From 81b116c23f2c5aa99b85b6ec1dc9387c46a4b977 Mon Sep 17 00:00:00 2001
From: Antiklesys <syselkitna@gmail.com>
Date: Fri, 27 Oct 2023 13:21:49 +0800
Subject: [PATCH 1/2] Fixed keyroll mode for hf ic configcard

Was able to compare the output of nfc-iclass and I identified two bugs in the generation of blocks 0x0D (was being overwritten with FF, it seems this was an original bug in the original pm3 code?)
Fixed the porting for block 15 generation.
---
 CHANGELOG.md             | 1 +
 client/src/cmdhficlass.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b794f4db26..eae63e74b88 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Additional fixes to configcard code for keyroll mode based on nfc-iclass output (@Antiklesys)
  - Added `bind` option for network connections to specify the outbound address and port (@wh201906)
  - Changed `lf em 4x05 dump` - now supports the `--ns` nosave parameter (@iceman1001)
  - Fixed some wrong synchronization waits in usb_write() to increase the communication speed (@wh201906)
diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c
index 3966f851785..98065f2d05e 100644
--- a/client/src/cmdhficlass.c
+++ b/client/src/cmdhficlass.c
@@ -424,7 +424,7 @@ static int generate_config_card(const iclass_config_card_item_t *o,  uint8_t *ke
             memcpy(data + (0x0D * 8), lkey, sizeof(enckey1));
         }
         // encrypted 0xFF
-        for (uint8_t i = 0x0D; i < 0x14; i++) {
+        for (uint8_t i = 0x0E; i < 0x14; i++) {
             memcpy(data + (i * 8), ffs, sizeof(ffs));
         }
         PrintAndLogEx(NORMAL, "( " _GREEN_("ok") " )");
@@ -450,7 +450,7 @@ static int generate_config_card(const iclass_config_card_item_t *o,  uint8_t *ke
         // encrypted partial keyroll key 15
         PrintAndLogEx(INFO, "Setting encrypted partial key15... " NOLF);
         memset(foo, 0xFF, sizeof(foo));
-        foo[0] = lkey[7];
+        foo[0] = key[7];
         if (IsCardHelperPresent(false) != false) {
             if (Encrypt(foo, enckey2) == false) {
                 PrintAndLogEx(WARNING, "failed to encrypt partial 2");

From 9d07ee497c7ead38c3fb947e3f6e1f5710edd548 Mon Sep 17 00:00:00 2001
From: yah01 <yah2er0ne@outlook.com>
Date: Fri, 27 Oct 2023 13:47:26 +0800
Subject: [PATCH 2/2] Improve lf sampling performance

Signed-off-by: yah01 <yah2er0ne@outlook.com>
---
 CHANGELOG.md        |  1 +
 armsrc/lfsampling.c | 35 ++++++++++++++---------------------
 2 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b794f4db26..276521e5e5e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
  - Modified `hf iclass configcard` to only support online mode (@Antiklesys)
  - Modified `hf iclass configcard` command to generate config cards without a cardhelper module by porting the contents of blocks 6 & 7 from nfc-iclass (@Antiklesys)
  - Fixed `hf iclass info` command showing incorrectly in offline mode (@Antiklesys)
+ - Changed lf sampling - improved the performance (@yah01)
 
 ## [Raccoon.4.17140][2023-09-09]
  - Changed text and adjust pm3_test case for mf_aes_brute (@doegox)
diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c
index 6c131e7f372..c763bd0c675 100644
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@@ -128,20 +128,6 @@ sample_config *getSamplingConfig(void) {
     return &config;
 }
 
-/**
- * @brief Pushes bit onto the stream
- * @param stream
- * @param bit
- */
-static void pushBit(BitstreamOut_t *stream, uint8_t bit) {
-    int bytepos = stream->position >> 3; // divide by 8
-    int bitpos = stream->position & 7;
-    *(stream->buffer + bytepos) &= ~(1 << (7 - bitpos));
-    *(stream->buffer + bytepos) |= (bit > 0) << (7 - bitpos);
-    stream->position++;
-    stream->numbits++;
-}
-
 void initSampleBuffer(uint32_t *sample_size) {
     initSampleBufferEx(sample_size, false);
 }
@@ -233,13 +219,20 @@ void logSample(uint8_t sample, uint8_t decimation, uint8_t bits_per_sample, bool
         data.numbits = samples.total_saved << 3;
 
     } else {
-        pushBit(&data, sample & 0x80);
-        if (bits_per_sample > 1) pushBit(&data, sample & 0x40);
-        if (bits_per_sample > 2) pushBit(&data, sample & 0x20);
-        if (bits_per_sample > 3) pushBit(&data, sample & 0x10);
-        if (bits_per_sample > 4) pushBit(&data, sample & 0x08);
-        if (bits_per_sample > 5) pushBit(&data, sample & 0x04);
-        if (bits_per_sample > 6) pushBit(&data, sample & 0x02);
+        // truncate trailing data
+        sample >>= 8 - bits_per_sample;
+        sample <<= 8 - bits_per_sample;
+
+        uint8_t bits_offset = data.numbits & 0x7;
+        uint8_t bits_cap = 8 - bits_offset;
+
+        // write the current byte
+        data.buffer[data.numbits >> 3] |= sample >> bits_offset;
+        int numbits = data.numbits + bits_cap;
+
+        // write the remaining bits to the next byte
+        data.buffer[numbits >> 3] |= sample << (bits_cap);
+        data.numbits += bits_per_sample;
     }
 }