diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c
index 238e7719c..75a6723e1 100644
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@@ -4137,7 +4137,7 @@ static int CmdHF14ADesCreateFile(const char *Cmd) {
     DesfireContext dctx;
     int securechann = defaultSecureChannel;
     uint32_t appid = 0x000000;
-    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMPlain, &appid);
+    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMMACed, &appid);
     if (res) {
         CLIParserFree(ctx);
         return res;
@@ -4278,7 +4278,7 @@ static int CmdHF14ADesCreateValueFile(const char *Cmd) {
     DesfireContext dctx;
     int securechann = defaultSecureChannel;
     uint32_t appid = 0x000000;
-    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMPlain, &appid);
+    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMMACed, &appid);
     if (res) {
         CLIParserFree(ctx);
         return res;
@@ -4411,7 +4411,7 @@ static int CmdHF14ADesCreateRecordFile(const char *Cmd) {
     DesfireContext dctx;
     int securechann = defaultSecureChannel;
     uint32_t appid = 0x000000;
-    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMPlain, &appid);
+    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, &securechann, DCMMACed, &appid);
     if (res) {
         CLIParserFree(ctx);
         return res;
diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c
index 56d4b9ece..9da027ddd 100644
--- a/client/src/mifare/desfiresecurechan.c
+++ b/client/src/mifare/desfiresecurechan.c
@@ -147,6 +147,30 @@ static uint8_t DesfireGetCmdHeaderLen(uint8_t cmd) {
     return 0;
 }
 
+static const uint8_t EV1TransmitMAC[] = {
+    MFDES_WRITE_DATA,
+    MFDES_CREDIT,
+    MFDES_LIMITED_CREDIT,
+    MFDES_DEBIT,
+    MFDES_WRITE_RECORD,
+    MFDES_UPDATE_RECORD,
+    MFDES_COMMIT_READER_ID,
+    MFDES_INIT_KEY_SETTINGS,
+    MFDES_ROLL_KEY_SETTINGS,
+    MFDES_FINALIZE_KEY_SETTINGS,
+};
+
+static bool DesfireEV1TransmitMAC(DesfireContext *ctx, uint8_t cmd) {
+    if (ctx->secureChannel != DACEV1)
+        return true;
+        
+    for (int i = 0; i < ARRAY_LENGTH(EV1TransmitMAC); i++)
+        if (EV1TransmitMAC[i] == cmd)
+            return true;
+
+    return false;
+}
+
 static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint8_t *srcdata, size_t srcdatalen, uint8_t *dstdata, size_t *dstdatalen) {
     uint8_t data[1024] = {0};
     size_t rlen = 0;
@@ -216,7 +240,7 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint
 
         memcpy(dstdata, srcdata, srcdatalen);
         *dstdatalen = srcdatalen;
-        if (srcdatalen > hdrlen && ctx->commMode == DCMMACed) {
+        if (ctx->commMode == DCMMACed && DesfireEV1TransmitMAC(ctx, cmd)) {
             memcpy(&dstdata[srcdatalen], cmac, DesfireGetMACLength(ctx));
             *dstdatalen = srcdatalen + DesfireGetMACLength(ctx);
         }