NotSushi
2020-08-10T04:45:32+00:00
我的手机是小米9,有NFC功能,但是只能模拟不加密的空白卡,小区的门禁是加密的,如果需要模拟到手机上需要一个读卡器,前几天从朋友那里定制了一个WOW部落标记的读卡器,今天到货了,赶紧开工
首先先来看下读卡器外观将加密的IC模拟到手机上需要用到读卡器、空卡、原卡、手机,具体流程是:读出原卡数据,用手机先模拟一张空白卡,再把原卡数据写入手机。插上数据线连接电脑开搞接下来,就是用手机先模拟这张空白卡
打开小米钱包,选择小米门卡,选择门卡,用空白卡贴到手机背面的NFC感应区,等待模拟完成。用手机背面贴近读卡器,手机会自动弹出NFC刷卡界面,如果没有自动弹出,可以在电脑上点击扫描卡片点击界面右上角的齿轮,点击默认卡片设置,将刚才模拟的卡设置为默认卡。搞定,刷卡的时候,别人眼神都变了[s:ac:哭笑]
WOW外观的读卡器地址[url]https://item.taobao.com/item.htm?id=625167781606[/url]
能破解的大部分都能模拟到手机上。如果是比较厉害的电梯,模拟完先刷手机,手机如果好使就别再刷原卡了。
注意看下自己是IC还是ID……手机只能模拟IC卡。ID类型只能手机贴解决
首先先来看下读卡器外观
读卡器外观 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-df2vK1dT1kSgl-dy.jpg[/img]
需要的东西介绍 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-kvuzK13T1kSgg-fh.jpg[/img]
一、打开程序连接设备,如果没有驱动先安装驱动、可以用USB宝盒下载驱动 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-6saqK1gT1kSg5-ey.jpg[/img]
二、放上原卡点击一键解原卡 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-fto0K26T3cSsg-lc.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-k8mgK1sT1kSfc-f4.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-k8mgK1sT1kSfc-f4.jpg[/img]
三、等待破解完成并保存数据 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-a5wyZcT3cSm2-fg.jpg[/img]
四、扫描原卡卡号 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-1s5hK1yT1kSg3-ew.jpg[/img]
五、换上空白卡,选择写UID号 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-diskK2eT1kSgt-f5.jpg[/img]
打开小米钱包,选择小米门卡,选择门卡,用空白卡贴到手机背面的NFC感应区,等待模拟完成。
图片有点多 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-4odpK1dT1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-blwrKyT1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-it8hK17T1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-4c8zKvT1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-blwrKyT1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-it8hK17T1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-4c8zKvT1kShs-12i.jpg[/img]
背面贴到读卡器上 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-iwcbK26T3cSlc-sg.jpg[/img]
手机界面 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-b5viK1kT1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-foxrK14T1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-2kbK1dT1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-foxrK14T1kShs-12i.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-2kbK1dT1kShs-12i.jpg[/img]
六、手机放在读卡器上,切换到高级操作模式,点击写M1并选择之前保存的文件。 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-5c5hK23T1kSg9-f5.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-gm0xK25T3cSle-fg.jpg[/img][img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-88koK23T1kSg8-f6.jpg[/img]
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-gm0xK25T3cSle-fg.jpg[/img][img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-88koK23T1kSg8-f6.jpg[/img]
最后一步、检测原卡和手机的加密扇区 ...
[img]https://img.nga.178.com/attachments/mon_202008/17/-7Q5-7f2ZcT1kSg1-ey.jpg[/img]
扫描手机和原卡的加密扇区是否一致(未找到的KEY对应的扇区就是加密扇区),如果一致就说明数据写入了,拿手机去测试就可以了。
扫描手机和原卡的加密扇区是否一致(未找到的KEY对应的扇区就是加密扇区),如果一致就说明数据写入了,拿手机去测试就可以了。
WOW外观的读卡器地址[url]https://item.taobao.com/item.htm?id=625167781606[/url]
能破解的大部分都能模拟到手机上。如果是比较厉害的电梯,模拟完先刷手机,手机如果好使就别再刷原卡了。
注意看下自己是IC还是ID……手机只能模拟IC卡。ID类型只能手机贴解决