记一次使用 macOS+PN532复制门禁卡的过程

作者: 肖俊杰 | 来源:发表于2023-03-11 14:55 被阅读0次

公司最近搬迁到新写字楼了,门禁也由指纹 or 人脸,变为门禁卡,银行卡大小的门禁卡总是忘记携带,故想到复制一张钥匙扣IC卡,挂钥匙上~

按照文章 记 Mac 下 PN532 利用mfoc,mfcuk工具复制门禁卡
操作下来,最后使用nfc-mfclassic w a u dummy1.mfd写入CUID空白卡后提示"Done, 60 of 64 blocks written."

NFC reader: pn532_uart: /dev/tty.usbserial-110 opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): fb 9e 0a cf
SAK (SEL_RES) : 08
RATS support: no
Guessing size: seems to be a 1024-byte card
Writing 64 blocks | ..
Done, 60 of 64 blocks written.

此时再通过mfoc -O dummy2.mfd将写完后的卡数据导出为dummy2.mfd文件,对比原卡和复制卡的.mfd文件能够发现,前4 block,也就是0扇区没有成功写入。


使用nfc-mfclassic --help可知,使用大写W指定unlocked write模式时,会尝试写入0扇区。

Usage: nfc-mfclassic f|r|R|w|W a|b u|U<01ab23cd> <dump.mfd> [<keys.mfd> [f]]
  f|r|R|w|W     - Perform format (f) or read from (r) or unlocked read from (R) or write to (w) or unlocked write to (W) card
                  *** format will reset all keys to FFFFFFFFFFFF and all data to 00 and all ACLs to default
                  *** unlocked read does not require authentication and will reveal A and B keys
                  *** note that unlocked write will attempt to overwrite block 0 including UID
                  *** unlocking only works with special Mifare 1K cards (Chinese clones)
  a|A|b|B       - Use A or B keys for action; Halt on errors (a|b) or tolerate errors (A|B)
  u|U           - Use any (u) uid or supply a uid specifically as U01ab23cd.
  <dump.mfd>    - MiFare Dump (MFD) used to write (card to MFD) or (MFD to card)
  <keys.mfd>    - MiFare Dump (MFD) that contain the keys (optional)
  f             - Force using the keyfile even if UID does not match (optional)

尝试使用unlocked write模式写入,结果报错写入失败。

➜  nfc-mclassic W a u dummy1.mfd 
NFC reader: pn532_uart: /dev/tty.usbserial-110 opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS RES): 00 04
UID (NFCID1): fb 9e 0a cf
SAK (SEL_RES) : 08
RATS support: no
Guessing size: seems to be a 1024-byte card
Sent bits:
50 00 57 cd
Sent bits:
40 (7 bits)
Warning: Unlock command [1/2]: failed / not acknowledged.
Writing 64 blocks |Failure to write to data block 4

根据对应的报错信息检索得知,libnfc 1.8.0版本的unlocked write模式只支持UID卡(一代克隆卡)的0扇区写入,并不支持CUID卡(二代克隆卡)。

libnfc 1.8.0版本的发布日期是2020年5月22日, 而在2020年6月26日就有开发者添加了二代卡的unlocked write支持,并于28日成功合并到了master分支,只是至今libnfc一直都未再发布新的版本。Improve support for gen2 and gen3 tags #608


➜ git clone https://github.com/nfc-tools/libnfc.git
➜ cd libnfc
➜ autoreconf -vfi
➜ ./configure --disable-debug --disable-dependency-tracking --prefix=/opt/libnfc --enable-serial-autoprobe --with-drivers=all
➜ make install

构建完成后,使用本地构建的版本再执行nfc-mclassic W a u dummy1.mfd即可成功写入了。

