问题
I am aware of this post :- Locking mechanism of Mifare Classic 1K
However, it is really not clear - how a value like FF 07 80 FF is calculated in this string:
D3 F7 D3 F7 D3 F7 FF 07 80 FF 00 00 00 00 00 00
This means that the blocks can be read with key A and written with Key B but does not allow inc/dec.
How should the access bits look like if I have to support increment and decrement operations. I understand that C1, C2 and C3 must be 1,1,0 how does this reflect to the byte 6, 7 and 8.
Any help would be highly appreciate.
回答1:
The access bits FF 07 80 translate to
C1 = 0x0 => C1_3 = 0, C1_2 = 0, C1_1 = 0, C1_0 = 0
C2 = 0x0 => C2_3 = 0, C2_2 = 0, C2_1 = 0, C2_0 = 0
C3 = 0x8 => C3_3 = 1, C3_2 = 0, C3_1 = 0, C3_0 = 0
So the sector trailer can be read and written using key A only (Cx_3 = 0 0 1). All operations (read, write, increment, decrement, etc) can be performed on the data blocks using key A only (Cx_{0,1,2} = 0 0 0, key B is disabled due to the access conditions of the trailer block).
If you want be able to read all blocks with key A, write with key B, perform value block increments with key B and perform value block decrement, etc. with keys A and B, you could use access conditions like this:
- sector trailer write with key B only:
Cx_3 = 0 1 1 data/value blocks: read/decrement with key A, write/increment with key B:
Cx_{0,1,2} = 1 1 0C1_3 = 0, C1_2 = 1, C1_1 = 1, C1_0 = 1 => C1 = 0x7 C2_3 = 1, C2_2 = 1, C2_1 = 1, C2_0 = 1 => C2 = 0xF C3_3 = 1, C3_2 = 0, C3_1 = 0, C3_0 = 0 => C3 = 0x8
This leads to the access bits 08 77 8F. Hence, you sector trailer could look like this (with key A = D3F7D3F7D3F7 and key B = 000000000000):
D3F7D3F7D3F7 08778F FF 000000000000
来源:https://stackoverflow.com/questions/28274177/mifare-access-condition-calculation