Job Recruitment Website - Property management company - Mi band 4NFC hiding function simulates fully encrypted IC access card

Mi band 4NFC hiding function simulates fully encrypted IC access card

Bracelet, door card, white card and pm3 are all indispensable.

Reasons for purchase

Before I bought the 4nfc version of mi band, I also had a black bracelet, which could also simulate an unencrypted access card. Because I can simulate the access card of my wife's company, I gave it to her directly. In the future, I wanted to wait for the black plus bracelet to come out with a 1s version, left and right, but I never expected that mi band 4 would come to a cut. After their own functional comparison, mi band 4 can actually be considered as an upgraded version of the black plus bracelet.

I snapped up mi band 4 in the second batch. Let's spit it out. The first batch of JD.COM and official website snapped it up as a joke, and the second batch of Tmall snapped it up.

As a supplement to Apple's mobile phone

The purpose of buying mi band is to supplement the iphone 6s phone.

Appearance display

My express bag

My coordinates are in Chengdu, and I snapped up 10 in the morning. Although Xiaomi recently sent EMS, it can be delivered to the self-reporting cabinet in the afternoon (although China Post never called me).

outer packing

Outer packaging, bubble foam packaging. The word "4" is highlighted on the outer packaging of Xiaomi, which feels like a bulge. The nfc in the lower right corner represents the nfc version of the bracelet, which can open a bus card and simulate an access card.

Outer package 2

Inverse parameter

The latter is mainly the parameter description.

Brief introduction

Function introduction, 50 meters waterproof; Motion mode; Alipay pays.

Unpacking diagram

Liquid-filled pipeline

operation instruction

I never watch it, because the product manager of Xiaomi is really good at making products, and users can play without instructions.

Unpacking diagram

The unpacking diagram is introduced here, and our focus is to reveal its hidden attributes.

Reveal hidden functions

Red envelope reminder

Nfc access card simulation

The following content officially begins to talk about the function of analog access card.

Theoretical article

Access cards mostly use IC business card printing and ID business card printing.

ID card: Only one card number information is stored in it, and there is no encryption area. Because mobile phones and bracelets can't simulate this kind of card, we won't discuss it here.

IC card: It has the function of multiple copies, so it can be used to store information internally. After my understanding of IC card, the storage content of IC card can be mainly divided into two parts, including encrypted area and unencrypted area, temporarily called area A and area B.

Door card stores information

According to the encryption type of IC card, encryption can be divided into ordinary unencrypted access card, semi-encrypted access card and fully encrypted access card.

Ordinary access card

Encrypted access card

Well, after having a basic understanding, let's talk about the simulation process of Xiaomi mobile phone or bracelet.

Analog ordinary unencrypted door card

Ordinary access card simulation

Analog encrypted door card

Encryption key card emulation failed.

Ok, what should I do to simulate a semi-encrypted key card or a fully encrypted key card? You need a card writer and a white card. I will talk about the purchased equipment at the end. The simulation steps are as follows

Actual combat article

Follow my rhythm and copy the access control step by step.

1. Decrypt the access card

1. 1 View special equipment

Special equipment

Specially purchased PM3 equipment, IC card and ID card are written separately.

1.2 View special software

Dedicated software interface

It is used to control devices to independently write into IC cards and ID cards, and provide the functions of unlocking the cards and modifying the data information in the cards.

1.3 white card

You can use a water drop card or this thin card, which can be used as an intermediary between mi band and the mobile phone to simulate the access card.

White (surname)

1.4 reading access card information

At this time, you need to put the access card that needs to be copied on the special equipment, and click on the software interface to read the IC card.

Put in the access card

Software click to read IC card.

Green means unencrypted and red means encrypted.

1.5 Decrypt the access card

After reading it, at the prompt of the software. Click Auto Decryption until all colors turn green.

Decryption complete

After decryption, click the Export button to export the data and save it for later use.

2. Write the card number on the white card

2. 1 Read the "white card" information

Read the white card

get

2.2 Modify the card number and manufacturer number information of the white card.

After reading it, click the Import button to import the previous dump.

Import dump

Click the edit button and write down the following card number information on it.

Modify the white card

After modifying the card number, click the software "Write IC Blank Card"

At this time, according to the theory, the card number information of the encryption card has been written into the white card, but the white card is not an encryption card, so the bracelet can simulate the card number information of the access control card number (except the encryption area).

The modification of the White Kaka is complete.

3. The bracelet simulates a white card

Operate the APP of the bracelet and perform the "key card simulation" function.

And rename this card as "Home" (this step can be omitted).

Door card simulation

4. Write encrypted information for the bracelet

4. 1 Open the software and import the dump information.

Import dump

4.2 Read the information of the analog card in the bracelet and compare it with the dump information.

The bracelet selects the access card that was successfully simulated at that time (excluding the encryption area).

Select analog card

Software first click "read IC card", and then click the import button in the following line to import the dump information.

Writer's ring

4.3 Analog Encryption Area

Click "Write IC" card.

Failed to write the card?

4.4 Verify whether the encryption area of "Analog Card" in the bracelet is simulated successfully.

Read the analog card in the bracelet again.

Red area?

The red area represents the encrypted area. Continue decoding according to the software prompt.

After decoding

After decoding, it all turns green, and then click the "Compare button". At this time, you can see that only the manufacturer information of block 00 in area 00 is inconsistent, and all other areas are consistent. At this point, the actual simulation is completed.

4.5 Go downstairs and open the door.

All kinds of brush access control, unspeakable joy. . . . . .

Equipment procurement is as follows. The richest man searches for keywords himself. If it is still cheap, or the wholesale price of the richest man's father's house (1688 Alibaba) is even cheaper, I feel 10,000 points of pain after reading the wholesale price.

abstract

Finally, talk about the application method of Xiaomi White Card.

1. White card for bracelet

2. Take the bracelet to the property, and let the property write the encrypted information of the community access card into the white card.

3. Read the card number information of the white card, enter the card number information into the property management system, and grant permission.

At present, the models I have tested have been successfully simulated by mi band NFC4, Huawei Mate20Pro and Meizu 16s. I don't have other mobile phone models, please refer to other tutorials.

PS: By the way, the black hand ring does not support the PM3 emulation gateway card mode, because the encryption area of the black hand ring emulation card cannot be written.

Finally, as a supplement to the iPhone, mi band provides me with more convenience, thanks to the blessing of NFC access card simulation, as well as the tips of grabbing red envelopes, dumb little love classmates, offline Alipay and so on.

You don't have to put your mobile phone in your pocket when you stroll in front of the community in the future.

I hope it will be perfect if there is another wave of support from Chengdu.