ID、IC卡基本知识
ID卡
工作原理
ID卡全称身份识别卡(Identification Card),是一种不可写入的感应卡,只够存储ID卡的编号,编号固定且一般会标注在卡片上。ID卡属于低频卡,工作频率一般是125KHz-1000Khz。发卡机构在发卡时一般会购入一批ID卡,然后将这些卡号添加到数据库里,再把这些卡发放到用户手上,在用户刷卡时会读取卡号信息,与数据库(读卡器)匹配成功即可放行
安全性
ID卡不可加密,卡号公开读取无需任何权限,易于复制,所以安全性很低。一般情况下ID卡只做身份识别(门禁卡)用,ID卡不可写入数据,其记录内容(卡号)只可由芯片生产厂一次性写入,开发商只可读出卡号加以利用,无法根据系统的实际需要制订新的号码管理制度
现状
ID卡由于其成本低,使用简单,目前大多数用作安全性不太高的门禁卡,比如学校大部分实验室和教研室的门禁,ID卡正在逐步被淘汰
IC卡
工作原理
IC卡全称集成电路卡(Integrated Circuit Card),又称智能卡(Smart Card)。可读写、容量大且支持加密,数据记录方便。IC卡一般是13.56MHz的高频卡,与手机NFC工作频率一致。所以手机NFC可以模拟IC卡,但不能模拟ID卡
理论上来说,CPU卡才能算是真正的智能卡,卡内的集成电路中带有微处理器CPU、存储单元(包括随机存储器RAM、程序存储器ROMFLASH、用户数据存储器EEPROM)以及芯片操作系统COS。装有COS的CPU卡相当于一台微型计算机,不仅具有数据存储功能,同时具有命令处理和数据安全保护等功能
安全性
IC卡内所记录数据的读取、写入均需相应的密码认证,甚至卡片内每个区均有不同的密码保护,全面保护数据安全。IC卡在使用时,必须要先通过IC卡与读写设备间特有的双向密钥认证后,才能进行相关工作,从而使整个系统具有极高的安全保障。常见的校园一卡通、公交卡等充值消费卡都是IC卡。IC卡(M1卡)并不是完全保险,现在已经能够被完全破解,但CPU卡现在基本无法被破解
IC卡现状
IC卡本身可以记录大量用户相关内容(卡号、用户资料、权限、消费余额等信息),完全可以脱离计算机平台运行,实现联网与脱机自动转换的运行。IC卡是现在的主流,也是本文讨论的重点
IC卡类型
因为本文的重点是IC卡数据分析,所以内容仅涉及常见相关卡种
Mifare S50(M1)
MIFARE Classic是恩智浦半导体开发的可用于非接触式智能卡,有S20,S50(M1),S70几种规格。M1卡容量1K字节,每张卡片都有一个4字节的全球唯一序列号,0扇区不可以修改,其他扇区可反复擦写。卡中数据保存期为10年,可改写10万次,读无限次。日常使用的电梯卡、门禁卡等智能卡发卡商所使用的都是M1卡,可以理解为物业发的原卡(母卡)。常见校园卡、公交卡等也是M1卡。M1卡仅仅适合发卡方发新卡使用
UID
普通IC复制卡,可以重复擦写所有扇区。0扇区可被重复修改,响应后门指令(意味着可被使用后门指令检测是否为克隆卡的机器发现),遇到带有防火墙的读卡器就会失效。平常去地摊上找老大爷配的门禁卡就是这种
CUID
UID的升级版,可擦写防屏蔽卡,可以重复擦写所有扇区,不响应后门指令(意味着不容易被反克隆系统发现),可以绕过普通防火墙。但因为UID可以被更改,可能会被防CUID的防火墙更改0扇区导致失效
FUID
不可擦写防屏蔽卡,此卡的特点0扇区只能写入一次,写入一次后变成M1卡,不能重复利用,修改后和M1卡完全一样,很难被屏蔽检测
UFUID
高级IC复制卡,可以理解为是UID和FUID的合成卡,兼具UID与FUID的特点,需要封卡操作,封卡前与UID卡一致,封卡后则变为M1卡
IC卡数据与防复制
IC卡数据
空白卡数据
0 扇区
0 区块: 13 93 7B B2 49 08 04 00 02 35 FE C4 84 AE 31 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区 - 15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
-
一张IC卡分为16个扇区(0~15扇区),每个扇区分为4个块(0~3区块),每个块都能存储16字节数据
-
第0扇区的0区块用于存放卡号、卡号校验和厂商代码(M1卡已经固化,不可更改)
-
其他各扇区的0区块、1区块、2区块为数据块,用于存贮数据;3区块为控制块,存放密码A、存取控制、密码B
详解
为了便于分析数据,这里提取了前两个扇区的数据
0 扇区
0 区块: 13 93 7B B2 49 08 04 00 02 35 FE C4 84 AE 31 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
13 93 7B B2是这张卡的卡号49是这张卡卡号的异或校验码(写入时如果校验码错误会导致锁卡)08 04 00 02 35 FE C4 84 AE 31 1D是厂商信息00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00是卡中的数据FF FF FF FF FF FF是密钥AFF 07 80 69是控制位FF FF FF FF FF FF是密钥B
IC卡加密
每个扇区中的3区块都是控制块,存储了密钥和控制信息
在默认情况下应该是这样 FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
默认情况下,控制位为 FF 07 80 69,通过更改存取控制位可以改变不同的读写方式。在默认控制位下密钥A或密钥B都可以读写数据区,密钥A可写密钥区。优点是密钥控制字无需重新计算、读写方便,缺点是安全性能差,密钥A容易泄露
全加密卡
全加密卡是指16个扇区的块3全部使用非默认密码的卡
常规破解加密卡方法有字典破解法和暴力破解法,原理是使用已知的一组秘钥来进行破解,对于使用默认密码的 IC 卡可能成功,对于全加密卡就无能为力了。对于全加密卡比较主流的是用侦测卡进行破解,M1卡在与刷卡机进行交互的时候需要发出经过加密的正确密码,侦测卡可以探测并且保存卡的秘钥信息
一卡一密
一卡一密是指每张卡片通过特定的算法计算出独立的扇区密码,通常是使用物理卡号+种子密码的方式
举个例子,一张卡的卡号是 1A5E87F5,密码是 4C08513044D8,如果知道算法,基本不可能找出两者。在实际应用中,算法会更加复杂,不可能通过一个 dump 文件来破解
通常算法:物理卡号+种子密码
卡号: 1A 5E 87 F5
AA BB CC DD
密码: 4C 08 51 30 44 D8
0 1 2 3 4 5
0 = ( AA + 33 ) & BB
1 = ( BB - 45 ) & 28
2 = ( AA ^ CC ) * 45
3 = ( DD + 55 ) - AA
4 = AA ^ BB
5 = ( AA + BB ) * DD
# 在上文中,33、45、28、55 就是种子密码
滚动码
滚动码并不是密码在动,而是数据在动
密码变动算法复杂,对硬件要求较高且效率低,但是可以很好地对付复制卡
滚动码刷卡的流程
用户在刷卡时,控制器通过一定的算法将动态数据写入到卡片的扇区里,下次刷卡时将用户卡里的数据与控制器存储的数据进行比对,如果一致的话说明正常。如果对原卡进行复制,由于卡号是一样的,复制卡刷卡后控制器里的动态数据更新与复制卡一致,原卡就会失效。有的控制器发现不一致后还会把该卡号加入黑名单,这样原卡和复制卡就都会失效
常见的滚动方式
常见的滚动方式有校验从小数到大数每次刷卡加一(或者从大数到小数每次减少),这种滚动方式常在次数卡上使用;还有公式滚动法,读取卡内的数据与校验,经过单片机计算以后,写入新的数据与校验。不同厂家的公式算法不一样,有些厂家的滚动还会以刷卡时间和公式进行滚动,但大同小异
破解方法
- 完整破解电梯的整套发卡梯控并找到算法:这种可以完美的对电梯卡进行延期等操作,但是只能破解早期算法较简单的滚动码(仅有软件计算没有单片机计算的系统),但对现在软件和单片机一起计算的新系统较难破解
- 漏洞改法:通过更改控制位或者修改卡内某些地方的数据来压制卡内数据的滚动,这利用了早期某些厂家的读头不会校验计算后的数据是否写入成功的漏洞
- 初始码数据还原法:这种方法也属于漏洞改法的一种,利用了有些梯控厂家控制检测系统当识别到从未滚动过的卡(物业刚办的新卡)数据不会校验上次的逻辑漏洞,让卡内数据每次都是初始数据来对电梯读头进行欺骗,这时候的梯控读头已经修复检验写卡是否成功的漏洞,所以只要要让梯控读头完成一次完整的交互过程,完成以后再将卡内数据改回去即可无限次使用。这种卡也被称为“处女卡”
- 发卡器发卡法:对于一些算法复杂基本无法破解的情况,使用同厂家同型号同版本的发卡器,通过修改发卡器发卡规则使得规则与物业的发卡规则相同来发卡就可以实现。但是破解发卡规则是一个很大的工程,同时梯控厂家也不会向个人单独销售配套发卡器,所以这种方法只掌握在少数人的手中
数据的常见保存格式
日期
| 格式 | 原日期 | 转换后 |
|---|---|---|
| 16进制4位1 | 2025.12.31 | 339F |
| 16进制4位2 | 2025.12.31 | 99FC |
| 16进制6位1 | 2025.12.31 | 190C1F |
| 16进制6位2 | 2025.12.31 | 7E9CF8 |
| 16进制6位3 | 2025.12.31 | 7CA9E7 |
| 16进制8位1 | 2025.12.31 | 14190C1F |
| 16进制8位2 | 2025.12.31 | 07E90C1F |
| 16进制8位3 | 2025.12.31 | E9070C1F |
| 16进制8位4 | 2025.12.31 | 1F0CE907 |
| 16进制8位6 | 2025.12.31 | E907CF04 |
下表是CSDN大佬自行破译出的算法
| 序号 | 名称 | 十六进制 | 十进制 | 备注 |
|---|---|---|---|---|
| 1.康拓系统 | 四位日期 4位1 | C79F | 2099.12.31 | 转2进制,1100 011 ,1100, 11111->99,12,31 |
| 2.立林日期 | 4位2 | E3FC | 2099.12.31 | 未破解 |
| 3 | 卡拉德日期 6位3 | 03A9E7 | 2099.12.31 | ???? |
| 4 | 明码日期6位 | 991231 | 2099.12.31 | 年.日.月 |
| 5 | 明码日期倒6位 | 311299 | 2099.12.31 | 日.月.年 |
| 6.富士通 | 暗码倒六位 | 1F0C63 | 2099.12.31 | 1F-0C-63转10进制31-12-99 |
| 7 | 暗码6位1 | 630C1F | 2099.12.31 | 63-0C-1F转10进制99-12-31 |
| 8 | 暗码6位2 | 833C1F | 2099.12.31 | 833-C-1F转10进制2099-12-31 |
| 9 | 暗码6位3 | 833CF8 | 2099.12.31 | 833-C-F8/8 |
| 10 | 明码正8位 | 20991231 | 2099.12.31 | ###### |
| 11 | 明码倒8位 | 31129920 | 2099.12.31 | 31-12-9920 |
| 12 | 暗码8位1 | 14630C1F | 2099.12.31 | 14-63-0C-1F转10进制20-99-12-31 |
| 13 | 暗码8位2 | 08330C1F | 2099.12.31 | 0833-0C-1F转十进制2099-12-31 |
| 14 | 暗码倒8位1 | 1F0C6314 | 2099.12.31 | 1F-0C-63-14转10进制31-12-99-20 |
| 15 | 暗码倒8位2 | 1F0C3308 | 2099.12.31 | 1F-0C-3308->倒序1F-0C-0833转十进制31-12-2099 |
| 16 | 暗码倒8位3 | 33080C1F | 2099.12.31 | 3308-0C-1F->倒序0833-0C-1F转十进制2099-12-31 |
校验码
异或 异或取反 字节和 CRC-4/ITU CRC-5/EPC CRC-5/ITU CRC-5/USB CRC-6/ITU …
楼层号
每个字节控制四层楼,可以用软件计算
例子
下面选了学校的电梯卡作为例子
因为后面的区块都没有存数据,我就提取了前四个扇区来说明
0 扇区
0 区块: 13 93 7B B2 49 08 04 00 02 35 FE C4 84 AE 31 1D # 13 93 7B B2是卡号,49是校验码
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
2 扇区
0 区块: 9F 20 00 00 00 00 19 0C 1F 0F 00 00 00 00 00 A1
# 9F是校验码,19 0C 1F是日期(16进制6位1)
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: FF FF 00 A5 00 00 00 00 00 00 00 00 00 00 00 00 # 其中的FF就是滚动码初始状态
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
在这里选择的破解方法是初始码数据还原法,原理就是每次把滚动码重置为FF
其它
下面这些是其它学校电梯卡的数据,需要的自取
0 扇区
0 区块: 13 93 7B B2 49 08 04 00 02 35 FE C4 84 AE 31 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
2 扇区
0 区块: 9F 20 00 00 00 00 19 0C 1F 0F 00 00 00 00 00 A1
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: FF FF 00 A5 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
4 扇区 - 15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
0 扇区
0 区块: B3 24 F1 DB BD 08 04 00 02 AE 24 91 42 98 07 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
2 扇区
0 区块: F1 20 00 00 00 00 19 0C 1F 0F 00 00 00 00 00 A1
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: FF FF 00 A5 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
4 扇区 - 15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
0 扇区
0 区块: B3 72 96 DC 8B 08 04 00 02 70 55 11 7C 11 D8 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
2 扇区
0 区块: 9F 20 00 00 00 00 19 0C 1F 0F 00 00 00 00 00 A1
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: FF FF 00 A5 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
4 扇区 - 15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
0 扇区
0 区块: 23 5E 7A B2 B5 08 04 00 02 FD 03 FA 80 67 92 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
2 扇区
0 区块: B9 20 00 00 00 00 19 0C 1F 0F 00 00 00 00 00 A1
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: FF FF 00 A5 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
4 扇区 - 15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
0 扇区
0 区块: C5 EE 75 0D 53 08 04 00 02 35 FE C4 84 AE 31 1D
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
1 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF
2 扇区
0 区块: DB 20 00 00 00 00 19 0C 1F 0F 00 00 00 00 00 A1
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
3 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: FF FF 00 A5 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: AB CD 06 13 09 04 FF 07 80 69 AB CD 06 13 09 04
4 扇区 - 15 扇区
0 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2 区块: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 区块: FF FF FF FF FF FF FF 07 80 69 FF FF FF FF FF FF