diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c
index 61bd4ccab..123d9d0d5 100644
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@@ -4889,7 +4889,7 @@ static int CmdHF14ADesSetConfiguration(const char *Cmd) {
     CLIParserContext *ctx;
     CLIParserInit(&ctx, "hf mfdes setconfig",
                   "Set card configuration. Danger zone! Needs to provide card's master key and works if not blocked by config.",
-                  "hf mfdes setconfig --param xxx --data yyy -> set parameter with data value");
+                  "hf mfdes setconfig --param 03 --data 0428 -> set parameter with data value");
 
     void *argtable[] = {
         arg_param_begin,
diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c
index 6441b8906..9d126395a 100644
--- a/client/src/mifare/desfirecore.c
+++ b/client/src/mifare/desfirecore.c
@@ -1190,15 +1190,34 @@ int DesfireChangeKey(DesfireContext *dctx, bool change_master_key, uint8_t newke
 }
 
 int DesfireSetConfiguration(DesfireContext *dctx, uint8_t paramid, uint8_t *param, size_t paramlen) {
-    uint8_t data[200] = {0};
+    uint8_t cdata[200] = {0};
+    cdata[0] = MFDES_CHANGE_CONFIGURATION;
+    uint8_t *data = &cdata[1];
     data[0] = paramid;
     memcpy(&data[1], param, paramlen);
     size_t datalen = 1 + paramlen;
+
+
+    // add crc
+    if (dctx->secureChannel == DACd40) {
+        iso14443a_crc_append(&data[1], datalen - 1);
+        datalen += 2;
+    } else {
+        desfire_crc32_append(cdata, datalen + 1);
+        datalen += 4;
+    }
+    
+    // dynamic length
+    if (paramid == 0x02) {
+        data[datalen] = 0x80;
+        datalen++;
+    }    
     
     // send command
     uint8_t resp[257] = {0};
     size_t resplen = 0;
-    int res = DesfireChangeKeyCmd(dctx, data, datalen, resp, &resplen);
+    PrintAndLogEx(INFO, "plain data[%d]: %s", datalen, sprint_hex(data, datalen));
+    int res = DesfireSetConfigurationCmd(dctx, data, datalen, resp, &resplen);
 
     // check response
     if (res == 0 && resplen > 0)
diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c
index f63659ec1..fdf292fca 100644
--- a/client/src/mifare/desfiresecurechan.c
+++ b/client/src/mifare/desfiresecurechan.c
@@ -126,6 +126,7 @@ static void DesfireSecureChannelEncodeD40(DesfireContext *ctx, uint8_t cmd, uint
             memcpy(dstdata, srcdata, hdrlen);
             DesfireCryptoEncDec(ctx, true, &data[hdrlen], rlen - hdrlen, &dstdata[hdrlen], true);
             *dstdatalen = rlen;
+            ctx->commMode = DCMEncrypted;
             break;
         case DCMNone:
             ;
@@ -172,6 +173,7 @@ static void DesfireSecureChannelEncodeEV1(DesfireContext *ctx, uint8_t cmd, uint
         rlen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType));
         DesfireCryptoEncDec(ctx, true, data, rlen, &dstdata[hdrlen], true);
         *dstdatalen = hdrlen + rlen;
+        ctx->commMode = DCMEncrypted;
     }
 }