feat: Add issuance commands and fix minor issues

docs/IC-chips/card.md

@@ -153,7 +153,7 @@ Unlisted IC module.
 	* RC-S864
 		* CJRC-compliant?
 	* RC-S891[@sonyRCS890Datasheet2009]
-* Hardware core: Sony CXD9559
+* Hardware core: Sony CXD9559[@sonyRCS860SecurityTarget2002]
 	* 8-bit RISC CPU
 	* Potentially Fujitsu F^2^MC-8FX or Panasonic AM core
 * 4KB EEPROM
@@ -171,8 +171,8 @@ IC with physical contacts, potentially for credit/debit cards like Rakuten Edy.
 * Model name: RC-S952
 * IC code: `08`[@sonyFeliCaTechnicalProductsList]
 * Known PICCs:
-	* RC-S952/3MV
-		[@sonyRCS890Datasheet2009]* GlobalPlatform 2.0.1
+	* RC-S952/3MV[@sonyRCS890Datasheet2009]
+		* GlobalPlatform 2.0.1
 		* JavaCard OS 2.1.1
 		* VSDC 2.4.1
 * 32KB EEPROM
@@ -504,6 +504,7 @@ Special thanks to [@eggman](https://qiita.com/eggman/items/27d988fe5c0be2c38a33)
 It appears that Suica has unique functionality on Mobile FeliCa devices, though maybe only on Apple devices, as seen by the different IC type observed in [this screenshot](https://qiita.com/treastrain/items/e8dc5084a663f09ff469#apple-pay-%E3%81%AE-suica-%E3%81%8C%E6%8C%81%E3%81%A4-felica-%E3%82%B7%E3%82%B9%E3%83%86%E3%83%A0%E3%82%B3%E3%83%BC%E3%83%89).
 
 Also observed on Suica from iPhone 12 Pro, which should have Mobile FeliCa applets.
+
 * IC type: `16`
 
 ### Version 4.0

docs/IC-chips/reader.md

@@ -0,0 +1,6 @@
+---
+title: Readers
+---
+
+# Proximity Coupling Devices
+https://www.sony.co.jp/Products/felica/business/tech-support/list.html

docs/IC-chips/sam.md

@@ -0,0 +1,6 @@
+---
+title: SAMs
+---
+
+# Secure Access Modules
+https://www.sony.co.jp/Products/felica/business/tech-support/list.html

docs/authentication.md

@@ -18,7 +18,7 @@ sequenceDiagram
 #### Group Service Key & User Service Key
 > TODO: actually confirm definition of Group Service Key and User Service Key
 
-Mentioned in Security Target documents[@sonyRCSA00SecurityTarget2012] and referred to as the "Area Intermediate Key" and "Service Intermediate Key" respectively in patent filings[@sonyFeliCaMutualAuthentication2008]. This keypair is used as access keys and as intermediates in diversified key generation when authenticating to a FeliCa IC.
+Mentioned in Security Target documents[@sonyRCSA00SecurityTarget2012] and referred to as the "Area Intermediate Key" and "Service Intermediate Key" respectively in patent filings[@sonyFeliCaMutualAuthenticationPatent2008]. This keypair is used as access keys and as intermediates in diversified key generation when authenticating to a FeliCa IC.
 
 A keypair is used in conjunction with a fixed set of area codes (group service) and service codes (user service) respectively.
 
@@ -30,7 +30,7 @@ Upon the creation of a GSK, the USK can be created. The USK is composed of the G
 
 Similar to GSKs, USKs can be appended to, which is useful if the owner of a service wants to provide authenticated capabilities on their service to other users. However, the appended service(s) must be belong to one of the areas specified in its corresponding GSK.
 
-These keys are a precursor to the 3DES keys used in mutual authentication[@sonyFeliCaMutualAuthentication2008]:
+These keys are a precursor to the 3DES keys used in mutual authentication[@sonyFeliCaMutualAuthenticationPatent2008]:
 
 $$
 \begin{aligned}
@@ -41,7 +41,7 @@ K_a  &= K_{bc}||\text{DESEnc}_{K_{ac}}(K_{bc})
 \end{aligned}
 $$
 
-Following mutual authentication, the reader-generated R~a~ is the initial transaction ID, whereas the card-generated R~b~ is the shared DES transaction key[@sonyEncryptedTransportPatent2002;@sonyProtocolNegotiation2008].
+Following mutual authentication, the reader-generated R~a~ is the initial transaction ID, whereas the card-generated R~b~ is the shared DES transaction key[@sonyEncryptedTransportPatent2002;@sonyProtocolNegotiationPatent2008].
 
 ## AES
 ### Group Key
@@ -50,3 +50,12 @@ Of unknown structure; mentioned in several public Security Target documents, and
 It is unknown if and how access control is implemented across managers/issuers, and whether it is constructed similar to GSKs and USKs.
 
 A Group Key may be a merger of both GSK and USK, into one key and corresponding list of areas and services.
+
+## PIN code[@sonyFeliCaPINCodePatent2011]
+
+> Deprecated?
+
+Mentioned in patents but not public documentation.
+A separate service (*not* an overlay service) that doesn't handle data, but reads in PIN access attempts such that the user can write input attempts to the PIN code service(?) and then be authenticated to the corresponding service/area.
+
+A PIN service code is the corresponding area/service code (*not* number(?)) with the 5th bit (0x20) set.

docs/commands/adhoc.md

@@ -2,7 +2,33 @@
 title: Ad-hoc
 ---
 
-# Activate2[@sonyFeliCaPushArduino2010]
+## Activate[@sonyFALPPatent2002]
+
+!!! warning "Unconfirmed"
+
+	The field format for this command is unknown and is guessed from [Activate2](#activate2).
+
+=== "Command"
+
+	| Field  | Size | Note   |
+	|--------|------|--------|
+	| Code   | 1    | `0x??` |
+	| IDm    | 8    |        |
+	| Flags? | 1    |        |
+
+=== "Response"
+
+	| Field   | Size | Note   |
+	|---------|------|--------|
+	| Code    | 1    | `0x??` |
+	| IDm     | 8    |        |
+	| Status? | 1    |        |
+
+## Activate2[@sonyFALPPatent2002;@sonyFeliCaPushArduino2010]
+
+!!! warning "Unconfirmed"
+
+	The field format for this command is unknown and is guessed.
 
 === "Command"
 
@@ -20,7 +46,29 @@ title: Ad-hoc
 	| IDm     | 8    |        |
 	| Status? | 1    |        |
 
-# Push[@sonyFeliCaPushArduino2010]
+## Inactivate[@sonyFALPPatent2002]
+
+!!! warning "Unconfirmed"
+
+	The field format for this command is unknown and is guessed from [Activate2](#activate2).
+
+=== "Command"
+
+	| Field  | Size | Note   |
+	|--------|------|--------|
+	| Code   | 1    | `0x??` |
+	| IDm    | 8    |        |
+	| Flags? | 1    |        |
+
+=== "Response"
+
+	| Field   | Size | Note   |
+	|---------|------|--------|
+	| Code    | 1    | `0x??` |
+	| IDm     | 8    |        |
+	| Status? | 1    |        |
+
+## Push[@sonyFALPPatent2002;@sonyFeliCaPushArduino2010]
 
 === "Command"
 
@@ -38,3 +86,47 @@ title: Ad-hoc
 	| Code            | 1    | `0xB1` |
 	| IDm             | 8    |        |
 	| Length Received | 1    |        |
+
+## Pull[@sonyFALPPatent2002]
+
+!!! warning "Unconfirmed"
+
+	The field format for this command is unknown and is guessed from [Push](#push).
+
+=== "Command"
+
+	| Field          | Size | Note            |
+	|----------------|------|-----------------|
+	| Code           | 1    | `0x??`          |
+	| IDm            | 8    |                 |
+	| Maximum Length | 1    | $1 <= n <= 224$ |
+
+=== "Response"
+
+	| Field  | Size | Note            |
+	|--------|------|-----------------|
+	| Code   | 1    | `0xB1`          |
+	| IDm    | 8    |                 |
+	| Length | 1    | $1 <= n <= 224$ |
+	| Data   | $n$  |                 |
+
+## Get Ad-hoc Status[@sonyFALPPatent2002]
+
+!!! warning "Unconfirmed"
+
+	The field format for this command is unknown and is guessed.
+
+=== "Command"
+
+	| Field  | Size | Note   |
+	|--------|------|--------|
+	| Code   | 1    | `0x??` |
+	| IDm    | 8    |        |
+
+=== "Response"
+
+	| Field   | Size | Note   |
+	|---------|------|--------|
+	| Code    | 1    | `0xA5` |
+	| IDm     | 8    |        |
+	| Status? | 1    |        |

docs/commands/authentication.md

@@ -1,12 +1,15 @@
----
-title: Authentication
----
+## Authentication Start (DES)[@sonyFeliCaSDManual2024;@sonyFeliCaMutualAuthenticationPatent2008;@rrgProxmark3FeliCa2024]
 
-# Authentication Start (DES)[@sonyFeliCaSDManual2024;@sonyFeliCaMutualAuthentication2008;@rrgProxmark3FeliCa2024]
-> Official name: Authentication1
+!!! info "Official Name"
+
+    Authentication1
 
 Initiate mutual authentication with PICC
 
+| Current Mode    | Any |
+|-----------------|-----|
+| Mode Transition | 1   |
+
 === "Command"
 
 	| Field              | Size             | Note                               |
@@ -28,11 +31,18 @@ Initiate mutual authentication with PICC
 	| Challenge Response A | 8    | $\text{3DESEnc}_{K_a}(R_a)$ |
 	| Random Challenge B   | 8    | $\text{3DESEnc}_{K_a}(R_b)$ |
 
-# Authentication Finish (DES)[@sonyFeliCaSDManual2024;@sonyFeliCaMutualAuthentication2008;@rrgProxmark3FeliCa2024]
-> Official name: Authentication2
+## Authentication Finish (DES)[@sonyFeliCaSDManual2024;@sonyFeliCaMutualAuthenticationPatent2008;@rrgProxmark3FeliCa2024]
+
+!!! info "Official Name"
+
+    Authentication2
 
 Finalise mutual authentication with PICC
 
+| Current Mode    | 1 |
+|-----------------|---|
+| Mode Transition | 2 |
+
 === "Command"
 
 	| Field                | Size | Note                        |
@@ -50,10 +60,21 @@ Finalise mutual authentication with PICC
 	| IDi (Issue ID?)     | 8    |                |
 	| PMi (Parameter ID?) | 8    |                |
 
-# Authentication Start (AES)[@sonyFeliCaSDManual2024;@onakasuitaCommands]
-> Official name: Authentication1 v2
+## Authentication Start (AES)[@sonyFeliCaSDManual2024;@onakasuitaCommands]
 
-Initiate mutual authentication with PICC
+!!! info "Official Name"
+
+    Authentication1 v2
+
+!!! warning "Unconfirmed"
+
+	The field format for this command is unknown.
+
+Initiate mutual authentication in AES with PICC
+
+| Current Mode    | Any |
+|-----------------|-----|
+| Mode Transition | 1   |
 
 === "Command"
 
@@ -71,10 +92,21 @@ Initiate mutual authentication with PICC
 	| IDm           | 8    |      |
 	| ??            | ??   |      |
 
-# Authentication Finish (AES)[@sonyFeliCaSDManual2024;@onakasuitaCommands]
-> Official name: Authentication2 v2
+## Authentication Finish (AES)[@sonyFeliCaSDManual2024;@onakasuitaCommands]
 
-Finalise mutual authentication with PICC
+!!! info "Official Name"
+
+    Authentication2 v2
+
+!!! warning "Unconfirmed"
+
+	The field format for this command is unknown.
+
+Finalise mutual authentication in AES with PICC
+
+| Current Mode    | 1 |
+|-----------------|---|
+| Mode Transition | 2 |
 
 === "Command"