From e0269bde743d97d5db6774107caa30e47dfa0198 Mon Sep 17 00:00:00 2001
From: mwalker33 <51802811+mwalker33@users.noreply.github.com>
Date: Tue, 18 May 2021 19:49:03 +1000
Subject: [PATCH] Update cmdhfmfdes.c

Desfire readdata patch
---
 client/src/cmdhfmfdes.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c
index b0f298d03..774d99415 100644
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@@ -1890,10 +1890,21 @@ static int handler_desfire_readdata(mfdes_data_t *data, MFDES_FILE_TYPE_T type,
     uint16_t sw = 0;
     uint32_t resplen = 0;
 
-    size_t plen = apdu.Lc;
-    uint8_t *p = mifare_cryto_preprocess_data(tag, (uint8_t *)data, &plen, 0, MDCM_PLAIN | CMAC_COMMAND);
-    apdu.Lc = (uint8_t)plen;
-    apdu.data = p;
+    // we need the CMD 0xBD <data> to calc the CMAC 
+    uint8_t tmp_data[8]; // Since the APDU is hardcoded to 7 bytes of payload 7+1 = 8 is enough.
+    tmp_data[0] = 0xBD;
+    memcpy (&tmp_data[1], data, 7);
+    
+    // size_t plen = apdu.Lc;
+    // uint8_t *p = mifare_cryto_preprocess_data(tag, (uint8_t *)data, &plen, 0, MDCM_PLAIN | CMAC_COMMAND);
+    // apdu.Lc = (uint8_t)plen;
+    // apdu.data = p;
+    
+    size_t plen = 8;
+    uint8_t *p = mifare_cryto_preprocess_data(tag, tmp_data, &plen, 0, MDCM_PLAIN | CMAC_COMMAND);
+    // apdu data does not need the cmd, so use the original read command data.
+    apdu.Lc =  7;
+    apdu.data = (uint8_t *)data;
 
     int res = send_desfire_cmd(&apdu, false, data->data, &resplen, &sw, 0, true);
     if (res != PM3_SUCCESS) {