diff --git a/client/src/mifare/desfiretest.c b/client/src/mifare/desfiretest.c
index 83697cfb7..d3c4d7ada 100644
--- a/client/src/mifare/desfiretest.c
+++ b/client/src/mifare/desfiretest.c
@@ -804,13 +804,13 @@ static bool TestLRPCMAC(void) {
     uint8_t cmacres1[] = {0xAD, 0x85, 0x95, 0xE0, 0xB4, 0x9C, 0x5C, 0x0D, 0xB1, 0x8E, 0x77, 0x35, 0x5F, 0x5A, 0xAF, 0xF6};
     res = res && (memcmp(cmac, cmacres1, sizeof(cmacres1)) == 0);
   
-    /*uint8_t key2[] = {0x5A, 0xA9, 0xF6, 0xC6, 0xDE, 0x51, 0x38, 0x11, 0x3D, 0xF5, 0xD6, 0xB6, 0xC7, 0x7D, 0x5D, 0x52};
+    uint8_t key2[] = {0x5A, 0xA9, 0xF6, 0xC6, 0xDE, 0x51, 0x38, 0x11, 0x3D, 0xF5, 0xD6, 0xB6, 0xC7, 0x7D, 0x5D, 0x52};
     LRPSetKey(&ctx, key2, 0, true);
     uint8_t data2[] = {0xA4, 0x43, 0x4D, 0x74, 0x0C, 0x2C, 0xB6, 0x65, 0xFE, 0x53, 0x96, 0x95, 0x91, 0x89, 0x38, 0x3F};
     LRPCMAC(&ctx, data2, sizeof(data2), cmac);
     uint8_t cmacres2[] = {0x8B, 0x43, 0xAD, 0xF7, 0x67, 0xE4, 0x6B, 0x69, 0x2E, 0x8F, 0x24, 0xE8, 0x37, 0xCB, 0x5E, 0xFC};
     res = res && (memcmp(cmac, cmacres2, sizeof(cmacres2)) == 0);
-*/
+
     uint8_t key3[] = {0x0D, 0x46, 0x55, 0x75, 0x50, 0xCB, 0x31, 0x3F, 0x36, 0xAF, 0xBA, 0x87, 0x62, 0x5D, 0x96, 0x1A};
     LRPSetKey(&ctx, key3, 0, true);
     uint8_t data3[] = {0x90};
diff --git a/client/src/mifare/lrpcrypto.c b/client/src/mifare/lrpcrypto.c
index ba5a917d0..7c249f1ff 100644
--- a/client/src/mifare/lrpcrypto.c
+++ b/client/src/mifare/lrpcrypto.c
@@ -238,22 +238,27 @@ void LRPCMAC(LRPContext *ctx, uint8_t *data, size_t datalen, uint8_t *cmac) {
     uint8_t y[CRYPTO_AES128_KEY_SIZE] = {0};
     size_t clen = 0;
     for (int i = 0; i < datalen / CRYPTO_AES128_KEY_SIZE; i++) {
+        if (datalen - clen <= CRYPTO_AES128_KEY_SIZE)
+            break;
+
         bin_xor(y, &data[i * CRYPTO_AES128_KEY_SIZE], CRYPTO_AES128_KEY_SIZE);
         LRPEvalLRP(ctx, y, CRYPTO_AES128_KEY_SIZE * 2, true, y);
         clen += CRYPTO_AES128_KEY_SIZE;
     }
 
     size_t bllen = datalen - clen;
+    uint8_t bl[CRYPTO_AES128_KEY_SIZE] = {0};
+    memcpy(bl, &data[clen * CRYPTO_AES128_KEY_SIZE], bllen);
 
 PrintAndLogEx(ERR, "--bllen %d", bllen);    
 PrintAndLogEx(ERR, "--y %s", sprint_hex(y, 16));    
     // if there is more data
     if (bllen == 16) {
+        bin_xor(y, bl, CRYPTO_AES128_KEY_SIZE);
+      
         bin_xor(y, sk1, CRYPTO_AES128_KEY_SIZE);
     } else {
         // padding
-        uint8_t bl[CRYPTO_AES128_KEY_SIZE] = {0};
-        memcpy(bl, &data[clen * CRYPTO_AES128_KEY_SIZE], bllen);
         bl[bllen] = 0x80;
         bin_xor(y, bl, CRYPTO_AES128_KEY_SIZE);