Runmai International Water card can be copied and tampered with without limit to allow free use of water (RF card design security risks)

Runmai International Water card can be copied and tampered with without limit to allow free use of water (RF card design security risks)

Runmai International Water card (which exists in some communities in Beijing) has the defect that the card data can be read and copied and tampered. During the test, the raw card data can be read and written into the empty card, and the empty card can also be consumed. After consumption, the initial data can be written at any time, so that the amount of the card can remain unchanged and available.

Http://www.runmain.cn/

The water card used is a card of the M1 type, and the default key of some sectors is not changed. As a result, the algorithm defect can be used to read the full-card data. The card details and card data with a face value of 100 RMB are roughly as follows:
 

 

The data storage area is 5th sectors
 

Write data into an empty card (uid can be modified), so that you can completely copy a card and consume it.
 

 

 

Several comparisons have not found the storage format of the amount, so you cannot change it to the amount you want. However, the initial data read can be written into the card at any time, so the money can remain unchanged permanently.

After consumption, change the value to the initial value,
 

Solution:

Card Replacement type, full-sector encryption is also a method