如何发送APDU到Mifare Classic 1k卡? [英] How to send APDU to Mifare Classic 1k card?
问题描述
我想要实现的是向MIFARE Classic 1K卡发送APDU命令以更改其A和B密钥。
What I am trying to achieve is to send APDU command to MIFARE Classic 1K card to change its A and B keys.
我能够与并使用默认密钥( FFFFFFFFFFFF )读取块0和块1。我使用了HID MifareSamples应用程序。
I was able to establish a connection with the card and use a default key (FFFFFFFFFFFF) to read block 0 and block 1. I used HID MifareSamples application for it.
现在,我想将A键从默认更改为其他。我在stackoverflow上找到了一个解决方案( Mifare Change KEY A和B )这表明我必须发送此APDU:
Now, I would like to change A key from default to something else. I found a solution here, at stackoverflow (Mifare Change KEY A and B) which suggests that I have to send this APDU:
新密钥A = 00 11 22 33 44 55访问位未覆盖密钥B不是
已使用(因此FF FF FF FF FF FF)
New key A = 00 11 22 33 44 55 Access bits not overwritten Key B not used (so FF FF FF FF FF FF)
=>写入扇区预告片00 11 22 33 44 55 FF 0F 00 FF FF FF FF FF FF FF FF
=> Write to Sector Trailer 00 11 22 33 44 55 FF 0F 00 FF FF FF FF FF FF FF
我找到了一个很好的工具JSmartCard Explorer,它允许您将APDU发送到卡上。然后,我阅读了PCSC规范3.2.2.1.4加载键命令一章,并理解该命令可能看起来像这样:
I found a good tool JSmartCard Explorer which allows you to send APDUs to cards. Then I read PCSC specifications 3.2.2.1.4 Load Keys Command chapter and understood that the command should probably look like this:
FF 82 00 00 18 00 11 22 33 44 55 FF 0F 00 FF FF FF FF FF FF FF
但是不幸的是,JSmartCard工具失败,并显示不允许命令(没有当前EF)。
But unfortunately JSmartCard tool fails with "Command not allowed (no current EF)".
我在做什么错?如何更改密钥?
What I am doing wrong? How can I change the key?
推荐答案
首先,MIFARE Classic卡不使用APDU命令。因此,您不会将APDU发送到卡,而是发送到读卡器(这会将它们转换成MIFARE Classic命令)。读取器要处理的APDU命令通常以类字节 FF 开头。
First of all, MIFARE Classic cards do not use APDU commands. Hence, you do not send APDUs to the card but to the card reader (which translates them into MIFARE Classic commands). APDU commands to be processed by the reader typically start with the class byte FF.
在MIFARE Classic卡中,键(A和B)以及每个扇区的访问条件存储在扇区尾部(每个扇区的最后一块)中。 MIFARE Classic 1K卡有16个扇区,每个扇区有4个块。
In MIFARE Classic cards, the keys (A and B) and the access conditions for each sector are stored in the sector trailer (the last block of each sector). A MIFARE Classic 1K card has 16 sectors with 4 blocks each.
因此,如果要设置键& ;,扇区0的访问条件,则需要将它们写入块3(扇区0的最后一块)。 PC / SC标准将存储卡的写入命令(UPDATE BINARY)定义为:
So if you want to set the keys & access conditions for sector 0, you would need to write them to block 3 (the last block of sector 0). The PC/SC standard defines the write command (UPDATE BINARY) for storage cards as:
FF D6 XXYY 10 ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
其中 XXYY 是块地址, ZZ ... 是要写入块的数据。
Where XXYY is the block address and ZZ... is the data to be written to the block.
扇区尾部的格式为(请参见此答案以获取更多详细信息):
The format of the sector trailer is (see this answer for further details):
<key A> | access bits | general purpose byte | <key B>
所以要设置
- 密钥A =
00 11 22 33 44 55 - 密钥B =
66 77 88 99 AA BB - 访问位=
787788(只能使用密钥B来写扇区预告片;访问位/ GPB可以用键A或B读取;数据块只能用键B写入;数据块可以用键A或B读取) - GPB设置为
69
- key A =
00 11 22 33 44 55 - key B =
66 77 88 99 AA BB - access bits =
787788(sector trailer is writable using key B only; access bits/GPB can be read with key A or B; data blocks are writable using key B only; data blocks can be read with key A or B) - GPB is set to
69
对于扇区0,您将使用以下写入命令:
for sector 0, you would use the following write command:
FF D6 0003 10 001122334455 787788 69 66778899AABB
请注意,您不能部分更新扇区预告片,必须始终构造和编写整个扇区预告片。
Note that you cannot partially update the sector trailer, you always have to construct and write the whole sector trailer.
这篇关于如何发送APDU到Mifare Classic 1k卡?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
