Clever Geek Handbook

通过照片复印通行卡

有一次,我紧急需要进入带有旋转门形式的通行证系统的商务中心,该系统可以使用通行卡打开。当时拥有通行证的人很远,他无法将其交给我,由于官僚机构的特殊性,发行新卡需要花费大量时间。





我们在处理什么



, , , , .

EM-Marin, EM4100. 125 ( — ID) 40 5 , . - . T5577 EM4305, .

- - , ( ) , . .

. Proxmark3, , T5577 ID . , .



, « », . , . ID, , .





: 9 «1», 1 Version Number, 2 Facility Code 2 , . , ( ).



– ID . - .





, . , ID. , , , :



  : 0013396136 204.26792
ID: 4A00CC68A8


ID HEX DEC, 317840976040, . : , , , :)



, , , Proxmark ID - :



lf search 
proxmark3> lf search
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

EM410x pattern found:

EM TAG ID      : 4A00CC68A8

Possible de-scramble patterns
Unique TAG ID  : 5200331615
HoneyWell IdentKey {
DEZ 8          : 13396136
DEZ 10         : 0013396136
DEZ 5.5        : 00204.26792
DEZ 3.5A       : 074.26792
DEZ 3.5B       : 000.26792
DEZ 3.5C       : 204.26792
DEZ 14/IK2     : 00317840976040
DEZ 15/IK3     : 000352190666261
DEZ 20/ZK      : 05020000030301060105
}
Other          : 26792_204_13396136
Pattern Paxton : 1256236712 [0x4AE0A6A8]
Pattern 1      : 10853441 [0xA59C41]
Pattern Sebury : 26792 76 5007528  [0x68A8 0x4C 0x4C68A8]

Valid EM410x ID Found!
proxmark3>


, 0013396136 204.26792 — , !

5 , ID . , Proxmark – open-source , . «DEZ 10» cmdlfem4x.c.



cmdlfem4x.c: 
...
    //output 88 bit em id
            PrintAndLog("\nEM TAG ID      : %06X%016" PRIX64, hi, id);
        } else{
            //output 40 bit em id
            PrintAndLog("\nEM TAG ID      : %010" PRIX64, id);
            PrintAndLog("\nPossible de-scramble patterns");
            PrintAndLog("Unique TAG ID  : %010" PRIX64,  id2lo);
            PrintAndLog("HoneyWell IdentKey {");
            PrintAndLog("DEZ 8          : %08" PRIu64,id & 0xFFFFFF);
            PrintAndLog("DEZ 10         : %010" PRIu64,id & 0xFFFFFFFF);
            PrintAndLog("DEZ 10         : %010" PRIu64,id & 0xFFFFFFFF);
            PrintAndLog("DEZ 5.5        : %05lld.%05" PRIu64,(id>>16LL) & 0xFFFF,(id & 0xFFFF));
            PrintAndLog("DEZ 3.5A       : %03lld.%05" PRIu64,(id>>32ll),(id & 0xFFFF));
            PrintAndLog("DEZ 3.5B       : %03lld.%05" PRIu64,(id & 0xFF000000) >> 24,(id & 0xFFFF));
            PrintAndLog("DEZ 3.5C       : %03lld.%05" PRIu64,(id & 0xFF0000) >> 16,(id & 0xFFFF));
...


, – ID :

0013396136 (DEZ 10) – 4 , .

204.26792 (DEZ 3.5C) – ( Facility Code) 2 .

, ID. , 4 , 5? 0 , . — .



, - , , , Wiegand-26. , 24 2 , 3 . , ID .

, , 255 , , .



, . T5577 ID ( — ):



proxmark3> lf em 410xwrite 0100CC68A8 1
Writing T55x7 tag with UID 0x0100cc68a8 (clock rate: 64)
#db# Started writing T55x7 tag ...
#db# Clock rate: 64
#db# Tag T55x7 written with 0xff80600630c8d23a

proxmark3>


, . lf search , DEZ 10 DEZ 3.5C .



ID .

, , , .



-



, , . . , . - , . , , - , EM-Marin ( , ). , MIfare, , AES. .



无论如何,未经所有者同意,请勿复制他人的卡。



More articles:


All Articles