From: iceman1001 <iceman@iuse.se>
Date: Wed, 1 Apr 2015 16:02:10 +0000 (+0200)
Subject: Merge branch 'master' of https://github.com/Proxmark/proxmark3
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/49dc1d0a9eafdb1e369ead88c3c8882bc6959a17?hp=-c

Merge branch 'master' of https://github.com/Proxmark/proxmark3

Conflicts:
	armsrc/Makefile
	armsrc/lfops.c
	client/cmdlft55xx.c
	common/ldscript.common
	common/lfdemod.c
---

49dc1d0a9eafdb1e369ead88c3c8882bc6959a17
diff --combined armsrc/Makefile
index d85244c7,899b0307..3140a0e7
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@@@ -10,7 -10,7 +10,7 @@@ APP_INCLUDES = apps.
  
  #remove one of the following defines and comment out the relevant line
  #in the next section to remove that particular feature from compilation  
- APP_CFLAGS	= -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG  -DWITH_CRC -DON_DEVICE -fno-strict-aliasing -Os
+ APP_CFLAGS	= -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG  -DWITH_CRC -DON_DEVICE -fno-strict-aliasing -ffunction-sections -fdata-sections
  #-DWITH_LCD 
  
  #SRC_LCD = fonts.c LCD.c
@@@ -18,7 -18,7 +18,7 @@@ SRC_LF = lfops.c hitag2.c lfsampling.
  SRC_ISO15693 = iso15693.c iso15693tools.c
  SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
  SRC_ISO14443b = iso14443.c
 -SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c 
 +SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
  SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c 
  
  THUMBSRC = start.c \
@@@ -45,14 -45,14 +45,15 @@@ ARMSRC = fpgaloader.c 
  	BigBuf.c \
  	optimized_cipher.c
  
 +
  # stdint.h provided locally until GCC 4.5 becomes C99 compliant
  APP_CFLAGS += -I.
  
  # Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
  include ../common/Makefile.common
  
- OBJS = $(OBJDIR)/osimage.s19 $(OBJDIR)/fpgaimage.s19
+ OBJS = $(OBJDIR)/osimage.s19 
+ #$(OBJDIR)/fpgaimage.s19
  
  all: $(OBJS)
  
@@@ -65,11 -65,11 +66,11 @@@ $(OBJDIR)/fpga_hf.o: fpga_hf.bi
  $(OBJDIR)/fullimage.elf: $(VERSIONOBJ) $(OBJDIR)/fpga_lf.o $(OBJDIR)/fpga_hf.o $(THUMBOBJ) $(ARMOBJ)
  	$(CC) $(LDFLAGS) -Wl,-T,ldscript,-Map,$(patsubst %.elf,%.map,$@) -o $@ $^ $(LIBS)
  
- $(OBJDIR)/fpgaimage.elf: $(OBJDIR)/fullimage.elf
- 	$(OBJCOPY) -F elf32-littlearm --only-section .fpgaimage $^ $@  
+ #$(OBJDIR)/fpgaimage.elf: $(OBJDIR)/fullimage.elf
+ #	$(OBJCOPY) -F elf32-littlearm --only-section .fpgaimage $^ $@  
  
  $(OBJDIR)/osimage.elf: $(OBJDIR)/fullimage.elf
- 	$(OBJCOPY) -F elf32-littlearm --remove-section .fpgaimage $^ $@
+ 	$(OBJCOPY) -F elf32-littlearm $^ $@
  
  tarbin: $(OBJS)
  	$(TAR) $(TARFLAGS) ../proxmark3-$(platform)-bin.tar $(OBJS:%=armsrc/%) $(OBJS:%.s19=armsrc/%.elf)
diff --combined armsrc/lfops.c
index 1bd23e5a,e5a40b2e..d6d686e1
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@@ -379,10 -379,10 +379,10 @@@ void WriteTItag(uint32_t idhi, uint32_
  	AcquireTiType();
  
  	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 -	DbpString("Now use tiread to check");
 +	DbpString("Now use 'lf ti read' to check");
  }
  
 -void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
 +void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol)
  {
  	int i;
  	uint8_t *tab = BigBuf_get_addr();
@@@ -756,7 -756,7 +756,7 @@@ void CmdHIDdemodFSK(int findone, int *h
  {
  	uint8_t *dest = BigBuf_get_addr();
  	//const size_t sizeOfBigBuff = BigBuf_max_traceLen();
 -	size_t size; 
 +	size_t size = 0; 
  	uint32_t hi2=0, hi=0, lo=0;
  	int idx=0;
  	// Configure to go in 125Khz listen mode
@@@ -866,24 -866,24 +866,24 @@@ void CmdEM410xdemod(int findone, int *h
  
  		if (errCnt<0) continue;
  	
 -		errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo);
 -		if (errCnt){
 -			if (size>64){
 -				Dbprintf("EM XL TAG ID: %06x%08x%08x - (%05d_%03d_%08d)",
 -				  hi,
 -				  (uint32_t)(lo>>32),
 -				  (uint32_t)lo,
 -				  (uint32_t)(lo&0xFFFF),
 -				  (uint32_t)((lo>>16LL) & 0xFF),
 -				  (uint32_t)(lo & 0xFFFFFF));
 -			} else {
 -				Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",
 -				  (uint32_t)(lo>>32),
 -				  (uint32_t)lo,
 -				  (uint32_t)(lo&0xFFFF),
 -				  (uint32_t)((lo>>16LL) & 0xFF),
 -				  (uint32_t)(lo & 0xFFFFFF));
 -			}
 +			errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo);
 +			if (errCnt){
 +				if (size>64){
 +					Dbprintf("EM XL TAG ID: %06x%08x%08x - (%05d_%03d_%08d)",
 +					  hi,
 +					  (uint32_t)(lo>>32),
 +					  (uint32_t)lo,
 +					  (uint32_t)(lo&0xFFFF),
 +					  (uint32_t)((lo>>16LL) & 0xFF),
 +					  (uint32_t)(lo & 0xFFFFFF));
 +				} else {
 +					Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",
 +					  (uint32_t)(lo>>32),
 +					  (uint32_t)lo,
 +					  (uint32_t)(lo&0xFFFF),
 +					  (uint32_t)((lo>>16LL) & 0xFF),
 +					  (uint32_t)(lo & 0xFFFFFF));
 +				}
  
  			if (findone){
  				if (ledcontrol) LED_A_OFF();
@@@ -908,8 -908,6 +908,8 @@@ void CmdIOdemodFSK(int findone, int *hi
  	uint8_t version=0;
  	uint8_t facilitycode=0;
  	uint16_t number=0;
 +	uint8_t crc = 0;
 +	uint16_t calccrc = 0;
  	// Configure to go in 125Khz listen mode
  	LFSetupFPGAForADC(95, true);
  
@@@ -921,62 -919,45 +921,62 @@@
  		WDT_HIT();
  		idx = IOdemodFSK(dest, BigBuf_max_traceLen());
  		if (idx<0) continue;
 -		//valid tag found
 -
 -		//Index map
 -		//0           10          20          30          40          50          60
 -		//|           |           |           |           |           |           |
 -		//01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
 -		//-----------------------------------------------------------------------------
 -		//00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11
 -		//
 -		//XSF(version)facility:codeone+codetwo
 -		//Handle the data
 -		if(findone){ //only print binary if we are doing one
 -			Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx],   dest[idx+1],   dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]);
 -			Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]);
 -			Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+18],dest[idx+19],dest[idx+20],dest[idx+21],dest[idx+22],dest[idx+23],dest[idx+24],dest[idx+25],dest[idx+26]);
 -			Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+27],dest[idx+28],dest[idx+29],dest[idx+30],dest[idx+31],dest[idx+32],dest[idx+33],dest[idx+34],dest[idx+35]);
 -			Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+36],dest[idx+37],dest[idx+38],dest[idx+39],dest[idx+40],dest[idx+41],dest[idx+42],dest[idx+43],dest[idx+44]);
 -			Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+45],dest[idx+46],dest[idx+47],dest[idx+48],dest[idx+49],dest[idx+50],dest[idx+51],dest[idx+52],dest[idx+53]);
 -			Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]);
 -		}
 -		code = bytebits_to_byte(dest+idx,32);
 -		code2 = bytebits_to_byte(dest+idx+32,32);
 -		version = bytebits_to_byte(dest+idx+27,8); //14,4
 +			//valid tag found
 +
 +			//Index map
 +			//0           10          20          30          40          50          60
 +			//|           |           |           |           |           |           |
 +			//01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
 +			//-----------------------------------------------------------------------------
 +            //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 checksum 11
 +			//
 +			//Checksum:  
 +			//00000000 0 11110000 1 11100000 1 00000001 1 00000011 1 10110110 1 01110101 11
 +			//preamble      F0         E0         01         03         B6         75
 +			// How to calc checksum,
 +			// http://www.proxmark.org/forum/viewtopic.php?id=364&p=6
 +			//   F0 + E0 + 01 + 03 + B6 = 28A
 +			//   28A & FF = 8A
 +			//   FF - 8A = 75
 +			// Checksum: 0x75
 +			//XSF(version)facility:codeone+codetwo
 +			//Handle the data
 +			if(findone){ //only print binary if we are doing one
 +				Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx],   dest[idx+1],   dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]);
 +				Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]);
 +				Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+18],dest[idx+19],dest[idx+20],dest[idx+21],dest[idx+22],dest[idx+23],dest[idx+24],dest[idx+25],dest[idx+26]);
 +				Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+27],dest[idx+28],dest[idx+29],dest[idx+30],dest[idx+31],dest[idx+32],dest[idx+33],dest[idx+34],dest[idx+35]);
 +				Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+36],dest[idx+37],dest[idx+38],dest[idx+39],dest[idx+40],dest[idx+41],dest[idx+42],dest[idx+43],dest[idx+44]);
 +				Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+45],dest[idx+46],dest[idx+47],dest[idx+48],dest[idx+49],dest[idx+50],dest[idx+51],dest[idx+52],dest[idx+53]);
 +				Dbprintf("%d%d%d%d%d%d%d%d %d%d",dest[idx+54],dest[idx+55],dest[idx+56],dest[idx+57],dest[idx+58],dest[idx+59],dest[idx+60],dest[idx+61],dest[idx+62],dest[idx+63]);
 +			}
 +			code = bytebits_to_byte(dest+idx,32);
 +			code2 = bytebits_to_byte(dest+idx+32,32);
 +			version = bytebits_to_byte(dest+idx+27,8); //14,4
- 			facilitycode = bytebits_to_byte(dest+idx+18,8) ;
+ 		facilitycode = bytebits_to_byte(dest+idx+18,8);
 -		number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
 -
 -		Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
 -		// if we're only looking for one tag
 -		if (findone){
 -			if (ledcontrol)	LED_A_OFF();
 -			//LED_A_OFF();
 -			*high=code;
 -			*low=code2;
 -			return;
 -		}
 -		code=code2=0;
 -		version=facilitycode=0;
 -		number=0;
 -		idx=0;
 +			number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
 +
 +			crc = bytebits_to_byte(dest+idx+54,8);
 +			for (uint8_t i=1; i<6; ++i)
 +				calccrc += bytebits_to_byte(dest+idx+9*i,8);
 +			calccrc &= 0xff;
 +			calccrc = 0xff - calccrc;
 +			
 +			char *crcStr = (crc == calccrc) ? "ok":"!crc";
 +
 +            Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x)  [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
 +			// if we're only looking for one tag
 +			if (findone){
 +				if (ledcontrol)	LED_A_OFF();
 +				//LED_A_OFF();
 +				*high=code;
 +				*low=code2;
 +				return;
 +			}
 +			code=code2=0;
 +			version=facilitycode=0;
 +			number=0;
 +			idx=0;
  
  		WDT_HIT();
  	}
@@@ -1044,23 -1025,9 +1044,23 @@@
   * and enlarge the gap ones.
   */
  #define START_GAP 50*8 // 10 - 50fc 250
 -#define WRITE_GAP 20*8 //    - 30fc 160
 -#define WRITE_0   24*8 // 16 - 63fc 54fc 144
 -#define WRITE_1   54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 //400
 +#define WRITE_GAP 20*8 //  8 - 30fc
 +#define WRITE_0   24*8 // 16 - 31fc 24fc 192
 +#define WRITE_1   54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550
 +
 +//  VALUES TAKEN FROM EM4x function: SendForward
 +//  START_GAP = 440;       (55*8) cycles at 125Khz (8us = 1cycle)
 +//  WRITE_GAP = 128;       (16*8)
 +//  WRITE_1   = 256 32*8;  (32*8) 
 +
 +//  These timings work for 4469/4269/4305 (with the 55*8 above)
 +//  WRITE_0 = 23*8 , 9*8  SpinDelayUs(23*8); 
 +
 +// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
 +// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
 +// Hitag units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier)
 +// T0 = TIMER_CLOCK1 / 125000 = 192
 +// 1 Cycle = 8 microseconds(us)
  
  #define T55xx_SAMPLES_SIZE      12000 // 32 x 32 x 10  (32 bit times numofblock (7), times clock skip..)
  
@@@ -1070,7 -1037,7 +1070,7 @@@ void T55xxWriteBit(int bit
  	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
  	FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
  	FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
 -	if (bit == 0)
 +	if (!bit)
  		SpinDelayUs(WRITE_0);
  	else
  		SpinDelayUs(WRITE_1);
@@@ -1524,16 -1491,10 +1524,16 @@@ void CopyIndala224toT55x7(int uid1, in
  #define max(x,y) ( x<y ? y:x)
  
  int DemodPCF7931(uint8_t **outBlocks) {
 -	uint8_t BitStream[256];
 -	uint8_t Blocks[8][16];
 -	uint8_t *GraphBuffer = BigBuf_get_addr();
 +
 +    uint8_t bits[256] = {0x00};
 +	uint8_t blocks[8][16];
 +    uint8_t *dest = BigBuf_get_addr();
 +    
  	int GraphTraceLen = BigBuf_max_traceLen();
 +	if (  GraphTraceLen > 18000 )
 +		GraphTraceLen = 18000;
 +	
 +	
  	int i, j, lastval, bitidx, half_switch;
  	int clock = 64;
  	int tolerance = clock / 8;
@@@ -1544,7 -1505,8 +1544,7 @@@
  	uint8_t dir;
  
  	LFSetupFPGAForADC(95, true);
 -	DoAcquisition_default(0, 0);
 -
 +	DoAcquisition_default(0, true);
  
  	lmin = 64;
  	lmax = 192;
@@@ -1552,9 -1514,9 +1552,9 @@@
  	i = 2;
  
  	/* Find first local max/min */
 -	if(GraphBuffer[1] > GraphBuffer[0]) {
 +    if(dest[1] > dest[0]) {
  		while(i < GraphTraceLen) {
 -			if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax)
 +            if( !(dest[i] > dest[i-1]) && dest[i] > lmax)
  				break;
  			i++;
  		}
@@@ -1562,7 -1524,7 +1562,7 @@@
  	}
  	else {
  		while(i < GraphTraceLen) {
 -			if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin)
 +            if( !(dest[i] < dest[i-1]) && dest[i] < lmin)
  				break;
  			i++;
  		}
@@@ -1576,7 -1538,7 +1576,7 @@@
  
  	for (bitidx = 0; i < GraphTraceLen; i++)
  	{
 -		if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin))
 +        if ( (dest[i-1] > dest[i] && dir == 1 && dest[i] > lmax) || (dest[i-1] < dest[i] && dir == 0 && dest[i] < lmin))
  		{
  			lc = i - lastval;
  			lastval = i;
@@@ -1605,14 -1567,14 +1605,14 @@@
  					block_done = 1;
  				}
  				else if(half_switch == 1) {
 -					BitStream[bitidx++] = 0;
 +                    bits[bitidx++] = 0;
  					half_switch = 0;
  				}
  				else
  					half_switch++;
  			} else if (abs(lc-clock) < tolerance) {
  				// 64TO
 -				BitStream[bitidx++] = 1;
 +                bits[bitidx++] = 1;
  			} else {
  				// Error
  				warnings++;
@@@ -1626,15 -1588,14 +1626,15 @@@
  			if(block_done == 1) {
  				if(bitidx == 128) {
  					for(j=0; j<16; j++) {
 -						Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
 -								64*BitStream[j*8+6]+
 -								32*BitStream[j*8+5]+
 -								16*BitStream[j*8+4]+
 -								8*BitStream[j*8+3]+
 -								4*BitStream[j*8+2]+
 -								2*BitStream[j*8+1]+
 -								BitStream[j*8];
 +                        blocks[num_blocks][j] = 128*bits[j*8+7]+
 +                                64*bits[j*8+6]+
 +                                32*bits[j*8+5]+
 +                                16*bits[j*8+4]+
 +                                8*bits[j*8+3]+
 +                                4*bits[j*8+2]+
 +                                2*bits[j*8+1]+
 +                                bits[j*8];
 +						
  					}
  					num_blocks++;
  				}
@@@ -1643,14 -1604,17 +1643,14 @@@
  				half_switch = 0;
  			}
  			if(i < GraphTraceLen)
 -			{
 -				if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
 -				else dir = 1;
 -			}
 +                dir =(dest[i-1] > dest[i]) ? 0 : 1;
  		}
  		if(bitidx==255)
  			bitidx=0;
  		warnings = 0;
  		if(num_blocks == 4) break;
  	}
 -	memcpy(outBlocks, Blocks, 16*num_blocks);
 +    memcpy(outBlocks, blocks, 16*num_blocks);
  	return num_blocks;
  }
  
@@@ -1948,14 -1912,9 +1948,14 @@@ void EM4xLogin(uint32_t Password) 
  
  void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
  
 -	uint8_t fwd_bit_count;
  	uint8_t *dest = BigBuf_get_addr();
 -	int m=0, i=0;
 +	uint16_t bufferlength = BigBuf_max_traceLen();
 +	uint32_t i = 0;
 +
 +	// Clear destination buffer before sending the command  0x80 = average.
 +	memset(dest, 0x80, bufferlength);
 +	
 +    uint8_t fwd_bit_count;
  
  	//If password mode do login
  	if (PwdMode == 1) EM4xLogin(Pwd);
@@@ -1964,6 -1923,9 +1964,6 @@@
  	fwd_bit_count = Prepare_Cmd( FWD_CMD_READ );
  	fwd_bit_count += Prepare_Addr( Address );
  
 -	m = BigBuf_max_traceLen();
 -	// Clear destination buffer before sending the command
 -	memset(dest, 128, m);
  	// Connect the A/D to the peak-detected low-frequency path.
  	SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
  	// Now set up the SSC to get the ADC samples that are now streaming at us.
@@@ -1979,12 -1941,10 +1979,12 @@@
  		}
  		if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
  			dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
 -			i++;
 -			if (i >= m) break;
 +			++i;
 +			if (i >= bufferlength) break;
  		}
  	}
 +  
 +	cmd_send(CMD_ACK,0,0,0,0,0);
  	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
  	LED_D_OFF();
  }
diff --combined client/cmddata.c
index 2563cb18,55959984..f2f1cfd7
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@@ -311,7 -311,7 +311,7 @@@ void printEM410x(uint32_t hi, uint64_t 
  			);
  			uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff))  + 0x143e00;
  			PrintAndLog("}\nOther          : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));  
 -			PrintAndLog("Pattern Paxton : %0d", paxton);
 +      PrintAndLog("Pattern Paxton  : %lld [0x%llX]", paxton, paxton);
  
  			uint32_t p1id = (id & 0xFFFFFF);
  			uint8_t arr[32] = {0x00};
@@@ -352,12 -352,12 +352,12 @@@
  			p1 |= arr[2]  << 4;
  			p1 |= arr[1]  << 5;
  			p1 |= arr[0]  << 9;
 -			PrintAndLog("Pattern 1      : 0x%X - %d", p1, p1);
 +	PrintAndLog("Pattern 1      : %d [0x%X]", p1, p1);
  
  			uint16_t sebury1 = id & 0xFFFF;
  			uint8_t  sebury2 = (id >> 16) & 0x7F;
  			uint32_t sebury3 = id & 0x7FFFFF;
 -			PrintAndLog("Pattern Sebury : %d %d %d  (hex: %X %X %X)", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3);
 +      PrintAndLog("Pattern Sebury  : %d %d %d  [0x%X 0x%X 0x%X]", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3);
  		}
  	}
  	return;
@@@ -414,7 -414,10 +414,10 @@@ int ASKmanDemod(const char *Cmd, bool v
  	int invert=0;
  	int clk=0;
  	int maxErr=100;
- 	
+ 	//param_getdec(Cmd, 0, &clk);
+ 	//param_getdec(Cmd, 1, &invert);
+ 	//maxErr = param_get32ex(Cmd, 2, 0xFFFFFFFF, 10);
+ 	//if (maxErr == 0xFFFFFFFF) maxErr=100;
  	uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
  	sscanf(Cmd, "%i %i %i", &clk, &invert, &maxErr);
  	if (invert != 0 && invert != 1) {
@@@ -513,7 -516,7 +516,7 @@@ int Cmdmandecoderaw(const char *Cmd
  		BitStream[i]=DemodBuffer[i];
  	}
  	if (high>1 || low <0 ){
 -		PrintAndLog("Error: please raw demod the wave first then mancheseter raw decode");
 +    PrintAndLog("Error: please raw demod the wave first then manchester raw decode");
  		return 0;
  	}
  	size=i;
@@@ -632,7 -635,6 +635,7 @@@ int ASKrawDemod(const char *Cmd, bool v
  	char amp = param_getchar(Cmd, 0);
  	uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
  	sscanf(Cmd, "%i %i %i %c", &clk, &invert, &maxErr, &amp);
 +		
  	if (invert != 0 && invert != 1) {
  		if (verbose || g_debugMode) PrintAndLog("Invalid argument: %s", Cmd);
  		return 0;
@@@ -675,9 -677,8 +678,9 @@@ int ASKbiphaseDemod(const char *Cmd, bo
  	//ask raw demod GraphBuffer first
  	int offset=0, clk=0, invert=0, maxErr=0, ans=0;
  	ans = sscanf(Cmd, "%i %i %i %i", &offset, &clk, &invert, &maxErr);
 +
  	if (ans>0)
- 		ans = ASKrawDemod(Cmd+2, FALSE);
+ 		ans = ASKrawDemod(Cmd+1, FALSE);
  	else
  		ans = ASKrawDemod(Cmd, FALSE);
  	if (!ans) {
@@@ -1148,7 -1149,7 +1151,7 @@@ int FSKrawDemod(const char *Cmd, bool v
  
  	if (strlen(Cmd)>0 && strlen(Cmd)<=2) {
  		 if (rfLen==1){
- 			invert=1;   //if invert option only is used
+ 			invert = 1;   //if invert option only is used
  			rfLen = 0;
  		 }
  	}
@@@ -1958,7 -1959,7 +1961,7 @@@ int NRZrawDemod(const char *Cmd, bool v
  		if (g_debugMode) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
  		return 0;
  	} 
- 	if (errCnt<0|| BitLen<16){  //throw away static - allow 1 and -1 (in case of threshold command first)
+ 	if (errCnt<0 || BitLen<16){  //throw away static - allow 1 and -1 (in case of threshold command first)
  		if (g_debugMode) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
  		return 0;
  	}
diff --combined client/cmdlft55xx.c
index 7d967d5d,b6b29c05..ed7e2c80
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@@ -10,7 -10,6 +10,7 @@@
  #include <stdio.h>
  #include <string.h>
  #include <inttypes.h>
 +#include <time.h>
  #include "proxmark3.h"
  #include "ui.h"
  #include "graph.h"
@@@ -256,7 -255,7 +256,7 @@@ int CmdT55xxReadBlock(const char *Cmd) 
  
  bool DecodeT55xxBlock(){
  	
 -	char buf[8] = {0x00};
 +	char buf[9] = {0x00};
  	char *cmdStr = buf;
  	int ans = 0;
  	uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
@@@ -265,23 -264,38 +265,23 @@@
  
  	switch( config.modulation ){
  		case DEMOD_FSK:
 -			//CmdLtrim("26");
  			sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
  			CmdLtrim(cmdStr);			
  			sprintf(cmdStr,"%d %d", bitRate[config.bitrate], config.inverted );
  			ans = FSKrawDemod(cmdStr, FALSE);
  			break;
  		case DEMOD_FSK1:
 -			//CmdLtrim("26");
 +		case DEMOD_FSK1a:		
  			sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
  			CmdLtrim(cmdStr);			
 -			sprintf(cmdStr,"%d 1 8 5", bitRate[config.bitrate] );
 -			ans = FSKrawDemod(cmdStr, FALSE);
 -			break;
 -		case DEMOD_FSK1a:
 -			//CmdLtrim("26");
 -			sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
 -			CmdLtrim(cmdStr);			
 -			sprintf(cmdStr,"%d 0 8 5", bitRate[config.bitrate] );
 +			sprintf(cmdStr,"%d %d 8 5", bitRate[config.bitrate], config.inverted  );
  			ans = FSKrawDemod(cmdStr, FALSE);
  			break;
  		case DEMOD_FSK2:
 -			//CmdLtrim("26");
 -			sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
 -			CmdLtrim(cmdStr);			
 -			sprintf(cmdStr,"%d 0 10 8", bitRate[config.bitrate] );
 -			ans = FSKrawDemod(cmdStr, FALSE);
 -			break;
  		case DEMOD_FSK2a:
 -			//CmdLtrim("26");
  			sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
  			CmdLtrim(cmdStr);			
 -			sprintf(cmdStr,"%d 1 10 8", bitRate[config.bitrate] );
 +			sprintf(cmdStr,"%d %d 10 8", bitRate[config.bitrate], config.inverted  );
  			ans = FSKrawDemod(cmdStr, FALSE);
  			break;
  		case DEMOD_ASK:
@@@ -293,7 -307,7 +293,7 @@@
  			ans = PSKDemod(cmdStr, FALSE);
  			break;
  		case DEMOD_PSK2:
 -			sprintf(cmdStr,"%d 1", bitRate[config.bitrate] );
 +			sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
  			ans = PSKDemod(cmdStr, FALSE);
  			psk1TOpsk2(DemodBuffer, DemodBufferLen);
  			break;
@@@ -307,8 -321,11 +307,8 @@@
  			ans = NRZrawDemod(cmdStr, FALSE);
  			break;
  		case DEMOD_BI:
 -			sprintf(cmdStr,"0 %d 0 1", bitRate[config.bitrate] );
 -			ans = ASKbiphaseDemod(cmdStr, FALSE);
 -			break;
  		case DEMOD_BIa:
 -			sprintf(cmdStr,"0 %d 1 1", bitRate[config.bitrate] );
 +			sprintf(cmdStr,"0 %d %d 1", bitRate[config.bitrate], config.inverted );
  			ans = ASKbiphaseDemod(cmdStr, FALSE);
  			break;
  		default:
@@@ -569,7 -586,6 +569,7 @@@ bool testBitRate(uint8_t readRate, uint
  			}
  			break;
  		case DEMOD_BI:
 +		case DEMOD_BIa:
  			detRate = GetAskClock("",FALSE, FALSE); 
  			if (expected[readRate] == detRate) {
  				config.bitrate = readRate;
@@@ -588,7 -604,7 +588,7 @@@ bool test(uint8_t mode, uint8_t *offset
  	uint8_t si = 0;
  	for (uint8_t idx = 0; idx < 64; idx++){
  		si = idx;
 -		if ( PackBits(si, 32, DemodBuffer) == 0x00 ) continue;
 +		if ( PackBits(si, 32, DemodBuffer) == 0x00 ) continue;		// configuration block with only zeros is impossible.
  
  		uint8_t safer    = PackBits(si, 4, DemodBuffer); si += 4;	    //master key
  		uint8_t resv     = PackBits(si, 4, DemodBuffer); si += 4;     //was 7 & +=7+3 //should be only 4 bits if extended mode
@@@ -620,7 -636,7 +620,7 @@@
  	return FALSE;
  }
  
 -void printT55xxBlock(const char *demodStr){
 +void printT55xxBlock(const char *blockNum){
  	
  	uint8_t i = config.offset;
  	uint8_t endpos = 32 + i;
@@@ -638,7 -654,7 +638,7 @@@
  		bits[i - config.offset]=DemodBuffer[i];
  
  	blockData = PackBits(0, 32, bits);
 -	PrintAndLog("0x%08X  %s [%s]", blockData, sprint_bin(bits,32), demodStr);
 +	PrintAndLog("[%s] 0x%08X  %s", blockNum, blockData, sprint_bin(bits,32));
  }
  
  int special(const char *Cmd) {
@@@ -729,7 -745,6 +729,7 @@@ int CmdT55xxReadTrace(const char *Cmd
  	uint8_t si = config.offset+repeat;
  	uint32_t bl0     = PackBits(si, 32, DemodBuffer);
  	uint32_t bl1     = PackBits(si+32, 32, DemodBuffer);
 +	// uint32_t bl2     = PackBits(si+64, 32, DemodBuffer);
  	
  	uint32_t acl     = PackBits(si,  8, DemodBuffer); si += 8;
  	uint32_t mfc     = PackBits(si, 8, DemodBuffer); si += 8;
@@@ -737,23 -752,11 +737,23 @@@
  	uint32_t icr     = PackBits(si, 3, DemodBuffer); si += 3;
  	uint32_t year    = PackBits(si, 4, DemodBuffer); si += 4;
  	uint32_t quarter = PackBits(si, 2, DemodBuffer); si += 2;
- 	uint32_t lotid   = PackBits(si, 14, DemodBuffer); si += 14;
+ 	uint32_t lotid    = PackBits(si, 14, DemodBuffer); si += 14;
  	uint32_t wafer   = PackBits(si, 5, DemodBuffer); si += 5;
  	uint32_t dw      = PackBits(si, 15, DemodBuffer); 
  	
 -	PrintAndLog("");
 +	
 +	time_t t = time(NULL);
 +	struct tm tm = *localtime(&t);
 +	if ( year > tm.tm_year-110)
 +		year += 2000;
 +	else
 +		year += 2010;
 +
 +	if ( acl != 0xE0 ) {
 +		PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
 +		return 1;
 +	}
 +
  	PrintAndLog("-- T55xx Trace Information ----------------------------------");
  	PrintAndLog("-------------------------------------------------------------");
  	PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1)  : 0x%02X (%d)", acl, acl);
@@@ -761,7 -764,7 +761,7 @@@
  	PrintAndLog(" CID                                     : 0x%02X (%d) - %s", cid, cid, GetModelStrFromCID(cid));
  	PrintAndLog(" ICR IC Revision                         : %d",icr );
  	PrintAndLog(" Manufactured");
- 	PrintAndLog("     Year/Quarter : %d/%d",year, quarter );
+ 	PrintAndLog("     Year/Quarter : 20?%d/%d",year, quarter);
  	PrintAndLog("     Lot ID       : %d", lotid );
  	PrintAndLog("     Wafer number : %d", wafer);
  	PrintAndLog("     Die Number   : %d", dw);
@@@ -769,10 -772,10 +769,10 @@@
  	PrintAndLog(" Raw Data - Page 1");
  	PrintAndLog("     Block 0  : 0x%08X  %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );
  	PrintAndLog("     Block 1  : 0x%08X  %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
 +	//PrintAndLog("     Block 2  : 0x%08X  %s", bl2, sprint_bin(DemodBuffer+config.offset+repeat+64,32) );
  	PrintAndLog("-------------------------------------------------------------");
  
 -	if ( acl != 0xE0 )
 -		PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
 +
  	/*
  	TRACE - BLOCK O
  		Bits	Definition								HEX
@@@ -919,98 -922,100 +919,100 @@@ int AquireData( uint8_t block )
  }
  
  char * GetBitRateStr(uint32_t id){
 - 	static char buf[40];
 + 	static char buf[20];
  	char *retStr = buf;
  		switch (id){
  		case 0: 
- 			sprintf(retStr,"%d - RF/8",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/8",id);
  			break;
  		case 1:
- 			sprintf(retStr,"%d - RF/16",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/16",id);
  			break;
  		case 2:		
- 			sprintf(retStr,"%d - RF/32",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/32",id);
  			break;
  		case 3:
- 			sprintf(retStr,"%d - RF/40",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/40",id);
  			break;
  		case 4:
- 			sprintf(retStr,"%d - RF/50",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/50",id);
  			break;
  		case 5:
- 			sprintf(retStr,"%d - RF/64",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/64",id);
  			break;
  		case 6:
- 			sprintf(retStr,"%d - RF/100",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/100",id);
  			break;
  		case 7:
- 			sprintf(retStr,"%d - RF/128",id);
+ 			snprintf(retStr,sizeof(buf),"%d - RF/128",id);
  			break;
  		default:
- 			sprintf(retStr,"%d - (Unknown)",id);
+ 			snprintf(retStr,sizeof(buf),"%d - (Unknown)",id);
  			break;
  		}
  
  	return buf;
  }
  
+ 
  char * GetSaferStr(uint32_t id){
 -	static char buf[40];
 +	static char buf[20];
  	char *retStr = buf;
  	
- 	sprintf(retStr,"%d",id);
+ 	snprintf(retStr,sizeof(buf),"%d",id);
  	if (id == 6) {
- 		sprintf(retStr,"%d - passwd",id);
+ 		snprintf(retStr,sizeof(buf),"%d - passwd",id);
  	}
  	if (id == 9 ){
- 		sprintf(retStr,"%d - testmode",id);
+ 		snprintf(retStr,sizeof(buf),"%d - testmode",id);
  	}
  	
  	return buf;
  }
+ 
  char * GetModulationStr( uint32_t id){
 -	static char buf[40];
 +	static char buf[60];
  	char *retStr = buf;
  	
  	switch (id){
  		case 0: 
- 			sprintf(retStr,"%d - DIRECT (ASK/NRZ)",id);
+ 			snprintf(retStr,sizeof(buf),"%d - DIRECT (ASK/NRZ)",id);
  			break;
  		case 1:
- 			sprintf(retStr,"%d - PSK 1 phase change when input changes",id);
+ 			snprintf(retStr,sizeof(buf),"%d - PSK 1 phase change when input changes",id);
  			break;
  		case 2:		
- 			sprintf(retStr,"%d - PSK 2 phase change on bitclk if input high",id);
+ 			snprintf(retStr,sizeof(buf),"%d - PSK 2 phase change on bitclk if input high",id);
  			break;
  		case 3:
- 			sprintf(retStr,"%d - PSK 3 phase change on rising edge of input",id);
+ 			snprintf(retStr,sizeof(buf),"%d - PSK 3 phase change on rising edge of input",id);
  			break;
  		case 4:
- 			sprintf(retStr,"%d - FSK 1 RF/8  RF/5",id);
+ 			snprintf(retStr,sizeof(buf),"%d - FSK 1 RF/8  RF/5",id);
  			break;
  		case 5:
- 			sprintf(retStr,"%d - FSK 2 RF/8  RF/10",id);
+ 			snprintf(retStr,sizeof(buf),"%d - FSK 2 RF/8  RF/10",id);
  			break;
  		case 6:
- 			sprintf(retStr,"%d - FSK 1a RF/5  RF/8",id);
+ 			snprintf(retStr,sizeof(buf),"%d - FSK 1a RF/5  RF/8",id);
  			break;
  		case 7:
- 			sprintf(retStr,"%d - FSK 2a RF/10  RF/8",id);
+ 			snprintf(retStr,sizeof(buf),"%d - FSK 2a RF/10  RF/8",id);
  			break;
  		case 8:
- 			sprintf(retStr,"%d - Manschester",id);
+ 			snprintf(retStr,sizeof(buf),"%d - Manschester",id);
  			break;
  		case 16:
- 			sprintf(retStr,"%d - Biphase",id);
+ 			snprintf(retStr,sizeof(buf),"%d - Biphase",id);
  			break;
  		case 0x18:
- 			sprintf(retStr,"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);
+ 			snprintf(retStr,sizeof(buf),"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);
  			break;
  		case 17:
- 			sprintf(retStr,"%d - Reserved",id);
+ 			snprintf(retStr,sizeof(buf),"%d - Reserved",id);
  			break;
  		default:
- 			sprintf(retStr,"0x%02X (Unknown)",id);
+ 			snprintf(retStr,sizeof(buf),"0x%02X (Unknown)",id);
  			break;
  		}
  	return buf;
@@@ -1028,48 -1033,48 +1030,48 @@@ char * GetModelStrFromCID(uint32_t cid)
  
  char * GetSelectedModulationStr( uint8_t id){
  
- 	static char buf[16];
+ 	static char buf[20];
  	char *retStr = buf;
  
  	switch (id){
  		case DEMOD_FSK:
- 			sprintf(retStr,"FSK");
+ 			snprintf(retStr,sizeof(buf),"FSK");
  			break;
  		case DEMOD_FSK1:
- 			sprintf(retStr,"FSK1");
+ 			snprintf(retStr,sizeof(buf),"FSK1");
  			break;
  		case DEMOD_FSK1a:
- 			sprintf(retStr,"FSK1a");
+ 			snprintf(retStr,sizeof(buf),"FSK1a");
  			break;
  		case DEMOD_FSK2:
- 			sprintf(retStr,"FSK2");
+ 			snprintf(retStr,sizeof(buf),"FSK2");
  			break;
  		case DEMOD_FSK2a:
- 			sprintf(retStr,"FSK2a");
+ 			snprintf(retStr,sizeof(buf),"FSK2a");
  			break;
  		case DEMOD_ASK:		
- 			sprintf(retStr,"ASK");
+ 			snprintf(retStr,sizeof(buf),"ASK");
  			break;
  		case DEMOD_NRZ:
- 			sprintf(retStr,"DIRECT/NRZ");
+ 			snprintf(retStr,sizeof(buf),"DIRECT/NRZ");
  			break;
  		case DEMOD_PSK1:
- 			sprintf(retStr,"PSK1");
+ 			snprintf(retStr,sizeof(buf),"PSK1");
  			break;
  		case DEMOD_PSK2:
- 			sprintf(retStr,"PSK2");
+ 			snprintf(retStr,sizeof(buf),"PSK2");
  			break;
  		case DEMOD_PSK3:
- 			sprintf(retStr,"PSK3");
+ 			snprintf(retStr,sizeof(buf),"PSK3");
  			break;
  		case DEMOD_BI:
- 			sprintf(retStr,"BIPHASE");
+ 			snprintf(retStr,sizeof(buf),"BIPHASE");
  			break;
  		case DEMOD_BIa:
- 			sprintf(retStr,"BIPHASEa - (CDP)");
+ 			snprintf(retStr,sizeof(buf),"BIPHASEa - (CDP)");
  			break;
  		default:
- 			sprintf(retStr,"(Unknown)");
+ 			snprintf(retStr,sizeof(buf),"(Unknown)");
  			break;
  		}
  	return buf;