Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi,all,I need help to clone the iclass fob,below i get out put,when I did hf sea,
CSN: 79 7c c4 01 f9 ff 12 e0
CC: 8c 87 ff ff ff ff ff ff
Mode: Application [Locked]
Coding: ISO 14443-2 B/ISO 15693
Crypt: Secured page, keys not locked
RA: Read access not enabled
Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
AA1: blocks 06-12
AA2: blocks 13-1F
AppIA: ea f5 ff ff ff ff ff ff
: Possible iClass (NOT legacy tag)
Valid iClass Tag (or PicoPass Tag) Found - Quiting Search
after that command,I used hf iclass dump k (leaked key)
pm3 got no response,and then I used permuted hid master key,I got result below with a error,
hf iclass dump k (permuted key)
Authing with diversified key: e2c3ac27e8f00def
Authentication error
Authing with diversified key: e2c3ac27e8f00def
Authentication error
from that point I got stuck,what to try next,I did permute the key based on what carl55 wrote from leaked one from tweeter,and got error,can any one direct and point me to a next step,I read a lot of thread to get this point still unsure of using permuted master key....thanks in advance
Offline
According to the information that you provided above the fob has a Block 5 (AppIA) value of eaf5ffffffffffff. I have never seen a value like that so I have a hard time trusting the remainder of the information.
However, for a CSN value of 797CC401F9FF12E0 the Kdiv for that credential should be 5C6F78320B5B037E according to my calculations for a standard security legacy credential.
Also, the leaked master authentication key is already a permuted version of the key. You will need to "un-permute" the key before using the "hf iclass dump" command.
All of the above however assumes that your fob is not being used in an Elite or high security installation.
Offline
Hi,@carl55,Thanks for reply for me,I've learned a lot from your thread on the forum,and I read all of your posts,so I could come this far,although I am still struggling to figure out how to clone iclass fob using with pm3,actually i was using unpermuted master key starting like 1ecccd5be5a1exxx,got unpermuted from leaked master key using the method from your post said how to permute key,i had unpermuted key using horizontal and vertical binaries to unpermute the key,and then when I used command like hf iclass dump k 1ecccd5be5a1exxx,then I got an error like above,carl55,can you tell if I got right unpermuted key from leaked master key,so I can go from there...
Offline
Send me an email and we can discuss this further.
ModHex hehjighhhheeeefchjhvifhthbhkhrduhehvht
Offline
Hi,Carl55,email been sent to you,I really appreciated for your help..
Offline
Pages: 1