52梯控论坛

标题: 新人求助金博加密滚动码复制改时间 [打印本页]

作者: jinshengwei 时间: 2020-6-4 22:34
标题: 新人求助金博加密滚动码复制改时间
本帖最后由 jinshengwei 于 2020-6-5 00:18 编辑

最近搬家,之前没接触过类似破解，本意想将ic卡刷进手机nfc图一个省事。
尝试过后发现ic卡加密通过淘宝购买破解器后，了解到梯控是金博加密滚动码，滚动位是9扇区0块16位每次递增+1.
问询淘宝店主后，发给我全新dump让我尝试，再次识别后发现他将滚动位复位为0，将房间号改动为其他的房间号。
还没去尝试不知道可行性。
自己研究后了解到金博的加密应该是7b加密也就是201014 ^ 0x7b7b7b = 5b6b6f（这是之前卡的到期时间现在改成了596b6f）
通过这个公式改了时间和通层。下面的就是改后的数据

现在想问下各位大佬，滚动码的复制通过复位滚动码和改房间号可达到复制的效果吗？不会使原卡失效吧。
其次想问下，金博加密有没有检验码，我下面改动的时间和通层有没有问题，因为还没搬过去，每次尝试成本有点高（要来回，打算明天去尝试）还没尝试
麻烦各位大佬帮忙看下，万分感谢

0 扇区
0 区块: 7B C3 C9 CD BC 08 04 00 01 39 B2 8A F4 91 99 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

2 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

4 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 28 69 3B 84 84 84 84 84 84 84 7A 9D FB 26 7B 7B
2 区块: 62 6B 62 7B 7B 59 6B 6F 58 59 7B 7B 7B 7B 04 7B
3 区块: 47 42 49 43 C1 44 FF 07 80 00 47 42 49 43 C1 44

10 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: A9 87 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 47 42 49 43 C1 44 FF 07 80 00 47 42 49 43 C1 44

11 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

12 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

13 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

14 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

作者: qqqzxc 时间: 2020-6-4 23:33
你手头有什么卡

作者: yaozq20200417 时间: 2020-6-4 23:49
建议你买个锤子吧，你有这方面的天赋。分析不错。以后你可以在你小区里面做做卡，不光本钱会来还会赚点

作者: jinshengwei 时间: 2020-6-4 23:56
本帖最后由 jinshengwei 于 2020-6-5 00:02 编辑

qqqzxc 发表于 2020-6-4 23:33
你手头有什么卡

我手头只有买机器送的三张cuid卡，我其中一个复制了这个改过时间的，一个只复制了店家发给我只改过滚动码和房间号的，打算明后天带着笔记本去试下。
因为笔记本是苹果的，还要做虚拟机。。。

作者: jinshengwei 时间: 2020-6-5 00:10

yaozq20200417 发表于 2020-6-4 23:49
建议你买个锤子吧，你有这方面的天赋。分析不错。以后你可以在你小区里面做做卡，不光本钱会来还会赚点

其实最初本意就是想把门禁刷金手机和手环图个省事没想太多，正好昨天破解器到了，就在论坛研究了挺久。。顺便自己弄了下时间和通层，用ic卡数据分析工具看了下加密前后数据，因为异或算法特征特明显，就靠着初中内点底子，写了个异或7b转换的小程序，自己转换了下。其实就是图个是省事儿哈哈。[attach]2972[/attach][attach]2973[/attach]

软件的话过段时间闲了研究一下。

话说大神帮忙看下我改的数据有没有问题，麻烦了。

作者: missssu 时间: 2020-6-5 11:57
作为一个有动手能力的人，能自己解决的问题，就不要去寻找他人帮助了，你的问题都可以通过自己的验证得到答案。

作者: jinshengwei 时间: 2020-6-5 12:15

missssu 发表于 2020-6-5 11:57
作为一个有动手能力的人，能自己解决的问题，就不要去寻找他人帮助了，你的问题都可以通过自己的验证得到答 ...

额刚刚检验过了通卡是没问题的那时间应该也是没问题的，金博加密应该就是没有检验的滚动递增明码的卡。

我现在就剩下一个问题。。这套滚动系统的验证过程应该是识别对应相应的房间号和滚动码去验证的，那我重置滚动码后随便改一个稍微大一点的房间号数值是不是就可以做到无限复制新卡了？

作者: yzzym001 时间: 2020-6-6 08:02
一定会成为高手！

作者: yzzym001 时间: 2020-7-21 10:12

学习学习！

欢迎光临 52梯控论坛 (https://52tikong.com/)