I've been playing with the PM3 and various china bought RFID cloners.
My efforts are all in an attempt to help my girlfriend's dad transition from a traditional locksmith replicating physical door keys to provide modern RFID cloning service for digital door locks.
I've had great success with duplication most cards utilizing PM3 and some china cloners on low frequency cards.
However, I've hit a major bump, and has been stuck for several months trying to figure out HID ICLASS and how I may utilize my HID Omnikeys 5321 CLi v2 to help replicate HID Iclass cards.
iclass card duplication has been actively sought after as home owners are at the mercy of ridiculous charges of US$50-US$100/card with their manager to issue additional / replace loss cards.
I've also spent a fair amount financially trying to locate local university enginerring students to assist me with this project, but money has been spent but there's been no progress.
I'm posting to request for a one on one help, maybe via skype, etc, to provide me a absolute dummy's guide to cloning iclass cards, like a step by step process utilizing PM3, and or Softwares which I can use with HID Omnikeys 5321 CLi v2.
This will be a paid tuition, please let me know if you're able to help me.
PS. I've read the Heart of Darkness, downloaded iclassifieds, copyclass and all sorts of other PDFs, and VMWares to run Win XP, but I can't find the instructions to duplicate iclass cards with my existing softwares and hardware. I believe I've most if not all of the pieces, but I don't know how to use them.
I've been stuck for about 6-8 weeks on this now. I'm sincere in my request and I hope some kind soul may offer some assistance.
Like Snorlax, I too am stuck on how to proceed.
Have been reading many papers and posts in this forum but still couldn't figure out where to start. Obviously, I won't be able to get older iClass readers like RW400 for key extraction as these readers are next to extinction.
I was hinted that it is possible to extract the master key from PM3 but still don't know how.
Could you please offer assistance on how to proceed with obtaining the master key? Currently, I have Omnikey 5321 V2 and PM3.
I too have a Omnikey & PM3, but I don't think the master key's on PM3?
Rather I believe it's encrypted in 3DES on iclassifieds as it can read block 6 on the iclass cards.
Are you able to run iclassified? I have problem running this program as every time I run it, it give me "Cannot find reader" error. I'm using Windows 10 64 bit version.
You've to run it on a Windows XP machine running 32bit, just go get a VMWare and slap a XP image on it, you'll be set.
I'll give it a try.
I just did what you suggested. Installed Win XP SP2 on VMWare, then installed HID PCSC Driver 126.96.36.199 and Synchronous API 188.8.131.52.
After that tried to run "main.exe" from iclassified directory. Still the same error :
Connecting to reader : Omnikey Cardman 5x21-CL 0... Failed
Error : Could not find Omnikey Reader.
What happened? What did I do wrong?
Windows 10 64 bit version
Windows XP machine running 32bit
Did Windows XP VMware detected your usb device(Onnikeys)?
You can try running contactlessdemovc.exe to see if the device is detected properly. you look like you've the correct drivers except your machine is having difficulty detecting the reader.
If it's detected in Windows 10 OS, it will not be detectable in your Windows XP VMWare, because the device is "being used" in Win 10.
Shoutout: I'm still looking for someone to help me with this! =] Ideally if you've already extracted the keys, because it's been a MASSIVE pain to locate the older versions of RW400 to extract the keys.
I read your thread with interest, but I can not help you.
some Proxmark user from Australian seemed to use PM3 to clone HID iclass
interesting is what you can make of the artikel in OpenCD
"Q: That nice, but in fact actually it's impossible to buy a machine able to make a copy ?
A: You only need the standard Desktop USB Omnikey Readers 5321/6321 to make a copy manually. You don't even need a special software, but only the extracted authentication key. A copy can be made using the free ContactlessDemoVC.exe (see Fig. 10 and Table III on page 6). This process can be fully automated in software."
Got very weird response from iClassified today. First, under Windows 10 (and XP under VMWare), iClassified now found Omnikey reader but were unable to establish secure mode.
After a while, running XP under VMWare, I was able to get iclassified to run correctly but don't know whether it will run again next time or not. Anyway, now I got a readout of csn, conf, App1, App2, iss, and block 6.
If iclassified is able to read block 6, then I would expect it to be able to read block 7-9 if you modify the code in main.c as suggested by member rparker in http://www.proxmark.org/forum/viewtopic.php?id=2755
After you have block 6-9 read, possibly, you can modify iClassified to write it. Don't know whether it will work or not as I am not even on step 1 yet.
However, I am unable to get mingw to run yet.
The very problem is how to get that AUTHENTICATION KEY without dissecting the old iclass readers. Also, it is obviously not possible to go to public readers and attach our "bottle of wine" to the back of readers. The only resources I currently have is Omnikey 5321 reader and PM3.
Made a mistake above. CANNOT read App1 & App2 above. App1 : block [06-12] App2 : block [13-1f]
Another update :
I now installed mingw under WinXP and everything seems to work fine. I modified main.c to read block 7-9 and run it. It seems to read block 6-9 now. But the data on block 8 and 9 are the same. Is this right?
Do you have a skype username I can reach you at?
@capecode win7 and later use usually signed driver, to come around that problem there are ways to apply. like start up in "allowed to use unsigned driver" mode; call program to force window stay in test mode etc... I don't know about win10, particularly 64bit system, you are sure those signed/unsigned driver issue won't affect your work with thid device and program?
Also if you have PM3 and 6321 can you not snoop? Sorry my ignorance I don't have such hardware, but I would like to know what you can sniff or snoop from the 6321, if it is possible at all? what comes out of the snoop? what to do next? if failed to extract key from there why it fails? etc...
Again if I make mistake or say something wrongly pls correct me, so I can learn. I follow with interest to learn. Not that I want to advise/educate you, pls don't see me that way.
I have skype account but don't usually turn on. Do you use Whatsapp / Line / WeChat apps? I'm on a GMT+7 Timezone.
I believe PM3 can snoop but I haven't gone that far yet.
Have any of you use PM3 command "hf iclass loclass"? I can't seem to get it work with my standard iClass card.
I have not seen any HF iclass IOclass card. where you can get a used but valid HF iclass IOclass card, or HF standard iclass? For what are they used?
I use MinGW to compile main.c and I have problem with error message "undefined reference to 'SendApdu'" Will you please suggest how can I pass this unresolved issue?
anyone got a copy of main.c which was modified to read block 7-9?
Newbie here - I've been able to run iclassified on an XP machine with the Omnikey 5321 CLi and I also get the ""Cannot find reader" error.
However, when I remove the card and put the card back on and run the Read command again iclassified does find the reader, but then it says that it "can't go into Secure Mode".
Can anyone give me some advice on where to go from there?
I've got the diagnostic tools from HID and it definitely shows that the drivers and everything is installed correctly.
Take a read through this blog post:
Secondly, the iClass master key for standard security has been leaked online through popular channels. It is arguably easier to find the key and use the PM3 to pull data.
Thanks for replying KChung.
I actually read your post and many other iclass-related posts quite a few times before I went ahead and bought the OK5321 reader. Your post is one of the most detailed and practical that I've found and had it bookmarked.
I downloaded iclassified and MinGW and was able to compile the source files by following your instructions.
The drivers have been downloaded and installed (although I couldn't get the older version of CardMan to install on WinXP because the newer driver automatically installs).
Trying to run the "iclass.exe" read is where I get stuck with the Secure Mode problem.
I spent the whole weekend trying to install and reinstall everything but still can't get any further. I do have a feeling it might be the newer version of the OmniKey driver that's causing me issues.
Re the iClass Master Key, I was able to get a hold of that - but key permutations are definitely not my specialty. I'll admit that reading the related documents leaves me quite confused and I honestly don't think it'll be something I'd be able to understand by myself any time soon.
I'll keep going at it in the meantime, but I'll wait until I go back to my home city and ask my programming friends to explain it to me.
On a separate topic, happy to report that I've been able to use the Proxmark3 to do some random HID, Indala and Pyramid tag cloning so far. I was able to test the copied tags to confirm that they actually work.
Last edited by bobbified (2017-03-06 11:52:49)