是否可以为 MIFARE 卡 1k 锁定命令、保护克隆或不可被其他应用程序擦除
[英]Is it possible to lock command, protect cloning or not erasable by other app for MIFARE card 1k
问题描述
I want to do this to protect the card from erasable or cloning the card.
我想这样做是为了防止卡被擦除或克隆卡。 I read many documents Some tell the user the fourth block to set permission to reading and write..我阅读了很多文件 有些告诉用户第四个块设置读写权限..
According to @Michael Roland根据@迈克尔罗兰
The authentication keys and the access conditions for each sector of a MIFARE card are located in the last block of that sector (the sector trailer). MIFARE 卡每个扇区的认证密钥和访问条件位于该扇区的最后一个块(扇区尾)。 You can update this block with new access conditions and authentication keys using a regular write command.您可以使用常规写入命令使用新的访问条件和身份验证密钥更新此块。
The sector trailer looks like this:扇区预告片如下所示:
+-----------------------------+--------------+----+-----------------------------+
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
+-----------------------------+--------------+----+-----------------------------+
| Key A | Access Bits | GP | Key B |
| (6 bytes) | (3 bytes) | B | (6 bytes) |
+-----------------------------+--------------+----+-----------------------------+
So the access bits are located in byte 6-8 and look like this:因此访问位位于字节 6-8 中,如下所示:
+-------+-------+-------+-------+-------+-------+-------+-------+
| Bit 0 | Bit 1 | Bit 2 | Bit 3 | Bit 4 | Bit 5 | Bit 6 | Bit 7 |
+-------+-------+-------+-------+-------+-------+-------+-------+
Byte 6: | nC2_3 | nC2_2 | nC2_1 | nC2_0 | nC1_3 | nC1_2 | nC1_1 | nC1_0 |
+-------+-------+-------+-------+-------+-------+-------+-------+
Byte 7: | C1_3 | C1_2 | C1_1 | C1_0 | nC3_3 | nC3_2 | nC3_1 | nC3_0 |
+-------+-------+-------+-------+-------+-------+-------+-------+
Byte 8: | C3_3 | C3_2 | C3_1 | C3_0 | C2_3 | C2_2 | C2_1 | C2_0 |
+-------+-------+-------+-------+-------+-------+-------+-------+
Where nCx_y = not Cx_y and "C1_x, C2_x, C3_x" is the access condition for block x:
C1_3, C2_3, C3_3: sector trailer (block 3 in this sector)
C1_2, C2_2, C3_2: block 2 in this sector
C1_1, C2_1, C3_1: block 1 in this sector
C1_0, C2_0, C3_0: block 0 in this sector
How I perform this in my ongoing project我如何在我正在进行的项目中执行此操作
3 个解决方案
解决方案1
2 2020-01-09 09:49:58
You can t protect a card to be replicate on herself.您无法保护要复制到自己身上的卡片。 (A force brut method is easy to apply on this technologie) (强制方法很容易应用于该技术)
What is possible to do is a hash of all block including UID that you store on the card.In your programm you just compare data hash with the hash stored.可以做的是所有块的散列,包括您存储在卡上的 UID。在您的程序中,您只需将数据散列与存储的散列进行比较。
To realise your very basic hash in python and store it in a block, you can use double pseudo random:要在 python 中实现非常基本的哈希并将其存储在块中,您可以使用双伪随机:
def CRYPT_hashage(data,UID):
seed(str(data)+str(UID))
seed(random())
return str(random()).replace("0.","")[:8]
It prevent from clonning on another card.它可以防止克隆到另一张卡上。 The user still can modify it own card.用户仍然可以修改自己的卡。 But you can hash the 'sensitives' data with the same technique.但是您可以使用相同的技术散列“敏感”数据。
After theses 2 securities, it left only the "cloning on herself" technique, for example: - You copy your datas - You pay (for a cashless paiement system) - You paste your olds datas on your card)在这 2 个证券之后,它只剩下“克隆自己”的技术,例如: - 你复制你的数据 - 你支付(对于无现金支付系统) - 你将旧数据粘贴到你的卡上)
The only way to prevent it is to store all datas on a server using only the UID of the card as a primary key.防止它的唯一方法是仅使用卡的 UID 作为主键将所有数据存储在服务器上。
There exist card that you can change UID.存在可以更改 UID 的卡。
解决方案2
1 2020-01-09 09:49:06
You can protect every sector with a key A or key B.您可以使用密钥 A 或密钥 B 保护每个扇区。
That said, Mifare Classic cards security is broken at this point.也就是说,此时 Mifare Classic 卡的安全性已被破坏。 You're not going to be able to protect anything really.你将无法真正保护任何东西。
解决方案3
1 已采纳 2020-02-05 11:40:00
Finally, I solved this solution最后,我解决了这个解决方案
For this, we need to change the access bits in each sector on Fourth block为此,我们需要更改第四块上每个扇区的访问位
For Example on Sector 5例如第 5 区
Just like for sector 5 we need to change access bits on 23 blocks of it's就像扇区 5 一样,我们需要更改它的 23 个块上的访问位
We need to first authenticate the sector 5...我们需要首先验证扇区 5...
The Default key is默认键是
byte keya[] = { (byte) 0xFF,(byte) 0xFF,(byte) 0xFF,(byte) 0xFF,(byte) 0xFF,(byte) 0xFF};
Which is 000000000000FF078069FFFFFFFFFFFF这是000000000000FF078069FFFFFFFFFFFF
the First Bit 6 is for Key A which is 000000000000 and last 6 his for key B which is FFFFFFFFFFFF hex string第一个位 6 用于密钥 A,即000000000000 ,最后 6 个用于密钥 B,即FFFFFFFFFFFF十六进制字符串
FF078069 hex string is access bits FF078069十六进制字符串是访问位
so for change this we need to implementation like this for the first time we need to authenticate with default key所以为了改变这一点,我们第一次需要像这样实现我们需要使用默认密钥进行身份验证
MifareClassic mfc = MifareClassic.get(tag);
try {
mfc.connect();
auth = mfc.authenticateSectorWithKeyA(5,
MifareClassic.KEY_DEFAULT);
if(auth)
{
String nkeya = "key123";// 6 length only
nkeya = toHex(nkeya).toUpperCase();
nkeya = nkeya.substring(28,40);
String nkeyb = "key123"; // 6 length only
nkeyb = toHex(nkeyb).toUpperCase();
nkeyb = nkeyb.substring(28,40);
String nkey = nkeya+"FF078069"+nkeyb;
int len = nkey.length();
byte[] nkeyab = new BigInteger(nkey, 16).toByteArray();
// 5 is sector and 5*4+3 is fourth block of sector 5
mfc.writeBlock((5*4)+3,nkeyab);
}
catch(Execption e)
{
}
After successfully write protection Default Authentication is failed So we need to authenticate with Access key which we create成功写保护后默认身份验证失败所以我们需要使用我们创建的访问密钥进行身份验证
try {
MifareClassic mfc = MifareClassic.get(tag);
String key = getKeya();
key = toHex(key).toUpperCase();
int len = key.length();
key = key.substring(28,40);
keya = new BigInteger(key, 16).toByteArray();
//for key A or for Keb b
mfc.connect();
auth = mfc.authenticateSectorWithKeyA(5, keya);
if(auth)
{
byte[] readblock4= mfc.readBlock(20);
}
}
catch(Exeption e)
{
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.