Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-06-26 13:34:19

yukihama
Contributor
Registered: 2018-05-13
Posts: 133

Any progress on Iclass SE?

Hi dear friends, are there any progress on iclass SE clone?
My buidling is relativly new and using iclass SE system. I read my iclass keyfob and showing "NOT Legacy Card". I can get format key by "sim". But dump is  not successful with the format key I got, which is sure the system is not HS. I am sure you know what I am talking about,LOL


Is there anything I can contribute to cracking icalss SE system, financialy or technically? LOLlolololo

BR

Last edited by yukihama (2018-06-26 13:39:30)

Offline

#2 2018-06-27 15:30:03

gmsuz
Contributor
Registered: 2017-10-24
Posts: 6

Re: Any progress on Iclass SE?

I happened to come across my friend residence is using iclass SE card.

CSN: 51 A2 7F 02 F9 FF 12 E0
    CC: FF FF FF FF 71 FA FF FF
        Mode: Application [Locked]
        Coding: ISO 14443-2 B/ISO 15693
        Crypt: Secured page, keys not locked
        RA: Read access not enabled
  Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
        AA1: blocks 06-12
        AA2: blocks 13-1F
        OTP: 0xFFFF

KeyAccess:
        Read A - Kd or Kc
        Read B - Kd or Kc
        Write A - Kc
        Write B - Kc
        Debit  - Kd or Kc
        Credit - Kc
App IA: FF FF FF 00 06 FF FF FF
      : Possible iClass (NOT legacy tag)

Valid iClass Tag (or PicoPass Tag) Found - Quiting Search


The reader is a Iclass SE.
hf iclass sim 2 was completed and lolcass was able to extract a Key verified ok!

However the key was not able to dump the iclass SE card.

I did my read up and understood that the difference between legacy and SE is blk 6 to 12 is protected by SIO and the data is unique to the card CSN. There is no point copying it to another card.

I am just wondering why the veriifed key is unable to dump the iclass SE card.

Can someone enlightened me.

Offline

#3 2018-06-28 05:33:14

yukihama
Contributor
Registered: 2018-05-13
Posts: 133

Re: Any progress on Iclass SE?

gmsuz wrote:

I happened to come across my friend residence is using iclass SE card.

CSN: 51 A2 7F 02 F9 FF 12 E0
    CC: FF FF FF FF 71 FA FF FF
        Mode: Application [Locked]
        Coding: ISO 14443-2 B/ISO 15693
        Crypt: Secured page, keys not locked
        RA: Read access not enabled
  Mem: 2 KBits/2 App Areas (31 * 8 bytes) [1F]
        AA1: blocks 06-12
        AA2: blocks 13-1F
        OTP: 0xFFFF

KeyAccess:
        Read A - Kd or Kc
        Read B - Kd or Kc
        Write A - Kc
        Write B - Kc
        Debit  - Kd or Kc
        Credit - Kc
App IA: FF FF FF 00 06 FF FF FF
      : Possible iClass (NOT legacy tag)

Valid iClass Tag (or PicoPass Tag) Found - Quiting Search


The reader is a Iclass SE.
hf iclass sim 2 was completed and lolcass was able to extract a Key verified ok!

However the key was not able to dump the iclass SE card.

I did my read up and understood that the difference between legacy and SE is blk 6 to 12 is protected by SIO and the data is unique to the card CSN. There is no point copying it to another card.

I am just wondering why the veriifed key is unable to dump the iclass SE card.

Can someone enlightened me.


you are on the same boat with me now,LOL 
how can we make this done? no news yet from the gurus^_^

Offline

#4 2018-06-30 15:26:19

carl55
Contributor
From: Arizona USA
Registered: 2010-07-04
Posts: 175

Re: Any progress on Iclass SE?

If you are unable to dump the contents of the high security/Elite SE credential then it is probably due to one of the following problems:
1. The extracted Kcus key is wrong or it is NOT a high security/Elite credential.
2. The calculated diversified key (Kdiv) is wrong.

Assuming that your SE system actually is a high security/Elite system, the diversified key that was calculated probably is wrong.
The calculation of Kdiv is straightforward for 99% of the various CSN values. However, there are "special case" CSN values that involve a slight change to the Kdiv algorithm. I myself have experienced a few CSN values in the past that appeared to yield an incorrect Kdiv when calculated.
I don't have any hard data at this point but I do plan on doing some more extensive testing in the near future.
If possible, you could try a different credential with a different CSN and see if it experiences the same problem.

A high security/Elite iClass SE system is actually less secure than the standard security SE which uses the new "SE" master authentication key.
If you have recovered Kcus you should be able to read the contents of the SE credential. However, if it were a standard security system then you could only read the contents of the credential by capturing the MAC and nonce from a legitimate authentication sequence and then using that information to replay the authentication sequence. I have done this many times and it seems to work fine. Unfortunately, until someone is able to uncover HIDs new Master SE authentication key we are not able to directly read the contents of a standard security SE credential.

Offline

#5 2018-07-03 07:42:00

yukihama
Contributor
Registered: 2018-05-13
Posts: 133

Re: Any progress on Iclass SE?

Hi  Carl
awesome, you are genuis....I just finished my final exam and have heaps of time and spare engergy to focus on SE follwing 2months....Is there any i can contribute to your work on SE?  Can I contact you by email?  I am sure this forum has iclass staff watching on us LOL

Offline

#6 2018-07-24 12:27:25

brantz
Contributor
Registered: 2014-03-19
Posts: 50

Re: Any progress on Iclass SE?

carl55 wrote:

If you are unable to dump the contents of the high security/Elite SE credential then it is probably due to one of the following problems:
1. The extracted Kcus key is wrong or it is NOT a high security/Elite credential.
2. The calculated diversified key (Kdiv) is wrong.

Hi Carl,
I have mentioned this to you before, with the exact correct HS key, PM3 is still not able to read SE credential.
I reckon SE credential decode on HID reader is a bit different from what PM3 does.

Offline

#7 2019-08-20 15:21:00

AmmonRa
Contributor
Registered: 2017-04-14
Posts: 13

Re: Any progress on Iclass SE?

Hi, I am working on iClass SE shenanigans... I would very much like to get my hands on an unprogrammed one of these cards, it's an old style 3350VMSNV, i.e. an iClass SE ER card from before the 2017 changes. If anyone has one or more, I'm happy to buy it from you.

iClass SE ER card

Offline

#8 2019-08-27 10:08:51

NYCity25
Contributor
From: Mars
Registered: 2018-08-19
Posts: 31

Re: Any progress on Iclass SE?

AmmonRa wrote:

Hi, I am working on iClass SE shenanigans... I would very much like to get my hands on an unprogrammed one of these cards, it's an old style 3350VMSNV, i.e. an iClass SE ER card from before the 2017 changes. If anyone has one or more, I'm happy to buy it from you.

https://www.lsc.com.au/image/?path=../content/Image/products/&file=3350VMSNV.jpg&filter=product-detail-large

Have heaps of them , PM me

Offline

#9 2019-08-29 14:17:49

brantz
Contributor
Registered: 2014-03-19
Posts: 50

Re: Any progress on Iclass SE?

AmmonRa wrote:

Hi, I am working on iClass SE shenanigans... I would very much like to get my hands on an unprogrammed one of these cards, it's an old style 3350VMSNV, i.e. an iClass SE ER card from before the 2017 changes. If anyone has one or more, I'm happy to buy it from you.

https://www.lsc.com.au/image/?path=../content/Image/products/&file=3350VMSNV.jpg&filter=product-detail-large

I reckon the 3350 is all programmed before leaving factory.

Offline

#10 2019-08-30 05:49:21

AmmonRa
Contributor
Registered: 2017-04-14
Posts: 13

Re: Any progress on Iclass SE?

brantz wrote:

I reckon the 3350 is all programmed before leaving factory.


then what's the ER for? I have newer ER cards which are not programmed (different from uninitialized). any older ER card would be fine, I just need some ER cards that I can write to using the pm3

Last edited by AmmonRa (2019-08-30 05:50:40)

Offline

#11 2019-08-30 09:38:56

brantz
Contributor
Registered: 2014-03-19
Posts: 50

Re: Any progress on Iclass SE?

AmmonRa wrote:
brantz wrote:

I reckon the 3350 is all programmed before leaving factory.


then what's the ER for? I have newer ER cards which are not programmed (different from uninitialized). any older ER card would be fine, I just need some ER cards that I can write to using the pm3

From my experience, ER means SO only

Offline

#12 2019-08-30 11:01:22

AmmonRa
Contributor
Registered: 2017-04-14
Posts: 13

Re: Any progress on Iclass SE?

Sure, it means SO only, but more than that, it means Encoder Ready, i.e. that it's a non-programmed card.

Offline

#13 2019-08-31 15:36:17

AmmonRa
Contributor
Registered: 2017-04-14
Posts: 13

Re: Any progress on Iclass SE?

NYCity25 wrote:

Have heaps of them , PM me


great! I tried to email you, not sure if the email is correct, as your modhex seems to corrupted after the "g". how much do you want per card?

Offline

#14 2019-09-04 01:54:11

Ryston
Contributor
Registered: 2019-07-09
Posts: 16

Re: Any progress on Iclass SE?

So based on HID publication materials, I am thinking those SIOs look something like this:

AES(App One Data, ekey1)
RSA(AES App One Data, ekey1), SKEY1)

AES(App Two Data, ekey2)
RSA(AES App Two Data, ekey2), SKEY2)

RSA(
RSA(AES(App One Data, ekey1), SKEY1) +
RSA(AES(App Two Data, ekey2), SKEY2) +
CSN , SKEY3
)

In all of this, I can't figure out where they would reply to the nonce challenge correctly.  I mean they've got to to prevent cloning.

If they did it in the final block, you could just write the app 1 blocks from one badge to another.
If they did it in the early block, they've not put SKEY1... AND 3 onto the card, which means the encoder has them in the firmware, which seems like a good place to extract them from.

No all of this only makes any sense to me if App 1 and its signature are sold as packaged units and SKEY1 is kept and held by RSA in secret, but SKEY3 is something the customer can set.

The processor on the card must disallow writing to the App1 blocks once they are written.  Ya?  Anyone?

Last edited by Ryston (2019-09-04 21:05:05)

Offline

#15 2019-09-06 06:01:37

AmmonRa
Contributor
Registered: 2017-04-14
Posts: 13

Re: Any progress on Iclass SE?

@Ryston I'm not sure I agree with you, did you mean EAX' rather than AES? can you link the publication(s) you base this on so I can check them?

Last edited by AmmonRa (2019-09-06 06:06:21)

Offline

#16 2019-09-09 17:56:46

Ryston
Contributor
Registered: 2019-07-09
Posts: 16

Re: Any progress on Iclass SE?

It was imprecise of me to say 'AES', I apologize.
I am providing more specific claims. 

Near the bottom of page 4 this document claims,

The cryptographic algorithm used to protect an SIO is based on AES cryptography.

http://www.emacs.es/downloads/WP/201407 … L_v1.0.pdf

This really bothers me though, because the next page does specify that AES is used for both encryption and authentication.  (e.g. EAX mode.)

The trouble there is that this video claims the encrypted form of the credential is signed by an symetric key pair.
https://youtu.be/ohEMaD_HVC8?t=111

...  if their algorithm uses EAX mode, and the video is mistaken and it is the unencrypted credential which is signed - that would make a lot of sense. 

Why did you think it was using EAX?

EDIT:  Sorry I realized after I walked away this explanation was incomplete.  I am assuming the primary credential and its signature are preloaded using a key pair (one half loaded on all SE readers, one half controlled by the credential manufacturer, HID.) and are only sold pre-programed.

This is based on some sales material I can't seem to source this morning dealing with SIOs for Seos and how to order more credentials. 

I could be mistaken in this assumption as well - they may have put half of the key pair onto the card in which case the encrypted version of the credential (with the challenge nonce) could then be signed.  ...  I don't think this is the case, but I really ought to find my source.

Last edited by Ryston (2019-09-09 18:14:51)

Offline

Board footer

Powered by FluxBB