Approach 1

安装官方驱动：https://www.acs.com.hk/en/driver/3/acr122u-usb-nfc-reader/

$ brew install libnfc libusb
$ brew install mfcuk mfoc 
$ brew install pcsc-lite

Approach 2 - 手动编译

安装依赖

$ brew install libtool automake autoconf libusb pkg-config

$ git clone https://github.com/nfc-tools/libnfc
$ autoreconf -vis
$ ./configure --with-drivers=acr122_pcsc
$ sudo make clean all && sudo make && sudo make install

使用nfc-list

$ sudo LIBNFC_LOG_LEVEL=3 nfc-list -v

使用mfoc

$ sudo nfc-list
nfc-list: ERROR: Unable to open NFC device: acr122_pcsc:ACS ACR122U

折腾了一番，发现连上ACR122U后需要执行一下下面两个命令（每次连接都要）

sudo launchctl stop com.apple.ifdreader && sudo launchctl remove com.apple.ifdreader

然后再运行，ok了

接着上mfoc碰运气 mfoc -O card.dump ，人品爆发很快就执行完了，生成card.dump

运行 xxd card.dump | head -1 或者从第3步输出信息里面找到uid(前8个字节）

找到一张UID或者CUID卡，放在读写器上，写入uid，nfc-mfsetuid xxxxxxxx

那这张卡扔给小米手环去模拟，成功

最好把小米手环放在读写器上，写入原卡信息，nfc-mfclassic w a card.dump

help

$ mfoc -h
Usage: mfoc [-h] [-k key]... [-P probnum] [-T tolerance] [-O output]

  h     print this help and exit
  k     try the specified key in addition to the default keys
  P     number of probes per sector, instead of default of 20
  T     nonce tolerance half-range, instead of default of 20
        (i.e., 40 for the total range, in both directions)
  O     file in which the card contents will be written (REQUIRED)

Example: mfoc -O mycard.mfd
Example: mfoc -k ffffeeeedddd -O mycard.mfd
Example: mfoc -P 50 -T 30 -O mycard.mfd

This is mfoc version 0.10.7.
For more information, run: 'man mfoc'.

使用 mcuk

$ mfcuk
mfcuk - 0.3.8
Mifare Classic DarkSide Key Recovery Tool - 0.3
by Andrei Costin, zveriu@gmail.com, http://andreicostin.com

Usage:
-C - require explicit connection to the reader. Without this option, the connection is not made and recovery will not occur
-i mifare.dmp - load input mifare_classic_tag type dump
-I mifare_ext.dmp - load input extended dump specific to this tool, has several more fields on top of mifare_classic_tag type dump
-o mifare.dmp - output the resulting mifare_classic_tag dump to a given file
-O mifare_ext.dmp - output the resulting extended dump to a given file
-V sector[:A/B/any_other_alphanum[:fullkey]] - verify key for specified sector, -1 means all sectors
	After first semicolon key-type can specified: A verifies only keyA, B verifies only keyB, anything else verifies both keys
	After second semicolon full 12 hex-digits key can specified - this key will override any loaded dump key for the given sector(s) and key-type(s)
-R sector[:A/B/any_other_alphanum] - recover key for sector, -1 means all sectors.
	After first semicolon key-type can specified: A recovers only keyA, B recovers only keyB, anything else recovers both keys
-U UID - force specific UID. If a dump was loaded with -i, -U will overwrite the in the memory where dump was loaded
-M tagtype - force specific tagtype. 8 is 1K, 24 is 4K, 32 is DESFire
-D - for sectors and key-types marked for verification, in first place use default keys to verify (maybe you are lucky)
-d key - specifies additional full 12 hex-digits default key to be checked. Multiple -d options can be used for more additional keys
-s - milliseconds to sleep for SLEEP_AT_FIELD_OFF (Default: 10 ms)
-S - milliseconds to sleep for SLEEP_AFTER_FIELD_ON (Default: 50 ms)
-P hex_literals_separated - try to recover the key from a conversation sniffed with Proxmark3 (mifarecrack.c based). Accepts several options:
	Concatenated string in hex literal format of form uid:tag_chal:nr_enc:reader_resp:tag_resp
	Example -P 0x5c72325e:0x50829cd6:0xb8671f76:0xe00eefc9:0x4888964f would find key FFFFFFFFFFFF
-p proxmark3_full.log - tries to parse the log file on it's own (mifarecrack.py based), get the values for option -P and invoke it
-F - tries to fingerprint the input dump (-i) against known cards' data format
-v verbose_level - verbose level (default is O)

Usage examples:
  Recove all keys from all sectors:
    mfcuk -C -R -1
  Recove the sector #0 key with 250 ms for all delays (delays could give more results):
    mfcuk -C -R 0 -s 250 -S 250

【NFC】macOS 连接 ACR122U