百达138梯控系统，研究几个问题

Frank · 发表于 2019-4-3 11:28:08

本帖最后由 Frank 于 2019-4-15 10:21 编辑

百达138梯控系统，有4个问题（全部手敲，不要灌水军刷帖，求前辈答复）：PM3一键解析，读取卡信息后，提示：读卡完成。其中扇区【10】读取失败，已填充空白数据。请使用扇区操作功能单独读取。

有2张改小区的卡，操作时候，均在有效期内，无过期。分别称为卡1，卡2。
【卡1原卡信息】：
百达138梯控系统，滴胶卡，小长方块，门禁原卡信息：
UID: 51  48  0F  16
ATQA:  00  04
  SAK:  08  [02]
TYPE:  NXP MIFARE CLASSIC 1K  /  Plus 2K  SL1  / 1k  Ev1
Answer to magic commands: NO
Valid ISO14443-A  Tag  Found

配卡：
（1）配卡1，已经尝试3类型卡，和卡的关系不大。持什么类型的卡，可以配百达138电梯门禁卡成功呢？
      备注：       PM3，第1次配卡，使用UID配卡，配卡后失败，无法刷电梯门禁卡；       PM3，第2次配卡，使用CUID配卡，配卡后失败，无法刷电梯门禁卡；
      PM3，第3次配卡，使用UFUID配卡并锁定，配卡后失败，无法刷电梯门禁卡；
（2）第1扇区，0块。日期前3个位，和校验码末尾 2个位，日期与校验码，是怎么样的算法关系?
      第1扇区，0块，前3个位  19  03  31 ，提示是日期19年03月31日。校验码，位于0块末尾2位  45  53。
（3）配卡后，新的日期修改、编辑写入。调整校验码。通过此两项操作，读写配卡的信息后，能否成功顺利完成配卡？
（4）第10扇区，究竟有什么密码等，把该区锁定了么，如何解决第10扇区，不显示的问题。

百达138【卡1数据】
0 扇区
0 区块: 51 48 0F 16 00 08 04 00 02 F0 A5 CA 06 1A CE 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0 区块: 19 03 31 12 34 05 FC 00 00 00 00 00 00 00 45 53
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 01
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91

2 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91

3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

4 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

10 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

11 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

12 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

13 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

14 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

百达138【卡2数据】
0 扇区
0区块:F4 16 42 1F BF 08 04 00 62 63 64 65 66 67 68 69
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0区块:20 02 04 12 34 04 4D 00 00 00 00 00 00 00 33 2E
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 01
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91

2 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91

3 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

4 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

10 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

11 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

12 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

13 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

14 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2区块:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3区块:FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

此外，学习了网上其他几组【百达138/139梯控系统数据】，有没有一起在学习分析这个的，可以联系我，微709131522,，互相单独交流一下

卡号	百达系统	1扇区0块数据	门禁卡有效期	16进制时间戳/秒	校验码	电梯楼层
1	百达138系统	1 扇区 0 区块: 19 03 31 12 34 05 FC 00 00 00 00 00 00 00 45 53 1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F 01 2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3 区块: 01 38 89 34 38 91 FF 07 80 69 01 38 89 34 38 91	19 03 31	5CA00300	45 53	小区大门+单元门，无电梯门禁
2	百达139系统试着把第该卡1扇区0块校验码9008前边改了12个F，1扇区1块全改成了F，以为可以通层通小区，结果刷卡不好使。	1扇区 0 区块: 18 12 31 12 34 03 4F 00 00 10 00 00 00 00 90 08 1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF	18 12 31	5C295C00	90 08	9楼
2'	百达139系统卡2'是卡2物业延期后数据	1扇区 0 区块: 19 12 31 12 34 03 4F 00 00 10 00 00 00 00 8A 6C 1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF	19 12 31	5E0A8F80	8A 6C	9楼
3	百达139系统另一住户甲	0扇区 0 区块: 8D 4C FC 31 0C 08 04 00 99 81 85 65 78 82 65 89 1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF 1扇区 0 区块: 19 06 30 12 34 04 F0 00 00 40 00 00 00 00 0E 1E 1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF	19 06 30	5D17FB80	0E 1E	11楼
4	百达139系统另一住户乙 1扇区1块的80是表示什么？为什么不和前三张卡一样是02了？	1扇区 0 区块: 20 01 02 12 34 06 E5 00 80 00 00 00 00 00 E1 71 1 区块: 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF	20 01 02	5E0D3280	E1 71	应该 4楼

ml35473255 · 发表于 2022-10-5 09:29:52

百达138的第10扇区最后应该是这样的
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FF FF FF FF FF FF 00 00 00 00 FF FF FF FF FF FF

按理说，标准的IC卡，最后一行应该是这样的：
FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

中间的FF 07 80 69是固定值，不许改变的，前后五组FF是两组密码，但是百达138使用特殊方法把中间强制改成了00 00 00 00，导致其数据不符合标准IC卡的规则，有些软件就无法识别了。

lixiaoyao · 发表于 2021-11-20 00:41:27

是不是要用发卡器才能用呀

lixiaoyao · 发表于 2021-11-20 00:26:42

我刷手环后门禁可用电梯用不了

lzg6876999 · 发表于 2019-12-25 20:38:20

路过学习一下

xinxinwx · 发表于 2019-12-13 06:54:44

百达10扇区解锁，企鹅435677423.

世纪龙庭 · 发表于 2019-12-12 21:53:56

sjl4454069 发表于 2019-9-27 21:51
用变色龙嗅探试下看看能不能把10扇区数据读出来

咱俩梯控分析软件一样。

lzg6876999 · 发表于 2019-12-9 10:03:23

路过学习一下。

lxnaxx · 发表于 2019-12-1 16:32:09

期待研究结果，同样研究中

belldandy · 发表于 2019-11-30 14:40:44

15998609526 · 发表于 2019-11-30 09:03:33

提示: 作者被禁止或删除内容自动屏蔽

帐号		自动登录	找回密码
密码			立即注册

15998609526 15998609526 当前离线积分 1873 窥视卡雷达卡	23^# 发表于 2019-11-30 09:03:33 \| 只看该作者提示: 作者被禁止或删除内容自动屏蔽
15998609526 15998609526 当前离线积分 1873 窥视卡雷达卡
	回复支持反对使用道具举报显身卡

百达138梯控系统，研究几个问题

点评