A training center card (M1 card) meal card amount cracking

The card system has security defects. It can be copied, and the amount of meal cards can be modified. The idcard vulnerability can be used to crack the passwords of all sectors. It is worth noting how to DUMP data. below is the card data, in the red box, the amount of the card that the key a just got the card is 26 yuan, and the data is not encrypted, you can directly calculate the value segment of the M1 card: The value segment to implement the e-Wallet function. (Valid commands include read, write, add, subtract, restore, and send ). The value segment has a fixed data format for error detection, correction, and backup management. A value segment can only be generated during write operations in the value segment format: Value: A signed 4-byte value. The minimum byte of this value is stored in the lowest address. The reversed bytes are saved in standard 2 format. In order to ensure data correctness and confidentiality, the value is saved three times, two times are not retained, and one time is retained. The red box is the positive code, and the blue box is the reverse code. Because the lowest byte is saved in the lowest address, the correct value of 28 0A 00 00 is 0A28, Which is 2600 in decimal format, the first two digits are two digits and ten digits, and the last two digits are two digits after the decimal point. That is, 26.00 yuan. After a day's breakfast and two meals, 23.5 yuan is left in the card
2E 09 00 00, which is 23.50Solution:Do not use the default password for communication encryption. Or use a RF Card with higher encryption strength.