From 56fe7b09ae896ffdeb76522a56ab41b8a31dcc55 Mon Sep 17 00:00:00 2001
From: noproto <noproto@zeroday.engineering>
Date: Sat, 4 Jan 2025 04:05:40 -0500
Subject: [PATCH] Fix for early key reuse in dictionary attack state machine

---
 lib/nfc/protocols/mf_classic/mf_classic_poller.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
index ec37c8015..b2d9b114a 100644
--- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c
+++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
@@ -1921,7 +1921,8 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
                         sizeof(MfClassicKey)) :
                     NULL;
         }
-        if((is_weak || is_last_iter_for_hard_key) && dict_attack_ctx->nested_nonce.count > 0) {
+        if((is_weak && (dict_attack_ctx->nested_nonce.count == 1)) ||
+           (is_last_iter_for_hard_key && (dict_attack_ctx->nested_nonce.count == 8))) {
             // Key verify and reuse
             dict_attack_ctx->nested_phase = MfClassicNestedPhaseDictAttackVerify;
             dict_attack_ctx->auth_passed = false;