From 9640aa75a685462aa24a467b6635873b24c0fa1b Mon Sep 17 00:00:00 2001
From: Robert Jones <rob.jones@dolby.com>
Date: Wed, 29 Mar 2017 14:09:00 +1100
Subject: [PATCH 01/24] Remove unnecessary x86 SSE 4.2 popcnt GCC flag

-mpopcnt is only a valid flag for x86 platforms with SSE 4.2. Breaks on anything else, e.g. ARM
Builds/runs fine without this flag. I don't see any reference to popcnt instruction so I'm not sure what this is there for.
---
 client/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/Makefile b/client/Makefile
index 3c7a33fdd..96920229e 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -7,7 +7,7 @@ include ../common/Makefile.common
 
 CC = gcc
 CXX = g++
-COMMON_FLAGS += -std=c99 -O3 -mpopcnt -march=native -g
+COMMON_FLAGS += -std=c99 -O3 -march=native -g
 
 #VPATH = ../common ../zlib
 OBJDIR = obj

From 396772c93aa39600b9a14c58781583abbfcb05d2 Mon Sep 17 00:00:00 2001
From: angelsl <hidingfromhidden@gmail.com>
Date: Thu, 30 Mar 2017 01:41:07 +0800
Subject: [PATCH 02/24] Fixes for compiling on Android

---
 client/cmdhfmfhard.c | 8 ++++----
 client/util.c        | 2 ++
 client/util.h        | 6 ++++++
 liblua/llex.c        | 2 +-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c
index 2e5046754..38d35895f 100644
--- a/client/cmdhfmfhard.c
+++ b/client/cmdhfmfhard.c
@@ -1431,7 +1431,7 @@ static const uint64_t crack_states_bitsliced(statelist_t *p){
 #endif
 
 		if ( !lstate_p )	{
-			__sync_fetch_and_add(&total_states_tested, bucket_states_tested);
+			__atomic_fetch_add(&total_states_tested, bucket_states_tested, __ATOMIC_SEQ_CST);
 			return key;
 		}
 				
@@ -1618,7 +1618,7 @@ out:
 #endif		
 		
     }
-    __sync_fetch_and_add(&total_states_tested, bucket_states_tested);
+    __atomic_fetch_add(&total_states_tested, bucket_states_tested, __ATOMIC_SEQ_CST);
     return key;
 }
 
@@ -1636,8 +1636,8 @@ static void* crack_states_thread(void* x){
 			if (keys_found) break;
 			else if(key != -1) {
 				if (TestIfKeyExists(key)) {
-                __sync_fetch_and_add(&keys_found, 1);
-				__sync_fetch_and_add(&foundkey, key);
+                __atomic_fetch_add(&keys_found, 1, __ATOMIC_SEQ_CST);
+				__atomic_fetch_add(&foundkey, key, __ATOMIC_SEQ_CST);
 					printf("*");
 					fflush(stdout);
                 break;
diff --git a/client/util.c b/client/util.c
index 4adc4e701..5485488c9 100644
--- a/client/util.c
+++ b/client/util.c
@@ -534,9 +534,11 @@ void xor(unsigned char * dst, unsigned char * src, size_t len) {
 int32_t le24toh (uint8_t data[3]) {
     return (data[2] << 16) | (data[1] << 8) | data[0];
 }
+#ifndef ANDROID
 uint32_t le32toh (uint8_t *data) {
 	return (uint32_t)( (data[3]<<24) | (data[2]<<16) | (data[1]<<8) | data[0]);
 }
+#endif
 // Pack a bitarray into a uint32_t.  
 uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits) {
 
diff --git a/client/util.h b/client/util.h
index ede50e8c1..84d1a3163 100644
--- a/client/util.h
+++ b/client/util.h
@@ -31,6 +31,10 @@
   #include <windows.h>
 #endif
 
+#ifdef ANDROID
+  #include <endian.h>
+#endif
+
 
 #ifndef BITMASK
 # define BITMASK(X) (1 << (X))
@@ -146,7 +150,9 @@ extern void wiegand_add_parity(uint8_t *target, uint8_t *source, uint8_t length)
 
 extern void xor(unsigned char * dst, unsigned char * src, size_t len);
 extern int32_t le24toh (uint8_t data[3]);
+#ifndef ANDROID
 extern uint32_t le32toh (uint8_t *data);
+#endif
 extern uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits);
 extern void rol(uint8_t *data, const size_t len);
 extern uint32_t SwapBits(uint32_t value, int nrbits);
diff --git a/liblua/llex.c b/liblua/llex.c
index 81b8de9e3..d91f00f7d 100644
--- a/liblua/llex.c
+++ b/liblua/llex.c
@@ -199,7 +199,7 @@ static void buffreplace (LexState *ls, char from, char to) {
 
 
 #if ANDROID
-#define getlocaldecpoint() '.'
+#define getlocaledecpoint() '.'
 #elif !defined(getlocaledecpoint)
 #define getlocaledecpoint()	(localeconv()->decimal_point[0])
 #endif

From 94ea581d8349b7f99f5916acdfe9ab735bc01117 Mon Sep 17 00:00:00 2001
From: n4k <nak@efrei-linux.fr>
Date: Sun, 2 Apr 2017 20:16:45 +0200
Subject: [PATCH 03/24] Fix missing null byte : my_executable_directory

---
 client/proxmark3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/client/proxmark3.c b/client/proxmark3.c
index 670b9720e..b7bdb0b13 100644
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@@ -242,6 +242,7 @@ static void set_my_executable_path(void)
 			my_executable_path[path_length] = '\0';
 			my_executable_directory = (char *)malloc(dirname_length + 2);
 			strncpy(my_executable_directory, my_executable_path, dirname_length+1);
+			my_executable_directory[dirname_length+1] = '\0';
 		}
 	}
 }

From 4d78c76faf58613c4a1dc57727ac6ea32cf6af9c Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Tue, 4 Apr 2017 17:22:49 +0200
Subject: [PATCH 04/24] Update default_pwd.dic

added a new cloner pwd
---
 client/default_pwd.dic | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/client/default_pwd.dic b/client/default_pwd.dic
index 2c63e53ca..b0659a091 100644
--- a/client/default_pwd.dic
+++ b/client/default_pwd.dic
@@ -4,6 +4,8 @@
 000D8787,
 # ref. http://kazus.ru/forums/showpost.php?p=1045937&postcount=77
 05D73B9F,
+# ref. http://www.proxmark.org/forum/viewtopic.php?=
+89A69E60,
 # Default pwd, simple:
 00000000,
 11111111,

From 450714d641cad0701dd7e2297ccf07eae424424f Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 5 Apr 2017 17:27:09 +0200
Subject: [PATCH 05/24] Update default_keys.dic

---
 client/default_keys.dic | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/client/default_keys.dic b/client/default_keys.dic
index 04a7c6698..66bbe5925 100644
--- a/client/default_keys.dic
+++ b/client/default_keys.dic
@@ -316,4 +316,12 @@ d9a37831dce5,
 c5cfe06d9ea3,
 c0dece673829,
 #
-a56c2df9a26d,
\ No newline at end of file
+a56c2df9a26d,
+#
+# Data from: Aussie transports
+#
+2031d1e57a3b,
+68d3f7307c89,         
+9189449ea24e,
+568c9083f71c,         
+53c11f90822a,  

From d840622789ab402a47e740a8ce38d7a6b2d64209 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 5 Apr 2017 17:28:46 +0200
Subject: [PATCH 06/24] Update default_keys.dic

---
 client/default_keys.dic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/default_keys.dic b/client/default_keys.dic
index 66bbe5925..739d075b3 100644
--- a/client/default_keys.dic
+++ b/client/default_keys.dic
@@ -318,7 +318,7 @@ c0dece673829,
 #
 a56c2df9a26d,
 #
-# Data from: Aussie transports
+# Data from: https://pastebin.com/vbwast74
 #
 2031d1e57a3b,
 68d3f7307c89,         

From 926ea42b76b0c89c84e46f550109867df5546e7d Mon Sep 17 00:00:00 2001
From: ikarus <ikarus4ever@web.de>
Date: Fri, 14 Apr 2017 11:24:49 +0200
Subject: [PATCH 07/24] FIX: hf legic crc data parameter 'd' was inconsistently
 declared.

---
 client/cmdhflegic.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index 4414efa1d..f66effbed 100644
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -24,8 +24,8 @@ int usage_legic_calccrc(void){
 	PrintAndLog("      c <8|16>      : Crc type");
 	PrintAndLog("");
 	PrintAndLog("Samples:");
-	PrintAndLog("      hf legic crc b deadbeef1122");
-	PrintAndLog("      hf legic crc b deadbeef1122 u 9A c 16");
+	PrintAndLog("      hf legic crc d deadbeef1122");
+	PrintAndLog("      hf legic crc d deadbeef1122 u 9A c 16");
 	return 0;
 }
 int usage_legic_rdmem(void){	
@@ -678,8 +678,8 @@ int CmdLegicCalcCrc(const char *Cmd){
 	
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
-		case 'b':
-		case 'B':
+		case 'd':
+		case 'D':
 			// peek at length of the input string so we can
 			// figure out how many elements to malloc in "data"
 			bg=en=0;
@@ -1274,4 +1274,4 @@ int CmdHFLegic(const char *Cmd) {
 int CmdHelp(const char *Cmd) {
 	CmdsHelp(CommandTable);
 	return 0;
-}
\ No newline at end of file
+}

From aff903d99f4a6175faef67cc8bff1e893d4a0889 Mon Sep 17 00:00:00 2001
From: Gator96100 <jupuerzi@gmx.at>
Date: Sat, 22 Apr 2017 23:36:43 +0200
Subject: [PATCH 08/24] Fix crashes when compiled with a different cpu

---
 client/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/Makefile b/client/Makefile
index 96920229e..764da38a3 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -7,7 +7,7 @@ include ../common/Makefile.common
 
 CC = gcc
 CXX = g++
-COMMON_FLAGS += -std=c99 -O3 -march=native -g
+COMMON_FLAGS += -std=c99 -O3 -march=x86-64 -g
 
 #VPATH = ../common ../zlib
 OBJDIR = obj

From dccc3e2c6653d5fc2d4e0fe675ebf835d3b551b7 Mon Sep 17 00:00:00 2001
From: Gator96100 <jupuerzi@gmx.at>
Date: Sun, 23 Apr 2017 15:27:00 +0200
Subject: [PATCH 09/24] When compiled with MinGW use march=x86-64 instead of
 march=native

---
 client/Makefile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/client/Makefile b/client/Makefile
index 764da38a3..5f5df1486 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -7,7 +7,7 @@ include ../common/Makefile.common
 
 CC = gcc
 CXX = g++
-COMMON_FLAGS += -std=c99 -O3 -march=x86-64 -g
+COMMON_FLAGS += -std=c99 -O3 -g
 
 #VPATH = ../common ../zlib
 OBJDIR = obj
@@ -20,7 +20,7 @@ LUAPLATFORM = generic
 
 ifneq (,$(findstring MINGW,$(platform))) 
     LDLIBS +=  -L/mingw/lib -lgdi32
-	CFLAGS +=  -I/mingw/include -D__USE_MINGW_ANSI_STDIO=1
+    CFLAGS +=  -I/mingw/include -D__USE_MINGW_ANSI_STDIO=1 -march=x86-64
     CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
     MOC = $(QTDIR)/bin/moc
     LUAPLATFORM = mingw
@@ -46,7 +46,8 @@ else ifeq ($(platform),Darwin)
 	# OS X, QT5 detection needs this.
 	export PKG_CONFIG_PATH=/usr/local/Cellar/qt5/5.6.1-1/lib/pkgconfig/
 
-	CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O3
+    CFLAGS +=  -march=native
+    CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O3
     QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
     MOC = $(shell pkg-config --variable=moc_location QtCore)
 
@@ -64,6 +65,7 @@ else ifeq ($(platform),Darwin)
 
     LUAPLATFORM = macosx
 else
+    CFLAGS +=  -march=native
     CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O3
     QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
     LUALIB +=  -ldl

From bc61d6af20de7089d73c58a08bc0d57a125d3a31 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:40:13 +0200
Subject: [PATCH 10/24] Update README.md

---
 README.md | 56 +++++++++++++++++++------------------------------------
 1 file changed, 19 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index 94499d9b4..fe7cb351c 100644
--- a/README.md
+++ b/README.md
@@ -2,22 +2,22 @@ The iceman fork
 ===============
 [![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)  [![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/projects/proxmark3_iceman_fork)  [![Latest release] (https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
 
-##This fork is HIGHLY experimental (or bleeding edge)
+## This fork is HIGHLY experimental (or bleeding edge)
 
-##Donate
+## Donate
 https://paypal.me/iceman1001/
 Feel free to donate. All support is welcome.
 
-##Notice      
+## Notice      
 There is so much in this fork,  with all fixes and additions its basically the most enhanced fork to this day for the Proxmark3 device. Which makes it so awesum to play with. Do please play with it. Get excited and experiment. As a side note with all coverity scan fixes this client is much more stable than PM3 Master even if I tend to break it sometimes. I'll try to make a release when this fork becomes stable between my experiments.
 
-##Official
+## Official
 The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3
 
-##Coverity Scan Config & Run
+## Coverity Scan Config & Run
 Download the Coverity Scan Self-buld and install it.
 You will need to configure  ARM-NON-EABI- Compiler for it to use:
-
+```
 - Configure
 `cov-configure --comptype gcc --compiler  /opt/devkitpro/devkitARM/bin/arm-none-eabi-gcc`
 
@@ -28,8 +28,9 @@ You will need to configure  ARM-NON-EABI- Compiler for it to use:
 `tar czvf proxmark3.tgz cov-int`
 
 - upload it to coverity.com
+```
 
-##Whats changed?
+## Whats changed?
 Whats so special with this fork?  I have scraped the web for different enhancements to the PM3 source code and not all of them ever found their way to the master branch. 
 Among the stuff is
 
@@ -56,24 +57,24 @@ Among the stuff is
     * Aczid's bitsliced bruteforce solver in 'hf mf hardnested'
 	
 ---	
-##Why don't you merged with offical PM3 Master?
+## Why don't you merged with offical PM3 Master?
 I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master.
 Me fiddling with the code so much, there is a nightmare in merging a PR.  Luckily I have @marshmellow42 who takes some stuff and push PR's back.
 
-##Why don't you add nnnn or mmmm functionality?
+## Why don't you add nnnn or mmmm functionality?
 Give me a hint, and I'll see if I can't merge in the stuff you have. 
 	
-##PM3 GUI
+## PM3 GUI
 I do tend to rename and move stuff around, the official PM3-GUI from Gaucho will not work so well. *sorry*	
 
-##Development
+## Development
 This fork now compiles just fine on 
    - Windows/mingw environment with Qt5.6.1 & GCC 4.8
    - Ubuntu 1404, 1510, 1604
    - Mac OS X / Homebrew
    - Docker container
 
-##Setup and build for UBUNTU
+## Setup and build for UBUNTU
 GC made updates to allow this to build easily on Ubuntu 14.04.2 LTS, 15.10 or 16.04
 See https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux
 
@@ -110,7 +111,7 @@ https://github.com/daveio/attacksurface/blob/master/proxmark3/pm3-setup.sh
 - Run the client	
 `./proxmark3 /dev/ttyACM0`
 						   
-##Homebrew (Mac OS X)
+## Homebrew (Mac OS X)
 These instructions comes from @Chrisfu, where I got the proxmark3.rb scriptfile from.
 Further questions about Mac & Homebrew,  contact @Chrisfu  (https://github.com/chrisfu/)
 
@@ -120,7 +121,7 @@ Further questions about Mac & Homebrew,  contact @Chrisfu  (https://github.com/c
 
 3. Install Proxmark3: `brew install proxmark3` for stable release or `brew install --HEAD proxmark3` for latest non-stable from GitHub.
 
-##Docker container
+## Docker container
 I recently added a docker container on Docker HUB.  You find it here: https://hub.docker.com/r/iceman1001/proxmark3/
 Follow those instructions to get it up and running.  No need for the old proxspace-environment anymore.
 
@@ -206,40 +207,21 @@ Assuming you have Proxmark3 Windows drivers installed you can run the Proxmark s
 - Run the client	
 `proxmark3.exe comX`
 
-##Buying a proxmark3
+## Buying a proxmark3
 The Proxmark 3 device is available for purchase (assembled and tested) from the following locations:
 
    * http://proxmark3.tictail.com/ (For buyers in EU, most likely in Sweden)
  
    * http://www.elechouse.com/  (new and revised hardware package 2015, located in China)  
 
+Enjoy!
 
-##Enjoy
-
-January 2015, Sweden
 iceman at host iuse.se
+January 2015, Sweden
 
 
 
-
-##Note from Jonathan Westhues
-Most of the ultra-low-volume contract assemblers could put
-something like this together with a reasonable yield. A run of around
-a dozen units is probably cost-effective. The BOM includes (possibly-
-outdated) component pricing, and everything is available from Digikey
-and the usual distributors.
-
-If you've never assembled a modern circuit board by hand, then this is
-not a good place to start. Some of the components (e.g. the crystals)
-must not be assembled with a soldering iron, and require hot air.
-
-The schematics are included; the component values given are not
-necessarily correct for all situations, but it should be possible to do
-nearly anything you would want with appropriate population options.
-
-The printed circuit board artwork is also available, as Gerbers and an
-Excellon drill file.
-
+## Note from Jonathan Westhues
 
 LICENSING:
 

From 4d2e16b9c7c8351870c341c872f284018b186397 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:43:54 +0200
Subject: [PATCH 11/24] Update README.md

---
 README.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index fe7cb351c..ab5fbf12f 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,11 @@
 The iceman fork
 ===============
-[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)  [![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/projects/proxmark3_iceman_fork)  [![Latest release] (https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
+[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)  
+[![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/project/proxmark3_iceman_fork)
+[![Latest release](https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
 
-## This fork is HIGHLY experimental (or bleeding edge)
+
+## This fork is HIGHLY experimental and bleeding edge
 
 ## Donate
 https://paypal.me/iceman1001/
@@ -11,9 +14,6 @@ Feel free to donate. All support is welcome.
 ## Notice      
 There is so much in this fork,  with all fixes and additions its basically the most enhanced fork to this day for the Proxmark3 device. Which makes it so awesum to play with. Do please play with it. Get excited and experiment. As a side note with all coverity scan fixes this client is much more stable than PM3 Master even if I tend to break it sometimes. I'll try to make a release when this fork becomes stable between my experiments.
 
-## Official
-The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3
-
 ## Coverity Scan Config & Run
 Download the Coverity Scan Self-buld and install it.
 You will need to configure  ARM-NON-EABI- Compiler for it to use:
@@ -61,7 +61,7 @@ Among the stuff is
 I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master.
 Me fiddling with the code so much, there is a nightmare in merging a PR.  Luckily I have @marshmellow42 who takes some stuff and push PR's back.
 
-## Why don't you add nnnn or mmmm functionality?
+## Why don't you add this or that functionality?
 Give me a hint, and I'll see if I can't merge in the stuff you have. 
 	
 ## PM3 GUI
@@ -125,9 +125,9 @@ Further questions about Mac & Homebrew,  contact @Chrisfu  (https://github.com/c
 I recently added a docker container on Docker HUB.  You find it here: https://hub.docker.com/r/iceman1001/proxmark3/
 Follow those instructions to get it up and running.  No need for the old proxspace-environment anymore.
 
-[1.6.0] How to start:   https://www.youtube.com/watch?v=b5Zta89Cf6Q
-[1.6.0] How to connect: https://youtu.be/0ZS2t5C-caI
-[1.6.1] How to flash:   https://www.youtube.com/watch?v=WXouhuGYEiw
+-[1.6.0] How to start:   https://www.youtube.com/watch?v=b5Zta89Cf6Q
+-[1.6.0] How to connect: https://youtu.be/0ZS2t5C-caI
+-[1.6.1] How to flash:   https://www.youtube.com/watch?v=WXouhuGYEiw
 
 Recommendations:  Use only latest container.
 

From 178d75f1afb263a8b47bec072af95f6f80623c23 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:45:22 +0200
Subject: [PATCH 12/24] Update README.md

---
 README.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/README.md b/README.md
index ab5fbf12f..36cdd81b6 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,6 @@
 The iceman fork
 ===============
-[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)  
-[![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/project/proxmark3_iceman_fork)
-[![Latest release](https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
+[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/project/proxmark3_iceman_fork)[![Latest release](https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
 
 
 ## This fork is HIGHLY experimental and bleeding edge

From 3d9a84abe2340641509f3da3c43a06d19e09263a Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:45:57 +0200
Subject: [PATCH 13/24] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 36cdd81b6..a2b939750 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 The iceman fork
 ===============
-[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/project/proxmark3_iceman_fork)[![Latest release](https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
+[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/project/proxmark3_iceman_fork)![![Latest release](https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
 
 
 ## This fork is HIGHLY experimental and bleeding edge

From 0781d38e7af5b8f15761ed4adcdef8318d883a22 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:46:26 +0200
Subject: [PATCH 14/24] Update

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a2b939750..764a08703 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 The iceman fork
 ===============
-[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/project/proxmark3_iceman_fork)![![Latest release](https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
+[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)[![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/project/proxmark3_iceman_fork)[![Latest release](https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
 
 
 ## This fork is HIGHLY experimental and bleeding edge

From 08cc2c36d8113a577b7a0c1eb9ae3f7322e8a572 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 19:52:03 +0200
Subject: [PATCH 15/24] fix:  'hf mf chk'

Dictionary files will load wrong if they exceed 256lines.
---
 client/cmdhfmf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 13cbee685..820fb93bc 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -1081,7 +1081,7 @@ int CmdHF14AMfChk(const char *Cmd) {
 	char filename[FILE_PATH_SIZE]={0};
 	char buf[13];
 	uint8_t *keyBlock = NULL, *p;
-	uint8_t stKeyBlock = 20;
+	uint16_t stKeyBlock = 20;
 	
 	sector_t *e_sector = NULL;
 	

From 489e735f8646a967433b9bdc76704349de85626b Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 21:32:42 +0200
Subject: [PATCH 16/24] Update Makefile.common

chg:  disabling 512kb flashing since it has issues with the flasher code.  Might enable it later on.
---
 common/Makefile.common | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/Makefile.common b/common/Makefile.common
index aa93433aa..95820e667 100644
--- a/common/Makefile.common
+++ b/common/Makefile.common
@@ -65,8 +65,8 @@ endif
 
 # uncomment these two; to fix 256 vs 512kb PM3 devices
 # flashing bootrom -b is needed
-APP_CFLAGS += -DHAS_512_FLASH
-COMMON_FLAGS += -DHAS_512_FLASH
+#APP_CFLAGS += -DHAS_512_FLASH
+#COMMON_FLAGS += -DHAS_512_FLASH
 
 # Also search prerequisites in the common directory (for usb.c), the fpga directory (for fpga.bit), and the zlib directory
 VPATH = . ../common ../fpga ../zlib

From 8c9facb7b51eb5ea99defbbee47a39e5f6573c17 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Thu, 27 Apr 2017 16:30:14 +0200
Subject: [PATCH 17/24] Update cmdhficlass.c

fix:  'hf iclass dump' now uses rawkey option even for credit key.
---
 client/cmdhficlass.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index 3891d431c..5351adffa 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -834,9 +834,9 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
 		ul_switch_off_field();
 		memset(MAC,0,4);
 		// AA2 authenticate credit key and git c_div_key - later store in dump block 4
-		if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
+		if (!select_and_auth(CreditKEY, MAC, c_div_key, true, elite, rawkey, false)){
 			//try twice - for some reason it sometimes fails the first time...
-			if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
+			if (!select_and_auth(CreditKEY, MAC, c_div_key, true, elite, rawkey, false)){
 				ul_switch_off_field();
 				return 0;
 			}

From 2419ac3af971c8297908bdfc9c044130c5560e36 Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Sat, 29 Apr 2017 13:25:27 +0200
Subject: [PATCH 18/24] Start fixing AppVeyor

---
 .gitignore   |  1 +
 appveyor.yml | 23 +++++++----------------
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/.gitignore b/.gitignore
index bf86be009..24761385f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # .gitignore
 # don't push these files to the repository
 
+.idea
 .history
 *.log
 *.eml
diff --git a/appveyor.yml b/appveyor.yml
index cac45bd42..4af9a43d4 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,17 +1,8 @@
-os: Windows Server 2012
-platform: mingw
-qt: mingw492_32
+version: 1.0.{build}
+init:
+- cmd: >-
+    set QTDIR=C:\Qt\5.5\mingw492_32
 
-branches:
-  only:
-    - master
-
-install:
- - set QTDIR=C:\Qt\5.5\mingw492_32
- - set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin
-  
-before_build:
- - make clean
- 
-build:
-  - make all
+    set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
+build_script:
+- cmd: make

From c91e84203c5b2659ca78b2be292e3e42e93fad75 Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Sat, 29 Apr 2017 14:32:06 +0200
Subject: [PATCH 19/24] AppVeyor - Make all

---
 appveyor.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appveyor.yml b/appveyor.yml
index 4af9a43d4..4b2425649 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -5,4 +5,4 @@ init:
 
     set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
 build_script:
-- cmd: make
+- cmd: make all

From d063559fc4ac6145a7a04e0a740ec672cc121b73 Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Sat, 29 Apr 2017 16:50:57 +0200
Subject: [PATCH 20/24] Add more VIGIK Keys

---
 client/default_keys.dic | 40 +++++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/client/default_keys.dic b/client/default_keys.dic
index 739d075b3..3ed597a4c 100644
--- a/client/default_keys.dic
+++ b/client/default_keys.dic
@@ -235,8 +235,8 @@ c2b7ec7d4eb1,
 003003003003,
 #
 # Data from: http://phreakerclub.com/forum/showthread.php?p=41266
-26973ea74321, 
-71f3a315ad26, 
+26973ea74321,
+71f3a315ad26,
 51044efb5aab,
 ac70ca327a04,
 eb0a8ff88ade,
@@ -279,7 +279,7 @@ a7abbc77cc9e,
 f792c4c76a5c,
 bfb6796a11db,
 #
-# Data from 
+# Data from
 8829da9daf76,
 #
 # Data from Salto A/B
@@ -290,7 +290,7 @@ bfb6796a11db,
 2338b4913111,
 #
 # Data from stoye
-cb779c50e1bd,  
+cb779c50e1bd,
 a27d3804c259,
 003cc420001a,
 f9861526130f,
@@ -321,7 +321,33 @@ a56c2df9a26d,
 # Data from: https://pastebin.com/vbwast74
 #
 2031d1e57a3b,
-68d3f7307c89,         
+68d3f7307c89,
 9189449ea24e,
-568c9083f71c,         
-53c11f90822a,  
+568c9083f71c,
+53c11f90822a,
+# Vigik Keys
+# Various sources :
+# * https://github.com/DumpDos/Vigik
+# * http://newffr.com/viewtopic.php?&forum=235&topic=11559
+# * Own dumps
+021209197591,
+22729a9bd40f,
+2ef720f2af76,
+38fcf33072e0,
+424c41524f4e,
+484558414354,
+49fae4e3849f,
+4a6352684677,
+509359f131b1,
+62d0c424ed8e,
+66d2b7dc39ef,
+6bc1e1ae547d,
+6c78928e1317,
+89347350bd36,
+8ad5517b4b18,
+8fa1d601d0a2,
+a22ae129c013,
+a6cac2886412,
+aa0720018738,
+e64a986a5d94,
+bf1f4424af76,

From 7b8cbd38a80d1962ce4e2beb2a878b467053ff4d Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Mon, 1 May 2017 09:16:22 +0200
Subject: [PATCH 21/24] Appveyor - Add strawberryperl / readline / libusb

---
 appveyor.yml        | 27 +++++++++++++++++++++++----
 armsrc/fpgaloader.c | 36 ++++++++++++++++++------------------
 2 files changed, 41 insertions(+), 22 deletions(-)

diff --git a/appveyor.yml b/appveyor.yml
index 4b2425649..d76c4e957 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,8 +1,27 @@
 version: 1.0.{build}
-init:
-- cmd: >-
-    set QTDIR=C:\Qt\5.5\mingw492_32
+environment:
+  global:
+    CYG_ROOT: C:\cygwin
+    CYG_MIRROR: http://cygwin.mirror.constant.com
+    CYG_CACHE: C:\cygwin\var\cache\setup
+    CYG_BASH: C:\cygwin\bin\bash
 
-    set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
+init:
+- cmd:
+    - set QTDIR=C:\Qt\5.5\mingw492_32
+    - set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
+    - c:\cygwin\setup-x86.exe --quiet-mode --no-shortcuts --only-site --root "%CYG_ROOT%" --site "%CYG_MIRROR%" --local-package-dir "%CYG_CACHE%" --packages autoconf,automake,bison,gcc-core,gcc-g++,mingw-runtime,mingw-binutils,mingw-gcc-core,mingw-gcc-g++,mingw-pthreads,mingw-w32api,libtool,make,gettext-devel,gettext,intltool,libiconv,pkg-config,git,curl,libxslt,libreadline-devel,libreadline7 > NUL 2>&1'
+    - '%CYG_BASH% -lc "cygcheck -dc cygwin"'
+    - if not exist "make.zip" curl -L -o make.zip http://gnuwin32.sourceforge.net/downlinks/make-bin-zip.php
+    - if not exist "make-dep.zip" curl -L -o make-dep.zip http://gnuwin32.sourceforge.net/downlinks/make-dep-zip.php
+    - if not exist "gcc-arm-none-eabi.zip" curl -L -o gcc-arm-none-eabi.zip https://launchpad.net/gcc-arm-embedded/4.8/4.8-2014-q1-update/+download/gcc-arm-none-eabi-4_8-2014q1-20140314-win32.zip
+    - if not exist "C:\strawberry" cinst strawberryperl #once I workout how to install Digest::SHA for perl, this won't be required
+    - set PATH=C:\strawberry\perl\bin;C:\strawberry\perl\site\bin;C:\strawberry\c\bin;%PATH%
+    - unzip -o -q gcc-arm-none-eabi.zip -d c:\gcc\
+    - unzip make.zip -d c:\gnuwin32\
+    - unzip make-dep.zip -d c:\gnuwin32\
+    - set PATH=C:\Program Files\git\bin;%PATH:C:\Program Files\git\bin;=% #move git to begining of PATH so find works correctly
+    - set PATH=%PATH%;c:\gnuwin32\bin;c:\gcc\bin
+    - set PATH=%PATH%;c:\gcc\bin
 build_script:
 - cmd: make all
diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c
index a96cb5d9e..e8c3028f3 100644
--- a/armsrc/fpgaloader.c
+++ b/armsrc/fpgaloader.c
@@ -153,20 +153,20 @@ void FpgaSetupSsc(void) {
 //-----------------------------------------------------------------------------
 bool FpgaSetupSscDma(uint8_t *buf, int len) {
 	if (buf == NULL) return false;
-	
+
 	AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;	// Disable DMA Transfer
 	AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf;		// transfer to this memory address
 	AT91C_BASE_PDC_SSC->PDC_RCR = len;					// transfer this many bytes
 	AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf;		// next transfer to same memory address
 	AT91C_BASE_PDC_SSC->PDC_RNCR = len;					// ... with same number of bytes
-	AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;		// go!    
+	AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;		// go!
     return true;
 }
 
 
 //----------------------------------------------------------------------------
 // Uncompress (inflate) the FPGA data. Returns one decompressed byte with
-// each call. 
+// each call.
 //----------------------------------------------------------------------------
 static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8_t *output_buffer)
 {
@@ -184,7 +184,7 @@ static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8
 	}
 
 	++uncompressed_bytes_cnt;
-	
+
 	return *fpga_image_ptr++;
 }
 
@@ -200,7 +200,7 @@ static int get_from_fpga_stream(int bitstream_version, z_streamp compressed_fpga
 		get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);
 	}
 
-	return get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);	
+	return get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);
 }
 
 
@@ -218,14 +218,14 @@ static void fpga_inflate_free(voidpf opaque, voidpf address)
 
 
 //----------------------------------------------------------------------------
-// Initialize decompression of the respective (HF or LF) FPGA stream 
+// Initialize decompression of the respective (HF or LF) FPGA stream
 //----------------------------------------------------------------------------
 static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
 {
 	uint8_t header[FPGA_BITSTREAM_FIXED_HEADER_SIZE];
-	
+
 	uncompressed_bytes_cnt = 0;
-	
+
 	// initialize z_stream structure for inflate:
 	compressed_fpga_stream->next_in = &_binary_obj_fpga_all_bit_z_start;
 	compressed_fpga_stream->avail_in = &_binary_obj_fpga_all_bit_z_start - &_binary_obj_fpga_all_bit_z_end;
@@ -240,7 +240,7 @@ static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_s
 
 	for (uint16_t i = 0; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++)
 		header[i] = get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer);
-	
+
 	// Check for a valid .bit file (starts with _bitparse_fixed_header)
 	if(memcmp(_bitparse_fixed_header, header, FPGA_BITSTREAM_FIXED_HEADER_SIZE) == 0)
 		return true;
@@ -324,7 +324,7 @@ static void DownloadFPGA(int bitstream_version, int FpgaImageLen, z_streamp comp
 		}
 		DownloadFPGA_byte(b);
 	}
-	
+
 	// continue to clock FPGA until ready signal goes high
 	i=100000;
 	while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
@@ -396,21 +396,21 @@ static int bitparse_find_section(int bitstream_version, char section_name, unsig
 
 
 //----------------------------------------------------------------------------
-// Check which FPGA image is currently loaded (if any). If necessary 
+// Check which FPGA image is currently loaded (if any). If necessary
 // decompress and load the correct (HF or LF) image to the FPGA
 //----------------------------------------------------------------------------
 void FpgaDownloadAndGo(int bitstream_version)
 {
 	z_stream compressed_fpga_stream;
 	uint8_t output_buffer[OUTPUT_BUFFER_LEN] = {0x00};
-	
+
 	// check whether or not the bitstream is already loaded
 	if (downloaded_bitstream == bitstream_version)
 		return;
 
 	// make sure that we have enough memory to decompress
 	BigBuf_free(); BigBuf_Clear_ext(false);
-	
+
 	if (!reset_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer)) {
 		return;
 	}
@@ -422,14 +422,14 @@ void FpgaDownloadAndGo(int bitstream_version)
 	}
 
 	inflateEnd(&compressed_fpga_stream);
-	
+
 	// free eventually allocated BigBuf memory
 	BigBuf_free(); BigBuf_Clear_ext(false);
-}	
+}
 
 
 //-----------------------------------------------------------------------------
-// Gather version information from FPGA image. Needs to decompress the begin 
+// Gather version information from FPGA image. Needs to decompress the begin
 // of the respective (HF or LF) image.
 // Note: decompression makes use of (i.e. overwrites) BigBuf[]. It is therefore
 // advisable to call this only once and store the results for later use.
@@ -440,7 +440,7 @@ void FpgaGatherVersion(int bitstream_version, char *dst, int len)
 	char tempstr[40] = {0x00};
 	z_stream compressed_fpga_stream;
 	uint8_t output_buffer[OUTPUT_BUFFER_LEN] = {0x00};
-	
+
 	dst[0] = '\0';
 
 	// ensure that we can allocate enough memory for decompression:
@@ -492,7 +492,7 @@ void FpgaGatherVersion(int bitstream_version, char *dst, int len)
 		}
 		strncat(dst, tempstr, len-1);
 	}
-	
+
 	strncat(dst, "\n", len-1);
 
 	inflateEnd(&compressed_fpga_stream);

From bf413f1b871d3adae107ed03a5fbfd03a5e3603a Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Wed, 17 May 2017 18:52:30 +0200
Subject: [PATCH 22/24] Start fixing legic.lua ! Now loads dumps fine

---
 client/scripts/legic.lua | 616 +++++++++++++++++++--------------------
 1 file changed, 308 insertions(+), 308 deletions(-)

diff --git a/client/scripts/legic.lua b/client/scripts/legic.lua
index 73ef47917..69605781b 100644
--- a/client/scripts/legic.lua
+++ b/client/scripts/legic.lua
@@ -1,11 +1,11 @@
---[[	
+--[[
 if it don't works with you tag-layout - be so kind and let me know ;-)
 
 Tested on Tags with those Layouts:
 
 (example)	Legic-Prime Layout with 'Kaba Group Header'
       +----+----+----+----+----+----+----+----+
-  0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 9f |		
+  0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 9f |
       +----+----+----+----+----+----+----+----+
   0x08| ff | 00 | 00 | 00 | 11 |Bck0|Bck1|Bck2|
       +----+----+----+----+----+----+----+----+
@@ -33,7 +33,7 @@ kghC  = crc8 over MCD + MSN0..MSN2 + UID
 
 (example)	Legic-Cash on MIM256/1024 tag' (37 bytes)
       +----+----+----+----+----+----+----+----+
-  0x00|Seg0|Seg1|Seg2|Seg3|SegC|STP0|STP1|STP2|		
+  0x00|Seg0|Seg1|Seg2|Seg3|SegC|STP0|STP1|STP2|
       +----+----+----+----+----+----+----+----+
   0x08|STP3|STP4|STP5|STP6| 01 |CURh|CURl|LIMh|
       +----+----+----+----+----+----+----+----+
@@ -58,7 +58,7 @@ CHK = crc16 over SHD + LRS + CV
 
 (example)	Legic-Prime Layout 'gantner unsegmented user-credential'
       +----+----+----+----+----+----+----+----+
-  0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 08 |		
+  0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 08 |
       +----+----+----+----+----+----+----+----+
   0x08|Stp0|Stp1|Stp2|Stp3|Stp4|Dat0|Dat1|uCRC| <- addr 0x08..0x0f is WRP
       +----+----+----+----+----+----+----+----+
@@ -75,11 +75,11 @@ uCRC  = crc8 over addr 0x00..0x03+0x07..0x0E
 
 (example)	Legic-Prime Layout 'gantner unsegmented Master-Token (IAM) with a stamp_len of 4'
       +----+----+----+----+----+----+----+----+
-  0x00|MCD |MSN0|MSN1|MSN2|MCC | 20 | f8 | 08 |		
+  0x00|MCD |MSN0|MSN1|MSN2|MCC | 20 | f8 | 08 |
       +----+----+----+----+----+----+----+----+
   0x08|Stp0|Stp1|Stp2|Stp3| 00 | 00 | 00 |CRC1|
       +----+----+----+----+----+----+----+----+
-  0x10| 00 | 00 | 00 | 00 | 00 |CRC2| 
+  0x10| 00 | 00 | 00 | 00 | 00 |CRC2|
       +----+----+----+----+----+----+
 MCD   = Manufacturer ID
 MSN   = Manufacturer SerialNumber
@@ -106,36 +106,36 @@ it's kinda interactive with following commands in three categories:
   rt => read    Tag             as => add    Segment                mt => make Token
   wt => write   Tag             es => edit   Segment Header         et => edit Token data
                                 ed => edit   Segment Data           tk => toggle KGH-Flag
-      File I/O                  rs => remove Segment           
-  -----------------             cc => check  Segment-CRC         
-  lf => load   File             ck => check  KGH                  
-  sf => save   File             ds => dump   Segments            
-  xf => xor to File                                              
-                                                                
- 
+      File I/O                  rs => remove Segment
+  -----------------             cc => check  Segment-CRC
+  lf => load   File             ck => check  KGH
+  sf => save   File             ds => dump   Segments
+  xf => xor to File
+
+
  (partially) known Segments              Virtual Tags                     Script Output
  ---------------------------    -------------------------------     ------------------------
  dlc => dump  Legic-Cash        ct => copy  mainTag to backupTag    tac => toggle ansicolors
- elc => edit  Legic-Cash        tc => copy  backupTag to mainTag                                     
- d3p => dump  3rd-Party-Cash    tt => switch mainTag & backupTag                                    
- e3p => edit  3rd-Party-Cash    di => dump  mainTag 
+ elc => edit  Legic-Cash        tc => copy  backupTag to mainTag
+ d3p => dump  3rd-Party-Cash    tt => switch mainTag & backupTag
+ e3p => edit  3rd-Party-Cash    di => dump  mainTag
                                 do => dump  backupTag
-                                  
 
- 
+
+
  rt: 'read tag'         - reads a tag placed near to the PM3
  wt: 'write tag'        - writes the content of the 'virtual inTag' to a tag placed near to th PM3
                           without the need of changing anything - MCD,MSN,MCC will be read from the tag
                           before and applied to the output.
- 
+
  lf: 'load file'        - load a (xored) file from the local Filesystem into the 'virtual inTag'
  sf: 'save file'        - saves the 'virtual inTag' to the local Filesystem (xored with Tag-MCC)
  xf: 'xor file'         - saves the 'virtual inTag' to the local Filesystem (xored with choosen MCC - use '00' for plain values)
- 
+
  ct: 'copy tag'         - copy the 'virtual Tag' to a second 'virtual TAG' - not usefull yet, but inernally needed
  tc: 'copy tag'         - copy the 'second virtual Tag' to 'virtual TAG' - not usefull yet, but inernally needed
  tt: 'toggle tag'       - copy mainTag to BackupTag and backupTag to mainTag
- 
+
  di: 'dump mainTag'     - shows the current content of the 'virtual Tag'
  do: 'dump backupTag'   - shows the current content of the 'virtual outTag'
  ds: 'dump Segments'    - will show the content of a selected Segment
@@ -151,25 +151,25 @@ it's kinda interactive with following commands in three categories:
                           'Kaba Group Header CRC calculation'
  tk: 'toggle KGH'       - toglle the (script-internal) flag for kgh-calculation for a segment
  xc: 'etra c'           - show string that was used to calculate the kgh-crc of a segment
- 
+
 dlc: 'dump Legic-Cash'  - show balance and checksums of a Legic-Cash Segment
 elc: 'edit Legic-Cash'  - edit values of a Legic-Cash Segment
 
 d3p: 'dump 3rd Party'   - show balance, history and checksums of a (yet) unknown 3rd-Party Cash Segment
 e3p: 'edit 3rd Party'   - edit Data in 3rd-Party Cash Segment
- 
+
 tac: 'toggle ansicolors'- switch on and off the colored text-output of this script
                           default can be changed by setting the variable 'colored_output' to false
 ]]
 currentTag="inTAG"
 
---- 
+---
 -- requirements
 local utils       = require('utils')
 local getopt      = require('getopt')
 local ansicolors  = require('ansicolors')
 
---- 
+---
 -- global variables / defines
 local bxor    = bit32.bxor
 local bbit    = bit32.extract
@@ -201,7 +201,7 @@ function load_colors(onoff)
     acmagenta= ansicolors.magenta
     acoff   = ansicolors.reset
   else
-    -- 'no color' 
+    -- 'no color'
     acgreen = ""
     accyan  = ""
     acred   = ""
@@ -215,20 +215,20 @@ end
 ---
 -- curency-codes for Legic-Cash-Segments (ISO 4217)
 local currency = {
-  ["03d2"]="EUR", 
-  ["0348"]="USD", 
+  ["03d2"]="EUR",
+  ["0348"]="USD",
   ["033A"]="GBP",
   ["02F4"]="CHF"
 }
 
---- 
+---
 -- This is only meant to be used when errors occur
 function oops(err)
 	print(acred.."ERROR: "..acoff ,err)
 	return nil, err
 end
 
----  
+---
 -- Usage help
 function help()
 	print(desc)
@@ -236,10 +236,10 @@ function help()
 	print("Example usage: "..example)
 end
 
---- 
+---
 -- table check helper
-function istable(t) 
-  return type(t) == 'table' 
+function istable(t)
+  return type(t) == 'table'
 end
 
 ---
@@ -262,7 +262,7 @@ function deepCopy(object)
     return _copy(object)
 end
 
---- 
+---
 -- xor single byte
 function xorme(hex, xor, index)
 	if ( index >= 23 ) then
@@ -272,7 +272,7 @@ function xorme(hex, xor, index)
 	end
 end
 
---- 
+---
 -- (de)obfuscate bytes
 function xorBytes(inBytes, crc)
 	local bytes = {}
@@ -289,13 +289,14 @@ function xorBytes(inBytes, crc)
 	end
 end
 
---- 
+---
 -- check availability of file
 function file_check(file_name)
-  local file_found=io.open(file_name, "r")      
+  local file_found=io.open(file_name, "r")
   if file_found==nil then
     return false
   else
+    file_found:close()
     return true
   end
 end
@@ -334,20 +335,19 @@ function bytesToTable(bytes, bstart, bend)
   return t
 end
 
---- 
+---
 -- read file into table
 function getInputBytes(infile)
 	local line
 	local bytes = {}
-	local fhi,err = io.open(infile)
+	local fhi,err = io.open(infile,"rb")
 	if err then oops("faild to read from file ".. infile); return false; end
-	while true do
-		line = fhi:read()
-		if line == nil then break end
-		for byte in line:gmatch("%w+") do 
-			table.insert(bytes, byte)
-		end
-	end
+
+  file_data = fhi:read("*a");
+  for i = 1, #file_data
+  do
+    bytes[i] = string.format("%x",file_data:byte(i))
+  end
 	fhi:close()
   if (bytes[7]=='00') then return false end
   print(#bytes .. " bytes from "..infile.." loaded")
@@ -357,7 +357,7 @@ end
 ---
 -- create tag-table helper
 function createTagTable()
-  local t={  
+  local t={
         ['MCD'] = '00',
         ['MSN0']= '11',
         ['MSN1']= '22',
@@ -381,7 +381,7 @@ function createTagTable()
   return t
 end
 
---- 
+---
 -- put bytes into tag-table
 function bytesToTag(bytes, tag)
   if(istable(tag)) then
@@ -407,14 +407,14 @@ function bytesToTag(bytes, tag)
     tag.data=bytesToTable(bytes, 10, 13)
     tag.Bck=bytesToTable(bytes, 14, 20)
     tag.MTC=bytesToTable(bytes, 21, 22)
-    
+
     print(acgreen.."Tag-Type: ".. tag.Type..acoff)
     if (tag.Type=="SAM" and #bytes>23) then
       tag=segmentsToTag(bytes, tag)
       print(acgreen..(#tag.SEG+1).." Segment(s) found"..acoff)
     -- unsegmented Master-Token
-    -- only tag-data 
-    else 
+    -- only tag-data
+    else
       for i=0, #tag.Bck do
         table.insert(tag.data, tag.Bck[i])
       end
@@ -429,8 +429,8 @@ function bytesToTag(bytes, tag)
   return oops("tag is no table in: bytesToTag ("..type(tag)..")")
 end
 
---- 
--- put segments from byte-table to tag-table 
+---
+-- put segments from byte-table to tag-table
 function segmentsToTag(bytes, tag)
   if(#bytes>23) then
     local start=23
@@ -447,7 +447,7 @@ function segmentsToTag(bytes, tag)
       return tag
     else return oops("tag is no table in: segmentsToTag ("..type(tag)..")") end
   else print("no Segments: must be a MIM22") end
-end 
+end
 
 ---
 -- read Tag-Table in bytes-table
@@ -501,14 +501,14 @@ function tagToBytes(tag)
 end
 
 --- PM3 I/O ---
---- 
+---
 -- read from pm3 into virtual-tag
 function readFromPM3()
-  local tag, bytes, infile 
+  local tag, bytes, infile
     infile="legic.temp"
     core.console("hf legic reader")
-    core.console("hf legic save "..infile)
-    tag=readFile(infile)
+    core.console("hf legic esave "..infile)
+    tag=readFile(infile..".bin")
     return tag
 end
 
@@ -522,7 +522,7 @@ function writeToTag(tag)
     return
   end
   -- get used bytes / tag-len
-  if(istable(tag.SEG)) then 
+  if(istable(tag.SEG)) then
       if (istable(tag.Bck)) then
       for i=0, #tag.SEG do
         taglen=taglen+tag.SEG[i].len+5
@@ -539,7 +539,7 @@ function writeToTag(tag)
   tag.MSN2 = outbytes[4]
   tag.MCC  = outbytes[5]
   -- recheck all segments-crc/kghcrc (only on a credential)
-  if(istable(tag.Bck)) then 
+  if(istable(tag.Bck)) then
     checkAllSegCrc(tag)
     checkAllKghCrc(tag)
     local uid_new=tag.MCD..tag.MSN0..tag.MSN1..tag.MSN2
@@ -555,10 +555,10 @@ function writeToTag(tag)
   bytes=tagToBytes(tag)
   -- master-token-crc
   if (tag.Type~="SAM") then bytes[22]=calcMtCrc(bytes) end
-  if (bytes) then 
+  if (bytes) then
     print("write temp-file '"..filename.."'")
     print(accyan)
-    writeFile(bytes, filename)      
+    writeFile(bytes, filename)
     --writeToTag(bytes, taglen, 'MylegicClone.hex')
     print(acoff)
   end
@@ -577,14 +577,14 @@ function writeToTag(tag)
 				core.console(cmd)
         --print(cmd)
 			elseif (i == 6) then
-				-- write DCF in reverse order (requires 'mosci-patch')        
+				-- write DCF in reverse order (requires 'mosci-patch')
 				cmd = 'hf legic write 0x05 0x02'
         print(acgreen..cmd..acoff)
 				core.console(cmd)
         --print(cmd)
 			else
 				print(acgreen.."skip byte 0x05 - will be written next step"..acoff)
-			end				
+			end
 			utils.Sleep(0.2)
 		end
 	end
@@ -601,7 +601,7 @@ function readFile(filename)
 		return oops("input file: "..filename.." not found")
 	else
 		bytes = getInputBytes(filename)
-		if (bytes == false) then return oops('couldnt get input bytes') 
+		if (bytes == false) then return oops('couldnt get input bytes')
     else
       -- make plain bytes
       bytes = xorBytes(bytes,bytes[5])
@@ -616,7 +616,7 @@ function readFile(filename)
   return tag
 end
 
---- 
+---
 -- write bytes to file
 function writeFile(bytes, filename)
   if (filename~='MylegicClone.hex') then
@@ -631,9 +631,9 @@ function writeFile(bytes, filename)
 	if err then oops("OOps ... faild to open output-file ".. filename) end
   bytes=xorBytes(bytes, bytes[5])
 	for i = 1, #bytes do
-		if (bcnt == 0) then 
+		if (bcnt == 0) then
 			line=bytes[i]
-		elseif (bcnt <= 7) then 
+		elseif (bcnt <= 7) then
 			line=line.." "..bytes[i]
 		end
 		if (bcnt == 7) then
@@ -651,12 +651,12 @@ function writeFile(bytes, filename)
 end
 
 --- Map related ---
---- 
+---
 -- make tagMap
 function makeTagMap()
   local tagMap={}
-  if (#tagMap==0) then 
-    tagMap['name']=input(accyan.."enter Name for this Map: "..acoff , "newTagMap") 
+  if (#tagMap==0) then
+    tagMap['name']=input(accyan.."enter Name for this Map: "..acoff , "newTagMap")
     tagMap['mappings']={}
     tagMap['crc8']={}
     -- insert fixed Tag-CRC
@@ -664,8 +664,8 @@ function makeTagMap()
     tagMap['crc16']={}
   end
   print(accyan.."new tagMap created"..acoff)
-  return tagMap                  
-end 
+  return tagMap
+end
 
 ---
 -- save mapping to file
@@ -676,11 +676,11 @@ function saveTagMap(map, filename)
       if (answer==false) then return print("user abort") end
     end
   end
-  
+
   local line
 	local fho,err = io.open(filename, "w")
 	if err then oops("OOps ... faild to open output-file ".. filename) end
-	
+
   -- write line to new file
   for k, v in pairs(map) do
     if (istable(v)) then
@@ -757,17 +757,17 @@ function loadTagMap(filename)
 		local fhi,err = io.open(filename)
   	while true do
   		line = fhi:read()
-  		if line == nil then 
-        break 
+  		if line == nil then
+        break
       else
         fields=split(line)
       end
-  		if (#fields==2) then 
+  		if (#fields==2) then
         if (fields[1]=='offset') then
           offset=tonumber(fields[2],10)
         end
         -- map-name
-        map[fields[1]]=fields[2] 
+        map[fields[1]]=fields[2]
       elseif (fields[1]=='mappings') then
         m=m+1
         temp={}
@@ -775,9 +775,9 @@ function loadTagMap(filename)
         temp['name']=fields[3]
         temp['start']=tonumber(fields[4], 10)
         temp['end']=tonumber(fields[5], 10)
-        if(temp['start']>22) then 
-          temp['start']=temp['start']+offset 
-          temp['end']=temp['end']+offset 
+        if(temp['start']>22) then
+          temp['start']=temp['start']+offset
+          temp['end']=temp['end']+offset
         end
         if (tonumber(fields[6], 10)==1) then temp['highlight']= true
         else temp['highlight']= false end
@@ -792,8 +792,8 @@ function loadTagMap(filename)
         temp['seq']=seqstr2tbl(s)
         for k, v in pairs(temp['seq']) do
           if(tonumber(v, 10)>22) then v=tonumber(v, 10)+offset end
-          temp['seq'][k]=tonumber(v, 10) 
-        end  
+          temp['seq'][k]=tonumber(v, 10)
+        end
         table.insert(map.crc8, temp)
       end
   	end
@@ -854,18 +854,18 @@ function checkMapCrc8(tagMap, bytes, n)
   local res=false
   if (#tagMap.crc8>0) then
     if(istable(tagMap.crc8[n])) then
-      temp=""     
+      temp=""
       for k2, v2 in pairs(tagMap.crc8[n]) do
         if (istable(v2)) then
             temp=temp..tbl2seqstr(v2)
         end
-      end     
+      end
       local tempres=""
       local tempres=getSequences(bytes, temp)
       tempres=("%02x"):format(utils.Crc8Legic(tempres))
       if (bytes[tagMap.crc8[n]['pos']]==tempres) then
         res=true
-      end    
+      end
     end
   end
   return res
@@ -875,19 +875,19 @@ end
 -- edit existing Map
 function editTagMap(tag, tagMap)
   local t = [[
-    Data:  dm = show         dr = dump raw      
+    Data:  dm = show         dr = dump raw
 Mappings:  im = insert       am = add       rm = remove
-    CRC8: ac8 = add         sc8 = show     rc8 = remove                    
+    CRC8: ac8 = add         sc8 = show     rc8 = remove
         :   q = exit          h = Help
   ]]
   --if(#tagMap.mappings==0) then oops("no mappings in tagMap"); return tagMap end
   print("tagMap edit-mode submenu")
-  repeat 
+  repeat
     x=input('tagMap submenu:', 'h')
       if      (x=='h') then print(t)
       elseif  (x=='dm') then tagMmap=dumpTagMap(tag, tagMap)
       elseif  (x=='dr') then tagMmap=dumpMap(tag, tagMap)
-      elseif  (x=='rc8') then 
+      elseif  (x=='rc8') then
         if (istable(tagMap.crc8)) then
           local x1 = selectTableEntry(tagMap.crc8, "select number of CRC8 to remove:")
           if (istable(tagMap.crc8[x1])) then
@@ -913,14 +913,14 @@ Mappings:  im = insert       am = add       rm = remove
             table.insert(tagMap.crc8, temp)
           end
         end
-      elseif  (string.sub(x, 1, 3)=='sc8') then 
+      elseif  (string.sub(x, 1, 3)=='sc8') then
         local bytes=tagToBytes(tag)
         local res, pos
         -- trigger manually by sc8 <'4digit' checkadd> <'seqeuence-string'>
         -- e.g.: sc8 0027 1-4,23-36
-        if (string.len(x)>=9) then 
+        if (string.len(x)>=9) then
           pos=tonumber(string.sub(x, 5, 8), 10)
-          x=string.sub(x, 9, string.len(x)) 
+          x=string.sub(x, 9, string.len(x))
           print("x: "..x.."  - pos:"..pos)
         else
           x=selectTableEntry(tagMap.crc8, "select CRC:")
@@ -960,23 +960,23 @@ function dumpMap(tag, tagMap)
   print(accyan.."Tag uses "..dend.." bytes:"..acoff)
   for i=dstart, dend do
     if (check4MappedByte(i, tagMap) and not check4MapCrc8(i, tagMap) and not check4Highlight(i, tagMap)) then io.write(""..acyellow)
-    elseif (check4MapCrc8(i, tagMap)) then 
+    elseif (check4MapCrc8(i, tagMap)) then
       if ( checkMapCrc8(tagMap, bytes, isPosCrc8(tagMap, i) ) ) then
         io.write(""..acgreen)
-      else 
+      else
         io.write(""..acred)
       end
-    else 
-      io.write(""..acoff) 
+    else
+      io.write(""..acoff)
     end
     -- highlighted mapping
     if (check4Highlight(i, tagMap)) then io.write(""..acmagenta) end
-    
+
     io.write(bytes[i])
-    if (i%8==0) then io.write("\n") 
+    if (i%8==0) then io.write("\n")
       else io.write(" ") end
   end
-  
+
   io.write("\n"..acoff)
 end
 
@@ -1053,14 +1053,14 @@ end
 ---
 -- add interactive mapping
 function addMapping(tag, tagMap, x)
-  if (type(x)~="number") then x=#tagMap.mappings+1 end 
+  if (type(x)~="number") then x=#tagMap.mappings+1 end
   local bytes=tagToBytes(tag)
   local myMapping={}
   myMapping['name'] =input(accyan.."enter Maping-Name:"..acoff, string.format("mapping %d", #tagMap.mappings+1))
   myMapping['start']=tonumber(input(accyan.."enter start-addr:"..acoff, '1'), 10)
   myMapping['end']  =tonumber(input(accyan.."enter end-addr:"..acoff, #bytes), 10)
   myMapping['highlight']=confirm("set highlighted")
-  table.insert(tagMap.mappings, x, myMapping)  
+  table.insert(tagMap.mappings, x, myMapping)
   return tagMap
 end
 
@@ -1074,7 +1074,7 @@ function deleteMapping(tag, tagMap)
     else oops("deleteMapping: got type = "..type(d).." - expected type = 'number'")
     end
   end
-  return tagMap 
+  return tagMap
 end
 
 ---
@@ -1107,7 +1107,7 @@ function mapAllSegments(tag, tagMap)
       --tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." HDR", v['start'], v['start']+3)
       tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." CRC", v['start']+4, v['start']+4, true)
       table.insert(tagMap.crc8, {name = 'Segment '..("%02d"):format(v['index']).." CRC", pos=v['start']+4, seq={1,4,v['start'],v['start']+3}} )
-      if(WRC>WRP) then 
+      if(WRC>WRP) then
         WRPC=WRC
         tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." WRC", v['start']+5, v['start']+5+WRC-1, true)
       elseif (WRP>WRC and WRC>0) then
@@ -1119,7 +1119,7 @@ function mapAllSegments(tag, tagMap)
         tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." WRP", v['start']+5, v['start']+5+WRP-1, true)
       end
       tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." data", v['start']+5+WRPC, v['end'], false)
-      
+
     end
     print(#segs.." Segments mapped")
   else
@@ -1128,7 +1128,7 @@ function mapAllSegments(tag, tagMap)
   return tagMap
 end
 
---- 
+---
 -- map all token data
 function mapTokenData(tagMap, mname, mstart, mend, mhigh)
   --if ( not mhigh ) then mhigh=false end
@@ -1137,7 +1137,7 @@ function mapTokenData(tagMap, mname, mstart, mend, mhigh)
   myMapping['start']=mstart
   myMapping['end']  =mend
   myMapping['highlight']=mhigh
-  table.insert(tagMap.mappings, myMapping) 
+  table.insert(tagMap.mappings, myMapping)
   return tagMap
 end
 
@@ -1189,7 +1189,7 @@ function dumpCDF(tag)
     res = res..accyan.."MCD: "..acoff..tag.MCD..accyan.." MSN: "..acoff..tag.MSN0.." "..tag.MSN1.." "..tag.MSN2..accyan.." MCC: "..acoff..tag.MCC.."\n"
     res = res.."DCF: "..tag.DCFl.." "..tag.DCFh..", Token_Type="..tag.Type.." (OLE="..tag.OLE.."), Stamp_len="..tag.Stamp_len.."\n"
     res = res.."WRP="..tag.WRP..", WRC="..tag.WRC..", RD="..tag.RD..", raw="..tag.raw..((tag.raw=='9f') and (", SSC="..tag.SSC.."\n") or "\n")
-    
+
     -- credential (end-user tag)
     if (tag.Type=="SAM" and tag.raw=='9f') then
       res = res.."Remaining Header Area\n"
@@ -1204,8 +1204,8 @@ function dumpCDF(tag)
       for i=0, (#tag.MTC) do
         res = res..tag.MTC[i].." "
       end
-    
-    
+
+
     -- Master Token specific
     elseif (tag.Type~="SAM") then
       res = res .."Master-Token Area\nStamp: "
@@ -1221,13 +1221,13 @@ function dumpCDF(tag)
       local mtcrc=calcMtCrc(bytes)
       res=res.."\nMaster-Token CRC: "
       res = res ..tag.MTC[1].." ("..((tag.MTC[1]==mtcrc) and "valid" or "error")..")"
-      
-    
+
+
     -- 'Gantner User-Credential' specific
     elseif (tag.Type=="SAM" and (tag.raw=='08' or tag.raw=='09')) then
       print(acgreen.."Gantner Detected"..acoff)
     end
-    
+
     return res
   else print("no valid Tag in dumpCDF") end
 end
@@ -1241,13 +1241,13 @@ function dumpSegment(tag, index)
   local res="" --result
   local raw="" --raw-header
   -- segment
-  if ( (istable(tag.SEG[i])) and tag.Type=="SAM" and tag.raw=="9f") then 
+  if ( (istable(tag.SEG[i])) and tag.Type=="SAM" and tag.raw=="9f") then
     if (istable(tag.SEG[i].raw)) then
       for k,v in pairs(tag.SEG[i].raw) do
         raw=raw..v.." "
       end
     end
-    
+
     -- segment header
     res = res..accyan.."Segment "..("%02d"):format(tag.SEG[i].index)..acoff..": "
     res = res .."raw header: "..string.sub(raw,0,-2)..", flag="..tag.SEG[i].flag..", (valid="..("%x"):format(tag.SEG[i].valid)..", last="..("%x"):format(tag.SEG[i].last).."), "
@@ -1255,7 +1255,7 @@ function dumpSegment(tag, index)
     res = res .."RD="..("%02x"):format(tag.SEG[i].RD)..", CRC="..tag.SEG[i].crc.." "
     res = res .."("..(checkSegmentCrc(tag, i) and acgreen.."valid" or acred.."error") ..acoff..")"
     raw=""
-    
+
 
     -- WRC protected
     if ((tag.SEG[i].WRC>0)) then
@@ -1265,7 +1265,7 @@ function dumpSegment(tag, index)
         dp=dp+1
       end
     end
-    
+
     -- WRP mprotected
     if (tag.SEG[i].WRP>tag.SEG[i].WRC) then
       res = res .."\nRemaining write protected area:\n"
@@ -1274,7 +1274,7 @@ function dumpSegment(tag, index)
         dp=dp+1
       end
     end
-    
+
     -- payload
     if (#tag.SEG[i].data-dp>0) then
      res = res .."\nRemaining segment payload:\n"
@@ -1282,14 +1282,14 @@ function dumpSegment(tag, index)
        res = res..tag.SEG[i].data[dp].." "
        dp=dp+1
      end
-     if (tag.SEG[i].kgh) then 
+     if (tag.SEG[i].kgh) then
        res = res..tag.SEG[i].data[dp].." (KGH: "..(checkKghCrc(tag, i) and acgreen.."valid" or acred.."error") ..acoff..")"
      else  res = res..tag.SEG[i].data[dp] end
     end
     dp=0
-    return res   
+    return res
   else
-    return print("Segment not found") 
+    return print("Segment not found")
   end
 end
 
@@ -1317,30 +1317,30 @@ function dump3rdPartyCash1(tag , seg)
   local lastbal0=tonumber(tag.SEG[seg].data[39]..tag.SEG[seg].data[40] ,16)
   local lastbal1=tonumber(tag.SEG[seg].data[41]..tag.SEG[seg].data[42] ,16)
   local lastbal2=tonumber(tag.SEG[seg].data[43]..tag.SEG[seg].data[44] ,16)
-  
+
   test=""
   -- display decoded/known stuff
   print("\n------------------------------")
   print("Tag-ID:\t\t      "..uid)
-  print("Stamp:\t\t      "..stamp)   
+  print("Stamp:\t\t      "..stamp)
   print("UID-Mapping: \t\t"..("%06d"):format(tonumber(tag.SEG[seg].data[46]..tag.SEG[seg].data[47]..tag.SEG[seg].data[48], 16)))
-  print("------------------------------")           
-  print("checksum 1:\t\t    "..tag.SEG[seg].data[31].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 19, 30)), tag.SEG[seg].data[31])..")")   
+  print("------------------------------")
+  print("checksum 1:\t\t    "..tag.SEG[seg].data[31].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 19, 30)), tag.SEG[seg].data[31])..")")
   print("checksum 2:\t\t    "..tag.SEG[seg].data[34].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 32, 33)), tag.SEG[seg].data[34])..")")
-  print("checksum 3:\t\t    "..tag.SEG[seg].data[37].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 35, 36)), tag.SEG[seg].data[37])..")") 
-  
+  print("checksum 3:\t\t    "..tag.SEG[seg].data[37].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 35, 36)), tag.SEG[seg].data[37])..")")
+
   print("checksum 4:\t\t    "..tag.SEG[seg].data[55].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 46, 54)), tag.SEG[seg].data[55])..")")
-  print("checksum 5:\t\t    "..tag.SEG[seg].data[62].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 56, 61)), tag.SEG[seg].data[62])..")") 
+  print("checksum 5:\t\t    "..tag.SEG[seg].data[62].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 56, 61)), tag.SEG[seg].data[62])..")")
   print("checksum 6:\t\t    "..tag.SEG[seg].data[73].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 63, 72)), tag.SEG[seg].data[73])..")")
-  print("checksum 7:\t\t    "..tag.SEG[seg].data[89].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 74, 88)), tag.SEG[seg].data[89])..")")  
-  print("------------------------------")                    
+  print("checksum 7:\t\t    "..tag.SEG[seg].data[89].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 74, 88)), tag.SEG[seg].data[89])..")")
+  print("------------------------------")
   print(string.format("Balance:\t\t  %3.2f", balance/100).." ".."("..compareCrc(balancecrc, tag.SEG[seg].data[34])..")")
-  print(string.format("Shadow:\t\t\t  %3.2f", mirror/100).." ".."("..compareCrc(balancecrc, tag.SEG[seg].data[37])..")")     
-  print("------------------------------")                  
-  print(string.format("History 1:\t\t  %3.2f", lastbal0/100))            
-  print(string.format("History 2:\t\t  %3.2f", lastbal1/100))          
-  print(string.format("History 3:\t\t  %3.2f", lastbal2/100))        
-  print("------------------------------\n") 
+  print(string.format("Shadow:\t\t\t  %3.2f", mirror/100).." ".."("..compareCrc(balancecrc, tag.SEG[seg].data[37])..")")
+  print("------------------------------")
+  print(string.format("History 1:\t\t  %3.2f", lastbal0/100))
+  print(string.format("History 2:\t\t  %3.2f", lastbal1/100))
+  print(string.format("History 3:\t\t  %3.2f", lastbal2/100))
+  print("------------------------------\n")
 end
 
 ---
@@ -1387,11 +1387,11 @@ function print3rdPartyCash1(tag, x)
      print()
      print("\t\tyet unknown: "..tag.SEG[x].data[38])
      print()
-     print("\t\tHisatory 1:  "..dumpTable(tag.SEG[x].data, "", 39, 40))  
-     print("\t\tHisatory 2:  "..dumpTable(tag.SEG[x].data, "", 41, 42))  
-     print("\t\tHisatory 3:  "..dumpTable(tag.SEG[x].data, "", 43, 44))   
+     print("\t\tHisatory 1:  "..dumpTable(tag.SEG[x].data, "", 39, 40))
+     print("\t\tHisatory 2:  "..dumpTable(tag.SEG[x].data, "", 41, 42))
+     print("\t\tHisatory 3:  "..dumpTable(tag.SEG[x].data, "", 43, 44))
      print()
-     print("\t\tyet unknown: "..tag.SEG[x].data[45])         
+     print("\t\tyet unknown: "..tag.SEG[x].data[45])
      print()
      print("\t\tKGH-UID HEX:  "..dumpTable(tag.SEG[x].data, "", 46, 48))
      print("\t\tBlock 4:  "..dumpTable(tag.SEG[x].data, "", 49, 54))
@@ -1428,12 +1428,12 @@ function makeToken()
     ttype=ttype..k..") "..v.."  "
   end
   mtq=tonumber(input("select number for Token-Type\n"..ttype, '1'), 10)
-  if (type(mtq)~="number") then return print("selection invalid!") 
+  if (type(mtq)~="number") then return print("selection invalid!")
   elseif (mtq>#mt.Type) then return print("selection invalid!")
   else print("Token-Type '"..mt.Type[mtq].."' selected") end
   local raw=calcHeaderRaw(mt.WRP[mtq], mt.WRC[mtq], mt.RD[mtq])
   local mtCRC="00"
-  
+
   bytes={"01", "02", "03", "04", "cb", string.sub(mt.DCF[mtq], 0, 2), string.sub(mt.DCF[mtq], 3), raw,
          "00", "00", "00", "00", "00", "00", "00", "00",
          "00", "00", "00", "00", "00", "00"}
@@ -1453,7 +1453,7 @@ function makeToken()
   return bytesToTag(bytes, tempTag)
 end
 
---- 
+---
 -- edit token-data
 function editTag(tag)
   -- for simulation it makes sense to edit everything
@@ -1463,14 +1463,14 @@ function editTag(tag)
   if (confirm(acyellow.."do you want to edit non-writeable values (e.g. for simulation)?"..acoff)) then
     edit_tag=edit_sim
   else edit_tag=edit_real end
-    
+
   if(istable(tag)) then
     for k,v in pairs(tag) do
       if(type(v)~="table" and type(v)~="boolean" and string.find(edit_tag, k)) then
         tag[k]=input("value for: "..accyan..k..acoff, v)
       end
     end
-    
+
     if (tag.Type=="SAM") then ttype="Header"; else ttype="Stamp"; end
       if (confirm(acyellow.."do you want to edit "..ttype.." Data?"..acoff)) then
       -- master-token specific
@@ -1481,9 +1481,9 @@ function editTag(tag)
         -- rest of stamp-bytes are in tag.data 0..n
         for i=0, (tonumber(0xfc ,10)-("%d"):format('0x'..tag.DCFh))-2 do
         tag.data[i]=input(ttype.. i+1 ..": ", tag.data[i])
-        end  
+        end
       else
-        --- on credentials byte7 should always be 9f and byte8 ff 
+        --- on credentials byte7 should always be 9f and byte8 ff
         -- on Master-Token not (even on SAM63/64 not)
         -- tag.SSC=input(ttype.."0: ", tag.SSC)
         for i=0, #tag.data do
@@ -1491,18 +1491,18 @@ function editTag(tag)
         end
       end
     end
-    
+
     bytes=tagToBytes(tag)
-   
+
     --- check data-consistency (calculate tag.raw)
     bytes[8]=calcHeaderRaw(tag.WRP, tag.WRC, tag.RD)
-   
+
     --- Master-Token specific
     -- should be triggered if a SAM was converted to a non-SAM (user-Token to Master-Token)
     -- or a Master-Token has being edited (also SAM64 & SAM63 - which are in fact Master-Token)
-    if(tag.Type~="SAM" or bytes[6]..bytes[7]~="60ea") then 
+    if(tag.Type~="SAM" or bytes[6]..bytes[7]~="60ea") then
       -- calc new Master-Token crc
-      bytes[22]=calcMtCrc(bytes)   
+      bytes[22]=calcMtCrc(bytes)
     else
       -- ensure tag.SSC set to 'ff' on credential-token (SAM)
       bytes[9]='ff'
@@ -1511,7 +1511,7 @@ function editTag(tag)
       bytes[21]='00'
       bytes[22]='00'
     end
-   
+
     tag=bytesToTag(bytes, tag)
   end
 end
@@ -1522,16 +1522,16 @@ function calcHeaderRaw(wrp, wrc, rd)
   local res
   wrp=("%02x"):format(tonumber(wrp, 10))
   rd=tonumber(rd, 16)
-  res=("%02x"):format(tonumber(wrp, 16)+tonumber(wrc.."0", 16)+((rd>0) and tonumber("8"..(rd-1), 16) or 0))         
+  res=("%02x"):format(tonumber(wrp, 16)+tonumber(wrc.."0", 16)+((rd>0) and tonumber("8"..(rd-1), 16) or 0))
   return res
 end
 
---- 
+---
 -- determine TagType (bits 0..6 of DCFlow)
 function getTokenType(DCFl)
   --[[
-    0x00–0x2f IAM 
-    0x30–0x6f SAM 
+    0x00–0x2f IAM
+    0x30–0x6f SAM
     0x70–0x7f GAM
   ]]--
   local tt = tonumber(bbit("0x"..DCFl,0,7),10)
@@ -1571,8 +1571,8 @@ function getSegmentData(bytes, start, index)
     ['data']  = {},
     ['kgh']   = false
   }
-  if (bytes[start]) then 
-    local i 
+  if (bytes[start]) then
+    local i
     -- #index
 	  segment.index = index
 	  -- flag = high nibble of byte 1
@@ -1598,12 +1598,12 @@ function getSegmentData(bytes, start, index)
       segment.data[i]=bytes[start+5+i]
     end
     return segment
-  else return false; 
+  else return false;
   end
 end
 
 ---
--- get index, start-aadr, length and content 
+-- get index, start-aadr, length and content
 function getSegmentStats(bytes)
   local sStats = {}
   local sValid, sLast, sLen, sStart, x
@@ -1679,7 +1679,7 @@ function editSegment(tag, index)
   else print("Segment with Index: "..("%02d"):format(index).." not found in Tag")
     return false
   end
-  regenSegmentHeader(tag.SEG[index]) 
+  regenSegmentHeader(tag.SEG[index])
   print("\n"..dumpSegment(tag, index).."\n")
   return tag
 end
@@ -1692,7 +1692,7 @@ function editSegmentData(data)
   if (istable(data)) then
     for i=0, #data-1 do
       data[i]=input(accyan.."Data"..i..acoff..": ", data[i])
-    end 
+    end
     if (lc) then data=fixLegicCash(data) end
     return data
   else
@@ -1704,7 +1704,7 @@ end
 -- list available segmets in virtual tag
 function segmentList(tag)
   local i
-  local res = "" 
+  local res = ""
   if (istable(tag.SEG[0])) then
     for i=0, #tag.SEG do
       res = res .. tag.SEG[i].index .. "  "
@@ -1719,7 +1719,7 @@ end
 -- helper to selecting a segment
 function selectSegment(tag)
   local sel
-  if (istable(tag.SEG[0])) then 
+  if (istable(tag.SEG[0])) then
     print("availabe Segments:\n"..segmentList(tag))
     sel=input("select Segment: ", '00')
     sel=tonumber(sel,10)
@@ -1730,7 +1730,7 @@ function selectSegment(tag)
     return false
   end
 end
-  
+
 ---
 -- add segment
 function addSegment(tag)
@@ -1768,16 +1768,16 @@ function getSegmentStamp(seg, bytes)
   local stamp=""
   local stamp_len=7
   --- the 'real' stamp on MIM is not really easy to tell for me since the 'data-block' covers stamp0..stampn+data0..datan
-  -- there a no stamps longer than 7 bytes & they are write-protected by default , and I have not seen user-credntials 
+  -- there a no stamps longer than 7 bytes & they are write-protected by default , and I have not seen user-credntials
   -- with stamps smaller 3 bytes (except: Master-Token)
-  -- WRP -> Read/Write Protection 
+  -- WRP -> Read/Write Protection
   -- WRC -> Read/Write Condition
   -- RD depends on WRC - if WRC > 0 and RD=1: only reader with matching #WRC of Stamp-bytes in thier Database have Read-Access to the Tag
   if (seg.WRP<7) then stamp_len=(seg.WRP) end
   for i=1, (stamp_len) do
     stamp=stamp..seg.data[i-1]
   end
-  if (bytes) then 
+  if (bytes) then
     stamp=str2bytes(stamp)
     return stamp
   else return stamp end
@@ -1807,15 +1807,15 @@ function autoSelectSegment(tag, s)
   --- search for desired segment-type
   -- 3rd Party Segment
   if (s=="3rdparty") then
-    repeat 
+    repeat
       io.write(". ")
       x=x-1
       res=check43rdPartyCash1(uid, tag.SEG[x].data)
     until ( res or x==0 )
-   end  
+   end
   -- Legic-Cash Segment
   if (s=="legiccash") then
-    repeat 
+    repeat
       io.write(". ")
       x=x-1
       res=check4LegicCash(tag.SEG[x].data)
@@ -1828,9 +1828,9 @@ function autoSelectSegment(tag, s)
      return x
    end
    ---
-   -- nothing found   
-   io.write(acyellow.."no Segment found\n"..acoff) 
-   return -1 
+   -- nothing found
+   io.write(acyellow.."no Segment found\n"..acoff)
+   return -1
 end
 
 ---
@@ -1906,8 +1906,8 @@ function edit3rdPartyCash1(tag, x)
     print(" done")
     -- fix known checksums
     tag.SEG[x].data=fix3rdPartyCash1(uid, tag.SEG[x].data)
-  end    
-  return tag  
+  end
+  return tag
 end
 
 ---
@@ -1924,7 +1924,7 @@ function editLegicCash(data)
   rid=tonumber(data[18]..data[19]..data[20], 16)
   -- transaction counter value
   tcv=tonumber(data[29], 16)
-  
+
   -- edit currency
   if (confirm(accyan.."change Currency?"..acoff)) then
     for k, v in pairs(currency) do io.write(k .. " = " .. v .. "\n") end
@@ -1932,7 +1932,7 @@ function editLegicCash(data)
     data[8]=string.sub(curr, 1, 2)
     data[9]=string.sub(curr, 3, 4)
   end
-  
+
   -- edit limit
   if (confirm(accyan.."change Limit?"..acoff)) then
     limit=string.format("%06x", input(accyan.."enter the Decimal for the new Limit:"..acoff, limit))
@@ -1940,7 +1940,7 @@ function editLegicCash(data)
     data[11]=string.sub(limit, 3, 4)
     data[12]=string.sub(limit, 5, 6)
   end
-  
+
   -- edit balance
   if (confirm(accyan.."change Balance?"..acoff)) then
     balance=string.format("%06x", input(accyan.."enter the Decimal for the new Balance:"..acoff, balance))
@@ -1948,14 +1948,14 @@ function editLegicCash(data)
     data[15]=string.sub(balance, 1, 2)
     data[16]=string.sub(balance, 3, 4)
     data[17]=string.sub(balance, 5, 6)
-  end  
-  
+  end
+
   -- edit transaction-counter
   if (confirm(accyan.."change Transaction-Counter?"..acoff)) then
     tcv=string.format("%02x", input(accyan.."enter the 4-digit Hex for the new Currency:"..acoff, data[29]))
     data[29]=tcv
   end
-  
+
   -- edit reader.id
   if (confirm(accyan.."change Last-Reader-ID?"..acoff)) then
     rid=string.format("%06x", input(accyan.."enter the Decimal for the new Balance:"..acoff, rid))
@@ -1964,7 +1964,7 @@ function editLegicCash(data)
     data[19]=string.sub(rid, 3, 4)
     data[20]=string.sub(rid, 5, 6)
   end
-  
+
   return fixLegicCash(data)
 end
 
@@ -2007,7 +2007,7 @@ function check43rdPartyCash1(uid, data)
           --end
           --end
       --end
-    end 
+    end
   end
   return false
 end
@@ -2015,7 +2015,7 @@ end
 --- CRC related ---
 ---
 -- build segmentCrc credentials
-function segmentCrcCredentials(tag, segid) 
+function segmentCrcCredentials(tag, segid)
   if (istable(tag.SEG[0])) then
     local cred = tag.MCD..tag.MSN0..tag.MSN1..tag.MSN2
     cred = cred ..tag.SEG[segid].raw[1]..tag.SEG[segid].raw[2]..tag.SEG[segid].raw[3]..tag.SEG[segid].raw[4]
@@ -2025,7 +2025,7 @@ end
 
 ---
 -- build kghCrc credentials
-function kghCrcCredentials(tag, segid) 
+function kghCrcCredentials(tag, segid)
   if (istable(tag) and istable(tag.SEG[0])) then
     local x='00'
     if (type(segid)=="string") then segid=tonumber(segid,10) end
@@ -2107,7 +2107,7 @@ end
 
 ---
 -- calculate Master-Token crc
-function calcMtCrc(bytes) 
+function calcMtCrc(bytes)
   --print(#bytes)
   local cmd=bytes[1]..bytes[2]..bytes[3]..bytes[4]..bytes[7]..bytes[6]..bytes[8]
   local len=(tonumber(0xfc ,10)-("%d"):format('0x'..bytes[7]))
@@ -2129,7 +2129,7 @@ function calcSegmentCrc(tag, segid)
 end
 
 ---
--- calcuate kghCRC for a given segment 
+-- calcuate kghCRC for a given segment
 function calcKghCrc(tag, segid)
   if (istable(tag.SEG[0])) then
   -- check if a 'Kaber Group Header' exists
@@ -2156,7 +2156,7 @@ function checkAllKghCrc(tag)
   if (istable(tag.SEG[0])) then
     for i=0, #tag.SEG do
       crc=calcKghCrc(tag, i)
-      if (tag.SEG[i].kgh) then 
+      if (tag.SEG[i].kgh) then
         tag.SEG[i].data[#tag.SEG[i].data-1]=crc
       end
     end
@@ -2167,7 +2167,7 @@ end
 -- validate segmentCRC for a given segment
 function checkSegmentCrc(tag, segid)
     local data=segmentCrcCredentials(tag, segid)
-    if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].crc) then 
+    if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].crc) then
       return true
     end
     return false
@@ -2179,7 +2179,7 @@ function checkKghCrc(tag, segid)
   if (type(tag.SEG[segid])=='table') then
     if (tag.data[3]=="11" and tag.raw=="9f" and tag.SSC=="ff") then
       local data=kghCrcCredentials(tag, segid)
-      if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].data[tag.SEG[segid].len-5-1]) then return true; end 
+      if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].data[tag.SEG[segid].len-5-1]) then return true; end
       else return false; end
   else oops(acred.."'Kaba Group header' detected but no Segment-Data found"..ansocolors.reset) end
 end
@@ -2188,70 +2188,70 @@ end
 -- helptext for modify-mode
 function modifyHelp()
   local t=[[
-    
+
          Data I/O                    Segment Manipulation                Token-Data
      -----------------               --------------------           ---------------------
      rt => read    Tag               as => add    Segment           mt => make Token
      wt => write   Tag               es => edit   Segment Header    et => edit Token data
                                      ed => edit   Segment Data      tk => toggle KGH-Flag
-         File I/O                    rs => remove Segment           
-     -----------------               cc => check  Segment-CRC       
-     lf => load   File               ck => check  KGH               
-     sf => save   File               ds => dump   Segments          
-     xf => xor to File                                              
-                                                                                                                                        
-                                                                    
-         Virtual Tags                       tagMap                   (partial) known Segments 
+         File I/O                    rs => remove Segment
+     -----------------               cc => check  Segment-CRC
+     lf => load   File               ck => check  KGH
+     sf => save   File               ds => dump   Segments
+     xf => xor to File
+
+
+         Virtual Tags                       tagMap                   (partial) known Segments
  --------------------------------    ---------------------          ---------------------------
- ct => copy  mainTag to backupTag    mm => make (new) Map           dlc => dump  Legic-Cash    
- tc => copy  backupTag to mainTag    em => edit Map submenu         elc => edit  Legic-Cash    
+ ct => copy  mainTag to backupTag    mm => make (new) Map           dlc => dump  Legic-Cash
+ tc => copy  backupTag to mainTag    em => edit Map submenu         elc => edit  Legic-Cash
  tt => switch mainTag & backupTag    lm => load map from file       d3p => dump  3rd-Party-Cash
  di => dump  mainTag                 sm => save map to file         e3p => edit  3rd-Party-Cash
- do => dump  backupTag                      
-                           
+ do => dump  backupTag
+
                             h => this help                q => quit
-  ]]                      
+  ]]
   return t
 end
 
---- 
+---
 -- modify Tag (interactive)
 function modifyMode()
   local i, backupTAG,  outTAG, inTAG, outfile, infile, sel, segment, bytes, outbytes, tagMap
-  
+
   actions = {
     ---
     -- helptext
-     ["h"] = function(x) 
-              print("  Version: "..version); 
+     ["h"] = function(x)
+              print("  Version: "..version);
               print(modifyHelp().."\n".."tags im Memory: "..(istable(inTAG) and ((currentTag=='inTAG') and acgreen.."*mainTAG"..acoff or "mainTAG") or "").."  "..(istable(backupTAG) and ((currentTag=='backupTAG') and acgreen.."*backupTAG"..acoff or "backupTAG") or ""))
             end,
     ---
     -- read real Tag with PM3 into virtual 'mainTAG'
-    ["rt"] = function(x) 
-                inTAG=readFromPM3(); 
-                --actions.di() 
+    ["rt"] = function(x)
+                inTAG=readFromPM3();
+                --actions.di()
               end,
     ---
     -- write content of virtual 'mainTAG' to real Tag with PM3
-    ["wt"] = function(x)  
+    ["wt"] = function(x)
                 writeToTag(inTAG)
               end,
     ---
-    -- copy mainTAG to backupTAG        
-    ["ct"] = function(x)  
-                print(accyan.."copy mainTAG to backupTAG"..acoff)  
+    -- copy mainTAG to backupTAG
+    ["ct"] = function(x)
+                print(accyan.."copy mainTAG to backupTAG"..acoff)
                   backupTAG=deepCopy(inTAG)
             end,
     ---
     -- copy backupTAG to mainTAG
-    ["tc"] = function(x)  
+    ["tc"] = function(x)
                 print(accyan.."copy backupTAG to mainTAG"..acoff)
                 inTAG=deepCopy(backupTAG)
             end,
     ---
     -- toggle between mainTAG and backupTAG
-    ["tt"] = function(x)  
+    ["tt"] = function(x)
                 -- copy main to temp
                 outTAG=deepCopy(inTAG)
                 -- copy backup to main
@@ -2264,8 +2264,8 @@ function modifyMode()
             end,
     ---
     -- load file into mainTAG
-    ["lf"] = function(x)  
-              
+    ["lf"] = function(x)
+
               if (type(x)=='string' and file_check(x)) then filename=x
               else  filename=input("enter filename: ", "legic.temp") end
               inTAG=readFile(filename)
@@ -2274,130 +2274,130 @@ function modifyMode()
                 if(confirm(accyan.."Mapping-File for "..acoff..filename..accyan.." found - load it also?"..acoff)) then
                   tagMap=loadTagMap(filename..".map")
                 end
-              end         
+              end
             end,
     ---
     -- save values of mainTAG to a file (xored with MCC of mainTAG)
-    ["sf"] = function(x)  
+    ["sf"] = function(x)
               if(istable(inTAG)) then
                 outfile=input("enter filename:", "legic.temp")
                 bytes=tagToBytes(inTAG)
                 --bytes=xorBytes(bytes, inTAG.MCC)
-                if (bytes) then             
+                if (bytes) then
                   writeFile(bytes, outfile)
                 end
                end
               end,
     ---
-    -- save values of mainTAG to a file (xored with 'specific' MCC) 
-    ["xf"] = function(x)  
+    -- save values of mainTAG to a file (xored with 'specific' MCC)
+    ["xf"] = function(x)
               if(istable(inTAG)) then
                 outfile=input("enter filename:", "legic.temp")
                 crc=input("enter new crc: ('00' for a plain dump)", inTAG.MCC)
                 print("obfuscate witth: "..crc)
                 bytes=tagToBytes(inTAG)
                 bytes[5]=crc
-                if (bytes) then             
+                if (bytes) then
                   writeFile(bytes, outfile)
                 end
               end
              end,
     ---
     -- dump mainTAG (and all Segments)
-    ["di"] = function(x) 
-                if (istable(inTAG)) then 
+    ["di"] = function(x)
+                if (istable(inTAG)) then
                   local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
                   if(istable(inTAG.SEG[0])) then
                     for i=0, #inTAG.SEG do
                       if(check43rdPartyCash1(uid, inTAG.SEG[i].data)) then
-                        io.write(accyan.."in Segment index: "..inTAG.SEG[i].index ..acoff.. "\n")                      
+                        io.write(accyan.."in Segment index: "..inTAG.SEG[i].index ..acoff.. "\n")
                       elseif(check4LegicCash(inTAG.SEG[i].data)) then
                         io.write(accyan.."in Segment index: "..inTAG.SEG[i].index..acoff.."\n")
-                        lc=true; 
+                        lc=true;
                         lci=inTAG.SEG[i].index;
                       end
                     end
                   end
-                  print("\n"..dumpTag(inTAG).."\n") 
+                  print("\n"..dumpTag(inTAG).."\n")
                   if (lc) then actions["dlc"](lci) end
                   lc=false
-                end 
+                end
               end,
     ---
     -- dump backupTAG (and all Segments)
     ["do"] = function(x) if (istable(backupTAG)) then print("\n"..dumpTag(backupTAG).."\n") end end,
     ---
     -- create a empty tagMap
-    ["mm"] = function(x) 
+    ["mm"] = function(x)
                 -- clear existing tagMap and init
-                if (istable(inTAG)) then 
+                if (istable(inTAG)) then
                   tagMap=makeTagMap()
                 end
               end,
     ---
     -- edit a tagMap
-    ["em"] = function(x) 
-                if (istable(inTAG)==false) then 
-                  if (confirm("no mainTAG in memory!\nread from PM3?")) then 
-                    actions['rt']() 
-                  elseif (confirm("load from File?")) then 
-                    actions['lf']() 
+    ["em"] = function(x)
+                if (istable(inTAG)==false) then
+                  if (confirm("no mainTAG in memory!\nread from PM3?")) then
+                    actions['rt']()
+                  elseif (confirm("load from File?")) then
+                    actions['lf']()
                     else return
-                  end  
+                  end
                 end
-                if (istable(tagMap)==false) then actions['mm']() end                
+                if (istable(tagMap)==false) then actions['mm']() end
                 -- edit
                 tagMap=editTagMap(inTAG, tagMap)
               end,
     ---
     -- save a tagMap
-    ["sm"] = function(x) 
+    ["sm"] = function(x)
                 if (istable(tagMap)) then
                   if (istable(tagMap) and #tagMap.mappings>0) then
                     print(accyan.."Map contains "..acoff..#tagMap..accyan.." mappings"..acoff)
                     saveTagMap(tagMap, input(accyan.."enter filename:"..acoff, "Legic.map"))
-                  else 
+                  else
                     print(acyellow.."no mappings in tagMap!"..acoff)
                   end
-                end 
+                end
               end,
     ---
     -- load a tagMap
-    ["lm"] = function(x) 
+    ["lm"] = function(x)
                 tagMap=loadTagMap(input(accyan.."enter filename:"..acoff, "Legic.map"))
               end,
     ---
     -- dump single segment
-    ["ds"] = function(x) 
+    ["ds"] = function(x)
                 if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
                 else sel=selectSegment(inTAG) end
-                if (sel) then print("\n"..(dumpSegment(inTAG, sel) or acred.."no Segments available") ..acoff.."\n") end 
+                if (sel) then print("\n"..(dumpSegment(inTAG, sel) or acred.."no Segments available") ..acoff.."\n") end
               end,
     ---
     -- edit segment header
-    ["es"] = function(x) 
+    ["es"] = function(x)
               if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
               else sel=selectSegment(inTAG) end
-              if (sel) then 
+              if (sel) then
                 if(istable(inTAG.SEG[0])) then
                   inTAG=editSegment(inTAG, sel)
                   inTAG.SEG[sel]=regenSegmentHeader(inTAG.SEG[sel])
-              else print(acyellow.."no Segments in Tag"..acoff) end 
+              else print(acyellow.."no Segments in Tag"..acoff) end
               end
             end,
     ---
     -- add segment
-    ["as"] = function(x) 
+    ["as"] = function(x)
               if (istable(inTAG.SEG[0])) then
                 inTAG=addSegment(inTAG)
                 inTAG.SEG[#inTAG.SEG-1]=regenSegmentHeader(inTAG.SEG[#inTAG.SEG-1])
-                inTAG.SEG[#inTAG.SEG]=regenSegmentHeader(inTAG.SEG[#inTAG.SEG]) 
+                inTAG.SEG[#inTAG.SEG]=regenSegmentHeader(inTAG.SEG[#inTAG.SEG])
                 else print(accyan.."Master-Token / unsegmented Tag!"..acoff)
               end
             end,
     ---
     -- remove segment
-    ["rs"] = function(x) 
+    ["rs"] = function(x)
               if (istable(inTAG.SEG[0])) then
                 if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
                 else sel=selectSegment(inTAG) end
@@ -2409,16 +2409,16 @@ function modifyMode()
             end,
     ---
     -- edit data-portion of single segment
-    ["ed"] = function(x) 
+    ["ed"] = function(x)
               if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
               else sel=selectSegment(inTAG) end
-              if (istable(inTAG.SEG[sel])) then 
-                inTAG.SEG[sel].data=editSegmentData(inTAG.SEG[sel].data) 
+              if (istable(inTAG.SEG[sel])) then
+                inTAG.SEG[sel].data=editSegmentData(inTAG.SEG[sel].data)
               end
             end,
     ---
     -- edit Tag (MCD, MSN, MCC etc.)
-    ["et"] = function(x) 
+    ["et"] = function(x)
                 if (istable(inTAG)) then
                   editTag(inTAG)
                 end
@@ -2428,14 +2428,14 @@ function modifyMode()
     ["mt"] = function(x) inTAG=makeToken(); actions.di() end,
     ---
     -- fix segment-crc on single segment
-    ["ts"] = function(x) 
+    ["ts"] = function(x)
                if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
                else sel=selectSegment(inTAG) end
-                regenSegmentHeader(inTAG.SEG[sel]) 
+                regenSegmentHeader(inTAG.SEG[sel])
               end,
     ---
-    -- toggle kgh-crc-flag on a single segment 
-    ["tk"] = function(x) 
+    -- toggle kgh-crc-flag on a single segment
+    ["tk"] = function(x)
                if (istable(inTAG) and istable(inTAG.SEG[0])) then
                 if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
                 else sel=selectSegment(inTAG) end
@@ -2447,7 +2447,7 @@ function modifyMode()
     -- calculate LegicCrc8
     ["k"] = function(x)
               if (type(x)=="string" and string.len(x)>0) then
-                print(("%02x"):format(utils.Crc8Legic(x))) 
+                print(("%02x"):format(utils.Crc8Legic(x)))
               end
              end,
     ---
@@ -2455,32 +2455,32 @@ function modifyMode()
     ["xb"] = function(x)
           end,
     ---
-    -- print string for LegicCrc8-calculation about single segment 
-    ["xc"] = function(x) 
+    -- print string for LegicCrc8-calculation about single segment
+    ["xc"] = function(x)
                if (istable(inTAG) and istable(inTAG.SEG[0])) then
                  if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
-                 else sel=selectSegment(inTAG) end 
-                 print("k "..kghCrcCredentials(inTAG, sel)) 
-               end 
+                 else sel=selectSegment(inTAG) end
+                 print("k "..kghCrcCredentials(inTAG, sel))
+               end
               end,
     ---
     -- fix legic-cash checksums
-    ["flc"] = function(x) 
+    ["flc"] = function(x)
                 if (type(x)=="string" and string.len(x)>0) then x=tonumber(x,10)
-                else x=selectSegment(inTAG) end 
+                else x=selectSegment(inTAG) end
                 inTAG.SEG[x].data=fixLegicCash(inTAG.SEG[x].data)
               end,
     ---
     -- edit legic-cash values fixLegicCash(data)
-    ["elc"] = function(x) 
+    ["elc"] = function(x)
                 x=autoSelectSegment(inTAG, "legiccash")
                 inTAG.SEG[x].data=editLegicCash(inTAG.SEG[x].data)
               end,
     ---
     -- dump legic-cash human-readable
-    ["dlc"] = function(x) 
+    ["dlc"] = function(x)
                 -- if segment index was user defined
-                if (type(x)=="string" and string.len(x)>0) then 
+                if (type(x)=="string" and string.len(x)>0) then
                   x=tonumber(x,10)
                   print(string.format("User-Selected Index %02d", x))
                 -- or try to find match
@@ -2493,11 +2493,11 @@ function modifyMode()
     ["d3p"] = function(x)
                 local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
                 -- if segment index was user defined
-                if (type(x)=="string" and string.len(x)>0) then 
+                if (type(x)=="string" and string.len(x)>0) then
                   x=tonumber(x,10)
                   print(string.format("User-Selected Index %02d", x))
                 -- or try to find match
-                else x=autoSelectSegment(inTAG, "3rdparty") end                  
+                else x=autoSelectSegment(inTAG, "3rdparty") end
                 if (istable(inTAG) and istable(inTAG.SEG[x]) and inTAG.SEG[x].len == 100) then
                   uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
                   if (check43rdPartyCash1(uid, inTAG.SEG[x].data)) then
@@ -2510,7 +2510,7 @@ function modifyMode()
     ["r3p"] = function(x)
                 local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
                 -- if segment index was user defined
-                if (type(x)=="string" and string.len(x)>0) then 
+                if (type(x)=="string" and string.len(x)>0) then
                   x=tonumber(x,10)
                   print(string.format("User-Selected Index %02d", x))
                 -- or try to find match
@@ -2519,14 +2519,14 @@ function modifyMode()
               end,
     ---
     -- edit 3rd-party-cash-segment values (Balance, Mapping-UID, Stamp)
-    ["e3p"] = function(x) 
+    ["e3p"] = function(x)
                 local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
                 -- if segment index was user defined
-                if (type(x)=="string" and string.len(x)>0) then 
+                if (type(x)=="string" and string.len(x)>0) then
                   x=tonumber(x,10)
                   print(string.format("User-Selected Index %02d", x))
                 -- or try to find match
-                else x=autoSelectSegment(inTAG, "3rdparty") end                 
+                else x=autoSelectSegment(inTAG, "3rdparty") end
                 if (istable(inTAG) and istable(inTAG.SEG[x]) and inTAG.SEG[x].len == 100) then
                   inTAG=edit3rdPartyCash1(inTAG, x)
                     dump3rdPartyCash1(inTAG, x)
@@ -2534,16 +2534,16 @@ function modifyMode()
               end,
     ---
     -- force fixing 3rd-party-checksums
-    ["f3p"] = function(x) 
+    ["f3p"] = function(x)
                if(type(x)=="string" and string.len(x)>=2) then x=tonumber(x, 10)
                else x=selectSegment(inTAG) end
-               if (istable(inTAG.SEG[x])) then 
+               if (istable(inTAG.SEG[x])) then
                   local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
                   inTAG.SEG[x].data=fix3rdPartyCash1(uid, inTAG.SEG[x].data)
-               end 
+               end
               end,
     ---
-    -- get stamp from single segment 
+    -- get stamp from single segment
     ["gs"] = function(x)
                 if(type(x)=="string" and string.len(x)>=2) then x=tonumber(x, 10)
                 else x=selectSegment(inTAG) end
@@ -2554,7 +2554,7 @@ function modifyMode()
               end,
     ---
     -- calculate crc16
-    ["c6"] = function(x) local crc16=string.format("%4.04x", utils.Crc16(x)) 
+    ["c6"] = function(x) local crc16=string.format("%4.04x", utils.Crc16(x))
                   print(string.sub(crc16, 0,2).." "..string.sub(crc16, 3,4))
               end,
     ---
@@ -2562,27 +2562,27 @@ function modifyMode()
     ["cc"] = function(x) if (istable(inTAG)) then checkAllSegCrc(inTAG) end end,
     ---
     -- set backup-area-bytes to '00'
-    ["cb"] = function(x) 
+    ["cb"] = function(x)
                 if (istable(inTAG)) then
                   print(accyan.."purge BackupArea"..acoff)
-                  inTAG=clearBackupArea(inTAG) 
-                end 
-             end, 
+                  inTAG=clearBackupArea(inTAG)
+                end
+             end,
     ---
     -- check and fix all segments inTAG.SEG[x].kgh toggled 'on'
     ["ck"] = function(x) if (istable(inTAG)) then checkAllKghCrc(inTAG) end end,
     ---
     -- check and fix all segments inTAG.SEG[x].kgh toggled 'on'
-    ["tac"] = function(x) 
-                if (colored_output) then 
+    ["tac"] = function(x)
+                if (colored_output) then
                   colored_output=false
                 else
                   colored_output=true
-                end 
+                end
                 load_colors(colored_output)
               end,
   }
-  repeat 
+  repeat
     -- defualt message / prompt
     ic=input("Legic command? ('h' for help - 'q' for quit)", "h")
     -- command actions decisions (first match, longer commands before shorter)
@@ -2607,53 +2607,53 @@ function main(args)
 	-- just a spacer for better readability
   print()
   --- parse arguments
-	for o, a in getopt.getopt(args, 'hrmi:do:c:') do  
+	for o, a in getopt.getopt(args, 'hrmi:do:c:') do
     -- display help
     if o == "h" then return help(); end
     -- read tag from PM3
     if o == "r" then inTAG=readFromPM3() end
     -- input file
 		if o == "i" then inTAG=readFile(a) end
-    -- dump virtual-Tag 
+    -- dump virtual-Tag
     if o == "d" then dfs=true end
     -- interacive modifying
     if o == "m" then interactive=true; modifyMode() end
     -- xor (e.g. for clone or plain file)
     if o == "c" then cfs=true; crc=a end
     -- output file
-		if o == "o" then outfile=a; ofs=true end		
+		if o == "o" then outfile=a; ofs=true end
   end
-  
+
   -- file conversion (output to file)
   if (ofs) then
     -- dump infile / tag-read
-    if (dfs) then 
-      print("-----------------------------------------") 
+    if (dfs) then
+      print("-----------------------------------------")
       print(dumpTag(inTAG))
     end
     bytes=tagToBytes(inTAG)
-    if (cfs) then 
+    if (cfs) then
       -- xor willl be done in function writeFile
       -- with the value of byte[5]
-      bytes[5]=crc 
+      bytes[5]=crc
     end
     -- write to outfile
-    if (bytes) then 
+    if (bytes) then
       writeFile(bytes, outfile)
-      --- read real tag into virtual tag 
+      --- read real tag into virtual tag
       -- inTAG=readFromPM3() end
       --- or simply use the bytes that where wriiten
       inTAG=bytesToTag(bytes, inTAG)
       -- show new content
-      if (dfs) then  
+      if (dfs) then
         print("-----------------------------------------")
-        print(dumpTag(inTAG)) 
+        print(dumpTag(inTAG))
       end
     end
   end
-  
+
 end
 
 ---
 -- script start
-main(args)
\ No newline at end of file
+main(args)

From d59026518e02c37ab0673a670b9ea14e17ae399c Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Mon, 29 May 2017 09:39:25 +0200
Subject: [PATCH 23/24] FIX:  fullimage.s19

According to @doegox  the *.s19 file is generated with wrong offset for the data section.
ref:  http://wiki.yobi.be/wiki/Proxmark#Flashing_full_image.2C_take_1
---
 common/Makefile.common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/Makefile.common b/common/Makefile.common
index 95820e667..e697ae140 100644
--- a/common/Makefile.common
+++ b/common/Makefile.common
@@ -99,7 +99,7 @@ $(VERSIONOBJ): $(OBJDIR)/%.o: %.c $(INCLUDES)
 # See ldscript.common. -- Henryk Plötz <henryk@ploetzli.ch> 2009-08-27
 OBJCOPY_TRANSLATIONS = --no-change-warnings \
 	--change-addresses -0x100000 --change-start 0 \
-	--change-section-address .bss+0 --change-section-address .data+0 \
+	--change-section-address .bss+0 --change-section-address .data-0x100000 \
 	--change-section-address .commonarea+0
 $(OBJDIR)/%.s19: $(OBJDIR)/%.elf
 	$(OBJCOPY) -Osrec --srec-forceS3 --strip-debug $(OBJCOPY_TRANSLATIONS) $^ $@

From 9f3d7bbe29ea114ea7b47279a9bb6a43bc606b17 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Mon, 29 May 2017 09:49:02 +0200
Subject: [PATCH 24/24] Update hfsnoop.c

Fix increment on bool variable (#294)  (thanks to @ikarus23)

https://github.com/Proxmark/proxmark3/commit/c87c452120aa30e0db9ca8046f00def677365ae6
---
 armsrc/hfsnoop.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/armsrc/hfsnoop.c b/armsrc/hfsnoop.c
index 4af8522a5..7f641529a 100644
--- a/armsrc/hfsnoop.c
+++ b/armsrc/hfsnoop.c
@@ -31,7 +31,7 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
 	BigBuf_free(); BigBuf_Clear();
 	
 	Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
-	bool trigger_cnt;
+	int trigger_cnt;
 
 	LED_D_ON();
 	// Select correct configs