From f4c92dcd76d9c29e184d245cb493d0aa86809c40 Mon Sep 17 00:00:00 2001
From: Nathan N <noproto@users.noreply.github.com>
Date: Thu, 6 Nov 2025 14:34:21 -0500
Subject: [PATCH] Fix MIFARE Plus SL1 sector overrun issue in state machine
 (#4288)

Co-authored-by: hedger <hedger@users.noreply.github.com>
---
 lib/nfc/protocols/mf_classic/mf_classic_poller.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
index ec37c8015..b2d9b114a 100644
--- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c
+++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
@@ -1921,7 +1921,8 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
                         sizeof(MfClassicKey)) :
                     NULL;
         }
-        if((is_weak || is_last_iter_for_hard_key) && dict_attack_ctx->nested_nonce.count > 0) {
+        if((is_weak && (dict_attack_ctx->nested_nonce.count == 1)) ||
+           (is_last_iter_for_hard_key && (dict_attack_ctx->nested_nonce.count == 8))) {
             // Key verify and reuse
             dict_attack_ctx->nested_phase = MfClassicNestedPhaseDictAttackVerify;
             dict_attack_ctx->auth_passed = false;