ADD: the option to simulate tnp3xxx inthe command "hf mf sim"

ADD: found some new default keys ADD: changed alot of memorys buffers to use constant values. like usbbuffer sizes, tracelogs, etc etc ADD: all changes Peter filmoore has in his pull request.
2024-12-31 04:39:49 +08:00 · 2014-11-26 13:52:39 +01:00 · 2014-11-26 13:52:39 +01:00 · 95e635947b
commit 95e635947b
parent 463ca973e7
21 changed files with 106 additions and 75 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -311,7 +311,7 @@ extern struct version_information version_information;
 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
 void SendVersion(void)
 {
-	char temp[256]; /* Limited data payload in USB packets */
+	char temp[512]; /* Limited data payload in USB packets */
 	DbpString("Prox/RFID mark3 RFID instrument");
 	/* Try to find the bootrom version information. Expect to find a pointer at
@ -367,9 +367,8 @@ void SamyRun()
 	for (;;)
 	{
 //		UsbPoll(FALSE);
 		usb_poll();
-    WDT_HIT();
+		WDT_HIT();
 		// Was our button held down or pressed?
 		int button_pressed = BUTTON_HELD(1000);
@ -792,10 +791,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_SIMULATE_TAG_ISO_14443a:
 			SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);  // ## Simulate iso14443a tag - pass tag type & UID
 			break;
 		case CMD_EPA_PACE_COLLECT_NONCE:
 			EPA_PACE_Collect_Nonce(c);
 			break;
 		// case CMD_EPA_:
 		//	EpaFoo(c);
 		// break;
 		case CMD_READER_MIFARE:
            ReaderMifare(c->arg[0]);
 			break;
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -32,10 +32,13 @@
 // The large multi-purpose buffer, typically used to hold A/D samples,
 // maybe processed in some way.
-uint32_t BigBuf[10000];
+//#define BIG_BUFF_SIZE 10000  // PM3 w. 256KB ram
 #define BIG_BUFF_SIZE 10000  // PM3 w. 512KB ram
 uint32_t BigBuf[BIG_BUFF_SIZE];
 // BIG CHANGE - UNDERSTAND THIS BEFORE WE COMMIT
 #define TRACE_OFFSET          0
-#define TRACE_SIZE         3000
+#define TRACE_SIZE         4096
 #define RECV_CMD_OFFSET    3032
 #define RECV_CMD_SIZE        64
 #define RECV_RES_OFFSET    3096
@ -45,7 +48,7 @@ uint32_t BigBuf[10000];
 #define FREE_BUFFER_OFFSET 7256
 #define FREE_BUFFER_SIZE   2744
-extern const uint8_t OddByteParity[256];
+//extern const uint8_t OddByteParity[256];
 extern uint8_t *trace; // = (uint8_t *) BigBuf;
 extern int traceLen;   // = 0;
 extern int rsamples;   // = 0;
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@ -228,7 +228,8 @@ static RAMFUNC int OutOfNDecoding(int bit)
 							// Calculate the parity bit for the client...
 							Uart.parityBits <<= 1;
-							Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
+							//Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
 							Uart.parityBits ^= oddparity(Uart.shiftReg & 0xff);
 							Uart.bitCnt = 0;
 							Uart.shiftReg = 0;
@ -251,7 +252,8 @@ static RAMFUNC int OutOfNDecoding(int bit)
 					// Calculate the parity bit for the client...
 					Uart.parityBits <<= 1;
-					Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
+					//Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
 					Uart.parityBits ^= oddparity((Uart.dropPosition & 0xff));
 					Uart.bitCnt = 0;
 					Uart.shiftReg = 0;
@ -452,8 +454,7 @@ static RAMFUNC int ManchesterDecoding(int v)
 	else {
 		modulation = bit & Demod.syncBit;
 		modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
-		//modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
+	
 		Demod.samples += 4;
 		if(Demod.posCount==0) {
@ -488,7 +489,8 @@ static RAMFUNC int ManchesterDecoding(int v)
 					Demod.output[Demod.len] = 0x0f;
 					Demod.len++;
 					Demod.parityBits <<= 1;
-					Demod.parityBits ^= OddByteParity[0x0f];
+					//Demod.parityBits ^= OddByteParity[0x0f];
 					Demod.parityBits ^= oddparity(0x0f);
 					Demod.state = DEMOD_UNSYNCD;
 //					error = 0x0f;
 					return TRUE;
@ -613,7 +615,8 @@ static RAMFUNC int ManchesterDecoding(int v)
 				// FOR ISO15639 PARITY NOT SEND OTA, JUST CALCULATE IT FOR THE CLIENT
 				Demod.parityBits <<= 1;
-				Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
+				//Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
 				Demod.parityBits ^= oddparity((Demod.shiftReg & 0xff));
 				Demod.bitCount = 0;
 				Demod.shiftReg = 0;
@ -870,10 +873,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen)
        }
        if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
            uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-			/*if(OutOfNDecoding((b & 0xf0) >> 4)) {
+
 				*len = Uart.byteCnt;
 				return TRUE;
 			}*/
 			if(OutOfNDecoding(b & 0x0f)) {
 				*len = Uart.byteCnt;
 				return TRUE;
@ -1395,7 +1395,6 @@ void ReaderTransmitIClass(uint8_t* frame, int len)
  int par = 0;
  // This is tied to other size changes
  // 	uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
  CodeIClassCommand(frame,len);
  // Select the card
@ -1435,7 +1434,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
 	for(;;) {
 		WDT_HIT();
-	        if(BUTTON_PRESS()) return FALSE;
+	    if(BUTTON_PRESS()) return FALSE;
 		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
 			AT91C_BASE_SSC->SSC_THR = 0x00;  // To make use of exact timing of next command from reader!!
@ -1446,10 +1445,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
 			b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
 			skip = !skip;
 			if(skip) continue;
-			/*if(ManchesterDecoding((b>>4) & 0xf)) {
+		
 				*samples = ((c - 1) << 3) + 4;
 				return TRUE;
 			}*/
 			if(ManchesterDecoding(b & 0x0f)) {
 				*samples = c << 3;
 				return  TRUE;
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -124,6 +124,8 @@ uint32_t LastProxToAirDuration;
 #define	SEC_Y 0x00
 #define	SEC_Z 0xc0
 //replaced large parity table with small parity generation function - saves flash code
 /*
 const uint8_t OddByteParity[256] = {
  1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
  0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
@ -142,7 +144,7 @@ const uint8_t OddByteParity[256] = {
  0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
  1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
 };
-
+*/
 void iso14a_set_trigger(bool enable) {
 	trigger = enable;
@ -165,10 +167,12 @@ void iso14a_set_timeout(uint32_t timeout) {
 // Generate the parity value for a byte sequence
 //
 //-----------------------------------------------------------------------------
 /*
 byte_t oddparity (const byte_t bt)
 {
 	return OddByteParity[bt];
 }
 */
 uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
 {
@ -178,7 +182,8 @@ uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
 	// Generate the parity bits
 	for (i = 0; i < iLen; i++) {
 		// and save them to a 32Bit word
-		dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+		//dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
 		dwPar |= (oddparity(pbtCmd[i]) << i);
 	}
 	return dwPar;
 }
@ -683,7 +688,8 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, int len, uint32_t dwParity
 		}
 		// Get the parity bit
-		if ((dwParity >> i) & 0x01) {
+		//if ((dwParity >> i) & 0x01) {
 		if (oddparity(cmd[i]) & 0x01) {
 			ToSend[++ToSendMax] = SEC_D;
 			LastProxToAirDuration = 8 * ToSendMax - 4;
 		} else {
@ -891,6 +897,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 			response1[1] = 0x00;
 			sak = 0x28;
 		} break;
 		case 5: { // MIFARE TNP3XXX
 			// Says: I am a toy
 			response1[0] = 0x01;
 			response1[1] = 0x0f;
 			sak = 0x01;
 		} break;		
 		default: {
 			Dbprintf("Error: unkown tagtype (%d)",tagType);
 			return;
@ -1695,7 +1707,7 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
 		memcpy(uid_resp,resp,4);
 	}
 	uid_resp_len = 4;
-       // Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
+
    // calculate crypto UID. Always use last 4 Bytes.
    if(cuid_ptr) {
@ -1713,6 +1725,8 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
    if (!ReaderReceive(resp)) return 0;
    sak = resp[0];
 	//Dbprintf("SAK: %02x",resp[0]);
    // Test if more parts of the uid are comming
    if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
      // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
@ -1770,8 +1784,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	// Signal field is on with the appropriate LED
-	if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD
+	if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD	|| fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) {
 		|| fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) {
 		LED_D_ON();
 	} else {
 		LED_D_OFF();
@ -1859,10 +1872,10 @@ void ReaderIso14443a(UsbCommand *c)
 		if(param & ISO14A_APPEND_CRC) {
 			AppendCrc14443a(cmd,len);
 			len += 2;
-			lenbits += 16; 
+			if(lenbits>0) 
 				lenbits += 16; 
 		}
-		if(lenbits>0) {
+		if(lenbits>0) {			
 			ReaderTransmitBitsPar(cmd,lenbits,GetParity(cmd,lenbits/8), NULL);
 		} else {
 			ReaderTransmit(cmd,len, NULL);
@ -1937,8 +1950,8 @@ void ReaderMifare(bool first_try)
 	uint32_t nt = 0;
 	uint32_t previous_nt = 0;
 	static uint32_t nt_attacked = 0;
-	byte_t par_list[8] = {0,0,0,0,0,0,0,0};
+	byte_t par_list[8] = {0x00};
-	byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
+	byte_t ks_list[8] = {0x00};
 	static uint32_t sync_time;
 	static uint32_t sync_cycles;
@ -1947,8 +1960,6 @@ void ReaderMifare(bool first_try)
 	uint16_t consecutive_resyncs = 0;
 	int isOK = 0;
 	if (first_try) { 
 		mf_nr_ar3 = 0;
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
@ -1971,6 +1982,7 @@ void ReaderMifare(bool first_try)
 	LED_C_OFF();
    Dbprintf("Mifare: Before loopen");
 	for(uint16_t i = 0; TRUE; i++) {
 		WDT_HIT();
--- a/armsrc/iso14443a.h
+++ b/armsrc/iso14443a.h
@ -75,7 +75,7 @@ typedef struct {
-extern byte_t oddparity (const byte_t bt);
+//extern byte_t oddparity (const byte_t bt);
 extern uint32_t GetParity(const uint8_t *pbtCmd, int iLen);
 extern void AppendCrc14443a(uint8_t *data, int len);
--- a/armsrc/mifareutil.h
+++ b/armsrc/mifareutil.h
@ -53,7 +53,7 @@ extern int MF_DBGLEVEL;
 #define cardSTATE_TO_IDLE() cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF();
 //functions
-uint8_t* mifare_get_bigbufptr(void);
+
 int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t *timing);
 int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint8_t *timing);
 int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint32_t *timing);
--- a/armsrc/string.h
+++ b/armsrc/string.h
@ -16,9 +16,9 @@
 #include <util.h>
 int strlen(const char *str);
-void *memcpy(void *dest, const void *src, int len);
+RAMFUNC void *memcpy(void *dest, const void *src, int len);
 void *memset(void *dest, int c, int len);
-int memcmp(const void *av, const void *bv, int len);
+RAMFUNC  int memcmp(const void *av, const void *bv, int len);
 void memxor(uint8_t * dest, uint8_t * src, size_t len);
 char *strncat(char *dest, const char *src, unsigned int n);
 char *strcat(char *dest, const char *src);
--- a/armsrc/util.c
+++ b/armsrc/util.c
@ -85,6 +85,15 @@ int32_t le24toh (uint8_t data[3])
    return (data[2] << 16) | (data[1] << 8) | data[0];
 }
 //added here for parity calulations
 uint8_t oddparity(uint8_t bt)
 {
   uint16_t v = bt;
   v ^= v >> 4;
   v &= 0xF;
   return ((0x9669 >> v) & 1);
 }
 void LEDsoff()
 {
 	LED_A_OFF();
--- a/armsrc/util.h
+++ b/armsrc/util.h
@ -35,6 +35,8 @@ uint64_t bytes_to_num(uint8_t* src, size_t len);
 void rol(uint8_t *data, const size_t len);
 void lsl (uint8_t *data, size_t len);
 int32_t le24toh (uint8_t data[3]);
 //added parity generation function here
 uint8_t oddparity(uint8_t bt);
 void SpinDelay(int ms);
 void SpinDelayUs(int us);
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@ -44,7 +44,7 @@ int CmdHF14AList(const char *Cmd)
 		ShowWaitCycles = true;
 	}
-	uint8_t got[1920];
+	uint8_t got[TRACE_BUFFER_SIZE];
 	GetFromBigBuf(got,sizeof(got),0);
 	WaitForResponse(CMD_ACK,NULL);
@ -62,7 +62,7 @@ int CmdHF14AList(const char *Cmd)
 	uint32_t EndOfTransmissionTimestamp = 0;
 	for (;;) {
-		if(i >= 1900) {
+		if(i >= TRACE_BUFFER_SIZE) {
 			break;
 		}
@ -86,7 +86,7 @@ int CmdHF14AList(const char *Cmd)
 		if (len > 100) {
 			break;
 		}
-		if (i + len >= 1900) {
+		if (i + len >= TRACE_BUFFER_SIZE) {
 			break;
 		}
@ -400,6 +400,7 @@ int CmdHF14ASim(const char *Cmd)
 		PrintAndLog("           2 = MIFARE Ultralight");
 		PrintAndLog("           3 = MIFARE DESFIRE");
 		PrintAndLog("           4 = ISO/IEC 14443-4");
 		PrintAndLog("           5 = MIFARE TNP3XXX");		
 		PrintAndLog("");
 		return 1;
 	}
@ -628,7 +629,7 @@ static void waitCmd(uint8_t iSelect)
    UsbCommand resp;
    char *hexout;
-    if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+    if (WaitForResponseTimeout(CMD_ACK,&resp,10000)) {
        recv = resp.d.asBytes;
        uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
        PrintAndLog("received %i octets",iLen);
--- a/client/cmdhf14b.c
+++ b/client/cmdhf14b.c
@ -144,7 +144,7 @@ demodError:
 int CmdHF14BList(const char *Cmd)
 {
-  uint8_t got[960];
+  uint8_t got[TRACE_BUFFER_SIZE];
  GetFromBigBuf(got,sizeof(got),0);
  WaitForResponse(CMD_ACK,NULL);
@ -156,9 +156,8 @@ int CmdHF14BList(const char *Cmd)
  int prev = -1;
  for(;;) {
-    if(i >= 900) {
+    
-      break;
+	if(i >= TRACE_BUFFER_SIZE) { break; }
    }
    bool isResponse;
    int timestamp = *((uint32_t *)(got+i));
@ -175,7 +174,7 @@ int CmdHF14BList(const char *Cmd)
    if(len > 100) {
      break;
    }
-    if(i + len >= 900) {
+    if(i + len >= TRACE_BUFFER_SIZE) {
      break;
    }
@ -357,7 +356,7 @@ int CmdHF14BCmdRaw (const char *cmd) {
    SendCommand(&c);
    if (reply) {
-        if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+        if (WaitForResponseTimeout(CMD_ACK,&resp,10000)) {
            recv = resp.d.asBytes;
            PrintAndLog("received %i octets",resp.arg[0]);
            if(!resp.arg[0])
--- a/client/cmdhfepa.c
+++ b/client/cmdhfepa.c
@ -45,7 +45,7 @@ int CmdHFEPACollectPACENonces(const char *Cmd)
 		SendCommand(&c);
 		UsbCommand resp;
-    WaitForResponse(CMD_ACK,&resp);
+		WaitForResponse(CMD_ACK,&resp);
 		// check if command failed
 		if (resp.arg[0] != 0) {
@ -68,6 +68,7 @@ int CmdHFEPACollectPACENonces(const char *Cmd)
 	return 1;
 }
 // UI-related stuff
 // UI-related stuff
 static const command_t CommandTable[] = 
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -55,7 +55,7 @@ int CmdHFiClassList(const char *Cmd)
 		return 0;
 	}
-	uint8_t got[1920];
+	uint8_t got[TRACE_BUFFER_SIZE];
 	GetFromBigBuf(got,sizeof(got),0);
 	WaitForResponse(CMD_ACK,NULL);
@ -77,7 +77,7 @@ int CmdHFiClassList(const char *Cmd)
 	uint32_t EndOfTransmissionTimestamp = 0;
-	for( i=0; i < 1900;)
+	for( i=0; i < TRACE_BUFFER_SIZE;)
 	{
 		//First 32 bits contain
 		// isResponse (1 bit)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@ -2003,7 +2003,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
 int CmdHF14AMfSniff(const char *Cmd){
-	// params
+
 	bool wantLogToFile = 0;
 	bool wantDecrypt = 0;
 	//bool wantSaveToEml = 0; TODO
@ -2031,8 +2031,8 @@ int CmdHF14AMfSniff(const char *Cmd){
 		PrintAndLog("    l - save encrypted sequence to logfile `uid.log`");
 		PrintAndLog("    d - decrypt sequence and put it to log file `uid.log`");
 		PrintAndLog(" n/a   e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");
-		PrintAndLog("    r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");
+		PrintAndLog("    f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");
-		PrintAndLog("Usage:  hf mf sniff [l][d][e][r]");
+		PrintAndLog("Usage:  hf mf sniff [l][d][e][f]");
 		PrintAndLog("  sample: hf mf sniff l d e");
 		return 0;
 	}	
@ -2220,9 +2220,6 @@ int GetCardSize()
 	return -1;
 }
 static command_t CommandTable[] =
 {
  {"help",		CmdHelp,				1, "This help"},
--- a/client/cmdhfmfdes.c
+++ b/client/cmdhfmfdes.c
@ -27,9 +27,9 @@
 uint8_t CMDPOS = 0;
 uint8_t LENPOS = 1;
-uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+uint8_t key_zero_data[16] = { 0x00 };
 uint8_t key_ones_data[16] = { 0x01 };
 uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
 uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
 uint8_t key_picc_data[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
 static int CmdHelp(const char *Cmd);
@ -537,11 +537,6 @@ int CmdHF14ADesEnumApplications(const char *Cmd){
 	return 1;
 }
 int CmdHF14ADesNonces(const char *Cmd){
 	return 1;
 }
 //
 // MIAFRE DesFire Authentication
 //
 #define BUFSIZE 256 
@ -670,7 +665,6 @@ static command_t CommandTable[] =
  {"wb",		CmdHF14ADesWb,				0, "write MIFARE DesFire block"},
  {"info",		CmdHF14ADesInfo,			0, "Get MIFARE DesFire information"},
  {"enum",		CmdHF14ADesEnumApplications,0, "Tries enumerate all applications"},
  {"nonce",		CmdHF14ADesNonces, 			0, "<n> Collect n>0 nonces"},
  {NULL, NULL, 0, NULL}
 };
--- a/client/cmdhfmfdes.h
+++ b/client/cmdhfmfdes.h
@ -14,7 +14,7 @@ int CmdHF14ADesRb(const char* cmd);
 int CmdHF14ADesWb(const char* cmd);
 int CmdHF14ADesInfo(const char *Cmd);
 int CmdHF14ADesEnumApplications(const char *Cmd);
-int CmdHF14ADesNonces(const char *Cmd);
+
 char * GetCardSizeStr( uint8_t fsize );
 char * GetVendorStr( uint8_t id);
 char * GetProtocolStr(uint8_t id);
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@ -29,7 +29,7 @@ size_t nbytes(size_t nbits) {
 int CmdLFHitagList(const char *Cmd)
 {
-  uint8_t got[3000];
+  uint8_t got[TRACE_BUFFER_SIZE];
  GetFromBigBuf(got,sizeof(got),0);
  WaitForResponse(CMD_ACK,NULL);
@ -44,9 +44,8 @@ int CmdLFHitagList(const char *Cmd)
  FILE* pf = NULL;
  for (;;) {
-    if(i >= 1900) {
+  
-      break;
+    if(i >= TRACE_BUFFER_SIZE) { break; }
    }
    bool isResponse;
    int timestamp = *((uint32_t *)(got+i));
@ -71,9 +70,7 @@ int CmdLFHitagList(const char *Cmd)
    if (len > 100) {
      break;
    }
-    if (i + len >= 1900) {
+    if (i + len >= TRACE_BUFFER_SIZE) { break;}
      break;
    }
    uint8_t *frame = (got+i+9);
--- a/client/data.h
+++ b/client/data.h
@ -13,6 +13,8 @@
 #include <stdint.h>
 //trace buffer size as defined in armsrc/apps.h TRACE_SIZE
 #define TRACE_BUFFER_SIZE 4096
 #define FILE_PATH_SIZE 1000
 #define SAMPLE_BUFFER_SIZE 64
--- a/client/lualibs/mf_default_keys.lua
+++ b/client/lualibs/mf_default_keys.lua
@ -147,6 +147,18 @@ local _keys = {
    --]]
 	'4b0b20107ccb',
 	--[[
    Kiev metro cards
    --]]	
 	'8fe644038790',
 	'f14ee7cae863',
 	'632193be1c3c',
 	'569369c5a0e5',
 	'9de89e070277',
 	'eff603e1efe9',
 	'644672bd4afe',
 	'b5ff67cba951',
 }
 ---
--- a/client/scripts/tnp3sim.lua
+++ b/client/scripts/tnp3sim.lua
@ -349,7 +349,7 @@ local function main(args)
 		err = LoadEmulator(blocks)
 		if err then return oops(err) end	
 		core.clearCommandBuffer()
-		print('The simulation is now prepared. run \"hf mf sim\" ')
+		print('The simulation is now prepared.\n --> run \"hf mf sim 5 '..uid..'\" <--')
 	end
 end
 main(args)
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@ -112,7 +112,9 @@ typedef struct {
 #define CMD_SIMULATE_TAG_LEGIC_RF                                         0x0387
 #define CMD_READER_LEGIC_RF                                               0x0388
 #define CMD_WRITER_LEGIC_RF                                               0x0389
 #define CMD_EPA_PACE_COLLECT_NONCE                                        0x038A
 //#define CMD_EPA_                                                          0x038B
 #define CMD_SNOOP_ICLASS                                                  0x0392
 #define CMD_SIMULATE_TAG_ICLASS                                           0x0393