MIFARE GUIDE FOR HUST

整理了可行的MIFARE卡复制方法/工具。使用ACR122U A9工具。复制卡只含有UID,因此只能进图书馆/宿舍楼,不能消费。

Linux

安装libnfc. sudo pacman -S libnfc。下面的教程在ArchLinux (Linux 5.1.4)测试好用。

如果命令失败了,提示找不到NFC设备之类的话,你可以sudo或者重新插拔一下就好了。

Read/Dump

你可以Dump一张已有的校园卡,也可以直接将校园卡背面右下角金黄色数字转换为UID。

mfoc/mfcuk/nfc-mfclassic经测试并不好用,我修改了mfoc用于dump校园卡。

  • mfoc

如果要用于华科校园卡,请使用打过补丁的mfoc: https://github.com/recolic/mfoc

Build:

autoreconf --install ; ./configure ; make

Crack And Dump:

src/mfoc -O output.dmp
  • 直接转换(推荐)

你可以使用校园卡背面右下角的黄金色数字,直接得到校园卡的UID数据。

这是一个POC。这段代码清晰的解释了如何从黄色数字计算出你需要的所有数据,你可以学习但你不一定能直接编译它。https://github.com/recolic/mfoc/blob/master/tools/nToData.cc

上面这段代码的输出就是校园卡的数据的前8个字节。所有的卡片的剩余数据都一模一样,你可以在https://github.com/recolic/mfoc 的template.dump找到一个模板。

Write

买到的MIFARE白卡/钥匙扣必须支持写block 0。

  • nfc-mfclassic

你可以将B改为A/a/b。具体含义见nfc-mfclassic文档。

nfc-mfclassic W B u output.dump

成功输入及输出样例。

~/t/mfoc ❯❯❯ sudo nfc-mfclassic W B u output.dump
NFC reader: RFCARD / RF1258V603 PICC Interface opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 04  00  
       UID (NFCID1): aa  aa  aa  aa  
      SAK (SEL_RES): 08  
Guessing size: seems to be a 1024-byte card
Sent bits:     50  00  57  cd  
Sent bits:     40 (7 bits)
Received bits: a (4 bits)
Sent bits:     43  
Received bits: 0a  
Card unlocked
Writing 64 blocks |................................................................|
Done, 64 of 64 blocks written.

我发现有的钥匙扣,只能写一次UID然后就被永远锁死了。一次性产品,正常现象。

Windows

商家直接送了软件,我直接放链接。驱动建议自己去ACR122U官网下载。Windows10下测试好用。

https://dl.recolic.net/res/NFCIO.zip

其中含有旧版本驱动,TagReader.exe,UIDWriter.exe。一个读一个写。

Moved to https://github.com/recolic/awesome-hust

This tool was written by anonymous man.

好像是当年华科电工实习的小车代码,虽然是垃圾,但还是从gist搬过来

junk_stupid_trunk.ino

/*
* Reconstructed by Recolic Keghart.
 * Nov 1, 2017
 * LICENSE := GPLv3
 */
#define STANDARD_SPEED 200
#define SLOW_WHILE_AUTO_DRIVE 0.9
int usual_speed = STANDARD_SPEED;
int bReverseMode = 0;
int bForceBoost = 0;

#define LEFT_POWER_MAIN 6
#define LEFT_POWER 5
#define RIGHT_POWER 9 
#define RIGHT_POWER_MAIN 10

//If right wheel is higher, set it to >1.
#define ADJUST_LR_BALANCE 1.2

int L_st=0;
void setup()
{
  Serial.begin(9600);
  pinMode( 18, INPUT);
  pinMode( 14, INPUT);
  pinMode( 17, INPUT);
  pinMode( 16, INPUT);
  pinMode( RIGHT_POWER_MAIN, OUTPUT);
  pinMode( LEFT_POWER_MAIN, OUTPUT);
  pinMode( LEFT_POWER, OUTPUT);
  pinMode( RIGHT_POWER, OUTPUT);
  analogWrite(LEFT_POWER , 0);

  analogWrite(LEFT_POWER_MAIN , 0);

  analogWrite(RIGHT_POWER , 0);

  analogWrite(RIGHT_POWER_MAIN , 0);

}

//libraries begin.
#define REVERSE_BOOL(bBool) (bBool?0:1)
void set_mode(int left_sp, int right_sp, int bNeg = 0)
{
  bNeg = bReverseMode ? REVERSE_BOOL(bNeg) : bNeg;
  left_sp *= ADJUST_LR_BALANCE;
  if(bForceBoost)
  {
    left_sp *= 5;
    right_sp *= 5;
  }
  if(bNeg)
  {
    analogWrite(LEFT_POWER , left_sp);
    analogWrite(LEFT_POWER_MAIN , 0);
    analogWrite(RIGHT_POWER , right_sp);
    analogWrite(RIGHT_POWER_MAIN , 0);
  }
  else
  {
    analogWrite(LEFT_POWER , 0);
    analogWrite(LEFT_POWER_MAIN , left_sp);
    analogWrite(RIGHT_POWER , 0);
    analogWrite(RIGHT_POWER_MAIN , right_sp);
  }
}

void go_left(int bNeg = 0)
{
  set_mode(usual_speed, 0, bNeg);
}
void go_right(int bNeg = 0)
{
  set_mode(0, usual_speed, bNeg);
}
void go_forward(int bNeg = 0)
{
  set_mode(usual_speed, usual_speed, bNeg);
}
void set_stop()
{
  set_mode(0, 0, 0);
}
#define _BACK 1
//All lib done.

/*
  //Slower while auto-driving.
  usual_speed *= SLOW_WHILE_AUTO_DRIVE;
  if(  !(digitalRead(14)  ||  digitalRead(18))  )
  {
    go_right();
  }
  else
    go_forward();
  usual_speed = STANDARD_SPEED;
  return;
*/

void _track()
{
  //Slower while auto-driving.
  usual_speed *= SLOW_WHILE_AUTO_DRIVE;
  if (( !( digitalRead(14) ) && digitalRead(18) ))
  {
    go_left();
  }
  else
  {
    if (( !( digitalRead(18) ) && digitalRead(14) ))
    {  
      go_right();
    }
    else
    {
      if (( !( digitalRead(14) ) && !( digitalRead(18) ) ))
        go_forward();
      else
        set_stop();
    }
  }
  usual_speed = STANDARD_SPEED;
}


void _trace()
{
  //Slower while auto-driving.
  usual_speed *= SLOW_WHILE_AUTO_DRIVE;
  if (( !( digitalRead(16) ) && digitalRead(17) ))
  {
    go_left();
  }
  else
  {
    if (( !( digitalRead(17) ) && digitalRead(16) ))
      go_right();
    else
        go_forward();
  }
  usual_speed = STANDARD_SPEED;
}

void loop()
{
  char getstr=Serial.read();
  switch(getstr)
  {
  case 'l':
    go_left();
    L_st=0;
    break;
  case 'r':
    go_right();
    L_st=0;
    break;
  case 'f':
    go_forward();
    L_st=0;
    break;
  case 's':
    set_stop();
    L_st=0;
    break;
  case 'b':
    go_forward(_BACK);
    L_st=0;
    break;
  case 'i':
    L_st=1;
    break;
  case 't':
    L_st=2;
    break;
  case 'x': //Boost mode
    set_mode(5*usual_speed, 5*usual_speed);
    break;
  case 'z': //Reverse mode on
    bReverseMode = REVERSE_BOOL(bReverseMode);
    break;
  case 'c':
    bForceBoost = REVERSE_BOOL(bForceBoost);
    break;
  }
  if(L_st==1)  _track();
  else if(L_st==2)  _trace();
}