52梯控论坛

 找回密码
 立即注册
搜索
查看: 4083|回复: 17
打印 上一主题 下一主题

锤子解

[复制链接]
跳转到指定楼层
楼主
发表于 2020-10-3 17:00:10 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
一个数据锤子分析出来是晶创6.还一个百达

两个系统我懵逼了。看着有两套密码,去电梯刷了两次卡,对比分析滚动位有变化默认密码也变化,但是滚动位也太长了吧?

请大神给分析一下。变化的都是什么?两个系统是怎么做到的?要怎么做?

请给思路谢谢!


第一次读卡的数据
0 扇区
0 区块: B9 F8 EB 44 EE 88 04 00 85 00 B4 2E F0 BB 6A A8
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0 区块: 21 02 27 22 25 05 25 00 10 00 80 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 01 01 80 00 00 18
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

2 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

4 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

10 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

11 扇区
0 区块: 08 00 C6 15 00 02 14 00 0B 22 00 41 5D 52 2A 00
1 区块: 00 00 1A 02 E1 07 00 00 3B 17 1B 02 E5 07 00 00
2 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

12 扇区
0 区块: 06 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

13 扇区
0 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
1 区块: 61 47 30 87 08 02 3E 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 DC 61 4C 12
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

14 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

第二次刷电梯后的数据

0 扇区
0 区块: B9 F8 EB 44 EE 88 04 00 85 00 B4 2E F0 BB 6A A8
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

1 扇区
0 区块: 21 02 27 22 25 05 25 00 10 00 80 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 01 01 80 00 00 18
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

2 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: 01 39 40 23 33 13 FF 07 80 69 FF FF FF FF FF FF

3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF 00 00 00 00 FF FF FF FF FF FF

4 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

5 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

6 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

7 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

8 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

9 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

10 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

11 扇区
0 区块: 08 00 C6 15 00 02 14 00 0B 22 00 41 5D 52 2A 00
1 区块: 00 00 1A 02 E1 07 00 00 3B 17 1B 02 E5 07 00 00
2 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

12 扇区
0 区块: 06 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

13 扇区
0 区块: 00 00 00 00 00 0B 0E 00 00 00 00 00 00 00 00 00
1 区块: 41 32 45 97 0D 02 24 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 DC 61 4C 12
3 区块: F8 9C 86 B2 A9 61 FF 07 80 69 F8 9C 86 B2 A9 61

14 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF

15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF 00 00 00 00 FF FF FF FF FF FF

锤子分析的图解





  

  



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x

点评

我来看看,学习一下!  发表于 2022-5-18 09:06
帮楼主顶一下  发表于 2020-10-14 11:56
帮顶一下  发表于 2020-10-9 08:33
沙发
发表于 2020-10-3 18:18:12 | 只看该作者
想问一下,你这个是原卡刷卡的结果,还是你复制卡刷卡的结果,因为我看了一下,你的卡数据是88防复制卡。
回复 支持 反对

使用道具 举报

板凳
发表于 2020-10-3 18:27:13 | 只看该作者
本帖最后由 www9241307 于 2020-10-3 18:30 编辑

看到你有两个扇区的存储控制位FF 07 80 69都变为00,关键连69也变00,这是这两个扇区KeyB设置后为不可读,也就是说明你并没有把3扇区和15扇区的密钥KeyB读取出来,进行修改数据使存储控制位改变为00
回复 支持 反对

使用道具 举报

地板
发表于 2020-10-3 18:31:08 | 只看该作者
或者使用复制卡
回复 支持 反对

使用道具 举报

5#
 楼主| 发表于 2020-10-4 08:22:12 | 只看该作者
www9241307 发表于 2020-10-3 18:18
想问一下,你这个是原卡刷卡的结果,还是你复制卡刷卡的结果,因为我看了一下,你的卡数据是88防复制卡。

没复制卡,是同一张卡刷了两次,第一个数据数刷电梯的,第二个数据是刷门禁一次电梯一次,都是同一张卡,我没搞明白,锤子分析出来的是两个系统啥意思?能延期或者复制吗?
回复 支持 反对

使用道具 举报

6#
 楼主| 发表于 2020-10-4 08:25:40 | 只看该作者
www9241307 发表于 2020-10-3 18:27
看到你有两个扇区的存储控制位FF 07 80 69都变为00,关键连69也变00,这是这两个扇区KeyB设置后为不可读, ...

也就是说,要重新读卡是吧?我没搞清这张卡里真的可以有两套系统共同存在吗?还是锤子分析错误?能给讲一下这两套系统里的数据都代表什么吗?能否延期或者复制?
回复 支持 反对

使用道具 举报

7#
发表于 2020-10-4 08:34:28 | 只看该作者
数据看上去不是复杂系统 防复制卡是不是不能复制
回复 支持 反对

使用道具 举报

8#
发表于 2020-10-4 09:37:27 | 只看该作者
jgwcq 发表于 2020-10-4 08:22
没复制卡,是同一张卡刷了两次,第一个数据数刷电梯的,第二个数据是刷门禁一次电梯一次,都是同一张卡, ...

一卡多系统是正常情况,但是你第二次刷门禁后,存储控制改变让我想不明白,又不是复制卡刷卡,原卡刷卡出现这种,还真是头一次
回复 支持 反对

使用道具 举报

9#
发表于 2020-10-4 09:45:41 | 只看该作者
insl 发表于 2020-10-4 08:34
数据看上去不是复杂系统 防复制卡是不是不能复制

可以用专用的88卡复制
回复 支持 反对

使用道具 举报

10#
发表于 2020-10-8 15:13:15 | 只看该作者
存储控制改变让我想不明白
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

在线客服

QQ|52梯控│电梯卡延期│电梯卡复制

GMT+8, 2024-11-27 05:28

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表