Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-04-15 08:32:35

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

PM3 cloning iclass

I am particularly interested if it is possible to clone iclass keys just using the PM3? Any help on this would be much appreciated. I have looked on previous posts and cant seem to find a definitive answer. A specific example would be for the below: Thanking you for your help in advance!


CSN: 89 e1 b3 02 f9 ff 12 e0
CC: 8c 87 ff ff d9 ff ff ff
        Mode: Application [Locked]
        Coding: ISO 14443-2 B/ISO 15693
        Crypt: Secured page, keys not locked
        RA: Read access not enabled
  Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
        AA1: blocks 06-12
        AA2: blocks 13-1F

Valid iClass Tag (or PicoPass Tag) Found - Quiting Search

CSN: 95 eb 48 02 f8 ff 12 e0
CC: 8c 87 ff ff ff ff ff ff
        Mode: Application [Locked]
        Coding: ISO 14443-2 B/ISO 15693
        Crypt: Secured page, keys not locked
        RA: Read access not enabled
  Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
        AA1: blocks 06-12
        AA2: blocks 13-1F

Valid iClass Tag (or PicoPass Tag) Found - Quiting Search

Offline

#2 2017-04-15 11:22:52

tayuto
Contributor
Registered: 2017-03-02
Posts: 5

Re: PM3 cloning iclass

Yes, you can do that as long as you got the keys.

Offline

#3 2017-04-15 17:52:50

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: PM3 cloning iclass

If you with "keys" mean copy credentials from iclass legacy tag,  then yes.
Ppl has been doing that since 2010 and it has been written/blogged about quite much.

Offline

#4 2017-04-18 06:10:30

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

Hi thank you for the reply. I do have the original keys so is it possible if it is not too much trouble to let me know the commands used to clone these keys? I have looked on these forums and unfortunately I haven't found anything. If you have a link to the blog where they specify this then that would be great too.

Many thanks

Offline

#5 2017-04-18 06:31:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: PM3 cloning iclass

Just google it,  or look at  proxmark file section

Offline

#6 2017-04-18 14:31:42

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

Sorry the link doesn't seem to be working. Could someone just let me know the commands if they know? It would be a big help to me and I would appreciate it very much.

Offline

#7 2017-04-18 14:36:05

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

I got the link working however is there somewhere in there where it specifically tells you step by step process for cloning using proxmark 3 as the examples they are giving seem to be using a different system that look unfamiliar to me?

Offline

#8 2017-04-18 15:41:37

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: PM3 cloning iclass

sorry, my bad,  the link works now.

Offline

#9 2017-04-18 16:01:52

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

Thanks iceman. I have been reading through but still no luck finding it. If you could give me a short summary of the commands I would be so grateful. Thanks for all your help.

Offline

#10 2017-04-18 17:29:04

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Offline

#11 2017-04-19 01:53:03

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

Thanks again for the link. In the above example that I have given would I look at the commands under hf 14a or hf 14b? I am assuming if it is one of these 2 then the command is hf 14a raw or hf 14b raw correct?

Or is it as simple as looking under hf iclass and typing in command hf iclass clone? Apologies for all the questions but I am just learning and this is still a little confusing for me which is why I requested someone to give me the specific commands for example above.

Appreciate the link though as there are a lot of commands I didn't know.

Offline

#12 2017-04-19 04:40:33

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: PM3 cloning iclass

If you have read enough, you first need to extract the data from the card (hf iclass dump) and then clone it using the file you extracted (hf iclass clone).

There are many keys out there (legacy, elite, SE) and different keys are used in different ways.

So first, identify which system/card your card falls into first (Hint: Look at the reader/card)

and also you can always type h behind the command you want to use. This will give you more info on the commands.

Keep learning. smile

Last edited by Dot.Com (2017-04-19 04:56:34)

Offline

#13 2017-04-19 04:53:23

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

Thanks for getting back to me and being a little more specific. Given the example I gave above is this the best way to go to about it or can't you tell what card/ system this uses given the info I have provided?

Offline

#14 2017-04-19 05:02:21

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: PM3 cloning iclass

tzigson1 wrote:

Thanks for getting back to me and being a little more specific. Given the example I gave above is this the best way to go to about it or can't you tell what card/ system this uses given the info I have provided?

No way unless you test them with the available keys. smile

Offline

#15 2017-04-19 05:11:00

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

So when I do a hf search and the following comes up: This is not enough info to know what system it is running? Is there a command I can type in to know what system if I have the key.If it helps the key looks like a a normal fob with a blue/purple middle



CSN: 89 e1 b3 02 f9 ff 12 e0
CC: 8c 87 ff ff d9 ff ff ff
        Mode: Application [Locked]
        Coding: ISO 14443-2 B/ISO 15693
        Crypt: Secured page, keys not locked
        RA: Read access not enabled
  Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
        AA1: blocks 06-12
        AA2: blocks 13-1F
Valid iClass Tag (or PicoPass Tag) Found - Quiting Search

Offline

#16 2017-04-19 05:37:17

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

I thought from this example we know that it is a  ISO 14443-2 B/ISO 15693. Is this not correct?

Offline

#17 2017-04-19 05:59:42

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 cloning iclass

iclass tags can use those protocols yes.  but that does not define what version of programming the iclass tag has on it.  and to do any work on iclass you will need to learn about the authentication "keys" for the different types of iclass programmed tags, which are the "keys" everyone above is referring to when they say "keys".  to clone you will need to provide the pm3 with valid keys to dump and clone an iclass tag.  the pm3 does not contain the authentication keys on purpose.

Offline

#18 2017-04-19 06:00:55

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: PM3 cloning iclass

tzigson1 wrote:

So when I do a hf search and the following comes up: This is not enough info to know what system it is running? Is there a command I can type in to know what system if I have the key.If it helps the key looks like a a normal fob with a blue/purple middle



CSN: 89 e1 b3 02 f9 ff 12 e0
CC: 8c 87 ff ff d9 ff ff ff
        Mode: Application [Locked]
        Coding: ISO 14443-2 B/ISO 15693
        Crypt: Secured page, keys not locked
        RA: Read access not enabled
  Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
        AA1: blocks 06-12
        AA2: blocks 13-1F
Valid iClass Tag (or PicoPass Tag) Found - Quiting Search

If we could, we obviously would have told you about it.

Offline

#19 2017-04-19 07:29:17

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

It seems with every post or reply this is quite complicated and I still don't really have any idea on how to tackle this problem. I am tempted to ask how I can authenticate keys before trying to clone iclass but I am understanding that this is quite complicated and I need to do many hours of research to accomplish this understanding. I am willing however to pay someone to come up with a detailed document of every step needed to successfully clone this type of card or a manual so its mapped out in the simplest of terms that is easy to understand for a beginner such as myself.

I am willing to pay $50 upon receipt and another $50 after I can test the commands to see if the cloning is successful. If interested please let me know via this blog or my email.

Offline

#20 2017-04-19 07:57:34

717
Contributor
Registered: 2015-10-21
Posts: 22

Re: PM3 cloning iclass

-

Last edited by 717 (2017-10-04 12:48:53)

Offline

#21 2017-04-19 12:58:38

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

ok please email me at info@allgoodsdirect.com.au

Offline

#22 2017-04-19 13:32:02

717
Contributor
Registered: 2015-10-21
Posts: 22

Re: PM3 cloning iclass

-

Last edited by 717 (2017-10-04 12:49:01)

Offline

#23 2017-04-19 14:28:51

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: PM3 cloning iclass

....and I think someone is in for a nasty surprice,  owell, you live, you learn.

Offline

#24 2017-04-20 10:02:38

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: PM3 cloning iclass

.....and he texted me at 3.32am last night. Stubborn fellow... It seems my words carry no weights on this forum no matter how I explain to him...

Offline

#25 2017-04-23 16:13:48

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

Hi guys, I am sorry if i have come across in that way however if you looked at my initial question there were a lot of responses that were not specific and towards the end i realised that even the word keys I was misinterpreting. I explained that I was just new to this so giving me a series of links on commands without explaining the proper process is not really helping me. I only offered money to ensure that someone might take the time and explain it properly rather than 1-2 line responses. I also messaged you earlier than that and only made the proposition as you seemed like you were helpful so take it as a compliment. Calling me stubborn is not accurate it is just a reflection that I am not getting the adequate help that I thought I would receive by joining this forum.

I am trying to read and do my own research as well but you can imagine to someone new it is a lot to take in. If anyone can help me it would be greatly appreciated and offer still stands.

Offline

#26 2017-04-24 05:37:51

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 cloning iclass

@tzigson1, i'm going to give you the benefit of the doubt and explain some of the reluctance of many of our contributors here.

1. in many places on this forum, the official wiki, and the github repo it is clearly stated that the proxmark3 is not for the casual user.
some here therefore are put off by those appearing to want a quick fix to a single rfid tag. 

counter this by showing you've done some homework and ask specific questions.

2. "cloners" to a few here is a bad word (myself not included).  maybe partly due to the reusing of pm3 code in commercialized cloners?  to most, however, the PM3 is not considered to be a cloner.  it is a research tool.

3. you have not stated your purpose or intentions in cloning your tags.  to many assisting someone to clone a tag most commonly used for access control may be unethical.

4. many people are just shy around iclass, they may fear HID? (or more likely they fear they would be helping criminals)  so they may not want a step by step outline created.

5. time, many contributors just are very busy and may only post a few times per month.

and finally, another link:  wink
http://www.proxmark.org/forum/viewtopic … 246#p17246

Offline

#27 2017-04-24 08:31:16

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: PM3 cloning iclass

1) spoonfeeding
2) cloners takes and demands, never give back to community.  Leeches!
3) all those pretty lies...
4) real fear,  C&D letters are not fun.
5) so little time left

Of course its much to take in,  just do it and tell us what you learned in during the process

Offline

#28 2017-04-25 17:59:28

tzigson1
Contributor
Registered: 2017-04-15
Posts: 15

Re: PM3 cloning iclass

Hi Marshmellow,

Appreciate you giving me the benefit of the doubt and taking the time to make me understand the general feelings of the forum in the way I have approached things. I can now understand why people have been a little brief or reluctant due to the reason listed above. To be honest I thought the PM3's main function was to clone and I knew it could do other things but thought these were all just preliminary steps with the goal of cloning the pass. As I am new I have worked out how to clone most cards with the exception of iclass and it was just frustrating for me not knowing. I am sure this will fall under the bracket "pretty little lies" and hope after more reading I can prove people wrong by adding and giving something back to this community. Many thanks again for all your help.

Offline

Board footer

Powered by FluxBB