52梯控论坛

 找回密码
 立即注册
搜索
查看: 6135|回复: 9
打印 上一主题 下一主题

新人求助 金博加密 滚动码复制改时间

[复制链接]
跳转到指定楼层
楼主
发表于 2020-6-4 22:34:35 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
本帖最后由 jinshengwei 于 2020-6-5 00:18 编辑

最近搬家,之前没接触过类似破解,本意想将ic卡刷进手机nfc图一个省事。
尝试过后发现ic卡加密通过淘宝购买破解器后,了解到梯控是金博加密滚动码,滚动位是9扇区0块16位每次递增+1.
问询淘宝店主后,发给我全新dump让我尝试,再次识别后发现他将滚动位复位为0,将房间号改动为其他的房间号。
还没去尝试不知道可行性。
自己研究后了解到金博的加密应该是7b加密 也就是201014 ^ 0x7b7b7b = 5b6b6f(这是之前卡的到期时间现在改成了596b6f)
通过这个公式改了时间和通层。下面的就是改后的数据

现在想问下各位大佬,滚动码的复制通过复位滚动码和改房间号可达到复制的效果吗?不会使原卡失效吧。
其次想问下,金博加密有没有检验码,我下面改动的时间和通层有没有问题,因为还没搬过去,每次尝试成本有点高(要来回,打算明天去尝试)还没尝试
麻烦各位大佬帮忙看下,万分感谢





0 扇区
0 区块: 7B C3 C9 CD BC 08 04 00 01 39 B2 8A F4 91 99 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

2 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

4 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 28 69 3B 84 84 84 84 84 84 84 7A 9D FB 26 7B 7B
2 区块: 62 6B 62 7B 7B 59 6B 6F 58 59 7B 7B 7B 7B 04 7B
3 区块: 47 42 49 43 C1 44 FF 07 80 00 47 42 49 43 C1 44

10 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: A9 87 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B 7B
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 47 42 49 43 C1 44 FF 07 80 00 47 42 49 43 C1 44

11 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

12 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

13 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

14 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF



点评

我来看看,学习一下!  发表于 2022-5-17 14:02
沙发
发表于 2020-6-4 23:33:47 | 只看该作者
你手头有什么卡
回复 支持 反对

使用道具 举报

板凳
发表于 2020-6-4 23:49:43 | 只看该作者
建议你买个锤子吧,你有这方面的天赋。分析不错。以后你可以在你小区里面做做卡,不光本钱会来还会赚点
回复 支持 反对

使用道具 举报

地板
 楼主| 发表于 2020-6-4 23:56:49 | 只看该作者
本帖最后由 jinshengwei 于 2020-6-5 00:02 编辑
qqqzxc 发表于 2020-6-4 23:33
你手头有什么卡

我手头只有买机器送的三张cuid卡,我其中一个复制了这个改过时间的,一个只复制了店家发给我只改过滚动码和房间号的,打算明后天带着笔记本去试下。
因为笔记本是苹果的,还要做虚拟机。。。
回复 支持 反对

使用道具 举报

5#
 楼主| 发表于 2020-6-5 00:10:26 | 只看该作者
yaozq20200417 发表于 2020-6-4 23:49
建议你买个锤子吧,你有这方面的天赋。分析不错。以后你可以在你小区里面做做卡,不光本钱会来还会赚点

其实最初本意就是想把门禁刷金手机和手环图个省事没想太多,正好昨天破解器到了,就在论坛研究了挺久。。顺便自己弄了下时间和通层,用ic卡数据分析工具看了下加密前后数据,因为异或算法特征特明显,就靠着初中内点底子,写了个异或7b转换的小程序,自己转换了下。其实就是图个是省事儿哈哈。   

软件的话过段时间闲了研究一下。


话说大神帮忙看下我改的数据有没有问题,麻烦了。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
回复 支持 反对

使用道具 举报

6#
发表于 2020-6-5 11:57:57 来自手机 | 只看该作者
作为一个有动手能力的人,能自己解决的问题,就不要去寻找他人帮助了,你的问题都可以通过自己的验证得到答案。
回复 支持 反对

使用道具 举报

7#
 楼主| 发表于 2020-6-5 12:15:07 | 只看该作者
missssu 发表于 2020-6-5 11:57
作为一个有动手能力的人,能自己解决的问题,就不要去寻找他人帮助了,你的问题都可以通过自己的验证得到答 ...

额刚刚检验过了 通卡是没问题的那时间应该也是没问题的,金博加密应该就是没有检验的滚动递增明码的卡。

我现在就剩下一个问题。。这套滚动系统的验证过程应该是识别对应相应的房间号和滚动码去验证的,那我重置滚动码后随便改一个稍微大一点的房间号数值是不是就可以做到无限复制新卡了?
回复 支持 反对

使用道具 举报

8#
发表于 2020-6-6 08:02:25 | 只看该作者
一定会成为高手!
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

在线客服

QQ|52梯控│电梯卡延期│电梯卡复制

GMT+8, 2024-11-27 22:34

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表