diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 3ae332397..16e4029db 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -2920,7 +2920,7 @@ void readerAttack(nonces_t data, bool setEmulatorMem, bool verbose) {
     if (k_sector == NULL)
         emptySectorTable();
 
-    success = mfkey32_moebius(data, &key);
+    success = mfkey32_moebius(&data, &key);
     if (success) {
         uint8_t sector = data.sector;
         uint8_t keytype = data.keytype;
diff --git a/client/mifare/mfkey.c b/client/mifare/mfkey.c
index bdccd302e..ee0c9f052 100644
--- a/client/mifare/mfkey.c
+++ b/client/mifare/mfkey.c
@@ -89,25 +89,25 @@ uint32_t nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint32_t ar, uint64_t
 }
 
 // recover key from 2 different reader responses on same tag challenge
-bool mfkey32(nonces_t data, uint64_t *outputkey) {
+bool mfkey32(nonces_t *data, uint64_t *outputkey) {
     struct Crypto1State *s, *t;
     uint64_t outkey = 0;
     uint64_t key = 0;     // recovered key
     bool isSuccess = false;
     uint8_t counter = 0;
 
-    uint32_t p640 = prng_successor(data.nonce, 64);
+    uint32_t p640 = prng_successor(data->nonce, 64);
 
-    s = lfsr_recovery32(data.ar ^ p640, 0);
+    s = lfsr_recovery32(data->ar ^ p640, 0);
 
     for (t = s; t->odd | t->even; ++t) {
         lfsr_rollback_word(t, 0, 0);
-        lfsr_rollback_word(t, data.nr, 1);
-        lfsr_rollback_word(t, data.cuid ^ data.nonce, 0);
+        lfsr_rollback_word(t, data->nr, 1);
+        lfsr_rollback_word(t, data->cuid ^ data->nonce, 0);
         crypto1_get_lfsr(t, &key);
-        crypto1_word(t, data.cuid ^ data.nonce, 0);
-        crypto1_word(t, data.nr2, 1);
-        if (data.ar2 == (crypto1_word(t, 0, 0) ^ p640)) {
+        crypto1_word(t, data->cuid ^ data->nonce, 0);
+        crypto1_word(t, data->nr2, 1);
+        if (data->ar2 == (crypto1_word(t, 0, 0) ^ p640)) {
             outkey = key;
             counter++;
             if (counter == 20) break;
@@ -121,26 +121,26 @@ bool mfkey32(nonces_t data, uint64_t *outputkey) {
 
 // recover key from 2 reader responses on 2 different tag challenges
 // skip "several found keys".  Only return true if ONE key is found
-bool mfkey32_moebius(nonces_t data, uint64_t *outputkey) {
+bool mfkey32_moebius(nonces_t *data, uint64_t *outputkey) {
     struct Crypto1State *s, *t;
     uint64_t outkey  = 0;
     uint64_t key     = 0; // recovered key
     bool isSuccess = false;
     int counter = 0;
-    uint32_t p640 = prng_successor(data.nonce, 64);
-    uint32_t p641 = prng_successor(data.nonce2, 64);
+    uint32_t p640 = prng_successor(data->nonce, 64);
+    uint32_t p641 = prng_successor(data->nonce2, 64);
 
-    s = lfsr_recovery32(data.ar ^ p640, 0);
+    s = lfsr_recovery32(data->ar ^ p640, 0);
 
     for (t = s; t->odd | t->even; ++t) {
         lfsr_rollback_word(t, 0, 0);
-        lfsr_rollback_word(t, data.nr, 1);
-        lfsr_rollback_word(t, data.cuid ^ data.nonce, 0);
+        lfsr_rollback_word(t, data->nr, 1);
+        lfsr_rollback_word(t, data->cuid ^ data->nonce, 0);
         crypto1_get_lfsr(t, &key);
 
-        crypto1_word(t, data.cuid ^ data.nonce2, 0);
-        crypto1_word(t, data.nr2, 1);
-        if (data.ar2 == (crypto1_word(t, 0, 0) ^ p641)) {
+        crypto1_word(t, data->cuid ^ data->nonce2, 0);
+        crypto1_word(t, data->nr2, 1);
+        if (data->ar2 == (crypto1_word(t, 0, 0) ^ p641)) {
             outkey = key;
             ++counter;
             if (counter == 20) break;
@@ -153,20 +153,20 @@ bool mfkey32_moebius(nonces_t data, uint64_t *outputkey) {
 }
 
 // recover key from reader response and tag response of one authentication sequence
-int mfkey64(nonces_t data, uint64_t *outputkey) {
+int mfkey64(nonces_t *data, uint64_t *outputkey) {
     uint64_t key = 0;  // recovered key
     uint32_t ks2;      // keystream used to encrypt reader response
     uint32_t ks3;      // keystream used to encrypt tag response
     struct Crypto1State *revstate;
 
     // Extract the keystream from the messages
-    ks2 = data.ar ^ prng_successor(data.nonce, 64);
-    ks3 = data.at ^ prng_successor(data.nonce, 96);
+    ks2 = data->ar ^ prng_successor(data->nonce, 64);
+    ks3 = data->at ^ prng_successor(data->nonce, 96);
     revstate = lfsr_recovery64(ks2, ks3);
     lfsr_rollback_word(revstate, 0, 0);
     lfsr_rollback_word(revstate, 0, 0);
-    lfsr_rollback_word(revstate, data.nr, 1);
-    lfsr_rollback_word(revstate, data.cuid ^ data.nonce, 0);
+    lfsr_rollback_word(revstate, data->nr, 1);
+    lfsr_rollback_word(revstate, data->cuid ^ data->nonce, 0);
     crypto1_get_lfsr(revstate, &key);
     crypto1_destroy(revstate);
     *outputkey = key;
diff --git a/client/mifare/mfkey.h b/client/mifare/mfkey.h
index 36ca8ed11..e108d5fa7 100644
--- a/client/mifare/mfkey.h
+++ b/client/mifare/mfkey.h
@@ -17,9 +17,9 @@
 #include "mifare.h"
 
 uint32_t nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint32_t ar, uint64_t par_info, uint64_t ks_info, uint64_t **keys);
-bool mfkey32(nonces_t data, uint64_t *outputkey);
-bool mfkey32_moebius(nonces_t data, uint64_t *outputkey);
-int mfkey64(nonces_t data, uint64_t *outputkey);
+bool mfkey32(nonces_t *data, uint64_t *outputkey);
+bool mfkey32_moebius(nonces_t *data, uint64_t *outputkey);
+int mfkey64(nonces_t *data, uint64_t *outputkey);
 
 int compare_uint64(const void *a, const void *b);
 uint32_t intersection(uint64_t *listA, uint64_t *listB);