From 7f379581448d2f478a59d3a4606d99baf3c16a74 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <phil@teuwen.org>
Date: Sat, 30 Apr 2022 00:08:10 +0200
Subject: [PATCH] Enable support to clone HID on EM4x05

---
 CHANGELOG.md   |  2 +-
 armsrc/lfops.c | 53 ++++++++++++++++++++------------------------------
 2 files changed, 22 insertions(+), 33 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb2ecb97d..432f69ddb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 
 ## [unreleased][unreleased]
  - Fixed support to clone Pyramic, Paradox and Awid on EM4x05 (@doegox)
- - Added support to clone Viking and EM410x on EM4x05 (@doegox)
+ - Added support to clone HID, Viking and EM410x on EM4x05 (@doegox)
  - Fixed `lf config --reset` - averaging is set to 1 rather than 0 (@wh201906)
  - Added standalone mode for sniffing 14b (@jacopo-j)
  - Fixed `hf 14a apdu` - now don't skip first P2 iteration (@iceman1001)
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index b34af1f9e..1359cea9b 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -2237,10 +2237,22 @@ static void WriteT55xx(const uint32_t *blockdata, uint8_t startblock, uint8_t nu
 }
 
 static void WriteEM4x05(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
-    for (uint8_t i = numblocks + startblock; i > startblock; i--) {
-        if (i - 1 > 4) {
-            blockdata[i - 1 - startblock] = reflect(blockdata[i - 1 - startblock], 32);
+    if (g_dbglevel == DBG_DEBUG) {
+        Dbprintf("# | data ( EM4x05 )");
+        Dbprintf("--+----------------");
+    }
+    for (uint8_t i = startblock; i < startblock + numblocks; i++) {
+        if (i > 4) {
+            blockdata[i - startblock] = reflect(blockdata[i - startblock], 32);
         }
+        if (g_dbglevel == DBG_DEBUG) {
+            Dbprintf("%i | %08x", i, blockdata[i - startblock]);
+        }
+    }
+    if (g_dbglevel == DBG_DEBUG) {
+        Dbprintf("--+----------------");
+    }
+    for (uint8_t i = numblocks + startblock; i > startblock; i--) {
         EM4xWriteWord(i - 1, blockdata[i - 1 - startblock], 0, 0, false);
     }
 }
@@ -2287,23 +2299,16 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo
     if (q5) {
         data[0] = T5555_SET_BITRATE(50) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | last_block << T5555_MAXBLOCK_SHIFT;
     } else if (em) {
-        // Note: data rate 50 is not supported by EM4x05
-        data[0] = (EM4x05_SET_BITRATE(50) | EM4x05_MODULATION_FSK2 | EM4x05_INVERT | EM4x05_SET_NUM_BLOCKS(last_block));
+        data[0] = (EM4x05_SET_BITRATE(50) | EM4x05_MODULATION_FSK2 | EM4x05_SET_NUM_BLOCKS(last_block));
+        // EM4x05_INVERT not available on EM4305, so let's invert manually
+        for (uint8_t i = 1; i <= last_block ; i++) {
+                data[i] = data[i] ^ 0xFFFFFFFF;
+        }
     }
 
     if (ledcontrol) LED_D_ON();
     if (em) {
-        if (g_dbglevel == DBG_DEBUG) {
-            Dbprintf("# | data ( EM4x05 )");
-            Dbprintf("--+----------------");
-            Dbprintf("4 | %08x", data[0]);
-            Dbprintf("5 | %08x", data[1]);
-            Dbprintf("6 | %08x", data[2]);
-            Dbprintf("7 | %08x", data[3]);
-            Dbprintf("--+----------------");
-        }
-        Dbprintf("Clone HID Prox to EM4x05 is untested and disabled until verified");
-        //WriteEM4x05(data, 4, last_block + 1);
+        WriteEM4x05(data, 4, last_block + 1);
     } else {
         WriteT55xx(data, 0, last_block + 1, ledcontrol);
     }
@@ -2326,14 +2331,6 @@ void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em, bool ledcontrol) {
 
     // Program the data blocks for supplied ID and the block 0 config
     if (em) {
-        if (g_dbglevel == DBG_DEBUG) {
-            Dbprintf("# | data ( EM4x05 )");
-            Dbprintf("--+----------------");
-            Dbprintf("4 | %08x", data[0]);
-            Dbprintf("5 | %08x", data[1]);
-            Dbprintf("6 | %08x", data[2]);
-            Dbprintf("--+----------------");
-        }
         WriteEM4x05(data, 4, 3);
     } else {
         WriteT55xx(data, 0, 3, ledcontrol);
@@ -2428,14 +2425,6 @@ int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t i
         data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
     }
     if (card == 2) {
-        if (g_dbglevel == DBG_DEBUG) {
-            Dbprintf("# | data ( EM4x05 )");
-            Dbprintf("--+----------------");
-            Dbprintf("4 | %08x", data[0]);
-            Dbprintf("5 | %08x", data[1]);
-            Dbprintf("6 | %08x", data[2]);
-            Dbprintf("--+----------------");
-        }
         WriteEM4x05(data, 4, 3);
     } else {
         WriteT55xx(data, 0, 3, ledcontrol);