Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
In order to clone an iClass card, first I did mac attack with
hw stand 2
Then I run loclass offline and got a success result (key replaced with 11121314... due to privacy)
[usb] pm3 --> hf iclass loclass f iclass_mac_attack.bin
...
[+] -- High security custom key (Kcus) --
[+] Standard format 11 12 13 14 15 16 17 18
[+] iClass format 21 22 23 24 25 26 27 28
[+] Key verified ok!
Question 1:
Which key format should I use for the dump command? The standard format or the iClass format? Is there any other format/permute required? Do I need the 'e' parameter?
//which one to use?
hf iclass dump k 1112131415161718
hf iclass dump k 2122232425262728
//do i need this?
//e : elite computations applied to key
Question 2:
If I want to use standalone mode, should i replace the aa2_key[] or the legacy_aa1_key[] in the code?
static uint8_t aa2_key[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
static uint8_t legacy_aa1_key[] = {0xAE, 0xA6, 0x84, 0xA6, 0xDA, 0xB2, 0x32, 0x78};
Question 3:
What will happen if standalone mode 3 reader runs with a wrong aa1/aa2 key? Does it save wrong data? How do I know whether it succeeds if I'm not connecting pm3 to my client (cannot see debug info)?
Thanks in advance!
Last edited by jiangyi1985 (2020-10-10 18:20:52)
Offline