52梯控论坛

标题: 锤子解 [打印本页]

作者: jgwcq 时间: 2020-10-3 17:00
标题: 锤子解
一个数据锤子分析出来是晶创6.还一个百达，

两个系统我懵逼了。看着有两套密码，去电梯刷了两次卡，对比分析滚动位有变化。默认密码也变化，但是滚动位也太长了吧？

请大神给分析一下。变化的都是什么？两个系统是怎么做到的？要怎么做？

请给思路谢谢！

第一次读卡的数据
0 扇区
0 区块: B9 F8 EB 44 EE 88 04 00 85 00 B4 2E F0 BB 6A A8
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0 区块: 21 02 27 22 25 05 25 00 10 00 80 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 01 01 80 00 00 18
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

2 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

4 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

10 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

11 扇区
0 区块: 08 00 C6 15 00 02 14 00 0B 22 00 41 5D 52 2A 00
1 区块: 00 00 1A 02 E1 07 00 00 3B 17 1B 02 E5 07 00 00
2 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

12 扇区
0 区块: 06 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

13 扇区
0 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
1 区块: 61 47 30 87 08 02 3E 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 DC 61 4C 12
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

14 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

第二次刷电梯后的数据
0 扇区
0 区块: B9 F8 EB 44 EE 88 04 00 85 00 B4 2E F0 BB 6A A8
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0 区块: 21 02 27 22 25 05 25 00 10 00 80 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 01 01 80 00 00 18
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

2 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF 00 00 00 00 FF FF FF FF FF FF

4 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

10 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

11 扇区
0 区块: 08 00 C6 15 00 02 14 00 0B 22 00 41 5D 52 2A 00
1 区块: 00 00 1A 02 E1 07 00 00 3B 17 1B 02 E5 07 00 00
2 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

12 扇区
0 区块: 06 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

13 扇区
0 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
1 区块: 41 32 45 97 0D 02 24 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 DC 61 4C 12
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

14 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF 00 00 00 00 FF FF FF FF FF FF

锤子分析的图解
[attach]3096[/attach]

[attach]3097[/attach]

作者: www9241307 时间: 2020-10-3 18:18
想问一下，你这个是原卡刷卡的结果，还是你复制卡刷卡的结果，因为我看了一下，你的卡数据是88防复制卡。

作者: www9241307 时间: 2020-10-3 18:27
本帖最后由 www9241307 于 2020-10-3 18:30 编辑

看到你有两个扇区的存储控制位FF 07 80 69都变为00，关键连69也变00，这是这两个扇区KeyB设置后为不可读，也就是说明你并没有把3扇区和15扇区的密钥KeyB读取出来，进行修改数据使存储控制位改变为00

作者: www9241307 时间: 2020-10-3 18:31
或者使用复制卡

作者: jgwcq 时间: 2020-10-4 08:22

www9241307 发表于 2020-10-3 18:18
想问一下，你这个是原卡刷卡的结果，还是你复制卡刷卡的结果，因为我看了一下，你的卡数据是88防复制卡。

没复制卡，是同一张卡刷了两次，第一个数据数刷电梯的，第二个数据是刷门禁一次电梯一次，都是同一张卡，我没搞明白，锤子分析出来的是两个系统啥意思？能延期或者复制吗？

作者: jgwcq 时间: 2020-10-4 08:25

www9241307 发表于 2020-10-3 18:27
看到你有两个扇区的存储控制位FF 07 80 69都变为00，关键连69也变00，这是这两个扇区KeyB设置后为不可读， ...

也就是说，要重新读卡是吧？我没搞清这张卡里真的可以有两套系统共同存在吗？还是锤子分析错误？能给讲一下这两套系统里的数据都代表什么吗？能否延期或者复制？

作者: insl 时间: 2020-10-4 08:34
数据看上去不是复杂系统防复制卡是不是不能复制

作者: www9241307 时间: 2020-10-4 09:37

jgwcq 发表于 2020-10-4 08:22
没复制卡，是同一张卡刷了两次，第一个数据数刷电梯的，第二个数据是刷门禁一次电梯一次，都是同一张卡， ...

一卡多系统是正常情况，但是你第二次刷门禁后，存储控制改变让我想不明白，又不是复制卡刷卡，原卡刷卡出现这种，还真是头一次

作者: www9241307 时间: 2020-10-4 09:45

insl 发表于 2020-10-4 08:34
数据看上去不是复杂系统防复制卡是不是不能复制

可以用专用的88卡复制

作者: sw225500 时间: 2020-10-8 15:13
存储控制改变让我想不明白

作者: wp7305 时间: 2020-10-11 17:06

作者: 826311118 时间: 2021-1-5 22:09

www9241307 发表于 2020-10-3 18:18
想问一下，你这个是原卡刷卡的结果，还是你复制卡刷卡的结果，因为我看了一下，你的卡数据是88防复制卡。

0 扇区
2C AB 91 02 14 08 04 00 01 64 05 E8 D3 78 2E 1D
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
20 01 21 12 34 03 6C 00 10 10 00 00 00 00 15 E7
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91

2 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91

3 扇区
AA F2 01 00 09 E9 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91

4 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

10 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

11 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

12 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

13 扇区
20 12 17 12 34 04 4D 00 10 10 00 00 00 00 2F 40
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A 2B 3C 4D 5E 6F FF 07 80 69 1A 2B 3C 4D 5E 6F

14 扇区
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A 2B 3C 4D 5E 6F FF 07 80 69 1A 2B 3C 4D 5E 6F

15 扇区
58 22 01 00 07 6A 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A 2B 3C 4D 5E 6F FF 07 80 69 1A 2B 3C 4D 5E 6F
大佬帮忙看看这个能延期不，15扇区滚码。20.12.17号到期，其他数据刷电梯没变化。非常感谢

作者: www9241307 时间: 2021-1-6 00:55

826311118 发表于 2021-1-5 22:09
0 扇区
2C AB 91 02 14 08 04 00 01 64 05 E8 D3 78 2E 1D
00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...

至少要三次延期数据

作者: 赵先生 时间: 2022-4-8 15:35

作者: liuxuxi 时间: 2023-10-30 13:14

欢迎光临 52梯控论坛 (https://52tikong.com/)