很早就囤了各种各样的卡,就为等买那个读卡器来研究,
有两张地铁公交卡,我大学的饭卡,现在所在单位的饭卡及洗衣机系统的系统卡,大学时协会的门禁(ID)卡,还有白卡,唯一遗憾的是没有UID卡!
不过好多知识都是最近才学的,理解的对不对还得要实践,过段时间写个总结吧。
先尝试下复制卡吧,原理很简单啦,就是Dump出数据,重新Write白卡里
由于饭卡是要检验UID的,我没有可改UID的白卡,洗衣机系统的系统卡特点,不需要用钱,刷下就可以使用,我猜不会检验uid,所以拿它来测试,实践证明,我是对的
# Dump
mfoc -O washer_system.dump
数据就在dump文件中。
Dump 出白卡的数据,因为写卡时需要白卡每个扇区的“Key”:
mfoc -O blank.dump
# Write
这里我使用的是nfc-mfclassic 写卡,
首先看使用说明:
➜ ~root nfc-mfclassic
Usage: nfc-mfclassic r|R|w|W a|b <dump.mfd> [<keys.mfd> [f]]
r|R|w|W - Perform read from (r) or unlocked read from (R) or write to (w) or unlocked write to (W) card
*** note that unlocked write will attempt to overwrite block 0 including UID
*** unlocked read does not require authentication and will reveal A and B keys
*** unlocking only works with special Mifare 1K cards (Chinese clones)
a|A|b|B - Use A or B keys for action; Halt on errors (a|b) or tolerate errors (A|B)
<dump.mfd> - MiFare Dump (MFD) used to write (card to MFD) or (MFD to card)
<keys.mfd> - MiFare Dump (MFD) that contain the keys (optional)
f - Force using the keyfile even if UID does not match (optional)
由于我这里普通白卡,不能写0扇区,所以我使用w
所以写卡命令如下:
➜ ~root nfc-mfclassic w a washer_system.dump blank.dump
NFC reader: ACS / ACR122U PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): 3d 45 63 07
SAK (SEL_RES): 08
Guessing size: seems to be a 1024-byte card
Writing 64 blocks |...............................................................|
Done, 63 of 64 blocks written.
OK, writed.
# 测试
enjoy it .