Proxmark3 community

kon_or

Contributor

Registered: 2019-04-12

Posts: 2

Cannot calcualte the master key

I successfully ran a reader attack

pm3 --> hf iclass sim 2
[=] Starting iCLASS sim 2 attack (elite mode)          
[=] press keyboard to cancel          
#db# [+] going into attack mode, 9 CSNS sent          
#db# [+] CSN: 01 .... e0 OK          
#db# [+] CSN: 0c .... e0 OK          
#db# [+] CSN: 10 .... e0 OK          
#db# [+] CSN: 13 .... e0 OK          
#db# [+] CSN: 07 .... e0 OK          
#db# [+] CSN: 14 .... e0 OK          
#db# [+] CSN: 17 .... e0 OK          
#db# [+] CSN: ce .... e0 OK          
#db# [+] CSN: d2 .... e0 OK          
[+] 9 out of 9 MAC obtained [OK]          
[+] saved 216 bytes to binary file iclass_mac_attack-1.bin

when I try to use the dump to calculate the master key I get the following error

pm3 --> hf iclass loclass f iclass_mac_attack-1.bin 
----------------------------          
[=] Bruteforcing byte 1          
[=] Bruteforcing byte 0          
[=] Bruteforcing byte 69   
.... 
[!] Failed to recover 3 bytes using the following CSN          
[!] CSN = d25a82f8f7ff12e0          
[+] time: 350 seconds          
[!] error, we are missing byte 0, custom key calculation will fail...          
[!] error, we are missing byte 1, custom key calculation will fail...          
[!] error, we are missing byte 2, custom key calculation will fail...          
[!] error, we are missing byte 3, custom key calculation will fail...          
[!] error, we are missing byte 4, custom key calculation will fail...          
[!] error, we are missing byte 5, custom key calculation will fail...          
[!] error, we are missing byte 6, custom key calculation will fail...          
[!] error, we are missing byte 7, custom key calculation will fail...          
[!] error, we are missing byte 8, custom key calculation will fail...          
[!] error, we are missing byte 9, custom key calculation will fail...          
[!] error, we are missing byte 10, custom key calculation will fail...          
[!] error, we are missing byte 11, custom key calculation will fail...          
[!] error, we are missing byte 12, custom key calculation will fail...          
[!] error, we are missing byte 13, custom key calculation will fail...          
[!] error, we are missing byte 14, custom key calculation will fail...          
[!] error, we are missing byte 15, custom key calculation will fail...          

          
[+] -- High security custom key (Kcus) --          
[+] Standard format    = da28787db0ff2150          
[+] iClass format      = 31ad7ebd2f282168          
[!] Failed to verify calculated master key (k_cus)! Something is wrong.  

Am i missing a something or what is the best way to diagnose the reason it fails?

carl55

Contributor

From: Arizona USA

Registered: 2010-07-04

Posts: 175

Re: Cannot calcualte the master key

The most likely explanation for your problem is that you are attempting to retrieve the high security authentication key from an iCLASS SE reader.
The loclass function does not work with the newer "iClass SE" readers unless they explicitly support the use of legacy credentials.

If you look at the diversified key algorithms in the HID charts below you will see that there are various hashing algorithms involved when calculating the diversified key used in the authentication process. It is theorized that HID has modified one or more of these hashing algorithms for iClass SE. Until more details are uncovered, the loclass function can only be used reliably with readers that support legacy credentials.

iClass High Security Algorithm

iClass Standard Security Algorithm

iceman

Administrator

Registered: 2013-04-25

Posts: 9,537

Website

Re: Cannot calcualte the master key

Welcome back @carl55,   I been missing you!