如何将 APDU 发送到 Mifare Classic 1k 卡? [英] How to send APDU to Mifare Classic 1k card?

查看:38
本文介绍了如何将 APDU 发送到 Mifare Classic 1k 卡?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想要实现的是向 MIFARE Classic 1K 卡发送 APDU 命令以更改其 A 和 B 密钥.

What I am trying to achieve is to send APDU command to MIFARE Classic 1K card to change its A and B keys.

我能够与卡建立连接并使用默认密钥 (FFFFFFFFFFFF) 读取块 0 和块 1.我为此使用了 HID MifareSamples 应用程序.

I was able to establish a connection with the card and use a default key (FFFFFFFFFFFF) to read block 0 and block 1. I used HID MifareSamples application for it.

现在,我想将 A 键从默认值更改为其他键.我在这里找到了一个解决方案,在 stackoverflow (Mifare Change KEY A and B)这表明我必须发送此 APDU:

Now, I would like to change A key from default to something else. I found a solution here, at stackoverflow (Mifare Change KEY A and B) which suggests that I have to send this APDU:

新密钥 A = 00 11 22 33 44 55 访问位未覆盖 密钥 B 未覆盖使用(所以FF FF FF FF FF FF)

New key A = 00 11 22 33 44 55 Access bits not overwritten Key B not used (so FF FF FF FF FF FF)

=> 写入扇区拖尾 00 11 22 33 44 55 FF 0F 00 FF FF FF FF FF FF FF

=> Write to Sector Trailer 00 11 22 33 44 55 FF 0F 00 FF FF FF FF FF FF FF

我发现了一个很好的工具 JSmartCard Explorer,它允许您将 APDU 发送到卡片.然后我阅读了 PCSC 规范 3.2.2.1.4 Load Keys Command 章节,并了解到该命令应该是这样的:

I found a good tool JSmartCard Explorer which allows you to send APDUs to cards. Then I read PCSC specifications 3.2.2.1.4 Load Keys Command chapter and understood that the command should probably look like this:

FF 82 00 00 18 00 11 22 33 44 55 FF 0F 00 FF FF FF FF FF FF FF

但不幸的是,JSmartCard 工具失败并显示命令不允许(当前没有 EF)".

But unfortunately JSmartCard tool fails with "Command not allowed (no current EF)".

我做错了什么?如何更改密钥?

What I am doing wrong? How can I change the key?

推荐答案

首先,MIFARE Classic 卡不使用 APDU 命令.因此,您不会将 APDU 发送到卡,而是发送到读卡器(将它们转换为 MIFARE Classic 命令).读取器要处理的 APDU 命令通常以类字节 FF 开头.

First of all, MIFARE Classic cards do not use APDU commands. Hence, you do not send APDUs to the card but to the card reader (which translates them into MIFARE Classic commands). APDU commands to be processed by the reader typically start with the class byte FF.

在 MIFARE Classic 卡中,每个扇区的密钥(A 和 B)和访问条件存储在扇区尾(每个扇区的最后一个块)中.MIFARE Classic 1K 卡有 16 个扇区,每个扇区 4 个块.

In MIFARE Classic cards, the keys (A and B) and the access conditions for each sector are stored in the sector trailer (the last block of each sector). A MIFARE Classic 1K card has 16 sectors with 4 blocks each.

所以如果你想设置键 &扇区 0 的访问条件,您需要将它们写入块 3(扇区 0 的最后一个块).PC/SC标准将存储卡的写命令(UPDATE BINARY)定义为:

So if you want to set the keys & access conditions for sector 0, you would need to write them to block 3 (the last block of sector 0). The PC/SC standard defines the write command (UPDATE BINARY) for storage cards as:

FF D6 XXYY 10 ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

其中 XXYY 是块地址,ZZ... 是要写入块的数据.

Where XXYY is the block address and ZZ... is the data to be written to the block.

扇区预告片的格式是(请参阅此答案了解更多详情):

The format of the sector trailer is (see this answer for further details):

<key A> | access bits | general purpose byte | <key B>

所以为了设置

  • key A = 00 11 22 33 44 55
  • key B = 66 77 88 99 AA BB
  • access bits = 787788(扇区尾部只能使用密钥 B 写入;访问位/GPB 可以使用密钥 A 或 B 读取;数据块只能使用密钥 B 写入;数据块可以用键 A 或 B) 读取
  • GPB 设置为 69
  • key A = 00 11 22 33 44 55
  • key B = 66 77 88 99 AA BB
  • access bits = 787788 (sector trailer is writable using key B only; access bits/GPB can be read with key A or B; data blocks are writable using key B only; data blocks can be read with key A or B)
  • GPB is set to 69

对于扇区 0,您将使用以下写入命令:

for sector 0, you would use the following write command:

FF D6 0003 10 001122334455 787788 69 66778899AABB

请注意,您不能部分更新扇区预告片,您必须始终构建和编写整个扇区预告片.

Note that you cannot partially update the sector trailer, you always have to construct and write the whole sector trailer.

这篇关于如何将 APDU 发送到 Mifare Classic 1k 卡?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆