diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 019f2371f..05ea84aa8 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -1677,7 +1677,13 @@ static void PacketReceived(PacketCommandNG *packet) {
         case CMD_HF_ICLASS_EML_MEMSET: {
             //iceman, should call FPGADOWNLOAD before, since it corrupts BigBuf
             FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
-            emlSet(packet->data.asBytes, packet->oldarg[0], packet->oldarg[1]);
+            struct p {
+                uint16_t offset;
+                uint16_t len;
+                uint8_t data[];
+            } PACKED;
+            struct p *payload = (struct p *) packet->data.asBytes;
+            emlSet(payload->data, payload->offset, payload->len);
             break;
         }
         case CMD_HF_ICLASS_WRITEBL: {
diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c
index c36d37e5a..8d5058071 100644
--- a/client/src/cmdhficlass.c
+++ b/client/src/cmdhficlass.c
@@ -113,13 +113,20 @@ static inline uint32_t leadingzeros(uint64_t a) {
 #endif
 }
 
-static void iclass_upload_emul(uint8_t *d, uint32_t n, uint32_t *bytes_sent) {
+static void iclass_upload_emul(uint8_t *d, uint16_t n, uint16_t *bytes_sent) {
+
+    struct p {
+        uint16_t offset;
+        uint16_t len;
+        uint8_t data[];
+    } PACKED;
+
     // fast push mode
     conn.block_after_ACK = true;
 
     //Send to device
     *bytes_sent = 0;
-    uint32_t bytes_remaining  = n;
+    uint16_t bytes_remaining = n;
 
     while (bytes_remaining > 0) {
         uint32_t bytes_in_packet = MIN(PM3_CMD_DATA_SIZE, bytes_remaining);
@@ -128,13 +135,20 @@ static void iclass_upload_emul(uint8_t *d, uint32_t n, uint32_t *bytes_sent) {
             conn.block_after_ACK = false;
         }
         clearCommandBuffer();
-        SendCommandOLD(CMD_HF_ICLASS_EML_MEMSET, *bytes_sent, bytes_in_packet, 0, d + *bytes_sent, bytes_in_packet);
+
+        struct p *payload = calloc(4 + bytes_in_packet, sizeof(uint8_t));
+        payload->offset = *bytes_sent;        
+        payload->len = bytes_in_packet;
+        memcpy(payload->data, d + *bytes_sent, bytes_in_packet);
+
+        SendCommandNG(CMD_HF_ICLASS_EML_MEMSET, (uint8_t*)payload, 4 + bytes_in_packet);
+        free(payload);
+
         bytes_remaining -= bytes_in_packet;
         *bytes_sent += bytes_in_packet;
     }
 }
 
-
 const char *card_types[] = {
     "PicoPass 16K / 16",                       // 000
     "PicoPass 32K with current book 16K / 16", // 001
@@ -354,11 +368,11 @@ static int generate_config_card(const iclass_config_card_item_t *o,  uint8_t *ke
     }
 
     //Send to device
-    uint32_t bytes_sent = 0;
+    uint16_t bytes_sent = 0;
     iclass_upload_emul(data, tot_bytes, &bytes_sent);
     free(data);
 
-    PrintAndLogEx(SUCCESS, "sent %d bytes of data to device emulator memory", bytes_sent);
+    PrintAndLogEx(SUCCESS, "sent %u bytes of data to device emulator memory", bytes_sent);
     PrintAndLogEx(HINT, "Try `" _YELLOW_("hf iclass eview") "` to view dump file");
     PrintAndLogEx(HINT, "Try `" _YELLOW_("hf iclass sim -t 3") "` to start simulating config card");
     return PM3_SUCCESS;
@@ -944,10 +958,10 @@ static int CmdHFiClassELoad(const char *Cmd) {
     print_picopass_info((picopass_hdr_t *) dump);
 
     //Send to device
-    uint32_t bytes_sent = 0;
+    uint16_t bytes_sent = 0;
     iclass_upload_emul(dump, bytes_read, &bytes_sent);
     free(dump);
-    PrintAndLogEx(SUCCESS, "sent %d bytes of data to device emulator memory", bytes_sent);
+    PrintAndLogEx(SUCCESS, "sent %u bytes of data to device emulator memory", bytes_sent);
     return PM3_SUCCESS;
 }