The simulation of mobile phone door card is to read the password information (we can understand it as a key) in the door card through NFC, and then use this information to make a virtual key, which is written by the mobile phone itself.
Of course, NFC can also be simulated as an empty card for authorized card issuing units to write, such as bus card office and online traffic card to solve the trouble of users running errands. This Xiaomi Huawei Apple is supported.
Unencrypted key card NFC mobile phone is easy to simulate, but it hides security risks.
Regarding the application scope of Xiaomi's door card, Xiaomi's mobile wallet makes it very clear: at present, the door card simulation supports the simulation of unencrypted door cards in the market, and the frequency is 13.56MHz. If the door card has an encrypted area, it cannot be simulated. For security reasons, it is temporarily impossible to simulate the bank card with the function of door card and the door card with the function of stored value consumption and bus consumption; Even if the simulation is successful, this function cannot have additional functions such as banking, consumption and public transportation.
According to the geek's personal test, a real estate in Dongguan pre-installed a smart lock for the owner. Although the style is a bit old (using four 5th batteries), Xiaomi 6 does not support simulation because the key card is encrypted. Relatives in Shenzhen got a thousand yuan smart lock from a friend. Xiaomi 6 only took 1 minute to open the card. According to NFC Tools software, the original door card should be M 1 chip.
It has been proved by many parties that many smart door locks and cards are M 1 cards at present (Mifare One is the earliest patented technology owned by NXP with a history of more than 20 years, which has been widely studied because of its low cost, and the existing domestic compatible chips are more popular). There are many read-write devices specially designed for M 1 cards in the market, which can completely copy the key data of card sectors.
In other words, this unencrypted access card may be easily copied and stolen by criminals (according to local media surveys, low-end access cards such as IC and ID cards account for 80% of all communities in Quanzhou, and can be easily copied in 30 seconds). Last time, the geek specially reminded the relative to be careful about losing the key card and not to lend it to others at will.
It should be noted that the access card with the working frequency of 13.56MHz belongs to high-frequency RFID technology, and there are two main standards: ISO 14443 (that is, M 1 card, with the maximum reading distance of 10cm) and ISO 15693 (. Although some door cards are also in the form of key chains, they use low-frequency RFID chips, the working frequency is 125- 134.2KHz, and the reading distance is 5- 10cm, which cannot be simulated by NFC mobile phones.
Apple phones can also simulate access cards that require authorization.
At present, the most commonly used mobile phone NFC analog card is the mobile phone PAY payment function jointly launched by UnionPay and mobile phone manufacturers. So, can NFC be directly given the function of simulating bank cards? The answer is yes!
After reading it three times in a row with NFC card reader, it is found that the UID simulated by the mobile phone card will change every time, but the next string of card numbers is fixed. Using this fixed serial number as the key of the door card, you can open the NFC bank card of the mobile phone. In other words, we can set this string of numbers as the password of the smart door lock. When a stranger is present, the host can add some garbled codes before and after the password. As long as the entered number contains the normal password, the door can be opened. This is the principle.
Friends with RFID reading and writing devices are experts in the industry. This kind of equipment is generally provided for card issuers (RFID is basically a 2B application). It is feasible to measure Huawei, Xiaomi, Apple and other models. NFC mobile phones can't be debugged generally, and may not be able to obtain the fixed serial number of analog cards. If any friend can do it, please leave a message (it belongs to the scope of cracking, mainly focusing on technical discussion, please do not use it for illegal purposes).
▲ It is very simple to clone M 1 access card with ▲PM3. You can also write encrypted information into NFC mobile phones, and interested friends can study it themselves.
Summarize the advantages of NFC mobile phone analog door card;
Portable, without a key card, the mobile phone is a room card;
Not only Huawei, Xiaomi and Samsung have Android phones, but iPhone users can also experience opening the door by brushing their phones (open source without iOS system cannot call NFC interface);
The simulated mobile phone belongs to the CPU card, and its security level is very high, so there is no possibility of being copied.
Finally, the industry suggests that the lock factory upgrade the standard M 1 card to a CPU card, and each CPU card has a CPU chip and COS (Operating System on Chip) to ensure that the card will not be copied. Although the cost of CPU card will be higher than M 1 card, it will be safer from the user's point of view.