diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index e471f3fbe..827cbcc38 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -870,19 +870,18 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
             PrintAndLogEx(WARNING, "Actual file len " _YELLOW_("%u") "vs HID app-limit len " _YELLOW_("%u"), decryptedlen, applimit * 8);
             PrintAndLogEx(INFO, "Setting limit to " _GREEN_("%u"), limit * 8);
         }
+        uint8_t numblocks4userid = GetNumberBlocksForUserId(decrypted + (6 * 8));
 
         for (uint16_t blocknum = 0; blocknum < limit; ++blocknum) {
 
             uint8_t idx = blocknum * 8;
             memcpy(enc_data, decrypted + idx, 8);
 
-            // block 7 or higher,  and not empty 0xFF
-            // look inside block 6 to determine if aa1 is encrypted.
-            if (blocknum > 6 && memcmp(enc_data, empty, 8) != 0) {
-
-                if (aa1_encryption == RFU || aa1_encryption == None)
-                    continue;
-
+            if (aa1_encryption == RFU || aa1_encryption == None)
+                continue;
+                
+            // Decrypted block 7,8,9 if configured.
+            if (blocknum > 6 && blocknum <= 6 + numblocks4userid && memcmp(enc_data, empty, 8) != 0) {
                 if (use_sc) {
                     Decrypt(enc_data, decrypted + idx);
                 } else {
diff --git a/common/cardhelper.c b/common/cardhelper.c
index 5cebf4322..df3aff5be 100644
--- a/common/cardhelper.c
+++ b/common/cardhelper.c
@@ -15,9 +15,10 @@
 #include "ui.h"
 #include "util.h"
 
-#define CARD_INS_DECRYPT 0x01
-#define CARD_INS_ENCRYPT 0x02
-#define CARD_INS_DECODE  0x06
+#define CARD_INS_DECRYPT    0x01
+#define CARD_INS_ENCRYPT    0x02
+#define CARD_INS_DECODE     0x06
+#define CARD_INS_NUMBLOCKS  0x07
 static uint8_t cmd[] = {0x96, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 
 // look for CryptoHelper
@@ -64,6 +65,7 @@ bool Encrypt(uint8_t *src, uint8_t *dest) {
     return executeCrypto(CARD_INS_ENCRYPT, src, dest);
 }
 
+// Call with block6
 void DecodeBlock6(uint8_t *src) {
     int resp_len = 0;
     uint8_t resp[254] = {0};
@@ -81,3 +83,12 @@ void DecodeBlock6(uint8_t *src) {
     PrintAndLogEx(SUCCESS, "%.*s", resp_len - 11, resp + 9);
 }
 
+// Call with block6
+uint8_t GetNumberBlocksForUserId(uint8_t *src) {
+    int resp_len = 0;
+    uint8_t resp[254] = {0};
+    uint8_t c[] = {0x96, CARD_INS_NUMBLOCKS, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+    memcpy(c + 5, src, 8);
+    ExchangeAPDUSC(true, c, sizeof(c), false, true, resp, sizeof(resp), &resp_len);
+    return resp[8];
+}
\ No newline at end of file
diff --git a/common/cardhelper.h b/common/cardhelper.h
index 14ae23d1f..fcdd73cfe 100644
--- a/common/cardhelper.h
+++ b/common/cardhelper.h
@@ -18,4 +18,5 @@ bool IsCryptoHelperPresent(void);
 bool Encrypt(uint8_t *src, uint8_t *dest);
 bool Decrypt(uint8_t *src, uint8_t *dest);
 void DecodeBlock6(uint8_t *src);
+uint8_t GetNumberBlocksForUserId(uint8_t *src);
 #endif