diff --git a/root/payload/payload.sh b/root/payload/payload.sh
index 62bf26d..f3c49ba 100755
--- a/root/payload/payload.sh
+++ b/root/payload/payload.sh
@@ -2,81 +2,41 @@
 #
 # Title:         Sample Nmap Payload for Shark Jack
 # Author:        Hak5
-# Version:       1.0
+# Version:       1.2
 #
 # Scans target subnet with Nmap using specified options. Saves each scan result
-# to loot storage folder.
+# to loot storage folder. Includes SERIAL_WRITE commands for Shark Jack Cable.
 #
-# Red ...........Setup
-# Amber..........Scanning
-# Green..........Finished
+# LED SETUP ... Obtaining IP address from DHCP
+# LED ATTACK ... Scanning
+# LED FINISH ... Scan Complete
 #
 # See nmap --help for options. Default "-sP" ping scans the address space for
 # fast host discovery.
 
+
+echo "started payload" > /tmp/payload-debug.log
 NMAP_OPTIONS="-sP --host-timeout 30s --max-retries 3"
 LOOT_DIR=/root/loot/nmap
-SCAN_DIR=/etc/shark/nmap
+
+# Setup loot directory, DHCP client, and determine subnet
+SERIAL_WRITE [*] Setting up payload
+LED SETUP
+mkdir -p $LOOT_DIR
+COUNT=$(($(ls -l $LOOT_DIR/*.txt | wc -l)+1))
+NETMODE DHCP_CLIENT
+SERIAL_WRITE [*] Waiting for IP from DHCP
+while [ -z "$SUBNET" ]; do
+  sleep 1 && SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//')
+done
+echo "Recieved IP address from DHCP" >> /tmp/payload-debug.log
 
 
-function finish() {
-    LED CLEANUP
-    # Kill Nmap
-    wait $1
-    kill $1 &> /dev/null
-
-    # Sync filesystem
-    echo $SCAN_M > $SCAN_FILE
-    sync
-    sleep 1
-
-    LED FINISH
-    sleep 1
-
-    # Halt system
-    halt
-}
-
-function setup() {
-    LED SETUP
-    # Create loot directory
-    mkdir -p $LOOT_DIR &> /dev/null
-
-    # Create tmp scan directory
-    mkdir -p $SCAN_DIR &> /dev/null
-
-    # Create tmp scan file if it doesn't exist
-    SCAN_FILE=$SCAN_DIR/scan-count
-    if [ ! -f $SCAN_FILE ]; then
-        touch $SCAN_FILE && echo 0 > $SCAN_FILE
-    fi
-
-    # Find IP address and subnet
-    NETMODE DHCP_CLIENT
-    while [ -z "$SUBNET" ]; do
-        sleep 1 && find_subnet
-    done
-}
-
-function find_subnet() {
-    SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//')
-}
-
-function run() {
-    # Run setup
-    setup
-
-    SCAN_N=$(cat $SCAN_FILE)
-    SCAN_M=$(( $SCAN_N + 1 ))
-
-    LED ATTACK
-    # Start scan
-    nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$SCAN_M.txt &>/dev/null &
-    tpid=$!
-
-    finish $tpid
-}
-
-
-# Run payload
-run &
+# Scan network
+LED ATTACK
+SERIAL_WRITE [*] Starting nmap scan...
+nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$COUNT.txt
+echo "scanned network" >> /tmp/payload-debug.log
+LED FINISH
+SERIAL_WRITE [*] Payload complete!
+sleep 2 && sync