Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-08-27 23:10:20

seanedu
Contributor
From: Canada
Registered: 2017-04-12
Posts: 105

Need help to clone iclass fob

Hi,all,I need help to clone the iclass fob,below i get out put,when I did hf sea,

CSN: 79 7c c4 01 f9 ff 12 e0
    CC: 8c 87 ff ff ff ff ff ff
  Mode: Application [Locked]
Coding: ISO 14443-2 B/ISO 15693
Crypt: Secured page, keys not locked
    RA: Read access not enabled
   Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
   AA1: blocks 06-12
   AA2: blocks 13-1F
AppIA: ea f5 ff ff ff ff ff ff
      : Possible iClass (NOT legacy tag)

Valid iClass Tag (or PicoPass Tag) Found - Quiting Search

after that command,I used hf iclass dump k (leaked key)
pm3 got no response,and then I used permuted hid master key,I got result below with a error,

hf iclass dump k (permuted key)
Authing with diversified key: e2c3ac27e8f00def
Authentication error
Authing with diversified key: e2c3ac27e8f00def
Authentication error

from that point I got stuck,what to try next,I did permute the key based on what carl55 wrote from leaked one from tweeter,and got error,can any one direct and point me to a next step,I read a lot of thread to get this point still unsure of using permuted master key....thanks in advance

Offline

#2 2018-08-28 18:18:23

carl55
Contributor
From: Arizona USA
Registered: 2010-07-04
Posts: 175

Re: Need help to clone iclass fob

According to the information that you provided above the fob has a Block 5 (AppIA) value of eaf5ffffffffffff. I have never seen a value like that so I have a hard time trusting the remainder of the information.
However, for a CSN value of 797CC401F9FF12E0 the Kdiv for that credential should be 5C6F78320B5B037E  according to my calculations for a standard security legacy credential.
Also, the leaked master authentication key is already a permuted version of the key. You will need to "un-permute" the key before using the "hf iclass dump" command.

All of the above however assumes that your fob is not being used in an Elite or high security installation.

Offline

#3 2018-08-28 20:31:21

seanedu
Contributor
From: Canada
Registered: 2017-04-12
Posts: 105

Re: Need help to clone iclass fob

Hi,@carl55,Thanks for reply for me,I've learned a lot from your thread on the forum,and I read all of your posts,so I could come this far,although I am still struggling to figure out how to clone iclass fob using with pm3,actually i was using unpermuted master key starting like 1ecccd5be5a1exxx,got unpermuted from leaked master key using the method from your post said how to permute key,i had unpermuted key using horizontal and vertical binaries to unpermute the key,and then when I used command like hf iclass dump k 1ecccd5be5a1exxx,then I got an error like above,carl55,can you tell if I got right unpermuted key from leaked master key,so I can go from there...

Offline

#4 2018-08-28 20:59:39

carl55
Contributor
From: Arizona USA
Registered: 2010-07-04
Posts: 175

Re: Need help to clone iclass fob

Send me an email and we can discuss this further.
ModHex hehjighhhheeeefchjhvifhthbhkhrduhehvht

Offline

#5 2018-08-28 22:23:05

seanedu
Contributor
From: Canada
Registered: 2017-04-12
Posts: 105

Re: Need help to clone iclass fob

Hi,Carl55,email been sent to you,I really appreciated for your help..

Offline

Board footer

Powered by FluxBB