diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 5e84aec4e..106fe3903 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -1393,9 +1393,13 @@ static void PacketReceived(PacketCommandNG *packet) {
             break;
         }
         case CMD_HF_TEXKOM_SIMULATE: {
-            uint32_t timeout = 0;
-            memcpy(&timeout, &packet->data.asBytes[9], 4);
-            HfWriteTkm(packet->data.asBytes, packet->data.asBytes[8], timeout);
+            struct p {
+                uint8_t data[8];
+                uint8_t modulation;
+                uint32_t timeout;
+            } PACKED;
+            struct p *payload = (struct p *) packet->data.asBytes;
+            HfSimulateTkm(payload->data, payload->modulation, payload->timeout);
             break;
         }
 
diff --git a/armsrc/hfops.c b/armsrc/hfops.c
index cdc9aab8e..a48b8eebd 100644
--- a/armsrc/hfops.c
+++ b/armsrc/hfops.c
@@ -200,7 +200,7 @@ static uint32_t HfEncodeTkm(const uint8_t *uid, uint8_t modulation, uint8_t *dat
     return len;
 }
 
-int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) {
+int HfSimulateTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) {
     // free eventually allocated BigBuf memory
     BigBuf_free_keep_EM();
 
@@ -224,6 +224,7 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) {
     bool exit_loop = false;
     bool field_on = false;
 
+    uint32_t startTime = GetTickCount();
     while (exit_loop == false) {
 
         button_pressed = BUTTON_PRESS();
@@ -233,6 +234,9 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) {
 
         WDT_HIT();
 
+        if (startTime > 0 && startTime + timeout < GetTickCount())
+            break;
+
         // in mV
         int vHf = (MAX_ADC_HF_VOLTAGE * SumAdc(ADC_CHAN_HF, 32)) >> 15;
         if (vHf > MF_MINFIELDV) {
@@ -261,7 +265,7 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) {
     switch_off();
 
     if (button_pressed)
-        DbpString("button pressed");
+        DbpString("Exit by press button");
 
     reply_ng(CMD_HF_TEXKOM_SIMULATE, PM3_SUCCESS, NULL, 0);
 
diff --git a/armsrc/hfops.h b/armsrc/hfops.h
index 91f1de539..352f9d2bc 100644
--- a/armsrc/hfops.h
+++ b/armsrc/hfops.h
@@ -22,6 +22,6 @@
 #include "common.h"
 
 int HfReadADC(uint32_t samplesCount, bool ledcontrol);
-int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout);
+int HfSimulateTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout);
 
 #endif
diff --git a/client/src/cmdhftexkom.c b/client/src/cmdhftexkom.c
index 3dfba4c2c..21bc87886 100644
--- a/client/src/cmdhftexkom.c
+++ b/client/src/cmdhftexkom.c
@@ -568,15 +568,22 @@ static int CmdHFTexkomSim(const char *Cmd) {
         arg_lit0("t",  "tk17",     "Use TK-17 modulation (TK-13 by default)"),
         arg_str0(NULL, "raw",      "<hex 8 bytes>", "Raw data for texkom card, 8 bytes. Manual modulation select."),
         arg_str0(NULL, "id",       "<hex 4 bytes>", "Raw data for texkom card, 8 bytes. Manual modulation select."),
+        arg_int0(NULL, "timeout",  "<dec, ms>", "Simulation timeout in the ms. If not specified or 0 - infinite. Command can be skipped by pressing the button"),
         arg_param_end
     };
     CLIExecWithReturn(ctx, Cmd, argtable, true);
 
+    // <texkom data 8bytes><modulation type 1b><timeout ms 4b>
+    struct p {
+        uint8_t data[8];
+        uint8_t modulation;
+        uint32_t timeout;
+    } PACKED payload = {};
+
     bool verbose = arg_get_lit(ctx, 1);
-    uint32_t cmdtimeout = 0;
-    uint8_t modulation = 0; // tk-13
+    payload.modulation = 0; // tk-13
     if (arg_get_lit(ctx, 2))
-        modulation = 1; //tk-17
+        payload.modulation = 1; //tk-17
 
     uint8_t rawdata[250] = {0};
     int rawdatalen = 0;
@@ -586,6 +593,8 @@ static int CmdHFTexkomSim(const char *Cmd) {
     int iddatalen = 0;
     CLIGetHexWithReturn(ctx, 4, iddata, &iddatalen);
 
+    payload.timeout = arg_get_int_def(ctx, 5, 0);
+
     CLIParserFree(ctx);
 
     if (rawdatalen == 0 && iddatalen == 0) {
@@ -601,9 +610,9 @@ static int CmdHFTexkomSim(const char *Cmd) {
     if (iddatalen == 4) {
         rawdata[0] = 0xff;
         rawdata[1] = 0xff;
-        rawdata[2] = (modulation == 0) ? 0x63 : 0xCA;
+        rawdata[2] = (payload.modulation == 0) ? 0x63 : 0xCA;
         memcpy(&rawdata[3], iddata, 4);
-        rawdata[7] = (modulation == 0) ? TexcomTK13CRC(iddata) : TexcomTK17CRC(iddata);
+        rawdata[7] = (payload.modulation == 0) ? TexcomTK13CRC(iddata) : TexcomTK17CRC(iddata);
         rawdatalen = 8;
     }
 
@@ -612,33 +621,13 @@ static int CmdHFTexkomSim(const char *Cmd) {
         return PM3_EINVARG;
     }
 
-    //iceman,  use a struct 
-    /*
-    struct p {
-        uint8_t modulation;
-        uint32_t timeout;
-        uint8_t data[8];
-    } PACKED payload;
-
-    payload.modulation = modulation;
-    payload.timeout = cmdtimeout;
-    memcpy(payload.data, rawdata, sizeof(payload.data));
+    memcpy(payload.data, rawdata, 8);
 
+    clearCommandBuffer();
     SendCommandNG(CMD_HF_TEXKOM_SIMULATE, (uint8_t*)&payload, sizeof(payload));
 
-    // Iceman,   cmdtimeout is always 0.  You never set it
-    */
-
-    // <texkom 8bytes><modulation 1b><timeout 4b>
-    uint8_t data[13] = {0};
-    memcpy(data, rawdata, 8);
-
-    data[8] = modulation;
-    memcpy(&data[9], &cmdtimeout, 4);
-    clearCommandBuffer();
-    SendCommandNG(CMD_HF_TEXKOM_SIMULATE, data, sizeof(data));
-
-    if (cmdtimeout > 0 && cmdtimeout < 2800) {
+    if (payload.timeout > 0 && payload.timeout < 2800) {
+        PrintAndLogEx(INFO, "simulate command started");
         PacketResponseNG resp;
         if (WaitForResponseTimeout(CMD_HF_TEXKOM_SIMULATE, &resp, 3000) == false) {
             if (verbose) {
@@ -648,7 +637,7 @@ static int CmdHFTexkomSim(const char *Cmd) {
         }
         PrintAndLogEx(INFO, "simulate command execution done");
     } else {
-        PrintAndLogEx(INFO, "simulate command started");
+        PrintAndLogEx(INFO, "simulate command started...");
     }
 
     return PM3_SUCCESS;