diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c
index dd6e39baf..6dab86454 100644
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@@ -2512,8 +2512,9 @@ static int CmdHF14ADesDeleteApp(const char *Cmd) {
 static int CmdHF14ADesGetUID(const char *Cmd) {
     CLIParserContext *ctx;
     CLIParserInit(&ctx, "hf mfdes getuid",
-                  "Get UID from card. Get the real UID if the random UID bit is on and get the same UID as in anticollision if not. Master key needs to be provided. ",
-                  "hf mfdes getuid -> execute with default factory setup");
+                  "Get UID from card. Get the real UID if the random UID bit is on and get the same UID as in anticollision if not. Any card's key needs to be provided. ",
+                  "hf mfdes getuid -> execute with default factory setup\n"
+                  "hf mfdes getuid --appisoid df01 -t aes -s lrp -> for desfire lights default settings");
 
     void *argtable[] = {
         arg_param_begin,
@@ -2527,6 +2528,8 @@ static int CmdHF14ADesGetUID(const char *Cmd) {
         arg_str0("m",  "cmode",   "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
         arg_str0("c",  "ccset",   "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
         arg_str0("s",  "schann",  "<d40/ev1/ev2/lrp>", "Secure channel: d40/ev1/ev2/lrp"),
+        arg_str0(NULL, "aid",     "<app id hex>", "Application ID (3 hex bytes, big endian)"),
+        arg_str0(NULL, "appisoid", "<isoid hex>", "Application ISO ID (ISO DF ID) (2 hex bytes, big endian)."),
         arg_param_end
     };
     CLIExecWithReturn(ctx, Cmd, argtable, true);
@@ -2536,7 +2539,9 @@ static int CmdHF14ADesGetUID(const char *Cmd) {
 
     DesfireContext dctx;
     int securechann = defaultSecureChannel;
-    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 0, 0, &securechann, DCMEncrypted, NULL, NULL);
+    uint32_t id = 0x000000;
+    DesfireISOSelectWay selectway = ISW6bAID;
+    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, &securechann, DCMEncrypted, &id, &selectway);
     if (res) {
         CLIParserFree(ctx);
         return res;
@@ -2545,9 +2550,10 @@ static int CmdHF14ADesGetUID(const char *Cmd) {
     SetAPDULogging(APDULogging);
     CLIParserFree(ctx);
 
-    res = DesfireSelectAndAuthenticate(&dctx, securechann, 0x000000, verbose);
+    res = DesfireSelectAndAuthenticateAppW(&dctx, securechann, selectway, id, false, verbose);
     if (res != PM3_SUCCESS) {
         DropField();
+        PrintAndLogEx(FAILED, "Select or authentication %s 0x%06x " _RED_("failed") ". Result [%d] %s", DesfireSelectWayToStr(selectway), id, res, DesfireAuthErrorToStr(res));
         return res;
     }
 
diff --git a/client/src/mifare/desfirecrypto.c b/client/src/mifare/desfirecrypto.c
index 654fabfef..42054995d 100644
--- a/client/src/mifare/desfirecrypto.c
+++ b/client/src/mifare/desfirecrypto.c
@@ -263,7 +263,7 @@ void DesfireCryptoEncDecEx(DesfireContext *ctx, DesfireCryptoOpKeyType key_type,
 
     if (ctx->secureChannel == DACLRP) {
         size_t dstlen = 0;
-        LRPEncDec(key, iv, encode, srcdata, srcdatalen, data, &dstlen);
+        LRPEncDec(key, xiv, encode, srcdata, srcdatalen, data, &dstlen);
     } else {
         size_t offset = 0;
         while (offset < srcdatalen) {
diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c
index ba5937a64..a02487d64 100644
--- a/client/src/mifare/desfiresecurechan.c
+++ b/client/src/mifare/desfiresecurechan.c
@@ -145,6 +145,8 @@ static const AllowedChannelModesS AllowedChannelModes[] = {
     {MFDES_GET_FILE_IDS,              DACLRP,  DCCNative,    DCMMACed},
     {MFDES_GET_ISOFILE_IDS,           DACLRP,  DCCNative,    DCMMACed},
     {MFDES_GET_FILE_SETTINGS,         DACLRP,  DCCNative,    DCMMACed},
+
+    {MFDES_GET_UID,                   DACLRP,  DCCNative,    DCMEncrypted},
 };
 
 #define CMD_HEADER_LEN_ALL 0xffff
@@ -653,7 +655,6 @@ static void DesfireSecureChannelDecodeLRP(DesfireContext *ctx, uint8_t *srcdata,
         }
 
         if (*dstdatalen >= desfire_get_key_block_length(ctx->keyType)) {
-            DesfireEV2FillIV(ctx, false, NULL); // fill response IV to ctx
             DesfireCryptoEncDec(ctx, DCOSessionKeyEnc, srcdata, *dstdatalen, dstdata, false);
 
             size_t puredatalen = FindISO9797M2PaddingDataLen(dstdata, *dstdatalen);
diff --git a/client/src/mifare/lrpcrypto.c b/client/src/mifare/lrpcrypto.c
index 98809ecdd..98453daed 100644
--- a/client/src/mifare/lrpcrypto.c
+++ b/client/src/mifare/lrpcrypto.c
@@ -195,7 +195,7 @@ void LRPDecode(LRPContext *ctx, uint8_t *data, size_t datalen, uint8_t *resp, si
 void LRPEncDec(uint8_t *key, uint8_t *iv, bool encode, uint8_t *data, size_t datalen, uint8_t *resp, size_t *resplen) {
     LRPContext ctx = {0};
 
-    LRPSetKeyEx(&ctx, key, iv, 4 * 2, 0, true);
+    LRPSetKeyEx(&ctx, key, iv, 4 * 2, 1, true);
     if (encode)
         LRPEncode(&ctx, data, datalen, resp, resplen);
     else