Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-02-04 19:04:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

[new cmd] hf iclass lookup

let me share a little trick I picked up the last month,  which is enabled with the new iclass command in iceman fork.

pm3 --> hf iclass lookup h
Lookup keys takes some sniffed trace data and tries to verify what key was used against a dictionary file
Usage: hf iclass lookup [h|e|r] [f  (*.dic)] [u <csn>] [p <epurse>] [m <macs>]
Options:
      h             Show this help
      f <filename>  Dictionary file with default iclass keys
      u             CSN
      p             EPURSE
      m             macs
      r             raw
      e             elite
Samples:
        hf iclass lookup u 9655a400f8ff12e0 p f0ffffffffffffff m 0000000089cb984b f default_iclass_keys.dic
        hf iclass lookup u 9655a400f8ff12e0 p f0ffffffffffffff m 0000000089cb984b f default_iclass_keys.dic e

What to do with this command, you say?  Well, this command depends on two items. 
1) a dictionary file with known keys.
2) trace data from a iclass authentication

Everone have tried the SIM 2 attack  with LOCLASS,   in order to get a HighSecurity/Elite custom key but what happens when loclass fails?   Which is does when the reader doesn't use an elite key. This is shown in the output from the loclass command where it says 

[+] Bruteforcing byte 1
[+] Bruteforcing byte 0
[+] Bruteforcing byte 69
  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15, 16,
 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64,
 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80,
 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96,
 97, 98, 99,100,101,102,103,104,105,106,107,108,109,110,111,112,
113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,
129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,
145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,
161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,
177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,
193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,
209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,
225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,
241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,  0,

[!] Failed to recover 3 bytes using the following CSN
[!] CSN = 008b8f7ff7ff12e0
[-] The CSN requires > 3 byte bruteforce, not supported

Once you see this failed to recover 3 bytes you might aswell ctrl-c and stop it.  The attack will 99.99% fail.

Now what to do?   Before you where stuck here,  but now you can use the new command lookup in order to figure things out.
In the generated data file from SIM 2,   the data is formatted in 24bytes fields.   What you need is to put the data accordingly

       hf iclass lookup u 9655a400f8ff12e0 p f0ffffffffffffff m 0000000089cb984b f default_iclass_keys.dic

Bytes from file.
  0-7  =   9655a400f8ff12e0 
  8-15 =  f0ffffffffffffff 
  16-23 = 0000000089cb984b 

If your default keys dictionary file is good,  then you will be greated with:

[+] CSN     | 96 55 A4 00 F8 FF 12 E0
[+] Epurse  | F0 FF FF FF FF FF FF FF
[+] MACS    | 00 00 00 00 89 CB 98 4B
[+] CCNR    | F0 FF FF FF FF FF FF FF 00 00 00 00
[+] MAC_TAG | 89 CB 98 4B
[+] (s) Loaded  3 keys from default_iclass_keys.dic
[-] Generating diversified keys and MAC
[-] Sorting
[-] Searching

[+] [debit] found key   :)

Time in iclass : 0 seconds

If you use the parameter  e  you would try to find the possible elite/custom key.

Offline

#2 2018-02-07 14:54:32

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: [new cmd] hf iclass lookup

And I did a little video about it,  demonstrating validation of elite key found from iclass sim2 / loclass attack.
No need to have reader or card.

https://youtu.be/vtHttzmq7dY

Offline

#3 2019-05-12 07:55:35

yukihama
Contributor
Registered: 2018-05-13
Posts: 133

Re: [new cmd] hf iclass lookup

iceman wrote:

And I did a little video about it,  demonstrating validation of elite key found from iclass sim2 / loclass attack.
No need to have reader or card.

https://youtu.be/vtHttzmq7dY


thanks  for the help and command. I confront this problem last Friday

My question is where can I find the good default keys dictionary file ? Any hint how to generate perfect default key dictionary file?
help needed urgently.,,,,,,

Offline

#4 2019-05-12 10:05:18

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: [new cmd] hf iclass lookup

there is a iclass default dictionary file in the repo.  If you need more keys,  you would need to extract them from readers.

Offline

#5 2019-05-12 13:14:07

yukihama
Contributor
Registered: 2018-05-13
Posts: 133

Re: [new cmd] hf iclass lookup

iceman wrote:

there is a iclass default dictionary file in the repo.  If you need more keys,  you would need to extract them from readers.


how about manually make all possible keys in local dictionary files and bruce attack with attack bin files? Any idea^)^

Last edited by yukihama (2019-05-12 13:30:45)

Offline

#6 2019-05-12 14:03:32

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: [new cmd] hf iclass lookup

A naive BF of 3des keyspace is.... not optimal.  I am trying to get iclass crypto support in hashcat once I get time over.
That way we will get GPU possibility to exhaust the keyspace atleast.  smile   And bitsliced impl of 3des.

Offline

#7 2019-05-12 15:21:47

yukihama
Contributor
Registered: 2018-05-13
Posts: 133

Re: [new cmd] hf iclass lookup

iceman wrote:

A naive BF of 3des keyspace is.... not optimal.  I am trying to get iclass crypto support in hashcat once I get time over.
That way we will get GPU possibility to exhaust the keyspace atleast.  smile   And bitsliced impl of 3des.


cool, i am looking forward to it^_^ just like the wifi attack way?

Offline

#8 2021-02-06 15:13:16

rollsheet
Contributor
Registered: 2021-01-31
Posts: 3

Re: [new cmd] hf iclass lookup

yukihama wrote:
iceman wrote:

A naive BF of 3des keyspace is.... not optimal.  I am trying to get iclass crypto support in hashcat once I get time over.
That way we will get GPU possibility to exhaust the keyspace atleast.  smile   And bitsliced impl of 3des.


cool, i am looking forward to it^_^ just like the wifi attack way?


Is there any progress support in hashcat

Offline

#9 2021-02-06 15:26:54

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: [new cmd] hf iclass lookup

None at all.  Never got time to follow up on it.

Offline

Board footer

Powered by FluxBB