (header == 9 && rows < 10)
    {
      /* Confirm parity is correct */
      if ((BitStream[i] ^ BitStream[i+1] ^ BitStream[i+2] ^ BitStream[i+3]) == BitStream[i+4])
      {
        /* Read another byte! */
        sprintf(id+rows, "%x", (8 * BitStream[i]) + (4 * BitStream[i+1]) + (2 * BitStream[i+2]) + (1 * BitStream[i+3]));
        sprintf(id2+rows, "%x", (8 * BitStream[i+3]) + (4 * BitStream[i+2]) + (2 * BitStream[i+1]) + (1 * BitStream[i]));
        rows++;
        /* Keep parity info */
        parity[0] ^= BitStream[i];
        parity[1] ^= BitStream[i+1];
        parity[2] ^= BitStream[i+2];
        parity[3] ^= BitStream[i+3];
        /* Move 4 bits ahead */
        i += 4;
      }
      /* Damn, something wrong! reset */
      else
      {
        PrintAndLog("Thought we had a valid tag but failed at word %d (i=%d)", rows + 1, i);
        /* Start back rows * 5 + 9 header bits, -1 to not start at same place */
        i -= 9 + (5 * rows) - 5;
        rows = header = 0;
      }
    }
    /* Step 3: Got our 40 bits! confirm column parity */
    else if (rows == 10)
    {
      /* We need to make sure our 4 bits of parity are correct and we have a stop bit */
      if (BitStream[i] == parity[0] && BitStream[i+1] == parity[1] &&
        BitStream[i+2] == parity[2] && BitStream[i+3] == parity[3] &&
        BitStream[i+4] == 0)
      {
        /* Sweet! */
        PrintAndLog("EM410x Tag ID: %s", id);
        PrintAndLog("Unique Tag ID: %s", id2);
 		global_em410xId = id;
        /* Stop any loops */
        return 1;
      }
      /* Crap! Incorrect parity or no stop bit, start all over */
      else
      {
        rows = header = 0;
        /* Go back 59 bits (9 header bits + 10 rows at 4+1 parity) */
        i -= 59;
      }
    }
    /* Step 1: get our header */
    else if (header < 9)
    {
      /* Need 9 consecutive 1's */
      if (BitStream[i] == 1)
        header++;
      /* We don't have a header, not enough consecutive 1 bits */
      else
        header = 0;
    }
  }
  /* if we've already retested after flipping bits, return */
 	if (retested++){
 		PrintAndLog("Failed to decode");
    return 0;
-	}
+  }
-
+  char id[12] = {0x00};
-  /* if this didn't work, try flipping bits */
+  sprintf(id, "%010llx",lo);
-  for (i = 0; i < bit2idx; i++)
+  
-    BitStream[i] ^= 1;
+  global_em410xId = id;
-
+  return 1;
  goto retest;
 }
-/* emulate an EM410X tag
+// emulate an EM410X tag
 * Format:
 *   1111 1111 1           <-- standard non-repeatable header
 *   XXXX [row parity bit] <-- 10 rows of 5 bits for our 40 bit tag ID
 *   ....
 *   CCCC                  <-- each bit here is parity for the 10 bits above in corresponding column
 *   0                     <-- stop bit, end of tag
 */
 int CmdEM410xSim(const char *Cmd)
 {
 	int i, n, j, binary[4], parity[4];
@ -282,28 +143,25 @@ int CmdEM410xSim(const char *Cmd)
 */
 int CmdEM410xWatch(const char *Cmd)
 {
 	char cmdp = param_getchar(Cmd, 0);
 	int read_h = (cmdp == 'h');
 	do {
 		if (ukbhit()) {
 			printf("\naborted via keyboard!\n");
 			break;
 		}
-		CmdLFRead(read_h ? "h" : "");
+		CmdLFRead("s");
-		CmdSamples("6000");		
+		getSamples("8192",true); //capture enough to get 2 full messages		
-	} while (
+	} while (!CmdEM410xRead(""));
-		!CmdEM410xRead("") 
+
 	);
 	return 0;
 }
 int CmdEM410xWatchnSpoof(const char *Cmd)
 {
 	CmdEM410xWatch(Cmd);
-    PrintAndLog("# Replaying : %s",global_em410xId);
+	PrintAndLog("# Replaying captured ID: %s",global_em410xId);
-    CmdEM410xSim(global_em410xId);
+	CmdLFaskSim("");
-  return 0;
+	return 0;
 }
 /* Read the transmitted data of an EM4x50 tag
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
--- a/client/cmdlft55xx.h
+++ b/client/cmdlft55xx.h
@ -10,12 +10,57 @@
 #ifndef CMDLFT55XX_H__
 #define CMDLFT55XX_H__
-int CmdLFT55XX(const char *Cmd);
+typedef struct {
 	enum {
 		DEMOD_NRZ  = 0x00,    
 		DEMOD_PSK1 = 0x01,
 		DEMOD_PSK2 = 0x02,
 		DEMOD_PSK3 = 0x03,
 		DEMOD_FSK1  = 0x04,     
 		DEMOD_FSK1a = 0x05,     
 		DEMOD_FSK2  = 0x06,     
 		DEMOD_FSK2a = 0x07, 
 		DEMOD_FSK   = 0xF0, //generic FSK (auto detect FCs)    
 		DEMOD_ASK  = 0x08,
 		DEMOD_BI   = 0x10,
 		DEMOD_BIa  = 0x18,		
 	}  modulation;
 	bool inverted;
 	uint8_t offset;
 	uint32_t block0;
 	enum {
 		RF_8 = 0x00,
 		RF_16 = 0x01,
 		RF_32 = 0x02,
 		RF_40 = 0x03,
 		RF_50 = 0x04,
 		RF_64 = 0x05,
 		RF_100 = 0x06,
 		RF_128 = 0x07,
 	} bitrate;
 } t55xx_conf_block_t;
-int CmdReadBlk(const char *Cmd);
+int CmdLFT55XX(const char *Cmd);
-int CmdReadBlkPWD(const char *Cmd);
+int CmdT55xxSetConfig(const char *Cmd);
-int CmdWriteBlk(const char *Cmd);
+int CmdT55xxReadBlock(const char *Cmd);
-int CmdWriteBLkPWD(const char *Cmd);
+int CmdT55xxWriteBlock(const char *Cmd);
-int CmdReadTrace(const char *Cmd);
+int CmdT55xxReadTrace(const char *Cmd);
 int CmdT55xxInfo(const char *Cmd);
 int CmdT55xxDetect(const char *Cmd);
 char * GetBitRateStr(uint32_t id);
 char * GetSaferStr(uint32_t id);
 char * GetModulationStr( uint32_t id);
 char * GetModelStrFromCID(uint32_t cid);
 char * GetSelectedModulationStr( uint8_t id);
 uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bitstream);
 void printT55xxBlock(const char *demodStr);
 void printConfiguration( t55xx_conf_block_t b);
 bool DecodeT55xxBlock();
 bool tryDetectModulation();
 bool test(uint8_t mode, uint8_t *offset);
 int special(const char *Cmd);
 int AquireData( uint8_t block );
 #endif
--- a/client/scripts/test_t55x7_ask.lua
+++ b/client/scripts/test_t55x7_ask.lua
@ -0,0 +1,139 @@
 local cmds = require('commands')
 local getopt = require('getopt')
 local bin = require('bin')
 local utils = require('utils')
 local format=string.format
 local floor=math.floor
 example =[[
 	1. script run test_t55x7_ask
 ]]
 author = "Iceman"
 usage = "script run test_t55x7_ask"
 desc =[[
 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
 The outlined procedure is as following:
 --ASK 
 	00 00 80 40
 --           max 2
 --        manchester
 --     bit rate
 "lf t55xx write 0 00008040"
 "lf t55xx detect"
 "lf t55xx info"
 Loop:
 	change the configuretion block 0 with:
    -xx 00 xxxx = RF/8 
    -xx 04 xxxx = RF/16
 	-xx 08 xxxx = RF/32
 	-xx 0C xxxx = RF/40
 	-xx 10 xxxx = RF/50
 	-xx 14 xxxx = RF/64
 	-xx 18 xxxx = RF/100
 	-xx 1C xxxx = RF/128
 testsuit for the ASK/MANCHESTER demod
 Arguments:
 	-h             : this help
 ]]
 local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
 local DEBUG = true -- the debug flag
 --BLOCK 0 = 00008040 ASK / MAN
 local config1 = '00'
 local config2 = '8040'
 local procedurecmds = {
 	[1] = '%s%02X%s',
 	[2] = 'lf t55xx detect',
 	[3] = 'lf t55xx info',
 }
 --- 
 -- A debug printout-function
 function dbg(args)
 	if not DEBUG then
 		return
 	end
    if type(args) == "table" then
 		local i = 1
 		while args[i] do
 			dbg(args[i])
 			i = i+1
 		end
 	else
 		print("###", args)
 	end	
 end	
 --- 
 -- This is only meant to be used when errors occur
 function oops(err)
 	print("ERROR: ",err)
 end
 --- 
 -- Usage help
 function help()
 	print(desc)
 	print("Example usage")
 	print(example)
 end
 --
 -- Exit message
 function ExitMsg(msg)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	print(msg)
 	print()
 end
 function test()
 	local y
 	for y = 0x0, 0x1d, 0x4 do
 		for _ = 1, #procedurecmds do
 			local pcmd = procedurecmds[_]
 			if #pcmd == 0 then  
 			elseif _ == 1 then
 				local config = pcmd:format(config1, y, config2)
 				dbg(('lf t55xx write 0 %s'):format(config))			
 				config = tonumber(config,16) 
 				local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}			
 				local err = core.SendCommand(writecmd:getBytes())
 				if err then return oops(err) end
 				local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
 			else
 				dbg(pcmd)
 				core.console( pcmd )
 			end			
 		end
 		core.clearCommandBuffer()	
 	end
 	print( string.rep('--',20) )
 end
 local function main(args)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	-- Arguments for the script
 	for o, arg in getopt.getopt(args, 'h') do
 		if o == "h" then return help() end
 	end
 	core.clearCommandBuffer()
 	test()
 	print( string.rep('--',20) )
 end
 main(args)
--- a/client/scripts/test_t55x7_bi.lua
+++ b/client/scripts/test_t55x7_bi.lua
@ -0,0 +1,133 @@
 local cmds = require('commands')
 local getopt = require('getopt')
 local bin = require('bin')
 local utils = require('utils')
 example =[[
 	1. script run test_t55x7_bi
 ]]
 author = "Iceman"
 usage = "script run test_t55x7_bi"
 desc =[[
 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040
 The outlined procedure is as following:
 --BIPHASE 00010040
 --
 "lf t55xx write 0 00010040"
 "lf t55xx detect"
 "lf t55xx info"
 Loop:
 	change the configuretion block 0 with:
    -xx01xxxx = RF/8 
    -xx05xxxx = RF/16
 	-xx09xxxx = RF/32
 	-xx0Dxxxx = RF/40
 	-xx11xxxx = RF/50
 	-xx15xxxx = RF/64
 	-xx19xxxx = RF/100
 	-xx1Dxxxx = RF/128
 testsuit for the BIPHASE demod
 Arguments:
 	-h             : this help
 ]]
 local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
 local DEBUG = true -- the debug flag
 --BLOCK 0 = 00010040 BIPHASE
 local config1 = '00'
 local config2 = '0040'
 local procedurecmds = {
 	[1] = '%s%02X%s',
 	[2] = 'lf t55xx detect',
 	[3] = 'lf t55xx info',
 }
 --- 
 -- A debug printout-function
 function dbg(args)
 	if not DEBUG then
 		return
 	end
    if type(args) == "table" then
 		local i = 1
 		while args[i] do
 			dbg(args[i])
 			i = i+1
 		end
 	else
 		print("###", args)
 	end	
 end	
 --- 
 -- This is only meant to be used when errors occur
 function oops(err)
 	print("ERROR: ",err)
 end
 --- 
 -- Usage help
 function help()
 	print(desc)
 	print("Example usage")
 	print(example)
 end
 --
 -- Exit message
 function ExitMsg(msg)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	print(msg)
 	print()
 end
 function test()
 	local y
 	for y = 1, 0x1D, 4 do
 		for _ = 1, #procedurecmds do
 			local pcmd = procedurecmds[_]
 			if #pcmd == 0 then  
 			elseif _ == 1 then
 				local config = pcmd:format(config1, y, config2)
 				dbg(('lf t55xx wr 0 %s'):format(config))
 				config = tonumber(config,16) 
 				local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
 				local err = core.SendCommand(writecmd:getBytes())
 				if err then return oops(err) end
 				local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
 			else
 				dbg(pcmd)
 				core.console( pcmd )
 			end
 		end
 		core.clearCommandBuffer()	
 	end
 	print( string.rep('--',20) )
 end
 local function main(args)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	-- Arguments for the script
 	for o, arg in getopt.getopt(args, 'h') do
 		if o == "h" then return help() end
 	end
 	core.clearCommandBuffer()
 	test()
 	print( string.rep('--',20) )
 end
 main(args)
--- a/client/scripts/test_t55x7_fsk.lua
+++ b/client/scripts/test_t55x7_fsk.lua
@ -0,0 +1,139 @@
 local cmds = require('commands')
 local getopt = require('getopt')
 local bin = require('bin')
 local utils = require('utils')
 example =[[
 	1. script run test_t55x7_fsk
 ]]
 author = "Iceman"
 usage = "script run test_t55x7_fsk"
 desc =[[
 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
 The outlined procedure is as following:
 --ASK 
 	00 00 80 40
 --           max 2 blocks
 --        FSK1
 --     bit rate
 "lf t55xx write 0 00007040"
 "lf t55xx detect"
 "lf t55xx info"
 Loop:
 	change the configuretion block 0 with:
    -xx 00 xxxx = RF/8 
    -xx 04 xxxx = RF/16
 	-xx 08 xxxx = RF/32
 	-xx 0C xxxx = RF/40
 	-xx 10 xxxx = RF/50
 	-xx 14 xxxx = RF/64
 	-xx 18 xxxx = RF/100
 	-xx 1C xxxx = RF/128
 testsuit for the ASK/MANCHESTER demod
 Arguments:
 	-h             : this help
 ]]
 local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
 local DEBUG = true -- the debug flag
 --BLOCK 0 = 00008040 FSK
 local config1 = '00'
 local config2 = '040'
 local procedurecmds = {
 	[1] = '%s%02X%X%s',
 	[2] = 'lf t55xx detect',
 	[3] = 'lf t55xx info',
 }
 --- 
 -- A debug printout-function
 function dbg(args)
 	if not DEBUG then
 		return
 	end
    if type(args) == "table" then
 		local i = 1
 		while args[i] do
 			dbg(args[i])
 			i = i+1
 		end
 	else
 		print("###", args)
 	end	
 end	
 --- 
 -- This is only meant to be used when errors occur
 function oops(err)
 	print("ERROR: ",err)
 end
 --- 
 -- Usage help
 function help()
 	print(desc)
 	print("Example usage")
 	print(example)
 end
 --
 -- Exit message
 function ExitMsg(msg)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	print(msg)
 	print()
 end
 function test(modulation)
 	local y
 	for y = 0x0, 0x1d, 0x4 do
 		for _ = 1, #procedurecmds do
 			local pcmd = procedurecmds[_]
 			if #pcmd == 0 then  
 			elseif _ == 1 then
 				local config = pcmd:format(config1, y, modulation, config2)
 				dbg(('lf t55xx write 0 %s'):format(config))
 				config = tonumber(config,16) 
 				local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
 				local err = core.SendCommand(writecmd:getBytes())
 				if err then return oops(err) end
 				local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
 			else
 				dbg(pcmd)
 				core.console( pcmd )
 			end			
 		end
 		core.clearCommandBuffer()	
 	end
 	print( string.rep('--',20) )
 end
 local function main(args)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	-- Arguments for the script
 	for o, arg in getopt.getopt(args, 'h') do
 		if o == "h" then return help() end
 	end
 	core.clearCommandBuffer()
 	test(4)
 	test(5)
 	test(6)
 	test(7)
 	print( string.rep('--',20) )
 end
 main(args)
--- a/client/scripts/test_t55x7_psk.lua
+++ b/client/scripts/test_t55x7_psk.lua
@ -2,15 +2,14 @@ local cmds = require('commands')
 local getopt = require('getopt')
 local bin = require('bin')
 local utils = require('utils')
 local dumplib = require('html_dumplib')
 example =[[
-	1. script run tracetest
+	1. script run test_t55x7_psk
-	2. script run tracetest -o 
+	2. script run test_t55x7_psk -o 
 ]]
 author = "Iceman"
-usage = "script run test_t55x7_psk -o <filename>"
+usage = "script run test_t55x7_psk"
 desc =[[
 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040
 The outlined procedure is as following:
@ -39,26 +38,35 @@ In all 12 individual test for the PSK demod
 Arguments:
 	-h             : this help
 	-o             : logfile name
 ]]
 local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
 local DEBUG = true -- the debug flag
 --BLOCK 0 = 00088040
 local config1 = '0008'
 local config2 = '40'
-local procedurecmds = {
+-- local procedurecmds = {
-	[1] = '%s%s%s%s',
+	-- [1] = '%s%s%s%s',
-	[2] = 'lf read',
+	-- [2] = 'lf read',
-	--[3] = '',
+	-- --[3] = '',
-	[3] = 'data samples',
+	-- [3] = 'data samples',
-	[4] = 'data pskdetectclock',
+	-- [4] = 'data pskdetectclock',
-	[5] = 'data psknrzrawdemod',
+	-- [5] = 'data psknrzrawdemod',
-	[6] = 'data pskindalademod',
+	-- [6] = 'data pskindalademod',
-}
+-- }
 -- --BLOCK 0 = 00 08 80 40 PSK
             -- -----------
 			   -- 08------- bitrate
 				  -- 8----- modulation PSK1
 				   -- 0---- PSK ClockRate
 				      -- 40 max 2 blocks
 local procedurecmds = {
 	[1] = '00%02X%X%X40',
 	[2] = 'lf t55xx detect',
 	--[3] = '',
 	[3] = 'lf t55xx info',
 }
 --- 
 -- A debug printout-function
 function dbg(args)
@ -97,45 +105,39 @@ function ExitMsg(msg)
 	print()
 end
-function pskTest(modulation)
+function test(modulation)
-	local y
+	local bitrate
-	for y = 0, 8, 4 do
+	local clockrate
-		for _ = 1, #procedurecmds do
+	for bitrate = 0x0, 0x1d, 0x4 do
-			local cmd = procedurecmds[_]
+	
-			
+		for clockrate = 0,8,4 do
 			if #cmd == 0 then  
 			elseif _ == 1 then
-				dbg("Writing to T55x7 TAG")
+			for _ = 1, #procedurecmds do
-		
+				local cmd = procedurecmds[_]
 				local configdata = cmd:format( config1, modulation , y, config2)
-				dbg( configdata)
+				if #cmd == 0 then  
-				local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = configdata ,arg2 = 0, arg3 = 0}
+				elseif _ == 1 then
 				local err = core.SendCommand(writecommand:getBytes())
 				if err then return oops(err) end
 				local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
-				if response then
+					dbg("Writing to T55x7 TAG")
-					local count,cmd,arg0 = bin.unpack('LL',response)
+
-					if(arg0==1) then
+					local config = cmd:format(bitrate, modulation, clockrate)
-						dbg("Writing success")
+					dbg(('lf t55xx write 0 %s'):format(config))
-					else
+					
-						return nil, "Couldn't read block.." 
+					config = tonumber(config,16) 
-					end
+					local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config ,arg2 = 0, arg3 = 0}
 					local err = core.SendCommand(writecommand:getBytes())
 					if err then return oops(err) end
 					local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
 				else
 					dbg(cmd)
 					core.console( cmd )
 				end
 			else
 				dbg(cmd)
 				core.console( cmd )
 			end
 			core.clearCommandBuffer()	
 		end
 		core.clearCommandBuffer()	
 	end
 	print( string.rep('--',20) )
 end
 local function main(args)
@ -143,20 +145,16 @@ local function main(args)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	local outputTemplate = os.date("testpsk_%Y-%m-%d_%H%M%S")
 	-- Arguments for the script
-	for o, arg in getopt.getopt(args, 'ho:') do
+	for o, arg in getopt.getopt(args, 'h') do
 		if o == "h" then return help() end
 		if o == "o" then outputTemplate = arg end		
 	end
 	core.clearCommandBuffer()
-	pskTest(1)
+	test(1)  -- PSK1
-	pskTest(2)
+	--test(2) -- PSK2
-	pskTest(3)
+	--test(3) -- PSK3
 	pskTest(8)
 	print( string.rep('--',20) )
 end
@ -170,4 +168,4 @@ main(args)
    -- XXXXX0XX = PSK RF/2
    -- XXXXX4XX = PSK RF/4
-    -- XXXXX8XX = PSK RF/8
+    -- XXXXX8XX = PSK RF/8
--- a/client/scripts/tracetest.lua
+++ b/client/scripts/tracetest.lua
@ -6,19 +6,20 @@ local dumplib = require('html_dumplib')
 example =[[
 	1. script run tracetest
 	2. script run tracetest -o 
 ]]
 author = "Iceman"
-usage = "script run tracetest -o <filename>"
+usage = "script run tracetest"
 desc =[[
 This script will load several traces files in ../traces/ folder and do 
 "data load"
-"lf search" 
+"lf search 1 u" 
 The following tracefiles will be loaded:  
   em*.pm3
   m*.pm3
 Arguments:
 	-h             : this help
 	-o             : logfile name
 ]]
 local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
@ -71,14 +72,14 @@ local function main(args)
 	local tracesEM = "find '../traces/' -iname 'em*.pm3' -type f"
 	local tracesMOD = "find '../traces/' -iname 'm*.pm3' -type f"
 	local write2File = false
 	local outputTemplate = os.date("testtest_%Y-%m-%d_%H%M%S")
 	-- Arguments for the script
-	for o, arg in getopt.getopt(args, 'ho:') do
+	for o, arg in getopt.getopt(args, 'h') do
 		if o == "h" then return help() end		
 		if o == "o" then outputTemplate = arg end		
 	end
-
+	
 	core.clearCommandBuffer()
 	local files = {}
@ -97,7 +98,7 @@ local function main(args)
 	end
 	p.close();
-	local cmdLFSEARCH = "lf search 1" 
+	local cmdLFSEARCH = "lf search 1 u" 
 	-- main loop
 	io.write('Starting to test traces > ')
@ -119,13 +120,6 @@ local function main(args)
 	end
 	io.write('\n')
 	-- Write dump to files
 	if not DEBUG then
 		local bar = dumplib.SaveAsText(emldata, outputTemplate..'.txt')
 		print(("Wrote output to:  %s"):format(bar))
 	end
 	-- Show info 
 	print( string.rep('--',20) )
 end
--- a/common/lfdemod.c
+++ b/common/lfdemod.c
@ -75,51 +75,6 @@ uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_
  return 0;
 }
 //by marshmellow
 //takes 1s and 0s and searches for EM410x format - output EM ID
 uint64_t Em410xDecodeOld(uint8_t *BitStream, size_t *size, size_t *startIdx)
 {
  //no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future
  //  otherwise could be a void with no arguments
  //set defaults
  uint64_t lo=0;
  uint32_t i = 0;
  if (BitStream[1]>1){  //allow only 1s and 0s
    // PrintAndLog("no data found");
    return 0;
  }
  // 111111111 bit pattern represent start of frame
  uint8_t preamble[] = {1,1,1,1,1,1,1,1,1};
  uint32_t idx = 0;
  uint32_t parityBits = 0;
  uint8_t errChk = 0;
  *startIdx = 0;
  for (uint8_t extraBitChk=0; extraBitChk<5; extraBitChk++){
    errChk = preambleSearch(BitStream+extraBitChk+*startIdx, preamble, sizeof(preamble), size, startIdx);
    if (errChk == 0) return 0;
    idx = *startIdx + 9;
    for (i=0; i<10;i++){ //loop through 10 sets of 5 bits (50-10p = 40 bits)
      parityBits = bytebits_to_byte(BitStream+(i*5)+idx,5);
      //check even parity
      if (parityTest(parityBits, 5, 0) == 0){
        //parity failed try next bit (in the case of 1111111111) but last 9 = preamble
        startIdx++;
        errChk = 0;
        break;
      }
      //set uint64 with ID from BitStream
      for (uint8_t ii=0; ii<4; ii++){
        lo = (lo << 1LL) | (BitStream[(i*5)+ii+idx]);
      }
    }
    if (errChk != 0) return lo;
    //skip last 5 bit parity test for simplicity.
    // *size = 64;
  }
  return 0;
 }
 //by marshmellow
 //takes 1s and 0s and searches for EM410x format - output EM ID
 uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo)
@ -143,6 +98,7 @@ uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_
    errChk = preambleSearch(BitStream+extraBitChk+*startIdx, preamble, sizeof(preamble), size, startIdx);
    if (errChk == 0) return 0;
    if (*size>64) FmtLen = 22;
    if (*size<64) return 0;
    idx = *startIdx + 9;
    for (i=0; i<FmtLen; i++){ //loop through 10 or 22 sets of 5 bits (50-10p = 40 bits or 88 bits)
      parityBits = bytebits_to_byte(BitStream+(i*5)+idx,5);
@ -308,16 +264,12 @@ int ManchesterEncode(uint8_t *BitStream, size_t size)
 //run through 2 times and take least errCnt
 int manrawdecode(uint8_t * BitStream, size_t *size)
 {
-	uint16_t bitnum=0;
+	uint16_t bitnum=0, MaxBits = 512, errCnt = 0;
-	uint16_t MaxBits = 500;
+	size_t i, ii;
-	uint16_t errCnt = 0;
+	uint16_t bestErr = 1000, bestRun = 0;
 	size_t i=1;
 	uint16_t bestErr = 1000;
 	uint16_t bestRun = 0;
 	size_t ii=1;
 	if (size == 0) return -1;
-	for (ii=1;ii<3;++ii){
+	for (ii=0;ii<2;++ii){
-		i=1;
+		i=0;
 		for (i=i+ii;i<*size-2;i+=2){
 			if(BitStream[i]==1 && (BitStream[i+1]==0)){
 			} else if((BitStream[i]==0)&& BitStream[i+1]==1){
@ -335,7 +287,7 @@ int manrawdecode(uint8_t * BitStream, size_t *size)
 	errCnt=bestErr;
 	if (errCnt<20){
 		ii=bestRun;
-		i=1;
+		i=0;
 		for (i=i+ii; i < *size-2; i+=2){
 			if(BitStream[i] == 1 && (BitStream[i+1] == 0)){
 				BitStream[bitnum++]=0;
@ -355,6 +307,7 @@ int manrawdecode(uint8_t * BitStream, size_t *size)
 //by marshmellow
 //take 01 or 10 = 1 and 11 or 00 = 0
 //check for phase errors - should never have 111 or 000 should be 01001011 or 10110100 for 1010
 //decodes biphase or if inverted it is AKA conditional dephase encoding AKA differential manchester encoding
 int BiphaseRawDecode(uint8_t *BitStream, size_t *size, int offset, int invert)
 {
 	uint16_t bitnum=0;
@ -372,7 +325,7 @@ int BiphaseRawDecode(uint8_t *BitStream, size_t *size, int offset, int invert)
 	if (!offsetA && offsetB) offset++;
 	for (i=offset; i<*size-3; i+=2){
 		//check for phase error
-		if (i<*size-3 && BitStream[i+1]==BitStream[i+2]) {
+		if (BitStream[i+1]==BitStream[i+2]) {
 			BitStream[bitnum++]=77;
 			errCnt++;
 		}
@ -412,6 +365,56 @@ void askAmp(uint8_t *BitStream, size_t size)
 	return;
 }
 int cleanAskRawDemod(uint8_t *BinStream, size_t *size, int clk, int invert, int high, int low)
 {
 	size_t bitCnt=0, smplCnt=0, errCnt=0;
 	uint8_t waveHigh = 0;
 	//PrintAndLog("clk: %d", clk);
 	for (size_t i=0; i < *size; i++){
 		if (BinStream[i] >= high && waveHigh){
 			smplCnt++;
 		} else if (BinStream[i] <= low && !waveHigh){
 			smplCnt++;
 		} else { //transition
 			if ((BinStream[i] >= high && !waveHigh) || (BinStream[i] <= low && waveHigh)){
 				if (smplCnt > clk-(clk/4)-1) { //full clock
 					if (smplCnt > clk + (clk/4)+1) { //too many samples
 						errCnt++;
 						BinStream[bitCnt++]=77;
 					} else if (waveHigh) {
 						BinStream[bitCnt++] = invert;
 						BinStream[bitCnt++] = invert;
 					} else if (!waveHigh) {
 						BinStream[bitCnt++] = invert ^ 1;
 						BinStream[bitCnt++] = invert ^ 1;
 					}
 					waveHigh ^= 1;  
 					smplCnt = 0;
 				} else if (smplCnt > (clk/2) - (clk/4)-1) {
 					if (waveHigh) {
 						BinStream[bitCnt++] = invert;
 					} else if (!waveHigh) {
 						BinStream[bitCnt++] = invert ^ 1;
 					}
 					waveHigh ^= 1;  
 					smplCnt = 0;
 				} else if (!bitCnt) {
 					//first bit
 					waveHigh = (BinStream[i] >= high);
 					smplCnt = 1;
 				} else {
 					smplCnt++;
 					//transition bit oops
 				}
 			} else { //haven't hit new high or new low yet
 				smplCnt++;
 			}
 		}
 	}
 	*size = bitCnt;
 	return errCnt;
 }
 //by marshmellow
 //takes 3 arguments - clock, invert and maxErr as integers
 //attempts to demodulate ask only
@ -423,15 +426,22 @@ int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int max
 	if (*clk==0) return -1;
 	if (start<0) return -1;
 	if (*invert != 0 && *invert != 1) *invert =0;
 	if (amp==1) askAmp(BinStream, *size);
 	uint32_t initLoopMax = 200;
 	if (initLoopMax > *size) initLoopMax=*size;
 	// Detect high and lows
-	//25% fuzz in case highs and lows aren't clipped [marshmellow]
+	//25% clip in case highs and lows aren't clipped [marshmellow]
 	uint8_t clip = 75;
 	int high, low, ans;
-	if (amp==1) askAmp(BinStream, *size);
+	ans = getHiLo(BinStream, initLoopMax, &high, &low, clip, clip);
 	ans = getHiLo(BinStream, initLoopMax, &high, &low, 75, 75);
 	if (ans<1) return -1; //just noise
 	if (DetectCleanAskWave(BinStream, *size, high, low)) {
 		//PrintAndLog("Clean");
 		return cleanAskRawDemod(BinStream, size, *clk, *invert, high, low);
 	}
 	//PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
 	int lastBit = 0;  //set first clock check
 	uint32_t bitnum = 0;     //output counter
@ -443,12 +453,13 @@ int askrawdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int max
 	uint32_t gLen = *size;
 	if (gLen > 500) gLen=500;
 	//if 0 errors allowed then only try first 2 clock cycles as we want a low tolerance
-	if (!maxErr) gLen=*clk*2; 
+	if (!maxErr) gLen = *clk * 2; 
 	uint8_t errCnt =0;
 	uint32_t bestStart = *size;
 	uint32_t bestErrCnt = maxErr; //(*size/1000);
 	uint8_t midBit=0;
 	uint16_t MaxBits=1000;
 	//PrintAndLog("DEBUG - lastbit - %d",lastBit);
 	//loop to find first wave that works
 	for (iii=start; iii < gLen; ++iii){
@ -619,7 +630,9 @@ size_t fsk_wave_demod(uint8_t * dest, size_t size, uint8_t fchigh, uint8_t fclow
 				//do nothing with extra garbage
 			} else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves
 				dest[numBits]=1;
-			} else {							//9+ = 10 waves
+			} else if ((idx-last_transition) > (fchigh+1) && !numBits) { //12 + and first bit = garbage 
 				//do nothing with beginning garbage
 			} else {                                         //9+ = 10 waves
 				dest[numBits]=0;
 			}
 			last_transition = idx;
@ -643,18 +656,31 @@ size_t aggregate_bits(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t maxCons
 	uint32_t idx=0;
 	size_t numBits=0;
 	uint32_t n=1;
-
+	float lowWaves = (((float)(rfLen))/((float)fclow));
 	float highWaves = (((float)(rfLen))/((float)fchigh));
 	for( idx=1; idx < size; idx++) {
 		if (dest[idx]==lastval) {
 			n++;
 			continue;
 		}
 		n++;
 		//if lastval was 1, we have a 1->0 crossing
-		if ( dest[idx-1]==1 ) {
+		if (dest[idx-1]==1) {
-			n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow));
+			if (!numBits && n < (uint8_t)lowWaves) {
-		} else {// 0->1 crossing
+				n=0;
-			n=myround2((float)(n+1)/((float)(rfLen-1)/(float)fchigh));  //-1 for fudge factor
+				lastval = dest[idx];
 				continue;
 			}
 			n=myround2(((float)n)/lowWaves);
 		} else {// 0->1 crossing 
 			//test first bitsample too small
 			if (!numBits && n < (uint8_t)highWaves) {
 				n=0;
 				lastval = dest[idx];
 				continue;
 			}
 			n = myround2(((float)n)/highWaves);  //-1 for fudge factor
 		}
 		if (n == 0) n = 1;
@ -670,6 +696,17 @@ size_t aggregate_bits(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t maxCons
 		n=0;
 		lastval=dest[idx];
 	}//end for
 	// if valid extra bits at the end were all the same frequency - add them in
 	if (n > lowWaves && n > highWaves) {
 		if (dest[idx-2]==1) {
 			n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow));
 		} else {
 			n=myround2((float)(n+1)/((float)(rfLen-1)/(float)fchigh));  //-1 for fudge factor			
 		}
 		memset(dest, dest[idx-1]^invert , n);
 		numBits += n;
 	}
 	return numBits;
 }
 //by marshmellow  (from holiman's base)
@ -856,20 +893,70 @@ int PyramiddemodFSK(uint8_t *dest, size_t *size)
 uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low)
 {
-	uint8_t allPeaks=1;
+	uint16_t allPeaks=1;
 	uint16_t cntPeaks=0;
-	for (size_t i=20; i<255; i++){
+	size_t loopEnd = 572;
 	if (loopEnd > size) loopEnd = size;
 	for (size_t i=60; i<loopEnd; i++){
 		if (dest[i]>low && dest[i]<high) 
 			allPeaks=0;
 		else
 			cntPeaks++;
 	}
-	if (allPeaks==0){
+	if (allPeaks == 0){
-		if (cntPeaks>190) return 1;
+		if (cntPeaks > 300) return 1;
 	}
 	return allPeaks;
 }
 int DetectStrongAskClock(uint8_t dest[], size_t size)
 {
 	int clk[]={0,8,16,32,40,50,64,100,128,256};
  size_t idx = 40;
 	uint8_t high=0;
 	size_t cnt = 0;
 	size_t highCnt = 0;
 	size_t highCnt2 = 0;
 	for (;idx < size; idx++){
 		if (dest[idx]>128) {
 			if (!high){
 				high=1;
 				if (cnt > highCnt){
 					if (highCnt != 0) highCnt2 = highCnt;
 					highCnt = cnt;
 				} else if (cnt > highCnt2) {
 					highCnt2 = cnt;
 				}
 				cnt=1;
 			} else {
 				cnt++;
 			}
 		} else if (dest[idx] <= 128){
 			if (high) {
 				high=0;
 				if (cnt > highCnt) {
 					if (highCnt != 0) highCnt2 = highCnt;
 					highCnt = cnt;
 				} else if (cnt > highCnt2) {
 					highCnt2 = cnt;
 				}
 				cnt=1;
 			} else {
 				cnt++;
 			}
 		}
 	}
 	uint8_t tol;
 	for (idx=8; idx>0; idx--){
 		tol = clk[idx]/8;
 		if (clk[idx] >= highCnt - tol && clk[idx] <= highCnt + tol)
 			return clk[idx];
 		if (clk[idx] >= highCnt2 - tol && clk[idx] <= highCnt2 + tol)
 			return clk[idx];
 	}
 	return -1;
 }
 // by marshmellow
 // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping)
 // maybe somehow adjust peak trimming value based on samples to fix?
@ -892,24 +979,14 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr)
  //test for large clean peaks
  if (DetectCleanAskWave(dest, size, peak, low)==1){
-	  uint16_t fcTest=0;
+  	int ans = DetectStrongAskClock(dest, size);
-	  uint8_t mostFC=0;
+	  for (i=7; i>0; i--){
-	  fcTest=countFC(dest, size, &mostFC);
+	  	if (clk[i] == ans) {
-	  uint8_t fc1 = fcTest >> 8;
+	  		*clock=ans;
 	  uint8_t fc2 = fcTest & 0xFF;
 	  for (i=0; i<8; i++){
 	  	if (clk[i] == fc1) {
 	  		*clock=fc1;
 	  		return 0;
 	  	}
 	  	if (clk[i] == fc2) {
 	  		*clock=fc2;
 	  		return 0;
 	  	}
 	  }
  }
  int ii;
  int clkCnt;
  int tol = 0;
@ -923,6 +1000,7 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr)
    }else{
      tol=0;
    }
  	if (!maxErr) loopCnt=clk[clkCnt]*2;
    bestErr[clkCnt]=1000;
    //try lining up the peaks by moving starting point (try first 256)
    for (ii=0; ii < loopCnt; ii++){
@ -1242,11 +1320,10 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
  *clk = DetectNRZClock(dest, *size, *clk);
  if (*clk==0) return -2;
  uint32_t i;
-  int high, low, ans;
+  uint32_t gLen = 4096;
  ans = getHiLo(dest, 1260, &high, &low, 75, 75); //25% fuzz on high 25% fuzz on low
  if (ans<1) return -2; //just noise
  uint32_t gLen = 256;
  if (gLen>*size) gLen = *size;
  int high, low;
  if (getHiLo(dest, gLen, &high, &low, 75, 75) < 1) return -3; //25% fuzz on high 25% fuzz on low
  int lastBit = 0;  //set first clock check
  uint32_t bitnum = 0;     //output counter
  uint8_t tol = 1;  //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
@ -1256,6 +1333,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
  uint32_t bestErrCnt = maxErr+1;
  uint32_t bestPeakCnt = 0;
  uint32_t bestPeakStart=0;
  uint8_t bestFirstPeakHigh=0;
  uint8_t firstPeakHigh=0;
  uint8_t curBit=0;
  uint8_t bitHigh=0;
  uint8_t errBitHigh=0;
@ -1265,6 +1344,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
  //loop to find first wave that works - align to clock
  for (iii=0; iii < gLen; ++iii){
    if ((dest[iii]>=high) || (dest[iii]<=low)){
      if (dest[iii]>=high) firstPeakHigh=1;
      else firstPeakHigh=0;
      lastBit=iii-*clk;
      peakCnt=0;
      errCnt=0;
@ -1315,6 +1396,7 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
        //possible good read
        if (errCnt == 0){
          //bestStart = iii;
          bestFirstPeakHigh=firstPeakHigh;
          bestErrCnt = errCnt;
          bestPeakCnt = peakCnt;
          bestPeakStart = iii;
@ -1325,6 +1407,7 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
          //bestStart = iii;
        }
        if (peakCnt > bestPeakCnt){
          bestFirstPeakHigh=firstPeakHigh;
          bestPeakCnt=peakCnt;
          bestPeakStart=iii;
        } 
@ -1337,6 +1420,8 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
    iii=bestPeakStart;
    lastBit=bestPeakStart-*clk;
    bitnum=0;
    memset(dest, bestFirstPeakHigh^1, bestPeakStart / *clk);
    bitnum += (bestPeakStart / *clk);
    for (i = iii; i < *size; ++i) {
      //if we found a high bar and we are at a clock bit
      if ((dest[i] >= high ) && (i>=lastBit+*clk-tol && i<=lastBit+*clk+tol)){
@ -1386,12 +1471,12 @@ int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int maxErr)
    *size=bitnum;
  } else{
    *size=bitnum;
-    return -1;
+    return bestErrCnt;
  }
  if (bitnum>16){
    *size=bitnum;
-  } else return -1;
+  } else return -5;
  return errCnt;
 }
@ -1689,7 +1774,7 @@ int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert)
  errCnt=0;
  size_t numBits=0;
  //set skipped bits
-  memset(dest+numBits,curPhase^1,firstFullWave / *clock);
+  memset(dest,curPhase^1,firstFullWave / *clock);
  numBits += (firstFullWave / *clock);
  dest[numBits++] = curPhase; //set first read bit
  for (i = firstFullWave+fullWaveLen-1; i < *size-3; i++){
--- a/common/lfdemod.h
+++ b/common/lfdemod.h
@ -16,6 +16,7 @@
 #include <stdint.h>
 int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr);
 uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low);
 int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr);
 uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo);
 //uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx);
@ -47,5 +48,6 @@ uint8_t justNoise(uint8_t *BitStream, size_t size);
 uint8_t countPSK_FC(uint8_t *BitStream, size_t size);
 int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert);
 int DetectPSKClock(uint8_t dest[], size_t size, int clock);
 void askAmp(uint8_t *BitStream, size_t size);
 #endif