MIFARE Classic: How to find to good Access Byte value

隐身守侯 提交于 2019-12-04 06:17:43

问题


My aim is to have only KEY A authentification and disable Key B (used space to store data).

I read these documentations:

  • http://www.nxp.com/documents/data_sheet/MF1S503x.pdf
  • http://dangerousthings.com/wp-content/uploads/2012/08/NFC-Access-Control-for-Mifare-S50.pdf

I understand how to calculate the hexadecimal values of these three bytes.

But I don't understand how to choose the good data block and access byte rules :

  1. Data Block rule

Here, I want to keep only key A (R & Write data) and deactivate Key B. I choosed the first rule: C1=0 C2= C3=0. Is this right?

  1. Access byte rule

I would like to use only key A, to be able to change key A value (Write) - Access bits: Read/Write Key A. So I choosed C1=0 C2=0 and C3=1. Is this correct?

The final results is Byte 6 = F8, byte 7 = 77 and Byte 8 = 80

When I write these values into a MIFARE card, it's not correct.

Could you help me to find the good value?


回答1:


The access bytes you chose decode to C1=7, C2=0, C3=8, so you have

  • Sector trailer: C13, C23, C33 = 0, 0, 1
  • Data blocks: C10,1,2, C20,1,2, C30,1,2 = 1, 0, 0

So you chose the sector trailer to be writable with key A and readable (except for key A itself) with key A. Consequently there is not key B. Thus, for the data blocks this means that they can be read with key A, but no writing (due to missing key B), incrementing, etc. is possible.

If you want read/write access using only key A, you would use soemthing like the following:

  • Sector trailer: C13, C23, C33 = 0, 0, 1
  • Data blocks: C10,1,2, C20,1,2, C30,1,2 = 0, 0, 0

Which would result in the access bytes C1=0, C2=0, C3=8:

FF 07 80


来源:https://stackoverflow.com/questions/23753092/mifare-classic-how-to-find-to-good-access-byte-value

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!