diff --git a/Radius-PowerView-Commands.md b/Radius-PowerView-Commands.md
index 5ac4c58..3d4b3b3 100644
--- a/Radius-PowerView-Commands.md
+++ b/Radius-PowerView-Commands.md
@@ -14,8 +14,8 @@ All numbers are expressed in hexadecimal, unless otherwise noted.
 The following is a list of the observed SCSI commands:
 
 - 12    Inquiry
-- C8    **UNKNOWN**
-- C9    **UNKNOWN**
+- C8    Read register or configuration?
+- C9    Write register or configuration?
 - CA    Write to frame buffer
 - CB    Load Color Palette
 - CC    **UNKNOWN**
@@ -77,27 +77,35 @@ Data in:
 
 `40: 05000000 000643F9 0000FF`
 
-## **UNKNOWN** (C8)
-Command:  C8 00 00 31 00 00 03 00
+## **UNKNOWN** (C8) Read Register???
+Command:  C8 00 00 AA AA 00 LL 00
+ * LL = Length of reponse
+ * AA = Address being read? Or ID of the data being requested?
 
-Function: ***Unknown at this time***
+Function: Poll data from the Powerview?
 
-Type:     XXXXInput (Transitions to DATAOUT)
+Seems to only have a few requests, with consistent responses. Potentially a way to read registers/data/information about the Powerview. Also appears to be the only command that transfers data TO the host.
 
-Host then sends: `XXXX00 09 00 07 FF FF FF 00` (The last 00 might not actually be there?)
 
 Sequence: Command->Status->Data In->Status->Msg In
 
 Examples:
 
 Command: `C8 00 00 31 83 00 01 00`
+
 Data in: `00`
 
 Command: `C8 00 00 31 00 00 03 00`
+
 Data in: `01 09 08`
 
+Command: `C8 00 00 31 82 00 01 00`
 
-## **UNKNOWN** (C9)
+Data in: `01`
+
+**TODO: Try different monitors/devices to see if these responses change**
+
+## **UNKNOWN** (C9) Write Register?
 Command: `C9 00 00 21 81 00 LL 00`
 * LL = Length in bytes