PN532 Campus Card Emulation

Foreword

Some time ago, I posted a tutorial on simulating campus cards, but that tutorial was the most basic and simplest. At the same time, it also brought some problems. To ensure security, mobile phone manufacturers do not support simulating encrypted cards with phone NFC, and even if encrypted cards can be simulated, the encrypted part of the function is also unavailable (unless you ROOT). In short, the consumption function in the campus card cannot be directly implemented through the previous tutorial. How can that be! It was originally for convenience, but the consumption function cannot be realized? That's not acceptable. Therefore, I also consulted a lot of information, stepped on some pitfalls, and successfully simulated the encrypted card with the support of a large number of tutorials.

I went to the supermarket at noon today to buy water, and it worked pretty well.

Screenshot

Initial Preparation

• MifareOneTool Software
• PN532
• NFC-enabled phone
• CUID blank card
• Campus card

Decrypting the Original Card

• Connect PN532 to the computer
• Open MifareOne Tool

Follow the steps:

1. Detect connection
2. Scanning the card SAK as 28 etc. cannot decrypt the card. Our school's campus card SAK is 08, which supports decryption.

3. Detect encryption
4. One-click decrypt original card

I failed this step many, many times, and it took me a whole morning to successfully decrypt the original card data. You can try a few more times, I might be too unlucky. After the original card data is decrypted, a pop-up window will appear automatically, specifying the file name and saving the original card decryption data. The suffix name is .dump

At this time, the card is temporarily unusable, so you can take it down first.

Data written into CUID blank card

MifareOne Fool selects the Hex editor in the advanced operation mode

Open the .dump suffix file you just saved.

Copy the first eight digits in block 0 of sector 0. These digits are the card ID. You can also open the .dump file in Notepad and copy the first eight digits in the first line, without spaces.

Select New,

After creating a new one, select Modify UID in the tool, enter the eight-digit card ID you just copied, then save it and save it as a .mfd suffix file.

Place the CUID blank card on the PN532, and follow the steps of scanning the card and detecting encryption.

After completing the above steps, select Write C/FUID card, and the file selection suffix is ​​.mfd! Please pay attention.

The prompt box below will indicate that writing 64/64 is complete. If it is 63/64, write the CUID card again. Generally there is no problem.

Then you can use your NFC mobile phone to simulate the access card function to simulate this blank CUID card. At this time, you should know that you only simulated the card ID, and the encrypted part has not been simulated yet. It's not over here.

Encrypted Write to Phone

💡 This part of the tools are mobile phone, PN532, MifareOne Tool, which has nothing to do with the blank card. The mission of the blank card has been completed.

Turn on the NF function of the mobile phone, and then place it on the PN532. At this time, the mobile phone is recognized as a CUID card.

Select Write C/FUID card again, this time the file selection suffix is ​​.dump, this file contains the encrypted card part of the data. The prompt box shows that writing 63/64 is successful, the card ID will not be read again, so this 1/64 will not succeed.

Congratulations, here we are. Your mobile phone can now realize all the functions of the campus card. Similarly, the same operation can be performed by replacing the mobile phone in the third part of the tutorial with a wristband.