Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2021-03-31 23:46:11

bretzd
Contributor
Registered: 2021-03-28
Posts: 10

How to handle iclass?

Hi everyone,

just got my proxmark3 running and have one card here, which shows in:

hf search

as:

Possible iclass (not legacy tag) 

Valid iClass Tag (or PicoPass Tag) Found

Had a look around but couldn't find how to proceed. How would I be able to read/copy the content of the card?
Can someone tell me, please? I find the commands (hf iclass) a bit overwhelming.

As for the card, it does not have any markings on it (only advertisement)

Thanks
bretzd

Last edited by bretzd (2021-04-01 00:24:49)

Offline

#2 2021-04-01 00:33:53

hayabusa
Contributor
From: Australia
Registered: 2019-08-27
Posts: 12

Re: How to handle iclass?

I believe if shown as 'not legacy', mean it should be iclass SE

Offline

#3 2021-04-01 22:56:34

bretzd
Contributor
Registered: 2021-03-28
Posts: 10

Re: How to handle iclass?

Hi hayabusa,

thank you for your info, sadly I wasn't able to find a lot on iclass se cards.

I have a lot of questions, which I seem not to get solved by searching around.

Can someone give me an answert to the following:
- What does Reverse Permute Master Key mean and for what is it used?
Is it correct that the permute master key is a key to encrypt the "real" used key in iclass?

- How can I load and check keys available in *.dic files with my card?
When I use:

 hf iclass chk f ./client/xyz/keys.dic

It tells me that it loaded a number of keys, but what to do with them? With Mifare it checks the keys, but with iclass it doesn't do anything.

- What methods are available to get keys for iclass se cards?

Thanks

Last edited by bretzd (2021-04-01 23:52:29)

Offline

#4 2021-04-02 05:21:24

hayabusa
Contributor
From: Australia
Registered: 2019-08-27
Posts: 12

Re: How to handle iclass?

check the block 5
if you see 0006, it is SE
Seems no one is able to handle for now

Offline

#5 2021-04-02 13:33:27

bretzd
Contributor
Registered: 2021-03-28
Posts: 10

Re: How to handle iclass?

Hi Hayabusa,

I read Block 5 with the following command:

hf iclass readblk b 05

can not find "0006" in the return.

It seems data is only written on Blocks 00,01,02,05 which repeats every twenty blocks.

Offline

#6 2021-04-04 12:16:56

bretzd
Contributor
Registered: 2021-03-28
Posts: 10

Re: How to handle iclass?

Hi,

had some more look at the outputs of the proxmark3 and there are some things which do not make sense.

First I noticed that the blocks AA1 and AA2 are overlapping, AA1 is from 06-FF and AA2 from 100-1F. Yet when I read the whole card with readblk only blocks 00 to 05 have some data in them (its blocks 00, 01, 02 and 05), everything else is filled with 0xFF. As said before blocks with data repeat every 0x20 up to 0xFF (last block being only filled with 0xFF).

When I want to write to the card, I get an Authentiation error. How could I proceed? The content which is storred on the card seems to be written on there without any encryption.

Offline

Pages: 1

Board footer

Powered by FluxBB