Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-11-16 23:38:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

hid key on twitter

A brief on KiwiCon seem to have decided to publish the Hid Iclass key.

https://twitter.com/InfoSecFriends/stat … 5876870144

pic: https://twitter.com/vbakaitis/status/799003900690870273

Offline

#2 2016-11-17 01:17:51

atwolf
Contributor
Registered: 2015-04-29
Posts: 16

Re: hid key on twitter

I was wondering it it was going to be shared here.
I didn't want to do it myself just in case.

A friend of mine is at kiwicon and is sharing the photo around it seems along with alot of other people to.

hopefully this will result in places updating to something more secure and HID being involved instead of just sending lawyers after people

Offline

#3 2016-11-17 02:56:03

dylanger
Contributor
From: Sydney
Registered: 2016-06-22
Posts: 30

Re: hid key on twitter

Does anyone know how to use this key with the proxmark? I've been able to read with the read master, but if you do something like 'hf iclass dump k AABBCC' I get an Authentication Error?

Offline

#4 2016-11-17 11:07:06

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: hid key on twitter

Its not the actual key, if you thought so.  If you have the firmware you know which bytes this is.

Offline

#5 2016-11-17 18:22:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: hid key on twitter

If you read the heart-of-darkness paper, you know more.
[ref]https://github.com/akw0088/HID-Card-Cop … ermute.php

Offline

#6 2016-11-18 05:10:15

dylanger
Contributor
From: Sydney
Registered: 2016-06-22
Posts: 30

Re: hid key on twitter

So its really not the key? Waaat? What is this then? Is it even possible to write data to a standard iClass Card with this?

Last edited by dylanger (2016-11-18 05:16:50)

Offline

#7 2016-11-18 05:31:28

dylanger
Contributor
From: Sydney
Registered: 2016-06-22
Posts: 30

Re: hid key on twitter

Or does this key decrypt data ON the card?

Offline

#8 2016-11-18 05:35:19

dylanger
Contributor
From: Sydney
Registered: 2016-06-22
Posts: 30

Re: hid key on twitter

So if this key lets you encrypt & decrypt data *ON* the card, then you can do funky stuff like decryot, increment card number by say.. 5 encrypt then whack back onto the card and boom, you have a different card?

Last edited by dylanger (2016-11-18 05:36:06)

Offline

#9 2016-11-18 09:04:28

phiber
Contributor
Registered: 2016-10-11
Posts: 37

Re: hid key on twitter

More keen on if this key allows us to clone a iclass card, but then will need an empty card to write to.
since this is 13.5mhz, the t5577 won't work as well

Offline

#10 2016-11-18 17:36:08

carl55
Contributor
From: Arizona USA
Registered: 2010-07-04
Posts: 175

Re: hid key on twitter

Now that the permuted version of the Master Authentication key has been released there will likely be a few more people who will be interested in experimenting with the iclass technology.
However, it must be pointed out that there are multiple keys that are required in order to fully exploit the iclass technology.

First off, there are numerous authentication keys being used within iClass. These include the default PicoPass keys, the HID factory default keys, the HID Master keys and the plethora of High Security/Elite authentication keys that are typically unique for each installed system.
I use the plural word "keys" since each application area of the card requires a unique authentication key to gain access to that particular area of the card. (As an example, biometric data is stored in a different application area than the physical access control data).

Then there are the encryption/decryption keys that are needed to encrypt and decrypt the data stored in the various data blocks. If you are simply trying to copy card data then you won't need these keys. However, if you are trying to modify an existing card or program a blank card then you will definitely need these encryption keys. That is, unless you live in Australia where (for some reason) iClass encryption is usually (if not always) disabled. (It may have someting to do with various international import/export laws that deal with encryption).

Then there is the HID "Exchange" key which is needed if you are trying to load any of the above keys into an iClass R/W reader. Loading keys into the user key space of the reader allows you to utilize the iclass Serial Protocol to communicate with the reader, thus allowing you to read,write and modify any existing iclass credential using the built-in resources of the reader.

Many of the above keys can be obtained using the firmware/EEPROM dump procedure outlined in the "Heart of Darkness" paper released a few years back. Unfortunately very few individuals have been successful since the older "Revision A" readers needed for the hack have become increasingly difficult to obtain.

Offline

#11 2016-11-19 01:21:06

dylanger
Contributor
From: Sydney
Registered: 2016-06-22
Posts: 30

Re: hid key on twitter

Thank you for replying and providing useful and informative info.

So this key to write isn't here? Is this the 'Master Authentication' key? What does this key do? I've been using an Omnikey with the double Secure Mode flip.

Its my understanding the Master Authentication Key needs to be provided before the flip into Secure Mode?

My main question is, what can be accomplished with this key posted on twitter?

Offline

#12 2016-11-19 02:09:37

carl55
Contributor
From: Arizona USA
Registered: 2010-07-04
Posts: 175

Re: hid key on twitter

The thing to be aware of is that the HID iClass readers, OmniKey Readers, and Proxmark3 do not all use the same variant of the key. You will need to read the "Heart of Darkness" paper or read Appendix C of the iClass Serial Protocol document to understand the concept of key permutation. Once you understand this concept you will have all the information necessary to read or write the Application Area 1 of a standard security iclass credential.

Offline

#13 2016-11-19 15:19:22

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: hid key on twitter

There is also a post on this forum that explains permutation.

Offline

#14 2016-11-19 15:37:13

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: hid key on twitter

and there is code in the client that does it too...
and I've added the original permuted.php version into the pm3 client in icemanfork...

but all of this doesn't add these users knowledge about what they are doing.

Offline

Board footer

Powered by FluxBB