Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-10-22 02:56:07

Ryston
Contributor
Registered: 2019-07-09
Posts: 16

Recovering iCLASS TDES Key. HoD or RE OmniKEY

Hello,

I plan to spend an embarrassingly large amount of time recovering the TDES key.  <I am told this is more commonly called the HID Transport key>

I am starting this project with near zero knowledge of the relevant things I ought to have knowledge of.  Well that's not quite true, but far less than I ought to at any rate.

I see some people have discussed reverse engineering the OmniKEY Firmware to get it, and I can see how that would be easier.  I worry, however, that I would be depriving myself of a useful learning opportunity. 

Am I being foolish?  Should I just save the time, money, and (knowing my dexterity and mindfulness) 2nd degree burns by attacking the firmware?

Thanks in advance for any feedback.

/R

Last edited by Ryston (2019-10-23 18:23:25)

Offline

#2 2019-10-22 15:52:37

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recovering iCLASS TDES Key. HoD or RE OmniKEY

the TDES key?   Which TDES key do you refer to?

Offline

#3 2019-10-22 17:12:25

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Recovering iCLASS TDES Key. HoD or RE OmniKEY

He is probably referring to the legacy iClass master key, which is indeed used for TDES (Triple DES, 3DES) encryption in the key diversification.

Offline

#4 2019-10-22 17:46:39

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recovering iCLASS TDES Key. HoD or RE OmniKEY

and guessing what he refers to is the exact reason for me asking...

Offline

#5 2019-10-22 18:58:42

Ryston
Contributor
Registered: 2019-07-09
Posts: 16

Re: Recovering iCLASS TDES Key. HoD or RE OmniKEY

Oh, sorry for the confusion.

No not the key used for authentication through key diversification.  It looks like the contents of block |07| is encrypted and contains the facility code + external ID number, and possibly some other data.

I think I am referring to the keys used for this... ya I just re-read the part of heart of darkness describing key extraction and I am now pretty sure those are indeed things.

https://www.openpcd.org/dl/HID-iCLASS-security.pdf

Page Five, Figure 8 shows it as a 16 byte key... I guess perhaps keys would be a more appropriate description.  Anyways, it is that which I seek to extract. 

It seems logical to me the Omnikey must have it in its firmware as well, which would be easier to get to... but then I would miss the learning experience.  Not sure if thats a lesson I'd regret skipping.

Last edited by Ryston (2019-10-22 19:23:05)

Offline

#6 2019-10-23 12:34:32

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recovering iCLASS TDES Key. HoD or RE OmniKEY

ok,  the HID transport key.

Offline

Board footer

Powered by FluxBB