updates to lf t55xx commands

fix wakeup cmd per @iceman1001 fix dump and read cmds clean up write command allow page 1 read/write (block 3 is writable)(ata5577 only) remove duplicate code
2025-07-07 13:41:18 -07:00 · 2015-10-22 16:19:23 -04:00 · 2015-10-22 16:19:23 -04:00 · be2d41b73a
commit be2d41b73a
parent 8e99ec25ed
10 changed files with 321 additions and 217 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -980,9 +980,12 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_T55XX_WRITE_BLOCK:
 			T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
 			break;
-		case CMD_T55XX_READ_TRACE:
+		case CMD_T55XX_WAKEUP:
-			T55xxReadTrace();
+			T55xxWakeUp(c->arg[0]);
 			break;
 		//case CMD_T55XX_READ_TRACE:
 		//	T55xxReadTrace();
 		//	break;
 		case CMD_PCF7931_READ:
 			ReadPCF7931();
 			break;
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -81,7 +81,9 @@ void CopyIndala64toT55x7(int hi, int lo); // Clone Indala 64-bit tag by UID to T
 void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7); // Clone Indala 224-bit tag by UID to T55x7
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
-void T55xxReadTrace(void);
+void T55xxWakeUp(uint32_t Pwd);
 void TurnReadLFOn();
 //void T55xxReadTrace(void);
 void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode);
 void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode);
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -1160,9 +1160,10 @@ void T55xxWriteBit(int bit) {
 }
 // Write one card block in page 0, no lock
-void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode) {
+void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
 	LED_A_ON();
-
+	bool PwdMode = arg & 0x1;
 	uint8_t Page = (arg & 0x2)>>1;
 	uint32_t i = 0;
 	// Set up FPGA, 125kHz
@ -1174,8 +1175,8 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
 	// Opcode 10
 	T55xxWriteBit(1);
-	T55xxWriteBit(0); //Page 0
+	T55xxWriteBit(Page); //Page 0
-	if (PwdMode == 1){
+	if (PwdMode){
 		// Send Pwd
 		for (i = 0x80000000; i != 0; i >>= 1)
 			T55xxWriteBit(Pwd & i);
@ -1194,6 +1195,10 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
 	// Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
 	// so wait a little more)
 	TurnReadLFOn(20 * 1000);
 		//could attempt to do a read to confirm write took
 		// as the tag should repeat back the new block 
 		// until it is reset, but to confirm it we would 
 		// need to know the current block 0 config mode
 	// turn field off
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -1204,9 +1209,10 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
 // Read one card block in page 0
 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
 	LED_A_ON();
-	uint8_t PwdMode = arg0 & 0xFF;
+	bool PwdMode = arg0 & 0x1;
-	uint8_t wake = arg0 >> 8;
+	uint8_t Page = (arg0 & 0x2) >> 1;
 	uint32_t i = 0;
 	bool RegReadMode = (Block == 0xFF);
 	//clear buffer now so it does not interfere with timing later
 	BigBuf_Clear_ext(false);
@ -1223,7 +1229,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
 	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
 	// Now set up the SSC to get the ADC samples that are now streaming at us.
-	FpgaSetupSsc();
+	FpgaSetpSsc();
 	// Give it a bit of time for the resonant antenna to settle.
 	//SpinDelayUs(8*200);  //192FC
@ -1236,23 +1242,20 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
 	// Opcode 10
 	T55xxWriteBit(1);
-	T55xxWriteBit(0); //Page 0
+	T55xxWriteBit(Page); //Page 0
-	if (PwdMode || wake){
+	if (PwdMode){
 		// Send Pwd
 		for (i = 0x80000000; i != 0; i >>= 1)
 			T55xxWriteBit(Pwd & i);
 	}
 	// Send a zero bit separation
 	T55xxWriteBit(0);
-	// reading a block - send rest of read block cmd else skip for wake command
+	// Send Block number (if direct access mode)
-	if (!wake) {
+	if (!RegReadMode)
 		// Send a zero bit separation
 		T55xxWriteBit(0);
 		// Send Block number
 		for (i = 0x04; i != 0; i >>= 1)
 			T55xxWriteBit(Block & i);		
 	}
 	// Turn field on to read the response
 	TurnReadLFOn(READ_GAP);
@ -1266,6 +1269,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
 	LED_A_OFF();
 }
 /*
 // Read card traceability data (page 1)
 void T55xxReadTrace(void){
 	LED_A_ON();
@ -1295,6 +1299,29 @@ void T55xxReadTrace(void){
 	cmd_send(CMD_ACK,0,0,0,0,0);
 	LED_A_OFF();
 }
 */
 void T55xxWakeUp(uint32_t Pwd){
 	LED_B_ON();
 	uint32_t i = 0;
 	// Set up FPGA, 125kHz
 	LFSetupFPGAForADC(95, true);
 	// Trigger T55x7 Direct Access Mode
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	SpinDelayUs(START_GAP);
 	// Opcode 10
 	T55xxWriteBit(1);
 	T55xxWriteBit(0); //Page 0
 	// Send Pwd
 	for (i = 0x80000000; i != 0; i >>= 1)
 		T55xxWriteBit(Pwd & i);
 	// Turn and leave field on to let the begin repeating transmission
 	TurnReadLFOn(20*1000);
 }
 /*-------------- Cloning routines -----------*/
 // Copy HID id to card and setup block 0 config
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@ -272,20 +272,24 @@ void doT55x7Acquisition(void){
 	bool highFound = false;
 	uint8_t curSample = 0;
 	uint8_t firstSample = 0;
-	for(;;) {
+	uint16_t skipCnt = 0;
 	while(!BUTTON_PRESS() && skipCnt<1000) {
 		WDT_HIT();
 		if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
 			AT91C_BASE_SSC->SSC_THR = 0x43;
 			LED_D_ON();
 		}
 		if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
 			curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-			
+			LED_D_OFF();
 			// find first high sample
 			if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) {
 				if (curSample > firstSample) 
 					firstSample = curSample;
 				highFound = true;
 			} else if (!highFound) {
 				skipCnt++;
 				continue;
 			}
@ -295,9 +299,9 @@ void doT55x7Acquisition(void){
 					dest[i++] = firstSample;
 				startFound = true;
 				dest[i++] = curSample;
-			LED_D_OFF();
+				if (i >= bufsize-1) break;
 			if (i >= bufsize) break;
 			}
 		}
 		//skipCnt++;
 	}
 }
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@ -28,13 +28,14 @@
 #define CONFIGURATION_BLOCK 0x00
 #define TRACE_BLOCK 0x01
 #define REGULAR_READ_MODE_BLOCK 0xFF
 // Default configuration
 t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00};
 int usage_t55xx_config(){
 	PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>]");
-	PrintAndLog("Options:        ");
+	PrintAndLog("Options:");
 	PrintAndLog("       h                        This help");
 	PrintAndLog("       b <8|16|32|40|50|64|100|128>     Set bitrate");
 	PrintAndLog("       d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa>  Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A");
@ -49,35 +50,40 @@ int usage_t55xx_config(){
 	return 0;
 }
 int usage_t55xx_read(){
-	PrintAndLog("Usage:  lf t55xx read <block> <password> <override_safety>");
+	PrintAndLog("Usage:  lf t55xx read b <block> p <password> <override_safety> <page1>");
-	PrintAndLog("     <block>, block number to read. Between 0-7");
+	PrintAndLog("Options:");
-	PrintAndLog("     <password>, OPTIONAL password (8 hex characters)");
+	PrintAndLog("     b <block>, block number to read. Between 0-7");
-	PrintAndLog("     <override_safety>, OPTIONAL override safety check = 1");
+	PrintAndLog("     p <password>, OPTIONAL password (8 hex characters)");
 	PrintAndLog("     o, OPTIONAL override safety check");
 	PrintAndLog("     1, OPTIONAL read Page 1 instead of Page 0");
 	PrintAndLog("     ****WARNING****");
 	PrintAndLog("     Use of read with password on a tag not configured for a pwd");
 	PrintAndLog("     can damage the tag");
 	PrintAndLog("");
 	PrintAndLog("Examples:");
-	PrintAndLog("      lf t55xx read 0            - read data from block 0");
+	PrintAndLog("      lf t55xx read b 0            - read data from block 0");
-	PrintAndLog("      lf t55xx read 0 feedbeef   - read data from block 0 password feedbeef");
+	PrintAndLog("      lf t55xx read b 0 p feedbeef   - read data from block 0 password feedbeef");
-	PrintAndLog("      lf t55xx read 0 feedbeef 1 - read data from block 0 password feedbeef safety check");
+	PrintAndLog("      lf t55xx read b 0 p feedbeef o - read data from block 0 password feedbeef safety check");
 	PrintAndLog("");
 	return 0;
 }
 int usage_t55xx_write(){
-	PrintAndLog("Usage:  lf t55xx wr <block> <data> [password]");
+	PrintAndLog("Usage:  lf t55xx wr b <block> d <data> p [password] [1]");
-	PrintAndLog("     <block>, block number to write. Between 0-7");
+	PrintAndLog("Options:");
-	PrintAndLog("     <data>,  4 bytes of data to write (8 hex characters)");
+	PrintAndLog("     b <block>,    block number to write. Between 0-7");
-	PrintAndLog("     [password], OPTIONAL password 4bytes (8 hex characters)");
+	PrintAndLog("     d <data>,     4 bytes of data to write (8 hex characters)");
 	PrintAndLog("     p [password], OPTIONAL password 4bytes (8 hex characters)");
 	PrintAndLog("     1,            OPTIONAL write Page 1 instead of Page 0");
 	PrintAndLog("");
 	PrintAndLog("Examples:");
-	PrintAndLog("      lf t55xx wr 3 11223344           - write 11223344 to block 3");
+	PrintAndLog("      lf t55xx wr b 3 d 11223344            - write 11223344 to block 3");
-	PrintAndLog("      lf t55xx wr 3 11223344 feedbeef  - write 11223344 to block 3 password feedbeef");
+	PrintAndLog("      lf t55xx wr b 3 d 11223344 p feedbeef - write 11223344 to block 3 password feedbeef");
 	PrintAndLog("");
 	return 0;
 }
 int usage_t55xx_trace() {
 	PrintAndLog("Usage:  lf t55xx trace [1]");
 	PrintAndLog("Options:");
 	PrintAndLog("     [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
 	PrintAndLog("");
 	PrintAndLog("Examples:");
@ -88,6 +94,7 @@ int usage_t55xx_trace() {
 }
 int usage_t55xx_info() {
 	PrintAndLog("Usage:  lf t55xx info [1]");
 	PrintAndLog("Options:");
 	PrintAndLog("     [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
 	PrintAndLog("");
 	PrintAndLog("Examples:");
@ -97,17 +104,21 @@ int usage_t55xx_info() {
 	return 0;
 }
 int usage_t55xx_dump(){
-	PrintAndLog("Usage:  lf t55xx dump <password>");
+	PrintAndLog("Usage:  lf t55xx dump <password> [o]");
-    PrintAndLog("     <password>, OPTIONAL password 4bytes (8 hex symbols)");
+	PrintAndLog("Options:");
 	PrintAndLog("     <password>, OPTIONAL password 4bytes (8 hex symbols)");
 	PrintAndLog("     <Override>, OPTIONAL Force pwd read despite danger to card");
 	PrintAndLog("");
 	PrintAndLog("Examples:");
 	PrintAndLog("      lf t55xx dump");
-	PrintAndLog("      lf t55xx dump feedbeef");
+	PrintAndLog("      lf t55xx dump feedbeef o");
 	PrintAndLog("");
 	return 0;
 }
 int usage_t55xx_detect(){
-	PrintAndLog("Usage:  lf t55xx detect");
+	PrintAndLog("Usage:  lf t55xx detect [1]");
 	PrintAndLog("Options:");
 	PrintAndLog("     [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
 	PrintAndLog("");
 	PrintAndLog("Examples:");
 	PrintAndLog("      lf t55xx detect");
@ -115,6 +126,17 @@ int usage_t55xx_detect(){
 	PrintAndLog("");
 	return 0;
 }
 int usage_t55xx_wakup(){
 	PrintAndLog("Usage:  lf t55xx wakeup [h] p <password>");
 	PrintAndLog("This commands send the Answer-On-Request command and leaves the readerfield ON afterwards.");
 	PrintAndLog("Options:");
 	PrintAndLog("     h             - this help");
 	PrintAndLog("     p <password>  - password 4bytes (8 hex symbols)");
 	PrintAndLog("");
 	PrintAndLog("Examples:");
 		PrintAndLog("      lf t55xx wakeup p 11223344  - send wakeup password");
 	return 0;
 }
 static int CmdHelp(const char *Cmd);
@ -206,27 +228,51 @@ int CmdT55xxSetConfig(const char *Cmd) {
 	}
 	// No args
-	if (cmdp == 0) {
+	if (cmdp == 0) return printConfiguration( config );
 		printConfiguration( config );
 		return 0;
 	}
 	//Validations
 	if (errors)
 		return usage_t55xx_config();
- 	config.block0 = 0;
+	//Validations
- 	printConfiguration ( config );
+	if (errors) return usage_t55xx_config();
-	return 0;
+
 	config.block0 = 0;
 	return printConfiguration ( config );
 }
 int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, bool override, uint32_t password){
 	//Password mode
 	if ( usepwd ) {
 		// try reading the config block and verify that PWD bit is set before doing this!
 		if ( !override ) {
 			if ( !AquireData(0, CONFIGURATION_BLOCK, false, 0 ) ) return 0;
 			if ( !tryDetectModulation() ) {
 				PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");
 				return 0;
 			} else {
 				PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");	
 				usepwd = false;
 				page1 = false;
 			}
 		} else {
 			PrintAndLog("Safety Check Overriden - proceeding despite risk");
 		}
 	}
 	if (!AquireData(page1, block, usepwd, password) )	return 0;
 	if (!DecodeT55xxBlock()) return 0;
 	char blk[10]={0};
 	sprintf(blk,"%d", block);
 	printT55xxBlock(blk);	
 	return 1;
 }
 int CmdT55xxReadBlock(const char *Cmd) {
-	uint8_t block = 255;
+	uint8_t block = REGULAR_READ_MODE_BLOCK;
-	uint8_t wake = 0;
+	uint32_t password = 0; //default to blank Block 7
-	uint8_t usepwd = 0;
+	bool usepwd = false;
-	uint32_t password = 0xFFFFFFFF; //default to blank Block 7
+	bool override = false;
-	uint8_t override = 0;
+	bool page1 = false;
 	uint8_t cmdp = 0;
 	bool errors = false;
 	uint8_t cmdp = 0;
 	while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
 		switch(param_getchar(Cmd, cmdp)) {
 		case 'h':
@ -235,22 +281,21 @@ int CmdT55xxReadBlock(const char *Cmd) {
 		case 'b':
 		case 'B':
 			errors |= param_getdec(Cmd, cmdp+1, &block);
-			cmdp+=2;
+			cmdp += 2;
 			break;
 		case 'o':
 		case 'O':
-			override = 1;
+			override = true;
 			cmdp++;
 			break;
 		case 'p':
 		case 'P':
-			password = param_get32ex(Cmd, cmdp+1, 0, 10);
+			password = param_get32ex(Cmd, cmdp+1, 0, 16);
-			usepwd = 1;
+			usepwd = true;
-			cmdp+=2;
+			cmdp += 2;
 			break;
-		case 'w':
+		case '1':
-		case 'W':
+			page1 = true;
 			wake = 1;
 			cmdp++;
 			break;
 		default:
@ -260,56 +305,14 @@ int CmdT55xxReadBlock(const char *Cmd) {
 		}
 	}
 	if (errors) return usage_t55xx_read();
-	if (wake && !usepwd) {
+
-		PrintAndLog("Wake command must use a pwd");
+	if (block > 7 && block != REGULAR_READ_MODE_BLOCK	) {
 		return 1;
 	}
 	if ((block > 7) && !wake) {
 		PrintAndLog("Block must be between 0 and 7");
-		return 1;
+		return 0;
 	}
-
+	PrintAndLog("Reading Page %d:", page1);	
-	UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}};
+	PrintAndLog("blk | hex data | binary");
-
+	return T55xxReadBlock(block, page1, usepwd, override, password);
 	//Password mode
 	if ( usepwd || wake ) {
 		// try reading the config block and verify that PWD bit is set before doing this!
 		if ( wake || override ) {
 			c.arg[0] = (wake<<8) & usepwd;
 			if ( !wake && override )
 				PrintAndLog("Safety Check Overriden - proceeding despite risk");
 		} else {
 			AquireData( CONFIGURATION_BLOCK );
 			if ( !tryDetectModulation() ) {
 				PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");
 				return 1;
 			} else {
 				PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");	
 			}
 		}
 	}
 	clearCommandBuffer();
 	SendCommand(&c);
 	if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
 		PrintAndLog("command execution time out");
 		return 2;
 	}
 	uint8_t got[12000];
 	GetFromBigBuf(got, sizeof(got), 0);
 	WaitForResponse(CMD_ACK,NULL);
 	setGraphBuf(got, sizeof(got));
 	//DemodBufferLen=0;
 	if (!DecodeT55xxBlock()) return 3;
 	char blk[10]={0};
 	if ( wake ) {
 		sprintf(blk,"wake");
 	} else {
 		sprintf(blk,"%d", block);
 	}
 	printT55xxBlock(blk);
 	return 0;
 }
 bool DecodeT55xxBlock(){
@ -320,9 +323,6 @@ bool DecodeT55xxBlock(){
 	uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
 	DemodBufferLen = 0x00;
 	//trim 1/2 a clock from beginning
 	//snprintf(cmdStr, sizeof(buf),"%d", bitRate[config.bitrate]/2 );
 	//CmdLtrim(cmdStr);
 	switch( config.modulation ){
 		case DEMOD_FSK:
 			snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );
@ -374,17 +374,17 @@ int CmdT55xxDetect(const char *Cmd){
 		return usage_t55xx_detect();
 	if (strlen(Cmd)==0)
-		AquireData( CONFIGURATION_BLOCK );
+		if ( !AquireData(0, CONFIGURATION_BLOCK, false, 0) )
 			return 0;
 	if ( !tryDetectModulation() )
 		PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");
-	return 0;
+	return 1;
 }
 // detect configuration?
 bool tryDetectModulation(){
 	//char cmdStr[8] = {0};
 	uint8_t hits = 0;
 	t55xx_conf_block_t tests[15];
 	int bitRate=0;
@ -392,8 +392,6 @@ bool tryDetectModulation(){
 	save_restoreGB(1);
 	if (GetFskClock("", FALSE, FALSE)){ 
 		fskClocks(&fc1, &fc2, &clk, FALSE);
 		//sprintf(cmdStr,"%d", clk/2);
 		//CmdLtrim(cmdStr);
 		if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate)){
 			tests[hits].modulation = DEMOD_FSK;
 			if (fc1==8 && fc2 == 5)
@ -420,8 +418,6 @@ bool tryDetectModulation(){
 	} else {
 		clk = GetAskClock("", FALSE, FALSE);
 		if (clk>0) {
 			//sprintf(cmdStr,"%d", clk/2);
 			//CmdLtrim(cmdStr);
 			if ( ASKDemod("0 0 0", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate)) {
 				tests[hits].modulation = DEMOD_ASK;
 				tests[hits].bitrate = bitRate;
@ -455,8 +451,6 @@ bool tryDetectModulation(){
 		save_restoreGB(0);
 		clk = GetNrzClock("", FALSE, FALSE);
 		if (clk>0) {
 			//sprintf(cmdStr,"%d", clk/2);
 			//CmdLtrim(cmdStr);
 			if ( NRZrawDemod("0 0 1", FALSE)  && test(DEMOD_NRZ, &tests[hits].offset, &bitRate)) {
 				tests[hits].modulation = DEMOD_NRZ;
 				tests[hits].bitrate = bitRate;
@ -478,9 +472,6 @@ bool tryDetectModulation(){
 		save_restoreGB(0);
 		clk = GetPskClock("", FALSE, FALSE);
 		if (clk>0) {
 			//PrintAndLog("clk %d",clk);
 			//sprintf(cmdStr,"%d", clk/2);
 			//CmdLtrim(cmdStr);	
 			if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate)) {
 				tests[hits].modulation = DEMOD_PSK1;
 				tests[hits].bitrate = bitRate;
@ -666,14 +657,14 @@ void printT55xxBlock(const char *blockNum){
 		bits[i - config.offset]=DemodBuffer[i];
 	blockData = PackBits(0, 32, bits);
-	PrintAndLog("[%s] 0x%08X  %s", blockNum, blockData, sprint_bin(bits,32));
+	PrintAndLog("  %s | %08X | %s", blockNum, blockData, sprint_bin(bits,32));
 }
 int special(const char *Cmd) {
 	uint32_t blockData = 0;
 	uint8_t bits[32] = {0x00};
-	PrintAndLog("[OFFSET] [DATA] [BINARY]");
+	PrintAndLog("OFFSET | DATA       | BINARY");
 	PrintAndLog("----------------------------------------------------");
 	int i,j = 0;
 	for (; j < 64; ++j){
@ -683,86 +674,142 @@ int special(const char *Cmd) {
 		blockData = PackBits(0, 32, bits);
-		PrintAndLog("[%02d] 0x%08X  %s",j , blockData, sprint_bin(bits,32));	
+		PrintAndLog("    %02d | 0x%08X | %s",j , blockData, sprint_bin(bits,32));	
 	}
 	return 0;
 }
-void printConfiguration( t55xx_conf_block_t b){
+int printConfiguration( t55xx_conf_block_t b){
 	PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );
 	PrintAndLog("Bit Rate   : %s", GetBitRateStr(b.bitrate) );
 	PrintAndLog("Inverted   : %s", (b.inverted) ? "Yes" : "No" );
 	PrintAndLog("Offset     : %d", b.offset);
 	PrintAndLog("Block0     : 0x%08X", b.block0);
 	PrintAndLog("");
 	return 0;
 }
-int CmdT55xxWriteBlock(const char *Cmd)
+int CmdT55xxWakeUp(const char *Cmd) {
-{
+	uint32_t password = 0;
-	int block = 8; //default to invalid block
+	uint8_t cmdp = 0;
-	int data = 0xFFFFFFFF; //default to blank Block 
+	bool errors = true;
-	int password = 0xFFFFFFFF; //default to blank Block 7
+	while(param_getchar(Cmd, cmdp) != 0x00) {
-	
+		switch(param_getchar(Cmd, cmdp)) {
-	char cmdp = param_getchar(Cmd, 0);
+		case 'h':
-	if (cmdp == 'h' || cmdp == 'H') {
+		case 'H':
-		usage_t55xx_write();
+			return usage_t55xx_wakup();
-		return 0;
+		case 'p':
 		case 'P':
 			password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);
 			cmdp += 2;
 			errors = false;
 			break;
 		default:
 			PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
 			errors = true;
 			break;
 		}
 	}
-  
+	if (errors) return usage_t55xx_wakup();
-	int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);
+
-	
+	UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};
-	if ( res < 2 || res > 3) {
+	clearCommandBuffer();
-		usage_t55xx_write();
+	SendCommand(&c);
-		return 1;
+	PrintAndLog("Wake up command sent. Try read now");
 	return 0;
 }
 int CmdT55xxWriteBlock(const char *Cmd) {
 	uint8_t block = 0xFF; //default to invalid block
 	uint32_t data = 0xFFFFFFFF; //default to blank Block 
 	uint32_t password = 0xFFFFFFFF; //default to blank Block 7
 	bool usepwd = false;
 	bool page1 = false;	
 	bool gotdata = false;
 	bool errors = false;
 	uint8_t cmdp = 0;
 	while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
 		switch(param_getchar(Cmd, cmdp)) {
 		case 'h':
 		case 'H':
 			return usage_t55xx_write();
 		case 'b':
 		case 'B':
 			errors |= param_getdec(Cmd, cmdp+1, &block);
 			cmdp += 2;
 			break;
 		case 'd':
 		case 'D':
 			data = param_get32ex(Cmd, cmdp+1, 0, 16);
 			gotdata	= true;
 			cmdp += 2;
 			break;
 		case 'p':
 		case 'P':
 			password = param_get32ex(Cmd, cmdp+1, 0, 16);
 			usepwd = true;
 			cmdp += 2;
 			break;
 		case '1':
 			page1 = true;
 			cmdp++;
 			break;
 		default:
 			PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
 			errors = true;
 			break;
 		}
 	}
 	if (errors || !gotdata) return usage_t55xx_write();
 	if (block > 7) {
 		PrintAndLog("Block number must be between 0 and 7");
-		return 1;
+		return 0;
 	}
 	UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};
 	UsbCommand resp;
- 	c.d.asBytes[0] = 0x0; 
+ 	c.d.asBytes[0] = (page1) ? 0x2 : 0; 
-	PrintAndLog("Writing to block: %d  data  : 0x%08X", block, data);
+	PrintAndLog("Writing to page: %d  block: %d  data : 0x%08X", page1, block, data);
 	//Password mode
-	if (res == 3) {
+	if (usepwd) {
 		c.arg[2] = password;
-		c.d.asBytes[0] = 0x1; 
+		c.d.asBytes[0] |= 0x1; 
 		PrintAndLog("pwd   : 0x%08X", password);
 	}
 	clearCommandBuffer();
 	SendCommand(&c);
 	if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
 		PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");
-		return -1;
+		return 0;
 	}
-	return 0;
+	return 1;
 }
-int CmdT55xxReadTrace(const char *Cmd)
+int CmdT55xxReadTrace(const char *Cmd) {
 {
 	char cmdp = param_getchar(Cmd, 0);
-	
+	bool pwdmode = false;
 	uint32_t password = 0;
 	if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') 
 		return usage_t55xx_trace();
 	if (strlen(Cmd)==0)
-		AquireData( TRACE_BLOCK );
+		if ( !AquireData( TRACE_BLOCK, REGULAR_READ_MODE_BLOCK, pwdmode, password ) )
 			return 0;
-	if (!DecodeT55xxBlock()) return 1;
+	if (!DecodeT55xxBlock()) return 0;
 	if ( !DemodBufferLen) return 0;
 	if ( !DemodBufferLen) return 1;
 	RepaintGraphWindow();
 	uint8_t repeat = 0;
 	if (config.offset > 5) 
 		repeat = 32;
 	uint8_t si = config.offset+repeat;
-	uint32_t bl0     = PackBits(si, 32, DemodBuffer);
+	uint32_t bl1     = PackBits(si, 32, DemodBuffer);
-	uint32_t bl1     = PackBits(si+32, 32, DemodBuffer);
+	uint32_t bl2     = PackBits(si+32, 32, DemodBuffer);
 	uint32_t acl     = PackBits(si, 8,  DemodBuffer); si += 8;
 	uint32_t mfc     = PackBits(si, 8,  DemodBuffer); si += 8;
@ -783,7 +830,7 @@ int CmdT55xxReadTrace(const char *Cmd)
 	if ( acl != 0xE0 ) {
 		PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
-		return 1;
+		return 0;
 	}
 	PrintAndLog("");
@ -800,8 +847,8 @@ int CmdT55xxReadTrace(const char *Cmd)
 	PrintAndLog("     Die Number   : %d", dw);
 	PrintAndLog("-------------------------------------------------------------");
 	PrintAndLog(" Raw Data - Page 1");
-	PrintAndLog("     Block 0  : 0x%08X  %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );
+	PrintAndLog("     Block 1  : 0x%08X  %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat,32) );
-	PrintAndLog("     Block 1  : 0x%08X  %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
+	PrintAndLog("     Block 2  : 0x%08X  %s", bl2, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
 	PrintAndLog("-------------------------------------------------------------");
 	/*
@ -830,13 +877,16 @@ int CmdT55xxInfo(const char *Cmd){
 		Normal mode
 		Extended mode
 	*/
 	bool pwdmode = false;
 	uint32_t password = 0;
 	char cmdp = param_getchar(Cmd, 0);
 	if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
 		return usage_t55xx_info();
 	if (strlen(Cmd)==0)
-		AquireData( CONFIGURATION_BLOCK );
+		if ( !AquireData( 0, CONFIGURATION_BLOCK, pwdmode, password ) )
 			return 1;
 	if (!DecodeT55xxBlock()) return 1;
@ -887,67 +937,59 @@ int CmdT55xxInfo(const char *Cmd){
 int CmdT55xxDump(const char *Cmd){
-	char s[20] = {0x00};
+	uint32_t password = 0;
 	uint8_t pwd[4] = {0x00};
 	char cmdp = param_getchar(Cmd, 0);
-	if ( cmdp == 'h' || cmdp == 'H') {
+	bool override = false;
-		usage_t55xx_dump();
+	if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();
 		return 0;
 	}
-	bool hasPwd = ( strlen(Cmd) > 0);	
+	bool usepwd = ( strlen(Cmd) > 0);	
-	if ( hasPwd ){
+	if ( usepwd ){
-		if (param_gethex(Cmd, 0, pwd, 8)) {
+		password = param_get32ex(Cmd, 0, 0, 16);
-			PrintAndLog("password must include 8 HEX symbols");
+		if (param_getchar(Cmd, 1) =='o' )
-			return 1;
+			override = true;
 		}
 	}
-	for ( int i = 0; i <8; ++i){
+	PrintAndLog("Reading Page 0:");	
-		memset(s,0,sizeof(s));
+	PrintAndLog("blk | hex data | binary");
 	for ( uint8_t i = 0; i <8; ++i){
 		T55xxReadBlock(i, 0, usepwd, override, password);
 		/*memset(s,0,sizeof(s));
 		if ( hasPwd ) {
-			sprintf(s,"%d %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]);
+			if ( override ) {
 				sprintf(s,"b %d p %02x%02x%02x%02x o", i, pwd[0],pwd[1],pwd[2],pwd[3]);				
 			} else {
 				sprintf(s,"b %d p %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]);				
 			}
 		} else {
-			sprintf(s,"%d", i);
+			sprintf(s,"b %d", i);
 		}
-		CmdT55xxReadBlock(s);
+		CmdT55xxReadBlock(s);*/
 	}
-	return 0;
+	PrintAndLog("Reading Page 1:");	
 	PrintAndLog("blk | hex data | binary");
 	for ( uint8_t	i = 0; i<4; i++){
 		T55xxReadBlock(i, 1, usepwd, override, password);		
 	}
 	return 1;
 }
-int AquireData( uint8_t block ){
+int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
-	UsbCommand c;
+	uint8_t arg0 = (page<<1) | pwdmode;
-	
+	UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}};
 	if ( block == CONFIGURATION_BLOCK ) 
 		c.cmd = CMD_T55XX_READ_BLOCK;
 	else if (block == TRACE_BLOCK )
 		c.cmd = CMD_T55XX_READ_TRACE;
 	c.arg[0] = 0x00;
 	c.arg[1] = 0x00;
 	c.arg[2] = 0x00;
 	c.d.asBytes[0] = 0x0; 
 	//Password mode
 	// if ( res == 2 ) {
 		// c.arg[2] = password;
 		// c.d.asBytes[0] = 0x1; 
 	// }
 	clearCommandBuffer();
 	SendCommand(&c);
 	if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
 		PrintAndLog("command execution time out");
-		return 1;
+		return 0;
 	}
 	uint8_t got[12000];
 	GetFromBigBuf(got,sizeof(got),0);
 	WaitForResponse(CMD_ACK,NULL);
-	setGraphBuf(got, 12000);
+	setGraphBuf(got, sizeof(got));
-	return 0;
+	return 1;
 }
 char * GetBitRateStr(uint32_t id){
@ -1128,12 +1170,13 @@ static command_t CommandTable[] =
  {"help",   CmdHelp,           1, "This help"},
  {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
  {"detect", CmdT55xxDetect,    0, "[1] Try detecting the tag modulation from reading the configuration block."},
-  {"read",   CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},
+  {"read",   CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"},
-  {"write",  CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},
+  {"write",  CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data (page 0) [optional password]"},
  {"trace",  CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},
  {"info",   CmdT55xxInfo,      0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
-  {"dump",   CmdT55xxDump,      0, "[password] Dump T55xx card block 0-7. [optional password]"},
+  {"dump",   CmdT55xxDump,      0, "[password] [o] Dump T55xx card block 0-7. [optional password]"},
  {"special", special,          0, "Show block changes with 64 different offsets"},
  {"wakeup", CmdT55xxWakeUp,    0, "Send AOR wakeup command"},
  {NULL, NULL, 0, NULL}
 };
--- a/client/cmdlft55xx.h
+++ b/client/cmdlft55xx.h
@ -55,12 +55,12 @@ char * GetModelStrFromCID(uint32_t cid);
 char * GetSelectedModulationStr( uint8_t id);
 uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bitstream);
 void printT55xxBlock(const char *demodStr);
-void printConfiguration( t55xx_conf_block_t b);
+int printConfiguration( t55xx_conf_block_t b);
 bool DecodeT55xxBlock();
 bool tryDetectModulation();
 bool test(uint8_t mode, uint8_t *offset, int *fndBitRate);
 int special(const char *Cmd);
-int AquireData( uint8_t block );
+int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );
 #endif
--- a/client/hid-flasher/usb_cmd.h
+++ b/client/hid-flasher/usb_cmd.h
@ -73,7 +73,7 @@ typedef struct {
 #define CMD_INDALA_CLONE_TAG_L                                            0x0213
 #define CMD_T55XX_READ_BLOCK                                              0x0214
 #define CMD_T55XX_WRITE_BLOCK                                             0x0215
-#define CMD_T55XX_READ_TRACE                                              0x0216
+//#define CMD_T55XX_READ_TRACE                                              0x0216
 #define CMD_PCF7931_READ                                                  0x0217
 #define CMD_EM4X_READ_WORD                                                0x0218
 #define CMD_EM4X_WRITE_WORD                                               0x0219
@ -85,6 +85,7 @@ typedef struct {
 #define CMD_ASK_SIM_TAG                                                   0x021F
 #define CMD_PSK_SIM_TAG                                                   0x0220
 #define CMD_AWID_DEMOD_FSK                                                0x0221
 #define CMD_T55XX_WAKEUP                                                  0x0224
 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
--- a/client/lualibs/commands.lua
+++ b/client/lualibs/commands.lua
@ -44,7 +44,7 @@ local _commands = {
 	CMD_INDALA_CLONE_TAG_L =                                             0x0213,
 	CMD_T55XX_READ_BLOCK =                                               0x0214,
 	CMD_T55XX_WRITE_BLOCK =                                              0x0215,
-	CMD_T55XX_READ_TRACE =                                               0x0216,
+	--//CMD_T55XX_READ_TRACE =                                               0x0216,
 	CMD_PCF7931_READ =                                                   0x0217,
 	CMD_EM4X_READ_WORD =                                                 0x0218,
 	CMD_EM4X_WRITE_WORD =                                                0x0219,
@ -56,7 +56,7 @@ local _commands = {
 	CMD_ASK_SIM_TAG =                                                    0x021F,
 	CMD_PSK_SIM_TAG =                                                    0x0220,
 	CMD_AWID_DEMOD_FSK =                                                 0x0221,
-
+	CMD_T55XX_WAKEUP =                                                   0x0224,
 	--/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
 	--// For the 13.56 MHz tags
--- a/client/scripting.c
+++ b/client/scripting.c
@ -18,6 +18,7 @@
 #include "util.h"
 #include "nonce2key/nonce2key.h"
 #include "../common/iso15693tools.h"
 #include "iso14443crc.h"
 #include "../common/crc16.h"
 #include "../common/crc64.h"
 #include "../common/sha1.h"
@ -228,6 +229,27 @@ static int l_iso15693_crc(lua_State *L)
 	return 1;
 }
 static int l_iso14443b_crc(lua_State *L)
 {
 	/* void ComputeCrc14443(int CrcType,
                     const unsigned char *Data, int Length,
                     unsigned char *TransmitFirst,
                     unsigned char *TransmitSecond)
 	*/
 	unsigned char buf[USB_CMD_DATA_SIZE];
 	size_t len = 0;
 	const char *data = luaL_checklstring(L, 1, &len);
 	if (USB_CMD_DATA_SIZE < len)
 		len =  USB_CMD_DATA_SIZE-2;
 	for (int i = 0; i < len; i += 2) {
 		sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
 	}
 	ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]);
 	lua_pushlstring(L, (const char *)&buf, len+2);
 	return 1;
 }
 /*
 Simple AES 128 cbc hook up to OpenSSL.
 params:  key, input
@ -426,6 +448,7 @@ int set_pm3_libraries(lua_State *L)
 		{"clearCommandBuffer",          l_clearCommandBuffer},
 		{"console",                     l_CmdConsole},
 		{"iso15693_crc",                l_iso15693_crc},
 		{"iso14443b_crc",               l_iso14443b_crc},
 		{"aes128_decrypt",              l_aes128decrypt_cbc},
 		{"aes128_decrypt_ecb",          l_aes128decrypt_ecb},
 		{"aes128_encrypt",              l_aes128encrypt_cbc},
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@ -85,7 +85,7 @@ typedef struct{
 #define CMD_INDALA_CLONE_TAG_L                                            0x0213
 #define CMD_T55XX_READ_BLOCK                                              0x0214
 #define CMD_T55XX_WRITE_BLOCK                                             0x0215
-#define CMD_T55XX_READ_TRACE                                              0x0216
+//#define CMD_T55XX_READ_TRACE                                              0x0216
 #define CMD_PCF7931_READ                                                  0x0217
 #define CMD_PCF7931_WRITE                                                 0x0222
 #define CMD_EM4X_READ_WORD                                                0x0218
@ -99,6 +99,7 @@ typedef struct{
 #define CMD_ASK_SIM_TAG                                                   0x021F
 #define CMD_PSK_SIM_TAG                                                   0x0220
 #define CMD_AWID_DEMOD_FSK                                                0x0221
 #define CMD_T55XX_WAKEUP                                                  0x0224
 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */