Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hello
I just have a very little quickly question about master key and diversified key.
It's just for my understunding, not easy to learn how work iclass I just a rookie again, but I read lot of old post, it's very funny.
I'm waiting for some Iclass card for make some test, but meanwhile I would like to know if I have a card with a defaut master-key, and I want to change the master-key, the only thing to do is just to make a "hf iclass calcnewkey n MASTER-KEY s MY-CSN", take the value of new div key, and write this value in block 3 for redefine my master-key, is it correct ?
example
my master-key is 1122334455667788 and my CSN is ABCD1234ABCD1234
I want change master-key with aabbccddeeffgghh
so hf iclass calc n aabbccddeeff1234 s ABCD1234ABCD1234
my output
[+] New div key : E1 78 4D 0A F5 13 D4 CA
and I write E1784D0AF513D4CA on block 03
and my new master-key will be aabbccddeeff1234 ?
is it ok ?
another extra question :
for block 04, is it the AA2 key ? I don't find antything on forum except this post about AA2
and another one :-)
is the block 02 (e-purse) is writable and changeable without brick the card ?
I don't find lots of information about it
thanks
Last edited by Shashadow (2018-06-11 21:50:20)
Offline
A quick last one for the road :-)
If we can get DiversifiedKey with CSN and MasterKey, can we do the reverse ? get MasterKey with CSN and DiversifiedKey ? does it exist a app for it ?
Offline
Shashadow,
You need to be very careful when you modify either of the diversified keys (Kd) that are located in Blocks 3 and 4. The card itself takes what ever value you send as the new data value and XOR's it with the current diversified key that you are trying to change. It then uses that XOR'd value as the actual data that gets written into the block. That way the actual Kd is never transmitted across the interface so it can't be sniffed. In other words, if your old Kd is 0x1111222233334444 and your new Kd is 0x5555666677778888 then the value that should be written is 0x444444444444CCCC. The card will reverse the XOR function so that the actual data that gets written into block 3/4 is 0x5555666677778888.
This rule is only true for cards that have previously been initialized. If you have a blank un-initialized card that is still in personalization mode then the data that gets written internally is unmodified true data and NOT an XOR'd version.
Also, if you modifiy the cards Kd so it is no longer diversified from the original HID Master authentication key then the card will no longer work until you also modify the reader to utilize the new master key that was used to diversify the cards new key.
Typically you wouldn't ever need to change the master authentication key. The only time that you would normally change an authentication key is when you are operating in high security or Elite mode. In that case each high security/Elite key is unique for each installed system and is totally unrelated to the HID Master authentication key.
for block 04, is it the AA2 key ? I don't find antything on forum except this post about AA2
The AA2 key (stored in Block4) is only needed to read and modify data in the AA2 area of the credential. Since these data blocks are not used in most access control applications you only need to have this key if you are trying to read or modify data such as biometric (fingerprint) data that resides in these data blocks. This AA2 key is not stored in most iclass readers since it is not needed.
is the block 02 (e-purse) is writable and changeable without brick the card ?
You can modify block 2 (e-purse) all you want without bricking the card. However, you are only allowed to decrement this value. You are only allowed to increment the data value if the card is still in "personalization" mode. Read the picopass datasheet for a more detailed description of how the e-purse functions.
If we can get DiversifiedKey with CSN and MasterKey, can we do the reverse ? get MasterKey with CSN and DiversifiedKey ? does it exist a app for it ?
The answer is NO. The key diversification algorithm is a one-way algorithm by design. You cannot reverse the algorithm to obtain the master key.
Offline
What should be the correct way to use hf iclass calcnewkey ?
I found the answer.
Last edited by gmsuz (2018-06-22 06:51:18)
Offline