From b1796cc28d590deec2cd84bbbf794c574c80ab71 Mon Sep 17 00:00:00 2001
From: MX <10697207+xMasterX@users.noreply.github.com>
Date: Sun, 22 Mar 2026 10:46:28 +0300
Subject: [PATCH] NFC: Fix BusFault in Write to Initial Card

OFW PR 4362 by akrylysov
---
 .../protocols/mf_classic/mf_classic_poller.c  | 37 +++++++++++--------
 .../mf_classic/mf_classic_poller_i.h          |  1 +
 2 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
index ae2f5467f..86a3ccddd 100644
--- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c
+++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
@@ -65,24 +65,28 @@ void mf_classic_poller_free(MfClassicPoller* instance) {
     bit_buffer_free(instance->tx_encrypted_buffer);
     bit_buffer_free(instance->rx_encrypted_buffer);
 
-    // Clean up resources in MfClassicPollerDictAttackContext
-    MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx;
+    // Clean up dict attack resources when the poller was in dict attack mode.
+    if(instance->mode == MfClassicPollerModeDictAttackStandard ||
+       instance->mode == MfClassicPollerModeDictAttackEnhanced ||
+       instance->mode == MfClassicPollerModeDictAttackCUID) {
+        MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx;
 
-    // Free the dictionaries
-    if(dict_attack_ctx->mf_classic_system_dict) {
-        keys_dict_free(dict_attack_ctx->mf_classic_system_dict);
-        dict_attack_ctx->mf_classic_system_dict = NULL;
-    }
-    if(dict_attack_ctx->mf_classic_user_dict) {
-        keys_dict_free(dict_attack_ctx->mf_classic_user_dict);
-        dict_attack_ctx->mf_classic_user_dict = NULL;
-    }
+        // Free the dictionaries
+        if(dict_attack_ctx->mf_classic_system_dict) {
+            keys_dict_free(dict_attack_ctx->mf_classic_system_dict);
+            dict_attack_ctx->mf_classic_system_dict = NULL;
+        }
+        if(dict_attack_ctx->mf_classic_user_dict) {
+            keys_dict_free(dict_attack_ctx->mf_classic_user_dict);
+            dict_attack_ctx->mf_classic_user_dict = NULL;
+        }
 
-    // Free the nested nonce array if it exists
-    if(dict_attack_ctx->nested_nonce.nonces) {
-        free(dict_attack_ctx->nested_nonce.nonces);
-        dict_attack_ctx->nested_nonce.nonces = NULL;
-        dict_attack_ctx->nested_nonce.count = 0;
+        // Free the nested nonce array if it exists
+        if(dict_attack_ctx->nested_nonce.nonces) {
+            free(dict_attack_ctx->nested_nonce.nonces);
+            dict_attack_ctx->nested_nonce.nonces = NULL;
+            dict_attack_ctx->nested_nonce.count = 0;
+        }
     }
 
     free(instance);
@@ -162,6 +166,7 @@ NfcCommand mf_classic_poller_handler_start(MfClassicPoller* instance) {
 
     instance->mfc_event.type = MfClassicPollerEventTypeRequestMode;
     command = instance->callback(instance->general_event, instance->context);
+    instance->mode = instance->mfc_event_data.poller_mode.mode;
 
     if(instance->mfc_event_data.poller_mode.mode == MfClassicPollerModeDictAttackStandard ||
        instance->mfc_event_data.poller_mode.mode == MfClassicPollerModeDictAttackCUID) {
diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller_i.h b/lib/nfc/protocols/mf_classic/mf_classic_poller_i.h
index 607b126a0..3043deb15 100644
--- a/lib/nfc/protocols/mf_classic/mf_classic_poller_i.h
+++ b/lib/nfc/protocols/mf_classic/mf_classic_poller_i.h
@@ -183,6 +183,7 @@ struct MfClassicPoller {
 
     MfClassicType current_type_check;
     uint8_t sectors_total;
+    MfClassicPollerMode mode;
     MfClassicPollerModeContext mode_ctx;
 
     Crypto1* crypto;