Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi all,
I've had my eye on the Proxmark for a while now, and I've just decided to finally take the plunge. My inital focus is on HID iClass cards as they're most prevalent around enterprises here, and no doubt where I'll be spending most of my time when I start doing engagements. I've spent a few weeks reading all of the usual recommended papers and I've been through the forums..
I think I've got a reasonable understanding of the technology now, but when attempting to 'dive in' I've hit an immediate blocker, and could do with a little help.
Background - I do not know the security model around my own iClass card. I suspect its either 'legacy' or 'SE'. Information from my Proxmark is below.
CSN: XX XX XX XX XX XX XX
CC: XX XX XX XX XX XX XX XX
Mode: Application [Locked]
Coding: ISO 14443-2 B/ISO 15693
Crypt: Secured page, keys not locked
RA: Read access not enabled
Mem: 16 KBits/16 App Areas (255 * 8 bytes) [1F]
AA1: blocks 06-12
AA2: blocks 13-FF
Valid iClass Tag (or PicoPass Tag) Found - Quiting Search
I've loaded in the key published by Amm0nRa but with this I get authentication errors:
proxmark3> hf iclass dump f badgedump k 0
Authing with diversified key: xxxxxxxxxxxxxxxxxxx
Authentication error
Authing with diversified key: xxxxxxxxxxxxxxxxxxxxx
Authentication error
This leads me to suspect that either my key is incorrect, or the card uses it's own authentication key, which would suggest it's not a legacy card but instead a SE card.
This is backed up by the proxclone paper I found which shows the iClass SE card as having Application 1 data at blocks 6-12, which aligns with the info I pulled out of my card.
To test this, I attempted to run the simulation attack against a reader.
hf iclass sim 2
However I get no response out of the reader whatsoever, no beeps or anything.
Could someone suggest what I'm doing wrong here? I suspect the issue is now actually my 'master' key is incorrect but google is being extremely unhelpful in finding it, and I'd rather not have to buy hardware specifically just to get the key.
Thanks!
Offline
Which country are you talking about ? I have some keys in my former country that i have obtained. Most of them are elite keys.
Every SE reader has its own key. Even with the key, you probably still need to calculate the block 3 based on the CSN of the card.
This is the part where no one have solved it.
Basically, no one has cracked the SE system till date. Carl's document was mostly cloning the legacy/elite card.
No point trying until some kind souls come into pm3 forum and post some papers about it.
Offline
Thanks for the quick reply.
The country is the UK - but to start with I think I need to find out if my assumptions around the card security is correct or not.
Am I right in thinking that I need to determine the contents of Block5 to work out the card security? Assuming I can do that, I haven't found a list of Block5 to card type anywhere, does one exist?
Offline
You're close IlikeToPlayWithNewToys.
Looks like you're using a permuted key instead of unpermuted.
Offline
Block 0: CSN / UID
Block 1: Configuration
Byte Name Description
7 App Limit Defines the last block of Application Area 1 (Typically 0x12)
6 OTP One Time Programmable (Not used, 0xFF)
5 OTP One Time Programmable (Not used, 0xFF)
4 Block Write Lock Can write protect blocks 6 through 12 (Not used, 0xFF)
3 Chip Configuration Secure or Non-secure (HID uses Secure only, set to 0xF9)
2 Memory Configuration 2 or 16 Application Areas
2K/2 0x1F
16K/2 0x9F
16K/16 0x1F
1 EAS Electronic Article Surveillance (Not used by HID)
0 FUSE 2K Good 0xB4
2K Blown 0x34
16K Good 0xBC
16K Blown 0x3C
Block 2: Stored Value Area (Purse).
Block 3: Key 1 (write only)
Block 4: Key 2 (write only)
Block 5: Application Issuer
Byte Name
7 App 1
6 Type
5 App 1
4 Identifier
3 App 2
2 Type
1 App 2
0 Identifier
Block 6: Application directory
Block 7-9: PACS data and PIN
Block 10: Password
Offline
We have tried to write 6-12. All ok.
Key 3 & 4 needs Xor key from the previous card. (Very tricky on this) You could brick your card like how I did mine. Wasted like 100 usd on these.
Keep trying. Make sure when you snoop the reader, do check your voltage on HF. You need some good antennas. Done this a few times using a pm3 easy. Bad bad experience.
Offline
Are you implying that the published master key is actually a permuted version of the key 0xFFFF ?
If so, that would make sense as to why I see people struggling to use it directly, and aligns with some tweets I see floating around.
If that's the case, while I'm googling around, would you be able to hint/tell me where the cipher key is to reverse the permutation, or point me at some code which does it?
Offline
I think this is enough leak for you. The rest is up to you to find out.
Everything you need is in the forum. Find them slowly.
Offline
With the greatest respect - I've been through the forum several times and spent many weeks investigating this, I'm looking for some help in assisting me with my knowledge, 'try harder' isn't very helpful.
Offline
Unfortunately it is difficult to believe that you've spent that much time and didn't find the answer about your hid key when it is within the last 20 topics in this section of the forum, and is easily found with the search.
Offline
Thank you for the pointer, I've clearly missed something obvious then - I'll revisit the posts and take another look.
Offline
I've been through the posts suggested again - and I'm still coming up short. I see a lot of posts around the algorithms used for calculating the diversified keys stored on the cards, but unless you seem to know 'what' you're looking for, it's like stumbling through a minefield.
Assuming I was correct around the key posted at KiwiCon being diversified already, and assuming that the same KIWIKEY=DES(PLAINTEXT KEY, CIPHERKEY) I started running through the posted DES keys here to obtain the Plaintext key I assume I need, but none of them turned anything up, which is compounded by the fact that I still don't know how to work out if the card is Legacy/Elite/Other.
However I'm still getting no-where, and I have no idea if I'm even on the right path.
Offline
Temper temper, frustration is the norm when dealing with the proxmark3. And no, the standard on the forum to learn it on your own with lots of trail and error. The PM3 community does not take easy on spoonfeeding. Its painfully obvious that you have not done your research properly. Read Carl55's iclass pdfs. Read the boring threads one more time, slowly, and the next post you will post going to be filled with excitement.
btw, you have misstaken diversified vs permuted
Offline
Perhaps I've misrepresented what I'm looking for - spoon feeding definitely isn't it, but a trail of breadcrumbs would be useful.
I'd argue that I've done the research, what I haven't done is fully understood everything so even when the answer is staring me in the face I don't realize it, thus the request for a little nudge in the right direction.
Appreciate the nod towards diversified vs permuted keys, this is a new area for me so I'll hunt for a bit more detail.
Offline
Right a bit more research shows that I had misunderstood Permutation vs Diversification.
What I'm still unsure of however is the type of cards I'm playing with - so even if I did manage to get the correct permutation, if I'm playing around with non-legacy cards the authentication is going to fail.
Can someone mark my understanding of the following then please:
* The AmmonRa posted information requires permutation to be usable in the Proxmark3, but apart from that can be used for authentication against legacy cards
* Is there post/paper out there which lists the permutation required, or do I need to brute for it?
* Is there a way of me viewing the Block5 information from an iClass card using the Proxmark3 to determine the cards I'm playing with? The following except from a proxclone paper suggests I can, but I can't see a way to view this in the proxmark3?
The iclass reader is able to identify the type of card that it is interacting with by first reading the Application Issuer Data value stored in Block5. The information contained in this data block indicates whether the reader should interpret the data payload as legacy or SIO. It also tells the reader whether Spoofing iClass and iClass SE authentication should be performed using the legacy Master Authentication key or the newer SE authentication key.
Thanks
Offline
Replying to myself again to answer my own questions as I've now gathered the information needed.
* The AmmonRa posted information requires permutation to be usable in the Proxmark3, but apart from that can be used for authentication against legacy cards
** Yes, that's correct
* Is there post/paper out there which lists the permutation required, or do I need to brute for it?
** There is code out there to do this Here
* Is there a way of me viewing the Block5 information from an iClass card using the Proxmark3 to determine the cards I'm playing with?
** Not yet determined this - but the dump from a 'legacy' card shows FF FF FF FF FF FF FF FF as Block 5 which the proxmark will show you once authenticated.
Offline
...if you use iceman fork, the hid permutation need is accessable via the analyse hid ...
otherwise you will need that extra software.
and see, your latest post is full with success! Keep the spirit up!
Offline
There's lots of leaks/breadcrumbs in one day.
You will get there I believe. You took weeks.
I took a 1year to solve this and still trying to solve it.
Good luck.
Tip: Almost all the thick cards indicated with alphabet before their coding are SE systems. They are indicated by ER, SE, SR or some sort. We never really identify them based on the reader/card except by the part numbers. You can take a screenshot of the reader and card and email me. I could try to help to identify whether it is SE or Legacy. Mostly based on assumption and testing.
Offline
the OP is not coming back , Isnt he? lol
Iceman, I have a question for you heheh,
Why did you have to bury this un-perm... command under analyse? Isnt it better to be under the iclass area no?
Now the real question. What is the difference between the key&holiman key? They dont look identical? Can you give me a hint.
Well, I used the both keys on my work badge but unsuccessful, I assume its an Elite or SE, since its one of the top 4.
Offline
if you read up on des keys, how they look like and how iclass uses des keys, you will find your answer.
Carl wrote about the iclass way very nice in somewhere of all his great documents. The hint is: parity.
...and sure, it might be better under iclass, and making it way to easy for ppl. As it is now, you will only find it if you are curious enough.
Offline
ah ,that is exactly what I thought. thanks chief
Offline
today was a very exciting day and a blank iclass card I ordered came.
The funny thing is though, I'm not able to read its blocks with the leaked key.
First I used icemans "analyse hid" command to reverse the key, Then I did following,
hf iclass readblk b 05 k xxxxxxxxxxxxx , still gives me an error. ( authentication error) ,
Also, I read here that the block 0-1 is always readable even without authentication, but in my case
hf iclass readblk b 00 or 01 command does not work.
The particular test card is iclass 2020 ( dual chip ) card, supposedly blank one.
Can someone please give me a hint what Im doing incorrectly?
Thanks for your help
Offline
Maybe your blank iclass card is not blank ? Maybe it is a elite not a legacy. Many possibilities.
Read the forum, there are many keys to make an iclass clone work.
You probably have the legacy key leaked in kiwi con. It is not possible with this.
No hint, just keep reading and searching
Offline
Maybe your blank iclass card is not blank ? Maybe it is a elite not a legacy. Many possibilities.
Read the forum, there are many keys to make an iclass clone work.
You probably have the legacy key leaked in kiwi con. It is not possible with this.
No hint, just keep reading and searching
Got it working, no worries dude
Offline
Pages: 1